1. harbor介绍
Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。
部署docker-ce && docker-compos (略)
部署harbor
1、在线安装包
wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-online-installer-v1.1.2.tgz
tar xvf harbor-online-installer-v1.1.2.tgz
2、离线安装包
wget https://github.com/vmware/harbor/releases/download/v1.1.2/harbor-offline-installer-v1.1.2.tgz
tar xvf harbor-offline-installer-v1.1.2.tgz
解压缩之后,目录下回生成harbor.conf文件
## Configuration file of Harbor
# hostname设置访问地址,可以使用ip、域名,不可以设置为127.0.0.1或localhost
hostname = docker.bksx.com
# 访问协议,默认是http,也可以设置https,如果设置https,则nginx ssl需要设置on
ui_url_protocol = http
# mysql数据库root用户默认密码root123,实际使用时修改下
db_password = root123
max_job_workers = 3
customize_crt = on
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key
secretkey_path = /data
admiral_url = NA
# 邮件设置,发送重置密码邮件时使用
email_identity =
email_server = smtp.mydomain.com
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false
# 启动Harbor后,管理员UI登录的密码,默认是Harbor12345
harbor_admin_password = 123@abc
# 认证方式,这里支持多种认证方式,如LADP、本次存储、数据库认证。默认是db_auth,mysql数据库认证
auth_mode = db_auth
# LDAP认证时配置项
#ldap_url = ldaps://ldap.mydomain.com
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
#ldap_search_pwd = password
#ldap_basedn = ou=people,dc=mydomain,dc=com
#ldap_filter = (objectClass=person)
#ldap_uid = uid
#ldap_scope = 3
#ldap_timeout = 5
# 是否开启自注册
self_registration = on
# Token有效时间,默认30分钟
token_expiration = 30
# 用户创建项目权限控制,默认是everyone(所有人),也可以设置为adminonly(只能管理员)
project_creation_restriction = everyone
verify_remote_cert = on
启动 Harbor
修改完配置文件后,当前目录执行./install.sh,Harbor服务就会根据当期目录下的docker-compose.yml开始下载依赖的镜像,检测并启动
[root@localhost harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 18.03.1
Note: docker-compose version: 1.18.0
Harbor依赖的镜像及启动服务
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
vmware/harbor-jobservice v1.1.2 ac332f9bd31c 10 days ago 162.9 MB
vmware/harbor-ui v1.1.2 803897be484a 10 days ago 182.9 MB
vmware/harbor-adminserver v1.1.2 360b214594e7 10 days ago 141.6 MB
vmware/harbor-db v1.1.2 6f71ee20fe0c 10 days ago 328.5 MB
vmware/registry 2.6.1-photon 0f6c96580032 4 weeks ago 150.3 MB
vmware/harbor-notary-db mariadb-10.1.10 64ed814665c6 10 weeks ago 324.1 MB
vmware/nginx 1.11.5-patched 8ddadb143133 10 weeks ago 199.2 MB
vmware/notary-photon signer-0.5.0 b1eda7d10640 11 weeks ago 155.7 MB
vmware/notary-photon server-0.5.0 6e2646682e3c 3 months ago 156.9 MB
vmware/harbor-log v1.1.2 9c46a7b5e517 4 months ago 192.4 MB
photon 1.0 e6e4e4a2ba1b 11 months ago 127.5 MB
# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver /harbor/harbor_adminserver Up
harbor-db docker-entrypoint.sh mysqld Up 3306/tcp
harbor-jobservice /harbor/harbor_jobservice Up
harbor-log /bin/sh -c crond && rm -f ... Up 127.0.0.1:1514->514/tcp
harbor-ui /harbor/harbor_ui Up
nginx nginx -g daemon off; Up 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
registry /entrypoint.sh serve /etc/ ... Up 5000/tcp
网友评论