搭建harbor私有镜像仓库

安装docker harbor

wget -c https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-offline-installer-v2.3.5.tgz
1

我的百度网盘

链接：https://pan.baidu.com/s/1eYsu5teqslfXE_SgCs_PeQ 
提取码：mq57
1
2

解压harbor包

root@debian:~/docker# ls
harbor-offline-installer-v2.3.3.tgz
root@debian:~/docker# tar -zxf harbor-offline-installer-v2.3.3.tgz -C /usr/local/
1
2
3

修改harbor配置文件

root@debian:/usr/local# cd harbor/
root@debian:/usr/local/harbor# ls
common.sh  harbor.v2.3.3.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
root@debian:/usr/local/harbor# cp harbor.yml.tmpl harbor.yml
1
2
3
4

配置本地解析

vim /etc/hosts

127.0.0.1       localhost
196.196.196.11  debian

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
196.196.196.11 harbor.example.com
1
2
3
4
5
6
7
8

修改harbor.yml配置文件

我是用的这个 visual这个工具修改的

vim /usr/local/harbor/harbor.yml

第一处

hostname: harbor.example.com  196.196.196.11   #主机名修改为域名（也可以是ip）
1

第二处

#注释掉以下没注释的
# https related config
# https:
  # https port for harbor, default is 443     #因为未做https，所以将https全部注释
  # port: 443
  # The path of cert and key files for nginx
  # certificate: /your/certificate/path
  # private_key: /your/private/key/path
1
2
3
4
5
6
7
8

密码

harbor_admin_password: Harbor12345              #web界面登录密码
1

启动脚本

//执行脚本
[root@harbor harbor]# ./install.sh 
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis         ... done
Creating harbor-portal ... done
Creating registry      ... done
Creating harbor-db     ... done
Creating registryctl   ... done
Creating harbor-core   ... done
Creating nginx             ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----		//安装成功
1
2
3
4
5
6
7
8
9
10
11
12
13
14

启动报错

显示端口被占用，去查看端口或者改端口

启动成功

查看镜像

root@debian:/usr/local/harbor# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE
goharbor/harbor-exporter        v2.3.3    a75350aa1e3d   8 months ago   81.1MB
goharbor/chartmuseum-photon     v2.3.3    24b85ee1f3ff   8 months ago   179MB
goharbor/redis-photon           v2.3.3    5b8e952b8f45   8 months ago   165MB
goharbor/trivy-adapter-photon   v2.3.3    271525f11619   8 months ago   130MB
goharbor/notary-server-photon   v2.3.3    bea6e3465892   8 months ago   110MB
goharbor/notary-signer-photon   v2.3.3    c5116fef5e4c   8 months ago   108MB
goharbor/harbor-registryctl     v2.3.3    ffea0a2c3674   8 months ago   133MB
goharbor/registry-photon        v2.3.3    08b0e6fe666e   8 months ago   81.9MB
goharbor/nginx-photon           v2.3.3    43487013ae1e   8 months ago   45MB
goharbor/harbor-log             v2.3.3    77b2d1cb3ab2   8 months ago   168MB
goharbor/harbor-jobservice      v2.3.3    cb3b2c9d8f57   8 months ago   211MB
goharbor/harbor-core            v2.3.3    f065d61635a8   8 months ago   193MB
goharbor/harbor-portal          v2.3.3    eeb24c004c47   8 months ago   58.2MB
goharbor/harbor-db              v2.3.3    7f32a2a21263   8 months ago   237MB
goharbor/prepare                v2.3.3    9f7ce0f16ecc   8 months ago   262MB

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

查看运行的 容器

root@debian:/usr/local/harbor# docker ps
CONTAINER ID   IMAGE                                COMMAND                  CREATED             STATUS                       PORTS                                   NAMES
34143c398fff   goharbor/nginx-photon:v2.3.3         "nginx -g 'daemon of…"   About an hour ago   Up About an hour (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
41c5b9d90528   goharbor/harbor-jobservice:v2.3.3    "/harbor/entrypoint.…"   About an hour ago   Up About an hour (healthy)                                           harbor-jobservice
190899f26070   goharbor/harbor-core:v2.3.3          "/harbor/entrypoint.…"   About an hour ago   Up About an hour (healthy)                                           harbor-core
0be822fafc7b   goharbor/harbor-registryctl:v2.3.3   "/home/harbor/start.…"   About an hour ago   Up About an hour (healthy)                                           registryctl
f205740cd5f3   goharbor/harbor-portal:v2.3.3        "nginx -g 'daemon of…"   About an hour ago   Up About an hour (healthy)                                           harbor-portal
f2e42ca499c2   goharbor/registry-photon:v2.3.3      "/home/harbor/entryp…"   About an hour ago   Up About an hour (healthy)                                           registry
9559788d6d05   goharbor/redis-photon:v2.3.3         "redis-server /etc/r…"   About an hour ago   Up About an hour (healthy)                                           redis
17ed48abfc39   goharbor/harbor-db:v2.3.3            "/docker-entrypoint.…"   About an hour ago   Up About an hour (healthy)                                           harbor-db
4c206b580e82   goharbor/harbor-log:v2.3.3           "/bin/sh -c /usr/loc…"   About an hour ago   Up About an hour (healthy)   127.0.0.1:1514->10514/tcp               harbor-log

