企业级 Harbor 镜像仓库

Harbor是由VMWare公司开源的容器镜像仓库。事实上，Harbor是在Docker Registry上进行了相应

的企业级扩展，从而获得了更加广泛的应用，这些新的企业级特性包括：管理用户界面，基于角色的

访问控制 ，AD/LDAP集成以及审计日志等，足以满足基本企业需求。

官方地址：https://vmware.github.io/harbor/cn/

 

harbor-adminserver 配置管理中心

harbor-db Mysql数据库

harbor-jobservice 负责镜像复制

harbor-log 记录操作日志

harbor-ui Web管理页面和API

nginx 前端代理，负责前端页面和镜像上传/下载转发

redis 会话

registry 镜像存储

 

1、安装docker与docker-compose

下载地址

https://github.com/goharbor/harbor/releases/tag/v1.9.1

1、安装docker与docker-compose
 curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

2、解压离线包部署
#tar zxvf harbor-offline-installer-v1.9.1.tgz
# cd harbor
# vi harbor.yml
hostname: 192.168.31.70
# ./prepare
# ./install.sh

输入IP即可访问，默认端口80，配置文件里有登录用户密码

[root@k8s-node1 harbor]# cat harbor.yml |grep harbor_admin_password
harbor_admin_password: Harbor12345

 默认有个library项目，可以把一些公共镜像放在这个推送到这个项目，比如Nginx，等不涉及敏感信息的镜像

 

 

 

 

 

 

 

 

 

 

 

镜像仓库里边有显示推送地址

 

 

 

 

 

 

1、配置http镜像仓库可信任

# vi /etc/docker/daemon.json

{"insecure-registries":["reg.ctnrs.com"]}

# systemctl restart docker

2、打标签

# docker tag nginx:v1 reg.ctnrs.com/library/nginx:v1

3、上传

# docker push reg.ctnrs.com/library/nginx:v1

4、下载

# docker pull reg.ctnrs.com/library/nginx:v1

 

实际操作

配置http镜像仓库可信任，默认是https连接

# vi /etc/docker/daemon.json 
{"insecure-registries":["192.168.146.130"]}
# systemctl restart docker
重启docker，需要重新启动docker-compose， -d参数是没有启动的就启动
[root@k8s-node1 harbor]# docker-compose up -d

这里注意的是查看配置是否生效，用docker info命令来查看验证，如果不生效就用键值对的形式

[root@k8s-node1 harbor]# cat /etc/docker/daemon.json 
{"registry-mirrors": [
"http://f1361db2.m.daocloud.io"
],
"insecure-registries": [
"192.168.146.130"
]
}

登录

[root@k8s-node1 harbor]# docker login 192.168.146.130
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

 打标签

 docker tag nginx:v1  192.168.146.130/library/nginx:v1

推送

[root@k8s-node1 harbor]# docker push 192.168.146.130/library/nginx:v1
The push refers to repository [192.168.146.130/library/nginx]
9f0d0e779a50: Pushed 
540f5c445a65: Pushed 
9e607bb861a7: Pushed 
v1: digest: sha256:7034e58ee345192be1c0bf4233276980f2847f5a1fd2618a948a733a37817c31 size: 953

推送tomcat镜像

docker tag tomcat:v1  192.168.146.130/library/tomcat:v1
docker push 192.168.146.130/library/tomcat:v1

再另一台 机上，安装docker、添加可信任地址，然后下载镜像

[root@k8s-node1 harbor]# scp /etc/yum.repos.d/docker-ce.repo root@192.168.146.131:/etc/yum.repos.d/

[root@k8s-node2 ~]# yum -y install docker-ce

[root@k8s-node2 ~]# cat /etc/docker/daemon.json 
{"registry-mirrors": [
"http://f1361db2.m.daocloud.io"
],
"insecure-registries": [
"192.168.146.130"
]
}

[root@k8s-node2 ~]# systemctl start docker

[root@k8s-node2 ~]# docker pull 192.168.146.130/library/nginx:v1
v1: Pulling from library/nginx
729ec3a6ada3: Pull complete 
4e0be3a87c9b: Pull complete 
95cf5f0db933: Pull complete 
Digest: sha256:7034e58ee345192be1c0bf4233276980f2847f5a1fd2618a948a733a37817c31
Status: Downloaded newer image for 192.168.146.130/library/nginx:v1
192.168.146.130/library/nginx:v1
[root@k8s-node2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.146.130/library/nginx v1 4ab138f8031a 29 hours ago 346MB