这里写目录标题
- 一、harbor概述
- 二、私有仓库优势
- 三、实验 搭建harbor仓库
一、harbor概述
Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。
- Harbor是VMware公司开源的企业级Docker Registry项目
- Harbor的优势
- 基于角色控制
- 基于镜像的复制策略
- 支持LDAP /AD
- 图像删除和垃圾收集
- 图形UI
- 审计
- RESTful API
- Proxy
- 通过一一个前置的反向代理统一 接收浏览器、Docker客户端的请求,并将请求转发给后端不同的服务
- Registry
- 负责储存Docker镜像,并处理docker push/ull命令
- Core services
- Harbor的核心功能,包括UI、 webhook. token服务
- Database
- 为core services提供数据库服务
- Log collector
- 负责收集其他组件的log,供日后进行分析
- docker私有仓库架构拓扑
二、私有仓库优势
- 使用Docker Compose可以轻松、高效的管理容器
- Consul是基于GO语言开发的开源工具,主要面向分布式,服务化的系统提供服务注册、服务发现和配置管理的功能
- 作为一个企业级私有Registry服务器,Harbor提供更好的性能和安全
- 私有仓库- -般在自己的服务器搭建,更快速稳定
三、实验 搭建harbor仓库
1.清空防火墙列表,关闭核心防护
[root@localhost ~]# iptables -F
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl restart docker
2.安装compose命令
[root@localhost ~]# chmod +x docker-compose
[root@localhost ~]# mv docker-compose /usr/local/bin/
[root@localhost ~]# docker-compose -v
docker-compose version 1.21.1, build 5a3f1a3
3.安装harbor
[root@localhost ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg 模板 图片 下载 桌面
harbor-offline-installer-v1.2.2.tgz 公共 视频 文档 音乐
[root@localhost ~]# tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
[root@localhost ~]# cd /usr/local/
[root@localhost local]# ls
bin etc games harbor include lib lib64 libexec sbin share src
[root@localhost local]# cd harbor/
[root@localhost harbor]# ls
common docker-compose.yml harbor.v1.2.2.tar.gz NOTICE
docker-compose.clair.yml harbor_1_1_0_template install.sh prepare
docker-compose.notary.yml harbor.cfg LICENSE upgrade
[root@localhost harbor]# vim harbor.cfg
hostname = 192.168.200.100
[root@localhost harbor]# sh install.sh
4.查看镜像
docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9521a1ec5832 vmware/harbor-jobservice:v1.2.2 "/harbor/harbor_jobs…" About an hour ago Up About an hour harbor-jobservice
d6c81a80c14f vmware/nginx-photon:1.11.13 "nginx -g 'daemon of…" About an hour ago Up About an hour 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
968d81b4af1d vmware/harbor-ui:v1.2.2 "/harbor/harbor_ui" About an hour ago Up About an hour harbor-ui
6ef586dd3a11 vmware/registry:2.6.2-photon "/entrypoint.sh serv…" About an hour ago Up About an hour 5000/tcp registry
f05ab7548ee6 vmware/harbor-adminserver:v1.2.2 "/harbor/harbor_admi…" About an hour ago Up About an hour harbor-adminserver
6b36c8b60766 vmware/harbor-db:v1.2.2 "docker-entrypoint.s…" About an hour ago Up About an hour 3306/tcp harbor-db
d66deb0e7638 vmware/harbor-log:v1.2.2 "/bin/sh -c 'crond &…" About an hour ago Up About an hour 127.0.0.1:1514->514/tcp
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-log v1.2.2 36ef78ae27df 2 years ago 200MB
vmware/harbor-jobservice v1.2.2 e2af366cba44 2 years ago 164MB
vmware/harbor-ui v1.2.2 39efb472c253 2 years ago 178MB
vmware/harbor-adminserver v1.2.2 c75963ec543f 2 years ago 142MB
vmware/harbor-db v1.2.2 ee7b9fa37c5d 2 years ago 329MB
vmware/nginx-photon 1.11.13 6cc5c831fc7f 2 years ago 144MB
vmware/registry 2.6.2-photon 5d9100e4350e 3 years ago 173MB
vmware/postgresql 9.6.4-photon c562762cbd12 3 years ago 225MB
vmware/clair v2.0.1-photon f04966b4af6c 3 years ago 297MB
vmware/harbor-notary-db mariadb-10.1.10 64ed814665c6 3 years ago 324MB
vmware/notary-photon signer-0.5.0 b1eda7d10640 3 years ago 156MB
vmware/notary-photon server-0.5.0 6e2646682e3c 3 years ago 157MB
photon 1.0 e6e4e4a2ba1b 4 years ago 128MB
5.本地登录
[root@localhost harbor]# docker login -u admin -p Harbor12345 http://127.0.0.1 #本地登录
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
6.官网下载镜像,改标签
[root@localhost harbor]# docker pull nginx
[root@localhost harbor]# docker tag nginx:latest 127.0.0.1/kgc/nginx:v1
[root@localhost harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
127.0.0.1/kgc/nginx v1 7e4d58f0e5f3 13 days ago 133MB
[root@localhost harbor]# docker push 127.0.0.1/kgc/nginx
7.node2 远程登录
[root@promote ~]# docker login -u admin -p Harbor12345 http://192.168.200.100 #远程登录失败 不能直接远程登录要修改配置文件
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get https://192.168.200.100/v2/: dial tcp 192.168.200.100:443: connect: connection refused
vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.200.100 ## 配置文件里面加上这句话 一定要加,指向私有仓库的ip地址
[root@promote ~]# systemctl daemon-reload
[root@promote ~]# systemctl restart docker
[root@promote ~]# docker login -u admin -p Harbor12345 http://192.168.200.100 #远程登录成功
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
docker pull centos:7
[root@promote ~]# docker tag centos:7 192.168.200.100/kgc/centos7:v1 #加标签
[root@promote ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.200.100/kgc/centos7 v1 7e6257c9f8d8 6 weeks ago 203MB
[root@promote ~]# docker push 192.168.200.100/kgc/centos7 # 上传镜像
[root@promote ~]# docker push 192.168.200.100/kgc/centos7
8.node1 下载上传的镜像
[root@localhost harbor]# docker pull 127.0.0.1/kgc/centos7:v1
9.创建用户,添加用户到项目组