企业级镜像私有仓库Harbor
Habor是由VMWare公司开源的容器镜像仓库。事实上,Habor是在Docker Registry上进行了相应的企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访问控制,AD/LDAP集成以及审计日志等,足以满足基本企业需求。官方网站
Harbor部署:
安装docker
# 设置hostname
[root@localhost ~]# hostnamectl set-hostname harbor.example.com
#安装依赖包
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 vim net-tools vim wget epel-release
#设置yum源
[root@localhost ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
#更新yum缓存
[root@localhost ~]# yum makecache fast
#安装docker-ce
[root@localhost ~]# yum -y install docker-ce
#启动docker后台服务
[root@localhost ~]# systemctl start docker
[root@localhost ~]# systemctl enable docker
#配置镜像加速
[root@localhost ~]# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl restart docker
安装docker-compose
[root@localhost ~]# curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
[root@localhost ~]# docker-compose --version
[root@localhost ~]# docker-compose version 1.23.1, build b02f1306
安装harbor
#下载安装包 自行选择要安装的包
[root@localhost ~]# wget https://storage.googleapis.com/harbor-releases/release-1.6.0/harbor-offline-installer-v1.6.2.tgz
[root@localhost ~]# wget https://storage.googleapis.com/harbor-releases/release-1.7.0/harbor-offline-installer-v1.7.6.tgz
[root@localhost ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.0.tgz
[root@localhost ~]# wget https://storage.googleapis.com/harbor-releases/release-1.9.0/harbor-offline-installer-v1.9.0.tgz
[root@localhost ~]# tar xf harbor-offline-installer-v1.6.2.tgz
[root@localhost ~]# cd harbor
#使用https访问harbor配置
#获得证书授权
[root@localhost harbor]# mkdir ssl && cd ssl
[root@localhost ssl]# openssl genrsa -out ca.key 4096
[root@localhost ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.example.com" -key ca.key -out ca.crt
#创建自己的私钥
[root@localhost ssl]# openssl genrsa -out harbor.example.com.key 4096
#生成证书签名请求
[root@localhost ssl]# openssl req -sha512 -new -subj "/C=TW/ST=Taipei/L=Taipei/O=example/OU=Personal/CN=harbor.example.com" -key harbor.example.com.key -out harbor.example.com.csr
#生成注册表主机证书
[root@localhost ssl]# vim v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.example.com
DNS.2=harbor.example
DNS.3=hostname
[root@localhost ssl]# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor.example.com.csr -out harbor.example.com.crt
#配置服务器证书和密钥
[root@localhost ssl]# mkdir /data/cert/
[root@localhost ssl]# cp harbor.example.com.crt /data/cert/
[root@localhost ssl]# cp harbor.example.com.key /data/cert/
#为docker配置证书密钥和CA
[root@localhost ssl]# mkdir -p /etc/docker/certs.d/harbor.example.com
[root@localhost ssl]# cp harbor.example.com.crt /etc/docker/certs.d/harbor.example.com/
[root@localhost ssl]# cp harbor.example.com.key /etc/docker/certs.d/harbor.example.com/
#配置harbor
[root@localhost harbor]# vim harbor.cfg
hostname = harbor.example.com
ui_url_protocol = https
ssl_cert = /data/cert/harbor.example.com.crt
ssl_cert_key = /data/cert/harbor.example.com.key
#生成harbor配置文件
[root@localhost harbor]# ./prepare
#开始安装
[root@localhost harbor]# ./install.sh
# 如果想换成公有证书,可以去阿里云申请免费的证书,然后下载nginx配置
[root@localhost harbor]# vim harbor.cfg
hostname = harbor.example.com
ui_url_protocol = https
ssl_cert = /data/cert/harbor.example.com.crt
ssl_cert_key = /data/cert/harbor.example.com.key
#生成harbor配置文件
[root@localhost harbor]# ./prepare
#开始安装
[root@localhost harbor]# ./install.sh
查看harbor状态
[root@reg harbor]# docker-compose ps
Name Command State Ports
-------------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/start.sh Up (healthy)
harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcp
harbor-ui /harbor/start.sh Up (healthy)
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis ... Up 6379/tcp
registry /entrypoint.sh /etc/regist ... Up (healthy) 5000/tcp
组件 功能
harbor-adminserver 配置管理中心
harbor-db Mysql数据库
harbor-jobservice 负责镜像复制
harbor-log 记录操作日志
harbor-ui Web管理页面和API
nginx 前端代理,负责前端页面和镜像上传/下载转发
redis 会话
registry 镜像存储
访问harbor https://harbor.example.com 注意:如果没有DNS服务器,需要自己本地设置hosts
User:admin
Pass:Harbor12345
新建项目
新建用户
项目中添加成员
docker登陆harbor仓库
[root@harbor harbor]# docker login harbor.example.com
Username: wangzhenghui
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
上传镜像
[root@localhost ~]# docker pull nginx
[root@harbor harbor]# docker tag nginx:latest harbor.example.com/devops/nginx:v1
[root@harbor harbor]# docker push harbor.example.com/devops/nginx:v1
The push refers to repository [harbor.example.com/devops/nginx]
ce3539cc1849: Pushed
16d1b1dd2a23: Pushed
2db44bce66cd: Pushed
v1: digest: sha256:55e7a6f2bb43e38cc34285af03b4973d61f523d26cd8a57e9d00cf4154792d20 size: 948
[root@harbor ~]# docker pull tomcat
[root@harbor ~]# docker tag tomcat:latest harbor.example.com/devops/tomcat:v1
[root@harbor ~]# docker push harbor.example.com/devops/tomcat:v1
查看仓库
Last updated
