其他分享
首页 > 其他分享> > Docker ❉ Docker仓库Harbor详解

Docker ❉ Docker仓库Harbor详解

作者:互联网

一 简介

        Harbor 是一个由 CNCF 托管的开源的 Docker 镜像仓库管理工具,我们可以通过它快速的建立起自己的私有仓库。 当然,搭建私有仓库的选择很多,如 Docker 官方提供的 registry 镜像或者 Nexus 等

二 安装

1 底层要求

Docker Compose下载URL:https://github.com/docker/compose/releases/

点击此处进行跳转下载

[root@localhost ~]# curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose

检查部署底层要求版本是否符合

[root@localhost bin]# python --version
Python 3.8.0
# 加一条软链接以免报错
[root@localhost bin]# ln -s /usr/local/python3/bin/python3.8 /usr/bin/python3
[root@localhost bin]# python3 --version
Python 3.8.0
[root@localhost bin]# docker --version
Docker version 20.10.12, build e91ed57
[root@localhost bin]# docker-compose --version
docker-compose version 1.21.2, build a133471

2 安装Harbor

(1)获取文件

        Harbor下载URL:https://github.com/goharbor/harbor/releases
点击此处进行跳转下载

# 我用的自己的harbor包,需要进行一下校验
[root@192 ~]# md5sum harbor-offline-installer-v1.10.1.tgz 
e9ccca33e9a25b6b64425943c06f5fe6  harbor-offline-installer-v1.10.1.tgz


# 解压缩以后会出现一个harbor文件夹
[root@192 ~]# tar -zxf harbor-offline-installer-v1.10.1.tgz
[root@192 ~]# ll
total 658288
~~~
drwxr-xr-x  2 root root       118 Dec 25 03:44 harbor
-rw-r--r--  1 root root 674078519 Dec 25 03:43 harbor-offline-installer-v1.10.1.tgz
~~~

(2)修改Harbor配置文件

[root@192 cert]# cd /root/harbor/
[root@192 harbor]# ll
total 662120
-rw-r--r-- 1 root root      3398 Feb 10  2020 common.sh
-rw-r--r-- 1 root root 677974489 Feb 10  2020 harbor.v1.10.1.tar.gz
-rw-r--r-- 1 root root      5882 Feb 10  2020 harbor.yml
-rwxr-xr-x 1 root root      2284 Feb 10  2020 install.sh
-rw-r--r-- 1 root root     11347 Feb 10  2020 LICENSE
-rwxr-xr-x 1 root root      1749 Feb 10  2020 prepare
# 这里有个harbor.yml


Harbor配置文件参数详解(重点) 

[root@localhost harbor]# vim harbor.yml
# Configuration file of Harbor
# Harbor的配置文件

# The IP address or hostname to access admin UI and registry service.
# 配置访问管理UI和注册表服务的IP地址或主机名
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
# 不要使用localhost或127.0.0.1,因为Harbor需要被外部客户端访问
hostname: 192.168.247.132  # 虚拟机IP

-----------------------------------------------------------------------
# http related config
# http相关配置
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  # 若https端口开启,此端口重定向至https端口
  port: 80

-----------------------------------------------------------------------
## https related config  # 我选择注释掉,否则会报错
## https相关配置
#https:
  ## https port for harbor, default is 443
  #port: 443
  ## The path of cert and key files for nginx
  ## nginx的cert和key文件路径
  #certificate: /data/cert/server.crt
  #private_key: /data/cert/server.key

# Uncomment external_url if you want to enable external proxy
# 取消注释external_url,如果你想启用外部代理
# And when it enabled the hostname will no longer used
# 当它启用时,主机名将不再使用
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# Harbour admin的初始密码
# It only works in first time to install harbor
# 只有在第一次安装时有效
# Remember Change the admin password from UI after launching Harbor.
# 请记住在启动Harbor UI后更改admin登录密码
harbor_admin_password: Harbor12345

-----------------------------------------------------------------------
# Harbor DB configuration
# Harbor数据库配置
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123
  # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
  max_idle_conns: 50
  # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
  # Note: the default number of connections is 100 for postgres.
  max_open_conns: 100

# The default data volume
# 默认数据卷路径
data_volume: /data

# Harbor Storage settings by default is using /data dir on local filesystem
# Uncomment storage_service setting If you want to using external storage
# 设置外部存储则取消下面配置注释
# storage_service:

#   # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
# 自定义CA根证书的路径
#   # of registry's and chart repository's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.
#   ca_bundle:

#   # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
# 存储后端的文件系统选项有azure, gcs, s3, swift, oss
#   # for more info about this configuration please refer 
https://docs.docker.com/registry/configuration/
#   filesystem:
#     maxthreads: 100
#   # set disable to true when you want to disable registry redirect
# 禁用注册表重定向需要将下面修改为true
#   redirect:
#     disabled: false

-----------------------------------------------------------------------
# Clair configuration
clair:
  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
  # clair更新时间间隔,单位为小时,0表示禁用
  updaters_interval: 12

jobservice:
  # Maximum number of job workers in job service
  # 最大工作连接数
  max_job_workers: 10

notification:
  # Maximum retry count for webhook job
  # 最大重试次数
  webhook_job_max_retry: 10

chart:
  # Change the value of absolute_url to enabled can enable absolute url in chart
  # 将absolute_url的值更改为enabled可以在图表中启用绝对url
  absolute_url: disabled

-----------------------------------------------------------------------
# Log configurations
# 日志配置
log:
  # options are debug, info, warning, error, fatal
  # 选项有:调试、信息、警告、错误、致命
  level: info
  # configs for logs in local storage 
  # 配置本地存储的日志
  local:
    # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
    # 日志文件在被删除之前会被旋转log_rotate_count次。如果count为0,则删除旧版本,而不是旋转旧版本。
    rotate_count: 50
    # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
    # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
    # are all valid.
    rotate_size: 200M
    # The directory on your host that store log
    # 存储日志的主机上的目录
    location: /var/log/harbor

  # Uncomment following lines to enable external syslog endpoint.
  # 取消注释以下行以启用外部syslog端点。
  # external_endpoint:
  #   # protocol used to transmit log to external endpoint, options is tcp or udp
  # 用于向外部终端发送日志的协议,选项为TCP或udp
  #   protocol: tcp
  #   # The host of external endpoint
  # 外部端点的主机
  #   host: localhost
  #   # Port of external endpoint
  # 外部端点的端口
  #   port: 5140

#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
#这个属性是用来检测。cfg文件的版本的,不要修改!
_version: 1.10.0

# Uncomment external_database if using external database.
# 如果使用外部数据库,取消注释external_database。
# external_database:
#   harbor:
#     host: harbor_db_host
#     port: harbor_db_port
#     db_name: harbor_db_name
#     username: harbor_db_username
#     password: harbor_db_password
#     ssl_mode: disable
#     max_idle_conns: 2
#     max_open_conns: 0
#   clair:
#     host: clair_db_host
#     port: clair_db_port
#     db_name: clair_db_name
#     username: clair_db_username
#     password: clair_db_password
#     ssl_mode: disable
#   notary_signer:
#     host: notary_signer_db_host
#     port: notary_signer_db_port
#     db_name: notary_signer_db_name
#     username: notary_signer_db_username
#     password: notary_signer_db_password
#     ssl_mode: disable
#   notary_server:
#     host: notary_server_db_host
#     port: notary_server_db_port
#     db_name: notary_server_db_name
#     username: notary_server_db_username
#     password: notary_server_db_password
#     ssl_mode: disable

# Uncomment external_redis if using external Redis server
# 如果使用外部Redis服务器,取消注释external_redis
# external_redis:
#   host: redis
#   port: 6379
#   password:
#   # db_index 0 is for core, it's unchangeable
#   registry_db_index: 1
#   jobservice_db_index: 2
#   chartmuseum_db_index: 3
#   clair_db_index: 4

# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# 取消对uaa的注释,因为它信任通过自签名证书托管的uaa实例的证书。
# uaa:
#   ca_file: /path/to/ca

# Global proxy
# 全球代理
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:
  http_proxy:
  https_proxy:
  # no_proxy endpoints will appended to 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server
  no_proxy:
  components:
    - core
    - jobservice
    - clair

(3)执行安装

[root@localhost harbor]# ./install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.8

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.24.1

[Step 2]: loading Harbor images ...
Loaded image: goharbor/clair-adapter-photon:v1.0.1-v1.10.1
Loaded image: goharbor/harbor-jobservice:v1.10.1
Loaded image: goharbor/redis-photon:v1.10.1
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.10.1
Loaded image: goharbor/clair-photon:v2.1.1-v1.10.1
Loaded image: goharbor/harbor-log:v1.10.1
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.10.1
Loaded image: goharbor/chartmuseum-photon:v0.9.0-v1.10.1
Loaded image: goharbor/harbor-registryctl:v1.10.1
Loaded image: goharbor/nginx-photon:v1.10.1
Loaded image: goharbor/harbor-migrator:v1.10.1
Loaded image: goharbor/prepare:v1.10.1
Loaded image: goharbor/harbor-portal:v1.10.1
Loaded image: goharbor/harbor-core:v1.10.1
Loaded image: goharbor/harbor-db:v1.10.1


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Note: stopping existing Harbor instance ...
Stopping harbor-jobservice ... done
Stopping harbor-log        ... done
Removing harbor-jobservice ... done
Removing nginx             ... done
Removing harbor-core       ... done
Removing registry          ... done
Removing registryctl       ... done
Removing harbor-db         ... done
Removing harbor-portal     ... done
Removing redis             ... done
Removing harbor-log        ... done
Removing network harbor_harbor


[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis         ... done
Creating harbor-portal ... done
Creating registryctl   ... done
Creating harbor-db     ... done
Creating registry      ... done
Creating harbor-core   ... done
Creating nginx             ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----

会有部分报错,解决方法见我另一篇文章(4条消息) Docker ❉ docker harbor安装常见报错_wangjie72270的博客-CSDN博客https://blog.csdn.net/wangjie72270/article/details/122145966

查看容器信息

[root@192 harbor]# docker ps
CONTAINER ID   IMAGE                                                     COMMAND                  CREATED         STATUS                   PORTS                                   NAMES
d7731bc0d5e9   goharbor/harbor-jobservice:v1.10.1                        "/harbor/harbor_jobs…"   4 minutes ago   Up 4 minutes (healthy)                                           harbor-jobservice
4e1b018fbaf5   goharbor/nginx-photon:v1.10.1                             "nginx -g 'daemon of…"   4 minutes ago   Up 4 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
9aaf905e52b7   goharbor/harbor-core:v1.10.1                              "/harbor/harbor_core"    4 minutes ago   Up 4 minutes (healthy)                                           harbor-core
b80fadaa298b   goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1   "/home/harbor/entryp…"   4 minutes ago   Up 4 minutes (healthy)   5000/tcp                                registry
5ffaa847bc47   goharbor/redis-photon:v1.10.1                             "redis-server /etc/r…"   4 minutes ago   Up 4 minutes (healthy)   6379/tcp                                redis
9422ff29fc89   goharbor/harbor-db:v1.10.1                                "/docker-entrypoint.…"   4 minutes ago   Up 4 minutes (healthy)   5432/tcp                                harbor-db
e2fd31c77f19   goharbor/harbor-portal:v1.10.1                            "nginx -g 'daemon of…"   4 minutes ago   Up 4 minutes (healthy)   8080/tcp                                harbor-portal
950d1d440db7   goharbor/harbor-registryctl:v1.10.1                       "/home/harbor/start.…"   4 minutes ago   Up 4 minutes (healthy)                                           registryctl
960d12b7277e   goharbor/harbor-log:v1.10.1                               "/bin/sh -c /usr/loc…"   4 minutes ago   Up 4 minutes (healthy)   127.0.0.1:1514->10514/tcp               harbor-log

 (4)使用浏览器访问站点

        此处访问为配置文件内定义的hostname,需要根据环境进行区分

 成功界面

 三 使用

1 上传镜像至Harbor

点击某个需要上传的项目名称

 点击[镜像仓库],可以查看到“推送镜像的docker命令”,可以直接复制并修改此两条命令即可

 2 指定镜像仓库地址

[root@192 harbor]# cat /etc/docker/daemon.json 
{
 "insecure-registries":["192.168.247.132"]
}
# 重启docker服务
[root@192 harbor]# systemctl restart docker
# 确保下面的容器是否开启成功,部分容器重启服务不会自启动,导致服务端口不可达
[root@192 harbor]# docker ps
CONTAINER ID   IMAGE                                                     COMMAND                  CREATED          STATUS                            PORTS                                   NAMES
d7731bc0d5e9   goharbor/harbor-jobservice:v1.10.1                        "/harbor/harbor_jobs…"   19 minutes ago   Up 3 seconds (health: starting)                                           harbor-jobservice
4e1b018fbaf5   goharbor/nginx-photon:v1.10.1                             "nginx -g 'daemon of…"   19 minutes ago   Up 3 seconds (health: starting)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
9aaf905e52b7   goharbor/harbor-core:v1.10.1                              "/harbor/harbor_core"    19 minutes ago   Up 3 seconds (health: starting)                                           harbor-core
b80fadaa298b   goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.10.1   "/home/harbor/entryp…"   19 minutes ago   Up 3 seconds (health: starting)   5000/tcp                                registry
5ffaa847bc47   goharbor/redis-photon:v1.10.1                             "redis-server /etc/r…"   19 minutes ago   Up 3 seconds (health: starting)   6379/tcp                                redis
9422ff29fc89   goharbor/harbor-db:v1.10.1                                "/docker-entrypoint.…"   19 minutes ago   Up 3 seconds (health: starting)   5432/tcp                                harbor-db
e2fd31c77f19   goharbor/harbor-portal:v1.10.1                            "nginx -g 'daemon of…"   19 minutes ago   Up 3 seconds (health: starting)   8080/tcp                                harbor-portal
950d1d440db7   goharbor/harbor-registryctl:v1.10.1                       "/home/harbor/start.…"   19 minutes ago   Up 3 seconds (health: starting)                                           registryctl
960d12b7277e   goharbor/harbor-log:v1.10.1                               "/bin/sh -c /usr/loc…"   19 minutes ago   Up 3 seconds (health: starting)   127.0.0.1:1514->10514/tcp               harbor-log

3 验证效果

# 本地有个tomcat
[root@192 harbor]# docker images
REPOSITORY                      TAG                              IMAGE ID       CREATED         SIZE
tomcat                          latest                           fb5657adc892   2 days ago      680MB
goharbor/chartmuseum-photon     v0.9.0-v1.10.1                   0245d66323de   22 months ago   128MB
goharbor/harbor-migrator        v1.10.1                          a4f99495e0b0   22 months ago   364MB
goharbor/redis-photon           v1.10.1                          550a58b0a311   22 months ago   111MB
goharbor/clair-adapter-photon   v1.0.1-v1.10.1                   2ec99537693f   22 months ago   61.6MB
goharbor/clair-photon           v2.1.1-v1.10.1                   622624e16994   22 months ago   171MB
goharbor/notary-server-photon   v0.6.1-v1.10.1                   e4ff6d1f71f9   22 months ago   143MB
goharbor/notary-signer-photon   v0.6.1-v1.10.1                   d3aae2fc17c6   22 months ago   140MB
goharbor/harbor-registryctl     v1.10.1                          ddef86de6480   22 months ago   104MB
goharbor/registry-photon        v2.7.1-patch-2819-2553-v1.10.1   1a0c5f22cfa7   22 months ago   86.5MB
goharbor/nginx-photon           v1.10.1                          01276d086ad6   22 months ago   44MB
goharbor/harbor-log             v1.10.1                          1f5c9ea164bf   22 months ago   82.3MB
goharbor/harbor-jobservice      v1.10.1                          689368d30108   22 months ago   143MB
goharbor/harbor-core            v1.10.1                          14151d58ac3f   22 months ago   130MB
goharbor/harbor-portal          v1.10.1                          8a9856c37798   22 months ago   52.1MB
goharbor/harbor-db              v1.10.1                          18548720d8ad   22 months ago   148MB
goharbor/prepare                v1.10.1                          897a4d535ced   22 months ago   192MB
# 验证登录账户
[root@192 harbor]# docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: ^C
[root@192 harbor]# docker login http://192.168.247.132
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
# 验证成功后重新推送镜像文件
[root@192 harbor]# docker tag fb5657adc892 192.168.247.132/library/tomcat:1.1
[root@192 harbor]# docker push 192.168.247.132/library/tomcat:1.1
The push refers to repository [192.168.247.132/library/tomcat]
3e2ed6847c7a: Pushed 
bd2befca2f7e: Pushed 
59c516e5b6fa: Pushed 
3bb5258f46d2: Pushed 
832e177bb500: Pushed 
f9e18e59a565: Pushed 
26a504e63be4: Pushed 
8bf42db0de72: Pushed 
31892cc314cb: Pushed 
11936051f93b: Pushed 
1.1: digest: sha256:e6d65986e3b0320bebd85733be1195179dbce481201a6b3c1ed27510cfa18351 size: 2422

网页有啦,乌拉!! 

标签:ago,goharbor,Harbor,v1.10,harbor,详解,Docker,root,docker
来源: https://blog.csdn.net/wangjie72270/article/details/122130751