docker+docker-compose搭建远程私有镜像仓库Harbor

文章目录

一、安装docker-compose 工具

github地址:https://github.com/docker/compose/releases/tag/1.25.3

在linux终端执行如下命令:

curl -L https://github.com/docker/compose/releases/download/1.25.3/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

安装成功后,检验docker-compose版本:

docker-compose -v

二、安装Harbor

1. 从github上获取要安装的Harbor版本

https://github.com/goharbor/harbor/releases

可以直接使用wget 工具拉取 1.7.0的线下版本的。

 wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.4.tgz

docker+docker-compose搭建远程私有镜像仓库Harbor
下载完成后,在本目录就能看到安装包:
docker+docker-compose搭建远程私有镜像仓库Harbor
解压安装包:

tar zxf harbor-offline-installer-v1.7.4.tgz 

解压成功后,我们只需要在配置文件中harbor.cfg 中修改hostname即可,修改成本机的ip地址。

docker+docker-compose搭建远程私有镜像仓库Harbor
切换至 Harbor目录,执行 ./install.sh命令
docker+docker-compose搭建远程私有镜像仓库Harbor

2. 编辑docker的主配置文件docker.service文件

centos查看docker的主配置文件的默认路径:

cat /usr/lib/systemd/system/docker.service

ubuntu 查看docker的主配置文件的默认路径:

cat /lib/systemd/system/docker.service

vim docker.service在 ExecStart 后面添加--insecure-registry 116.62.146.90

ExecStart=/usr/bin/dockerd -H fd://  --containerd=/run/containerd/containerd.sock --insrcure-registry 116.62.146.90

docker+docker-compose搭建远程私有镜像仓库Harbor

重新加载配置后,重启docker:

~# systemctl daemon-reload
~# service docker restart

docker+docker-compose搭建远程私有镜像仓库Harbor
启动成功后,切换到Harbor的安装目录,执行命令, 使用docker-compose 启动Harbor:

 docker-compose start

docker+docker-compose搭建远程私有镜像仓库Harbor
完整启动后,应包有以下镜像:
docker+docker-compose搭建远程私有镜像仓库Harbor

启动成功后,访问ip地址即可!
docker+docker-compose搭建远程私有镜像仓库Harbor
停止命令, 在Harbor的安装目录执行:

docker-compose stop

docker+docker-compose搭建远程私有镜像仓库Harbor

3. docker-compose.yml

  安装好Harbor后,可以发现根目录下的docker-compose.yml,里面配置了 搭建Harbor需要的所有工具, 主要包含如下模块和工具: nginx、harbor-jobservice、 harbor-portal、harbor-core、registry、registryctl、redis、 harbor-db、 harbor-log。

version: '2'
services:
  log:
    image: goharbor/harbor-log:v1.7.4
    container_name: harbor-log
    restart: always
    dns_search: .
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - DAC_OVERRIDE
      - SETGID
      - SETUID
    volumes:
      - /var/log/harbor/:/var/log/docker/:z
      - ./common/config/log/:/etc/logrotate.d/:z
    ports:
      - 127.0.0.1:1514:10514
    networks:
      - harbor
  registry:
    image: goharbor/registry-photon:v2.6.2-v1.7.4
    container_name: registry
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
      - ./common/config/custom-ca-bundle.crt:/harbor_cust_cert/custom-ca-bundle.crt:z
    networks:
      - harbor
    dns_search: .
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "registry"
  registryctl:
    image: goharbor/harbor-registryctl:v1.7.4
    container_name: registryctl
    env_file:
      - ./common/config/registryctl/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
      - ./common/config/registryctl/config.yml:/etc/registryctl/config.yml:z
    networks:
      - harbor
    dns_search: .
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "registryctl"
  postgresql:
    image: goharbor/harbor-db:v1.7.4
    container_name: harbor-db
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - DAC_OVERRIDE
      - SETGID
      - SETUID
    volumes:
      - /data/database:/var/lib/postgresql/data:z
    networks:
      - harbor
    dns_search: .
    env_file:
      - ./common/config/db/env
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "postgresql"
  adminserver:
    image: goharbor/harbor-adminserver:v1.7.4
    container_name: harbor-adminserver
    env_file:
      - ./common/config/adminserver/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/config/:/etc/adminserver/config/:z
      - /data/secretkey:/etc/adminserver/key:z
      - /data/:/data/:z
    networks:
      - harbor
    dns_search: .
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "adminserver"
  core:
    image: goharbor/harbor-core:v1.7.4
    container_name: harbor-core
    env_file:
      - ./common/config/core/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
    volumes:
      - ./common/config/core/app.conf:/etc/core/app.conf:z
      - ./common/config/core/private_key.pem:/etc/core/private_key.pem:z
      - ./common/config/core/certificates/:/etc/core/certificates/:z
      - /data/secretkey:/etc/core/key:z
      - /data/ca_download/:/etc/core/ca/:z
      - /data/psc/:/etc/core/token/:z
      - /data/:/data/:z
    networks:
      - harbor
    dns_search: .
    depends_on:
      - log
      - adminserver
      - registry
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "core"
  portal:
    image: goharbor/harbor-portal:v1.7.4
    container_name: harbor-portal
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - NET_BIND_SERVICE
    networks:
      - harbor
    dns_search: .
    depends_on:
      - log
      - core
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "portal"

  jobservice:
    image: goharbor/harbor-jobservice:v1.7.4
    container_name: harbor-jobservice
    env_file:
      - ./common/config/jobservice/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/job_logs:/var/log/jobs:z
      - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
    networks:
      - harbor
    dns_search: .
    depends_on:
      - redis
      - core
      - adminserver
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "jobservice"
  redis:
    image: goharbor/redis-photon:v1.7.4
    container_name: redis
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/redis:/var/lib/redis
    networks:
      - harbor
    dns_search: .
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "redis"
  proxy:
    image: goharbor/nginx-photon:v1.7.4
    container_name: nginx
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - NET_BIND_SERVICE
    volumes:
      - ./common/config/nginx:/etc/nginx:z
    networks:
      - harbor
    dns_search: .
    ports:
      - 80:80
      - 443:443
      - 4443:4443
    depends_on:
      - postgresql
      - registry
      - core
      - portal
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://127.0.0.1:1514"
        tag: "proxy"
networks:
  harbor:
    external: false

三、使用Harbor仓库管理镜像

1. 配置私有仓库

   安装好Harbor后,我们接下来就可以配置Harbor镜像仓库
docker+docker-compose搭建远程私有镜像仓库Harbor

2. 访问搭好的私有仓库

  有可能在登录的时候出现警告提示,登录不上的问题:WARNING! Using --password via the CLI is insecure. Use --password-stdin.
因为docker registry 默认的交互式 Https协议的,解决方法只需要在docker.service主配置文件中添加一行命令--insecure-registry 116.62.146.90
注: --in一定要在 --containerd 后面添加。

ExecStart=/usr/bin/dockerd -H fd://  --containerd=/run/containerd/containerd.sock --insecure-registry 116.62.146.90

登录远程仓库:

docker login -u admin -p Harbor12345 116.62.146.90

docker+docker-compose搭建远程私有镜像仓库Harbor

上一篇:Harbor镜像仓库的安装及使用


下一篇:利用 Harbor 搭建企业级私有镜像仓库