harbor私有镜像仓库部署和使用 逃离我推掉我的手 2022-12-19 14:27 149阅读 0赞 ## 什么是harbor ## Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,可以用来构建企业内部的Docker镜像仓库。 harbor是基于docker registry进行了相应的企业级扩展,从而获得了更加广泛的应用,新特性包括:**管理用户界面,基于角色的访问控制 ,AD/LDAP集成以及审计日志等。** ## harbor要解决的问题 ## 以Docker为代表的容器技术的出现,改变了传统的交付方式。通过把业务及其依赖的环境打包进Docker镜像,解决了开发环境和生产环境的差异问题,提升了业务交付的效率。如何高效地管理和分发Docker镜像?是众多企业需要考虑的问题。 ## 有了docker自带的registry为什么还要用harbor ## * harbor的安全机制 可以根据角色灵活的进行权限控制,如访客只需给pull权限即可 * harbor的镜像同步机制 对系统稳定性要求高,需要多个仓库保证高可用性 ## 安装harbor的条件 ## 1. docker-compose,Need to install docker-compose(1.18.0+) by yourself first and run this script again. 2. docker版本要大于Need to upgrade docker package to 17.06.0+. 3. centos的内核版本要大于3.10.0-1127.el7.x86\_64。否则会报错。 ## 安装harbor ## 下载docker-compose curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose #下载速度快 curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose 给予可执行权限 ![watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70][] [harbor的下载地址][harbor] ![watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70 1][] [root@localhost local]# tar -xf harbor-offline-installer-v2.1.1.tgz && cd harbor [root@localhost harbor]# vim harbor.yml hostname: ip地址 http: port: 85 harbor_admin_password: 123456 database: password: root123 max_idle_conns: 50 max_open_conns: 1000 data_volume: /data/harbor # 其余配置选择默认,这里https的先给注释掉 # https related config #https: # https port for harbor, default is 443 #port: 443 # The path of cert and key files for nginx #certificate: /your/certificate/path #private_key: /your/private/key/path #安装 [root@localhost harbor]# sh install.sh # sh install.sh [Step 0]: checking if docker is installed ... Note: docker version: 18.06.1 [Step 1]: checking docker-compose is installed ... Note: docker-compose version: 1.27.4 [Step 2]: loading Harbor images ... Loaded image: goharbor/harbor-db:v2.1.1 Loaded image: goharbor/redis-photon:v2.1.1 Loaded image: goharbor/notary-signer-photon:v2.1.1 Loaded image: goharbor/clair-photon:v2.1.1 Loaded image: goharbor/clair-adapter-photon:v2.1.1 Loaded image: goharbor/harbor-core:v2.1.1 Loaded image: goharbor/harbor-portal:v2.1.1 Loaded image: goharbor/harbor-log:v2.1.1 Loaded image: goharbor/nginx-photon:v2.1.1 Loaded image: goharbor/prepare:v2.1.1 Loaded image: goharbor/harbor-registryctl:v2.1.1 Loaded image: goharbor/notary-server-photon:v2.1.1 Loaded image: goharbor/trivy-adapter-photon:v2.1.1 Loaded image: goharbor/harbor-jobservice:v2.1.1 Loaded image: goharbor/chartmuseum-photon:v2.1.1 Loaded image: goharbor/registry-photon:v2.1.1 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir is set to /usr/local/harbor WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https Clearing the configuration file: /config/portal/nginx.conf Clearing the configuration file: /config/log/logrotate.conf Clearing the configuration file: /config/log/rsyslog_docker.conf Clearing the configuration file: /config/nginx/nginx.conf Clearing the configuration file: /config/core/env Clearing the configuration file: /config/core/app.conf Clearing the configuration file: /config/registry/passwd Clearing the configuration file: /config/registry/config.yml Clearing the configuration file: /config/registry/root.crt Clearing the configuration file: /config/registryctl/env Clearing the configuration file: /config/registryctl/config.yml Clearing the configuration file: /config/db/env Clearing the configuration file: /config/jobservice/env Clearing the configuration file: /config/jobservice/config.yml Generated configuration file: /config/portal/nginx.conf Generated configuration file: /config/log/logrotate.conf Generated configuration file: /config/log/rsyslog_docker.conf Generated configuration file: /config/nginx/nginx.conf Generated configuration file: /config/core/env Generated configuration file: /config/core/app.conf Generated configuration file: /config/registry/config.yml Generated configuration file: /config/registryctl/env Generated configuration file: /config/registryctl/config.yml Generated configuration file: /config/db/env Generated configuration file: /config/jobservice/env Generated configuration file: /config/jobservice/config.yml loaded secret from file: /data/secret/keys/secretkey Generated configuration file: /compose_location/docker-compose.yml Clean up the input dir Note: stopping existing Harbor instance ... Stopping harbor-jobservice ... done Stopping nginx ... done Stopping harbor-core ... done Stopping harbor-portal ... done Stopping registry ... done Stopping registryctl ... done Stopping redis ... done Stopping harbor-db ... done Stopping harbor-log ... done Removing harbor-jobservice ... done Removing nginx ... done Removing harbor-core ... done Removing harbor-portal ... done Removing registry ... done Removing registryctl ... done Removing redis ... done Removing harbor-db ... done Removing harbor-log ... done Removing network harbor_harbor [Step 5]: starting Harbor ... Creating network "harbor_harbor" with the default driver Creating harbor-log ... done Creating registry ... done Creating harbor-portal ... done Creating harbor-db ... done Creating redis ... done Creating registryctl ... done Creating harbor-core ... done Creating nginx ... done Creating harbor-jobservice ... done ✔ ----Harbor has been installed and started successfully.---- 安装结束有一个ui页面,如下所示 ![watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70 2][] ## FAQ: ## 1、安装过程中报如下错误 cgroup configuration for process caused \"mkdir /sys/fs/cgroup/memory/kubepods/burstable/podf1bd9e87-1ef2-11e8-afd3-fa163ecf2dce/8710c146b3c8b52f5da62e222273703b1e3d54a6a6270a0ea7ce1b194f1b5053: no space left on device\"" [解决方案][Link 1],升级内核版本 ## harbor的使用 ## 上传镜像到harbor上 vim /etc/docker/daemon.json #添加harbor的地址 "insecure-registries": ["172.16.xx.xx:85"] #重启docker服务 systemctl restart docker 查看docker信息 #查看docker信息 docker info ... ID: HEGT:GM26:ICFM:GYXR:JKVP:J25N:GRO3:OTVZ:FGTD:AG5S:W7QB:XAIK Docker Root Dir: /data/docker Insecure Registries: 172.16.xx.xx:85 127.0.0.0/8 Registry Mirrors: https://pa4gan2a.mirror.aliyuncs.com/ ... harbor认证 ![watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70 3][] 在harbor页面上查看 ![watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70 4][] 其他服务器上如果要使用该镜像,需要docker pull 即可。 ![watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70 5][] [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70]: /images/20221120/ffb0dea30c3a415a9c8b2120479a505b.png [harbor]: https://github.com/goharbor/harbor/releases [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70 1]: /images/20221120/758f7a9e325a4e61a8944d50294bf920.png [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70 2]: /images/20221120/4bf03a8f8cd74d4e8e5a005aabb8b8c7.png [Link 1]: https://zhuanlan.zhihu.com/p/106757502 [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70 3]: /images/20221120/4b436247b1964e42bdbb2516384c8fc1.png [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70 4]: https://img-blog.csdnimg.cn/20201112140350177.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc=,size_16,color_FFFFFF,t_70 [watermark_type_ZmFuZ3poZW5naGVpdGk_shadow_10_text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc_size_16_color_FFFFFF_t_70 5]: https://img-blog.csdnimg.cn/20201112140504479.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3d5bDk1Mjc=,size_16,color_FFFFFF,t_70
还没有评论,来说两句吧...