写点什么

Linux 中基于 Docker 搭建 harbor 私有镜像仓库(超级详细)

作者:A-刘晨阳
  • 2022-11-22
    北京
  • 本文字数:10630 字

    阅读完需:约 35 分钟

前言

Docker 容器应用的开发和运行离不开可靠的镜像管理,虽然 Docker 官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的 Registry 也是非常必要的。

Harbor 仓库介绍

我们在日常 Docker 容器使用和管理过程中,渐渐发现部署企业私有仓库往往是很有必要的, 它可以帮助你管理企业的一些敏感镜像, 同时由于 Docker Hub 的下载速度和 GFW 的原因, 往往需要将一些无法直接下载的镜像导入本地私有仓库. 而 Harbor 就是部署企业私有仓库的一个不二之选。Harbor 是由 VMware 公司开源的企业级的 Docker Registry 管理项目,Harbor 主要提供 Dcoker Registry 管理 UI,提供的功能包括:基于角色访问的控制权限管理(RBAC)、AD/LDAP 集成、日志审核、管理界面、自我注册、镜像复制和中文支持等。Harbor 的目标是帮助用户迅速搭建一个企业级的 Docker registry 服务。它以 Docker 公司开源的 registry 为基础,额外提供了如下功能:-> 基于角色的访问控制(Role Based Access Control)-> 基于策略的镜像复制(Policy based image replication)-> 镜像的漏洞扫描(Vulnerability Scanning)-> AD/LDAP 集成(LDAP/AD support)-> 镜像的删除和空间清理(Image deletion & garbage collection)-> 友好的管理 UI(Graphical user portal)-> 审计日志(Audit logging)-> RESTful API-> 部署简单(Easy deployment)


Harbor 的所有组件都在 Dcoker 中部署,所以 Harbor 可使用 Docker Compose 快速部署。需要特别注意:**由于 Harbor 是基于 Docker Registry V2 版本,所以 docker 必须大于等于 1.10.0 版本,docker-compose 必须要大于 1.6.0 版本!**

Harbor 仓库结构

Harbor 的每个组件都是以 Docker 容器的形式构建的,可以使用 Docker Compose 来进行部署。如果环境中使用了 kubernetes,Harbor 也提供了 kubernetes 的配置文件。Harbor 大概需要以下几个容器组成:ui(Harbor 的核心服务)、log(运行着 rsyslog 的容器,进行日志收集)、mysql(由官方 mysql 镜像构成的数据库容器)、Nginx(使用 Nginx 做反向代理)、registry(官方的 Docker registry)、adminserver(Harbor 的配置数据管理器)、jobservice(Harbor 的任务管理服务)、redis(用于存储 session)。


Harbor 是一个用于存储和分发 Docker 镜像的企业级 Registry 服务器,整体架构还是很清晰的。下面借用了网上的架构图:







安装 docker

首先要想部署 harbor 镜像仓库,我们就必须要 docker 服务,所以说先安装 docker,安装步骤详情可以查看一下的安装步骤;linux(centos)中部署docker(步骤超全,含带一些发展史和一些概念)

启动 docker 和设置开机自启

安装完成之后加载并启动 docker 和设置开机自启


#重新加载systemctl daemon-reload#启动dockersystemctl start docker#设置开机自启systemctl enable docker
复制代码


安装 docker-compose

具体 docker-compose 的安装可以查看:Linux中安装/部署docker-compose

搭建 harbor 镜像仓库

1、下载 harbor 的安装包

执行两次,第一次是加载,第二次是下载;


wget https://github.com/goharbor/harbor/releases/download/v2.4.2/harbor-offline-installer-v2.4.2.tgz
复制代码


若下载慢或者连不上,可以使用如下命令下载


wget https://mirror.ghproxy.com/https://github.com/goharbor/harbor/releases/download/v2.4.2/harbor-offline-installer-v2.4.2.tgz
复制代码

2、下载完进行解压

tar -xvf harbor-offline-installer-v2.4.2.tgz
复制代码

3、编辑配置文件

#进入harbor目录cd harbor#复制一份harbor的配置文件并改名harbor.ymlcp -ar harbor.yml.tmpl harbor.yml#vim进入配置文件vim harbor.yml
复制代码


