harbor仓库
一、Harbor服务搭建及启动
1.下载Harbor安装文件
下载指定版本的安装包
[root@server1 ~]# lftp 172.25.15.250
lftp 172.25.15.250:~> cd pub/docker/
lftp 172.25.15.250:/pub/docker> get harbor-offline-installer-v1.10.1.tgz
674078519 bytes transferred in 2 seconds (350.14M/s)
lftp 172.25.15.250:/pub/docker> exit
[root@server1 ~]# ls
auth docker harbor-offline-installer-v1.10.1.tgz
certs game2048.tar mario.tar
[root@server1 ~]# tar zxf harbor-offline-installer-v1.10.1.tgz
[root@server1 ~]# cd harbor/
[root@server1 harbor]# ls
common.sh harbor.v1.10.1.tar.gz harbor.yml install.sh LICENSE prepare
[root@server1 harbor]# vim harbor.yml #修改配置文件
hostname: reg.westos.org
certificate: /data/certs/westos.org.crt
private_key: /data/certs/westos.org.key
harbor_admin_password: westos #初始密码
2.下载docker-compose-Linux-x86_64-1.27.0
[root@server1 harbor]# lftp 172.25.15.250
lftp 172.25.15.250:~> cd pub/docker/compose/
lftp 172.25.15.250:/pub/docker/compose> get docker-compose-Linux-x86_64-1.27.0
12215880 bytes transferred
lftp 172.25.15.250:/pub/docker/compose> exit
[root@server1 harbor]# mv docker-compose-Linux-x86_64-1.27.0 /usr/local/bin/docker-compose #移动
[root@server1 harbor]# chmod +x /usr/local/bin/docker-compose #给予权限![请添加图片描述](https://csdn-img-blog.oss-cn-beijing.aliyuncs.com/80f331565d0845fea779094101ee085f.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzQ0MDYwMTQ3,size_16,color_FFFFFF,t_70)
3.证书
[root@server1 ~]# ls
auth docker harbor mario.tar
certs game2048.tar harbor-offline-installer-v1.10.1.tgz
[root@server1 ~]# mv certs/ /data/
[root@server1 ~]# cd /data/
[root@server1 data]# ls
certs config database secret
[root@server1 data]# cd certs/
[root@server1 certs]# ls
westos.org.crt westos.org.key
[root@server1 certs]# cd
[root@server1 ~]# cd harbor/
[root@server1 harbor]# ./install.sh #启动安装
4.启动成功
[root@server1 harbor]# docker-compose ps
5.网页访问
[root@foundation15 ~]# vim /etc/hosts #真机添加解析
172.25.15.1 reg.westos.org
6.如果出现浏览器访问成功,登陆不进去,提示密码错误
[root@server1 harbor]# ls
common common.sh docker-compose.yml harbor.v1.10.1.tar.gz harbor.yml install.sh LICENSE prepare
[root@server1 harbor]# docker-compose down #关闭harbor仓库
## docker-cpmpose stop #表示停止
[root@server1 harbor]# ./prepare #清理,把所有的缓存都清理了
[root@server1 harbor]# vim harbor.yml #检查编写的配置文件
[root@server1 harbor]# ./install.sh #重新安装,让修改的配置文件加载进去
### 浏览器就可成功登陆访问了
二、上传
1.Server1登陆上传
[root@server1 ~]# docker login reg.westos.org #登陆到仓库
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@server1 ~]# docker tag game2048:latest reg.westos.org/library/game2048:latest #打标签(修改名称)方便上传至harbor仓库
[root@server1 ~]# docker push reg.westos.org/library/game2048:latest #从仓库拉取game1048
The push refers to repository [reg.westos.org/library/game2048]
88fca8ae768a: Pushed
6d7504772167: Pushed
192e9fad2abc: Pushed
36e9226e74f8: Pushed
011b303988d2: Pushed
latest: digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390 size: 1364
[root@server1 ~]#
上传成功
[root@server1 ~]# cd /etc/docker/
[root@server1 docker]# ls
certs.d daemon.json key.json
[root@server1 docker]# vim daemon.json
[root@server1 docker]# scp daemon.json server2:/etc/docker/ #给server2配置默认仓库,直接将配置文件传过去
