ICode9

精准搜索请尝试: 精确搜索
首页 > 其他分享> 文章详细

harbor仓库部署

2022-08-12 09:30:09  阅读:168  来源: 互联网

标签:compose Container harbor Harbor 仓库 部署 docker root


harbor仓库部署


目录

无论是使用Docker-distribution去自建仓库,还是通过官方镜像跑容器的方式去自建仓库,通过前面的演示我们可以发现其是非常的简陋的,还不如直接使用官方的Docker Hub去管理镜像来得方便,至少官方的Docker Hub能够通过web界面来管理镜像,还能在web界面执行搜索,还能基于Dockerfile利用Webhooks和Automated Builds实现自动构建镜像的功能,用户不需要在本地执行docker build,而是把所有build上下文的文件作为一个仓库推送到github上,让Docker Hub可以从github上去pull这些文件来完成自动构建。

但无论官方的Docker Hub有多强大,它毕竟是在国外,所以速度是最大的瓶颈,我们很多时候是不可能去考虑使用官方的仓库的,但是上面说的两种自建仓库方式又十分简陋,不便管理,所以后来就出现了一个被 CNCF 组织青睐的项目,其名为Harbor。

Harbor简介

Harbor是由VMWare在Docker Registry的基础之上进行了二次封装,加进去了很多额外程序,而且提供了一个非常漂亮的web界面。

Project Harbor是一个开源的可信云本地注册项目,用于存储、标记和扫描上下文。
Harbor扩展了开源Docker分发版,增加了用户通常需要的功能,如安全、身份和管理。
Harbor支持高级特性,如用户管理、访问控制、活动监视和实例之间的复制。

Harbor的功能

Harbor的核心功能是存储和管理Artifact
访问控制:访问控制是多个用户使用同一个仓库存储Artifact时的基本需求,也是Harbor早期版本提供的主要功能之一
镜像签名:镜像在本质上是软件的封装形式,从安全角度来看,开发人员在部署镜像前需要保证镜像内容的完整性(integrity)
镜像扫描:容器镜像打包了代码、软件及其所需的运行环境,已发布的软件及其依赖的库都可能存在安全漏洞
高级管理功能:Harbor在版本迭代中还根据社区反馈,为管理员及用户提供了很多高级管理功能以支持更加复杂的使用场景,包括Artifact复制策略、存储配额管理、Tag保留策略(Artifact保留策略)和垃圾回收等

Docker compose

Harbor在物理机上部署是非常难的,而为了简化Harbor的应用,Harbor官方直接把Harbor做成了在容器中运行的应用,而且这个容器在Harbor中依赖类似redis、mysql、pgsql等很多存储系统,所以它需要编排很多容器协同起来工作,因此VMWare Harbor在部署和使用时,需要借助于Docker的单机编排工具(Docker compose)来实现。

Compose是一个用于定义和运行多容器Docker应用程序的工具。使用Compose,您可以使用一个YAML文件来配置应用程序的服务。然后,使用一个命令创建并启动配置中的所有服务。

Harbor部署

提前进入Harbor官方文档(https://github.com/goharbor/harbor)下载harbor-offline-installer-v2.5.3这个包,操作如下:
在左上角输入harbor搜索




进入 Docker compose官方文档(https://docs.docker.com/compose/)进行部署操作



分别开启两台机子,一台为客户端,一台为镜像仓库端
client为客户端,harbor为镜像仓库端
需要保证两台机子都要有docker

客户端:
[root@localhost ~]# hostnamectl set-hostname client
[root@localhost ~]# bash
[root@client ~]# which docker
/usr/bin/docker
[root@client yum.repos.d]# ls
CentOS-Base.repo  docker-ce.repo
[root@client yum.repos.d]#  scp docker-ce.repo 192.168.142.134:/etc/yum.repos.d/
The authenticity of host '192.168.142.134 (192.168.142.134)' can't be established.
ECDSA key fingerprint is SHA256:y11UDaNXs3AnvVUnZQfAim2VHAplF09YOvQp2NemHyk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added '192.168.142.134' (ECDSA) to the list of known hosts.
root@192.168.142.134's password: 
docker-ce.repo                                             100% 2261     1.0MB/s   00:00    
//将客户端的docker传给镜像仓库端
镜像仓库端:
[root@localhost2 ~]# hostnamectl set-hostname harbor
[root@localhost2 ~]# bash
[root@harbor ~]# cd /etc/yum.repos.d/
[root@harbor yum.repos.d]# ls
CentOS-Base.repo  docker-ce.repo  mysql-community-source.repo  mysql-community.repo
//查看是否有docker镜像仓库
[root@harbor yum.repos.d]# dnf -y install docker-ce
//进行安装

