Ubuntu 22.04 LTS 离线安装 Harbor v2.11 (附https认证,Trivy镜像扫描)

Harbor 介绍

  • Harbor是一个开源的企业级Docker Registry服务,它提供了一个安全、可信赖的仓库来存储和管理Docker镜像。Harbor翻译为中文名称为"庇护;居住;"。可以理解为是Docker镜像的"居住环境"或者是镜像的"庇护所"。Harbor最初由VMware公司开发,旨在解决企业级Docker镜像管理的安全和可信任性问题。VMware于2016年发布,在2017年,VMware将Harbor开源,这使得更广泛的社区和组织可以自由地使用和贡献代码。Harbor是一个成熟、功能丰富且安全可靠的企业级Docker Registry服务,为企业容器化应用的部署和管理提供了强大的支持。

  • 我们在日常 Docker 容器使用和管理过程中,渐渐发现部署企业私有仓库往往是很有必要的, 它可以帮助你管理企业的一些敏感镜像, 同时由于 Docker Hub 的下载速度和 GFW 的原因, 往往需要将一些无法直接下载的镜像导入本地私有仓库. 而 Harbor 就是部署企业私有仓库的一个不二之选。

Harbor 特性

  • 基于角色的访问控制:用户与 Docker 镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限。
  • 镜像复制:镜像可以在多个 Registry 实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景。
  • 图形化用户界面:用户可以通过浏览器来浏览,检索当前 Docker 镜像仓库,管理项目和命名空间。
  • AD/LDAP 支持:Harbor 可以集成企业内部已有的 AD/LDAP,用于鉴权认证管理。
  • 审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
  • 国际化:已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来。
  • RESTful API:RESTful API 提供给管理员对于 Harbor 更多的操控, 使得与其它管理软件集成变得更容易。
  • 部署简单:提供在线和离线两种安装工具, 也可以安装到 vSphere 平台(OVA 方式)虚拟设备。

Harbor 和 Registry的比较

Harbor和Registry都是Docker的镜像仓库,但是Harbor作为更多企业的选择,是因为相比较于Regisrty来说,它具有很多的优势。

  • 提供基于Web界面的图形化管理界面,操作更友好。
  • 支持用户、项目和镜像的访问控制机制。
  • 可以对镜像进行扫描查找漏洞,提升安全性。
  • 完全支持LDAP/AD等标准化的企业用户管理。
  • 可以很好地集成到CI/CD流程中。
  • 提供API开放功能,便于第三方系统对接。

很适合团队和中小企业使用。

Harbor 架构

  • proxy:对应启动组件nginx。它是一个nginx反向代理,代理Notary client(镜像认证)、docker client(镜像上传下载)和浏览器的访问请求(Core Service)给后端的各服务器。
  • UI(Core Service):对应启动组件harbor-ui。底层数据存储使用mysql数据库,主要提供了四个子功能。
    • UI:一个web管理页面ui
    • API:Harbor暴露的API服务。
    • Auth:用户认证服务,decode后的token中的用户信息在这里进行认证;auth后端可以接db、ldap、uaa三种认证实现。
    • Token服务:负责根据用户在每个project中的role来为每个docker push/pull 命令发布一个token,如果docker client发送给registry的请求没有带token,registry会重定向请求到token服务创建token。
  • Registry:对应启动组件registry。负责存储镜像文件和处理镜像的pull/push命令。Harbor对镜像进行强制的访问控制,Registry会将每个客户端的每个pull/push请求转发到token服务来获取有效的token。
  • Admin Service:对应启动组件harbor-admin server。是系统的配置管理中心附带检查存储用量,ui和jobserver启动时需要加载adminserver配置。
  • job server:对应启动组件harbor-jobservice。负责镜像复制工作,它和Registry通信。从一个Registry pull镜像然后push到另一个Registry,并记录job_log.
  • Log Collector:对应启动组件harbor-log。日志汇总组件,通过docker的log-driver把日志汇总到一起。
  • DB:对应启动组件harbor-db,负责存储project、user、role、replication、image_scan、access等的metadata数据。

