Linux 中基于 Docker 搭建 harbor 私有镜像仓库(超级详细)
作者:A-刘晨阳
- 2022-11-22 北京
本文字数:10630 字
阅读完需:约 35 分钟
前言
Docker 容器应用的开发和运行离不开可靠的镜像管理,虽然 Docker 官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的 Registry 也是非常必要的。
Harbor 仓库介绍
我们在日常 Docker 容器使用和管理过程中,渐渐发现部署企业私有仓库往往是很有必要的, 它可以帮助你管理企业的一些敏感镜像, 同时由于 Docker Hub 的下载速度和 GFW 的原因, 往往需要将一些无法直接下载的镜像导入本地私有仓库. 而 Harbor 就是部署企业私有仓库的一个不二之选。Harbor 是由 VMware 公司开源的企业级的 Docker Registry 管理项目,Harbor 主要提供 Dcoker Registry 管理 UI,提供的功能包括:基于角色访问的控制权限管理(RBAC)、AD/LDAP 集成、日志审核、管理界面、自我注册、镜像复制和中文支持等。Harbor 的目标是帮助用户迅速搭建一个企业级的 Docker registry 服务。它以 Docker 公司开源的 registry 为基础,额外提供了如下功能:-> 基于角色的访问控制(Role Based Access Control)-> 基于策略的镜像复制(Policy based image replication)-> 镜像的漏洞扫描(Vulnerability Scanning)-> AD/LDAP 集成(LDAP/AD support)-> 镜像的删除和空间清理(Image deletion & garbage collection)-> 友好的管理 UI(Graphical user portal)-> 审计日志(Audit logging)-> RESTful API-> 部署简单(Easy deployment)
Harbor 的所有组件都在 Dcoker 中部署,所以 Harbor 可使用 Docker Compose 快速部署。需要特别注意:**由于 Harbor 是基于 Docker Registry V2 版本,所以 docker 必须大于等于 1.10.0 版本,docker-compose 必须要大于 1.6.0 版本!**
Harbor 仓库结构
Harbor 的每个组件都是以 Docker 容器的形式构建的,可以使用 Docker Compose 来进行部署。如果环境中使用了 kubernetes,Harbor 也提供了 kubernetes 的配置文件。Harbor 大概需要以下几个容器组成:ui(Harbor 的核心服务)、log(运行着 rsyslog 的容器,进行日志收集)、mysql(由官方 mysql 镜像构成的数据库容器)、Nginx(使用 Nginx 做反向代理)、registry(官方的 Docker registry)、adminserver(Harbor 的配置数据管理器)、jobservice(Harbor 的任务管理服务)、redis(用于存储 session)。
Harbor 是一个用于存储和分发 Docker 镜像的企业级 Registry 服务器,整体架构还是很清晰的。下面借用了网上的架构图:
安装 docker
首先要想部署 harbor 镜像仓库,我们就必须要 docker 服务,所以说先安装 docker,安装步骤详情可以查看一下的安装步骤;linux(centos)中部署docker(步骤超全,含带一些发展史和一些概念)
启动 docker 和设置开机自启
安装完成之后加载并启动 docker 和设置开机自启
#重新加载systemctl daemon-reload#启动dockersystemctl start docker#设置开机自启systemctl enable docker
复制代码
安装 docker-compose
具体 docker-compose 的安装可以查看:Linux中安装/部署docker-compose
搭建 harbor 镜像仓库
1、下载 harbor 的安装包
执行两次,第一次是加载,第二次是下载;
wget https://github.com/goharbor/harbor/releases/download/v2.4.2/harbor-offline-installer-v2.4.2.tgz
复制代码
若下载慢或者连不上,可以使用如下命令下载
wget https://mirror.ghproxy.com/https://github.com/goharbor/harbor/releases/download/v2.4.2/harbor-offline-installer-v2.4.2.tgz
复制代码
2、下载完进行解压
tar -xvf harbor-offline-installer-v2.4.2.tgz
复制代码
3、编辑配置文件
#进入harbor目录cd harbor#复制一份harbor的配置文件并改名harbor.ymlcp -ar harbor.yml.tmpl harbor.yml#vim进入配置文件vim harbor.yml
复制代码
修改以下内容:
hostname: 192.168.2.22 #这里配置的监听地址,也可以是域名 port: 10010 #这里配置监听端口
harbor_admin_password: 123456 # 配置admin用户的密码 data_volume: /data/harbor #配置数据仓库 # 注释https,在13行开始
复制代码
4、安装 harbor
编辑完配置我们来安装 harbor;
# Harbor安装环境预处理./prepare# 安装并启动Harbor./install.sh# 检查是否安装成功(应该是启动9个容器)要在harbor目录下操作,否则docker-compose会又问题;docker-compose ps
复制代码
安装过程(可省略不看)
# Harbor安装环境预处理[root@localhost harbor]# ./prepare prepare base dir is set to /usr/local/harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsGenerated configuration file: /config/portal/nginx.confGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/registryctl/config.ymlGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlGenerated and saved secret to file: /data/secret/keys/secretkeySuccessfully called func: create_root_certGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dir
# 安装并启动Harbor[root@localhost harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.6
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.29.2
