10

docker学习笔记–企业级仓库harbor搭建 |坐而言不如起而行! 二丫讲梵

 3 years ago
source link: http://www.eryajf.net/2314.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client
本文预计阅读时间 36 分钟

1,简单介绍。

Harbor,是一个英文单词,意思是港湾,港湾是干什么的呢,就是停放货物的,而货物呢,是装在集装箱中的,说到集装箱,就不得不提到Docker容器,因为docker容器的技术正是借鉴了集装箱的原理。所以,Harbor正是一个用于存储Docker镜像的企业级Registry服务。

Harbor是Vmvare中国团队开发的开源registry仓库,相比docker官方拥有更丰富的权限权利和完善的架构设计,适用大规模docker集群部署提供仓库服务。

2,主要组件。

  • Proxy:Harbor的registry, UI, token等服务,通过一个前置的反向代理统一接收浏览器、Docker客户端的请求,并将请求转发给后端不同的服务。
  • Registry: 负责储存Docker镜像,并处理docker push/pull 命令。由于我们要对用户进行访问控制,即不同用户对Docker image有不同的读写权限,Registry会指向一个token服务,强制用户的每次docker pull/push请求都要携带一个合法的token, Registry会通过公钥对token 进行解密验证。
  • Core services: 这是Harbor的核心功能,主要提供以下服务:
1,UI:提供图形化界面,帮助用户管理registry上的镜像(image), 并对用户进行授权。
2,webhook:为了及时获取registry 上image状态变化的情况, 在Registry上配置webhook,把状态变化传递给UI模块。
3,token 服务:负责根据用户权限给每个docker push/pull命令签发token. Docker 客户端向Regiøstry服务发起的请求,如果不包含token,会被重定向到这里,获得token后再重新向Registry进行请求。
  • Database:为core services提供数据库服务,负责储存用户权限、审计日志、Docker image分组信息等数据。
  • Log collector:为了帮助监控Harbor运行,负责收集其他组件的log,供日后进行分析。

有架构图如下:

m_fe0d6a9c75f0b9afcd2313857069201d_r.png

运行环境

  • CentOS:7.3
  • docker-ce:17.12.1
  • docker-compose:version-1.18.0
  • harbor-offline:v1.5.1

3,安装。

1,安装docker。

  1. wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d
  2. yum -y install docker-ce-17.12.1.ce-1.el7.centos

启动服务。

  1. systemctl enable docker
  2. systemctl start docker
  3. systemctl status docker

2,安装docker-compose。

源码地址:https://github.com/docker/compose/releases

下载指定版本。

  1. curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose

添加执行权限。

  1. chmod +x /usr/local/bin/docker-compose

验证一下。

  1. $docker-compose --version
  2. docker-compose version 1.18.0, build 8dd22a9

3,安装harbor。

源码地址:https://github.com/goharbor/harbor/releases

项目分有在线版,以及离线版,这里介绍离线版的安装。

下载安装包。

  1. wget https://storage.googleapis.com/harbor-releases/release-1.5.0/harbor-offline-installer-v1.5.1.tgz

或许用迅雷下载,速度更佳。

解压安装包。

  1. $tar xf harbor-offline-installer-v1.5.1.tgz
  2. $ls harbor
  3. common docker-compose.clair.yml docker-compose.notary.yml docker-compose.yml ha harbor.cfg harbor.v1.5.1.tar.gz install.sh LICENSE NOTICE prepare