Harbor 大概需要以下几个容器组成:

  • ui (Harbor的核心服务)。
  • log (运行着rsyslog的容器,进行日志收集)。
  • mysql (由官方mysql镜像构成的数据库容器)。
  • Nginx (使用Nginx做反向代理)。
  • registry (官方的Docker registry)。
  • adminserver (Harbor的配置数据管理器)。
  • jobservice (Harbor的任务管理服务)。
  • redis (用于存储session)。

本文harbor安装版本:harbor-offline-installer-v2.11.1.tgz
需要特别注意:由于Harbor是基于Docker Registry V2版本,所以Docker Engine必须大于20.10.10-ce+版本,docker-compose必须要大于v1.18.0+版本!

安装 Docker

详细安装步骤可参考

# 安装必要的依赖包
root@ubuntu2204:~# apt install apt-transport-https ca-certificates curl gnupg lsb-release -y

# 添加软件源的GPG密钥及docker源(阿里)
root@ubuntu2204:~# curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
root@ubuntu2204:~# add-apt-repository "deb [arch=$(dpkg --print-architecture)] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"

# 选择安装指定稳定版, 例如 5:25.0.5-1~ubuntu.22.04~jammy
root@ubuntu2204:~# apt-cache madison docker-ce | awk '{ print $3 }'
5:27.3.1-1~ubuntu.22.04~jammy
5:27.3.0-1~ubuntu.22.04~jammy
......
5:26.0.2-1~ubuntu.22.04~jammy
5:26.0.1-1~ubuntu.22.04~jammy
5:26.0.0-1~ubuntu.22.04~jammy
5:25.0.5-1~ubuntu.22.04~jammy
5:25.0.4-1~ubuntu.22.04~jammy
......

root@ubuntu2204:~# VERSION_STRING=5:25.0.5-1~ubuntu.22.04~jammy
root@ubuntu2204:~# apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-buildx-plugin docker-compose-plugin -y

# 查看docker信息
root@ubuntu2204:~# docker -v
Docker version 25.0.5, build 5dc9bcc
root@ubuntu2204:~#
root@ubuntu2204:~# docker version
Client: Docker Engine - Community
 Version:           25.0.5
 API version:       1.44
 Go version:        go1.21.8
 Git commit:        5dc9bcc
 Built:             Tue Mar 19 15:05:10 2024
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          25.0.5
  API version:      1.44 (minimum version 1.24)
  Go version:       go1.21.8
  Git commit:       e63daec
  Built:            Tue Mar 19 15:05:10 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.22
  GitCommit:        7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c
 runc:
  Version:          1.1.14
  GitCommit:        v1.1.14-0-g2c9f560
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

root@ubuntu2204:~# ps -ef | grep docker
root       16048       1  0 14:56 ?        00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
root       16245   12531  0 14:57 pts/1    00:00:00 grep --color=auto docker

# 启动|停止|重启|查看|开机自启
root@ubuntu2204:~# systemctl start|stop|restart|status|enable docker
 
# 测试 docker 是否安装正确
root@ubuntu2204:~# docker run --rm hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
c1ec31eb5944: Pull complete
Digest: sha256:d211f485f2dd1dee407a80973c8f129f00d54604d2c90732e8e320e5038a0348
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

# 若能正常输出以上信息,则说明安装成功。

安装 Harbor 仓库

配置HTTPS证书

# 生成证书颁发机构证书
# 1.生成 CA 证书私钥
root@ubuntu2204:~# openssl genrsa -out ca.key 4096

# 2.生成 CA 证书
root@ubuntu2204:~# openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=GD/L=GZ/O=DovOps/OU=IT/CN=zwc.harbor.com" -key ca.key -out ca.crt

# 参数说明:
#   C,Country,代表国家
#   ST,STate,代表省份
#   L,Location,代表城市
#   O,Organization,代表组织,公司
#   OU,Organization Unit,代表部门
#   CN,Common Name,代表服务器域名


