美文网首页容器云平台
容器云平台No.5~企业级私有镜像仓库Harbor V2.02

容器云平台No.5~企业级私有镜像仓库Harbor V2.02

作者: 空壳先生 | 来源:发表于2020-09-22 12:01 被阅读0次

    镜像仓库

    仓库,顾名思义,就是存放东西的地方,Docker仓库,理所当然,就是存放docker镜像的地方了。
    Docker仓库分公有仓库和私有仓库。共有仓库有hub.docker.com、gcr.io、k8s.gcr.io等,一般常用开源应用程序的官方镜像都存放于共有仓库,但是鉴于这些仓库都在国外,下载速度比较慢。尤其k8s相关的镜像。
    私有仓库一般是公司内部自行搭建,用于存放内部构建的docker镜像,部署服务时从私有仓库下载,分发速度快。

    Docker 官方提供了一个搭建私有仓库的镜像 registry ,只需把镜像下载下来,运行容器并暴露5000端口,就可以使用了。这里不做详细介绍。

    harbor

    一个用于存储docker镜像的企业级Registry服务。相比较于原生的Regisrty来说,它具有很多的优势。

    • 提供分层传输机制,优化网络传输
    • 提供WEB界面,优化用户体验
    • 支持水平扩展集群
    • 良好的安全机制
    • Harbor提供了基于角色的访问控制机制,并通过项目来对镜像进行组织和访问权限的控制

    harbor架构图

    image.png

    安装harbor

    PS:因为镜像仓库属于基础服务,建议使用单独的服务器部署。

    1、下载离线安装包

    # wget https://github.com/goharbor/harbor/releases/download/v2.0.2/harbor-offline-installer-v2.0.2.tgz
    

    2、解压并根据需求自行修改harbor.yml配置文件,这里直接是用默认

    # tar -zxf harbor-offline-installer-v2.0.2.tgz
    # cd harbor/
    # mv  harbor.yml.tmpl harbor.yml
    

    3、执行安装命令
    这里使用默认安装,感兴趣的可以安装更多Notary, Clair, or Chart Repository Service等服务。使用./install.sh --with-notary --with-clair --with-chartmuseum

    ./install.sh
    Note: docker version: 19.03.12
    [Step 1]: checking docker-compose is installed ...
    Note: docker-compose version: 1.26.2
    [Step 2]: loading Harbor images ...
    Loaded image: goharbor/prepare:v2.0.2
    Loaded image: goharbor/harbor-jobservice:v2.0.2
    Loaded image: goharbor/harbor-registryctl:v2.0.2
    Loaded image: goharbor/registry-photon:v2.0.2
    Loaded image: goharbor/harbor-core:v2.0.2
    Loaded image: goharbor/notary-signer-photon:v2.0.2
    Loaded image: goharbor/clair-photon:v2.0.2
    Loaded image: goharbor/trivy-adapter-photon:v2.0.2
    Loaded image: goharbor/harbor-log:v2.0.2
    Loaded image: goharbor/nginx-photon:v2.0.2
    Loaded image: goharbor/clair-adapter-photon:v2.0.2
    Loaded image: goharbor/chartmuseum-photon:v2.0.2
    Loaded image: goharbor/harbor-portal:v2.0.2
    Loaded image: goharbor/harbor-db:v2.0.2
    Loaded image: goharbor/redis-photon:v2.0.2
    Loaded image: goharbor/notary-server-photon:v2.0.2
    [Step 3]: preparing environment ...
    [Step 4]: preparing harbor configs ...
    prepare base dir is set to /opt/harbor
    WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
    Generated configuration file: /config/log/logrotate.conf
    Generated configuration file: /config/log/rsyslog_docker.conf
    Generated configuration file: /config/nginx/nginx.conf
    Generated configuration file: /config/core/env
    Generated configuration file: /config/core/app.conf
    Generated configuration file: /config/registry/config.yml
    Generated configuration file: /config/registryctl/env
    Generated configuration file: /config/registryctl/config.yml
    Generated configuration file: /config/db/env
    Generated configuration file: /config/jobservice/env
    Generated configuration file: /config/jobservice/config.yml
    Generated and saved secret to file: /data/secret/keys/secretkey
    Successfully called func: create_root_cert
    Generated configuration file: /compose_location/docker-compose.yml
    Clean up the input dir
    [Step 5]: starting Harbor ...
    Creating network "harbor_harbor" with the default driver
    Creating harbor-log ... done
    Creating harbor-portal ... done
    Creating registry      ... done
    Creating registryctl   ... done
    Creating redis         ... done
    Creating harbor-db     ... done
    Creating harbor-core   ... done
    Creating harbor-jobservice ... done
    Creating nginx             ... done
     ----Harbor has been installed and started successfully.----
    

    查看下运行了哪些服务?

