07、企业级镜像仓库Harbor

1. Harbor概述

Habor是由VMWare公司开源的容器镜像仓库。事实上,Habor是在Docker Registry上进行了相应的 企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访 问控制 ,AD/LDAP集成以及审计日志等,足以满足基本企业需求。
官方地址:https://vmware.github.io/harbor/cn/
harbor github 地址: https://github.com/goharbor/harbor
安装硬件软件要求:https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

组件 功能
harbor-adminserver 配置管理中心
harbor-db Mysql数据库
harbor-jobservice 负责镜像复制
harbor-log 记录操作日志
harbor-ui Web管理页面和API
nginx 前端代理,负责前端页面和镜像上传/下载转发
redis 会话
registry 镜像存储

2. Harbor部署

Harbor安装有3种方式:
• 在线安装:从Docker Hub下载Harbor相关镜像,因此安装软件包非常小
• 离线安装:安装包包含部署的相关镜像,因此安装包比较大
• OVA安装程序:当用户具有vCenter环境时,使用此安装程序,在部署OVA后启动Harbor

离线安装:
(1) 安装docker compose

安装依赖 docker compose

安装文档URL:https://docs.docker.com/compose/install/

# sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose 

(2) 安装harbor

# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0-rc1.tgz
# tar zxvf harbor-offline-installer-v1.5.1.tgz 
# cd harbor
# vim harbor.yml
hostname = 10.40.6.165
ui_url_protocol = http 
harbor_admin_password = Harbor12345
# ./install.sh
   ...
[Step 3]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db   ... done
Creating registryctl ... done
Creating redis       ... done
Creating registry    ... done
Creating harbor-core ... done
Creating harbor-portal     ... done
Creating harbor-jobservice ... done
Creating nginx             ... done

✔ ----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at http://10.40.6.165. 
For more details, please visit https://github.com/goharbor/harbor .

### 安装完成之后会有一个docker-compose.yml 文件,编排安装的功能组件镜像是怎么启动容器的

# docker-compose ps   ## 列出功能组件,每个组件一个容器运行状态UP
      Name                     Command                       State                     Ports          
------------------------------------------------------------------------------------------------------
harbor-core         /harbor/start.sh                 Up (health: starting)                            
harbor-db           /entrypoint.sh postgres          Up (health: starting)   5432/tcp                 
harbor-jobservice   /harbor/start.sh                 Up                                               
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (health: starting)   127.0.0.1:1514->10514/tcp
harbor-portal       nginx -g daemon off;             Up (health: starting)   80/tcp                   
nginx               nginx -g daemon off;             Up (health: starting)   0.0.0.0:80->80/tcp       
redis               docker-entrypoint.sh redis ...   Up                      6379/tcp                 
registry            /entrypoint.sh /etc/regist ...   Up (health: starting)   5000/tcp                 
registryctl         /harbor/start.sh                 Up (health: starting)

然后登陆用浏览访问http://10.40.6.165 登陆

3. 基本使用

07、企业级镜像仓库Harbor_第1张图片
推送镜像说明.png

推送镜像步骤及格式:

在项目中标记镜像(打标签):
docker tag SOURCE_IMAGE[:TAG] 10.40.6.165/library/IMAGE[:TAG]

推送镜像到当前项目(上传镜像):
docker push 10.40.6.165/library/IMAGE[:TAG]
# docker tag nginx:v1 10.40.6.165/library/nginx:v1
# docker push 10.40.6.165/library/nginx:v1
The push refers to repository [10.40.6.165/library/nginx]
Get https://10.40.6.165/v2/: dial tcp 10.40.6.165:443: connect: connection refused  

因为我们使用的是http,得做可信任配置

# docker info
   ...
Insecure Registries:
 127.0.0.0/8
   ...

(1)、配置http镜像仓库可信任

# cat /etc/docker/daemon.json 
{
  "registry-mirrors": ["http://f1361db2.m.daocloud.io"],
  "insecure-registries":["http://10.40.6.165"]
}

