当前位置: 代码迷 >> 综合 >> docker——私有仓库搭建(Harbor)
  详细解决方案

docker——私有仓库搭建(Harbor)

热度:2   发布时间:2024-02-23 03:16:56.0

这里写目录标题

  • 一、harbor概述
  • 二、私有仓库优势
  • 三、实验 搭建harbor仓库

一、harbor概述

Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。

  • Harbor是VMware公司开源的企业级Docker Registry项目
    • Harbor的优势
    • 基于角色控制
    • 基于镜像的复制策略
    • 支持LDAP /AD
    • 图像删除和垃圾收集
    • 图形UI
    • 审计
    • RESTful API
  • Proxy
    • 通过一一个前置的反向代理统一 接收浏览器、Docker客户端的请求,并将请求转发给后端不同的服务
  • Registry
    • 负责储存Docker镜像,并处理docker push/ull命令
  • Core services
    • Harbor的核心功能,包括UI、 webhook. token服务
  • Database
    • 为core services提供数据库服务
  • Log collector
    • 负责收集其他组件的log,供日后进行分析
  • docker私有仓库架构拓扑
    在这里插入图片描述

二、私有仓库优势

  • 使用Docker Compose可以轻松、高效的管理容器
  • Consul是基于GO语言开发的开源工具,主要面向分布式,服务化的系统提供服务注册、服务发现和配置管理的功能
  • 作为一个企业级私有Registry服务器,Harbor提供更好的性能和安全
  • 私有仓库- -般在自己的服务器搭建,更快速稳定

三、实验 搭建harbor仓库

1.清空防火墙列表,关闭核心防护

[root@localhost ~]# iptables -F
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl restart docker

2.安装compose命令

[root@localhost ~]# chmod +x docker-compose 
[root@localhost ~]# mv docker-compose /usr/local/bin/
[root@localhost ~]# docker-compose -v
docker-compose version 1.21.1, build 5a3f1a3

3.安装harbor

[root@localhost ~]# ls
anaconda-ks.cfg                      initial-setup-ks.cfg  模板  图片  下载  桌面
harbor-offline-installer-v1.2.2.tgz  公共                  视频  文档  音乐
[root@localhost ~]# tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
[root@localhost ~]# cd /usr/local/
[root@localhost local]# ls
bin  etc  games  harbor  include  lib  lib64  libexec  sbin  share  src
[root@localhost local]# cd harbor/
[root@localhost harbor]# ls
common                     docker-compose.yml     harbor.v1.2.2.tar.gz  NOTICE
docker-compose.clair.yml   harbor_1_1_0_template  install.sh            prepare
docker-compose.notary.yml  harbor.cfg             LICENSE               upgrade
[root@localhost harbor]# vim harbor.cfg 
hostname = 192.168.200.100
[root@localhost harbor]# sh install.sh 

4.查看镜像

docker ps -a
CONTAINER ID        IMAGE                              COMMAND                  CREATED             STATUS              PORTS                                                              NAMES
9521a1ec5832        vmware/harbor-jobservice:v1.2.2    "/harbor/harbor_jobs…"   About an hour ago   Up About an hour                                                                       harbor-jobservice
d6c81a80c14f        vmware/nginx-photon:1.11.13        "nginx -g 'daemon of…"   About an hour ago   Up About an hour    0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
968d81b4af1d        vmware/harbor-ui:v1.2.2            "/harbor/harbor_ui"      About an hour ago   Up About an hour                                                                       harbor-ui
6ef586dd3a11        vmware/registry:2.6.2-photon       "/entrypoint.sh serv…"   About an hour ago   Up About an hour    5000/tcp                                                           registry
f05ab7548ee6        vmware/harbor-adminserver:v1.2.2   "/harbor/harbor_admi…"   About an hour ago   Up About an hour                                                                       harbor-adminserver
6b36c8b60766        vmware/harbor-db:v1.2.2            "docker-entrypoint.s…"   About an hour ago   Up About an hour    3306/tcp                                                           harbor-db
d66deb0e7638        vmware/harbor-log:v1.2.2           "/bin/sh -c 'crond &…"   About an hour ago   Up About an hour    127.0.0.1:1514->514/tcp             
docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
vmware/harbor-log           v1.2.2              36ef78ae27df        2 years ago         200MB
vmware/harbor-jobservice    v1.2.2              e2af366cba44        2 years ago         164MB
vmware/harbor-ui            v1.2.2              39efb472c253        2 years ago         178MB
vmware/harbor-adminserver   v1.2.2              c75963ec543f        2 years ago         142MB
vmware/harbor-db            v1.2.2              ee7b9fa37c5d        2 years ago         329MB
vmware/nginx-photon         1.11.13             6cc5c831fc7f        2 years ago         144MB
vmware/registry             2.6.2-photon        5d9100e4350e        3 years ago         173MB
vmware/postgresql           9.6.4-photon        c562762cbd12        3 years ago         225MB
vmware/clair                v2.0.1-photon       f04966b4af6c        3 years ago         297MB
vmware/harbor-notary-db     mariadb-10.1.10     64ed814665c6        3 years ago         324MB
vmware/notary-photon        signer-0.5.0        b1eda7d10640        3 years ago         156MB
vmware/notary-photon        server-0.5.0        6e2646682e3c        3 years ago         157MB
photon                      1.0                 e6e4e4a2ba1b        4 years ago         128MB

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

5.本地登录

[root@localhost harbor]# docker login -u admin -p Harbor12345 http://127.0.0.1 #本地登录
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

6.官网下载镜像,改标签

[root@localhost harbor]# docker pull nginx
[root@localhost harbor]# docker tag nginx:latest 127.0.0.1/kgc/nginx:v1
[root@localhost harbor]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
127.0.0.1/kgc/nginx         v1                  7e4d58f0e5f3        13 days ago         133MB
[root@localhost harbor]# docker push 127.0.0.1/kgc/nginx

7.node2 远程登录

[root@promote ~]# docker login -u admin -p Harbor12345 http://192.168.200.100 #远程登录失败 不能直接远程登录要修改配置文件
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://192.168.200.100/v2/: dial tcp 192.168.200.100:443: connect: connection refused
vim /usr/lib/systemd/system/docker.service 
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.200.100    ## 配置文件里面加上这句话 一定要加,指向私有仓库的ip地址
[root@promote ~]# systemctl daemon-reload 
[root@promote ~]# systemctl restart docker
[root@promote ~]# docker login -u admin -p Harbor12345 http://192.168.200.100 #远程登录成功
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
docker pull centos:7
[root@promote ~]# docker tag centos:7 192.168.200.100/kgc/centos7:v1 #加标签
[root@promote ~]# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
192.168.200.100/kgc/centos7   v1                  7e6257c9f8d8        6 weeks ago         203MB
[root@promote ~]# docker push 192.168.200.100/kgc/centos7 # 上传镜像
[root@promote ~]# docker push 192.168.200.100/kgc/centos7

8.node1 下载上传的镜像

[root@localhost harbor]# docker pull 127.0.0.1/kgc/centos7:v1

9.创建用户,添加用户到项目组