Harbor
Harbor是一个用于存储和分发Docker镜像的企业级Registry 服务器,由VMware开源,其通过添加一些企业必须的功能特性,例如安全、标识和管理等,扩展了开源Docker Distribution。作为一个企业级私有Registry服务器,Harbor提供了更好的性能和安全,提升用户使用Registry构建和运行环境传输镜像的效率。Hardor支持安装多个Registry节点的镜像资源复制,镜像全部保存在私有Registry中,确保数据和知识产权在公司内部网络中管控,另外,Harbor也提供了高级的安全特性,诸如用户管理,访问控制和活动审计等。
Harbor功能官方介绍:
- 基于角色的访问控制:角色与Docker镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命令空间(project)里有不同的权限。镜像复制:镜像可以在多个Registry实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景。
- 图形化用户里面:用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间。
- AD/LDAP支:Harbor可以继承企业内部已有的AD/LADAP,用于鉴权认证管理。审计管理:所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
- 国际化:已拥有英文,中文,德文,日文和俄文的本地化版本。更多的语言将会添加进来。
- RESTful API-RESTful API:提供给管理对于Harbor更多的操控,使得与其他管理软件继承变得更容易。
- 简单部署:提供在线和离线两种安装工具,也可以安装到vSphere 平台(OVA方式)虚拟设备。
nginx:harbor的一个反向代理组件,代理registry、ui、token等服务。这个代理会转发harbor web 和docker client 的各种请求到后端服务上。 harbor-adminserver:harbor系统管理接口,可以修改系统配置以及获取系统信息 harbor-db:存储项目的元数据,用户、规则、复制策略等信息。 harbor-jobservice:harbor里面主要是为了镜像仓库之间同步使用的。 harbor-log:收集其他harbor的日志信息。 harbor-ui:一个用户界面模块,用来管理registry。 registry:存储docker images的服务,并且提供pull/push服务。 redis;存储缓存信息 webhook:当registry中的image状态发生变化的时候去记录更新日志,复制等操作。 token service:在docker client 进行pull/push的时候负责token的发放。
hardor部署
解压harbor安装包
[14:07:36 root@ubuntu-lyj ~]#ls #准备harbor安装包 docker-compose-linux-x86_64 docker-in.sh harbor-offline-installer-v2.0.0.tgz [14:35:25 root@ubuntu-lyj ~]#tar xvf harbor-offline-installer-v2.0.0.tgz -C /usr/local/src/ #解压缩安装包 harbor/harbor.v2.0.0.tar.gz harbor/prepare harbor/LICENSE harbor/install.sh harbor/common.sh harbor/harbor.yml.tmpl [14:39:34 root@ubuntu-lyj ~]#cd /usr/local/src/ [14:39:48 root@ubuntu-lyj /usr/local/src]#ls harbor [14:39:49 root@ubuntu-lyj /usr/local/src]#ln -sv /usr/local/src/harbor/ /usr/local/ #创建软连接 '/usr/local/harbor' -> '/usr/local/src/harbor/' [14:40:06 root@ubuntu-lyj /usr/local/src]#cd /usr/local/harbor [14:40:19 root@ubuntu-lyj /usr/local/harbor]#ls common.sh harbor.v2.0.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare [14:40:21 root@ubuntu-lyj /usr/local/harbor]#apt install python-pip -y #安装python
修改harbor.yml.tmpl ,并改名为harbor.yml
hostname: hardor.jing.com #要域名解析,访问端host文件和本机host文件添加域名解析 # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 # https related config #https: #注释https相关内容 # https port for harbor, default is 443 # port: 443 # The path of cert and key files for nginx # certificate: /your/certificate/path # private_key: /your/private/key/path ...... harbor_admin_password: 123456 #hardor WEB界面登录密码
复制更名为hardor.yml
[15:02:12 root@ubuntu-lyj /usr/local/harbor]#cp harbor.yml.tmpl harbor.yml [15:03:12 root@ubuntu-lyj /usr/local/harbor]#ls common.sh harbor.v2.0.0.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare
安装docker-compose
- 在线安装速度慢,而且网络访问的官网很不稳定
[15:16:17 root@ubuntu-lyj /usr/local/harbor]#pip install docker-compose
- 到官网下载docker-compose文件,我下载了docker-compose1.26.2
上传的Linux系统
[15:50:05 root@ubuntu-lyj ~]#ls docker-compose-Linux-x86_64 harbor-offline-installer-v2.0.0.tgz [15:48:07 root@ubuntu-lyj ~]#chmod a+x docker-compose-Linux-x86_64 #加执行全新啊 [15:49:04 root@ubuntu-lyj ~]#cp docker-compose-Linux-x86_64 /usr/bin/docker-compose #拷贝到/usr/bin/下命名为docker-compose
执行install.sh安装
[15:29:56 root@ubuntu-lyj /usr/local/harbor]#./install.sh