[Step 2]: loading Harbor images ...0e1c91c1a3dc: Loading layer [==================================================>] 41.07MB/41.07MB7abced50bfd2: Loading layer [==================================================>] 5.296MB/5.296MB43ad630c07b8: Loading layer [==================================================>] 5.928MB/5.928MB3457e72d7725: Loading layer [==================================================>] 14.47MB/14.47MB4a079b4b377a: Loading layer [==================================================>] 29.29MB/29.29MB7b180b7bf3b4: Loading layer [==================================================>] 22.02kB/22.02kB7b678649a1be: Loading layer [==================================================>] 14.47MB/14.47MBLoaded image: goharbor/notary-signer-photon:v2.4.24f650960b0dc: Loading layer [==================================================>] 5.832MB/5.832MB967788659fd5: Loading layer [==================================================>] 4.096kB/4.096kB30cc19bdf2d6: Loading layer [==================================================>] 3.072kB/3.072kB9ccede1a4324: Loading layer [==================================================>] 47.85MB/47.85MB86f4685faff0: Loading layer [==================================================>] 12.38MB/12.38MB25af1cf9c44e: Loading layer [==================================================>] 61.02MB/61.02MBLoaded image: goharbor/trivy-adapter-photon:v2.4.20c68eb0d6bac: Loading layer [==================================================>] 166MB/166MB9df9445e80b3: Loading layer [==================================================>] 67.71MB/67.71MB3017f66ba184: Loading layer [==================================================>] 2.56kB/2.56kB9dc332519067: Loading layer [==================================================>] 1.536kB/1.536kBd1baaa0c2bb4: Loading layer [==================================================>] 12.29kB/12.29kBe911a97738e0: Loading layer [==================================================>] 2.62MB/2.62MB6fbfaf19de14: Loading layer [==================================================>] 326.1kB/326.1kBLoaded image: goharbor/prepare:v2.4.2323ed00cae7e: Loading layer [==================================================>] 8.447MB/8.447MBc3f8c4668352: Loading layer [==================================================>] 3.584kB/3.584kB94b71cd07106: Loading layer [==================================================>] 2.56kB/2.56kB5d5638decfe4: Loading layer [==================================================>] 75.6MB/75.6MB48426521f41c: Loading layer [==================================================>] 5.632kB/5.632kBbb977315930e: Loading layer [==================================================>] 97.28kB/97.28kB2a80a5f64ee7: Loading layer [==================================================>] 11.78kB/11.78kB0a5146355ed0: Loading layer [==================================================>] 76.5MB/76.5MB7d5eac57d5fa: Loading layer [==================================================>] 2.56kB/2.56kBLoaded image: goharbor/harbor-core:v2.4.2f7cedf07c50c: Loading layer [==================================================>] 8.447MB/8.447MBb2a916599ac7: Loading layer [==================================================>] 3.584kB/3.584kB3bc2556f46f8: Loading layer [==================================================>] 2.56kB/2.56kBa9cc192089ec: Loading layer [==================================================>] 86.96MB/86.96MB9e9c53c1bd85: Loading layer [==================================================>] 87.75MB/87.75MBLoaded image: goharbor/harbor-jobservice:v2.4.26111e09009c2: Loading layer [==================================================>] 7.222MB/7.222MBLoaded image: goharbor/nginx-photon:v2.4.2f4658d2c3aa3: Loading layer [==================================================>] 8.447MB/8.447MB4b7bdcad271f: Loading layer [==================================================>] 18.13MB/18.13MBcbb8c130a490: Loading layer [==================================================>] 4.608kB/4.608kBf1367013643c: Loading layer [==================================================>] 18.93MB/18.93MBLoaded image: goharbor/harbor-exporter:v2.4.2a1b12e0ab8ea: Loading layer [==================================================>] 5.296MB/5.296MBdf6629a5ee28: Loading layer [==================================================>] 5.928MB/5.928MB944fcde3a84b: Loading layer [==================================================>] 15.88MB/15.88MB300e181c27cf: Loading layer [==================================================>] 29.29MB/29.29MB87f01e78dde1: Loading layer [==================================================>] 22.02kB/22.02kB8306283aa89d: Loading layer [==================================================>] 15.88MB/15.88MBLoaded image: goharbor/notary-server-photon:v2.4.2c635aace513a: Loading layer [==================================================>] 5.3MB/5.3MB8deb84525956: Loading layer [==================================================>] 64.5MB/64.5MB5d1431f9963f: Loading layer [==================================================>] 3.072kB/3.072kBfaeb0aac7135: Loading layer [==================================================>] 4.096kB/4.096kB7ade25e3acdb: Loading layer [==================================================>] 65.29MB/65.29MBLoaded image: goharbor/chartmuseum-photon:v2.4.227495e3181af: Loading layer [==================================================>] 7.222MB/7.222MB88649dba6134: Loading layer [==================================================>] 7.356MB/7.356MB875f964b6f85: Loading layer [==================================================>] 1.754MB/1.754MBLoaded image: goharbor/harbor-portal:v2.4.2c724cc796747: Loading layer [==================================================>] 124.3MB/124.3MBb6c853c6dc0d: Loading layer [==================================================>] 3.584kB/3.584kB0c5772798040: Loading layer [==================================================>] 3.072kB/3.072kBc5f3bfcfa62d: Loading layer [==================================================>] 2.56kB/2.56kB2602a8530e9d: Loading layer [==================================================>] 3.072kB/3.072kBba9b43b5ffb1: Loading layer [==================================================>] 3.584kB/3.584kBcf92b578ba00: Loading layer [==================================================>] 20.48kB/20.48kBLoaded image: goharbor/harbor-log:v2.4.2fc1f8cdaf1ce: Loading layer [==================================================>] 1.096MB/1.096MBeb68e72cbb03: Loading layer [==================================================>] 5.888MB/5.888MB53a31c9e9836: Loading layer [==================================================>] 166.2MB/166.2MBbed7172f8681: Loading layer [==================================================>] 17.75MB/17.75MBc8fcd33ae148: Loading layer [==================================================>] 4.096kB/4.096kB0c8d734a07ee: Loading layer [==================================================>] 6.144kB/6.144kBc01db4825573: Loading layer [==================================================>] 3.072kB/3.072kB4802d0abc8ba: Loading layer [==================================================>] 2.048kB/2.048kB70bafeb87c65: Loading layer [==================================================>] 2.56kB/2.56kB376ced88e40e: Loading layer [==================================================>] 2.56kB/2.56kB0ba55f221469: Loading layer [==================================================>] 2.56kB/2.56kB55cac263100c: Loading layer [==================================================>] 8.704kB/8.704kBLoaded image: goharbor/harbor-db:v2.4.230ed654bbb0e: Loading layer [==================================================>] 5.301MB/5.301MB51a81f0bf9ea: Loading layer [==================================================>] 4.096kB/4.096kB12992ea6b45e: Loading layer [==================================================>] 3.072kB/3.072kB91b97bcaa9d7: Loading layer [==================================================>] 17.32MB/17.32MB1a992360f6fa: Loading layer [==================================================>] 18.12MB/18.12MBLoaded image: goharbor/registry-photon:v2.4.2d7224235291f: Loading layer [==================================================>] 5.301MB/5.301MBdd26d9070a7b: Loading layer [==================================================>] 4.096kB/4.096kB4022ecee5f13: Loading layer [==================================================>] 17.32MB/17.32MB93d727d0accc: Loading layer [==================================================>] 3.072kB/3.072kB8a56be8f0b84: Loading layer [==================================================>] 28.69MB/28.69MB629472303402: Loading layer [==================================================>] 46.81MB/46.81MBLoaded image: goharbor/harbor-registryctl:v2.4.2bf4dfb7b7a70: Loading layer [==================================================>] 120.1MB/120.1MBa0b0ce804b6b: Loading layer [==================================================>] 3.072kB/3.072kBf088aae660dd: Loading layer [==================================================>] 59.9kB/59.9kB2c15508db9bd: Loading layer [==================================================>] 61.95kB/61.95kBLoaded image: goharbor/redis-photon:v2.4.2
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...prepare base dir is set to /usr/local/harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsClearing the configuration file: /config/portal/nginx.confClearing the configuration file: /config/log/logrotate.confClearing the configuration file: /config/log/rsyslog_docker.confClearing the configuration file: /config/nginx/nginx.confClearing the configuration file: /config/core/envClearing the configuration file: /config/core/app.confClearing the configuration file: /config/registry/passwdClearing the configuration file: /config/registry/config.ymlClearing the configuration file: /config/registryctl/envClearing the configuration file: /config/registryctl/config.ymlClearing the configuration file: /config/db/envClearing the configuration file: /config/jobservice/envClearing the configuration file: /config/jobservice/config.ymlGenerated configuration file: /config/portal/nginx.confGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/registryctl/config.ymlGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlloaded secret from file: /data/secret/keys/secretkeyGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dir
Note: stopping existing Harbor instance ...Stopping registryctl ... doneStopping harbor-db ... doneStopping harbor-portal ... doneStopping redis ... doneStopping harbor-log ... doneRemoving registryctl ... doneRemoving harbor-db ... doneRemoving harbor-portal ... doneRemoving redis ... doneRemoving harbor-log ... doneRemoving network harbor_harbor
