Harbor简介:
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中, 确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。
Harbor地址
https://github.com/goharbor/harbor/releases
Harbor部署依赖于docker和docker-compose 所以需要安装docker与docker-compose这里不在赘述
安装
使用wget下载很慢所以这里直接将下载好的文件copy到liunx中
[root@k8s-master210 docker]# ll harbor-offline-installer-v2.11.0.tgz
-rwxrw-rw- 1 root root 659171069 6月 12 11:23 harbor-offline-installer-v2.11.0.tgz
[root@k8s-master210 docker]# tar -xvf harbor-offline-installer-v2.11.0.tgz
harbor/harbor.v2.11.0.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl
[root@k8s-master210 docker]# cd harbor/
[root@k8s-master210 harbor]# ls
common.sh harbor.v2.11.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@k8s-master210 harbor]# cp harbor.yml.tmpl harbor.yml
[root@k8s-master210 harbor]# ls
common.sh harbor.v2.11.0.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
修改harbor.yml配置文件
保存后执行install
[root@k8s-master210 harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 24.0.7
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.16.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v2.11.0
Loaded image: goharbor/harbor-db:v2.11.0
Loaded image: goharbor/nginx-photon:v2.11.0
Loaded image: goharbor/trivy-adapter-photon:v2.11.0
Loaded image: goharbor/redis-photon:v2.11.0
Loaded image: goharbor/registry-photon:v2.11.0
Loaded image: goharbor/prepare:v2.11.0
Loaded image: goharbor/harbor-portal:v2.11.0
Loaded image: goharbor/harbor-log:v2.11.0
Loaded image: goharbor/harbor-jobservice:v2.11.0
Loaded image: goharbor/harbor-registryctl:v2.11.0
Loaded image: goharbor/harbor-exporter:v2.11.0
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/桌面/docker/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
[+] Running 10/10
⠿ Container nginx Removed 0.2s
⠿ Container registryctl Removed 0.2s
⠿ Container harbor-jobservice Removed 0.3s
⠿ Container harbor-portal Removed 0.2s
⠿ Container harbor-core Removed 0.2s
⠿ Container registry Removed 0.3s
⠿ Container redis Removed 0.4s
⠿ Container harbor-db Removed 0.3s
⠿ Container harbor-log Removed 10.2s
⠿ Network harbor_harbor Removed 0.1s
[Step 5]: starting Harbor ...
[+] Running 10/10
⠿ Network harbor_harbor Created 0.1s
⠿ Container harbor-log Started 0.4s
⠿ Container redis Started 1.1s
⠿ Container harbor-portal Started 1.1s
⠿ Container harbor-db Started 0.8s
⠿ Container registryctl Started 0.9s
⠿ Container registry Started 1.0s
⠿ Container harbor-core Started 1.3s
⠿ Container nginx Started 1.8s
⠿ Container harbor-jobservice Started 1.8s
✔ ----Harbor has been installed and started successfully.----
查看容器
docker-compose ps
• ginx:nginx负责流量转发和安全验证,对外提供的流量都是从nginx中转,所以开放https的443端口,它将流量分发到后端的ui和正在docker镜像存储的docker registry。
• harbor-jobservice:harbor-jobservice 是harbor的job管理模块,job在harbor里面主要是为了镜像仓库之前同步使用的;
• harbor-ui:harbor-ui是web管理页面,主要是前端的页面和后端CURD的接口;
• registry:registry就是docker原生的仓库,负责保存镜像。
• harbor-adminserver:harbor-adminserver是harbor系统管理接口,可以修改系统配置以及获取系统信息。
• harbor-db:harbor-db是harbor的数据库,这里保存了系统的job以及项目、人员权限管理。由于本harbor的认证也是通过数据,在生产环节大多对接到企业的ldap中;
• harbor-log:harbor-log是harbor的日志服务,统一管理harbor的日志。通过inspect可以看出容器统一将日志输出的syslog。
访问harbor
http://192.168.188.128:81/
访问地址为在harbor.yml中的配置
账号为admin,密码为我们之前配置的123456
新建项目
推送项目到私有仓库
需要修改docker配置文件加入私有仓库的ip否则会出现
Error response from daemon: Get “https://192.168.188.128:81/v2/”: http: server gave HTTP response to HTTPS client
"insecure-registries" : [
"192.168.188.128:81"
]
重启docker
登录、打标签、推包
docker login -u admin 192.168.188.128:81
docker tag gateway:202402052124 192.168.188.128:81/test/gateway:202402052124
docker push 192.168.188.128:81/test/gateway:202402052124
至此搭建结束
扫一扫
1474
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
