一、Harbor服务
Habor是由VMWare公司开源的容器镜像仓库。事实上,Habor是在Docker Registry上进行了相应的企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访问控制 ,AD/LDAP集成以及审计日志等,足以满足基本企业需求。
官方地址:https://vmware.github.io/harbor/cn/
二、服务安装
docker服务安装:
1、Linux服务器上可以直接下载1.5.0的离线安装包
https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.0.tgz
2、解压文件
tar -zxvf harbor-offline-installer-v1.5.0.tgz
3、修改配置文件
Harbor的配置文件为harbor.cfg。此次配置我使用http访问。
# cat harbor.cfg
_version = 1.5.0
hostname = [www.harbor2.com](http://www.harbor2.com) #需要写IP地址或者域名
ui_url_protocol = http
max_job_workers = 50
customize_crt = on
ssl_cert = /data/cert/server.crt #没有目录需要创建
ssl_cert_key = /data/cert/server.key #没有目录需要创建
secretkey_path = /data
admiral_url = NA
log_rotate_count = 50
log_rotate_size = 200M
http_proxy =
https_proxy =
no_proxy = 127.0.0.1,localhost,ui
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = [email protected]
email_password = abc
email_from = admin
email_ssl = false
email_insecure = false
harbor_admin_password = Harbor12345 #harbor登录密码
auth_mode = db_auth
ldap_url = ldaps://ldap.mydomain.com
ldap_basedn = ou=people,dc=mydomain,dc=com
ldap_uid = uid
ldap_scope = 2
ldap_timeout = 5
ldap_verify_cert = true
ldap_group_basedn = ou=group,dc=mydomain,dc=com
ldap_group_filter = objectclass=group
ldap_group_gid = cn
ldap_group_scope = 2
self_registration = on
token_expiration = 30
project_creation_restriction = everyone
db_host = mysql
db_password = root123
db_port = 3306
db_user = root
clair_db_host = postgres
clair_db_password = password
clair_db_port = 5432
clair_db_username = postgres
clair_db = postgres
uaa_endpoint = uaa.mydomain.org
uaa_clientid = id
uaa_clientsecret = secret
uaa_verify_cert = true
uaa_ca_cert = /path/to/ca.pem
registry_storage_provider_name = filesystem
registry_storage_provider_config =
4、执行脚本
# ./install.sh
三、访问Harbor web界面
启动完成后,可以直接访问安装harbor的IP地址。启动的是80端口。账号密码为:admin/Harbor12345(默认密码)
5、docker 镜像推送
1、创建仓库项目 (默认):
2、docker 打包镜像推送
我这里是写好得脚本,推送显示成功
6、docker 镜像拉取
1、docker 登录私有仓库
docker login {service.ip} 输入用户名与密码
2、拉取对应得镜像
harbor上面显示pull命令,运行即可拉取成功