更改配置。

  1. $vim harbor.cfg
  2. 将hostname更改为本机ip即可。
  3. hostname = 192.168.111.5

其他的配置保持默认即可,还有一些常用配置,如果需要,可以自行按需修改。

执行安装。

  1. $bash install.sh
  2. [Step 0]: checking installation environment ...
  3. Note: docker version: 17.12.1
  4. Note: docker-compose version: 1.18.0
  5. [Step 1]: loading Harbor images ...
  6. 52ef9064d2e4: Loading layer [==================================================>] 135.9MB/135.9MB
  7. 4a6862dbadda: Loading layer [==================================================>] 23.25MB/23.25MB
  8. 58b7d0c522b2: Loading layer [==================================================>] 24.4MB/24.4MB
  9. 9cd4bb748634: Loading layer [==================================================>] 7.168kB/7.168kB
  10. c81302a14908: Loading layer [==================================================>] 10.56MB/10.56MB
  11. 7848e9ba72a3: Loading layer [==================================================>] 24.39MB/24.39MB
  12. Loaded image: vmware/harbor-ui:v1.5.1
  13. f1691b5a5198: Loading layer [==================================================>] 73.15MB/73.15MB
  14. a529013c99e4: Loading layer [==================================================>] 3.584kB/3.584kB
  15. d9b4853cff8b: Loading layer [==================================================>] 3.072kB/3.072kB
  16. 3d305073979e: Loading layer [==================================================>] 4.096kB/4.096kB
  17. c9e17074f54a: Loading layer [==================================================>] 3.584kB/3.584kB
  18. 956055840e30: Loading layer [==================================================>] 9.728kB/9.728kB
  19. Loaded image: vmware/harbor-log:v1.5.1
  20. 185db06a02d0: Loading layer [==================================================>] 23.25MB/23.25MB
  21. 835213979c70: Loading layer [==================================================>] 20.9MB/20.9MB
  22. f74eeb41c1c9: Loading layer [==================================================>] 20.9MB/20.9MB
  23. Loaded image: vmware/harbor-jobservice:v1.5.1
  24. 9bd5c7468774: Loading layer [==================================================>] 23.25MB/23.25MB
  25. 5fa6889b9a6d: Loading layer [==================================================>] 2.56kB/2.56kB
  26. bd3ac235b209: Loading layer [==================================================>] 2.56kB/2.56kB
  27. cb5d493833cc: Loading layer [==================================================>] 2.048kB/2.048kB
  28. 557669a074de: Loading layer [==================================================>] 22.8MB/22.8MB
  29. f02b4f30a9ac: Loading layer [==================================================>] 22.8MB/22.8MB
  30. Loaded image: vmware/registry-photon:v2.6.2-v1.5.1
  31. 5d3b562db23e: Loading layer [==================================================>] 23.25MB/23.25MB
  32. 8edca1b0e3b0: Loading layer [==================================================>] 12.16MB/12.16MB
  33. ce5f11ea46c0: Loading layer [==================================================>] 17.3MB/17.3MB
  34. 93750d7ec363: Loading layer [==================================================>] 15.87kB/15.87kB
  35. 36f81937e80d: Loading layer [==================================================>] 3.072kB/3.072kB
  36. 37e5df92b624: Loading layer [==================================================>] 29.46MB/29.46MB
  37. Loaded image: vmware/notary-server-photon:v0.5.1-v1.5.1
  38. 0a2f8f90bd3a: Loading layer [==================================================>] 401.3MB/401.3MB
  39. 41fca4deb6bf: Loading layer [==================================================>] 9.216kB/9.216kB
  40. f2e28262e760: Loading layer [==================================================>] 9.216kB/9.216kB
  41. 68677196e356: Loading layer [==================================================>] 7.68kB/7.68kB
  42. 2b006714574e: Loading layer [==================================================>] 1.536kB/1.536kB
  43. Loaded image: vmware/mariadb-photon:v1.5.1
  44. a8c4992c632e: Loading layer [==================================================>] 156.3MB/156.3MB
  45. 0f37bf842677: Loading layer [==================================================>] 10.75MB/10.75MB
  46. 9f34c0cd38bf: Loading layer [==================================================>] 2.048kB/2.048kB
  47. 91ca17ca7e16: Loading layer [==================================================>] 48.13kB/48.13kB
  48. 5a7e0da65127: Loading layer [==================================================>] 10.8MB/10.8MB
  49. Loaded image: vmware/clair-photon:v2.0.1-v1.5.1
  50. 0e782fe069e7: Loading layer [==================================================>] 23.25MB/23.25MB
  51. 67fc1e2f7009: Loading layer [==================================================>] 15.36MB/15.36MB
