docker企业级镜像仓库harbor
为什么有了官方的Docker Registry仓库,我们还用使用harbor呢?
Habor是由VMWare公司开源的容器镜像仓库。
事实上,Habor是在Docker Registry上进行了相应的企业级扩展,从而获得了更加广泛的应用,
这些新的企业级特性包括:管理用户界面,基于角色的访问控制 ,AD/LDAP集成以及审计日志等。
#github官网地址harbor
https://github.com/goharbor/harbor
第一步:安装docker和docker-compose (提前安装,前面我们已经安装好了)
#建议在一台新机器上面单独部署harbor。不要混用。
第二步:下载ttps://github.com/goharbor/harbor/releases?after=v1.5.2(下载离线安装包)
#我们这里下载1.5.1版本。你也可以用其它版本
第三步:上传到/tools,并解压
[root@k8s129 tools]# tar xf harbor-offline-installer-v1.5.1.tgz
#把所有容器删除了。恢复到干净的状态。
[root@k8s129 tools]#docker rm `docker ps -a -q` -f
第四步:修改harbor.cfg配置文件
[root@k8s129 tools]# cd harbor/
[root@k8s129 harbor]# ls
common docker-compose.yml harbor.v1.5.1.tar.gz NOTICE
docker-compose.clair.yml ha install.sh prepare
docker-compose.notary.yml harbor.cfg LICENSE
[root@k8s129 harbor]# vim harbor.cfg #修改如下两行
#hostname = 192.168.6.129 #指定url地址,或者是域名,
hostname = 192.168.6.129:80 #指定url:80地址,或者是域名,docker-compose启动必须要这样修改。
harbor_admin_password = 123456 #指定admin账户密码
第五步:执行install.sh
[root@k8s129 harbor]# ls
common docker-compose.yml harbor.v1.5.1.tar.gz NOTICE
docker-compose.clair.yml ha install.sh prepare
docker-compose.notary.yml harbor.cfg LICENSE
[root@k8s129 harbor]# ./install.sh #安装比较慢,耐心等待
...
Creating harbor-adminserver ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.6.129.
For more details, please visit https://github.com/vmware/harbor .
[root@k8s129 harbor]# docker ps #可以看到容器已经全部起来了
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
51f652e979ba vmware/nginx-photon:v1.5.1 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
b651bc6298fd vmware/harbor-jobservice:v1.5.1 "/harbor/start.sh" 2 minutes ago Up 2 minutes harbor-jobservice
4d708c5c8913 vmware/harbor-ui:v1.5.1 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-ui
02d45721726a vmware/harbor-adminserver:v1.5.1 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-adminserver
9f6abecb0684 vmware/redis-photon:v1.5.1 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 6379/tcp redis
23acd3f10aa1 vmware/registry-photon:v2.6.2-v1.5.1 "/entrypoint.sh serv…" 2 minutes ago Up 2 minutes (healthy) 5000/tcp registry
1b49906a1573 vmware/harbor-db:v1.5.1 "/usr/local/bin/dock…" 2 minutes ago Up 2 minutes (healthy) 3306/tcp harbor-db
583a24ee0069 vmware/harbor-log:v1.5.1 "/bin/sh -c /usr/loc…" 2 minutes ago Up 2 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[root@k8s129 harbor]#
第六步:验证
[root@k8s129 ~]# docker stop `docker ps -a -q` #先把容器都停掉
[root@k8s129 ~]# docker start `docker ps -a -q` #再把容器都起来
或者:使用此方法起harbor容器(注意一定要在harbor的目录里面执行,里面有conpose.yml文件)
#个人比较喜欢这种方式启停harbor
[root@k8s129 harbor]# docker-compose up -d #启动harbor容器
[root@k8s129 harbor]# docker-compose stop # 停止harbor容器
======
[root@k8s129 harbor]# docker ps #容器已经起来了
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
51f652e979ba vmware/nginx-photon:v1.5.1 "nginx -g 'daemon of…" 38 minutes ago Up 54 seconds (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
b651bc6298fd vmware/harbor-jobservice:v1.5.1 "/harbor/start.sh" 38 minutes ago Up 54 seconds harbor-jobservice
4d708c5c8913 vmware/harbor-ui:v1.5.1 "/harbor/start.sh" 38 minutes ago Up 57 seconds (healthy) harbor-ui
02d45721726a vmware/harbor-adminserver:v1.5.1 "/harbor/start.sh" 39 minutes ago Up About a minute (healthy) harbor-adminserver
9f6abecb0684 vmware/redis-photon:v1.5.1 "docker-entrypoint.s…" 39 minutes ago Up 59 seconds 6379/tcp redis
23acd3f10aa1 vmware/registry-photon:v2.6.2-v1.5.1 "/entrypoint.sh serv…" 39 minutes ago Up 59 seconds (healthy) 5000/tcp registry
1b49906a1573 vmware/harbor-db:v1.5.1 "/usr/local/bin/dock…" 39 minutes ago Up 59 seconds (healthy) 3306/tcp harbor-db
583a24ee0069 vmware/harbor-log:v1.5.1 "/bin/sh -c /usr/loc…" 39 minutes ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
#访问harbor 网址
url: https://192.168.6.129 (监听的是80端口)
账户:admin
密码:123456
第七步: 修改docker配置文件,信任https(在130机器上面也修改)
harbo 配置https 证书,百度搜索,网上很多。就不需要去修改配置文件了
修改配置:
[root@k8s129 tools]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://aeckruos.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.6.129"],
"hosts": ["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://192.168.6.129:8500",
"cluster-advertise": "192.168.6.129:2376",
"live-restore": true
}
简化一下,网络占时用不到:配置简化成如下:
{
"registry-mirrors": ["https://aeckruos.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.6.129"],
"hosts": ["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"]
}
改完配置后,重启docker
第八步:测试镜像 上传 、 下载
#我们在另外一台130机器,上面测试(记得修改配置,信任https)
docker 镜像只能上传到项目名称下面:
上传镜像:
1: 打tag
[root@k8s130 ~]# docker tag busybox:latest 192.168.6.129/library/busybox:latest
/library -- harbor上的项目名称
/busybox:latest -- 镜像名称
2: docker images 看一下镜像是否打好tag
[root@k8s130 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.6.129/library/busybox latest 020584afccce 12 days ago 1.22MB
busybox latest 020584afccce 12 days ago 1.22MB
[root@k8s130 ~]#
3:#上传镜像
[root@k8s130 ~]# docker push 192.168.6.129/library/busybox #会报错,没有权限
The push refers to repository [192.168.6.129/library/busybox]
Get https://192.168.6.129/v2/: dial tcp 192.168.6.129:443: connect: connection refused
#登录仓库harbor #登录 admin 123456
[root@k8s130 ~]# docker login 192.168.6.129
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#上传镜像到harbor
[root@k8s130 ~]# docker push 192.168.6.129/library/busybox
The push refers to repository [192.168.6.129/library/busybox
1da8e4c8d307: Pushed
latest: digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1 size: 527
5:拉取镜像
[root@k8s130 ~]# docker pull 192.168.6.129/library/busybox:latest
latest: Pulling from library/busybox
Digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1
Status: Image is up to date for 192.168.6.129/library/busybox:latest
192.168.6.129/library/busybox:latest
[root@k8s130 ~]#
注意:
生产中,我们应该尽量把项目设置成私有,不要公开。