docker 部署harbor仓库
1.Harbor介绍
Harbor 是由 VMware 公司中国团队为企业用户设计的 Registry server 开源项目,包括了权限管理(RBAC)、LDAP、审计、管理界面、自我注册、HA 等企业必需的功能,同时针对中国用户的特点,设计镜像复制和中文支持等功能。作为一个企业级私有 Registry 服务器,Harbor 提供了更好的性能和安全。提升用户使用Registry 构建和运行环境传输镜像的效率。Harbor 支持安装在多个 Registry 节点的镜像资源复制,镜像全部保存在私有 Registry 中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor 也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。
2.部署harbor
2.1安装harhor compose
//将实现下载好的包拉取进来
[root@harbor_node01 ~]# ls
anaconda-ks.cfg docker-compose-linux-x86_64.octet-stream pubic runtime.gz
//将软件包移动到指定位置,并修改名字
[root@harbor_node01 ~]# mv docker-compose-linux-x86_64.octet-stream /usr/bin/docker-compose
//给它执行权限
[root@harbor_node01 ~]# chmod +x /usr/bin/docker-compose
//查看版本
[root@harbor_node01 ~]# docker-compose -v
Docker Compose version v2.7.0
2.2部署harbor
//将事先下载好的压缩包拉取进来
[root@harbor_node01 ~]# ls
anaconda-ks.cfg harbor-offline-installer-v2.5.3.tgz pubic runtime.gz
//压缩到/usr/local目录下
[root@harbor_node01 ~]# tar xf harbor-offline-installer-v2.5.3.tgz -C /usr/local/
[root@harbor_node01 ~]# cd /usr/local/harbor/
[root@harbor_node01 harbor]# ls
common.sh harbor.v2.5.3.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
//修改配置文件
[root@harbor_node01 harbor]# vim harbor.yml.tmpl
hostname: harbor_node01 //修改为本机的主机名
# https related config
#https: //注释掉,因为没有https
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
[root@harbor_node01 harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor_node01 harbor]# ls
common.sh harbor.v2.5.3.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
//进行安装
[root@harbor_node01 harbor]# ./install.sh
[root@harbor_node01 harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5c8bdba1adb8 goharbor/harbor-jobservice:v2.5.3 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-jobservice
e9846a72edfd goharbor/nginx-photon:v2.5.3 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
04651699d73e goharbor/harbor-core:v2.5.3 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-core
499561ceaa41 goharbor/harbor-portal:v2.5.3 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal
98d33f97f090 goharbor/registry-photon:v2.5.3 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry
322f3665bd5c goharbor/redis-photon:v2.5.3 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) redis
b35fad197114 goharbor/harbor-db:v2.5.3 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) harbor-db
1483894cdac7 goharbor/harbor-registryctl:v2.5.3 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl
92d85fc6804a goharbor/harbor-log:v2.5.3 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
//查看启动的端口
[root@harbor_node01 harbor]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:1514 0.0.0.0:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
//设置容器开机自启
[root@harbor_node01 harbor]# vim /etc/rc.local
#!/bin/bash
cd /usr/local/harbor //添加这行
docker-compose start //还有这个
[root@harbor_node01 harbor]# ll /etc/rc.local
lrwxrwxrwx. 1 root root 13 Oct 5 2021 /etc/rc.local -> rc.d/rc.local
[root@harbor_node01 harbor]# ll /etc/rc.d/rc.local
-rw-r--r--. 1 root root 514 Aug 11 22:30 /etc/rc.d/rc.local
//给它执行权限
[root@harbor_node01 harbor]# chmod +x /etc/rc.d/rc.local
//测试访问
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-p9rzb4M4-1660379708177)(C:\Users\hwf\AppData\Roaming\Typora\typora-user-images\image-20220811222845808.png)]
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-bXbVd9gN-1660379708178)(C:\Users\hwf\AppData\Roaming\Typora\typora-user-images\image-20220811222926590.png)]
//重启,测试容器是否可以开机自启
[root@harbor_node01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5c8bdba1adb8 goharbor/harbor-jobservice:v2.5.3 "/harbor/entrypoint.…" 12 minutes ago Up 28 seconds (health: starting) harbor-jobservice
e9846a72edfd goharbor/nginx-photon:v2.5.3 "nginx -g 'daemon of…" 12 minutes ago Up 28 seconds (health: starting) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
04651699d73e goharbor/harbor-core:v2.5.3 "/harbor/entrypoint.…" 12 minutes ago Up 30 seconds (healthy) harbor-core
499561ceaa41 goharbor/harbor-portal:v2.5.3 "nginx -g 'daemon of…" 12 minutes ago Up 30 seconds (healthy) harbor-portal
98d33f97f090 goharbor/registry-photon:v2.5.3 "/home/harbor/entryp…" 12 minutes ago Up 31 seconds (healthy) registry
322f3665bd5c goharbor/redis-photon:v2.5.3 "redis-server /etc/r…" 12 minutes ago Up 33 seconds (healthy) redis
b35fad197114 goharbor/harbor-db:v2.5.3 "/docker-entrypoint.…" 12 minutes ago Up 31 seconds (healthy) harbor-db
1483894cdac7 goharbor/harbor-registryctl:v2.5.3 "/home/harbor/start.…" 12 minutes ago Up 30 seconds (healthy) registryctl
92d85fc6804a goharbor/harbor-log:v2.5.3 "/bin/sh -c /usr/loc…" 12 minutes ago Up 33 seconds (healthy) 127.0.0.1:1514->10514/tcp harbor-log
3.harbor应用
3.1部署客户端访问harbor
//将harbor服务端的主机域名映射
[root@harbor_node01 ~]# vim /etc/hosts
192.168.159.100 harbor_node01.example.com
//测试能不能ping通
[root@harbor_node01 ~]# ping harbor_node01.example.com
PING harbor_node01.example.com (192.168.159.100) 56(84) bytes of data.
64 bytes from harbor_node01.example.com (192.168.159.100): icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from harbor_node01.example.com (192.168.159.100): icmp_seq=2 ttl=64 time=0.043 ms
^C
--- harbor_node01.example.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1010ms
rtt min/avg/max/mdev = 0.030/0.036/0.043/0.008 ms
//使用insecure-registries参数添加http支持
[root@harbor_node01 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://2kz7i887.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.159.100"]
}
//重启docker服务
[root@harbor_node01 ~]# systemctl daemon-reload
[root@harbor_node01 ~]# systemctl restart docker.service
//登录harbor
[root@harbor_node01 ~]# docker login 192.168.159.100
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
//修改镜像名标签,上传镜像
[root@harbor_node01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
15072814090/httpd v0.2 a3ce6a69f8e0 2 days ago 697MB
[root@harbor_node01 ~]# docker tag 15072814090/httpd:v0.2 192.168.159.100/library/httpd:v0.1
[root@harbor_node01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.159.100/library/httpd v0.1 a3ce6a69f8e0 2 days ago 697MB
[root@harbor_node01 ~]# docker push 192.168.159.100/library/httpd:v0.1
The push refers to repository [192.168.159.100/library/httpd]
fdaece32edff: Layer already exists
74ddd0ec08fa: Layer already exists
v0.1: digest: sha256:7b5d92b16225c9ca7e4a808b6a41ab9ccae62f606ed177aa861bd50b6007222f size: 742
3.2harbor管理界面
//已经上传成功
//管理用户,可以创建用户但是是普通用户,但是也可以将管理员给它