  52. 8db2141aa82c: Loading layer [==================================================>] 15.36MB/15.36MB
  53. Loaded image: vmware/harbor-adminserver:v1.5.1
  54. 3f87a34f553c: Loading layer [==================================================>] 4.772MB/4.772MB
  55. Loaded image: vmware/nginx-photon:v1.5.1
  56. Loaded image: vmware/photon:1.0
  57. ad58f3ddcb1b: Loading layer [==================================================>] 10.95MB/10.95MB
  58. 9b50f12509bf: Loading layer [==================================================>] 17.3MB/17.3MB
  59. 2c21090fd212: Loading layer [==================================================>] 15.87kB/15.87kB
  60. 38bec864f23e: Loading layer [==================================================>] 3.072kB/3.072kB
  61. 6e81ea7b0fa6: Loading layer [==================================================>] 28.24MB/28.24MB
  62. Loaded image: vmware/notary-signer-photon:v0.5.1-v1.5.1
  63. 897a26fa09cb: Loading layer [==================================================>] 95.02MB/95.02MB
  64. 16e3a10a21ba: Loading layer [==================================================>] 6.656kB/6.656kB
  65. 85ecac164331: Loading layer [==================================================>] 2.048kB/2.048kB
  66. 37a2fb188706: Loading layer [==================================================>] 7.68kB/7.68kB
  67. Loaded image: vmware/postgresql-photon:v1.5.1
  68. bed9f52be1d1: Loading layer [==================================================>] 11.78kB/11.78kB
  69. d731f2986f6e: Loading layer [==================================================>] 2.56kB/2.56kB
  70. c3fde9a69f96: Loading layer [==================================================>] 3.072kB/3.072kB
  71. Loaded image: vmware/harbor-db:v1.5.1
  72. 7844feb13ef3: Loading layer [==================================================>] 78.68MB/78.68MB
  73. de0fd8aae388: Loading layer [==================================================>] 3.072kB/3.072kB
  74. 3f79efb720fd: Loading layer [==================================================>] 59.9kB/59.9kB
  75. 1c02f801c2e8: Loading layer [==================================================>] 61.95kB/61.95kB
  76. Loaded image: vmware/redis-photon:v1.5.1
  77. 454c81edbd3b: Loading layer [==================================================>] 135.2MB/135.2MB
  78. e99db1275091: Loading layer [==================================================>] 395.4MB/395.4MB
  79. 051e4ee23882: Loading layer [==================================================>] 9.216kB/9.216kB
  80. 6cca4437b6f6: Loading layer [==================================================>] 9.216kB/9.216kB
  81. 1d48fc08c8bc: Loading layer [==================================================>] 7.68kB/7.68kB
  82. 0419724fd942: Loading layer [==================================================>] 1.536kB/1.536kB
  83. 543c0c1ee18d: Loading layer [==================================================>] 655.2MB/655.2MB
  84. 4190aa7e89b8: Loading layer [==================================================>] 103.9kB/103.9kB
  85. Loaded image: vmware/harbor-migrator:v1.5.0
  86. [Step 2]: preparing environment ...
  87. Generated and saved secret to file: /data/secretkey
  88. Generated configuration file: ./common/config/nginx/nginx.conf
  89. Generated configuration file: ./common/config/adminserver/env
  90. Generated configuration file: ./common/config/ui/env
  91. Generated configuration file: ./common/config/registry/config.yml
  92. Generated configuration file: ./common/config/db/env
  93. Generated configuration file: ./common/config/jobservice/env
  94. Generated configuration file: ./common/config/jobservice/config.yml
  95. Generated configuration file: ./common/config/log/logrotate.conf
  96. Generated configuration file: ./common/config/jobservice/config.yml
  97. Generated configuration file: ./common/config/ui/app.conf
  98. Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
  99. The configuration files are ready, please use docker-compose to start the service.
  100. Creating harbor-log ... done
  101. [Step 3]: checking existing instance of Harbor ...
  102. Creating harbor-adminserver ... done
  103. Creating harbor-ui ... done
  104. Creating network "harbor_harbor" with the default driver
  105. Creating nginx ... done
  106. Creating harbor-adminserver ...
  107. Creating registry ...
  108. Creating harbor-db ...
  109. Creating redis ...
  110. Creating harbor-ui ...
  111. Creating nginx ...
  112. Creating harbor-jobservice ...
  113. ✔ ----Harbor has been installed and started successfully.----
  114. Now you should be able to visit the admin portal at http://192.168.111.5.
  115. For more details, please visit https://github.com/vmware/harbor .