    docker ps 
    CONTAINER ID        IMAGE                                COMMAND                  CREATED             STATUS                   PORTS                       NAMES
    8d746c430f3e        goharbor/harbor-jobservice:v2.0.2    "/harbor/entrypoint."   4 minutes ago       Up 4 minutes (healthy)                               harbor-jobservice
    388f24831ec9        goharbor/nginx-photon:v2.0.2         "nginx -g 'daemon of"   4 minutes ago       Up 4 minutes (healthy)   0.0.0.0:80->8080/tcp        nginx
    15bc12fd3826        goharbor/harbor-core:v2.0.2          "/harbor/entrypoint."   4 minutes ago       Up 4 minutes (healthy)                               harbor-core
    bb48e39130e5        goharbor/harbor-db:v2.0.2            "/docker-entrypoint."   4 minutes ago       Up 4 minutes (healthy)   5432/tcp                    harbor-db
    1bcd0ffcae82        goharbor/harbor-registryctl:v2.0.2   "/home/harbor/start."   4 minutes ago       Up 4 minutes (healthy)                               registryctl
    8ef9f3d3a668        goharbor/redis-photon:v2.0.2         "redis-server /etc/r"   4 minutes ago       Up 4 minutes (healthy)   6379/tcp                    redis
    e05d4d845f3f        goharbor/harbor-portal:v2.0.2        "nginx -g 'daemon of"   4 minutes ago       Up 4 minutes (healthy)   8080/tcp                    harbor-portal
    c5fcd2369931        goharbor/registry-photon:v2.0.2      "/home/harbor/entryp"   4 minutes ago       Up 4 minutes (healthy)   5000/tcp                    registry
    61e69b171b33        goharbor/harbor-log:v2.0.2           "/bin/sh -c /usr/loc"   4 minutes ago       Up 4 minutes (healthy)   127.0.0.1:1514->10514/tcp   harbor-log
    

    从输出信息可以看出,安装不服务组件还是挺多的,可以参考架构图。
    至此,harbor安装好了,现在来测试下往这个仓库上传镜像、从这个私有仓库下载镜像

    上传镜像

    首先登陆私有仓库

    docker login 10.26.27.106
    Username: admin
    Password: 
    Error response from daemon: Get https://10.26.27.106/v2/: dial tcp 10.26.27.106:443: connect: connection refused
    
    image.png

    发现,登陆失败,因为这里仓库没有配置https,docker默认只允许登陆https的服务,http认为是不安全的。
    现在我们来修改docker的配置,允许docker登陆不安全的仓库
    vim /etc/docker/daemon.json,添加"insecure-registries":["10.26.27.106"]

    {
      "registry-mirrors": ["https://ci7pm4nx.mirror.aliyuncs.com","https://registry.docker-cn.com","http://hub-mirror.c.163.com"],
      "insecure-registries":["10.26.27.106"]
    }
    

    再次登陆

    # systemctl restart docker
    # docker login http://10.26.27.106
    Username: admin
    Password: 
    WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
    Configure a credential helper to remove this warning. See
    https://docs.docker.com/engine/reference/commandline/login/#credentials-store
    
    Login Succeeded
    

    现在看到,已经登陆成功了,让我们从公有仓库下载一个镜像,然后传到私有仓库中

    docker pull busybox
    Using default tag: latest
    latest: Pulling from library/busybox
    df8698476c65: Pull complete 
    Digest: sha256:d366a4665ab44f0648d7a00ae3fae139d55e32f9712c67accd604bb55df9d05a
    Status: Downloaded newer image for busybox:latest
    docker.io/library/busybox:latest
    

    使用tag个给刚才下载的busybox镜像打标签,改为10.26.27.106/library/busybox:latest

    # docker tag busybox:latest 10.26.27.106/library/busybox:latest
    # docker push 10.26.27.106/library/busybox:latest
    The push refers to repository [10.26.27.106/library/busybox]
    be8b8b42328a: Pushed 
    latest: digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002 size: 527
    

    可以看到,已经上传成功。

    下载镜像

    首先我们删除所以的busybox镜像

    docker images|grep busybox
    10.26.27.106/libary/busybox                         latest              6858809bf669        4 days ago          1.23MB
    10.26.27.106/library/busybox                        latest              6858809bf669        4 days ago          1.23MB
    busybox                                             latest              6858809bf669        4 days ago          1.23MB
    
    docker rmi busybox 10.26.27.106/library/busybox     10.26.27.106/libary/busybox
    Untagged: busybox:latest
    Untagged: busybox@sha256:d366a4665ab44f0648d7a00ae3fae139d55e32f9712c67accd604bb55df9d05a
    Untagged: 10.26.27.106/library/busybox:latest
    Untagged: 10.26.27.106/library/busybox@sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002
    Untagged: 10.26.27.106/libary/busybox:latest
    Deleted: sha256:6858809bf669cc5da7cb6af83d0fae838284d12e1be0182f92f6bd96559873e3
    Deleted: sha256:be8b8b42328a15af9dd6af4cba85821aad30adde28d249d1ea03c74690530d1c
    

    下载镜像

    docker pull 10.26.27.106/library/busybox
    Using default tag: latest
    latest: Pulling from library/busybox
    df8698476c65: Pull complete 
    Digest: sha256:2ca5e69e244d2da7368f7088ea3ad0653c3ce7aaccd0b8823d11b0d5de956002
    Status: Downloaded newer image for 10.26.27.106/library/busybox:latest
    10.26.27.106/library/busybox:latest
    

    可以看到,下载成功,收工¥#@¥#@¥@


    image.png

    注:文中图片来源于网络,如有侵权,请联系我及时删除。

    相关文章

      网友评论

        本文标题:容器云平台No.5~企业级私有镜像仓库Harbor V2.02

        本文链接:https://www.haomeiwen.com/subject/uehwyktx.html