1. Introduction to Harbor

Although Docker officially provides a public mirror repository, it is also very necessary to deploy the Registry in our private environment in terms of security and efficiency.

Harbor is an enterprise-level Docker Registry management project open sourced by VMware. Compared with docker official, it has more rights and complete architecture design. It is suitable for large-scale docker cluster deployment to provide warehouse services.

It mainly provides the Dcoker Registry management interface UI, which can be based on role-based access control, mirror replication, AD/LDAP integration, log audit and other functions, and fully supports Chinese.
Insert picture description here

2. Main functions of Harbor

Role-based access control
Users and Docker mirror repositories are organized and managed through "projects". A user can have different permissions for multiple mirror repositories in the same namespace (project).

Mirror-based replication strategy The
mirror can be replicated in multiple Registry instances (the mirror in the warehouse can be synchronized to the remote Harbor, similar to the MySQL master-slave synchronization function), especially suitable for load balancing, high availability, hybrid cloud and multi-cloud Scenes.

Graphical user interface
Users can browse through the browser, retrieve the current Docker mirror warehouse, manage projects and namespaces.

Support AD/LDAP
Harbor can integrate the existing AD/LDAP in the enterprise for authentication management.

Mirror deletion and garbage collection
Harbor supports deleting mirrors on the Web, reclaiming useless mirrors, and freeing up disk space. The image can be deleted and the space occupied by the image can be recovered.

Audit management
All operations on the mirror warehouse can be recorded and traced for audit management.

RESTful API
RESTful API provides administrators with more control over Harbor, making it easier to integrate with other management software.

Simple deployment
Provides online and offline installation tools, and can also be installed on the vSphere platform (OVA mode) virtual device.

All components of Harbor are deployed in Docker, so Harbor can be quickly deployed using Docker Compose.
Note: Since Harbor is based on Docker Registry V2, the docker version must be >= 1.10.0 docker-compose >= 1.6.0

Three, Harbor architecture components

Architecture component diagram:
Insert picture description here

1. Proxy: reverse proxy tool

2. Registry: Responsible for storing docker images and processing upload/download commands. For user access control, it points to a token service, forcing users to carry a legal token every docker pull/push request, and the registry will decrypt and verify the token with the public key.

3. Core service: The core function of Harbor:

UI: Graphical interface
Webhook: Get the status changes of the image on the registry in time, configure the webhook on the registry, and pass the status changes to the UI module.
Token service: complex to issue tokens to each docker push/p/ull command based on user permissions. If the Docker client initiates a request to the registry service, if it does not contain a token, it will be redirected here. After the token is obtained, the request will be made to the registry again.

4. Database: Provide database services, store user permissions, audit logs, docker image grouping information and other data

5. Log collector: In order to help monitor the operation of the harbor, it is responsible for collecting logs of other components for future analysis

Fourth, Harbor deployment

4.1. Environmental preparation

Two virtual machines:

harbor (harbor server, used to build a private warehouse)
192.168.100.3 docker-ce, docker-compose (must be installed), Harbor

client (client, used for remote access to private warehouse) 192.168.100.4 docker-ce

4.2. Install compose and harbor

1. Download the software

cd /opt/dockersoft/

tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local

2. Configure Harbor parameter file and start

vim /usr/local/harbor/harbor.cfg
[root@pc-3 dockersoft]# tar zxvf harbor-offline-installer-v1.2.2.tgz -C /usr/local
Insert picture description here

[root@pc-3 harbor]# systemctl start docker

Cd    /usr/local/harbor

After changing the parameters, you need to modify this command, and you don’t need to run this script to modify the optional parameters.

[root@pc-3 harbor]# sh install.sh

[Step 0]: checking installation environment ...

Note: docker version: 19.03.13

Note: docker-compose version: 1.21.1

[Step 1]: loading Harbor images ...
dd60b611baaa: Loading layer  133.2MB/133.2MB
........................................................
Creating nginx              ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://192.168.100.3.
For more details, please visit https://github.com/vmware/harbor .

[root@pc-3 harbor]#