33.公有云部署企业级镜像仓库harbor-CSDN博客

本文链接：https://blog.csdn.net/muyuzzg/article/details/141352777

由于政策原因，dockerhub仓库无法正常拉取镜像，对我们平时做实验有很大的影响，所以我们自己搭建一个私有镜像供自己实验使用。

1.harbor原理

由于政策原因dockerhub无法拉取，我需要在公有云香港位置创建一个开源的私有harbor镜像从仓库，那么实现的原理如下图所示：

2.ECS创建

本次实验用的Linux版本为centos stream 9

创建完成：

3.系统配置

关闭防火墙及SELinux

[root@ecs-harbor ~]# systemctl stop firewalld;systemctl disable firewalld
[root@ecs-harbor ~]# setenforce 0
setenforce: SELinux is disabled
[root@ecs-harbor ~]# sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config

安装docker

[root@ecs-harbor ~]# yum install -y vim net-tools bash-completion yum-utils---安装基础包
[root@ecs-harbor ~]# bash
[root@ecs-harbor ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo---配置阿里云为源头
Adding repo from: https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@ecs-harbor ~]# ls /etc/yum.repos.d/
centos-addons.repo centos.repo docker-ce.repo
[root@ecs-harbor ~]# yum list docker-ce --showduplicates | sort -r---查看docker-ce的版本
[root@ecs-harbor ~]# yum install -y docker-ce---安装最新版本的docker-ce（社区版）
[root@ecs-harbor ~]# docker -v---查看docker版本，有回显则安装成功
Docker version 27.1.2, build d01f264

[root@ecs-harbor ~]# systemctl start docker---开启docker服务
[root@ecs-harbor ~]# systemctl enable docker---永久使能docker服务
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.

4.Harbor安装

Harbor的下载链接：https://github.com/goharbor/harbor/releases/download/v2.7.0/harbor-offline-installer-v2.7.0.tgz

使用wget下载harbor包并解压

[root@ecs-harbor ~]# wget https://github.com/goharbor/harbor/releases/download/v2.7.0/harbor-offline-installer-v2.7.0.tgz
[root@ecs-harbor ~]# ls
harbor-offline-installer-v2.7.0.tgz

[root@ecs-harbor ~]# tar -zxvf harbor-offline-installer-v2.7.0.tgz
harbor/harbor.v2.7.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@ecs-harbor ~]# ls
harbor harbor-offline-installer-v2.7.0.tgz
[root@ecs-harbor ~]# cd harbor/
[root@ecs-harbor harbor]# ls
common.sh harbor.v2.7.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@ecs-harbor harbor]#

配置harbor

修改harbor.yml

[root@ecs-harbor harbor]# vim harbor.yml

#第五行，修改主机名为ECS的私网IP地址

5 hostname: 192.168.10.121

#注释https

12 # https related config
13 # https:
14 # https port for harbor, default is 443
15 # port: 443
16 # The path of cert and key files for nginx
17 # certificate: /your/certificate/path
18 # private_key: /your/private/key/path

#可自定义修改管理员密码
34 harbor_admin_password: Harbor12345

配置docker.service

[root@ecs-harbor ~]# vim /usr/lib/systemd/system/docker.service

#第13行末尾添加--insecure-registry=192.168.10.121:80

13 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd. sock --insecure-registry=192.168.10.121:80
[root@ecs-harbor ~]#vim /etc/docker/daemon.json

#配置加速器
{
"registry-mirrors": ["https://cc2d8woc.mirror.aliyuncs.com"]
}
[root@ecs-harbor ~]# systemctl daemon-reload
[root@ecs-harbor ~]# systemctl restart docker

运行prepare脚本准备镜像

prepare脚本会自动下载所需的镜像

[root@ecs-harbor harbor]# ./prepare
[root@ecs-harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/prepare v2.7.0 f0f57240ce77 20 months ago 164MB

修改脚本命令

本版本使用的是9的命令，harbor2.7默认使用7版本的命令，7版本和9版本的命令不一样，所以需要修改

例如：

[root@ecs-harbor ~]# docker-compose --version---7版本命令
-bash: docker-compose: command not found
[root@ecs-harbor ~]# docker compose version---9版本命令
Docker Compose version v2.29.1
[root@ecs-harbor harbor]# vim common.sh

119 elif [[ $(docker compose version) =~ (([0-9]+)\.([0-9]+)([\.0-9]*)) ]]
[root@ecs-harbor harbor]# vim install.sh

#加引号让系统认为这是一个命令

26 DOCKER_COMPOSE="docker compose"

安装harbor

[root@ecs-harbor harbor]# ./install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 27.1.2

[Step 1]: checking docker-compose is installed ...

Note: Docker Compose version v2.29.1

[Step 2]: loading Harbor images ...
Loaded image: goharbor/prepare:v2.7.0
716575e41c45: Loading layer 145.8MB/145.8MB
af0525d96b0b: Loading layer 16.72MB/16.72MB
939977d7cbf6: Loading layer 5.12kB/5.12kB
005530be0f99: Loading layer 6.144kB/6.144kB
9764bccefdd0: Loading layer 3.072kB/3.072kB
38fe09b6e0e7: Loading layer 2.048kB/2.048kB
9d659849215a: Loading layer 2.56kB/2.56kB
bee3f2947ec7: Loading layer 2.56kB/2.56kB
e4e05d8658d3: Loading layer 2.56kB/2.56kB
e7991cc39265: Loading layer 9.728kB/9.728kB
Loaded image: goharbor/harbor-db:v2.7.0
d79110caaa26: Loading layer 8.902MB/8.902MB
b8cddfca4e88: Loading layer 3.584kB/3.584kB
071b47da1d9b: Loading layer 2.56kB/2.56kB
d22932d9f6c7: Loading layer 84.83MB/84.83MB
b2f2e9cbceac: Loading layer 5.632kB/5.632kB
53cce0f5bd54: Loading layer 108kB/108kB
40a6c61dcc44: Loading layer 44.03kB/44.03kB
6d7dba633513: Loading layer 85.77MB/85.77MB
44309ebcfcf7: Loading layer 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.7.0
cebcabcec86e: Loading layer 127MB/127MB
f3a76df94b70: Loading layer 3.584kB/3.584kB
ac9852cda3ce: Loading layer 3.072kB/3.072kB
a5bab3cf8af7: Loading layer 2.56kB/2.56kB
d52202b6a929: Loading layer 3.072kB/3.072kB
bd8a7ca8438d: Loading layer 3.584kB/3.584kB
a6a054173348: Loading layer 20.99kB/20.99kB
Loaded image: goharbor/harbor-log:v2.7.0
1a3b490c3dc4: Loading layer 8.902MB/8.902MB
7cbd50b78394: Loading layer 25.65MB/25.65MB
7119ae84be31: Loading layer 4.608kB/4.608kB
c9c5875f25c8: Loading layer 26.44MB/26.44MB
Loaded image: goharbor/harbor-exporter:v2.7.0
c8c89cfdc06a: Loading layer 119.1MB/119.1MB
Loaded image: goharbor/nginx-photon:v2.7.0
59736e375413: Loading layer 5.759MB/5.759MB
6cc787909b61: Loading layer 91.75MB/91.75MB
a56e97e08300: Loading layer 3.072kB/3.072kB
57925eac82a6: Loading layer 4.096kB/4.096kB
6e36a605c736: Loading layer 92.54MB/92.54MB
Loaded image: goharbor/chartmuseum-photon:v2.7.0
175f4dc2d45f: Loading layer 119.1MB/119.1MB
4e26408b204b: Loading layer 6.143MB/6.143MB
f2e93a87e40b: Loading layer 1.249MB/1.249MB
e5cceb0b0435: Loading layer 1.194MB/1.194MB
Loaded image: goharbor/harbor-portal:v2.7.0
b887c32c40a7: Loading layer 8.902MB/8.902MB
938a7e3c75f5: Loading layer 3.584kB/3.584kB
5a5a28182655: Loading layer 2.56kB/2.56kB
ebab1e49abda: Loading layer 103.3MB/103.3MB
4ce14e0439d9: Loading layer 104MB/104MB
Loaded image: goharbor/harbor-jobservice:v2.7.0
fbaa7a10893c: Loading layer 5.759MB/5.759MB
c688ac7b41fa: Loading layer 4.096kB/4.096kB
d7c1e408fc7d: Loading layer 17.41MB/17.41MB
55958792b639: Loading layer 3.072kB/3.072kB
a914e1c2d3e7: Loading layer 30.69MB/30.69MB
b91233145a72: Loading layer 48.89MB/48.89MB
Loaded image: goharbor/harbor-registryctl:v2.7.0
4bfd949c2891: Loading layer 5.759MB/5.759MB
7fd746eb54cc: Loading layer 4.096kB/4.096kB
026a4a79ef61: Loading layer 3.072kB/3.072kB
4e8dca75f609: Loading layer 17.41MB/17.41MB
7e017925a772: Loading layer 18.2MB/18.2MB
Loaded image: goharbor/registry-photon:v2.7.0
bd6904b66a79: Loading layer 5.754MB/5.754MB
4bea14657109: Loading layer 8.987MB/8.987MB
629d40c48f45: Loading layer 15.88MB/15.88MB
48d73b35455c: Loading layer 29.29MB/29.29MB
fe12338e806d: Loading layer 22.02kB/22.02kB
dcbe4fc18411: Loading layer 15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.7.0
cc039d70dda6: Loading layer 119.9MB/119.9MB
c128fc8dd5aa: Loading layer 3.072kB/3.072kB
e030017184f0: Loading layer 59.9kB/59.9kB
f7a67f51f6d5: Loading layer 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.7.0
c4c80dff091a: Loading layer 5.754MB/5.754MB
26f51848acfb: Loading layer 8.987MB/8.987MB
fb0e59f893b6: Loading layer 14.47MB/14.47MB
e17fcd490db6: Loading layer 29.29MB/29.29MB
f0f3d13b4bdf: Loading layer 22.02kB/22.02kB
73965e1762cb: Loading layer 14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.7.0
2d831b255ec9: Loading layer 6.287MB/6.287MB
603534b77185: Loading layer 4.096kB/4.096kB
edbbda0ede29: Loading layer 3.072kB/3.072kB
11ccb87ea0a3: Loading layer 180.6MB/180.6MB
13afce1af948: Loading layer 13.22MB/13.22MB
b05259901192: Loading layer 194.6MB/194.6MB
Loaded image: goharbor/trivy-adapter-photon:v2.7.0