# 生成服务器证书 
# 1.生成私钥
root@ubuntu2204:~# openssl genrsa -out zwc.harbor.com.key 4096

# 2.生成证书签名请求 (CSR)
root@ubuntu2204:~# openssl req -sha512 -new -subj "/C=CN/ST=GD/L=GZ/O=DovOps/OU=IT/CN=zwc.harbor.com" -key zwc.harbor.com.key -out zwc.harbor.com.csr

# 3.生成 x509 v3 扩展文件
root@ubuntu2204:~# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=zwc.harbor.com
DNS.2=svr.harbor.com
EOF

# 4.使用 v3.ext 文件来为您的 Harbor 主机生成证书
root@ubuntu2204:~# openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in zwc.harbor.com.csr -out zwc.harbor.com.crt
Certificate request self-signature ok
subject=C = CN, ST = GD, L = GZ, O = DovOps, OU = IT, CN = zwc.harbor.com


# 向 Harbor 和 Docker 提供证书 
# 1.将服务器证书和密钥复制到 Harbor 主机上的 certficates 文件夹中(根据自己实际环境)
root@ubuntu2204:~# mkdir -p /data/app/harbor/certs
root@ubuntu2204:~# cp zwc.harbor.com.crt  /data/app/harbor/certs
root@ubuntu2204:~# cp zwc.harbor.com.key  /data/app/harbor/certs

# 2.转变 zwc.harbor.com.crt 到 docker.zwc.harbor.com.crt,供 Docker 使用
root@ubuntu2204:~# openssl x509 -inform PEM -in zwc.harbor.com.crt -out docker.zwc.harbor.com.cert

# 3.将服务器证书、密钥和 CA 文件复制到 Harbor 主机上的 Docker 证书文件夹中。您必须首先创建适当的文件夹。 
root@ubuntu2204:~# mkdir -p /etc/docker/certs.d/zwc.harbor.com
root@ubuntu2204:~# cp docker.zwc.harbor.com.cert /etc/docker/certs.d/zwc.harbor.com
root@ubuntu2204:~# cp zwc.harbor.com.key /etc/docker/certs.d/zwc.harbor.com
root@ubuntu2204:~# cp ca.crt /etc/docker/certs.d/zwc.harbor.com

# 4.重新启动 Docker 
root@ubuntu2204:~# systemctl restart docker

# 说明
root@ubuntu2204:~# tree /etc/docker/certs.d/
/etc/docker/certs.d/
└── zwc.harbor.com
    ├── ca.crt                      <-- Certificate authority that signed the registry certificate
    ├── docker.zwc.harbor.com.cert  <-- Server certificate signed by CA
    └── zwc.harbor.com.key          <-- Server key signed by CA

下载安装 Harbor

# 获取Harbor最新稳定版
root@ubuntu2204:~# curl -s https://api.github.com/repos/goharbor/harbor/releases/latest | grep browser_download_url | cut -d '"' -f4 | grep '.tgz'
https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-offline-installer-v2.11.1.tgz
https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-offline-installer-v2.11.1.tgz.asc
https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-online-installer-v2.11.1.tgz
https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-online-installer-v2.11.1.tgz.asc

# 下载离线Harbor
root@ubuntu2204:~# wget https://github.com/goharbor/harbor/releases/download/v2.11.1/harbor-offline-installer-v2.11.1.tgz

root@ubuntu2204:~# tar -xf harbor-offline-installer-v2.11.1.tgz -C /data/app
root@ubuntu2204:~# cd /data/app/harbor/
root@ubuntu2204:/data/app/harbor# ls
LICENSE  certs  common.sh  harbor.v2.11.1.tar.gz  harbor.yml.tmpl  install.sh  prepare


