使用 harbor 搭建企业内部私有 Docker 镜像仓库

Harbor 介绍

Docker 容器应用的开发和运行离不开可靠的镜像管理,虽然 Docker 官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署私有环境内的 Registry 也是非常必要的。Harbor 是由 VMware 公司开源的企业级的 Docker Registry 管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能


环境准备

Harbor 的所有服务组件都是在 Docker 中部署的,所以官方安装使用 Docker-compose 快速部署,所以需要安装Docker、Docker-compose。


安装 Docker、Docker-compose 并启动 Docker

[[email protected] ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o  /etc/yum.repos.d/docker.repo
[[email protected] ~]# yum -y install docker-ce.x86_64 python36-devel python36-pip.noarch
[[email protected] ~]# systemctl start docker.service
[[email protected] ~]# systemctl stop docker.service
[[email protected] ~]# mkdir /data
[[email protected] ~]# mv /var/lib/docker /data/docker
[[email protected] ~]# ln -sf /data/docker /var/lib/docker
[[email protected] ~]# systemctl start docker.service
[[email protected] ~]# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[[email protected] ~]# pip3 install docker-compose

Harbor 服务搭建及启动

下载 Harbor 安装文件

地址:https://github.com/goharbor/harbor/releases

[[email protected] ~]# mkdir -p /data/harbor
[[email protected] ~]# cd /data/harbor/
[[email protected] harbor]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz
[[email protected] harbor]# tar xvf harbor-online-installer-v1.8.1.tgz
配置 Harbor
[[email protected] harbor]# cd harbor/
[[email protected] harbor]# vim harbor.yml
hostname: 10.18.193.26
# 配置仓库地址,可以使用ip、域名,不要使用 127.0.0.1
database:
    password: itsupport.0
# 配置 DB root 用户的密码
harbor_admin_password: itsupport.0
# 配置管理员 UI 登录的密码
配置阿里云加速地址,运行安装 Harbor

阿里云加速地址为私有,请自行到阿里云注册账号生成
先登陆阿里云用户,然后点击下方链接,即会跳转到加速地址获取页面
加速地址获取链接:https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors

[[email protected] harbor]# vim /etc/docker/daemon.json
{
  "registry-mirrors": ["换成你的地址"]
}
[[email protected] harbor]# systemctl daemon-reload
[[email protected] harbor]# systemctl restart docker
[[email protected] harbor]# ./install.sh
[[email protected] harbor]# docker-compose ps
      Name                     Command                       State                     Ports          
------------------------------------------------------------------------------------------------------
harbor-core         /harbor/start.sh                 Up (health: starting)                            
harbor-db           /entrypoint.sh postgres          Up (health: starting)   5432/tcp                 
harbor-jobservice   /harbor/start.sh                 Up                                               
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (health: starting)   127.0.0.1:1514->10514/tcp
harbor-portal       nginx -g daemon off;             Up (health: starting)   80/tcp                   
nginx               nginx -g daemon off;             Up (health: starting)   0.0.0.0:80->80/tcp       
redis               docker-entrypoint.sh redis ...   Up                      6379/tcp                 
registry            /entrypoint.sh /etc/regist ...   Up (health: starting)   5000/tcp                 
registryctl         /harbor/start.sh                 Up (health: starting)

Harbor 仓库使用

登陆 web 页面并创建一个用户和一个项目

14720-2aouz748yx4.png

77562-es8belpejt9.png

52046-fe4lp1yh3o.png

69918-2xhh53s60y3.png

37073-7mbu7ewe6tq.png

53828-siby7t7go1b.png

22528-r26zyekfkh.png

59034-jzqmoqpmqvp.png

客户端给镜像打 tag 并 push 到 Harbor 仓库

找一台有 docker 镜像的服务器做测试,测试前要修改一下配置

[[email protected]]# echo '{ "insecure-registries": ["http://10.18.193.26"] }' > /etc/docker/daemon.json
[[email protected]]# systemctl daemon-reload && systemctl restart docker.service
[[email protected]]# docker images
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nodejs_8.10         latest              aadd6fe31411        4 hours ago         310MB
[[email protected]]# docker tag nodejs_8.10:latest 10.18.193.26/cf/nodejs:8.10
[[email protected]]# docker images
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
10.18.193.26/cf/nodejs   8.10                aadd6fe31411        29 hours ago        310MB
nodejs_8.10              latest              aadd6fe31411        29 hours ago        310MB
[[email protected]]# docker login --username "用户名" --password "密码" http://10.18.193.26
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[[email protected]]# docker push 10.18.193.26/cf/nodejs:8.10 
The push refers to repository [10.18.193.26/cf/nodejs]
eb9b33a6aeef: Pushed 
90ed2d206d22: Pushed 
44a0b86c6454: Pushed 
d69483a6face: Pushed 
8.10: digest: sha256:a01aebcb62caddfc4465819690a599120a40464afe073a56e611d543bcae49fe size: 1165
检查是否有 push 上去

74370-cxewi3q3kb4.png

46735-ecjuagp9f0g.png

测试是否能 pull 到本地
[[email protected]]# docker rmi 10.18.193.26/cf/nodejs:8.10 
Untagged: 10.18.193.26/cf/nodejs:8.10
Untagged: 10.18.193.26/cf/[email protected]:a01aebcb62caddfc4465819690a599120a40464afe073a56e611d543bcae49fe
[[email protected]]# docker pull 10.18.193.26/cf/nodejs:8.10
8.10: Pulling from cf/nodejs
Digest: sha256:a01aebcb62caddfc4465819690a599120a40464afe073a56e611d543bcae49fe
Status: Downloaded newer image for 10.18.193.26/cf/nodejs:8.10
[[email protected]]# docker images
REPOSITORY               TAG                 IMAGE ID            CREATED             SIZE
10.18.193.26/cf/nodejs   8.10                aadd6fe31411        29 hours ago        310MB

dockerlinuxharbor仓库私有仓库

我来吐槽

*

*