1. harbor简介:
- Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。
- 作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全。提升用户使用Registry构建和运行环境传输镜像的效率。Harbor支持安装在多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中,确保数据和知识产权在公司内部网络中管控。另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。
2. harbor部署:
资源 | 最低 | 推荐 |
CPU | 2cpu | 4cpu |
Mem | 4GB | 8GB |
Disk | 40GB | 160GB |
- Harbor仓库部署两种方式,一种是off-line ,一种是on-line,即离线和在线安装,此处选择离线安装:
2.1. 安装Docker-Compose快速编排工具
//下载Docker compose脚本
[root@localhost ~]# curl -SL https://github.com/docker/compose/releases/download/v2.17.2/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
//添加脚本x权限
chmod +x /usr/local/bin/docker-compose
//查看版本信息
[root@localhost ~]# docker-compose --version
Docker Compose version v2.17.22.2. 下载Harbor并且解压
//下载harbor离线安装包
wget -c https://github.com/goharbor/harbor/releases/download/v2.8.1/harbor-offline-installer-v2.8.1.tgz
//解压
tar -xf harbor-offline-installer-v2.8.1.tgz2.3. 修改Habor配置文件harbor.cfg
root@harbor ~]# cd harbor/
[root@harbor harbor]# ls
common.sh harbor.v2.8.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
//备份配置文件并进行配置
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
//修改配置文件中hostname内容
[root@harbor harbor]# vim harbor.yml
....
hostname: 192.168.2.50 #修改为当前主机的IP或域名
# http related config
http:
port: 80
#https: #注释掉https服务
# port: 443
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# internal_tls:
# enabled: true
# dir: /etc/harbor/tls/internal
harbor_admin_password: Harbor12345 --指定密码2.4. 安装Harbor
//执行安装脚本
[root@harbor harbor]# ./install.sh
[root@harbor harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
00f23b78bc06 goharbor/harbor-jobservice:v2.8.1 "/harbor/entrypoint.…" 6 minutes ago Up 6 minutes (healthy) harbor-jobservice
6ffdec9ca084 goharbor/nginx-photon:v2.8.1 "nginx -g 'daemon of…" 6 minutes ago Up 6 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
0b7c8c12a91a goharbor/harbor-core:v2.8.1 "/harbor/entrypoint.…" 6 minutes ago Up 6 minutes (healthy) harbor-core
198b58f0dd3a goharbor/harbor-registryctl:v2.8.1 "/home/harbor/start.…" 6 minutes ago Up 6 minutes (healthy) registryctl
f680b8bd36fc goharbor/harbor-db:v2.8.1 "/docker-entrypoint.…" 6 minutes ago Up 6 minutes (healthy) harbor-db
cef2df05b319 goharbor/redis-photon:v2.8.1 "redis-server /etc/r…" 6 minutes ago Up 6 minutes (healthy) redis
f41401422a96 goharbor/registry-photon:v2.8.1 "/home/harbor/entryp…" 6 minutes ago Up 6 minutes (healthy) registry
717da9c60854 goharbor/harbor-portal:v2.8.1 "nginx -g 'daemon of…" 6 minutes ago Up 6 minutes (healthy) harbor-portal
764e82d18fe1 goharbor/harbor-log:v2.8.1 "/bin/sh -c /usr/loc…" 6 minutes ago Up 6 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
//使用docker-compose管理harbor启动和停止服务(需要进到harbor目录中)
//关闭harbor服务
[root@harbor harbor]# docker-compose stop
[+] Running 9/9
✔ Container nginx Stopped 0.2s
✔ Container registryctl Stopped 10.1s
✔ Container harbor-jobservice Stopped 0.2s
✔ Container harbor-portal Stopped 0.2s
✔ Container harbor-core Stopped 0.2s
✔ Container harbor-db Stopped 0.2s
✔ Container registry Stopped 0.1s
✔ Container redis Stopped 0.3s
✔ Container harbor-log Stopped 10.1s
//启动harbor服务
[root@harbor harbor]# docker-compose start
[+] Running 9/9
✔ Container harbor-log Started 0.2s
✔ Container harbor-portal Started 1.3s
✔ Container harbor-db Started 1.1s
✔ Container redis Started 1.3s
✔ Container registry Started 1.4s
✔ Container registryctl Started 0.8s
✔ Container harbor-core Started 0.3s
✔ Container harbor-jobservice Started 0.5s
✔ Container nginx Started 0.6s
//配置harbor服务开机自启
[root@harbor harbor]# vim startall.sh #写一个开启自动启动的脚本
#!/bin/bash
cd /usr/local/harbor
docker-compose stop && docker-compose start
[root@harbor harbor]# chmod +x startall.sh #给脚本执行权限
[root@harbor harbor]# chmod +x /etc/rc.d/rc.local #rc.local是系统启动之后最后一个执行的文件
[root@harbor harbor]# vim /etc/rc.d/rc.local #添加以下内容就可以开机自启了
...