# 编辑harbor.yml配置文件
root@ubuntu2204:/data/app/harbor# cp harbor.yml.tmpl harbor.yml
root@ubuntu2204:/data/app/harbor# vim harbor.yml
......
  4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
  5 hostname: 172.16.70.162  //设置访问地址,可以是ip、主机名,不可以设置为127.0.0.1或localhost
  6
  7 # http related config
  8 http:  //启用http
  9   # port for http, default is 80. If https enabled, this port will redirect to https port
 10   port: 80  //默认http端口
 11
 12 # https related config
 13 https:  //启用https(注释则为禁用)
 14   # https port for harbor, default is 443
 15   port: 443
 16   # The path of cert and key files for nginx
 17   certificate: /data/app/harbor/certs/zwc.harbor.com.crt  //启用时,证书路径(禁用则注释)
 18   private_key: /data/app/harbor/certs/zwc.harbor.com.key  //启用时,私钥路径(禁用则注释)
 19   # enable strong ssl ciphers (default: false)
 20   # strong_ssl_ciphers: false
......
 46 # Remember Change the admin password from UI after launching Harbor.
 47 harbor_admin_password: Harbor@54321  //修改harbor登录密码
......
 65 # The default data volume
 66 data_volume: /data/app/harbor/data  //修改harbor仓库数据目录(安装Harbor时会自动创建)
......
164     # The directory on your host that store log
165     location: /data/app/harbor/log/harbor  //修改日志路径(安装Harbor时会自动创建)
......


# 安装并启动trivy漏洞扫描工具
root@ubuntu2204:/data/app/harbor# ./install.sh --with-trivy
[Step 0]: checking if docker is installed ...

Note: docker version: 25.0.5

[Step 1]: checking docker-compose is installed ...

Note: Docker Compose version v2.29.7

[Step 2]: loading Harbor images ...
......

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/app/harbor
......
[Step 5]: starting Harbor ...
......

✔ ----Harbor has been installed and started successfully.----  # 提示安装成功

root@ubuntu2204:/data/app/harbor# ls
LICENSE  certs  common  common.sh  data  docker-compose.yml  harbor.v2.11.1.tar.gz  harbor.yml  harbor.yml.tmpl  install.sh  log  prepare


# 查看运行中的harbor相关容器(应该是启动10个容器)
root@ubuntu2204:/data/app/harbor# docker ps -a
CONTAINER ID   IMAGE                                   COMMAND                  CREATED              STATUS                        PORTS                           NAMES
545f561eabfd   goharbor/harbor-jobservice:v2.11.1      "/harbor/entrypoint.…"   About a minute ago   Up About a minute (healthy)                                   harbor-jobservice
85e7e42c1ea4   goharbor/nginx-photon:v2.11.1           "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)   0.0.0.0:80->8080/tcp, \   	
																										:::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp   nginx
938f3c7392ee   goharbor/trivy-adapter-photon:v2.11.1   "/home/scanner/entry…"   About a minute ago   Up About a minute (healthy)                                   trivy-adapter
8e12aab73943   goharbor/harbor-core:v2.11.1            "/harbor/entrypoint.…"   About a minute ago   Up About a minute (healthy)                                   harbor-core
c8d115b85841   goharbor/harbor-db:v2.11.1              "/docker-entrypoint.…"   About a minute ago   Up About a minute (healthy)                                   harbor-db
30c6ab0f77c6   goharbor/harbor-registryctl:v2.11.1     "/home/harbor/start.…"   About a minute ago   Up About a minute (healthy)                                   registryctl
ad0ec6ffdfb8   goharbor/redis-photon:v2.11.1           "redis-server /etc/r…"   About a minute ago   Up About a minute (healthy)                                   redis
b35f315c7932   goharbor/registry-photon:v2.11.1        "/home/harbor/entryp…"   About a minute ago   Up About a minute (healthy)                                   registry
2edff162d014   goharbor/harbor-portal:v2.11.1          "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)                                   harbor-portal
e6736ea4ca01   goharbor/harbor-log:v2.11.1             "/bin/sh -c /usr/loc…"   About a minute ago   Up About a minute (healthy)   127.0.0.1:1514->10514/tcp       harbor-log


# 查看docker相关端口
root@ubuntu2204:/data/app/harbor# netstat -ntpl | grep docker
tcp        0      0 127.0.0.1:1514          0.0.0.0:*               LISTEN      17754/docker-proxy
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      18387/docker-proxy
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      18427/docker-proxy
tcp6       0      0 :::443                  :::*                    LISTEN      18398/docker-proxy
tcp6       0      0 :::80                   :::*                    LISTEN      18436/docker-proxy

