1.Harbor 概述
Harbor是有VMWare公司开源的容器镜像仓库。事实上,Harbor是在Docker Registry上进行了相应的企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访问控制,AD/LDAP集成以及审计日志等,足以满足基本企业需求。
官方网址
https://vmware.github.io/harbor/cn
| 组件 | 功能 |
|---|---|
| harbor-adminiserver | 配置管理中心 |
| harbor-db | Mysql数据库 |
| harbor-jobservice | 负责镜像复制 |
| harbor-log | 记录操作日志 |
| harbor-ui | web管理页面和API |
| nginx | 前端代理,负责前端页面和镜像上传/下载转发 |
| redis | 会话 |
| registry | 镜像存储 |
2. Harbor 部署
- 在线安装:从Docker Hub下载Harbor相关镜像,因此安装软件包非常小。
- 离线安装:安装包包含部署的相关镜像,因此安装包比较大。
OVA安装程序:当用户具有vCenter环境时,使用此安装程序,在部署OVA后启动Harbor。
离线安装
https://github.com/goharbor/harbor/releases/download/v1.9.4-rc1/harbor-offline-installer-v1.9.4-rc1.tgz
Harbor安装依赖docker-compose
先安装docker-compose
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose安装Harbor
tar zxvf harbor-offline-installer-v1.9.4-rc1.tgz
cd harbor
vi harbor.yml
hostname = 192.168.1.88
harbor_admin_password = 123456
./install.sh3. 基本使用
通过页面登录harbor
http://192.168.1.88
amdin
Harbor12345
可以在页面创建用户,创建项目仓库,赋予用户权限等操作
创建lnmp项目将第三课使用的三个镜像推送到镜像仓库中
推送命令,打标签,上传,下载
docker tag nginx:v1 192.168.1.88/lnmp/nginx:v1
docker push 192.168.1.88/lnmp/nginx:v1
docker pull 192.168.1.88/lnmp/nginx:v1[root@192 harbor]# docker push 192.168.1.88/lnmp/nginx:v1
The push refers to repository [192.168.1.88/lnmp/nginx]
Get https://192.168.1.88/v2/: dial tcp 192.168.1.88:443: connect: connection refused
- 配置http可信任
推送失败的原因是默认使用443,我们目前使用的是80,所以要在docker配置文件中添加可信任地址,如果默认使用的非80端口,需要在地址后跟端口号。
vi /etc/docker/daemon.json
[root@192 harbor]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["http://f1361db2.m.daocloud.io"],
"insecure-registries": ["192.168.1.88"]
}- 重启docker,docker-compose
systemctl restart docker
docker-compose up -d- 查看所有容器均已经正常启动
[root@192 harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------
harbor-core /harbor/harbor_core Up (health: starting)
harbor-db /docker-entrypoint.sh Up (health: starting) 5432/tcp
harbor-jobservice /harbor/harbor_jobservice ... Up (health: starting)
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (healthy) 8080/tcp
nginx nginx -g daemon off; Up (health: starting) 0.0.0.0:80->8080/tcp
redis redis-server /etc/redis.conf Up (health: starting) 6379/tcp
registry /entrypoint.sh /etc/regist ... Up (health: starting) 5000/tcp
registryctl /harbor/start.sh Up (health: starting) - 使用我们创建的用户登录镜像仓库,并上传镜像文件
[root@192 harbor]# docker login 192.168.1.88
Username: yujia
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@192 harbor]# docker push 192.168.1.88/lnmp/nginx:v1
The push refers to repository [192.168.1.88/lnmp/nginx]
b105acf7be9d: Pushed
9e268d190836: Pushed
77b174a6a187: Pushed
v1: digest: sha256:621524f7be59a8d09e0cc1091ec10f74b93c39e763ea5be483e7deb1e7859829 size: 952