使用 Docker Compose 部署 Harbor v2.2.2 容器仓库

参考：
https://goharbor.io/docs/2.0.0/install-config/

安装docker-compose

参考：https://docs.docker.com/compose/install/

curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose --version

安装harbor

参考：https://goharbor.io/docs/2.2.0/install-config/

• 离线安装包：https://github.com/goharbor/harbor/releases/download/v2.2.2/harbor-offline-installer-v2.2.2.tgz
• 在线安装包：https://github.com/goharbor/harbor/releases/download/v2.2.2/harbor-online-installer-v2.2.2.tgz

root@ubuntu18:~# tar zxf harbor-online-installer-v2.2.2.tgz
root@ubuntu18:~# cd harbor/
root@ubuntu18:~/harbor# cp harbor.yml.tmpl harbor.yml
root@ubuntu18:~/harbor# vim harbor.yml  ## 修改配置文件
...
hostname: reg.test.com  ## 域名或IP
harbor_admin_password: admin123  ## 管理员密码
database:
  password: root123  ## 数据库密码
data_volume: /data/harbor  ## 数据存储目录
...

注意：这里使用http访问，因此需要注释掉https相关的配置。

root@ubuntu18:~/harbor# mkdir /data/harbor
root@ubuntu18:~/harbor# ./install.sh  ## 运行安装脚本
root@ubuntu18:~/harbor# docker-compose ps  ## 查看服务状态

故障排除说明

Harbor 使用 rsyslog 收集每个容器的日志。 默认情况下，这些日志文件存储在目录 /var/log/harbor/ 中。

harbor生命周期管理说明

服务管理

root@ubuntu18:~/harbor# docker-compose stop   ## 停止服务
root@ubuntu18:~/harbor# docker-compose start  ## 启动服务

重新部署

root@ubuntu18:~/harbor# docker-compose down -v  ## 停止并删除服务
root@ubuntu18:~/harbor# vim harbor.yml          ## 更新配置
root@ubuntu18:~/harbor# ./prepare               ## 重新生成配置文件
root@ubuntu18:~/harbor# docker-compose up -d    ## 创建并启动服务

清理数据

root@ubuntu18:~/harbor# rm -r /data/harbor/database  ## 删除数据库
root@ubuntu18:~/harbor# rm -r /data/harbor/registry  ## 删除镜像数据

FAQ

docker registry的配置，这个每次传输至少都是9M以上的内容，缓冲区配置大

proxy_buffering on;
proxy_buffer_size 4k; 
proxy_buffers 8 1M;
proxy_busy_buffers_size 2M;
proxy_max_temp_file_size 0;

push的image太大，被nginx拒绝了，在nginx的配置加入下面的两行

# disable any limits to avoid HTTP 413 for large image uploads
client_max_body_size 0;

# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
chunked_transfer_encoding on;

NGINX反代超时报错

解决方法： 加入proxy_read_timeout 300;

例如：

location / {
               proxy_pass http://127.0.0.1:8080;
               proxy_read_timeout 300;
               proxy_set_header Host $host;
               proxy_set_header X-Real-IP $remote_addr;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

location ^~ /api/ {
               proxy_pass http://127.0.0.1:8081;
               proxy_read_timeout 300;
               proxy_set_header Host $host;
               proxy_set_header X-Real-IP $remote_addr;
               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      }

nginx代理registry配置示例：

worker_processes auto;

events {
  worker_connections 1024;
  use epoll;
  multi_accept on;
}

http {
  tcp_nodelay on;

  # this is necessary for us to be able to disable request buffering in all cases
  proxy_http_version 1.1;


  upstream registry {
    ip_hash;
    server registry:5000;
  }

  upstream ui {
    server ui:80;
  }

  log_format timed_combined '$remote_addr - '
    '"$request" $status $body_bytes_sent '
    '"$http_referer" "$http_user_agent" '
    '$request_time $upstream_response_time $pipe';

  access_log /dev/stdout timed_combined;

  server {
    listen 80;

    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;
    chunked_transfer_encoding on;

    location / {
      proxy_pass http://ui/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      
      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
      proxy_set_header X-Forwarded-Proto $scheme;
      
      proxy_buffering on;
      proxy_request_buffering off;
    }

    location /v1/ {
      return 404;
    }

    location /v2/ {
      proxy_read_timeout 300;
      proxy_pass http://ui/registryproxy/v2/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      
      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_buffer_size 4k;
      proxy_buffers 8 1M;
      proxy_busy_buffers_size 2M;
      proxy_max_temp_file_size 0;
      # proxy_temp_file_write_size 64k;
      client_body_temp_path /tmp/nginx_client_body_temp;
      proxy_temp_path /tmp/nginx_proxy_temp;
    }

    location /service/ {
      proxy_pass http://ui/service/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      
      # When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
      proxy_set_header X-Forwarded-Proto $scheme;
      
      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /service/notifications {
      return 404;
    }
  }
}

其他部署方式

Helm部署到K8s

参考：
https://github.com/goharbor/harbor-helm
https://goharbor.io/docs/2.0.0/install-config/harbor-ha-helm/

高可用架构：

Operator部署到K8s

参考：https://github.com/goharbor/harbor-operator

总体设计：