# 查看本机IP
root@ubuntu2204:/data/app/harbor# hostname -I
172.16.70.162 172.17.0.1 172.18.0.1

安装 docker-compose

root@ubuntu2204:~# VERSION_COMPOSE=v2.29.7
root@ubuntu2204:~# curl -L "https://github.com/docker/compose/releases/download/$VERSION_COMPOSE/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 
# 赋执行权限
root@ubuntu2204:~# chmod +x /usr/local/bin/docker-compose 
root@ubuntu2204:~# docker-compose -v
Docker Compose version v2.29.7

root@ubuntu2204:~# docker-compose -f /data/app/harbor/docker-compose.yml ps
WARN[0000] /data/app/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
NAME                IMAGE                                   COMMAND                  SERVICE         CREATED              STATUS                        PORTS
harbor-core         goharbor/harbor-core:v2.11.1            "/harbor/entrypoint.…"   core            About a minute ago   Up About a minute (healthy)
harbor-db           goharbor/harbor-db:v2.11.1              "/docker-entrypoint.…"   postgresql      About a minute ago   Up About a minute (healthy)
harbor-jobservice   goharbor/harbor-jobservice:v2.11.1      "/harbor/entrypoint.…"   jobservice      About a minute ago   Up About a minute (healthy)
harbor-log          goharbor/harbor-log:v2.11.1             "/bin/sh -c /usr/loc…"   log             About a minute ago   Up About a minute (healthy)   127.0.0.1:1514->10514/tcp
harbor-portal       goharbor/harbor-portal:v2.11.1          "nginx -g 'daemon of…"   portal          About a minute ago   Up About a minute (healthy)
nginx               goharbor/nginx-photon:v2.11.1           "nginx -g 'daemon of…"   proxy           About a minute ago   Up About a minute (healthy)   0.0.0.0:80->8080/tcp, \
[::]:80->8080/tcp, 0.0.0.0:443->8443/tcp, [::]:443->8443/tcp
redis               goharbor/redis-photon:v2.11.1           "redis-server /etc/r…"   redis           About a minute ago   Up About a minute (healthy)
registry            goharbor/registry-photon:v2.11.1        "/home/harbor/entryp…"   registry        About a minute ago   Up About a minute (healthy)
registryctl         goharbor/harbor-registryctl:v2.11.1     "/home/harbor/start.…"   registryctl     About a minute ago   Up About a minute (healthy)
trivy-adapter       goharbor/trivy-adapter-photon:v2.11.1   "/home/scanner/entry…"   trivy-adapter   18 minutes ago       Up 4 minutes (healthy)


# 注意:如果harbor.yml配置修改了,要先执行"./prepare"命令进行配置载入,然后再重启harbor服务。
# 停止|启动|重启
root@ubuntu2204:~# docker-compose stop|start|restart

# 另外:
#   docker-compose down -v	# 停止并删除容器(数据保留在文件系统中,因此不会丢失任何数据)
#   docker-compose up -d	# 创建并启动容器

修改admin密码

# 1.修改harbor的登陆用户密码,则最好在harbor web界面里直接修改。

# 2.忘记harbor的web密码,建议删除data源数据的database,重新部署。
# docker-compose down -v
# rm -rf /data/app/harbor/data/database
# vim harbor.yaml           #在这里重置或修改密码
# docker-compose up -d
  • 修改本地WIN电脑hosts文件,做好harbor主机的域名解析
    • 172.16.70.162 zwc.harbor.com
    • 172.16.70.162 svr.harbor.com
  • 将名为"ca.crt"的CA证书下载到本地WIN电脑,浏览器再导入该证书
    • 1.Web 域名访问:https://zwc.harbor.com
    • 2.Web IP 访问:https://172.16.70.162
  • 默认账号:admin , 密码:Harbor@54321 (对应harbor.yml中的配置)

使用 Harbot 仓库

首先在Harbor web界面里最好创建一个自己需要的"项目" (或者使用默认的"library"项目),项目公开和私有:

  • Public: 所有用户对于公开项目都有读权限。
  • Private: 私有项目只能被有特定用户权限的人去访问。

如创建一个公开项目"202411_public",点击进去可以看到推送命令的信息提示。

  • 镜像打标签的命令:docker tag 镜像名:标签 harbot仓库地址/仓库项目名/镜像名:标签

    • docker tag SOURCE_IMAGE[:TAG] 172.16.70.162/202411_public/REPOSITORY[:TAG]
  • 推送到harbot仓库的命令:docker push harbot仓库地址/仓库项目名/镜像名:标签

    • docker push 172.16.70.162/202411_public/REPOSITORY[:TAG]
  • 从harbot仓库拉取镜像的命令:docker pull harbot仓库地址/仓库项目名/镜像名:标签

    • docker pull 172.16.70.162/202411_public/REPOSITORY[:TAG]

harbor登录 镜像推/拉

# 登录报错
root@ubuntu2204:~# docker login 172.16.70.162
Username: admin
Password:
Error response from daemon: Get "http://172.16.70.162/v2/": dial tcp 172.16.70.162:80: connect: connection refused

# 解决办法
root@ubuntu2204:~# cat /etc/docker/daemon.json
{
    "registry-mirrors": [
        "https://dockerpull.com",
        "https://docker.anyhub.us.kg",
        "https://dockerhub.jobcher.com",
    ],
    "insecure-registries": ["172.16.70.162"]  # 添加此行
}

# 修改过后重启docker, 重启Harbor服务
root@ubuntu2204:~# systemctl daemon-reload && systemctl restart docker
root@ubuntu2204:~# docker-compose -f /data/app/harbor/docker-compose.yml restart

# 再次登录
root@ubuntu2204:~# docker login 172.16.70.162
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 登录账号信息保存位置,若不删除后续登录,则无需输入用户名和密码
root@ubuntu2204:~# cat /root/.docker/config.json
{
	"auths": {
		"172.16.70.162": {
			"auth": "YWRtaW46SGFyYm9yQDU0MzIx"
		}
	}

# 1.查看本地镜像
root@ubuntu2204:~# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE
goharbor/harbor-exporter        v2.11.1   cdf68efc001e   2 months ago   114MB
goharbor/redis-photon           v2.11.1   acf90a312d47   2 months ago   170MB
goharbor/trivy-adapter-photon   v2.11.1   24a8273e807a   2 months ago   339MB
goharbor/harbor-registryctl     v2.11.1   43fca2a06374   2 months ago   168MB
goharbor/registry-photon        v2.11.1   9da6663b36f2   2 months ago   90.3MB
goharbor/nginx-photon           v2.11.1   193a1b77b7d4   2 months ago   159MB
goharbor/harbor-log             v2.11.1   2752e033bfbb   2 months ago   169MB
goharbor/harbor-jobservice      v2.11.1   a8005a88b3dc   2 months ago   165MB
goharbor/harbor-core            v2.11.1   eaf65baad3f6   2 months ago   191MB
goharbor/harbor-portal          v2.11.1   f58813018a49   2 months ago   167MB
goharbor/harbor-db              v2.11.1   be56f8030c48   2 months ago   277MB
goharbor/prepare                v2.11.1   1d00ffdb2e67   2 months ago   216MB

# 2.本地镜像打标签并推送至Harbor
root@ubuntu2204:~# docker tag goharbor/nginx-photon:v2.11.1 172.16.70.162/202411_public/nginx-photon:v2
root@ubuntu2204:~# docker images | grep nginx
172.16.70.162/202411_public/nginx-photon   v2        193a1b77b7d4   2 months ago   159MB
goharbor/nginx-photon                      v2.11.1   193a1b77b7d4   2 months ago   159MB

root@ubuntu2204:~# docker push 172.16.70.162/202411_public/nginx-photon:v2
The push refers to repository [172.16.70.162/202411_public/nginx-photon]
7a130cf406bb: Pushed
fa65d0b345aa: Pushed
v2: digest: sha256:b7a54e6b04ffe19096cc5a788fa3364bc2dea742c26a990ea3270bf20eaa723d size: 741