[Step 5]: starting Harbor ...Creating network "harbor_harbor" with the default driverCreating harbor-log ... doneCreating harbor-db ... doneCreating redis ... doneCreating registryctl ... doneCreating harbor-portal ... doneCreating registry ... doneCreating harbor-core ... doneCreating nginx ... doneCreating harbor-jobservice ... done✔ ----Harbor has been installed and started successfully.----
# 检查是否安装成功(应该是启动9个容器)[root@localhost harbor]# docker-compose ps -a Name Command State Ports ---------------------------------------------------------------------------------------------harbor-core /harbor/entrypoint.sh Up (healthy) harbor-db /docker-entrypoint.sh 96 13 Up (healthy) harbor-jobservice /harbor/entrypoint.sh Up (healthy) harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcpharbor-portal nginx -g daemon off; Up (healthy) nginx nginx -g daemon off; Up (healthy) 0.0.0.0:10010->8080/tcp redis redis-server /etc/redis.conf Up (healthy) registry /home/harbor/entrypoint.sh Up (healthy) registryctl /home/harbor/start.sh Up (healthy)
复制代码
5、修改 docker 配置
# 由于docker默认不允许使用非https方式推送镜像,所以在需要pull镜像的服务器配置访问地址vim /etc/docker/daemon.json#添加如下内容(客户端访问的网址): "registry-mirrors":[ "https://njrds9qc.mirror.aliyuncs.com" ], "insecure-registries" :[ "192.168.2.22:10010" ]#或者,具体看自己的版本,版本不一样,写的格式就不一样。"insecure-registries": ["192.168.2.22:10010"]# 重启docker和harbor容器;要在harbor目录下操作,否则docker-compose会又问题;systemctl restart dockerdocker-compose stopdocker-compose up -d
# docker登录方式docker login 192.168.2.22:10010#或者 docker login -uadmin -p123456 192.168.2.22:10010
复制代码
6、访问 harbor 页面
访问地址:(ip:端口)192.168.2.22:10010 用户名:admin 密码:123456 登录进入;
7、上传镜像
①、查看所有镜像
找到你要上传的镜像。
[root@localhost ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEbusybox latest beae173ccac6 4 months ago 1.24MB
复制代码
②、给要上传的镜像 tag 打个标签(修改镜像名)
注意:**一定要加上项目名称**
格式:
docker tag 镜像名:版本 your-ip:端口/项目名称/新的镜像名:版本
复制代码
实例:
docker tag busybox:latest 192.168.2.22:10010/library/busybox:v1
复制代码
查看打好标签的镜像:
[root@localhost ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEbusybox latest beae173ccac6 4 months ago 1.24MB192.168.2.22:10010/library/busybox v1 beae173ccac6 4 months ago 1.24MB
复制代码
③、推送镜像到 harbor 仓库
格式:
docker push 修改的镜像名
复制代码
实例:
[root@localhost ~]# docker push 192.168.2.22:10010/library/busybox:v1The push refers to repository [192.168.2.22:10010/library/busybox]01fd6df81c8e: Layer already exists v1: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527
复制代码
④、web 页面查看
然后我们去 web 页面看,登录页面 192.168.2.22:10010,然后去查看。
这个就是我们的项目名称了,我们点进去就可以看到我们上传的镜像了。
然后再次点击进去就可以看到更详细的了;
这里我们的上传镜像就完成了。
8、拉取镜像
①、拉取方法一
拉取镜像的话,我们可以点击这个小按钮,然后直接粘贴到 linux 中等待拉取就可以了;
②、拉取方法二
格式:
docker pull 上传时修改的镜像名
复制代码
实例:
[root@localhost ~]# docker pull 192.168.2.22:10010/library/busybox:v1v1: Pulling from library/busyboxDigest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732deeStatus: Downloaded newer image for 192.168.2.22:10010/library/busybox:v1192.168.2.22:10010/library/busybox:v1
复制代码
③、查看拉过来的镜像:
[root@localhost ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE192.168.2.22:10010/library/busybox v1 beae173ccac6 4 months ago 1.24MB
复制代码
要是想要原来的镜像名,我们可以 tag 来修改镜像镜像名和版本。
9、删除 harbor 镜像库中的镜像
删除镜像就是直接在 web 页面操作的;
①、访问 harbor 并登录
192.168.2.22:10010
②、查看镜像详情
点击项目——点击项目名称
③、删除 harbor 镜像库中的镜像
找到要删除的镜像,选中前面的空白框;
选中要删除的镜像——点击删除——确认删除
这样就删除成功了。
好了,今天所有的到此结束了,感谢大家的阅读。
总结
相关文章:
①、Docker——denied: requested access to the resource is denied问题以及解决方法②、Docker搭建harbor私有镜像仓库(命令行模式)③、Linux中安装/部署docker-compose④、Docker发布/上传镜像到dockerhub&&下载/拉取镜像&&删除dockerhub镜像
划线
评论
复制
发布于: 刚刚阅读数: 4
版权声明: 本文为 InfoQ 作者【A-刘晨阳】的原创文章。
原文链接:【http://xie.infoq.cn/article/faa9ee456452891828cc080b8】。未经作者许可,禁止转载。
A-刘晨阳
关注
还未添加个人签名 2022-06-16 加入
本人公众号《小刘Linux》,优质博主,欢迎大家的关注
评论