修改以下内容:


hostname: 192.168.2.22  #这里配置的监听地址,也可以是域名 port: 10010 #这里配置监听端口
harbor_admin_password: 123456 # 配置admin用户的密码 data_volume: /data/harbor #配置数据仓库 # 注释https,在13行开始
复制代码


4、安装 harbor

编辑完配置我们来安装 harbor;


# Harbor安装环境预处理./prepare# 安装并启动Harbor./install.sh# 检查是否安装成功(应该是启动9个容器)要在harbor目录下操作,否则docker-compose会又问题;docker-compose ps
复制代码

安装过程(可省略不看)

# Harbor安装环境预处理[root@localhost harbor]# ./prepare prepare base dir is set to /usr/local/harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsGenerated configuration file: /config/portal/nginx.confGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/registryctl/config.ymlGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlGenerated and saved secret to file: /data/secret/keys/secretkeySuccessfully called func: create_root_certGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dir

# 安装并启动Harbor[root@localhost harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.6
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.29.2
[Step 2]: loading Harbor images ...0e1c91c1a3dc: Loading layer [==================================================>] 41.07MB/41.07MB7abced50bfd2: Loading layer [==================================================>] 5.296MB/5.296MB43ad630c07b8: Loading layer [==================================================>] 5.928MB/5.928MB3457e72d7725: Loading layer [==================================================>] 14.47MB/14.47MB4a079b4b377a: Loading layer [==================================================>] 29.29MB/29.29MB7b180b7bf3b4: Loading layer [==================================================>] 22.02kB/22.02kB7b678649a1be: Loading layer [==================================================>] 14.47MB/14.47MBLoaded image: goharbor/notary-signer-photon:v2.4.24f650960b0dc: Loading layer [==================================================>] 5.832MB/5.832MB967788659fd5: Loading layer [==================================================>] 4.096kB/4.096kB30cc19bdf2d6: Loading layer [==================================================>] 3.072kB/3.072kB9ccede1a4324: Loading layer [==================================================>] 47.85MB/47.85MB86f4685faff0: Loading layer [==================================================>] 12.38MB/12.38MB25af1cf9c44e: Loading layer [==================================================>] 61.02MB/61.02MBLoaded image: goharbor/trivy-adapter-photon:v2.4.20c68eb0d6bac: Loading layer [==================================================>] 166MB/166MB9df9445e80b3: Loading layer [==================================================>] 67.71MB/67.71MB3017f66ba184: Loading layer [==================================================>] 2.56kB/2.56kB9dc332519067: Loading layer [==================================================>] 1.536kB/1.536kBd1baaa0c2bb4: Loading layer [==================================================>] 12.29kB/12.29kBe911a97738e0: Loading layer [==================================================>] 2.62MB/2.62MB6fbfaf19de14: Loading layer [==================================================>] 326.1kB/326.1kBLoaded image: goharbor/prepare:v2.4.2323ed00cae7e: Loading layer [==================================================>] 8.447MB/8.447MBc3f8c4668352: Loading layer [==================================================>] 3.584kB/3.584kB94b71cd07106: Loading layer [==================================================>] 2.56kB/2.56kB5d5638decfe4: Loading layer [==================================================>] 75.6MB/75.6MB48426521f41c: Loading layer [==================================================>] 5.632kB/5.632kBbb977315930e: Loading layer [==================================================>] 97.28kB/97.28kB2a80a5f64ee7: Loading layer [==================================================>] 11.78kB/11.78kB0a5146355ed0: Loading layer [==================================================>] 76.5MB/76.5MB7d5eac57d5fa: Loading layer [==================================================>] 2.56kB/2.56kBLoaded image: goharbor/harbor-core:v2.4.2f7cedf07c50c: Loading layer [==================================================>] 8.447MB/8.447MBb2a916599ac7: Loading layer [==================================================>] 3.584kB/3.584kB3bc2556f46f8: Loading layer [==================================================>] 2.56kB/2.56kBa9cc192089ec: Loading layer [==================================================>] 86.96MB/86.96MB9e9c53c1bd85: Loading layer [==================================================>] 87.75MB/87.75MBLoaded image: goharbor/harbor-jobservice:v2.4.26111e09009c2: Loading layer [==================================================>] 7.222MB/7.222MBLoaded image: goharbor/nginx-photon:v2.4.2f4658d2c3aa3: Loading layer [==================================================>] 8.447MB/8.447MB4b7bdcad271f: Loading layer [==================================================>] 18.13MB/18.13MBcbb8c130a490: Loading layer [==================================================>] 4.608kB/4.608kBf1367013643c: Loading layer [==================================================>] 