# systemctl restart docker
# docker-compose ps    ## 有些是UP有些是Exit状态
      Name                     Command                  State                 Ports          
---------------------------------------------------------------------------------------------
harbor-core         /harbor/start.sh                 Exit 137                                
harbor-db           /entrypoint.sh postgres          Exit 255                                
harbor-jobservice   /harbor/start.sh                 Up                                      
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:1514->10514/tcp
harbor-portal       nginx -g daemon off;             Up (healthy)   80/tcp                   
nginx               nginx -g daemon off;             Exit 128                                
redis               docker-entrypoint.sh redis ...   Exit 137                                
registry            /entrypoint.sh /etc/regist ...   Up (healthy)   5000/tcp                 
registryctl         /harbor/start.sh                 Exit 137                                

# docker-compose up -d
harbor-log is up-to-date
registry is up-to-date
Starting registryctl ... done
Starting harbor-db   ... done
Starting redis       ... done
Starting harbor-core ... done
harbor-jobservice is up-to-date
harbor-portal is up-to-date
Starting nginx       ... done

# docker-compose ps    ## 在去看docker harbor 容器都是UP状态
      Name                     Command                       State                     Ports          
------------------------------------------------------------------------------------------------------
harbor-core         /harbor/start.sh                 Up (health: starting)                            
harbor-db           /entrypoint.sh postgres          Up (health: starting)   5432/tcp                 
harbor-jobservice   /harbor/start.sh                 Up                                               
harbor-log          /bin/sh -c /usr/local/bin/ ...   Up (healthy)            127.0.0.1:1514->10514/tcp
harbor-portal       nginx -g daemon off;             Up (healthy)            80/tcp                   
nginx               nginx -g daemon off;             Up (health: starting)   0.0.0.0:80->80/tcp       
redis               docker-entrypoint.sh redis ...   Up                      6379/tcp                 
registry            /entrypoint.sh /etc/regist ...   Up (healthy)            5000/tcp                 
registryctl         /harbor/start.sh                 Up (health: starting)                 

# docker info   ## 再看配置是否生效
    ...
Insecure Registries:
 10.40.6.165
 127.0.0.0/8
   ...

# docker push 10.40.6.165/library/nginx:v1
The push refers to repository [10.40.6.165/library/nginx]
ff7a247499ae: Preparing 
9974fca73fe1: Preparing 
d69483a6face: Preparing 
denied: requested access to the resource is denied
### 要向公开项目library 未登陆用户只能下载, push 镜像得先登陆用户
### 到管理平台创建用户,并赋权限到某个项目(项目--->library-->成员--->+用户)

# docker login 10.40.6.165   ## 登陆一个镜像仓库
Username: liuzhousheng
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# docker push 10.40.6.165/library/nginx:v1    
The push refers to repository [10.40.6.165/library/nginx]
ff7a247499ae: Pushed 
9974fca73fe1: Pushed 
d69483a6face: Pushed 
v1: digest: sha256:eb8e3d3901922952fb52d350a1a7c57394a81bf1d4e2fd4338c5dc9f80026c9c size: 953
###成功 push nginx:v1 镜像
### 再多推几个镜像
# docker tag tomcat:v1 10.40.6.165/library/tomcat:v1
# docker push 10.40.6.165/library/tomcat:v1
The push refers to repository [10.40.6.165/library/tomcat]
0920bccbc0aa: Pushed 
368bda959904: Pushed 
d69483a6face: Mounted from library/nginx 
v1: digest: sha256:03c8fe3c389bc36ab066d5e59d9d0c057df4844f5be3fa56ae2add321754b299 size: 952

# docker tag php:v1 10.40.6.165/library/php:v1
# docker push 10.40.6.165/library/php:v1
The push refers to repository [10.40.6.165/library/php]
e7d3d1d0a7bb: Pushed 
a29a1e5944d2: Pushed 
8a4de8d39ad9: Pushed 
5cacb70641e2: Pushed 
d69483a6face: Mounted from library/tomcat 
v1: digest: sha256:1f7093d0d36d82289ce4385429fb902cb0d4cc421bd4496442333a2615326115 size: 1370

创建一个私有项目project并给项目添加用户授权:项目---> +新建项目(不勾选“公开”)