# 3.拉取dockerhub镜像,打标签并推至Harbor
root@ubuntu2204:~# docker pull mysql:8.4.3
root@ubuntu2204:~# docker tag mysql:8.4.3 172.16.70.162/202411_public/mysql:8.4.3
root@ubuntu2204:~# docker images | grep mysql
172.16.70.162/202411_public/mysql          8.4.3     ed66f13824d5   4 weeks ago    592MB
mysql                                      8.4.3     ed66f13824d5   4 weeks ago    592MB

root@ubuntu2204:~# docker push 172.16.70.162/202411_public/mysql:8.4.3
The push refers to repository [172.16.70.162/202411_public/mysql]
488946e535dc: Pushed
c6a372379ade: Pushed
4baca2f64123: Pushed
e7f948391a9f: Pushed
3f0758c2bc58: Pushed
96bad7ffa575: Pushed
9a7be671c0ad: Pushed
4dae3171e4f9: Pushed
5cebbdcae534: Pushed
217e34a4f824: Pushed
8.4.3: digest: sha256:0b6d2de7d79984b386696b75aca8341fea4456775e2b22f806a463f2199d4624 size: 2411

# harbor仓库镜像保存位置
root@ubuntu2204:~# ls /data/app/harbor/data/registry/docker/registry/v2/repositories/202411_public
mysql  nginx-photon
  • 查看Harob仓库

附:若harbor.yml中更改了默认端口

root@ubuntu2204:/data/app/harbor# docker-compose down
root@ubuntu2204:/data/app/harbor# vim harbor.yml
......
  5 hostname: 172.16.70.162
  6
  7 # http related config
  8 http:
  9   # port for http, default is 80. If https enabled, this port will redirect to https port
 10   port: 8880  # 默认为:80
 11
 12 # https related config
 13 https:
 14   # https port for harbor, default is 443
 15   port: 8443  # 默认为:443
 16   # The path of cert and key files for nginx
 17   certificate: /data/app/harbor/certs/zwc.harbor.com.crt
 18   private_key: /data/app/harbor/certs/zwc.harbor.com.key
......

# 修改daemon.json
root@ubuntu2204:/data/app/harbor# cat /etc/docker/daemon.json
{
    "registry-mirrors": ["https://docker.1ms.run"],
    "insecure-registries": ["172.16.70.162:8443"]  # 新增此行
}

root@ubuntu2204:/data/app/harbor# systemctl daemon-reload && systemctl restart docker

# 重新加载配置并启动
root@ubuntu2204:/data/app/harbor# ./prepare
root@ubuntu2204:/data/app/harbor# docker-compose up -d

root@ubuntu2204:/data/app/harbor# netstat -ntpl | grep docker
tcp        0      0 127.0.0.1:1514          0.0.0.0:*               LISTEN      3167367/docker-prox
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      3168268/docker-prox
tcp        0      0 0.0.0.0:8880            0.0.0.0:*               LISTEN      3168288/docker-prox
tcp6       0      0 :::8443                 :::*                    LISTEN      3168274/docker-prox
tcp6       0      0 :::8880                 :::*                    LISTEN      3168295/docker-prox

# 登录
root@ubuntu2204:/data/app/harbor# docker login 172.16.70.162:8443
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 打标签
root@ubuntu2204:/data/app/harbor# docker tag mysql:5.7.37 172.16.70.162:8443/202411_public/mysql:5.7.37

root@ubuntu2204:/data/app/harbor# docker images | grep 5.7.37
172.16.70.162:8443/202411_public/mysql     5.7.37    82d2d47667cf   2 years ago    450MB
mysql                                      5.7.37    82d2d47667cf   2 years ago    450MB

# 上传
root@ubuntu2204:/data/app/harbor# docker push 172.16.70.162:8443/202411_public/mysql:5.7.37

# web 检查上传的镜像
https://zwc.harbor.com:8443
posted @ 2024-11-13 09:36  讲文张字  阅读(406)  评论(1编辑  收藏  举报
返回顶部