在刚刚那个页面的基础上往下翻

往下翻,进行手动安装

[root@harbor ~]# DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}
[root@harbor ~]# mkdir -p $DOCKER_CONFIG/cli-plugins //创建.docker
[root@harbor ~]# ls -a
.              .bash_profile  .docker         .wget-hsts
..             .bashrc        .mysql_history  anaconda-ks.cfg
.bash_history  .config        .tcshrc         mysql57-community-release-el7-11.noarch.rpm
.bash_logout   .cshrc         .viminfo
[root@harbor ~]# ls .docker/
cli-plugins
[root@harbor cli-plugins]# ls  //将提前下载好的包拉取进来
docker-compose
[root@harbor cli-plugins]# chmod +x docker-compose //赋予执行权限
[root@harbor cli-plugins]# ll
total 25188
-rwxr-xr-x 1 root root 25792512 Aug 11 08:11 docker-compose
[root@harbor cli-plugins]# ./docker-compose --help  //此下面的命令都可以使用

Usage:  docker compose [OPTIONS] COMMAND

Docker Compose

Options:
      --ansi string                Control when to print ANSI control characters
                                   ("never"|"always"|"auto") (default "auto")
      --compatibility              Run compose in backward compatibility mode
      --env-file string            Specify an alternate environment file.
  -f, --file stringArray           Compose configuration files
      --profile stringArray        Specify a profile to enable
      --project-directory string   Specify an alternate working directory
                                   (default: the path of the, first specified, Compose
                                   file)
  -p, --project-name string        Project name

Commands:
  build       Build or rebuild services
  convert     Converts the compose file to platform's canonical format
  cp          Copy files/folders between a service container and the local filesystem
  create      Creates containers for a service.
  down        Stop and remove containers, networks
  events      Receive real time events from containers.
  exec        Execute a command in a running container.
  images      List images used by the created containers
  kill        Force stop service containers.
  logs        View output from containers
  ls          List running compose projects
  pause       Pause services
  port        Print the public port for a port binding.
  ps          List containers
  pull        Pull service images
  push        Push service images
  restart     Restart containers
  rm          Removes stopped service containers
  run         Run a one-off command on a service.
  start       Start services
  stop        Stop services
  top         Display the running processes
  unpause     Unpause services
  up          Create and start containers
  version     Show the Docker Compose version information

Run 'docker compose COMMAND --help' for more information on a command.
[root@harbor cli-plugins]# pwd
/root/.docker/cli-plugins
//目前是当前用户可以使用这个命令
[root@harbor cli-plugins]# ln -sv /root/.docker/cli-plugins/docker-compose /usr/bin/
'/usr/bin/docker-compose' -> '/root/.docker/cli-plugins/docker-compose'
//做个软链接使其在系统的其他地方也可以使用
[root@harbor cli-plugins]# cd
[root@harbor ~]# which docker-compose 
/usr/bin/docker-compose
[root@harbor ~]# docker compose version
Docker Compose version v2.7.0
//查看版本
[root@harbor ~]# cd /usr/src/
[root@harbor src]# ls
debug  harbor-offline-installer-v2.5.3.tgz  kernels
//将之前下载好的包拉进这里面
[root@harbor src]# tar xf harbor-offline-installer-v2.5.3.tgz -C /usr/local/
[root@harbor src]# ls /usr/local/
bin  etc  games  harbor  include  lib  lib64  libexec  sbin  share  src
[root@harbor src]# cd /usr/local/harbor/
[root@harbor harbor]# ls
LICENSE  common.sh  harbor.v2.5.3.tar.gz  harbor.yml.tmpl  install.sh  prepare
[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
[root@harbor harbor]# vim harbor.yml
[root@harbor harbor]# hostnamectl set-hostname harbor.example.com
[root@harbor harbor]# bash
//可以提前修改一下主机名
hostname: harbor.example.com  //修改为主机名
#https:    //注释掉证书相关的
  # https port for harbor, default is 443
  # port: 443
  # The path of cert and key files for nginx
  #certificate: /your/certificate/path
  #private_key: /your/private/key/path
·················································
harbor_admin_password: Harbor12345  //此为网页访问时的登录密码
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123  //数据库的密码
  data_volume: /data //数据存放的目录
   # insecure The flag to skip verifying registry certificate
  insecure: false  //不安全的功能关闭了(验证证书的)
 # are all valid.
    rotate_size: 200M   //日志滚动(每天会自动保存一定数量的日志会重命名为一个不同名字的文件)
    # The directory on your host that store log
    location: /var/log/harbor  //日志存放
[root@harbor harbor]# ls
LICENSE  common.sh  harbor.v2.5.3.tar.gz  harbor.yml  harbor.yml.tmpl  install.sh  prepare
[root@harbor harbor]# ./install.sh 
//执行这个脚本
....
[Step 5]: starting Harbor ...
[+] Running 10/10
 ⠿ Network harbor_harbor        Created                                                 0.1s
 ⠿ Container harbor-log         Started                                                 0.8s
 ⠿ Container redis              Started                                                 1.9s
 ⠿ Container registryctl        Started                                                 1.9s
 ⠿ Container registry           Started                                                 2.1s
 ⠿ Container harbor-portal      Started                                                 2.1s
 ⠿ Container harbor-db          Started                                                 2.0s
 ⠿ Container harbor-core        Started                                                 2.8s
 ⠿ Container harbor-jobservice  Started                                                 3.7s
 ⠿ Container nginx              Started                                                 3.8s
✔ ----Harbor has been installed and started successfully.----
[root@harbor harbor]# ss -antl
State     Recv-Q    Send-Q        Local Address:Port         Peer Address:Port    Process   
LISTEN    0         128                 0.0.0.0:22                0.0.0.0:*                   
LISTEN    0         128               127.0.0.1:1514              0.0.0.0:*    
LISTEN    0         128                    [::]:22                   [::]:*       
LISTEN    0         128                    [::]:80                   [::]:*    