18.93MB/18.93MBLoaded image: goharbor/harbor-exporter:v2.4.2a1b12e0ab8ea: Loading layer [==================================================>] 5.296MB/5.296MBdf6629a5ee28: Loading layer [==================================================>] 5.928MB/5.928MB944fcde3a84b: Loading layer [==================================================>] 15.88MB/15.88MB300e181c27cf: Loading layer [==================================================>] 29.29MB/29.29MB87f01e78dde1: Loading layer [==================================================>] 22.02kB/22.02kB8306283aa89d: Loading layer [==================================================>] 15.88MB/15.88MBLoaded image: goharbor/notary-server-photon:v2.4.2c635aace513a: Loading layer [==================================================>] 5.3MB/5.3MB8deb84525956: Loading layer [==================================================>] 64.5MB/64.5MB5d1431f9963f: Loading layer [==================================================>] 3.072kB/3.072kBfaeb0aac7135: Loading layer [==================================================>] 4.096kB/4.096kB7ade25e3acdb: Loading layer [==================================================>] 65.29MB/65.29MBLoaded image: goharbor/chartmuseum-photon:v2.4.227495e3181af: Loading layer [==================================================>] 7.222MB/7.222MB88649dba6134: Loading layer [==================================================>] 7.356MB/7.356MB875f964b6f85: Loading layer [==================================================>] 1.754MB/1.754MBLoaded image: goharbor/harbor-portal:v2.4.2c724cc796747: Loading layer [==================================================>] 124.3MB/124.3MBb6c853c6dc0d: Loading layer [==================================================>] 3.584kB/3.584kB0c5772798040: Loading layer [==================================================>] 3.072kB/3.072kBc5f3bfcfa62d: Loading layer [==================================================>] 2.56kB/2.56kB2602a8530e9d: Loading layer [==================================================>] 3.072kB/3.072kBba9b43b5ffb1: Loading layer [==================================================>] 3.584kB/3.584kBcf92b578ba00: Loading layer [==================================================>] 20.48kB/20.48kBLoaded image: goharbor/harbor-log:v2.4.2fc1f8cdaf1ce: Loading layer [==================================================>] 1.096MB/1.096MBeb68e72cbb03: Loading layer [==================================================>] 5.888MB/5.888MB53a31c9e9836: Loading layer [==================================================>] 166.2MB/166.2MBbed7172f8681: Loading layer [==================================================>] 17.75MB/17.75MBc8fcd33ae148: Loading layer [==================================================>] 4.096kB/4.096kB0c8d734a07ee: Loading layer [==================================================>] 6.144kB/6.144kBc01db4825573: Loading layer [==================================================>] 3.072kB/3.072kB4802d0abc8ba: Loading layer [==================================================>] 2.048kB/2.048kB70bafeb87c65: Loading layer [==================================================>] 2.56kB/2.56kB376ced88e40e: Loading layer [==================================================>] 2.56kB/2.56kB0ba55f221469: Loading layer [==================================================>] 2.56kB/2.56kB55cac263100c: Loading layer [==================================================>] 8.704kB/8.704kBLoaded image: goharbor/harbor-db:v2.4.230ed654bbb0e: Loading layer [==================================================>] 5.301MB/5.301MB51a81f0bf9ea: Loading layer [==================================================>] 4.096kB/4.096kB12992ea6b45e: Loading layer [==================================================>] 3.072kB/3.072kB91b97bcaa9d7: Loading layer [==================================================>] 17.32MB/17.32MB1a992360f6fa: Loading layer [==================================================>] 18.12MB/18.12MBLoaded image: goharbor/registry-photon:v2.4.2d7224235291f: Loading layer [==================================================>] 5.301MB/5.301MBdd26d9070a7b: Loading layer [==================================================>] 4.096kB/4.096kB4022ecee5f13: Loading layer [==================================================>] 17.32MB/17.32MB93d727d0accc: Loading layer [==================================================>] 3.072kB/3.072kB8a56be8f0b84: Loading layer [==================================================>] 28.69MB/28.69MB629472303402: Loading layer [==================================================>] 46.81MB/46.81MBLoaded image: goharbor/harbor-registryctl:v2.4.2bf4dfb7b7a70: Loading layer [==================================================>] 120.1MB/120.1MBa0b0ce804b6b: Loading layer [==================================================>] 3.072kB/3.072kBf088aae660dd: Loading layer [==================================================>] 59.9kB/59.9kB2c15508db9bd: Loading layer [==================================================>] 61.95kB/61.95kBLoaded image: goharbor/redis-photon:v2.4.2

