前言:harbor本身也是容器化方式部署的,需要docker服务的支持;docker安装过程这里就省略了。
docker私有仓库,官方已经提供了registry镜像,为什么还需要使用的harbor仓库呢?是因为registry缺少镜像清理机制,可以push但是不能删除,耗费空间。
部署说明:harbor支持docker-compose和kubernetes的部署方式,默认是docker-compose单机部署;如果在部署harbor时出现以下告警,说明未安装docker-compose
Need to install docker-compose(1.18.0+) by yourself first and run this script again.
一、harbor私有仓库的安装
先安装docker-compose
[root@node1 ~]# curl -L https://get.daocloud.io/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
[root@node1 ~]# chmod +x /usr/local/bin/docker-compose
安装harbor
[root@node1 ~]# tar xf harbor-offline-installer-v1.8.2.tgz -C /usr/local/
[root@node1 ~]# cd /usr/local/harbor/
[root@node1 harbor]# vim harbor.yml
5 hostname: 192.168.51.10 # 将hostname改成harbor服务器的IP
27 harbor_admin_password: harbor12345 # admin用户的默认密码,我这里改为harbor12345
[root@node1 harbor]# ./install.sh # 安装过程会自动解压镜像,导入镜像,并一键启动容器
......
......
......
[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis ... done
Creating registry ... done
Creating registryctl ... done
Creating harbor-db ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating harbor-portal ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.51.10.
For more details, please visit https://github.com/goharbor/harbor .
[root@node1 harbor]# docker ps -a
二、浏览器配置harbor
http://192.168.51.10
公开项目: 下载镜像不需要docker login登录,但上传镜像还是需要docker login登录
私有项目: 都需要docker login登录才可以上传下载
配置非https连接
因为harbor默认使用https通讯,所以还需要做证书,太麻烦。
三、在客户端配置"insecure-registries": [“harbor服务器IP”]来使用http通讯
[root@node2 docker]# ls
daemon.json key.json
[root@node2 docker]# cat daemon.json
{
"registry-mirrors": ["https://kon6wlyl.mirror.aliyuncs.com"], ## 这里有一个逗号
"insecure-registries": ["192.168.51.10"]
}
[root@node2 docker]# systemctl restart docker
四、验证,登录镜像仓库
[root@node2 docker]# docker login 192.168.51.10
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
五、TAG要上传的镜像
客户端下载一个测试镜像,并tag成harborIP/项目名/镜像名:TAG
[root@node2 docker]# docker pull busybox
[root@node2 docker]# docker tag busybox 192.168.51.10/text/busybox:v1
[root@node2 docker]# docker push 192.168.51.10/text/busybox:v1
The push refers to repository [192.168.51.10/text/busybox]
0064d0478d00: Pushed
v1: digest: sha256:0415f56ccc05526f2af5a7ae8654baec97d4a614f24736e8eef41a4591f08019 size: 527
六、浏览器上验证镜像上传成功
七、登出私有仓库
[root@node2 docker]# docker logout 192.168.51.10
Removing login credentials for 192.168.51.10
小结: 远程仓库
-
官方仓库 缺点:网络问题
-
国内云运营商提供的镜像仓库 优点:网速较好 缺点: 安全性考虑
-
自建仓库 优点: 网速好,安全性也好 缺点: 自己维护,需要服务器和存储成本
扫一扫
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