使用IP登录管理Harbor:

登录成功后界面:

使用Harbor的注意事项:

  1. 在客户端上传镜像时一定要记得执行docker login进行用户认证,否则无法直接push
  2. 在客户端使用的时候如果不是用的https则必须要在客户端的/etc/docker/daemon.json配置文件中配置insecure-registries参数
  3. 数据存放路径应在配置文件中配置到一个容量比较充足的共享存储中
  4. Harbor是使用docker-compose命令来管理的,如果需要停止Harbor也应用docker-compose stop来停止,其他参数请--help
[root@harbor ~]# docker ps
CONTAINER ID   IMAGE                                COMMAND                  CREATED          STATUS                    PORTS                                   NAMES
76d358705acf   goharbor/harbor-jobservice:v2.5.3    "/harbor/entrypoint.…"   10 minutes ago   Up 10 minutes (healthy)                                           harbor-jobservice
237a7155677e   goharbor/nginx-photon:v2.5.3         "nginx -g 'daemon of…"   10 minutes ago   Up 10 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
1930fed03071   goharbor/harbor-core:v2.5.3          "/harbor/entrypoint.…"   10 minutes ago   Up 10 minutes (healthy)                                           harbor-core
480772e4a195   goharbor/harbor-registryctl:v2.5.3   "/home/harbor/start.…"   10 minutes ago   Up 10 minutes (healthy)                                           registryctl
k38c22de9b73   goharbor/redis-photon:v2.5.3         "redis-server /etc/r…"   10 minutes ago   Up 10 minutes (healthy)                                           redis
994560266151   goharbor/registry-photon:v2.5.3      "/home/harbor/entryp…"   10 minutes ago   Up 10 minutes (healthy)                                           registry
182d2180241e   goharbor/harbor-db:v2.5.3            "/docker-entrypoint.…"   10 minutes ago   Up 10 minutes (healthy)                                           harbor-db
463c26c94150   goharbor/harbor-portal:v2.5.3        "nginx -g 'daemon of…"   10 minutes ago   Up 10 minutes (healthy)                                           harbor-portal
9fcbe6d544c9   goharbor/harbor-log:v2.5.3           "/bin/sh -c /usr/loc…"   11 minutes ago   Up 10 minutes (healthy)   127.0.0.1:1514->10514/tcp               harbor-log
[root@harbor ~]# cd /usr/local/harbor/
[root@harbor harbor]# ls
LICENSE  common.sh           harbor.v2.5.3.tar.gz  harbor.yml.tmpl  prepare
common   docker-compose.yml  harbor.yml            install.sh
[root@harbor harbor]# docker-compose stop
[+] Running 9/9
 ⠿ Container harbor-jobservice  Stopped                                                 0.3s
 ⠿ Container nginx              Stopped                                                 0.4s
 ⠿ Container registryctl        Stopped                                                10.2s
 ⠿ Container harbor-portal      Stopped                                                 0.2s
 ⠿ Container harbor-core        Stopped                                                 0.3s
 ⠿ Container harbor-db          Stopped                                                 0.3s
 ⠿ Container redis              Stopped                                                 0.3s
 ⠿ Container registry           Stopped                                                 0.3s
 ⠿ Container harbor-log         Stopped                                                10.2s
[root@harbor harbor]# docker-compose start
[+] Running 9/9
 ⠿ Container harbor-log         Started                                                 0.7s
 ⠿ Container harbor-db          Started                                                 1.3s
 ⠿ Container redis              Started                                                 1.0s
 ⠿ Container registry           Started                                                 0.9s
 ⠿ Container registryctl        Started                                                 1.2s
 ⠿ Container harbor-portal      Started                                                 1.0s
 ⠿ Container harbor-core        Started                                                 0.6s
 ⠿ Container nginx              Started                                                 1.1s
 ⠿ Container harbor-jobservice  Started                                                 0.9s

标签:compose,Container,harbor,Harbor,仓库,部署,docker,root
来源: https://www.cnblogs.com/soap-bubble/p/16578632.html

本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享;
2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关;
3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关;
4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除;
5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

专注分享技术,共同学习,共同进步。侵权联系[81616952@qq.com]

Copyright (C)ICode9.com, All Rights Reserved.

ICode9版权所有