[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...prepare base dir is set to /usr/local/harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsClearing the configuration file: /config/portal/nginx.confClearing the configuration file: /config/log/logrotate.confClearing the configuration file: /config/log/rsyslog_docker.confClearing the configuration file: /config/nginx/nginx.confClearing the configuration file: /config/core/envClearing the configuration file: /config/core/app.confClearing the configuration file: /config/registry/passwdClearing the configuration file: /config/registry/config.ymlClearing the configuration file: /config/registryctl/envClearing the configuration file: /config/registryctl/config.ymlClearing the configuration file: /config/db/envClearing the configuration file: /config/jobservice/envClearing the configuration file: /config/jobservice/config.ymlGenerated configuration file: /config/portal/nginx.confGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/registryctl/config.ymlGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlloaded secret from file: /data/secret/keys/secretkeyGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dir

Note: stopping existing Harbor instance ...Stopping registryctl ... doneStopping harbor-db ... doneStopping harbor-portal ... doneStopping redis ... doneStopping harbor-log ... doneRemoving registryctl ... doneRemoving harbor-db ... doneRemoving harbor-portal ... doneRemoving redis ... doneRemoving harbor-log ... doneRemoving network harbor_harbor

[Step 5]: starting Harbor ...Creating network "harbor_harbor" with the default driverCreating harbor-log ... doneCreating harbor-db ... doneCreating redis ... doneCreating registryctl ... doneCreating harbor-portal ... doneCreating registry ... doneCreating harbor-core ... doneCreating nginx ... doneCreating harbor-jobservice ... done✔ ----Harbor has been installed and started successfully.----
# 检查是否安装成功(应该是启动9个容器)[root@localhost harbor]# docker-compose ps -a Name Command State Ports ---------------------------------------------------------------------------------------------harbor-core /harbor/entrypoint.sh Up (healthy) harbor-db /docker-entrypoint.sh 96 13 Up (healthy) harbor-jobservice /harbor/entrypoint.sh Up (healthy) harbor-log /bin/sh -c /usr/local/bin/ ... Up (healthy) 127.0.0.1:1514->10514/tcpharbor-portal nginx -g daemon off; Up (healthy) nginx nginx -g daemon off; Up (healthy) 0.0.0.0:10010->8080/tcp redis redis-server /etc/redis.conf Up (healthy) registry /home/harbor/entrypoint.sh Up (healthy) registryctl /home/harbor/start.sh Up (healthy)
复制代码

5、修改 docker 配置

# 由于docker默认不允许使用非https方式推送镜像,所以在需要pull镜像的服务器配置访问地址vim /etc/docker/daemon.json#添加如下内容(客户端访问的网址):    "registry-mirrors":[            "https://njrds9qc.mirror.aliyuncs.com"         ],    "insecure-registries" :[           "192.168.2.22:10010"    ]#或者,具体看自己的版本,版本不一样,写的格式就不一样。"insecure-registries": ["192.168.2.22:10010"]# 重启docker和harbor容器;要在harbor目录下操作,否则docker-compose会又问题;systemctl restart dockerdocker-compose stopdocker-compose up -d
# docker登录方式docker login 192.168.2.22:10010#或者 docker login -uadmin -p123456 192.168.2.22:10010
复制代码

