• 12: docker企业级镜像仓库harbor


    docker企业级镜像仓库harbor

    为什么有了官方的Docker Registry仓库,我们还用使用harbor呢?
    Habor是由VMWare公司开源的容器镜像仓库。
    事实上,Habor是在Docker Registry上进行了相应的企业级扩展,从而获得了更加广泛的应用,
    这些新的企业级特性包括:管理用户界面,基于角色的访问控制 ,AD/LDAP集成以及审计日志等。

    #github官网地址harbor
    https://github.com/goharbor/harbor


    第一步:安装docker和docker-compose (提前安装,前面我们已经安装好了)
    #建议在一台新机器上面单独部署harbor。不要混用。

    第二步:下载ttps://github.com/goharbor/harbor/releases?after=v1.5.2(下载离线安装包)
    #我们这里下载1.5.1版本。你也可以用其它版本

    第三步:上传到/tools,并解压
    [root@k8s129 tools]# tar xf harbor-offline-installer-v1.5.1.tgz
    #把所有容器删除了。恢复到干净的状态。
    [root@k8s129 tools]#docker rm `docker ps -a -q` -f

    第四步:修改harbor.cfg配置文件
    [root@k8s129 tools]# cd harbor/
    [root@k8s129 harbor]# ls
    common docker-compose.yml harbor.v1.5.1.tar.gz NOTICE
    docker-compose.clair.yml ha install.sh prepare
    docker-compose.notary.yml harbor.cfg LICENSE
    [root@k8s129 harbor]# vim harbor.cfg #修改如下两行
    #hostname = 192.168.6.129 #指定url地址,或者是域名,
    hostname = 192.168.6.129:80 #指定url:80地址,或者是域名,docker-compose启动必须要这样修改。
    harbor_admin_password = 123456 #指定admin账户密码

    第五步:执行install.sh
    [root@k8s129 harbor]# ls
    common docker-compose.yml harbor.v1.5.1.tar.gz NOTICE
    docker-compose.clair.yml ha install.sh prepare
    docker-compose.notary.yml harbor.cfg LICENSE
    [root@k8s129 harbor]# ./install.sh #安装比较慢,耐心等待
    ...
    Creating harbor-adminserver ... done
    ✔ ----Harbor has been installed and started successfully.----
    Now you should be able to visit the admin portal at http://192.168.6.129.
    For more details, please visit https://github.com/vmware/harbor .

    [root@k8s129 harbor]# docker ps #可以看到容器已经全部起来了
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    51f652e979ba vmware/nginx-photon:v1.5.1 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
    b651bc6298fd vmware/harbor-jobservice:v1.5.1 "/harbor/start.sh" 2 minutes ago Up 2 minutes harbor-jobservice
    4d708c5c8913 vmware/harbor-ui:v1.5.1 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-ui
    02d45721726a vmware/harbor-adminserver:v1.5.1 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-adminserver
    9f6abecb0684 vmware/redis-photon:v1.5.1 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 6379/tcp redis
    23acd3f10aa1 vmware/registry-photon:v2.6.2-v1.5.1 "/entrypoint.sh serv…" 2 minutes ago Up 2 minutes (healthy) 5000/tcp registry
    1b49906a1573 vmware/harbor-db:v1.5.1 "/usr/local/bin/dock…" 2 minutes ago Up 2 minutes (healthy) 3306/tcp harbor-db
    583a24ee0069 vmware/harbor-log:v1.5.1 "/bin/sh -c /usr/loc…" 2 minutes ago Up 2 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
    [root@k8s129 harbor]#

    第六步:验证
    [root@k8s129 ~]# docker stop `docker ps -a -q` #先把容器都停掉
    [root@k8s129 ~]# docker start `docker ps -a -q` #再把容器都起来
    或者:使用此方法起harbor容器(注意一定要在harbor的目录里面执行,里面有conpose.yml文件)
    #个人比较喜欢这种方式启停harbor
    [root@k8s129 harbor]# docker-compose up -d #启动harbor容器
    [root@k8s129 harbor]# docker-compose stop # 停止harbor容器