看到这些输出,说明安装已经完成。

查看一下服务:

  1. $docker ps
  2. CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
  3. 55a0c9372840 vmware/harbor-jobservice:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour harbor-jobservice
  4. 50bd7c7a0a85 vmware/nginx-photon:v1.5.1 "nginx -g 'daemon of…" About an hour ago Up About an hour (healthy) 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp nginx
  5. b683e14ba917 vmware/harbor-ui:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour (healthy) harbor-ui
  6. a397a6785014 vmware/redis-photon:v1.5.1 "docker-entrypoint.s…" About an hour ago Up About an hour 6379/tcp redis
  7. 832f201f3c8d vmware/harbor-adminserver:v1.5.1 "/harbor/start.sh" About an hour ago Up About an hour (healthy) harbor-adminserver
  8. a0eacf22bfec vmware/harbor-db:v1.5.1 "/usr/local/bin/dock…" About an hour ago Up About an hour (healthy) 3306/tcp harbor-db
  9. 1c2cf0565a97 vmware/registry-photon:v2.6.2-v1.5.1 "/entrypoint.sh serv…" About an hour ago Up About an hour (healthy) 5000/tcp registry
  10. 7ec39f149caa vmware/harbor-log:v1.5.1 "/bin/sh -c /usr/loc…" About an hour ago Up About an hour (healthy) 127.0.0.1:1514->10514/tcp harbor-log
  1. $docker-compose ps
  2. Name Command State Ports
  3. ------------------------------------------------------------------------------------------------------------------------------
  4. harbor-adminserver /harbor/start.sh Up
  5. harbor-db /usr/local/bin/docker-entr ... Up 3306/tcp
  6. harbor-jobservice /harbor/start.sh Up
  7. harbor-log /bin/sh -c /usr/local/bin/ ... Up 127.0.0.1:1514->10514/tcp
  8. harbor-ui /harbor/start.sh Up
  9. nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
  10. redis docker-entrypoint.sh redis ... Up 6379/tcp
  11. registry /entrypoint.sh serve /etc/ ... Up 5000/tcp

访问私服仓库。

192.168.111.5

默认用户名/密码:admin/Harbor12345

m_c1d1668263a831b73b73e637750d127c_r.jpg

登陆之后可以修改一下密码。

4,客户端验证。

在另外一台主机上安装docker服务,验证私服可用性。

1,安装docker。

  1. wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && mv docker-ce.repo /etc/yum.repos.d
  2. yum -y install docker-ce-17.12.1.ce-1.el7.centos

启动服务。

  1. systemctl enable docker
  2. systemctl start docker
  3. systemctl status docker

2,配置私服连接。

  1. cat > /etc/docker/daemon.json << EOF
  2. { "insecure-registries":["192.168.111.5"] }

重启docker。

  1. systemctl daemon-reload
  2. systemctl restart docker

登陆私服,如果登陆失败,可能是两台主机时间不同步。

  1. $docker login -u admin -p Harbor12345 192.168.111.5
  2. WARNING! Using --password via the CLI is insecure. Use --password-stdin.
  3. Login Succeeded

3,验证拉取镜像。

先本地pull一个镜像。

  1. $docker pull busybox
  2. Using default tag: latest
  3. latest: Pulling from library/busybox
  4. 90e01955edcd: Pull complete
  5. Digest: sha256:2a03a6059f21e150ae84b0973863609494aad70f0a80eaeb64bddd8d92465812
  6. Status: Downloaded newer image for busybox:latest
  7. $docker images
  8. REPOSITORY TAG IMAGE ID CREATED SIZE
  9. busybox latest 59788edf1f3e 2 months ago 1.15MB

更改一下tag,测试一下push。

  1. $docker tag busybox 192.168.111.5/library/busybox:1
  2. $docker push 192.168.111.5/library/busybox:1
  3. The push refers to repository [192.168.111.5/library/busybox]
  4. 8a788232037e: Pushed
  5. 1: digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5 size: 527

