Linux HarBor私有仓库搭建
安装HarBor
环境
Centos
Docker
Docker-compose
在服务器下载harbor的压缩包,下载地址可以在github中复制
wget https://github.com/goharbor/harbor/releases/download/v2.1.0/harbor-online-installer-v2.1.0.tgz
解压压缩包
tar -zxf harbor-online-installer-v2.1.0.tgz
进入解压后的harbor 内容如下
[root@iZ2zede2hwrvkw3y0ybep2Z harbor]# ll
总用量 32
-rw-r--r-- 1 root root 3361 9月 16 10:50 common.sh
-rw-r--r-- 1 root root 8136 9月 16 10:50 harbor.yml.tmpl
-rwxr-xr-x 1 root root 2523 9月 16 10:50 install.sh
-rw-r--r-- 1 root root 11347 9月 16 10:50 LICENSE
-rwxr-xr-x 1 root root 1881 9月 16 10:50 prepare
修改 harbor.yml.tmpl 文件内容
vi harbor.yml.tmpl
#修改为本机ip
hostname: 192.168.5.1
# 启动端口,默认80
http:
port: 9090
# sll安全配置,可以不用配置,注释即可
#https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# 使用了nginx镜像依赖,如果要启用外部代理,请取消对外部url的注释
# 当它启用时,主机名将不再使用
# external_url: https://reg.mydomain.com:8433
#启动账户密码 ,默认账户账号 admin
harbor_admin_password: Harbor12345
# 默认存储位置
data_volume: /data
#镜像存储配置,默认使用本地存储,可以使用阿里云,腾讯云,谷歌云等 https://docs.docker.com/registry/configuration/
# storage_service:
# ca_bundle:
# filesystem:
# maxthreads: 100
# # set disable to true when you want to disable registry redirect
# redirect:
# disabled: false
# Clair configuration
clair:
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
updaters_interval: 12
trivy:
# ignoreUnfixed The flag to display only fixed vulnerabilities
ignore_unfixed: false
skip_update: false
insecure: false
jobservice:
# Maximum number of job workers in job service
max_job_workers: 10
notification:
# Maximum retry count for webhook job
webhook_job_max_retry: 10
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
# 日志配置
log:
# options are debug, info, warning, error, fatal
level: info
# configs for logs in local storage
local:
rotate_count: 50
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 2.0.0
# 使用外部 数据库配置,默认使用自带镜像的数据库
# external_database:
# harbor:
# host: harbor_db_host
# port: harbor_db_port
# db_name: harbor_db_name
# username: harbor_db_username
# password: harbor_db_password
# ssl_mode: disable
# max_idle_conns: 2
# max_open_conns: 0
# clair:
# host: clair_db_host
# port: clair_db_port
# db_name: clair_db_name
# username: clair_db_username
# password: clair_db_password
# ssl_mode: disable
# notary_signer:
# host: notary_signer_db_host
# port: notary_signer_db_port
# db_name: notary_signer_db_name
# username: notary_signer_db_username
# password: notary_signer_db_password
# ssl_mode: disable
# notary_server:
# host: notary_server_db_host
# port: notary_server_db_port
# db_name: notary_server_db_name
# username: notary_server_db_username
# password: notary_server_db_password
# ssl_mode: disable
#使用外部redis 配置,默认使用镜像redis
# external_redis:
# # support redis, redis+sentinel
# # host for redis: <host_redis>:<port_redis>
# # host for redis+sentinel:
# # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
# host: redis:6379
# password:
# # sentinel_master_set must be set to support redis+sentinel
# #sentinel_master_set:
# # db_index 0 is for core, it's unchangeable
# registry_db_index: 1
# jobservice_db_index: 2
# chartmuseum_db_index: 3
# clair_db_index: 4
# trivy_db_index: 5
# idle_timeout_seconds: 30
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- clair
- trivy
保存之后修改文件名为 harbor.yml
mv harbor.yml.tmpl harbor.yml
运行HarBor
检查运行环境
./prepare
安装运行HarBor
./install.sh
安装成功之后查看docker镜像会出现所有依赖镜像
使用Harbor
登录
浏览器访问服务器ip加刚刚配置的端口,使用默认账号 admin 和配置的密码登录
上传一个nginx镜像进行测试
docker tag nginx:1.17 192.168.5.10/library/nginx:1.17
docker push 192.168.5.10/library/nginx:1.17
修改镜像存储地址 (OSS)
注意 启动之前修改,否则对镜像操作会报错
在
1.10.0
版本之前的存储配置文件为(/usr/local/harbor/common/templates/registry/config.yml),未来版本存储配置文件直接在主配置文件里修改即可(主配置文件: /usr/local/harbor/harbor.yml)
oss参数说明
官网说明:https://docs.docker.com/registry/storage-drivers/oss/
修改配置文件内容
storage_service:
ca_bundle:
oss:
accesskeyid: 填写你的具有阿里云oss权限账户的RAM的AccessKey ID
accesskeysecret: 填写你的具有阿里云oss权限账户的RAM的AccessKey Secret
region: 地域节点(EndPoint)
endpoint: Bucket 域名(Bucket 名称-地域节点)
bucket: Bucket 名称
secure: false
redirect:
disabled: false
重启harbor服务
#在harbor目录下运行
#关闭
docker-compose down -v
#修改配置后,需要重新检查运行环境
./prepare
#启动harbor服务
docker-compose up -d
重新上传镜像进行测试
docker tag nginx:1.17 192.168.5.10/library/nginx:1.18
docker push 192.168.5.10/library/nginx:1.18