1
2
3
4
5
6
7
8
9
10
11
12

查看端口占用

root@debian:/usr/local/harbor# ss -antl
State      Recv-Q     Send-Q              Local Address:Port         Peer Address:Port    
LISTEN     0          128                     127.0.0.1:6011              0.0.0.0:*       
LISTEN     0          128                     127.0.0.1:1514              0.0.0.0:*       
LISTEN     0          128                       0.0.0.0:80                0.0.0.0:*       
LISTEN     0          128                       0.0.0.0:22                0.0.0.0:*       
LISTEN     0          5                       127.0.0.1:631               0.0.0.0:*       
LISTEN     0          128                         [::1]:6011                 [::]:*       
LISTEN     0          50             [::ffff:127.0.0.1]:9600                    *:*       
LISTEN     0          128                          [::]:80                   [::]:*       
LISTEN     0          128                             *:9200                    *:*       
LISTEN     0          128                             *:9300                    *:*       
LISTEN     0          128                          [::]:22                   [::]:*       
LISTEN     0          5                           [::1]:631                  [::]:*  
1
2
3
4
5
6
7
8
9
10
11
12
13
14

使用IP登录管理Harbor

账户：admin
密码：Harbor12345
1
2

登陆之后页面

配置https方式访问

[root@kub-k8s-master ~]# mkdir -pv /data/cert/
[root@kub-k8s-master ~]# openssl genrsa -out /data/cert/server.key 2048
Generating RSA private key, 2048 bit long modulus
............................................+++
............+++
e is 65537 (0x10001)
[root@kub-k8s-master ~]# openssl req -x509 -new -nodes -key /data/cert/server.key -subj "/CN=192.168.246.166" -days 3650 -out /data/cert/server.crt
[root@kub-k8s-master ~]# ll -a /data/cert
[root@kub-k8s-master ~]# cd harbor
[root@kub-k8s-master harbor]# vim harbor.yml   #编辑如下
1
2
3
4
5
6
7
8
9
10

重启

重启
[root@kub-k8s-master harbor]# ./prepare 
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

如果出错，重启Docker服务，再次执行./prepare 
[root@kub-k8s-master harbor]# docker-compose down
Stopping nginx             ... done
Stopping harbor-portal     ... done
Stopping harbor-jobservice ... done
Stopping harbor-core       ... done
Stopping harbor-db         ... done
Stopping redis             ... done
Stopping registryctl       ... done
Stopping registry          ... done
Stopping harbor-log        ... done
Removing nginx             ... done
Removing harbor-portal     ... done
Removing harbor-jobservice ... done
Removing harbor-core       ... done
Removing harbor-db         ... done
Removing redis             ... done
Removing registryctl       ... done
Removing registry          ... done
Removing harbor-log        ... done
Removing network harbor_harbor
[root@kub-k8s-master harbor]# docker-compose up -d  #放后台
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

查看

访问测试

配置push镜像配置

[root@harbor harbor]# vim /etc/docker/daemon.json
[root@harbor harbor]# cat /etc/docker/daemon.json
{
        "dns": ["8.8.8.8","8.8.4.4"],
        "insecure-registries": [""https://harbor.example.com","https://196.196.196.11""]
}
1
2
3
4
5
6

重启服务 systemctl restart docker 重启服务以后需要再跑一遍脚本，80端口才会启动

登录harbor仓库

[root@harbor harbor]# docker login 196.196.196.11


我这里报错了，遇到下面报错
1
2
3
4

解决账号登陆报错

默认时，client 与 Registry 的交互是通过 https 通信的。在 install Registry 时，若未配置任何tls 相关的 key 和 crt 文件，https 访问必然失败。使用 "–insecure-registry "可以指定 client 与 Registry 以 http 的方式进行通信。
修改 /lib/systemd/system/docker.service 文件里的 ExecStart= 行：
vim /lib/systemd/system/docker.service
添加这个
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=196.196.196.11

1
2
3
4
5
6

重载、重启 docker 服务，验证配置是否生效

python@job:/lib/systemd/system$ systemctl daemon-reload
python@job:/lib/systemd/system$ systemctl restart docker
python@job:/lib/systemd/system$ docker info
————————————————

1
2
3
4
5

可以看到

Insecure Registries:
 196.196.196.11
 127.0.0.0/8
1
2
3

登陆成功

root@debian:/usr/local/harbor# docker login 196.196.196.11
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
1
2
3
4
5
6
7
8

创建harbor账号

账号：aike
密码：Aike@52100
1
2

项目授权

再次登录harbor仓库

推送前创建一个项目

重新打包镜像并推送

docker pull daocloud.io/library/nginx

root@debian:/usr/local/harbor# docker images | grep nginx
goharbor/nginx-photon           v2.3.3    43487013ae1e   8 months ago    45MB
nginx/ceshi                     v2.3.3    43487013ae1e   8 months ago    45MB
daocloud.io/library/nginx       latest    298ec0e28760   15 months ago   133MB

root@debian:/usr/local/harbor# docker tag daocloud.io/library/nginx:latest 196.196.196.11/bimuyu/nginx

1
2
3
4
5
6
7
8
9

推送镜像

The push refers to repository [196.196.196.11/bimuyu/nginx]
d9eb91d66e2a: Pushed 
ae1f545e4c08: Pushed 
c20672db3628: Pushed 
4cbb728cd302: Pushed 
9eb82f04c782: Pushed 
latest: digest: sha256:1a53eb723d17523512bd25c27299046cfa034cce309f4ed330c943a304513f59 size: 1362
1
2
3
4
5
6
7

效果

inx

[外链图片转存中...(img-3Tf9U9Ee-1659600781403)]

### 推送镜像

```shell
The push refers to repository [196.196.196.11/bimuyu/nginx]
d9eb91d66e2a: Pushed 
ae1f545e4c08: Pushed 
c20672db3628: Pushed 
4cbb728cd302: Pushed 
9eb82f04c782: Pushed 
latest: digest: sha256:1a53eb723d17523512bd25c27299046cfa034cce309f4ed330c943a304513f59 size: 1362
1
2
3
4
5
6
7
8
9
10
11
12
13

[外链图片转存中…(img-h9UAdwQo-1659600781403)]

效果