Foreword:
There may be a test environment, and there are more than N images in the test environment, which need to be imported in batches into the Harbor private warehouse built by oneself, which generally involves batch operations, so it is more convenient to use scripts.
This article will introduce how to push a local image of a server to a private Harbor warehouse with a security certificate.
one,
###In this example, the address of the private Harbor warehouse is https://192.168.123.14, and the deployment document is: Harbor warehouse construction and simple use (revised version)_harbor database_evening wind_END's blog-CSDN blog
Get the full name of the local image
We all know that when an image is pushed to a warehouse, it is necessary to provide the image name: version number. If it is pushed to a private warehouse, the name of the private warehouse needs to be added before the name.
For example:
192.168.123.14/library/registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner:v3.1.0-k8s1.11
Such a mirror image is divided into three parts
192.168.123.14/library/ is the first part, indicating the default project library of the private Harbor warehouse
registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner is the second part, which indicates the image name
v3.1.0-k8s1.11 is the third part, which represents the version number of the image
For example, to query all mirror commands under a certain server:
[root@centos4 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
csiplugin/snapshot-controller v4.0.0 f1d8a00ae690 2 years ago 46.6MB
asciinema/asciicast2gif latest e7ea78133adb 4 years ago 408MB
vmware/redis-photon v1.5.0 7c03076402d9 5 years ago 207MB
vmware/clair-photon v2.0.1-v1.5.0 7ae4e0670a3f 5 years ago 301MB
vmware/notary-server-photon v0.5.1-v1.5.0 0b2b23300552 5 years ago 211MB
vmware/notary-signer-photon v0.5.1-v1.5.0 67c41b4a1283 5 years ago 209MB
vmware/registry-photon v2.6.2-v1.5.0 3059f44f4b9a 5 years ago 198MB
vmware/nginx-photon v1.5.0 e100456182fc 5 years ago 135MB
vmware/harbor-log v1.5.0 62bb6b8350d9 5 years ago 200MB
vmware/harbor-jobservice v1.5.0 aca9fd2e867f 5 years ago 194MB
vmware/harbor-ui v1.5.0 1055166068d0 5 years ago 212MB
vmware/harbor-adminserver v1.5.0 019bc4544829 5 years ago 183MB
vmware/harbor-db v1.5.0 82354dcf564f 5 years ago 526MB
vmware/mariadb-photon v1.5.0 403e7e656499 5 years ago 526MB
vmware/postgresql-photon v1.5.0 35c891dea9cf 5 years ago 221MB
vmware/harbor-migrator v1.5.0 466c57ab0dc3 5 years ago 1.16GB
vmware/photon 1.0 4b481ecbef2a 5 years ago 130MB
First, you need to extract the first and second lines and save them in a text file in the form of image name:image version number, then the script should be as follows:
#!/bin/bash
docker images|while read i t _;do
[[ "${t}" == "TAG" ]] && continue
echo $i:$t
done
Import into the specified file by redirecting the command:
bash 脚本名 > images-list-new.txttwo,
push script
According to the image information generated in the above steps, modify all image tags and push to the private Harbor warehouse.
#!/bin/bash
for i in `cat images-list-v3.0.0.txt`;
do
docker tag $i 192.168.123.14/library/$i
docker push 192.168.123.14/library/$i
done
three,
Certificate handling for push servers
https is more troublesome. You need to copy the certificate on the server where Harbor is located. The IP of the push server is 192.168.123.11
According to the previous Harbor deployment document, copy the relevant certificates from 14 to 11 servers, and execute on 14 servers:
scp -r /etc/docker/certs.d 192.168.123.11:/etc/docker/After the script is executed, the output is as follows;
root@centos1 ~]# bash push.sh
v0.22.0: Pulling from library/flannel/flannel
Digest: sha256:79b736171912bca65ab67befdeb9de53da652130f8d9da748343c73bedcddfbd
Status: Image is up to date for 192.168.123.14/library/flannel/flannel:v0.22.0
192.168.123.14/library/flannel/flannel:v0.22.0
v3.3.2: Pulling from library/kubesphere/ks-installer
Digest: sha256:c4d309f7c71068a7b6cda3437e4db868765d9f843ea72d9411a8c6c791a600f6
Status: Image is up to date for 192.168.123.14/library/kubesphere/ks-installer:v3.3.2
You can see related logs on the Harbor web interface, indicating that the push is successful:
Four,
Batch creation project script for private warehouse:
####Note: The original script is suitable for Harbor2.0 version, and my current Harbor version is 1.5.0, so I made appropriate modifications
#### ${url}/api/v2.0/projects Deleted v2.0 here
#### \"public\": true changed to \"metadata\": {\"public\": \"true\"}, \"storage_limit\": -1
[root@centos1 ~]# cat create_project.sh
#!/usr/bin/env bash
# Copyright 2018 The KubeSphere Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
url="https://192.168.123.14"##私有仓库的地址
user="admin"
passwd="mima"###密码就不告诉你,其实就是登录Harbor的密码。请牢记
harbor_projects=(library
kubesphere
calico
coredns
openebs
csiplugin
minio
mirrorgooglecontainers
osixia
prom
thanosio
jimmidyson
grafana
elastic
istio
jaegertracing
jenkins
weaveworks
openpitrix
joosthofman
nginxdemos
fluent
kubeedge
)
for project in "${harbor_projects[@]}"; do
echo "creating $project"
curl -k -u "${user}:${passwd}" -X POST -H "Content-Type: application/json" "${url}/api/projects" -d "{ \"project_name\":\"${project}\", \"metadata\": {\"public\": \"true\"}, \"storage_limit\": -1}"
done
In Harbor's web interface, you can see that the specified project has indeed been created:
