Docker搭建Harbor公開(kāi)倉(cāng)庫(kù)的方法示例
上一篇博文講到了Registry私有倉(cāng)庫(kù),今天配置一下Harbor倉(cāng)庫(kù),Harbor呢可以作為公開(kāi)倉(cāng)庫(kù),也可以作為私有倉(cāng)庫(kù),今天就來(lái)配置一下Harbor如何實(shí)現(xiàn)公開(kāi)倉(cāng)庫(kù)和私有倉(cāng)庫(kù)。
關(guān)于Registry公開(kāi)倉(cāng)庫(kù)請(qǐng)?jiān)L問(wèn)博文:部署Docker私有倉(cāng)庫(kù)Registry
Registry和Harbor的區(qū)別
- Registry:是一個(gè)私有鏡像倉(cāng)庫(kù),圖形化支持較差,小型企業(yè)使用;
- Harbor:支持可視化管理,支持私有倉(cāng)庫(kù)和公有倉(cāng)庫(kù),支持鏡像的管理控制;
Docker Harbor的優(yōu)點(diǎn)
- VMWare公司的開(kāi)源鏡像管理解決方案;
- 支持圖形化管理;
- 方便訪問(wèn)和配置;
- 方便鏡像訪問(wèn)控制;
- 支持鏡像負(fù)責(zé)策略;
- 審計(jì)統(tǒng)計(jì)用戶訪問(wèn)鏡像使用情況;
Docker Harbor依賴的程序
- Python;
- 安裝Docker;
- Docker Compose;
一、搭建Harbor倉(cāng)庫(kù)
案例描述:
兩臺(tái)CentOS7.4,一臺(tái)服務(wù)器端,一臺(tái)客戶端(測(cè)試使用);
兩臺(tái)服務(wù)器都要安裝Docker服務(wù),我這里Docker版本是19.03.9版本;
關(guān)于Docker容器的安裝請(qǐng)?jiān)L問(wèn):安裝Docker.v19。03.9版本
1、配置Docker Compose
訪問(wèn)道云官網(wǎng),找到安裝Docker Compose,復(fù)制命令到Docker服務(wù)器端:道云
[root@centos01 ~]# curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.5/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose <!--下載Docker Compose--> [root@centos01 ~]# chmod +x /usr/local/bin/docker-compose <!--Docker Compose添加執(zhí)行權(quán)限--> [root@centos01 ~]# docker-compose -v <!--查看Docker Compose版本--> docker-compose version 1.25.5, build 8a1c60f6
2、配置Docker Harbor公開(kāi)倉(cāng)庫(kù)
1)打開(kāi)Github官網(wǎng)
打開(kāi)Github官網(wǎng)搜索harbor,再點(diǎn)擊goharbor/harbor,再點(diǎn)擊“releases”,根據(jù)自己所需,下載相應(yīng)的版本,上傳至服務(wù)器(網(wǎng)址如下:https://github.com/goharbor/harbor/releases 也可下載在線安裝的包,我沒(méi)試過(guò),可自行嘗試),如下:
2)配置Harbor倉(cāng)庫(kù)
harbor-online-installer-v1.9.1.tgz <!--上傳Harbor壓縮包--> [root@centos01 ~]# tar zxvf harbor-online-installer-v1.9.1.tgz -C /usr/local/ <!--解壓縮harbor到/usr/local/目錄--> [root@centos01 ~]# cd /usr/local/harbor/ <!--進(jìn)入Harbor目錄--> [root@centos01 harbor]# cp harbor.yml harbor.yml.bak <!--備份Harbor主配置文件--> [root@centos01 harbor]# vim harbor.yml <!--修改Harbor主配置文件--> 5 hostname: 192.168.100.10 <!--修改為Docker服務(wù)器端IP地址即可--> <!--hostname可以寫(xiě)域名,不過(guò)域名還需要更改hosts文件或者安裝DNS,我這里就用IP地址--> 8 http: <!--采用http協(xié)議--> 10 port: 80 <!--80端口號(hào)--> 27 harbor_admin_password: Harbor12345 <!--默認(rèn)密碼,可以自定義--> [root@centos01 harbor]# ./install.sh <!--安裝Harbor--> [Step 0]: checking installation environment ... Note: docker version: 19.03.9 Note: docker-compose version: 1.25.5 ……………… <!--此處省略部分內(nèi)容--> Creating harbor-log ... done Creating registryctl ... done Creating redis ... done Creating harbor-portal ... done Creating registry ... done Creating harbor-db ... done Creating harbor-core ... done Creating nginx ... done Creating harbor-jobservice ... done ✔ ----Harbor has been installed and started successfully.---- Now you should be able to visit the admin portal at http://www.benet.com . For more details, please visit https://github.com/goharbor/harbor . <!--安裝完成出現(xiàn)以上代碼表示成功--> [root@centos01 ~]# vim /usr/lib/systemd/system/docker.service <!--編輯此配置文件--> 14 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.100.10:80 <!--定位到此行,后面添加“--insecure-registr”以便指定Harbor的IP及其監(jiān)聽(tīng)端口--> [root@centos01 harbor]# systemctl daemon-reload <!--守護(hù)進(jìn)程方式運(yùn)行docker--> [root@centos01 harbor]# systemctl restart docker <!--重新啟動(dòng)Docker服務(wù)--> [root@centos01 harbor]# docker-compose stop <!--停止所有容器--> [root@centos01 harbor]# docker-compose start <!--啟動(dòng)所有容器--> [root@centos01 harbor]# netstat -anptu |grep 80 <!--監(jiān)聽(tīng)80端口--> tcp6 0 0 :::80 :::* LISTEN 23473/docker-proxy
3)安裝完成瀏覽器訪問(wèn)Harbor倉(cāng)庫(kù)
4)創(chuàng)建一個(gè)公開(kāi)倉(cāng)庫(kù)
5)確保image公開(kāi)倉(cāng)庫(kù)已經(jīng)創(chuàng)建成功
6)Docker服務(wù)器端登錄Harbor倉(cāng)庫(kù)
[root@centos01 ~]# docker login -uadmin -pHarbor12345 192.168.100.10:80 <!--登錄Harbor倉(cāng)庫(kù)--> WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded <!--出現(xiàn)此提示表示登錄成功--> [root@centos01 ~]# docker tag tomcat:latest 192.168.100.10:80/image/nginx:nginx <!--修改鏡像標(biāo)簽--> [root@centos01 ~]# docker push 192.168.100.10:80/image/nginx:nginx <!--上傳鏡像到Harbor倉(cāng)庫(kù)--> [root@centos01 ~]# docker logout 192.168.100.10:80 <!--Docker服務(wù)器退出Harbor--> Removing login credentials for 192.168.100.10:80
7)Harbor查看鏡像是否上傳成功
3、配置Docker客戶端
<!--Docker客戶端安裝Docker服務(wù)--> 1)修改配置文件加載Docker Harbor服務(wù)器 [root@centos02 ~]# vim /usr/lib/systemd/system/docker.service <!--編輯此配置文件--> ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry 192.168.100.10:80 <!--定位到此行,后面添加“--insecure-registr”以便指定Harbor的IP及其監(jiān)聽(tīng)端口--> [root@centos02 ~]# systemctl daemon-reload <!--守護(hù)進(jìn)程運(yùn)行docker--> [root@centos02 ~]# systemctl restart docker <!--重新啟動(dòng)docker服務(wù)--> [root@centos02 ~]# docker login -uadmin -pHarbor12345 192.168.100.10:80 <!--docker客戶端登錄Harbor--> WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded <!--登錄成功--> [root@centos02 ~]# docker pull 192.168.100.10:80/image/nginx:nginx <!--docker客戶端下載Harbor公開(kāi)倉(cāng)庫(kù)中的鏡像--> [root@centos02 ~]# docker images <!--查看Docker客戶端鏡像--> REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.100.10:80/image/nginx nginx 1b6b1fe7261e 7 days ago 647MB
4、創(chuàng)建Harbor私有倉(cāng)庫(kù)
1)創(chuàng)建私有倉(cāng)庫(kù)
2)創(chuàng)建一個(gè)用戶
3)將剛創(chuàng)建的private用戶添加到private私有倉(cāng)庫(kù)中
4)上傳鏡像到Harbor私有倉(cāng)庫(kù)
[root@centos01 ~]# docker tag tomcat:latest 192.168.100.10:80/private/tomcat:tomcat <!--Docker服務(wù)器修改鏡像標(biāo)簽--> [root@centos01 ~]# docker login -uprivate -pHarbor12345 192.168.100.10:80 <!--登錄Harbor私有倉(cāng)庫(kù)--> WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded <!--登錄成功--> [root@centos01 ~]# docker push 192.168.100.10:80/private/tomcat:tomcat <!--上傳鏡像到private私有倉(cāng)庫(kù)-->
5)Harbor查看鏡像是否上傳成功
6)Docker客戶端下載私有倉(cāng)庫(kù)中的鏡像
[root@centos02 ~]# docker login -uprivate -pHarbor12345 192.168.100.10:80 <!--Docker客戶端登錄Harbor私有倉(cāng)庫(kù)--> WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded <!--登錄成功--> [root@centos02 ~]# docker pull 192.168.100.10:80/private/tomcat:tomcat <!--Docker客戶端下載Harbor私有倉(cāng)庫(kù)中的鏡像--> [root@centos02 ~]# docker images <!--Docker客戶端查看鏡像是否下載成功--> REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.100.10:80/image/nginx nginx 1b6b1fe7261e 7 days ago 647MB 192.168.100.10:80/private/tomcat tomcat 1b6b1fe7261e 7 days ago 647MB
7)Harbor支持日志統(tǒng)計(jì)功能
到此這篇關(guān)于Docker搭建Harbor公開(kāi)倉(cāng)庫(kù)的方法示例的文章就介紹到這了,更多相關(guān)Docker搭建Harbor公開(kāi)倉(cāng)庫(kù)內(nèi)容請(qǐng)搜索本站以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持本站!
版權(quán)聲明:本站文章來(lái)源標(biāo)注為YINGSOO的內(nèi)容版權(quán)均為本站所有,歡迎引用、轉(zhuǎn)載,請(qǐng)保持原文完整并注明來(lái)源及原文鏈接。禁止復(fù)制或仿造本網(wǎng)站,禁止在非www.sddonglingsh.com所屬的服務(wù)器上建立鏡像,否則將依法追究法律責(zé)任。本站部分內(nèi)容來(lái)源于網(wǎng)友推薦、互聯(lián)網(wǎng)收集整理而來(lái),僅供學(xué)習(xí)參考,不代表本站立場(chǎng),如有內(nèi)容涉嫌侵權(quán),請(qǐng)聯(lián)系alex-e#qq.com處理。