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http prot ocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/db/env
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

Note: stopping existing Harbor instance ...
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion

[Step 5]: starting Harbor ...
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
[+] Running 10/10
✔ Network harbor_harbor Created 0.1s
✔ Container harbor-log Started 0.3s
✔ Container harbor-db Started 0.8s
✔ Container registry Started 0.9s
✔ Container harbor-portal Started 0.8s
✔ Container registryctl Started 0.9s
✔ Container redis Started 0.7s
✔ Container harbor-core Started 1.0s
✔ Container nginx Started 1.4s
✔ Container harbor-jobservice Started 1.4s
✔ ----Harbor has been installed and started successfully.----
[root@ecs-harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.7.0 69796d5ea472 20 months ago 96.5MB
goharbor/chartmuseum-photon v2.7.0 3a1128c43ada 20 months ago 227MB
goharbor/redis-photon v2.7.0 cc91f43eb370 20 months ago 154MB
goharbor/trivy-adapter-photon v2.7.0 acf7683e6266 20 months ago 431MB
goharbor/notary-server-photon v2.7.0 cc32c079c5e8 20 months ago 113MB
goharbor/notary-signer-photon v2.7.0 1c7e9e9a0c92 20 months ago 110MB
goharbor/harbor-registryctl v2.7.0 6573a396157f 20 months ago 139MB
goharbor/registry-photon v2.7.0 4d015df21516 20 months ago 78.1MB
goharbor/nginx-photon v2.7.0 5f2878db2a82 20 months ago 154MB
goharbor/harbor-log v2.7.0 6b4a9a2855bb 20 months ago 161MB
goharbor/harbor-jobservice v2.7.0 cdde5030ac74 20 months ago 252MB
goharbor/harbor-core v2.7.0 f1aaf647100d 20 months ago 215MB
goharbor/harbor-portal v2.7.0 ea51148e87b6 20 months ago 162MB
goharbor/harbor-db v2.7.0 fff87d4d50e4 20 months ago 195MB
goharbor/prepare v2.7.0 f0f57240ce77 20 months ago 164MB

登录harbor

注意安全组需要放开http协议

输入公网地址登录

5.测试harbor

创建一个项目

公开：可以匿名访问

-1：对容量不设限

推送镜像

[root@ecs-harbor harbor]# docker tag mysql:latest 192.168.10.121:80/cangku/mysql:v1.0
[root@ecs-harbor harbor]# docker images | grep mysql
192.168.10.121:80/cangku/mysql v1.0 7ce93a845a8a 4 weeks ago 586MB
mysql latest 7ce93a845a8a 4 weeks ago 586MB
[root@ecs-harbor harbor]# docker login 192.168.10.121:80
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores

Login Succeeded
[root@ecs-harbor harbor]# docker push 192.168.10.121:80/cangku/mysql:v1.0
The push refers to repository [192.168.10.121:80/cangku/mysql]
feceac7d17e7: Pushed
ad5af488d607: Pushed
a34bb1401e4c: Pushed
be2b3692128b: Pushed
afbd47451a75: Pushed
c2182014683d: Pushed
31d776291afd: Pushed
71bc13a2962e: Pushed
3dea2aeae1c6: Pushed
2606c15a4838: Pushed
v1.0: digest: sha256:32c94e5ee67674faa31cee798fbaa427da6632b4a53ea6ad26342af9b3c74911 size: 2411

拉取镜像

[root@ecs-harbor harbor]# docker pull 192.168.10.121:80/cangku/mysql:v1.0
v1.0: Pulling from cangku/mysql
d9a40b27c30f: Pull complete
fe4b01031aab: Pull complete
aa72c34c4347: Pull complete
473ade985fa2: Pull complete
cc168a9482de: Pull complete
3ca3786815dd: Pull complete
3e3fac98ea83: Pull complete
10e5505c3ae4: Pull complete
a79ade39aab9: Pull complete
ae34d51c6da2: Pull complete
Digest: sha256:32c94e5ee67674faa31cee798fbaa427da6632b4a53ea6ad26342af9b3c74911
Status: Downloaded newer image for 192.168.10.121:80/cangku/mysql:v1.0
192.168.10.121:80/cangku/mysql:v1.0