-
企业级镜像仓库Harbor的安装与配置
企业级镜像仓库Harbor的安装与配置
Harbor
Harbor概述
Harbor是一个开源的容器镜像仓库管理系统,具有丰富的安全和管理功能。它可以在企业环境中搭建私有仓库,并提供可信度、多租户支持、定制性等特点。
官网:
https://goharbor.io/GitHub:
https://github.com/goharbor/harborHarbor旨在提供企业级的镜像管理解决方案,具有以下特点和功能:
安全性:
Harbor提供了一套丰富的安全性功能,包括用户身份验证和授权、镜像签名验证、访问控制、漏洞扫描等。这可以帮助你保护你的镜像免受恶意攻击和漏洞利用。
可信度:
Harbor支持对镜像进行数字签名和验证,确保其完整性和来源可信。你可以使用自定义或第三方证书来签名和验证镜像的真实性。
多租户支持:
Harbor支持多个项目和多个仓库,可以根据不同的组织、团队或项目来进行分组和管理。每个项目都可以有自己的用户权限和访问控制策略。
可定制性:
Harbor提供了灵活的配置选项和扩展机制,可以根据你的需求进行自定义设置。你可以调整存储、网络和认证等配置,以适应不同的环境和需求。
高性能:
Harbor使用了缓存和复制策略来提高镜像的访问速度和可用性。它支持多个镜像存储后端,包括本地存储、S3存储等。
用户友好的界面:
Harbor提供了直观且易于使用的Web界面,可以方便地管理镜像、项目、用户和访问权限等。
安装Harbor
下载Harbor的二进制文件进行安装,Harbor安装与配置参考:
https://goharbor.io/docs/2.9.0/install-config/下载离线安装包
wget https://github.com/goharbor/harbor/releases/download/v2.7.3/harbor-offline-installer-v2.7.3.tgz- 1
解压安装包
tar -zxvf harbor-offline-installer-v2.7.3.tgz- 1
[root@master harbor]# ls common.sh harbor.v2.7.3.tar.gz harbor.yml.tmpl install.sh LICENSE prepare- 1
- 2
进入Harbor目录
cd harbor- 1
配置 Harbor
cp harbor.yml.tmpl harbor.yml- 1
vim harbor.yml# 当前节点主机名或IP hostname: 112.74.96.150 # http端口配置 http: port: 8080 # 这里不使用https,注释该配置 #https: # https port for harbor, default is 443 # port: 443 # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path # Harbor UI的初始密码 harbor_admin_password: Harbor12345 # The default data volume data_volume: /usr/local/program/harbor/data- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
运行安装程序脚本
当配置harbor.yml完成后,可以使用install.sh脚本安装并启动 Harbor
./install.sh- 1
安装成功,将输出如下日志:
[Step 5]: starting Harbor ... [+] Running 10/10 ✔ Network harbor_harbor Created 0.1s ✔ Container harbor-log Started 0.1s ✔ Container registryctl Started 0.2s ✔ Container harbor-db Started 0.1s ✔ Container redis Started 0.1s ✔ Container registry Started 0.1s ✔ Container harbor-portal Started 0.2s ✔ Container harbor-core Started 0.1s ✔ Container harbor-jobservice Started 0.1s ✔ Container nginx Started 0.1s ✔ ----Harbor has been installed and started successfully.----- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
查看docker镜像,将出现与hardor相关的的镜像列表
[root@master harbor]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 62343618f630 goharbor/nginx-photon:v2.7.3 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) 0.0.0.0:8080->8080/tcp nginx a39ecd6eddf1 goharbor/harbor-jobservice:v2.7.3 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-jobservice f0c1a4957d04 goharbor/harbor-core:v2.7.3 "/harbor/entrypoint.…" About a minute ago Up About a minute (healthy) harbor-core f64062148ccf goharbor/harbor-registryctl:v2.7.3 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl 6fc3d92cc65f goharbor/harbor-db:v2.7.3 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) harbor-db fc9917cad78e goharbor/harbor-portal:v2.7.3 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal 8622fab2670f goharbor/registry-photon:v2.7.3 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry 27e3ba43f9f8 goharbor/redis-photon:v2.7.3 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) redis feef079dcbd4 goharbor/harbor-log:v2.7.3 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
登录
浏览器访问
http://IP:8080
使用用户名:admin、配置的密码:Harbor12345进行登录
启动与停止Harbor
停止Harbor
[root@master harbor]# docker-compose stop [+] Running 9/9 ⠿ Container harbor-jobservice Stopped 0.0s ⠿ Container nginx Stopped 0.0s ⠿ Container registryctl Stopped 10.2s ⠿ Container harbor-portal Stopped 0.3s ⠿ Container harbor-core Stopped 0.0s ⠿ Container harbor-db Stopped 0.4s ⠿ Container registry Stopped 0.2s ⠿ Container redis Stopped 0.5s ⠿ Container harbor-log Stopped 10.2s- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
启动Harbor
[root@master harbor]# docker-compose start [+] Running 9/9 ⠿ Container harbor-log Started 0.3s ⠿ Container redis Started 0.9s ⠿ Container registryctl Started 0.7s ⠿ Container harbor-portal Started 1.0s ⠿ Container harbor-db Started 0.8s ⠿ Container registry Started 1.0s ⠿ Container harbor-core Started 0.3s ⠿ Container nginx Started 0.5s ⠿ Container harbor-jobservice Started- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
登录Harbor仓库
要登录到Harbor私有仓库,执行以下命令来登录到Harbor仓库:
docker login <Harbor仓库地址>- 1