6、访问 harbor 页面

访问地址:(ip:端口)192.168.2.22:10010 用户名:admin 密码:123456 登录进入;


7、上传镜像

①、查看所有镜像

找到你要上传的镜像。


[root@localhost ~]# docker imagesREPOSITORY                                  TAG                 IMAGE ID            CREATED             SIZEbusybox                                     latest              beae173ccac6        4 months ago        1.24MB
复制代码

②、给要上传的镜像 tag 打个标签(修改镜像名)

注意:**一定要加上项目名称**


格式:


docker tag 镜像名:版本 your-ip:端口/项目名称/新的镜像名:版本
复制代码


实例:


docker tag busybox:latest 192.168.2.22:10010/library/busybox:v1
复制代码


查看打好标签的镜像:


[root@localhost ~]# docker imagesREPOSITORY                                  TAG                 IMAGE ID            CREATED             SIZEbusybox                                     latest              beae173ccac6        4 months ago        1.24MB192.168.2.22:10010/library/busybox          v1                  beae173ccac6        4 months ago        1.24MB
复制代码

③、推送镜像到 harbor 仓库

格式:


docker push 修改的镜像名
复制代码


实例:


[root@localhost ~]# docker push 192.168.2.22:10010/library/busybox:v1The push refers to repository [192.168.2.22:10010/library/busybox]01fd6df81c8e: Layer already exists v1: digest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732dee size: 527
复制代码

④、web 页面查看

然后我们去 web 页面看,登录页面 192.168.2.22:10010,然后去查看。



这个就是我们的项目名称了,我们点进去就可以看到我们上传的镜像了。



然后再次点击进去就可以看到更详细的了;



这里我们的上传镜像就完成了。

8、拉取镜像

①、拉取方法一

拉取镜像的话,我们可以点击这个小按钮,然后直接粘贴到 linux 中等待拉取就可以了;


②、拉取方法二

格式:


docker pull 上传时修改的镜像名
复制代码


实例:


[root@localhost ~]# docker pull 192.168.2.22:10010/library/busybox:v1v1: Pulling from library/busyboxDigest: sha256:62ffc2ed7554e4c6d360bce40bbcf196573dd27c4ce080641a2c59867e732deeStatus: Downloaded newer image for 192.168.2.22:10010/library/busybox:v1192.168.2.22:10010/library/busybox:v1
复制代码

③、查看拉过来的镜像:

[root@localhost ~]# docker imagesREPOSITORY                                  TAG                 IMAGE ID            CREATED             SIZE192.168.2.22:10010/library/busybox          v1                  beae173ccac6        4 months ago        1.24MB
复制代码


要是想要原来的镜像名,我们可以 tag 来修改镜像镜像名和版本。

9、删除 harbor 镜像库中的镜像

删除镜像就是直接在 web 页面操作的;

①、访问 harbor 并登录

192.168.2.22:10010


②、查看镜像详情

点击项目——点击项目名称


③、删除 harbor 镜像库中的镜像

找到要删除的镜像,选中前面的空白框;



选中要删除的镜像——点击删除——确认删除



这样就删除成功了。



好了,今天所有的到此结束了,感谢大家的阅读。

总结

相关文章:


①、Docker——denied: requested access to the resource is denied问题以及解决方法②、Docker搭建harbor私有镜像仓库(命令行模式)③、Linux中安装/部署docker-compose④、Docker发布/上传镜像到dockerhub&&下载/拉取镜像&&删除dockerhub镜像


发布于: 刚刚阅读数: 4
用户头像

A-刘晨阳

关注

还未添加个人签名 2022-06-16 加入

本人公众号《小刘Linux》,优质博主,欢迎大家的关注

评论

发布
暂无评论
Linux中基于Docker搭建harbor私有镜像仓库(超级详细)_Docker_A-刘晨阳_InfoQ写作社区