/bin/bash /root/harbor/startall.sh
...2.5. 登录harbor的web平台
- 默认用户名:admin,默认密码:Harbor12345
2.6. 登录成功界面
2.7. 创建用户
- 系统管理—用户管理—创建用户
2.8. 创建用户成功,并设置为管理员
2.9. 点击项目,查看推送命令
2.10. 推送镜像至harbor
- 登录仓库
[root@harbor harbor]# docker login 192.168.2.50
Username: ys
Password:
Error response from daemon: Get "https://192.168.2.50/v2/": dial tcp 192.168.2.50:443: connect: connection refused- 解决登录失败方法如下:
- 默认访问Docker仓库使用443端口,要修改为80端口仓库地址
[root@harbor harbor]# vim /etc/docker/daemon.json
{
"insecure-registries":["192.168.2.50"]
}
//重启harbor服务:
[root@harbor harbor]# docker-compose stop && docker-compose start
//再次登录harbor:
[root@harbor harbor]# docker login 192.168.2.50
Username: ys
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded- 下载镜像并修改tag
[root@harbor harbor]# docker pull nginx
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest f9c14fe76d50 6 days ago 143MB
....
//在项目中标记镜像
[root@harbor harbor]# docker tag nginx:latest 192.168.2.50/library/nginx:v1
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.2.50/library/nginx v1 f9c14fe76d50 6 days ago 143MB
nginx latest f9c14fe76d50 6 days ago 143MB
...- 推送镜像到library项目
[root@harbor harbor]# docker push 192.168.2.50/library/nginx:v1
The push refers to repository [192.168.2.50/library/nginx]
4fd834341303: Pushed
5e099cf3f3c8: Pushed
7daac92f43be: Pushed
e60266289ce4: Pushed
4b8862fe7056: Pushed
8cbe4b54fa88: Pushed
v1: digest: sha256:6b06964cdbbc517102ce5e0cef95152f3c6a7ef703e4057cb574539de91f72e6 size: 1571- 查看是否推送成功
2.11. 拉取镜像
- 删除原来的镜像
[root@harbor harbor]# docker rmi 192.168.2.50/library/nginx:v1
[root@harbor harbor]# docker rmi nginx:latest
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.8.1 bfbbb56f0c0e 3 weeks ago 97.9MB
goharbor/redis-photon v2.8.1 cb8b735b33ba 3 weeks ago 128MB
goharbor/trivy-adapter-photon v2.8.1 5314d0e3feb2 3 weeks ago 454MB
goharbor/notary-server-photon v2.8.1 d11f3ca7e07e 3 weeks ago 113MB
goharbor/notary-signer-photon v2.8.1 e97556d5f939 3 weeks ago 111MB
goharbor/harbor-registryctl v2.8.1 c141d82ffd0a 3 weeks ago 141MB
goharbor/registry-photon v2.8.1 c125efcb6c2a 3 weeks ago 79.1MB
goharbor/nginx-photon v2.8.1 cea1bb2450ee 3 weeks ago 127MB
goharbor/harbor-log v2.8.1 145a69b937ca 3 weeks ago 134MB
goharbor/harbor-jobservice v2.8.1 977ee6bff288 3 weeks ago 141MB
goharbor/harbor-core v2.8.1 075ed731ac18 3 weeks ago 165MB
goharbor/harbor-portal v2.8.1 6c2b21221aca 3 weeks ago 134MB
goharbor/harbor-db v2.8.1 01ca249e7dc2 3 weeks ago 174MB
goharbor/prepare v2.8.1 4f83854677d4 3 weeks ago 155MB- 拉取镜像
[root@harbor harbor]# docker pull 192.168.2.50/library/nginx:v1
[root@harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.2.50/library/nginx v1 f9c14fe76d50 6 days ago 143MB
goharbor/harbor-exporter v2.8.1 bfbbb56f0c0e 3 weeks ago 97.9MB
goharbor/redis-photon v2.8.1 cb8b735b33ba 3 weeks ago 128MB
goharbor/trivy-adapter-photon v2.8.1 5314d0e3feb2 3 weeks ago 454MB
goharbor/notary-server-photon v2.8.1 d11f3ca7e07e 3 weeks ago 113MB
goharbor/notary-signer-photon v2.8.1 e97556d5f939 3 weeks ago 111MB
goharbor/harbor-registryctl v2.8.1 c141d82ffd0a 3 weeks ago 141MB
goharbor/registry-photon v2.8.1 c125efcb6c2a 3 weeks ago 79.1MB
goharbor/nginx-photon v2.8.1 cea1bb2450ee 3 weeks ago 127MB
goharbor/harbor-log v2.8.1 145a69b937ca 3 weeks ago 134MB
goharbor/harbor-jobservice v2.8.1 977ee6bff288 3 weeks ago 141MB
goharbor/harbor-core v2.8.1 075ed731ac18 3 weeks ago 165MB
goharbor/harbor-portal v2.8.1 6c2b21221aca 3 weeks ago 134MB
goharbor/harbor-db v2.8.1 01ca249e7dc2 3 weeks ago 174MB
goharbor/prepare v2.8.1 4f83854677d4 3 weeks ago 155MB
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
