Docker搭建私有仓库harbor(docker 镜像仓库搭建)

avatar
作者
筋斗云
阅读量:0
  • Harbor介绍

Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker
Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。
官网地址:https://github.com/goharbor/harbor

Docker Harbor是一个企业级的Docker Registry服务,旨在提供安全、可靠的镜像存储和管理解决方案。以下是Docker
Harbor的一些关键特点:

  1. 私有Registry:Docker Harbor允许用户搭建私有的Docker Registry,使得企业可以在自己的内部网络中安全地存储和管理Docker镜像。
  2. 安全性:Docker Harbor提供了访问控制、用户和团队管理功能,以确保镜像的安全性。它支持用户身份验证、权限控制、安全扫描等功能,帮助用户保护他们的容器镜像不受未经授权的访问。
  3. 可扩展性:Docker Harbor支持集群部署,可以轻松地扩展以应对大规模的容器镜像存储需求。
  4. 镜像复制和同步:Docker Harbor允许用户在不同的Registry之间复制和同步镜像,方便用户在多个部署环境之间共享和管理镜像。
  5. 审计和日志记录:Docker Harbor提供审计和日志记录功能,记录用户对镜像的操作,以帮助用户跟踪镜像的变更历史。 总的来说,Docker Harbor是一个功能强大的企业级Docker
    Registry服务,为用户提供了安全、可靠的方式来管理和存储Docker镜像。
  • 所需要的安装包

链接:https://pan.baidu.com/s/1rN25l72i6W36ANAOqxcc_w 提取码:1021

  1. 为harbor签发证书
[root@harbor ~]# hostnamectl set-hostname harbor && /bin/bash [root@harbor ~]# mkdir /data/ssl -p [root@harbor ~]# cd /data/ssl/  #生成ca证书 #生成一个3072位的key,也就是私钥 [root@harbor ssl]# openssl genrsa -out ca.key 3072 Generating RSA private key, 3072 bit long modulus ...........++ .............++ e is 65537 (0x10001) #生成一个数字证书ca.pem,3650表示证书的有效时间是3年,按箭头提示填写即可,没有箭头标注的为空: [root@harbor ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CH State or Province Name (full name) []:BJ Locality Name (eg, city) [Default City]:BJ Organization Name (eg, company) [Default Company Ltd]:BJ Organizational Unit Name (eg, section) []:BJ Common Name (eg, your name or your server's hostname) []:CHONG Email Address []:123@163.com  #生成域名的证书 #生成一个3072位的key,也就是私钥 [root@harbor ssl]# openssl genrsa -out harbor.key  3072 Generating RSA private key, 3072 bit long modulus .++ ..........................................................++ e is 65537 (0x10001) #生成一个证书请求,一会签发证书时需要的,标箭头的按提示填写,没有箭头标注的为空: [root@harbor ssl]# openssl req -new -key harbor.key -out harbor.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CH State or Province Name (full name) []:BJ Locality Name (eg, city) [Default City]:BJ Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:harbor  #主机名 Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: #签发证书 [root@harbor ssl]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650 #显示如下说明证书发布完成 Signature ok subject=/C=CH/ST=BJ/L=BJ/O=Default Company Ltd/CN=harbor Getting CA Private Key 

注:安装harbor需要docker,记得安装docker

  1. 安装harbor
#创建harbor安装目录 [root@harbor ~]# mkdir /data/install -p [root@harbor ~]# cd /data/install/ #上传harbor离线包到该目录:harbor-offline-installer-v2.3.0-rc3.tgz #下载harbor离线包的地址:https://github.com/goharbor/harbor/releases/tag/ [root@harbor install]# ll total 614492 -rw-r--r-- 1 root root 629238614 Apr 11 21:40 harbor-offline-installer-v2.3.0-rc3.tgz  #解压该安装包 [root@harbor install]# tar -xf harbor-offline-installer-v2.3.0-rc3.tgz [root@harbor install]# ll total 614492 drwxr-xr-x 2 root root       122 Apr 11 21:42 harbor -rw-r--r-- 1 root root 629238614 Apr 11 21:40 harbor-offline-installer-v2.3.0-rc3.tgz [root@harbor install]# cd harbor [root@harbor harbor]# ll total 617800 -rw-r--r-- 1 root root      3361 Jun 17  2021 common.sh -rw-r--r-- 1 root root 632593607 Jun 17  2021 harbor.v2.3.0.tar.gz -rw-r--r-- 1 root root      7840 Jun 17  2021 harbor.yml.tmpl -rwxr-xr-x 1 root root      2500 Jun 17  2021 install.sh -rw-r--r-- 1 root root     11347 Jun 17  2021 LICENSE -rwxr-xr-x 1 root root      1881 Jun 17  2021 prepare [root@harbor harbor]# cp harbor.yml.tmpl harbor.yml  #修改配置 [root@harbor harbor]# vim harbor.yml 

