Docker:Harbor本地镜像仓库
Docker 官方提供的私有仓库 registry,用起来虽然简单 ,但在管理的功能上存在不足。 Harbor是vmware一个用于存储和分发Docker镜像的企业级Registry服务器,harbor使用的是官方的docker registry(v2命名是distribution)服务去完成。 harbor在docker distribution的基础上增加了一些安全、访问控制、管理的功能以满足企业对于镜像仓库的需求。
离线安装Harbor
A记录解析
如果你的域名企业域名,在使用该仓库的Docker主机上必须A 记录解析,或者公司内部搭建DNS服务器解析。
[root@localhost ~]# hostnamectl set-hostname sea.registry.com
[root@localhost ~]# hostname
sea.registry.com
[root@localhost ~]# exit
[root@sea ~]#
在docker1 docker2 docker3 节点使用该镜像仓库,也首先需要A记录解析
[root@docker1 ~]# vim /etc/hosts
192.168.50.100 docker1
192.168.50.101 docker2
192.168.50.102 docker3
192.168.50.200 sea.registry.com
下载harbor的tgz包
Releases · goharbor/harbor (github.com)
上传harbor离线安装包并解压
[root@sea ~]# cd /opt ----你打算将该应用安装在哪个目录,则上传解压到哪
[root@sea ~]# tar xf harbor-offline-installer-v2.5.0.tgz -C /opt/
进入解压目录配置
[root@sea ~]# cd /opt/harbor/
[root@sea ~]# cp harbor.yml.tmpl harbor.yml ---拷贝配置文件
更改 harbor.yml 镜像仓库的配置文件
1 # Configuration file of Harbor
2
3 # The IP address or hostname to access admin UI and registry service.
4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
5 hostname: sea.registry.com #A记录名
6
7 # http related config
8 http:
9 # port for http, default is 80. If https enabled, this port will redirect to https port
10 port: 80#服务端口
11
12 # https related config
13 #https:
14 # https port for harbor, default is 443
15 # port: 443
16 # The path of cert and key files for nginx
17 # certificate: /your/certificate/path
18 #private_key: /your/private/key/path
19
20 # # Uncomment following will enable tls communication between all harbor components
21 # internal_tls:
22 # # set enabled to true means internal tls is enabled
23 # enabled: true
24 # # put your cert and key files on dir
25 # dir: /etc/harbor/tls/internal
26 # # enable strong ssl ciphers (default: false)
27 # strong_ssl_ciphers: false
28
29 # Uncomment external_url if you want to enable external proxy
30 # And when it enabled the hostname will no longer used
31 # external_url: https://reg.mydomain.com:8433
32
33 # The initial password of Harbor admin
34 # It only works in first time to install harbor
35 # Remember Change the admin password from UI after launching Harbor.
36 harbor_admin_password: Harbor12345#admin密码
37
38 # Harbor DB configuration
39 database:
40 # The password for the root user of Harbor DB. Change this before any production use.
41 password: root123
42 # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
43 max_idle_conns: 100
44 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
45 # Note: the default number of connections is 1024 for postgres of harbor.
46 max_open_conns: 900
47 # The maximum amount of time a connection may be reused. Expired connections may be closed lazily before reuse. If it <= 0, connections are not closed due to a connection's ag e.
48 # The value is a duration string. A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "-1.5h" o r "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
49 conn_max_lifetime: 5m
50 # The maximum amount of time a connection may be idle. Expired connections may be closed lazily before reuse. If it <= 0, connections are not closed due to a connection's idle time.
51 # The value is a duration string. A duration string is a possibly signed sequence of decimal numbers, each with optional fraction and a unit suffix, such as "300ms", "-1.5h" o r "2h45m". Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
52 conn_max_idle_time: 0
53
54 # The default data volume
55 data_volume: /var/lib/data#数据目录
创建数据目录并启动安装脚本
[root@sea ~]# mkdir -pv /var/lib/data
[root@sea ~]# ./install.sh
检查
[root@sea harbor]# netstat -nlpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 37401/docker-proxy
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 919/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1271/master
tcp 0 0 127.0.0.1:1514 0.0.0.0:* LISTEN 36907/docker-proxy
tcp6 0 0 :::80 :::* LISTEN 37407/docker-proxy
信任仓库
[root@docker1 ~]# vi /etc/docker/daemon.json
{
"registry-mirrors":["https://hub-mirror.c.163.com/"],
# 指定该镜像仓库为信任任 镜像仓库
"insecure-registries":["http://sea.registry.com"]
}
[root@docker1 ~]# systemctl daemon-reload
[root@docker1 ~]# systemctl restart docker
节点登录仓库
#首先登录私有仓库,可以使用 admin 用户 ,也可以使用我们自己创建的具有上传权限的用户
[root@docker1 ~]# docker login sea.registry.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker1 ~]#
镜像标签重构与push
#push镜像前必须为镜像 打上仓库名称的标签
[root@docker1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx swarm d192c849967f 30 hours ago 538MB
[root@docker1 ~]# docker tag nginx:swarm sea.registry.com/discuz/nginx:swarm
[root@docker1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx swarm d192c849967f 30 hours ago 538MB
sea.registry.com/discuz/nginx swarm d192c849967f 30 hours ago 538MB
[root@docker1 ~]# docker push sea.registry.com/discuz/nginx:swarm
The push refers to repository [sea.registry.com/discuz/nginx]
5f70bf18a086: Pushed
9bd848dce107: Pushed
fd3297d61874: Pushed
477fb71c6dba: Pushed
174f56854903: Pushed
swarm: digest: sha256:0c9e9326dd087e292b5a160bc3f0843280e836d35e48c7375bd28e2879afba9f size: 1366
[root@docker1 ~]#
私有仓库pull
#注意: A记录解析仓库,修改daemon.json 信任私有仓库
[root@docker3 ~]# docker pull sea.registry.com/discuz/nginx:swarm
swarm: Pulling from discuz/nginx
2d473b07cdd5: Pull complete
5cf0133bc785: Pull complete
99fe009e55e8: Pull complete
080aedb354aa: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:0c9e9326dd087e292b5a160bc3f0843280e836d35e48c7375bd28e2879afba9f
Status: Downloaded newer image for sea.registry.com/discuz/nginx:swarm
sea.registry.com/discuz/nginx:swarm
[root@docker3 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql swarm 7cfb3f9a16c5 30 hours ago 501MB
sea.registry.com/discuz/nginx swarm d192c849967f 30 hours ago 538MB