再探docker私有仓库,harbor!

再探docker私有仓库,harbor!

harbor的优点

  • 基于角色控制
  • 基于镜像的复制策略
  • 图形UI
  • 审计
  • RESTful API
  • 图像删除和垃圾收集
  • 支持LDAP/AD

harbor核心组件

再探docker私有仓库,harbor!

  • proxy:通过一个前置的反向代理统一接受浏览器、Docker客户端的请求,并将请求转发给后端不同的服务
  • Core services:Harbor的核心功能,包括UI、webhook、token服务
    webhook:是一种反向API机制,类似于触发器
    token:令牌,提供身份验证服务
  • Database:为core services提供数据库服务
  • Log collector:负责收集其他组件的log,供日后进行分析
  • Registry:复制储存Docker镜像,并处理docker push/pull命令

部署harbor

  • 安装harbor
[root@server ~]# tar zxf harbor-offline-installer-v1.2.2.tgz -C /usr/local/
[root@server ~]#  chmod +x docker-compose 
[root@server ~]# cp docker-compose /usr/local/bin/

  • 配置harbor参数并查看容器
  5 hostname = 192.168.1.101
 56 ##The initial password of Harbor admin, only works for the first time when Harbor starts. 
 57 #It has no effect after the first launch of Harbor.
 58 #Change the admin password from UI after launching Harbor.
 59 harbor_admin_password = Harbor12345		//定义了admin的密码
[root@server harbor]# docker ps -a		//发现多了几个容器
CONTAINER ID   IMAGE                              COMMAND                  CREATED         STATUS                   PORTS                                                                                                                 NAMES
e7b1102deb62   vmware/nginx-photon:1.11.13        "nginx -g 'daemon of…"   3 minutes ago   Up 3 minutes             0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:4443->4443/tcp, :::4443->4443/tcp   nginx
d0230fb3c0a8   vmware/harbor-jobservice:v1.2.2    "/harbor/harbor_jobs…"   3 minutes ago   Up 3 minutes                                                                                                                                   harbor-jobservice
800c9b6f3a80   vmware/harbor-ui:v1.2.2            "/harbor/harbor_ui"      3 minutes ago   Up 3 minutes                                                                                                                                   harbor-ui
13a3120c01d1   vmware/harbor-db:v1.2.2            "docker-entrypoint.s…"   3 minutes ago   Up 3 minutes             3306/tcp                                                                                                              harbor-db
d1bf45eda762   vmware/harbor-adminserver:v1.2.2   "/harbor/harbor_admi…"   3 minutes ago   Up 3 minutes                                                                                                                                   harbor-adminserver
ee0e3861fae3   vmware/registry:2.6.2-photon       "/entrypoint.sh serv…"   3 minutes ago   Up 3 minutes             5000/tcp                                                                                                              registry
cbb9935e86b1   vmware/harbor-log:v1.2.2           "/bin/sh -c 'crond &…"   3 minutes ago   Up 3 minutes             127.0.0.1:1514->514/tcp                                                                                               harbor-log
358d4ade35b1   centos:stress                      "/bin/bash"              3 hours ago     Exited (0) 3 hours ago                                                                                                                         eager_keller
2a3bf404a512   centos:stress                      "/bin/bash"              3 hours ago     Exited (0) 3 hours ago                                                                                                                         mystifying_lovelace
[root@server harbor]# docker-compose ps
       Name                     Command               State                                                  Ports                                                
------------------------------------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/harbor_adminserver       Up                                                                                                          
harbor-db            docker-entrypoint.sh mysqld      Up      3306/tcp                                                                                            
harbor-jobservice    /harbor/harbor_jobservice        Up                                                                                                          
harbor-log           /bin/sh -c crond && rm -f  ...   Up      127.0.0.1:1514->514/tcp                                                                             
harbor-ui            /harbor/harbor_ui                Up                                                                                                          
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp,:::443->443/tcp, 0.0.0.0:4443->4443/tcp,:::4443->4443/tcp,                     
                                                              0.0.0.0:80->80/tcp,:::80->80/tcp                                                                    
registry             /entrypoint.sh serve /etc/ ...   Up      5000/tcp                                                

harbor中的七个容器:

  • harbor-adminserver

  • harbor-db

  • harbor-jobservice

  • harbor-log

  • harbor-ui

  • nginx

  • registry

  • 用web端登入到harbor
    再探docker私有仓库,harbor!
    再探docker私有仓库,harbor!

  • 创建项目
    再探docker私有仓库,harbor!

  • 用命令行登录到Harbor

[root@server docker]# docker tag cirros:latest 127.0.0.1/myproject/cirros:v1
[root@server docker]# docker login -u admin -p Harbor12345 http://127.0.0.1
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

  • 推送镜像
[root@server docker]# docker push 127.0.0.1/myproject/cirros:v1 
The push refers to repository [127.0.0.1/myproject/cirros]
984ad441ec3d: Pushed 
f0a496d92efa: Pushed 
e52d19c3bee2: Pushed 
v1: digest: sha256:483f15ac97d03dc3d4dcf79cf71ded2e099cf76c340f3fdd0b3670a40a198a22 size: 943

再探docker私有仓库,harbor!

  • 查看日志
    再探docker私有仓库,harbor!
  • 想要使用不是本地的ip地址推送镜像,需要修改
[root@server docker]# vim daemon.json 

{
  "insecure-registries": ["192.168.1.101:5000"],	//删除这一行
  "registry-mirrors": ["https://cn90fxk6.mirror.aliyuncs.com"]
}
[root@server system]# cd /usr/lib/systemd/system
[root@server system]# vim docker.service 
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.1.101 --containerd=/run/containerd/containerd.sock	//加上--insecure-registry 192.168.1.101
[root@server system]# docker login -u admin -p Harbor12345 http://192.168.1.101		//成功登入
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
		
  • 将tag打成192.168.1.101再推送
[root@server system]# docker tag nginx:v4 192.168.1.101/myproject/nginx:c1
[root@server system]# docker push 192.168.1.101/myproject/nginx:c1 
The push refers to repository [192.168.1.101/myproject/nginx]
04f0c5f56b6b: Pushed 
174f56854903: Pushed 
c1: digest: sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065 size: 739

再探docker私有仓库,harbor!

  • 如何下载镜像
[root@server system]# docker rmi 192.168.1.101/myproject/nginx:c1 
Untagged: 192.168.1.101/myproject/nginx:c1
Untagged: 192.168.1.101/myproject/nginx@sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065
[root@server system]# docker pull 192.168.1.101/myproject/nginx:c1
c1: Pulling from myproject/nginx
Digest: sha256:68c8b78dbf84ab2713cffda3a423e03e9202faa830af8ebbeca6e0f8c9eda065
Status: Downloaded newer image for 192.168.1.101/myproject/nginx:c1
192.168.1.101/myproject/nginx:c1
[root@server system]# docker images
REPOSITORY                      TAG               IMAGE ID       CREATED         SIZE
compose_nginx_nginx             latest            92bee763c9dd   3 hours ago     310MB
centos                          stress            9fc6d16d05f3   5 hours ago     520MB
192.168.1.101/myproject/nginx   c1                64868a58d31b   4 days ago      205MB

再探docker私有仓库,harbor!

上一篇:k8s节点更换harbor镜像仓库地址操作


下一篇:k8s harbor搭建过程