再探docker私有仓库,harbor!
harbor的优点
- 基于角色控制
- 基于镜像的复制策略
- 图形UI
- 审计
- RESTful API
- 图像删除和垃圾收集
- 支持LDAP/AD
harbor核心组件
- proxy:通过一个前置的反向代理统一接受浏览器、Docker客户端的请求,并将请求转发给后端不同的服务
- Core services:Harbor的核心功能,包括UI、webhook、token服务
webhook:是一种反向API机制,类似于触发器
token:令牌,提供身份验证服务 - Database:为core services提供数据库服务
- Log collector:负责收集其他组件的log,供日后进行分析
- Registry:复制储存Docker镜像,并处理docker push/pull命令
部署harbor
- 安装harbor
[root@server ~]# tar zxf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
[root@server ~]# chmod +x docker-compose
[root@server ~]# cp docker-compose /usr/local/bin/
- 配置harbor参数并查看容器
5 hostname = 192.168.1.101
56 ##The initial password of Harbor admin, only works for the first time when Harbor starts.
57 #It has no effect after the first launch of Harbor.
58 #Change the admin password from UI after launching Harbor.
59 harbor_admin_password = Harbor12345 //定义了admin的密码
[root@server harbor]# docker ps -a //发现多了几个容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7b1102deb62 vmware/nginx-photon:1.11.13 "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:4443->4443/tcp, :::4443->4443/tcp nginx
d0230fb3c0a8 vmware/harbor-jobservice:v1.2.2 "/harbor/harbor_jobs…" 3 minutes ago Up 3 minutes harbor-jobservice
800c9b6f3a80 vmware/harbor-ui:v1.2.2 "/harbor/harbor_ui" 3 minutes ago Up 3 minutes harbor-ui
13a3120c01d1 vmware/harbor-db:v1.2.2 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes 3306/tcp harbor-db
d1bf45eda762 vmware/harbor-adminserver:v1.2.2 "/harbor/harbor_admi…" 3 minutes ago Up 3 minutes harbor-adminserver
ee0e3861fae3 vmware/registry:2.6.2-photon "/entrypoint.sh serv…" 3 minutes ago Up 3 minutes 5000/tcp registry
cbb9935e86b1 vmware/harbor-log:v1.2.2 "/bin/sh -c 'crond &…" 3 minutes ago Up 3 minutes 127.0.0.1:1514->514/tcp harbor-log
358d4ade35b1 centos:stress "/bin/bash" 3 hours ago Exited (0) 3 hours ago eager_keller
2a3bf404a512 centos:stress "/bin/bash" 3 hours ago Exited (0) 3 hours ago mystifying_lovelace
[root@server harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp,:::443->443/tcp, 0.0.0.0:4443->4443/tcp,:::4443->4443/tcp,
0.0.0.0:80->80/tcp,:::80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
harbor中的七个容器:
-
harbor-adminserver
-
harbor-db
-
harbor-jobservice
-
harbor-log
-
harbor-ui
-
nginx
-
registry
-
用web端登入到harbor
-
创建项目
-
用命令行登录到Harbor
[root@server docker]# docker tag cirros:latest 127.0.0.1/myproject/cirros:v1
[root@server docker]# docker login -u admin -p Harbor12345 http://127.0.0.1
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
- 推送镜像
[root@server docker]# docker push 127.0.0.1/myproject/cirros:v1
The push refers to repository [127.0.0.1/myproject/cirros]
984ad441ec3d: Pushed
f0a496d92efa: Pushed
e52d19c3bee2: Pushed
v1: digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22 size: 943
- 查看日志
- 想要使用不是本地的ip地址推送镜像,需要修改
[root@server docker]# vim daemon.json
{
"insecure-registries": ["192.168.1.101:5000"], //删除这一行
"registry-mirrors": ["https://cn90fxk6.mirror.aliyuncs.com"]
}
[root@server system]# cd /usr/lib/systemd/system
[root@server system]# vim docker.service
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.1.101 --containerd=/run/containerd/containerd.sock //加上--insecure-registry 192.168.1.101
[root@server system]# docker login -u admin -p Harbor12345 http://192.168.1.101 //成功登入
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
- 将tag打成192.168.1.101再推送
[root@server system]# docker tag nginx:v4 192.168.1.101/myproject/nginx:c1
[root@server system]# docker push 192.168.1.101/myproject/nginx:c1
The push refers to repository [192.168.1.101/myproject/nginx]
04f0c5f56b6b: Pushed
174f56854903: Pushed
c1: digest: sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065 size: 739
- 如何下载镜像
[root@server system]# docker rmi 192.168.1.101/myproject/nginx:c1
Untagged: 192.168.1.101/myproject/nginx:c1
Untagged: 192.168.1.101/myproject/nginx@sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065
[root@server system]# docker pull 192.168.1.101/myproject/nginx:c1
c1: Pulling from myproject/nginx
Digest: sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065
Status: Downloaded newer image for 192.168.1.101/myproject/nginx:c1
192.168.1.101/myproject/nginx:c1
[root@server system]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
compose_nginx_nginx latest 92bee763c9dd 3 hours ago 310MB
centos stress 9fc6d16d05f3 5 hours ago 520MB
192.168.1.101/myproject/nginx c1 64868a58d31b 4 days ago 205MB