只修改三种地方 一个是主机名 一个是key和pem得位置
在这里插入图片描述

  1. 安装docker-compose

上传docker-compose-Linux-x86_64文件到harbor机器

[root@harbor harbor]# ll total 629776 -rw-r--r-- 1 root root      3361 Jun 17  2021 common.sh -rw-r--r-- 1 root root  12254160 Apr 11 22:44 docker-compose-Linux-x86_64.64 -rw-r--r-- 1 root root 632593607 Jun 17  2021 harbor.v2.3.0.tar.gz -rw-r--r-- 1 root root      7826 Apr 11 22:41 harbor.yml -rw-r--r-- 1 root root      7840 Jun 17  2021 harbor.yml.tmpl -rwxr-xr-x 1 root root      2500 Jun 17  2021 install.sh -rw-r--r-- 1 root root     11347 Jun 17  2021 LICENSE -rwxr-xr-x 1 root root      1881 Jun 17  2021 prepare You have new mail in /var/spool/mail/root [root@harbor harbor]# mv docker-compose-Linux-x86_64.64 /usr/bin/docker-compose [root@harbor harbor]# chmod +x /usr/bin/docker-compose [root@harbor harbor]# /bin/bash [root@harbor harbor]# docker-compose version docker-compose version 1.26.2, build eefe0d31 docker-py version: 4.2.2 CPython version: 3.7.7 OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019 [root@harbor harbor]# 
  1. 上传harbor所需要得镜像

docker-harbor-2-3-0.tar.gz

#解压镜像 [root@harbor harbor]# docker load -i docker-harbor-2-3-0.tar.gz [root@harbor harbor]# docker images REPOSITORY                      TAG       IMAGE ID       CREATED       SIZE goharbor/harbor-exporter        v2.3.0    fa4ecf260b3a   2 years ago   80.7MB goharbor/chartmuseum-photon     v2.3.0    199be7eb1b5b   2 years ago   178MB goharbor/redis-photon           v2.3.0    3cc2c3e315a2   2 years ago   191MB goharbor/trivy-adapter-photon   v2.3.0    3c3dc5fc0529   2 years ago   164MB goharbor/notary-server-photon   v2.3.0    a8e3a26ef25a   2 years ago   105MB goharbor/notary-signer-photon   v2.3.0    e8776cc92436   2 years ago   102MB goharbor/harbor-registryctl     v2.3.0    4cf0d9bc3086   2 years ago   132MB goharbor/registry-photon        v2.3.0    222f05a9ab07   2 years ago   81MB goharbor/nginx-photon           v2.3.0    78f6ae7adc04   2 years ago   44MB goharbor/harbor-log             v2.3.0    9446a5b39706   2 years ago   194MB goharbor/harbor-jobservice      v2.3.0    bac328ac1a47   2 years ago   170MB goharbor/harbor-core            v2.3.0    7bbebce7798c   2 years ago   157MB goharbor/harbor-portal          v2.3.0    c4f22964cbf3   2 years ago   57.3MB goharbor/harbor-db              v2.3.0    fc74663d9e30   2 years ago   262MB goharbor/prepare                v2.3.0    a830321ca695   2 years ago   291MB  #安装harbor [root@harbor harbor]# cd /data/install/harbor [root@harbor harbor]# ./install.sh 