查看镜像
harbor构建的镜像
[19:14:53 root@ubuntu-lyj ~]#docker images REPOSITORY TAG IMAGE ID CREATED SIZE tomcat-web app2 455fc2e0e6ea 9 hours ago 1.04GB tomcat-web app1 da199854bb49 9 hours ago 1.04GB tomcat-base 8.5.81 6375807c58e9 11 hours ago 1.02GB jdk-centos-base 8u291 17d323ce7653 21 hours ago 1.01GB centos-base 7.8.2003 3a7c6d1c0eef 25 hours ago 651MB martonyang/centos7.8.2003 latest 0c0f2dcf7afd 12 months ago 268MB goharbor/chartmuseum-photon v2.0.0 4db8d6aa63e9 2 years ago 127MB goharbor/redis-photon v2.0.0 c89ea2e53cc0 2 years ago 72.2MB goharbor/trivy-adapter-photon v2.0.0 6122c52b7e48 2 years ago 103MB goharbor/clair-adapter-photon v2.0.0 dd2210cb7f53 2 years ago 62MB goharbor/clair-photon v2.0.0 f7c7fcc52278 2 years ago 171MB goharbor/notary-server-photon v2.0.0 983ac10ed8be 2 years ago 143MB goharbor/notary-signer-photon v2.0.0 bee1b6d75e0d 2 years ago 140MB goharbor/harbor-registryctl v2.0.0 c53c32d58d04 2 years ago 102MB goharbor/registry-photon v2.0.0 afdc1b7ada36 2 years ago 84.5MB goharbor/nginx-photon v2.0.0 17892f03e56c 2 years ago 43.6MB goharbor/harbor-log v2.0.0 5f8ff08e795c 2 years ago 82MB goharbor/harbor-jobservice v2.0.0 c68a2495bf55 2 years ago 116MB goharbor/harbor-core v2.0.0 3aa3af64baf8 2 years ago 138MB goharbor/harbor-portal v2.0.0 e0b1d3c894c4 2 years ago 52.4MB goharbor/harbor-db v2.0.0 5c76f0296cec 2 years ago 154MB goharbor/prepare v2.0.0 7266d49995ed 2 years ago 158MB
web访问harbor管理界面
登录成功后的界面
上传镜像到hardor仓库
*编辑docker.service文件添加域名信任 –insecure-registry hardor.jing.com
[19:05:25 root@ubuntu-lyj /]#vim /lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target docker.socket firewalld.service containerd.service Wants=network-online.target Requires=docker.socket containerd.service [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry hardor.jing.com --containerd=/run/containerd/containerd.sock ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always
重启docker服务
[18:40:47 root@ubuntu-lyj ~]#systemctl daemon-reload #修改了service文件必须重新加载配置文件 [18:40:48 root@ubuntu-lyj ~]#systemctl daemon-reload [18:40:49 root@ubuntu-lyj ~]#systemctl restart docker
*验证能否登录hardor
必须验证后才能上传镜像
[18:43:52 root@ubuntu-lyj ~]#docker login hardor.jing.com Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
hardor web端
新建一个项目 目录,存储容量 -1 标识不限制
上传镜像
给镜像做tag,并上传
hardor访问域名+项目+镜像名称:tag
hardor.jing.com/n65/centos-base:7.8.2003
[19:14:58 root@ubuntu-lyj ~]#docker tag centos-base:7.8.2003 hardor.jing.com/n65/centos-base:7.8.2003[19:18:35 root@ubuntu-lyj ~]#docker push hardor.jing.com/n65/centos-base:7.8.2003 The push refers to repository [hardor.jing.com/n65/centos-base] 8d9cb3505aea: Pushed 816ac87d2f0f: Pushing [=====================> ] 161.3MB/382MB c0cd79243356: Pushed fb82b029bea0: Pushing [===========================> ] 110.5MB/203.3MB
上传成功
[19:18:35 root@ubuntu-lyj ~]#docker push hardor.jing.com/n65/centos-base:7.8.2003 The push refers to repository [hardor.jing.com/n65/centos-base] 8d9cb3505aea: Pushed 816ac87d2f0f: Pushed c0cd79243356: Pushed fb82b029bea0: Pushed 7.8.2003: digest: sha256:a6bb0d82a47af8cc6e6b09fec575d7a2e94d6813e107ea6791d39756e701a289 size: 1162
验证hardor服务器现在镜像并启动容器
更改docker.service配置文件
添加hardor仓库域名信任