可以在私服当中看到这个镜像:

m_305feede2a9c9bb2e7fdbde5e646af01_r.jpg

本地删除镜像,然后测试一下pull。

  1. 查看镜像。
  2. $docker images
  3. REPOSITORY TAG IMAGE ID CREATED SIZE
  4. 192.168.111.5/library/busybox 1 59788edf1f3e 2 months ago 1.15MB
  5. busybox latest 59788edf1f3e 2 months ago 1.15MB
  6. 删除本地镜像。
  7. $docker rmi -f 59788edf1f3e 59788edf1f3e
  8. 从本地私服pull镜像。
  9. $docker pull 192.168.111.5/library/busybox:1
  10. 1: Pulling from library/busybox
  11. 90e01955edcd: Pull complete
  12. Digest: sha256:915f390a8912e16d4beb8689720a17348f3f6d1a7b659697df850ab625ea29d5
  13. Status: Downloaded newer image for 192.168.111.5/library/busybox:1
  14. 再次查看镜像。
  15. $docker images
  16. REPOSITORY TAG IMAGE ID CREATED SIZE
  17. 192.168.111.5/library/busybox 1 59788edf1f3e 2 months ago 1.15MB
weinxin
二丫讲梵 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权 , 转载请注明<五>docker学习笔记–企业级仓库harbor搭建

report

Recommend

  • 88
    • blog.51cto.com 6 years ago
    • Cache

    harbor仓库搭建以及使用-李晓峰的技术博客

    harbor仓库搭建以及使用

  • 34
    • blog.51cto.com 6 years ago
    • Cache

    企业级镜像仓库harbor搭建(http/https)及使用-遥西向南

    Habor是由VMWare公司开源的容器镜像仓库。包括:管理用户界面,基于角色的访问控制,AD/LDAP集成以及审计日志等,足以满足基本企业需求.

  • 8
    • www.pkslow.com 4 years ago
    • Cache

    使用Harbor搭建Docker私有仓库

    1 开源的仓库管理工具Harbor Harbor是一个由CNCF托管的开源的Docker镜像仓库管理工具,我们可以通过它快速的建立起自己的私有仓库。当然,搭建私有仓库的选择很多,如Docker官方提供的regi...

  • 12
    • www.cnblogs.com 4 years ago
    • Cache

    Kubernetes-5-2:Harbor仓库的几种高可用方案与搭建

    高可用Harbor搭建 思路及介绍 Harbor官方有推出主从架构和双主架构来实现Harbor的高可用及数据备份。 一、主从架构: 说白了,就是往一台Harbor仓库...

  • 10
    • www.cnblogs.com 4 years ago
    • Cache

    docker的企业级仓库-harbor

    Harbor 一、背景 Docker中要使用镜像,我们一般都会从本地、Docker Hub公共仓库或者其它第三方的公共仓库中下载镜像,但是出于安全和一些内外网的原因考虑,企业级上不会轻易使用。普通的Docker Registry又不满足需求,所以一般...

  • 9
    • www.wencst.com 4 years ago
    • Cache

    安装企业级docker镜像仓库Harbor

    Harbor官方介绍 Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器,通过添加一些企业必需的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor...

  • 10
    • www.qikqiak.com 3 years ago
    • Cache

    在kubernetes 集群上搭建docker 私有仓库Harbor

    在kubernetes 集群上搭建docker 私有仓库Harbor-阳明的博客|Kubernetes|Istio|Prometheus|Python|Golang|云原生 it’s the season for rainy days and yellow ginkgo leaves. Harbor是一个用于存储和分发...

  • 6
    • www.cnblogs.com 2 years ago
    • Cache

    Harbor企业级私服Docker镜像仓库搭建及应用 - 包子wxl

    Harbor企业级私服Docker镜像仓库搭建及应用 Docker Hub作为Docker默认官方公共镜像,如果想要...

  • 14
    • blog.51cto.com 2 years ago
    • Cache

    基于Harbor搭建企业镜像仓库

    虽然Docker官方提供了Docker Hub作为公共的Registry服务器,给到用户进行镜像的保存和管理工作。但对于企业而言,考虑到安全性和网络效率等原因,通常会搭建私有的Registry服务器,用于提供企业内部的镜像仓库服务。本文将基于开源的Harbor项目来介绍关于私有...

  • 10
    • bajie.dev 2 years ago
    • Cache

    docker镜像仓库harbor的搭建与使用

    Docker镜像仓库harbor的搭建与使用 2022-12-19 2 分钟阅读 一:我们在公司内部建立了Docker内部镜像仓库: harbor是vmware出的一个docker镜像仓库,本质是一组容器的集合体,算是一个多容器的pod. 数据卷缺省是宿...

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK