使用 harbor 搭建企业内部私有 Docker 镜像仓库

lance 2019-07-10 PM 126℃ 0条

Harbor 介绍

Docker 容器应用的开发和运行离不开可靠的镜像管理,虽然 Docker 官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署私有环境内的 Registry 也是非常必要的。Harbor 是由 VMware 公司开源的企业级的 Docker Registry 管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能


环境准备

Harbor 的所有服务组件都是在 Docker 中部署的,所以官方安装使用 Docker-compose 快速部署,所以需要安装Docker、Docker-compose。


安装 Docker、Docker-compose 并启动 Docker

[root@dev-of-runfa-26 ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o  /etc/yum.repos.d/docker.repo
[root@dev-of-runfa-26 ~]# yum -y install docker-ce.x86_64 python36-devel python36-pip.noarch
[root@dev-of-runfa-26 ~]# systemctl start docker.service
[root@dev-of-runfa-26 ~]# systemctl stop docker.service
[root@dev-of-runfa-26 ~]# mkdir /data
[root@dev-of-runfa-26 ~]# mv /var/lib/docker /data/docker
[root@dev-of-runfa-26 ~]# ln -sf /data/docker /var/lib/docker
[root@dev-of-runfa-26 ~]# systemctl start docker.service
[root@dev-of-runfa-26 ~]# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@dev-of-runfa-26 ~]# pip3 install docker-compose

Harbor 服务搭建及启动

下载 Harbor 安装文件

地址:https://github.com/goharbor/harbor/releases

[root@dev-of-runfa-26 ~]# mkdir -p /data/harbor
[root@dev-of-runfa-26 ~]# cd /data/harbor/
[root@dev-of-runfa-26 harbor]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz
[root@dev-of-runfa-26 harbor]# tar xvf harbor-online-installer-v1.8.1.tgz
配置 Harbor
[root@dev-of-runfa-26 harbor]# cd harbor/
[root@dev-of-runfa-26 harbor]# vim harbor.yml
hostname: 10.18.193.26
# 配置仓库地址,可以使用ip、域名,不要使用 127.0.0.1
database:
    password: itsupport.0
# 配置 DB root 用户的密码
harbor_admin_password: itsupport.0
# 配置管理员 UI 登录的密码
配置阿里云加速地址,运行安装 Harbor

阿里云加速地址为私有,请自行到阿里云注册账号生成
先登陆阿里云用户,然后点击下方链接,即会跳转到加速地址获取页面
加速地址获取链接:https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors

[root@dev-of-runfa-26 harbor]# vim /etc/docker/daemon.json
{
  "registry-mirrors": ["换成你的地址"]
}
[root@dev-of-runfa-26 harbor]# systemctl daemon-reload
[root@dev-of-runfa-26 harbor]# systemctl restart docker
[root@dev-of-runfa-26 harbor]# ./install.sh
[root@dev-of-runfa-26 harbor]# docker-compose ps
      Name                     Command                       State                     Ports          
------------------------------------------------------------------------------------------------------
harbor-core         /harbor/start.sh                 Up (health: starting)                            
harbor-db           /entrypoint.sh postgres          Up (health: starting)   5432/tcp                 
harbor-jobservice   /harbor/start.sh                 Up                                               
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (health: starting)   127.0.0.1:1514->10514/tcp
harbor-portal       nginx -g daemon off;             Up (health: starting)   80/tcp                   
nginx               nginx -g daemon off;             Up (health: starting)   0.0.0.0:80->80/tcp       
redis               docker-entrypoint.sh redis ...   Up                      6379/tcp                 
registry            /entrypoint.sh /etc/regist ...   Up (health: starting)   5000/tcp                 
registryctl         /harbor/start.sh                 Up (health: starting)

Harbor 仓库使用

登陆 web 页面并创建一个用户和一个项目

14720-2aouz748yx4.png

77562-es8belpejt9.png

52046-fe4lp1yh3o.png

69918-2xhh53s60y3.png

37073-7mbu7ewe6tq.png

53828-siby7t7go1b.png

22528-r26zyekfkh.png

59034-jzqmoqpmqvp.png

客户端给镜像打 tag 并 push 到 Harbor 仓库

找一台有 docker 镜像的服务器做测试,测试前要修改一下配置

[root@dev-of-runfa-20]# echo '{ "insecure-registries": ["http://10.18.193.26"] }' > /etc/docker/daemon.json
[root@dev-of-runfa-20]# systemctl daemon-reload && systemctl restart docker.service
[root@dev-of-runfa-20]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nodejs_8.10         latest              aadd6fe31411        4 hours ago         310MB
[root@dev-of-runfa-20]# docker tag nodejs_8.10:latest 10.18.193.26/cf/nodejs:8.10
[root@dev-of-runfa-20]# docker images
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
10.18.193.26/cf/nodejs   8.10                aadd6fe31411        29 hours ago        310MB
nodejs_8.10              latest              aadd6fe31411        29 hours ago        310MB
[root@dev-of-runfa-20]# docker login --username "用户名" --password "密码" http://10.18.193.26
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@dev-of-runfa-20]# docker push 10.18.193.26/cf/nodejs:8.10 
The push refers to repository [10.18.193.26/cf/nodejs]
eb9b33a6aeef: Pushed 
90ed2d206d22: Pushed 
44a0b86c6454: Pushed 
d69483a6face: Pushed 
8.10: digest: sha256:a01aebcb62caddfc4465819690a599120a40464afe073a56e611d543bcae49fe size: 1165
检查是否有 push 上去

74370-cxewi3q3kb4.png

46735-ecjuagp9f0g.png

测试是否能 pull 到本地
[root@dev-of-runfa-20]# docker rmi 10.18.193.26/cf/nodejs:8.10 
Untagged: 10.18.193.26/cf/nodejs:8.10
Untagged: 10.18.193.26/cf/nodejs@sha256:a01aebcb62caddfc4465819690a599120a40464afe073a56e611d543bcae49fe
[root@dev-of-runfa-20]# docker pull 10.18.193.26/cf/nodejs:8.10
8.10: Pulling from cf/nodejs
Digest: sha256:a01aebcb62caddfc4465819690a599120a40464afe073a56e611d543bcae49fe
Status: Downloaded newer image for 10.18.193.26/cf/nodejs:8.10
[root@dev-of-runfa-20]# docker images
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
10.18.193.26/cf/nodejs   8.10                aadd6fe31411        29 hours ago        310MB

非特殊说明,本博所有文章均为博主原创。

觉得文章不错,打赏一点吧,1分也是爱😀

WeChat Pay

微信打赏

Alipay

支付宝打赏

评论啦~