登录异常
[root@master harbor]# docker login 112.74.96.150:8080 Username: admin Password: Error response from daemon: Get "https://112.74.96.150:8080/v2/": http: server gave HTTP response to HTTPS client- 1
- 2
- 3
- 4
原因:
默认通过 HTTPS 协议与 Harbor 仓库进行通信,但是 Harbor 仓库只配置了 HTTP 服务而没有启用 HTTPS 服务。
解决方案
方案一:
查找docker.service所在目录
[root@master harbor]# find / -name docker.service -type f /usr/lib/systemd/system/docker.service- 1
- 2
编辑
vim /usr/lib/systemd/system/docker.service修改这行配置:
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock- 1
使用
--insecure选项来跳过https证书验证,改成如下这样:ExecStart=/usr/bin/dockerd --insecure-registry 112.74.96.150:8080 -H fd:// --containerd=/run/containerd/containerd.sock- 1
方案二:
修改
/etc/docker/daemon.json文件,添加配置,指定镜像仓库IP地址{ "insecure-registries": ["112.74.96.150"] }- 1
- 2
- 3
登录
重新加载配置、重启docker
systemctl daemon-reload systemctl restart docker- 1
- 2
再次登录
注意:可能需要重启Harbor
[root@master harbor]# docker login 112.74.96.150:8080 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
退出
退出Harbor私有仓库的登录状态
docker logout <Harbor仓库地址>- 1
[root@master ~]# docker login 112.74.96.150:8080 Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded- 1
- 2
- 3
- 4
- 5
- 6
- 7
推送拉取Harbor镜像
镜像命名规范
Harbor的镜像名称,存在一定命名规范,差异之处在于:必须以项目名称作为镜像名称的一部分,具体参考如下示例说明
构建镜像
docker build -t <Harbor仓库地址>/<项目名称>/<镜像名称>:<标签> .- 1
将镜像推送到Harbor仓库
docker push <Harbor仓库地址>/<项目名称>/<镜像名称>:<标签>- 1
拉取Harbor镜像
docker pull <Harbor仓库地址>/<项目名称>/<镜像名称>:<标签>- 1
创建项目
在Harbor仓库的界面或使用Harbor API来创建项目
界面创建
Harbor API创建curl -X POST -u username:password -H "Content-Type: application/json" -d '{ "project_name": "projectname", "public": 1, "content_trust": "disabled" }' https://<Harbor仓库地址>/api/projects- 1
- 2
- 3
- 4
- 5
推送镜像
拉取一个测试镜像
[root@master ~]# docker pull testcontainers/helloworld- 1
查看该镜像
[root@master ~]# docker images | grep hello testcontainers/helloworld latest 6974669be52b 2 years ago 12.7MB- 1
- 2
标记本地镜像, 将其归入Harbor仓库
注意:需要多一级,作为项目名
[root@master harbor]# docker tag testcontainers/helloworld:latest 112.74.96.150:8080/projectname/helloworld:v1- 1
再次查看镜像
[root@master harbor]# docker images | grep hello 112.74.96.150:8080/projectname/helloworld v1 6974669be52b 2 years ago 12.7MB testcontainers/helloworld latest 6974669be52b 2 years ago 12.7MB- 1
- 2
- 3
将本地镜像推送到镜像仓库(需先登录镜像仓库)
[root@master harbor]# docker push 112.74.96.150:8080/projectname/helloworld:v1 The push refers to repository [112.74.96.150:8080/projectname/helloworld] 802cca11a560: Pushing [============================================> ] 6.194MB/7.019MB 80b7fe966245: Pushed 50644c29ef5a: Pushing [=============================================> ] 5.068MB/5.575MB- 1
- 2
- 3
- 4
- 5
登录Harbor,查看新建项目
projectname下,已成功推送1个镜像
拉取镜像
删除已存在镜像
[root@master harbor]# docker images | grep hello 112.74.96.150:8080/projectname/helloworld v1 6974669be52b 2 years ago 12.7MB testcontainers/helloworld latest 6974669be52b 2 years ago 12.7MB [root@master harbor]# docker rmi 112.74.96.150:8080/projectname/helloworld:v1 Untagged: 112.74.96.150:8080/projectname/helloworld:v1 Untagged: 112.74.96.150:8080/projectname/helloworld@sha256:4ee5a832ef6eee533df7224b80d4cceb9ab219599014f408d0b69690be94c396 [root@master harbor]# docker rmi testcontainers/helloworld:latest Untagged: testcontainers/helloworld:latest Untagged: testcontainers/helloworld@sha256:4ee5a832ef6eee533df7224b80d4cceb9ab219599014f408d0b69690be94c396- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
从Harbor拉取镜像
[root@master harbor]# docker pull 112.74.96.150:8080/projectname/helloworld:v1 v1: Pulling from projectname/helloworld df20fa9351a1: Downloading [==========> ] 614.1kB/2.798MB 7d694ce25b07: Download complete 99f5116afda5: Downloading [================================> ] 2.389MB/3.655MB- 1
- 2
- 3
- 4
- 5
- 6
查看拉取的镜像
[root@master harbor]# docker images | grep hell 112.74.96.150:8080/projectname/helloworld v1 6974669be52b 2 years ago 12.7MB- 1
- 2
-
相关阅读:
大数据-玩转数据-双流JOIN
Docker的简介及安装
贪心算法学习四
文件和目录操作命令:cp
交叉熵损失CrossEntropyLoss
通过python简单预测彩票下次是否中奖:LSTM、LogisticRegression
C#笔记:C#程序基本内容
鸿蒙开发接口媒体:【@ohos.multimedia.audio (音频管理)】
HTML调用摄像头
关于ETL的两种架构(ETL架构和ELT架构)
- 原文地址:https://blog.csdn.net/qq_38628046/article/details/132848771
