12: docker企业级镜像仓库harbor

docker企业级镜像仓库harbor

为什么有了官方的Docker Registry仓库，我们还用使用harbor呢？
Habor是由VMWare公司开源的容器镜像仓库。
事实上，Habor是在Docker Registry上进行了相应的企业级扩展，从而获得了更加广泛的应用，
这些新的企业级特性包括：管理用户界面，基于角色的访问控制 ，AD/LDAP集成以及审计日志等。

#github官网地址harbor
https://github.com/goharbor/harbor

第一步：安装docker和docker-compose （提前安装，前面我们已经安装好了）
#建议在一台新机器上面单独部署harbor。不要混用。

第二步：下载ttps://github.com/goharbor/harbor/releases?after=v1.5.2（下载离线安装包）
#我们这里下载1.5.1版本。你也可以用其它版本

第三步：上传到/tools,并解压
[root@k8s129 tools]# tar xf harbor-offline-installer-v1.5.1.tgz
#把所有容器删除了。恢复到干净的状态。
[root@k8s129 tools]#docker rm `docker ps -a -q` -f

第四步：修改harbor.cfg配置文件
[root@k8s129 tools]# cd harbor/
[root@k8s129 harbor]# ls
common docker-compose.yml harbor.v1.5.1.tar.gz NOTICE
docker-compose.clair.yml ha install.sh prepare
docker-compose.notary.yml harbor.cfg LICENSE
[root@k8s129 harbor]# vim harbor.cfg #修改如下两行
#hostname = 192.168.6.129 #指定url地址，或者是域名，
hostname = 192.168.6.129:80 #指定url:80地址，或者是域名，docker-compose启动必须要这样修改。
harbor_admin_password = 123456 #指定admin账户密码

第五步：执行install.sh
[root@k8s129 harbor]# ls
common docker-compose.yml harbor.v1.5.1.tar.gz NOTICE
docker-compose.clair.yml ha install.sh prepare
docker-compose.notary.yml harbor.cfg LICENSE
[root@k8s129 harbor]# ./install.sh #安装比较慢，耐心等待
...
Creating harbor-adminserver ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://192.168.6.129.
For more details, please visit https://github.com/vmware/harbor .

[root@k8s129 harbor]# docker ps #可以看到容器已经全部起来了
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
51f652e979ba vmware/nginx-photon:v1.5.1 "nginx -g 'daemon of…" 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
b651bc6298fd vmware/harbor-jobservice:v1.5.1 "/harbor/start.sh" 2 minutes ago Up 2 minutes harbor-jobservice
4d708c5c8913 vmware/harbor-ui:v1.5.1 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-ui
02d45721726a vmware/harbor-adminserver:v1.5.1 "/harbor/start.sh" 2 minutes ago Up 2 minutes (healthy) harbor-adminserver
9f6abecb0684 vmware/redis-photon:v1.5.1 "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 6379/tcp redis
23acd3f10aa1 vmware/registry-photon:v2.6.2-v1.5.1 "/entrypoint.sh serv…" 2 minutes ago Up 2 minutes (healthy) 5000/tcp registry
1b49906a1573 vmware/harbor-db:v1.5.1 "/usr/local/bin/dock…" 2 minutes ago Up 2 minutes (healthy) 3306/tcp harbor-db
583a24ee0069 vmware/harbor-log:v1.5.1 "/bin/sh -c /usr/loc…" 2 minutes ago Up 2 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
[root@k8s129 harbor]#

第六步：验证
[root@k8s129 ~]# docker stop `docker ps -a -q` #先把容器都停掉
[root@k8s129 ~]# docker start `docker ps -a -q` #再把容器都起来
或者：使用此方法起harbor容器（注意一定要在harbor的目录里面执行，里面有conpose.yml文件）
#个人比较喜欢这种方式启停harbor
[root@k8s129 harbor]# docker-compose up -d #启动harbor容器
[root@k8s129 harbor]# docker-compose stop # 停止harbor容器

