Docker搭建私有仓库harbor(docker 镜像仓库搭建)
[*]Harbor介绍
Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker
Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。
官网地址:https://github.com/goharbor/harbor
Docker Harbor是一个企业级的Docker Registry服务,旨在提供安全、可靠的镜像存储和管明白决方案。以下是Docker
Harbor的一些关键特点:
[*]私有Registry:Docker Harbor允许用户搭建私有的Docker Registry,使得企业可以在自己的内部网络中安全地存储和管理Docker镜像。
[*]安全性:Docker Harbor提供了访问控制、用户和团队管理功能,以确保镜像的安全性。它支持用户身份验证、权限控制、安全扫描等功能,帮助用户掩护他们的容器镜像不受未经授权的访问。
[*]可扩展性:Docker Harbor支持集群部署,可以轻松地扩展以应对大规模的容器镜像存储需求。
[*]镜像复制和同步:Docker Harbor允许用户在差别的Registry之间复制和同步镜像,方便用户在多个部署环境之间共享和管理镜像。
[*]审计和日志记录:Docker Harbor提供审计和日志记录功能,记任命户对镜像的利用,以帮助用户跟踪镜像的变更历史。 总的来说,Docker Harbor是一个功能强盛的企业级Docker
Registry服务,为用户提供了安全、可靠的方式来管理和存储Docker镜像。
[*]所必要的安装包
链接:https://pan.baidu.com/s/1rN25l72i6W36ANAOqxcc_w 提取码:1021
[*]为harbor签发证书
# hostnamectl set-hostname harbor && /bin/bash
# mkdir /data/ssl -p
# cd /data/ssl/
#生成ca证书
#生成一个3072位的key,也就是私钥
# openssl genrsa -out ca.key 3072
Generating RSA private key, 3072 bit long modulus
...........++
.............++
e is 65537 (0x10001)
#生成一个数字证书ca.pem,3650表示证书的有效时间是3年,按箭头提示填写即可,没有箭头标注的为空:
# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :CH
State or Province Name (full name) []:BJ
Locality Name (eg, city) :BJ
Organization Name (eg, company) :BJ
Organizational Unit Name (eg, section) []:BJ
Common Name (eg, your name or your server's hostname) []:CHONG
Email Address []:123@163.com
#生成域名的证书
#生成一个3072位的key,也就是私钥
# openssl genrsa -out harbor.key3072
Generating RSA private key, 3072 bit long modulus
.++
..........................................................++
e is 65537 (0x10001)
#生成一个证书请求,一会签发证书时需要的,标箭头的按提示填写,没有箭头标注的为空:
# openssl req -new -key harbor.key -out harbor.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :CH
State or Province Name (full name) []:BJ
Locality Name (eg, city) :BJ
Organization Name (eg, company) :
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:harbor#主机名
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
#签发证书
# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
#显示如下说明证书发布完成
Signature ok
subject=/C=CH/ST=BJ/L=BJ/O=Default Company Ltd/CN=harbor
Getting CA Private Key
注:安装harbor必要docker,记得安装docker
[*]安装harbor
#创建harbor安装目录
# mkdir /data/install -p
# cd /data/install/
#上传harbor离线包到该目录:harbor-offline-installer-v2.3.0-rc3.tgz
#下载harbor离线包的地址:https://github.com/goharbor/harbor/releases/tag/
# ll
total 614492
-rw-r--r-- 1 root root 629238614 Apr 11 21:40 harbor-offline-installer-v2.3.0-rc3.tgz
#解压该安装包
# tar -xf harbor-offline-installer-v2.3.0-rc3.tgz
# ll
total 614492
drwxr-xr-x 2 root root 122 Apr 11 21:42 harbor
-rw-r--r-- 1 root root 629238614 Apr 11 21:40 harbor-offline-installer-v2.3.0-rc3.tgz
# cd harbor
# ll
total 617800
-rw-r--r-- 1 root root 3361 Jun 172021 common.sh
-rw-r--r-- 1 root root 632593607 Jun 172021 harbor.v2.3.0.tar.gz
-rw-r--r-- 1 root root 7840 Jun 172021 harbor.yml.tmpl
-rwxr-xr-x 1 root root 2500 Jun 172021 install.sh
-rw-r--r-- 1 root root 11347 Jun 172021 LICENSE
-rwxr-xr-x 1 root root 1881 Jun 172021 prepare
# cp harbor.yml.tmpl harbor.yml
#修改配置
# vim harbor.yml
只修改三种地方 一个是主机名 一个是key和pem得位置
https://i-blog.csdnimg.cn/direct/b633852315d543db84134aa5b3d18306.png
[*]安装docker-compose
上传docker-compose-Linux-x86_64文件到harbor机器
# ll
total 629776
-rw-r--r-- 1 root root 3361 Jun 172021 common.sh
-rw-r--r-- 1 root root12254160 Apr 11 22:44 docker-compose-Linux-x86_64.64
-rw-r--r-- 1 root root 632593607 Jun 172021 harbor.v2.3.0.tar.gz
-rw-r--r-- 1 root root 7826 Apr 11 22:41 harbor.yml
-rw-r--r-- 1 root root 7840 Jun 172021 harbor.yml.tmpl
-rwxr-xr-x 1 root root 2500 Jun 172021 install.sh
-rw-r--r-- 1 root root 11347 Jun 172021 LICENSE
-rwxr-xr-x 1 root root 1881 Jun 172021 prepare
You have new mail in /var/spool/mail/root
# mv docker-compose-Linux-x86_64.64 /usr/bin/docker-compose
# chmod +x /usr/bin/docker-compose
# /bin/bash
# docker-compose version
docker-compose version 1.26.2, build eefe0d31
docker-py version: 4.2.2
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.0l10 Sep 2019