    ======

    [root@k8s129 harbor]# docker ps #容器已经起来了
    CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
    51f652e979ba vmware/nginx-photon:v1.5.1 "nginx -g 'daemon of…" 38 minutes ago Up 54 seconds (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
    b651bc6298fd vmware/harbor-jobservice:v1.5.1 "/harbor/start.sh" 38 minutes ago Up 54 seconds harbor-jobservice
    4d708c5c8913 vmware/harbor-ui:v1.5.1 "/harbor/start.sh" 38 minutes ago Up 57 seconds (healthy) harbor-ui
    02d45721726a vmware/harbor-adminserver:v1.5.1 "/harbor/start.sh" 39 minutes ago Up About a minute (healthy) harbor-adminserver
    9f6abecb0684 vmware/redis-photon:v1.5.1 "docker-entrypoint.s…" 39 minutes ago Up 59 seconds 6379/tcp redis
    23acd3f10aa1 vmware/registry-photon:v2.6.2-v1.5.1 "/entrypoint.sh serv…" 39 minutes ago Up 59 seconds (healthy) 5000/tcp registry
    1b49906a1573 vmware/harbor-db:v1.5.1 "/usr/local/bin/dock…" 39 minutes ago Up 59 seconds (healthy) 3306/tcp harbor-db
    583a24ee0069 vmware/harbor-log:v1.5.1 "/bin/sh -c /usr/loc…" 39 minutes ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log

    #访问harbor 网址
    url: https://192.168.6.129 (监听的是80端口)
    账户:admin
    密码:123456

     

    第七步: 修改docker配置文件,信任https(在130机器上面也修改)
    harbo 配置https 证书,百度搜索,网上很多。就不需要去修改配置文件了
    修改配置:
    [root@k8s129 tools]# cat /etc/docker/daemon.json
    {
    "registry-mirrors": ["https://aeckruos.mirror.aliyuncs.com"],
    "insecure-registries": ["192.168.6.129"],
    "hosts": ["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
    "cluster-store": "consul://192.168.6.129:8500",
    "cluster-advertise": "192.168.6.129:2376",
    "live-restore": true
    }
    简化一下,网络占时用不到:配置简化成如下:
    {
    "registry-mirrors": ["https://aeckruos.mirror.aliyuncs.com"],
    "insecure-registries": ["192.168.6.129"],
    "hosts": ["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"]
    }
    改完配置后,重启docker

    第八步:测试镜像 上传 、 下载
    #我们在另外一台130机器,上面测试(记得修改配置,信任https)
    docker 镜像只能上传到项目名称下面:

    上传镜像:
    1: 打tag
    [root@k8s130 ~]# docker tag busybox:latest 192.168.6.129/library/busybox:latest
    /library -- harbor上的项目名称
    /busybox:latest -- 镜像名称

    2: docker images 看一下镜像是否打好tag
    [root@k8s130 ~]# docker images
    REPOSITORY TAG IMAGE ID CREATED SIZE
    192.168.6.129/library/busybox latest 020584afccce 12 days ago 1.22MB
    busybox latest 020584afccce 12 days ago 1.22MB
    [root@k8s130 ~]#

    3:#上传镜像
    [root@k8s130 ~]# docker push 192.168.6.129/library/busybox #会报错,没有权限
    The push refers to repository [192.168.6.129/library/busybox]
    Get https://192.168.6.129/v2/: dial tcp 192.168.6.129:443: connect: connection refused

    #登录仓库harbor #登录 admin 123456
    [root@k8s130 ~]# docker login 192.168.6.129
    Username: admin
    Password:
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    Login Succeeded

    #上传镜像到harbor
    [root@k8s130 ~]# docker push 192.168.6.129/library/busybox
    The push refers to repository [192.168.6.129/library/busybox
    1da8e4c8d307: Pushed
    latest: digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1 size: 527

    5:拉取镜像

    [root@k8s130 ~]# docker pull 192.168.6.129/library/busybox:latest
    latest: Pulling from library/busybox
    Digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1
    Status: Image is up to date for 192.168.6.129/library/busybox:latest
    192.168.6.129/library/busybox:latest
    [root@k8s130 ~]#


    注意:

    生产中,我们应该尽量把项目设置成私有,不要公开。

     

  • 相关阅读:
    通过包名获取该包下的所有类
    spring各版本下载地址
    Hash函数和消息摘要算法
    @Value在Controller中取值
    Velocity根据模版生成静态html
    所谓人生
    用递归解决问题
    获取客户端IP
    windows下文件名非法字符
    各控件所支持的数据源格式
  • 原文地址:https://www.cnblogs.com/jim-xu/p/11843049.html
Copyright © 2020-2023  润新知