看到以下内容 成名成功
在这里插入图片描述
5. 安装成功

默认用户名:admin
默认密码:Harbor12345

在这里插入图片描述
在这里插入图片描述
6. 新建项目

在这里插入图片描述
在这里插入图片描述

  1. 其他docker机器配置该镜像仓库
#两台服务器配置本地hosts vim /etc/hosts 192.168.40.180 test-server01 192.168.40.181 harbor  #修改180机器得daemon.json配置 [root@test-server01 ~]# vim /etc/docker/daemon.json  {   "registry-mirrors":["https://vl2nkrv0.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com"],   "insecure-registries": ["192.168.40.181","harbor"] } #harbor机器得IP和主机名  #重启docker [root@test-server01 ~]# systemctl restart docker 
  1. docker登录harbor进行测试
[root@test-server01 ~]# docker login 192.168.40.181 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded  #打包一个镜像上传到test项目 [root@test-server01 ~]# docker images REPOSITORY    TAG       IMAGE ID       CREATED       SIZE tomcat        v1        422fe599256a   4 weeks ago   803MB nginx         v1        f436f09d9c6c   4 weeks ago   342MB inter-image   latest    5eb7b6cd9fb7   4 weeks ago   342MB volume        latest    4fd3ed843dab   2 years ago   231MB centos        latest    5d0da3dc9764   2 years ago   231MB [root@test-server01 ~]# #以本机有的镜像tomcat为例进行打标签  [root@test-server01 ~]# docker tag tomcat:v1  192.168.40.181/test/tomcat:v1 [root@test-server01 ~]# docker images REPOSITORY                   TAG       IMAGE ID       CREATED       SIZE 192.168.40.181/test/tomcat   v1        422fe599256a   4 weeks ago   803MB tomcat                       v1        422fe599256a   4 weeks ago   803MB nginx                        v1        f436f09d9c6c   4 weeks ago   342MB inter-image                  latest    5eb7b6cd9fb7   4 weeks ago   342MB centos                       latest    5d0da3dc9764   2 years ago   231MB volume                       latest    4fd3ed843dab   2 years ago   231MB #上传打上标签得镜像 [root@test-server01 ~]#  docker push 192.168.40.181/test/tomcat:v1 The push refers to repository [192.168.40.181/test/tomcat] baa34f4b2d36: Pushed 9098e168cf25: Pushed 8e1cd85f5863: Pushed 70e115906be4: Pushed 6900d18cbe12: Pushed 49461804abc1: Pushed 2e412669ee56: Pushed 74ddd0ec08fa: Pushed v1: digest: sha256:99c83711e386c7de760bc2c549b231995928bcb37b0d27b7d6478b6c332a5200 size: 1999 #成功上传到镜像仓库 
  1. harbor web页面查看

已经有这个tomcat包在这里插入图片描述

  1. 测试从harbor下载镜像
#删除本地镜像  [root@test-server01 ~]# docker images |grep test/tomcat 192.168.40.181/test/tomcat   v1        422fe599256a   4 weeks ago   803MB [root@test-server01 ~]# docker rmi 192.168.40.181/test/tomcat:v1 Untagged: 192.168.40.181/test/tomcat:v1 Untagged: 192.168.40.181/test/tomcat@sha256:99c83711e386c7de760bc2c549b231995928bcb37b0d27b7d6478b6c332a5200 [root@test-server01 ~]# docker images |grep test/tomcat  #下载镜像 [root@test-server01 ~]# docker pull 192.168.40.181/test/tomcat:v1 v1: Pulling from test/tomcat Digest: sha256:99c83711e386c7de760bc2c549b231995928bcb37b0d27b7d6478b6c332a5200 Status: Downloaded newer image for 192.168.40.181/test/tomcat:v1 192.168.40.181/test/tomcat:v1 You have new mail in /var/spool/mail/root [root@test-server01 ~]# docker images |grep test/tomcat 192.168.40.181/test/tomcat   v1        422fe599256a   4 weeks ago   803MB 

页面可以看到下载次数已经是1了在这里插入图片描述

广告一刻

为您即时展示最新活动产品广告消息,让您随时掌握产品活动新动态!