[19:51:41 root@ubuntu-lyj ~]#cat /lib/systemd/system/docker.service [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target docker.socket firewalld.service containerd.service Wants=network-online.target Requires=docker.socket containerd.service [Service] Type=notify # the default is not to use systemd for cgroups because the delegate issues still # exists and systemd currently does not support the cgroup feature set required # for containers run by docker ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --insecure-registry hardor.jing.com ExecReload=/bin/kill -s HUP $MAINPID TimeoutSec=0 RestartSec=2 Restart=always
重启docker服务
[19:50:44 root@ubuntu-lyj ~]#systemctl daemon-reload [19:51:05 root@ubuntu-lyj ~]#systemctl daemon-reload [19:51:07 root@ubuntu-lyj ~]#systemctl restart docker
添加域名解析
[19:52:14 root@ubuntu-lyj ~]#cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 ubuntu-lyj # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters 10.0.0.100 hardor.jing.com
web客户端提取命令
镜像下载
[19:52:18 root@ubuntu-lyj ~]#docker pull hardor.jing.com/n65/tomcat-web@sha256:c6cb282c89eebdddb099b80b3c1db298a5e3abeae403ecc2f2288f51c7e6324e hardor.jing.com/n65/tomcat-web@sha256:c6cb282c89eebdddb099b80b3c1db298a5e3abeae403ecc2f2288f51c7e6324e: Pulling from n65/tomcat-web 9b4ebb48de8d: Extracting [=========> ] 14.48MB/75.84MB 0483f20596d4: Download complete 3f8a43825096: Download complete ea68556c87dc: Download complete 8b923d9bf3c0: Downloading [============================> ] 82.29MB/146.6MB 308c3b8ba259: Download complete adb9d1d96836: Download complete dab736b8cd99: Download complete a2abdb0eae49: Download complete b17bc2f7802a: Download complete 59667dd5891f: Download complete 4d7130eb6dff: Download complete 7ce7f7ca6b8a: Download complete 973ed29f7bb8: Download complete
下载完成
[19:52:18 root@ubuntu-lyj ~]#docker pull hardor.jing.com/n65/tomcat-web@sha256:c6cb282c89eebdddb099b80b3c1db298a5e3abeae403ecc2f2288f51c7e6324e hardor.jing.com/n65/tomcat-web@sha256:c6cb282c89eebdddb099b80b3c1db298a5e3abeae403ecc2f2288f51c7e6324e: Pulling from n65/tomcat-web 9b4ebb48de8d: Pull complete 0483f20596d4: Pull complete 3f8a43825096: Pull complete ea68556c87dc: Pull complete 8b923d9bf3c0: Pull complete 308c3b8ba259: Pull complete adb9d1d96836: Pull complete dab736b8cd99: Pull complete a2abdb0eae49: Pull complete b17bc2f7802a: Pull complete 59667dd5891f: Pull complete 4d7130eb6dff: Pull complete 7ce7f7ca6b8a: Pull complete 973ed29f7bb8: Pull complete Digest: sha256:c6cb282c89eebdddb099b80b3c1db298a5e3abeae403ecc2f2288f51c7e6324e Status: Downloaded newer image for hardor.jing.com/n65/tomcat-web@sha256:c6cb282c89eebdddb099b80b3c1db298a5e3abeae403ecc2f2288f51c7e6324e hardor.jing.com/n65/tomcat-web@sha256:c6cb282c89eebdddb099b80b3c1db298a5e3abeae403ecc2f2288f51c7e6324e
启动镜像测试
[19:57:23 root@ubuntu-lyj ~]#docker run -it --rm -p8081:8080 hardor.jing.com/n65/tomcat-web@sha256:c6cb282c89eebdddb099b80b3c1db298a5e3abeae403ecc2f2288f51c7e6324e Using CATALINA_BASE: /apps/tomcat Using CATALINA_HOME: /apps/tomcat Using CATALINA_TMPDIR: /apps/tomcat/temp Using JRE_HOME: /usr/local/jdk Using CLASSPATH: /apps/tomcat/bin/bootstrap.jar:/apps/tomcat/bin/tomcat-juli.jar Using CATALINA_OPTS: Tomcat started. 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 c99dba79e98c
web端测试
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/279651.html