上篇文章了解到了如何使用新的版本的harbor,这篇文章来了解一下harbor架构的组成和运行时各个组件的使用方式。
架构
容器信息
[root@liumiao harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up
harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
harbor-ui /harbor/start.sh Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
[root@liumiao harbor]#
具体说明
组件 | 说明 | 实现 |
---|---|---|
Proxy | 用于转发用户的请求到registry/ui/token service的反向代理 | nginx:使用nginx官方镜像进行配置 |
Registry | 镜像的push/pull命令实施功能 | registry:使用registry官方镜像 |
Database | 保存项目/用户/角色/复制策略等信息到数据库中 | harbor-db:Mariadb的官方镜像用于保存harbor的数据库信息 |
Core Service: UI/token/webhook | 用户进行镜像操作的界面实现,通过webhook的机制保证镜像状态的变化harbor能够即使了解以便进行日志更新等操作,而项目用户角色则通过token的进行镜像的push/pull等操作 | harbor-ui等 |
Job services | 镜像复制,可以在harbor实例之间进行镜像的复制或者同步等操作 | harbor-jobservice |
Log collector | 负责收集各个镜像的日志信息进行统一管理 | harbor-log:缺省安装下日志的保存场所为/var/log/harbor |
proxy
proxy就是使用nginx作为反向代理,而整个的核心则在于nginx的设定文件,通过如下的设定文件可以清楚的看到harbor所解释的将各个其他组件集成在一起的说明内容,而实际的实现也基本上就是靠nginx的设定。
[root@liumiao harbor]# ls
LICENSE common docker-compose.notary.yml ha harbor.v1.5.2.tar.gz open_source_license
NOTICE docker-compose.clair.yml docker-compose.yml harbor.cfg install.sh prepare
[root@liumiao harbor]# cat common/config/nginx/nginx.conf
worker_processes auto;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
tcp_nodelay on;
# this is necessary for us to be able to disable request buffering in all cases
proxy_http_version 1.1;
upstream registry {
server registry:5000;
}
upstream ui {
server ui:8080;
}
log_format timed_combined '$remote_addr - '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'$request_time $upstream_response_time $pipe';
access_log /dev/stdout timed_combined;
server {
listen 80;
server_tokens off;
# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;
location / {
proxy_pass http://ui/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /v1/ {
return 404;
}
location /v2/ {
proxy_pass http://ui/registryproxy/v2/;
proxy_