#
[*]上传harbor所必要得镜像
docker-harbor-2-3-0.tar.gz
#解压镜像
# docker load -i docker-harbor-2-3-0.tar.gz
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.3.0 fa4ecf260b3a 2 years ago 80.7MB
goharbor/chartmuseum-photon v2.3.0 199be7eb1b5b 2 years ago 178MB
goharbor/redis-photon v2.3.0 3cc2c3e315a2 2 years ago 191MB
goharbor/trivy-adapter-photon v2.3.0 3c3dc5fc0529 2 years ago 164MB
goharbor/notary-server-photon v2.3.0 a8e3a26ef25a 2 years ago 105MB
goharbor/notary-signer-photon v2.3.0 e8776cc92436 2 years ago 102MB
goharbor/harbor-registryctl v2.3.0 4cf0d9bc3086 2 years ago 132MB
goharbor/registry-photon v2.3.0 222f05a9ab07 2 years ago 81MB
goharbor/nginx-photon v2.3.0 78f6ae7adc04 2 years ago 44MB
goharbor/harbor-log v2.3.0 9446a5b39706 2 years ago 194MB
goharbor/harbor-jobservice v2.3.0 bac328ac1a47 2 years ago 170MB
goharbor/harbor-core v2.3.0 7bbebce7798c 2 years ago 157MB
goharbor/harbor-portal v2.3.0 c4f22964cbf3 2 years ago 57.3MB
goharbor/harbor-db v2.3.0 fc74663d9e30 2 years ago 262MB
goharbor/prepare v2.3.0 a830321ca695 2 years ago 291MB
#安装harbor
# cd /data/install/harbor
# ./install.sh
看到以下内容 成名乐成
https://i-blog.csdnimg.cn/direct/d24256732ef1490dbfa512c18a1de72b.png
5. 安装乐成
默认用户名:admin
默认暗码:Harbor12345
https://i-blog.csdnimg.cn/direct/9630760fd844428e83742a79a6bfbde1.png
https://i-blog.csdnimg.cn/direct/2e97edd5d1f94d7ca7eee6dd4226afc3.png
6. 新建项目
https://i-blog.csdnimg.cn/direct/9f246240854d48e193cd1fd9e4ad63c3.png
https://i-blog.csdnimg.cn/direct/87ddbb170db547009bc201b8d66d4307.png
[*]其他docker机器配置该镜像仓库
#两台服务器配置本地hosts
vim /etc/hosts
192.168.40.180 test-server01
192.168.40.181 harbor
#修改180机器得daemon.json配置
# vim /etc/docker/daemon.json
{
"registry-mirrors":["https://vl2nkrv0.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com"],
"insecure-registries": ["192.168.40.181","harbor"]
}
#harbor机器得IP和主机名
#重启docker
# systemctl restart docker
[*]docker登录harbor进行测试
# docker login 192.168.40.181
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
#打包一个镜像上传到test项目
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
tomcat v1 422fe599256a 4 weeks ago 803MB
nginx v1 f436f09d9c6c 4 weeks ago 342MB
inter-image latest 5eb7b6cd9fb7 4 weeks ago 342MB
volume latest 4fd3ed843dab 2 years ago 231MB
centos latest 5d0da3dc9764 2 years ago 231MB
#
#以本机有的镜像tomcat为例进行打标签
# docker tag tomcat:v1192.168.40.181/test/tomcat:v1
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.40.181/test/tomcat v1 422fe599256a 4 weeks ago 803MB
tomcat v1 422fe599256a 4 weeks ago 803MB
nginx v1 f436f09d9c6c 4 weeks ago 342MB
inter-image latest 5eb7b6cd9fb7 4 weeks ago 342MB
centos latest 5d0da3dc9764 2 years ago 231MB
volume latest 4fd3ed843dab 2 years ago 231MB
#上传打上标签得镜像
#docker push 192.168.40.181/test/tomcat:v1
The push refers to repository
baa34f4b2d36: Pushed
9098e168cf25: Pushed
8e1cd85f5863: Pushed
70e115906be4: Pushed
6900d18cbe12: Pushed
49461804abc1: Pushed
2e412669ee56: Pushed
74ddd0ec08fa: Pushed
v1: digest: sha256:99c83711e386c7de760bc2c549b231995928bcb37b0d27b7d6478b6c332a5200 size: 1999
#成功上传到镜像仓库
[*]harbor web页面检察
已经有这个tomcat包https://i-blog.csdnimg.cn/direct/8218d6616704440cb82e04567c99d265.png
[*]测试从harbor下载镜像
#删除本地镜像
# docker images |grep test/tomcat
192.168.40.181/test/tomcat v1 422fe599256a 4 weeks ago 803MB
# docker rmi 192.168.40.181/test/tomcat:v1
Untagged: 192.168.40.181/test/tomcat:v1
Untagged: 192.168.40.181/test/tomcat@sha256:99c83711e386c7de760bc2c549b231995928bcb37b0d27b7d6478b6c332a5200
# docker images |grep test/tomcat
#下载镜像
# docker pull 192.168.40.181/test/tomcat:v1
v1: Pulling from test/tomcat
Digest: sha256:99c83711e386c7de760bc2c549b231995928bcb37b0d27b7d6478b6c332a5200
Status: Downloaded newer image for 192.168.40.181/test/tomcat:v1
192.168.40.181/test/tomcat:v1
You have new mail in /var/spool/mail/root
# docker images |grep test/tomcat
192.168.40.181/test/tomcat v1 422fe599256a 4 weeks ago 803MB
页面可以看到下载次数已经是1了https://i-blog.csdnimg.cn/direct/c1fbcd60ef434613aa151d0750c3270e.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]