07、企业级镜像仓库Harbor_第2张图片
创建project.png

往私有仓库推送镜像nginx:v2

# docker tag nginx:v2 10.40.6.165/project/nginx:v2
# docker push 10.40.6.165/project/nginx:v2
The push refers to repository [10.40.6.165/project/nginx]
c90325a75f68: Pushed 
ff7a247499ae: Mounted from library/nginx 
9974fca73fe1: Mounted from library/nginx 
d69483a6face: Mounted from library/php 
v2: digest: sha256:c2313027dc3ec3085fd0ebdb0b07d811d29561b63a72caa85dbb69c62086fd96 size: 1160

测试公共仓库与私有仓库下载镜像权限:

# docker logout http://10.40.6.165   ## 退出登录
Removing login credentials for 10.40.6.165

# docker pull 10.40.6.165/library/nginx:v1    ## 可以成功下载公共仓库library的nginx:v1镜像
v1: Pulling from library/nginx
Digest: sha256:eb8e3d3901922952fb52d350a1a7c57394a81bf1d4e2fd4338c5dc9f80026c9c
Status: Image is up to date for 10.40.6.165/library/nginx:v1

# docker pull 10.40.6.165/project/nginx:v2   ## 下载私有仓库project 的nginx:v2镜像
Error response from daemon: pull access denied for 10.40.6.165/project/nginx, repository does not exist or may require 'docker login'

###登录liuzhousheng用户去下载私有仓库project 的nginx:v2镜像,可以成功下载
# docker login 10.40.6.165
Username: liuzhousheng
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
# docker pull 10.40.6.165/project/nginx:v2     
v2: Pulling from project/nginx
Digest: sha256:c2313027dc3ec3085fd0ebdb0b07d811d29561b63a72caa85dbb69c62086fd96
Status: Image is up to date for 10.40.6.165/project/nginx:v2

REPOSITORY: 镜像仓库中心(中心地址,默认官方地址)
TAG: 标签
IMAGE ID: 镜像ID
CREATED :镜像创建时间
SIZE: 镜像大小

# docker image ls
REPOSITORY                      TAG                        IMAGE ID            CREATED             SIZE
10.40.6.165/library/tomcat      v2                         59592f04baa9        6 hours ago         501MB
10.40.6.165/project/tomcat      v2                         59592f04baa9        6 hours ago         501MB
tomcat                          v2                         59592f04baa9        6 hours ago         501MB
10.40.6.165/library/tomcat      v1                         e35360e86854        6 hours ago         426MB
tomcat                          v1                         e35360e86854        6 hours ago         426MB
10.40.6.165/library/php         v1                         1c2bb6668116        6 hours ago         521MB
php                             v1                         1c2bb6668116        6 hours ago         521MB
10.40.6.165/project/nginx       v2                         64f743ec5b18        7 hours ago         395MB
nginx                           v2                         64f743ec5b18        7 hours ago         395MB
10.40.6.165/library/nginx       v2                         64f743ec5b18        7 hours ago         395MB
10.40.6.165/library/nginx       v1                         db3cfa07d4a5        7 hours ago         395MB
nginx                           v1                         db3cfa07d4a5        7 hours ago         395MB
nginx                           nginx04                    8868f915bd47        28 hours ago        109MB
busybox                         latest                     64f5d945efcc        5 days ago          1.2MB
mysql                           5.7                        7faa3c53e6d6        7 days ago          373MB
centos                          7                          9f38484d220f        2 months ago        202MB
centos                          latest                     9f38484d220f        2 months ago        202MB

使用远程镜像仓库启一个容器:

# docker run -d 10.40.6.165/library/tomcat:v2
e805a8457b34132e652b0fd6e41308616d5708af87b7865be21c99ad96e3a50c
# docker ps -l
CONTAINER ID        IMAGE                           COMMAND             CREATED             STATUS              PORTS               NAMES
e805a8457b34        10.40.6.165/library/tomcat:v2   "catalina.sh run"   5 seconds ago       Up 4 seconds        8080/tcp            keen_shannon

启动:

# docker-compose start
# docker-compose up -d是不是初次启动?

停止

# docker-compose stop

你可能感兴趣的:(07、企业级镜像仓库Harbor)