docker+docker-compose搭建远程私有镜像仓库Harbor
作者:互联网
文章目录
一、安装docker-compose 工具
github地址:https://github.com/docker/compose/releases/tag/1.25.3
在linux终端执行如下命令:
curl -L https://github.com/docker/compose/releases/download/1.25.3/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
安装成功后,检验docker-compose版本:
docker-compose -v
二、安装Harbor
1. 从github上获取要安装的Harbor版本
https://github.com/goharbor/harbor/releases
可以直接使用wget 工具拉取 1.7.0的线下版本的。
wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.4.tgz
下载完成后,在本目录就能看到安装包:
解压安装包:
tar zxf harbor-offline-installer-v1.7.4.tgz
解压成功后,我们只需要在配置文件中harbor.cfg 中修改hostname即可,修改成本机的ip地址。
切换至 Harbor目录,执行 ./install.sh
命令
2. 编辑docker的主配置文件docker.service文件
centos查看docker的主配置文件的默认路径:
cat /usr/lib/systemd/system/docker.service
ubuntu 查看docker的主配置文件的默认路径:
cat /lib/systemd/system/docker.service
vim docker.service
在 ExecStart 后面添加--insecure-registry 116.62.146.90
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insrcure-registry 116.62.146.90
重新加载配置后,重启docker:
~# systemctl daemon-reload
~# service docker restart
启动成功后,切换到Harbor的安装目录,执行命令, 使用docker-compose 启动Harbor:
docker-compose start
完整启动后,应包有以下镜像:
启动成功后,访问ip地址即可!
停止命令, 在Harbor的安装目录执行:
docker-compose stop
3. docker-compose.yml
安装好Harbor后,可以发现根目录下的docker-compose.yml,里面配置了 搭建Harbor需要的所有工具, 主要包含如下模块和工具: nginx、harbor-jobservice、 harbor-portal、harbor-core、registry、registryctl、redis、 harbor-db、 harbor-log。
version: '2'
services:
log:
image: goharbor/harbor-log:v1.7.4
container_name: harbor-log
restart: always
dns_search: .
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- ./common/config/log/:/etc/logrotate.d/:z
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.6.2-v1.7.4
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- ./common/config/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v1.7.4
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- ./common/config/registryctl/config.yml:/etc/registryctl/config.yml:z
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v1.7.4
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/database:/var/lib/postgresql/data:z
networks:
- harbor
dns_search: .
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "postgresql"
adminserver:
image: goharbor/harbor-adminserver:v1.7.4
container_name: harbor-adminserver
env_file:
- ./common/config/adminserver/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/config/:/etc/adminserver/config/:z
- /data/secretkey:/etc/adminserver/key:z
- /data/:/data/:z
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "adminserver"
core:
image: goharbor/harbor-core:v1.7.4
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- ./common/config/core/app.conf:/etc/core/app.conf:z
- ./common/config/core/private_key.pem:/etc/core/private_key.pem:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- /data/secretkey:/etc/core/key:z
- /data/ca_download/:/etc/core/ca/:z
- /data/psc/:/etc/core/token/:z
- /data/:/data/:z
networks:
- harbor
dns_search: .
depends_on:
- log
- adminserver
- registry
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "core"
portal:
image: goharbor/harbor-portal:v1.7.4
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
networks:
- harbor
dns_search: .
depends_on:
- log
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v1.7.4
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
networks:
- harbor
dns_search: .
depends_on:
- redis
- core
- adminserver
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v1.7.4
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v1.7.4
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
networks:
- harbor
dns_search: .
ports:
- 80:80
- 443:443
- 4443:4443
depends_on:
- postgresql
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
networks:
harbor:
external: false
三、使用Harbor仓库管理镜像
1. 配置私有仓库
安装好Harbor后,我们接下来就可以配置Harbor镜像仓库
2. 访问搭好的私有仓库
有可能在登录的时候出现警告提示,登录不上的问题:WARNING! Using --password via the CLI is insecure. Use --password-stdin.
因为docker registry 默认的交互式 Https协议的,解决方法只需要在docker.service主配置文件中添加一行命令--insecure-registry 116.62.146.90
注: --in一定要在 --containerd 后面添加。
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 116.62.146.90
登录远程仓库:
docker login -u admin -p Harbor12345 116.62.146.90
标签:core,compose,syslog,Harbor,cap,harbor,docker,config 来源: https://blog.csdn.net/qq_33036061/article/details/115293724