Private Enterprise Storage Mirroring Harbor
One: Introduction
- Harbor , is an English word meaning harbor, the harbor is doing, that is parked cargo, and cargo it is packed in containers, the containers when it comes, you have to mention Docker containers, because docker technology container It draws on the principles of containers. So, Harbor precisely for storing Docker image of enterprise-class Registry service.
- Registry is the Do cker official of a private warehouse mirror, the mirror can play local label mark then push to to Registry from private container warehouse. Enterprises according to their own needs, using Dokcerfile generates its own image, and pushed into the private warehouse, which can greatly improve the efficiency of pull mirroring.
Two: Harbor core components explain
- Proxy : He is a nginx front-end proxy, the proxy Harbor 's registry, UI, token services.
- db : is responsible for storing user permissions, audit logs, Dockerimage group information and other data.
- The UI : provides a graphical interface to help users manage registry mirroring on , and user authorization.
- jobsevice : jobsevice is responsible for mirror copy of the work, he and registry communication, from a registry pull mirror then push to another registry , and records job_log .
- AdminServer : configuration management center system checks the memory usage comes, ui and jobserver start time back to the need to load adminserver configuration.
- Registry : Mirror warehouse, is responsible for storing image files.
- The Log : To help monitor Harbor operation, is responsible for collecting the other components of the log , for later analysis.
III: Comparison of the Harbor and Registry
Harbor and Registry are Docker mirrored warehouse, but Harbor as more companies choose, because compared to Regisrty , it has many advantages.
1. provides hierarchical transmission mechanism, optimize network transmission
Docker Mirroring is hierarchical, and if the full amount of each transfer uses file ( so use FTP 's approach does not fit ) , obviously uneconomical. Identifying hierarchical transmission mechanism must be provided to layer UUID to identify, determine the object transfer.
2. provide WEB interface to optimize the user experience
with only the name of the mirror to upload and download obviously inconvenient, you need to have a user interface can support landing, search functions, including the distinction between public, private image.
3. The level of support extended cluster
when users upload and download operations to focus on a mirrored server, you need access to the appropriate pressure for decomposition.
4. Good security
in the enterprise development team has a lot of different positions, different positions for personnel assigned different permissions, have better security.
5.Harbor provides role-based access control mechanism, and to organize and control access to the project through the mirror.kubernetes by namespace to isolate resources, enterprise application scenarios, can be effectively carried out by the two combined kubernetes mirror resource use management and access control, enhanced safety mirror used. Especially in multi-tenant scenario, by the tenant, namespace to implement management and access control for multi-tenant mode and mirror resource projects combination.
First, the offline download Harbor installation package
Harbor official download: https://github.com/goharbor/harbor
Go to our homepage, here's Harbor Introduction
Download
Download our part we download hardware deployment requirements:
Select Release , find the version history
Online foreign source is generally there may be problems, it is recommended
Usually the offline download installation package: hatbor-offine-Installer-v1.81.tgz
Download our good upload root directory
[root@harbor-mysql ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg template download Desktop Pictures
harbor-offline-installer-v1.8.1.tgz public documents music video
Second, install Docker
这里是Centos7安装方式,ce版本是最新的社区版
安装依赖包
$ sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
添加Docker软件包源
$ sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
安装Docker-ce
$ sudo yum install docker-ce
启动Docker
默认是国外的源,下载会很慢,建议配置国内镜像仓库
建议使用daocloud的加速器
该脚本可以将 --registry-mirror 加入到你的 Docker 配置文件 /etc/docker/daemon.json 中
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
启动Docker
$ sudo systemctl start docker
三、下载安装docker-compose
Docker-compose文档地址https://docs.docker.com/compose/install/
[root@harbor-mysql ~]# curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
[root@harbor-mysql ~]# chmod +x /usr/local/bin/docker-compose
[root@harbor-mysql ~]# docker-compose --version
docker-compose version 1.24.1, build 4667896b
四、部署Harbor服务
[root@harbor-mysql ~]# tar xf harbor-offline-installer-v1.8.1.tgz -C /usr/local
[root@harbor-mysql ~]# cd /usr/local/harbor/
[root@harbor-mysql harbor]# ls
harbor.v1.8.1.tar.gz harbor.yml install.sh LICENSE prepare
[root@harbor-mysql harbor]# vim harbor.yml
修改配置文件yml,修改安装的ip地址
Hostname : 192.168.30.24
启动并安装Harbor
配置完成后就可以启动Harbor了
查看Harbor 启动镜像
如果一切正常,应该可以打开浏览器访问:http://192.168.30.24的管理页面,管理用户名是admin 密码为Harbor12345
创建项目名称