root@server2's password:
daemon.json 100% 52 69.7KB/s 00:00
[root@server1 docker]#
2.server2重启docker
[root@server2 ~]# cd /etc/docker/
[root@server2 docker]# ls
certs.d daemon.json key.json
[root@server2 docker]# vim daemon.json
[root@server2 docker]# cat daemon.json #查看仓库默认配置文件
{
"registry-mirrors" : ["https://reg.westos.org"] #默认仓库reg.westos.org
}
[root@server2 docker]# vim /etc/hosts #配置解析
172.25.15.1 server1 reg.westos.org
[root@server2 docker]# systemctl reload docker.service #重启服务
[root@server2 docker]# docker info #查看docker状态
3.server2优先从设置的默认仓库下载2048游戏
[root@server2 docker]# docker pull game2048 #从仓库拉取game2048游戏
Using default tag: latest
latest: Pulling from library/game2048
534e72e7cedc: Pull complete
f62e2f6dfeef: Pull complete
fe7db6293242: Pull complete
3f120f6a2bf8: Pull complete
4ba4e6930ea5: Pull complete
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for game2048:latest
docker.io/library/game2048:latest
[root@server2 docker]#
查看镜像
日志可以看到匿名用户访问
4.server2删除game2048,运行game2048,不存在,自动从默认仓库下载
[root@server2 docker]# docker rmi game2048:latest #删除镜像gameo2048
[root@server2 docker]# docker images #查看镜像只有nginx镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
reg.westos.org/nginx latest 4cdc5dd7eaad 2 weeks ago 133MB
[root@server2 docker]# docker run -d --name demo game2048 # 运行容器demo 镜像为game2048
Unable to find image 'game2048:latest' locally
latest: Pulling from library/game2048 #检测到没有game2048镜像,自动从仓库拉取下载镜像game2048
534e72e7cedc: Pull complete
f62e2f6dfeef: Pull complete
fe7db6293242: Pull complete
3f120f6a2bf8: Pull complete
4ba4e6930ea5: Pull complete
Digest: sha256:8a34fb9cb168c420604b6e5d32ca6d412cb0d533a826b313b190535c03fe9390
Status: Downloaded newer image for game2048:latest
52b32de34d56f5b2373f8fe569783cdc47e4543c20166f0cb7d8907045bccc74
[root@server2 docker]# docker images #查看镜像
三、添加内容信任和扫描参数
[root@server1 harbor]# docker-compose down #关闭haorbor仓库
[root@server1 harbor]# ./prepare #清理记录缓存
[root@server1 harbor]# ./install.sh --with-notary --with-clair --with-chartmuseum #重新安装harbor 并装上了扫描 和签名插件
[root@server1 harbor]# docker-compose ps #查看harbor运行情况
1.重新安装harbor清理环境
[root@server1 ~]# cd harbor/
[root@server1 harbor]# docker-compose down #关闭harbor
[root@server1 harbor]# ./install.sh --help #查看用法
[root@server1 harbor]# ./install.sh --with-notary --with-clair --with-chartmuseum #加入扫描、签名等参数
2.浏览器访问
内容信任,无限制访问
3.自动扫描镜像,当拉取内容存在严重以上风险时,拒绝访问.
4.扫描无漏洞
[root@server1 harbor]# docker login reg.westos.org
Username: admin
[root@server1 harbor]# docker push reg.westos.org/library/game2048:latest
5.签名
[root@server1 harbor]# export DOCKER_CONTENT_TRUST=1
[root@server1 harbor]# export DOCKER_CONTENT_TRUST_SERVER=https://reg.westos.org:4443
[root@server1 ~]# docker tag game2048:latest reg.westos.org/westos/game2048:latest #打标签
[root@server1 ~]# cd .docker/
[root@server1 .docker]# mkdir tls/reg.westos.org:4443 -p
[root@server1 .docker]# cd tls/reg.westos.org\:4443/
[root@server1 reg.westos.org:4443]# cp /data/certs/westos.org.crt ca.crt
[root@server1 reg.westos.org:4443]# ls
ca.crt
[root@server1 reg.westos.org:4443]# docker push reg.westos.org/westos/game2048:latest