使用 harbor 搭建企业内部私有 Docker 镜像仓库
Harbor
介绍
Docker
容器应用的开发和运行离不开可靠的镜像管理,虽然 Docker
官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署私有环境内的 Registry
也是非常必要的。
Harbor
是由 VMware
公司开源的企业级的 Docker Registry
管理项目,它包括权限管理(RBAC)
、LDAP
、日志审核、管理界面、自我注册、镜像复制和中文支持等功能
环境准备
Harbor
的所有服务组件都是在 Docker
中部署的,所以官方安装使用 Docker-compose
快速部署,所以需要安装Docker
、Docker-compose
。
安装 Docker
、Docker-compose
并启动 Docker
[root@dev-of-runfa-26 ~]# curl https://download.docker.com/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo
[root@dev-of-runfa-26 ~]# yum -y install docker-ce.x86_64 python36-devel python36-pip.noarch
[root@dev-of-runfa-26 ~]# systemctl start docker.service
[root@dev-of-runfa-26 ~]# systemctl stop docker.service
[root@dev-of-runfa-26 ~]# mkdir /data
[root@dev-of-runfa-26 ~]# mv /var/lib/docker /data/docker
[root@dev-of-runfa-26 ~]# ln -sf /data/docker /var/lib/docker
[root@dev-of-runfa-26 ~]# systemctl start docker.service
[root@dev-of-runfa-26 ~]# systemctl enable docker.service
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@dev-of-runfa-26 ~]# pip3 install docker-compose
Harbor
服务搭建及启动
下载 Harbor
安装文件
地址:https://github.com/goharbor/harbor/releases
[root@dev-of-runfa-26 ~]# mkdir -p /data/harbor
[root@dev-of-runfa-26 ~]# cd /data/harbor/
[root@dev-of-runfa-26 harbor]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz
[root@dev-of-runfa-26 harbor]# tar xvf harbor-online-installer-v1.8.1.tgz
配置 Harbor
[root@dev-of-runfa-26 harbor]# cd harbor/
[root@dev-of-runfa-26 harbor]# vim harbor.yml
hostname: 10.18.193.26
# 配置仓库地址,可以使用ip、域名,不要使用 127.0.0.1
database:
password: itsupport.0
# 配置 DB root 用户的密码
harbor_admin_password: itsupport.0
# 配置管理员 UI 登录的密码
配置阿里云加速地址,运行安装 Harbor
阿里云加速地址为私有,请自行到阿里云注册账号生成
先登陆阿里云用户,然后点击下方链接,即会跳转到加速地址获取页面
加速地址获取链接:https://cr.console.aliyun.com/cn-hangzhou/instances/mirrors
[root@dev-of-runfa-26 harbor]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["换成你的地址"]
}
[root@dev-of-runfa-26 harbor]# systemctl daemon-reload
[root@dev-of-runfa-26 harbor]# systemctl restart docker
[root@dev-of-runfa-26 harbor]# ./install.sh
[root@dev-of-runfa-26 harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------
harbor-core /harbor/start.sh Up (health: starting)
harbor-db /entrypoint.sh postgres Up (health: starting) 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (health: starting) 127.0.0.1:1514->10514/tcp
harbor-portal nginx -g daemon off; Up (health: starting) 80/tcp
nginx nginx -g daemon off; Up (health: starting) 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up (health: starting) 5000/tcp
registryctl /harbor/start.sh Up (health: starting)
Harbor
仓库使用
登陆 web
页面并创建一个用户和一个项目
客户端给镜像打 tag
并 push
到 Harbor
仓库
找一台有 docker
镜像的服务器做测试,测试前要修改一下配置
[root@dev-of-runfa-20]# echo '{ "insecure-registries": ["http://10.18.193.26"] }' > /etc/docker/daemon.json
[root@dev-of-runfa-20]# systemctl daemon-reload && systemctl restart docker.service
[root@dev-of-runfa-20]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nodejs_8.10 latest aadd6fe31411 4 hours ago 310MB
[root@dev-of-runfa-20]# docker tag nodejs_8.10:latest 10.18.193.26/cf/nodejs:8.10
[root@dev-of-runfa-20]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.18.193.26/cf/nodejs 8.10 aadd6fe31411 29 hours ago 310MB
nodejs_8.10 latest aadd6fe31411 29 hours ago 310MB
[root@dev-of-runfa-20]# docker login --username "用户名" --password "密码" http://10.18.193.26
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@dev-of-runfa-20]# docker push 10.18.193.26/cf/nodejs:8.10
The push refers to repository [10.18.193.26/cf/nodejs]
eb9b33a6aeef: Pushed
90ed2d206d22: Pushed
44a0b86c6454: Pushed
d69483a6face: Pushed
8.10: digest: sha256:a01aebcb62caddfc4465819690a599120a40464afe073a56e611d543bcae49fe size: 1165
检查是否有 push
上去
测试是否能 pull
到本地
[root@dev-of-runfa-20]# docker rmi 10.18.193.26/cf/nodejs:8.10
Untagged: 10.18.193.26/cf/nodejs:8.10
Untagged: 10.18.193.26/cf/nodejs@sha256:a01aebcb62caddfc4465819690a599120a40464afe073a56e611d543bcae49fe
[root@dev-of-runfa-20]# docker pull 10.18.193.26/cf/nodejs:8.10
8.10: Pulling from cf/nodejs
Digest: sha256:a01aebcb62caddfc4465819690a599120a40464afe073a56e611d543bcae49fe
Status: Downloaded newer image for 10.18.193.26/cf/nodejs:8.10
[root@dev-of-runfa-20]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.18.193.26/cf/nodejs 8.10 aadd6fe31411 29 hours ago 310MB
本文链接:
/archives/docker_private
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
Linux 小白鼠!
觉得文章不错,打赏一点吧,1分也是爱~
打赏
微信
支付宝