博文目录
Registry和Harbor的区别
Docker Harbor的优点
Docker Harbor依赖的程序
一、搭建Harbor仓库
1、配置Docker Compose
2、配置Docker Harbor公开仓库
3、配置Docker客户端
4、配置Docker Harbor私有仓库
上一篇博文讲到了Registry私有仓库,今天配置一下Harbor仓库,Harbor呢可以作为公开仓库,也可以作为私有仓库,今天就来配置一下Harbor如何实现公开仓库和私有仓库。
关于Registry公开仓库请访问博文:部署Docker私有仓库Registry
Registry和Harbor的区别
Registry:是一个私有镜像仓库,图形化支持较差,小型企业使用;
- Harbor:支持可视化管理,支持私有仓库和公有仓库,支持镜像的管理控制;
Docker Harbor的优点
VMWare公司的开源镜像管理解决方案;
支持图形化管理;
方便访问和配置;
方便镜像访问控制;
支持镜像负责策略;
- 审计统计用户访问镜像使用情况;
Docker Harbor依赖的程序
Python;
安装Docker;
- Docker Compose;
一、搭建Harbor仓库
案例描述:
两台CentOS7.4,一台服务器端,一台客户端(测试使用);
- 两台服务器都要安装Docker服务,我这里Docker版本是19.03.9版本;
关于Docker容器的安装请访问:安装Docker.v19。03.9版本
1、配置Docker Compose
访问道云官网,找到安装Docker Compose,复制命令到Docker服务器端:道云
[root@centos01 ~]# curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.5/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
[root@centos01 ~]# chmod +x /usr/local/bin/docker-compose
[root@centos01 ~]# docker-compose -v
docker-compose version 1.25.5, build 8a1c60f62、配置Docker Harbor公开仓库
1)打开Github官网
打开Github官网搜索harbor,再点击goharbor/harbor,再点击“releases”,根据自己所需,下载相应的版本,上传至服务器(网址如下:https://github.com/goharbor/harbor/releases 也可下载在线安装的包,我没试过,可自行尝试),如下:
2)配置Harbor仓库
harbor-online-installer-v1.9.1.tgz
[root@centos01 ~]# tar zxvf harbor-online-installer-v1.9.1.tgz -C /usr/local/
[root@centos01 ~]# cd /usr/local/harbor/
[root@centos01 harbor]# cp harbor.yml harbor.yml.bak
[root@centos01 harbor]# vim harbor.yml
5 hostname: 192.168.100.10
8 http:
10 port: 80
27 harbor_admin_password: Harbor12345
[root@centos01 harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 19.03.9
Note: docker-compose version: 1.25.5
………………
Creating harbor-log ... done
Creating registryctl ... done
Creating redis ... done
Creating harbor-portal ... done
Creating registry ... done
Creating harbor-db ... done
Creating harbor-core ... done
Creating nginx ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://www.benet.com .
For more details, please visit https://github.com/goharbor/harbor .
[root@centos01 ~]# vim /usr/lib/systemd/system/docker.service
14 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.100.10:80
[root@centos01 harbor]# systemctl daemon-reload
[root@centos01 harbor]# systemctl restart docker
[root@centos01 harbor]# docker-compose stop
[root@centos01 harbor]# docker-compose start
[root@centos01 harbor]# netstat -anptu |grep 80
tcp6 0 0 :::80 :::* LISTEN 23473/docker-proxy3)安装完成浏览器访问Harbor仓库
4)创建一个公开仓库
5)确保image公开仓库已经创建成功
6)Docker服务器端登录Harbor仓库
[root@centos01 ~]# docker login -uadmin -pHarbor12345 192.168.100.10:80
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@centos01 ~]# docker tag tomcat:latest 192.168.100.10:80/image/nginx:nginx
[root@centos01 ~]# docker push 192.168.100.10:80/image/nginx:nginx
[root@centos01 ~]# docker logout 192.168.100.10:80
Removing login credentials for 192.168.100.10:807)Harbor查看镜像是否上传成功
3、配置Docker客户端
1)修改配置文件加载Docker Harbor服务器
[root@centos02 ~]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.100.10:80
[root@centos02 ~]# systemctl daemon-reload
[root@centos02 ~]# systemctl restart docker
[root@centos02 ~]# docker login -uadmin -pHarbor12345 192.168.100.10:80
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@centos02 ~]# docker pull 192.168.100.10:80/image/nginx:nginx
[root@centos02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.10:80/image/nginx nginx 1b6b1fe7261e 7 days ago 647MB4、创建Harbor私有仓库
1)创建私有仓库
2)创建一个用户
3)将刚创建的private用户添加到private私有仓库中
4)上传镜像到Harbor私有仓库
[root@centos01 ~]# docker tag tomcat:latest 192.168.100.10:80/private/tomcat:tomcat
[root@centos01 ~]# docker login -uprivate -pHarbor12345 192.168.100.10:80
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@centos01 ~]# docker push 192.168.100.10:80/private/tomcat:tomcat
5)Harbor查看镜像是否上传成功
6)Docker客户端下载私有仓库中的镜像
[root@centos02 ~]# docker login -uprivate -pHarbor12345 192.168.100.10:80
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@centos02 ~]# docker pull 192.168.100.10:80/private/tomcat:tomcat
[root@centos02 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.100.10:80/image/nginx nginx 1b6b1fe7261e 7 days ago 647MB
192.168.100.10:80/private/tomcat tomcat 1b6b1fe7261e 7 days ago 647MB7)Harbor支持日志统计功能
———————— 本文至此结束,感谢阅读 ————————