======

[root@k8s129 harbor]# docker ps #容器已经起来了
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
51f652e979ba vmware/nginx-photon:v1.5.1 "nginx -g 'daemon of…" 38 minutes ago Up 54 seconds (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
b651bc6298fd vmware/harbor-jobservice:v1.5.1 "/harbor/start.sh" 38 minutes ago Up 54 seconds harbor-jobservice
4d708c5c8913 vmware/harbor-ui:v1.5.1 "/harbor/start.sh" 38 minutes ago Up 57 seconds (healthy) harbor-ui
02d45721726a vmware/harbor-adminserver:v1.5.1 "/harbor/start.sh" 39 minutes ago Up About a minute (healthy) harbor-adminserver
9f6abecb0684 vmware/redis-photon:v1.5.1 "docker-entrypoint.s…" 39 minutes ago Up 59 seconds 6379/tcp redis
23acd3f10aa1 vmware/registry-photon:v2.6.2-v1.5.1 "/entrypoint.sh serv…" 39 minutes ago Up 59 seconds (healthy) 5000/tcp registry
1b49906a1573 vmware/harbor-db:v1.5.1 "/usr/local/bin/dock…" 39 minutes ago Up 59 seconds (healthy) 3306/tcp harbor-db
583a24ee0069 vmware/harbor-log:v1.5.1 "/bin/sh -c /usr/loc…" 39 minutes ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log

#访问harbor 网址
url: https://192.168.6.129 （监听的是80端口）
账户：admin
密码：123456

 

 

 

 

第七步： 修改docker配置文件，信任https(在130机器上面也修改)
harbo 配置https 证书，百度搜索，网上很多。就不需要去修改配置文件了
修改配置：
[root@k8s129 tools]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://aeckruos.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.6.129"],
"hosts": ["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"],
"cluster-store": "consul://192.168.6.129:8500",
"cluster-advertise": "192.168.6.129:2376",
"live-restore": true
}
简化一下，网络占时用不到：配置简化成如下：
{
"registry-mirrors": ["https://aeckruos.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.6.129"],
"hosts": ["tcp://0.0.0.0:2376","unix:///var/run/docker.sock"]
}
改完配置后，重启docker

第八步：测试镜像 上传 、 下载
#我们在另外一台130机器，上面测试（记得修改配置，信任https）
docker 镜像只能上传到项目名称下面：

上传镜像：
1： 打tag
[root@k8s130 ~]# docker tag busybox:latest 192.168.6.129/library/busybox:latest
/library -- harbor上的项目名称
/busybox:latest -- 镜像名称

2: docker images 看一下镜像是否打好tag
[root@k8s130 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.6.129/library/busybox latest 020584afccce 12 days ago 1.22MB
busybox latest 020584afccce 12 days ago 1.22MB
[root@k8s130 ~]#

3：#上传镜像
[root@k8s130 ~]# docker push 192.168.6.129/library/busybox #会报错，没有权限
The push refers to repository [192.168.6.129/library/busybox]
Get https://192.168.6.129/v2/: dial tcp 192.168.6.129:443: connect: connection refused

#登录仓库harbor #登录 admin 123456
[root@k8s130 ~]# docker login 192.168.6.129
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded

#上传镜像到harbor
[root@k8s130 ~]# docker push 192.168.6.129/library/busybox
The push refers to repository [192.168.6.129/library/busybox
1da8e4c8d307: Pushed
latest: digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1 size: 527

 

 

5:拉取镜像

 

[root@k8s130 ~]# docker pull 192.168.6.129/library/busybox:latest
latest: Pulling from library/busybox
Digest: sha256:679b1c1058c1f2dc59a3ee70eed986a88811c0205c8ceea57cec5f22d2c3fbb1
Status: Image is up to date for 192.168.6.129/library/busybox:latest
192.168.6.129/library/busybox:latest
[root@k8s130 ~]#

注意：

生产中，我们应该尽量把项目设置成私有，不要公开。