标签:nginx harbor tcp server 私有 docker root
再探docker私有仓库,harbor!
harbor的优点
- 基于角色控制
- 基于镜像的复制策略
- 图形UI
- 审计
- RESTful API
- 图像删除和垃圾收集
- 支持LDAP/AD
harbor核心组件
- proxy:通过一个前置的反向代理统一接受浏览器、Docker客户端的请求,并将请求转发给后端不同的服务
- Core services:Harbor的核心功能,包括UI、webhook、token服务
webhook:是一种反向API机制,类似于触发器
token:令牌,提供身份验证服务 - Database:为core services提供数据库服务
- Log collector:负责收集其他组件的log,供日后进行分析
- Registry:复制储存Docker镜像,并处理docker push/pull命令
部署harbor
- 安装harbor
[root@server ~]# tar zxf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
[root@server ~]# chmod +x docker-compose
[root@server ~]# cp docker-compose /usr/local/bin/
- 配置harbor参数并查看容器
5 hostname = 192.168.1.101
56 ##The initial password of Harbor admin, only works for the first time when Harbor starts.
57 #It has no effect after the first launch of Harbor.
58 #Change the admin password from UI after launching Harbor.
59 harbor_admin_password = Harbor12345 //定义了admin的密码
[root@server harbor]# docker ps -a //发现多了几个容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7b1102deb62 vmware/nginx-photon:1.11.13 "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:4443->4443/tcp, :::4443->4443/tcp nginx
d0230fb3c0a8 vmware/harbor-jobservice:v1.2.2 "/harbor/harbor_jobs…" 3 minutes ago Up 3 minutes harbor-jobservice
800c9b6f3a80 vmware/harbor-ui:v1.2.2 "/harbor/harbor_ui" 3 minutes ago Up 3 minutes harbor-ui
13a3120c01d1 vmware/harbor-db:v1.2.2 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 3306/tcp harbor-db
d1bf45eda762 vmware/harbor-adminserver:v1.2.2 "/harbor/harbor_admi…" 3 minutes ago Up 3 minutes harbor-adminserver
ee0e3861fae3 vmware/registry:2.6.2-photon "/entrypoint.sh serv…" 3 minutes ago Up 3 minutes 5000/tcp registry
cbb9935e86b1 vmware/harbor-log:v1.2.2 "/bin/sh -c 'crond &…" 3 minutes ago Up 3 minutes 127.0.0.1:1514->514/tcp harbor-log
358d4ade35b1 centos:stress "/bin/bash" 3 hours ago Exited (0) 3 hours ago eager_keller
2a3bf404a512 centos:stress "/bin/bash" 3 hours ago Exited (0) 3 hours ago mystifying_lovelace
[root@server harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp,:::443->443/tcp, 0.0.0.0:4443->4443/tcp,:::4443->4443/tcp,
0.0.0.0:80->80/tcp,:::80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
harbor中的七个容器:
-
harbor-adminserver
-
harbor-db
-
harbor-jobservice
-
harbor-log
-
harbor-ui
-
nginx
-
registry
-
用web端登入到harbor
-
创建项目
-
用命令行登录到Harbor
[root@server docker]# docker tag cirros:latest 127.0.0.1/myproject/cirros:v1
[root@server docker]# docker login -u admin -p Harbor12345 http://127.0.0.1
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
- 推送镜像
[root@server docker]# docker push 127.0.0.1/myproject/cirros:v1
The push refers to repository [127.0.0.1/myproject/cirros]
984ad441ec3d: Pushed
f0a496d92efa: Pushed
e52d19c3bee2: Pushed
v1: digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22 size: 943
- 查看日志
- 想要使用不是本地的ip地址推送镜像,需要修改
[root@server docker]# vim daemon.json
{
"insecure-registries": ["192.168.1.101:5000"], //删除这一行
"registry-mirrors": ["https://cn90fxk6.mirror.aliyuncs.com"]
}
[root@server system]# cd /usr/lib/systemd/system
[root@server system]# vim docker.service
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.1.101 --containerd=/run/containerd/containerd.sock //加上--insecure-registry 192.168.1.101
[root@server system]# docker login -u admin -p Harbor12345 http://192.168.1.101 //成功登入
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
- 将tag打成192.168.1.101再推送
[root@server system]# docker tag nginx:v4 192.168.1.101/myproject/nginx:c1
[root@server system]# docker push 192.168.1.101/myproject/nginx:c1
The push refers to repository [192.168.1.101/myproject/nginx]
04f0c5f56b6b: Pushed
174f56854903: Pushed
c1: digest: sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065 size: 739
- 如何下载镜像
[root@server system]# docker rmi 192.168.1.101/myproject/nginx:c1
Untagged: 192.168.1.101/myproject/nginx:c1
Untagged: 192.168.1.101/myproject/nginx@sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065
[root@server system]# docker pull 192.168.1.101/myproject/nginx:c1
c1: Pulling from myproject/nginx
Digest: sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065
Status: Downloaded newer image for 192.168.1.101/myproject/nginx:c1
192.168.1.101/myproject/nginx:c1
[root@server system]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
compose_nginx_nginx latest 92bee763c9dd 3 hours ago 310MB
centos stress 9fc6d16d05f3 5 hours ago 520MB
192.168.1.101/myproject/nginx c1 64868a58d31b 4 days ago 205MB
标签:nginx,harbor,tcp,server,私有,docker,root 来源: https://blog.csdn.net/qq_41257472/article/details/120241369
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。