2021-12-28发表2024-05-31更新Docker18 分钟读完 (大约2729个字)0次访问

Docker实践之基于Harbor搭建私有镜像仓库

在前面实践过程中所用到的镜像都是去官方的镜像仓库获取的，但是，有时候，公司内部的项目不适合放在官方的仓库中去，这时候，我们便需要搭建一个自己的镜像仓库了。

官方推荐运行环境为4C8G,最小运行环境可以是2C4G,我这渣渣服务器刚好满足最低标准,硬件满足了，软件还不满足，目前只是安装了Docker 20.10.12，还需要安装Docker Compose。那么我们接下来就把它安装上。

安装Docker Compose

安装Docker Compose需要python，因为我是CentOS Linux 8 ，默认已安装Python 3.6.8 ，所以就不需要安装Python，直接下载Docker Compose文件即可:

1	curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

[root@VM-12-3-centos ~]# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   664  100   664    0     0   3177      0 --:--:-- --:--:-- --:--:--  3177
100 12.1M  100 12.1M    0     0  3344k      0  0:00:03  0:00:03 --:--:-- 4567k

此时，docker-compose相关文件已经下载到/usr/local/bin目录中，但是没有执行权限,会提示-bash: /usr/local/bin/docker-compose: Permission denied，接下来就需要给docker-compose文件授权

1	chmod +x /usr/local/bin/docker-compose

授权完成后，docker-compose便可以使用了

1 2	[root@VM-12-3-centos ~]# docker-compose --version docker-compose version 1.29.2, build 5becea4c

安装Harbor

前面已经把软硬件环境准备好，接下来，便是取Github下载Harbor的安装文件，

这里，我为了方便，便下载的harbor-online-installer-v2.4.1.tgz,下载到宿主机后，执行解压命令tar -zxvf harbor-online-installer-v2.4.1.tgz,

接下来，就需要做配置，首先复制一份配置模版

1	cp harbor.yml.tmpl harbor.yml

然后编辑harbor.yml,这里我改了hostname(可以是域名或者IP)、harbor_admin_password并注释掉https，其他均为默认，具体参数说明，可以去官网查看，下面执行./install.sh安装命令

[root@VM-12-3-centos harbor]# ./install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.12

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.29.2


[Step 2]: preparing environment ...

[Step 3]: preparing harbor configs ...
prepare base dir is set to /root/harbor
Unable to find image 'goharbor/prepare:v2.4.1' locally
v2.4.1: Pulling from goharbor/prepare
91519930665a: Pull complete
4387b3702106: Pull complete
d4afa2b605bf: Pull complete
f7e3d94ca03a: Pull complete
85212da304ee: Pull complete
51223b46338a: Pull complete
58b03f8f2a01: Pull complete
dd45968f8983: Pull complete
Digest: sha256:5da4f0165b250b38094b276a7f12de5fa8ba5f75ccf50cd38f7afcc3300be9e6
Status: Downloaded newer image for goharbor/prepare:v2.4.1
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir



[Step 4]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Pulling log (goharbor/harbor-log:v2.4.1)...
v2.4.1: Pulling from goharbor/harbor-log
91519930665a: Already exists
06399154ab6b: Pull complete
2a879cefaa2c: Pull complete
3fa9b837be90: Pull complete
33fb19c42260: Pull complete
5aed8072fa47: Pull complete
ba93b672d93e: Pull complete
d8da53ccaaaf: Pull complete
Digest: sha256:05080f5c23d9d813aa35f17f102d9c605b6d8b542950250d828afd3f44136b7c
Status: Downloaded newer image for goharbor/harbor-log:v2.4.1
Pulling registry (goharbor/registry-photon:v2.4.1)...
v2.4.1: Pulling from goharbor/registry-photon
91519930665a: Already exists
d2cdcdcc67c9: Pull complete
e63993176a34: Pull complete
03b0b0175721: Pull complete
f1b63f393208: Pull complete
8f6670558d08: Pull complete
Digest: sha256:7fbd8e0309c49ba3adadb1304a0b7876a988ca456054d74b5754f48c4e141077
Status: Downloaded newer image for goharbor/registry-photon:v2.4.1
Pulling registryctl (goharbor/harbor-registryctl:v2.4.1)...
v2.4.1: Pulling from goharbor/harbor-registryctl
91519930665a: Already exists
8dc037d866d1: Pull complete
549260175762: Pull complete
7b85e5380f6f: Pull complete
71e183208b22: Pull complete
c2f78957551c: Pull complete
20cb0d62a528: Pull complete
Digest: sha256:df18e9b94a5a96106b39a95cf5a96b0b01e9af78e9ab78a41ce270d52b21d517
Status: Downloaded newer image for goharbor/harbor-registryctl:v2.4.1
Pulling postgresql (goharbor/harbor-db:v2.4.1)...
v2.4.1: Pulling from goharbor/harbor-db
91519930665a: Already exists
5be9d6ebaef3: Pull complete
3383dca80932: Pull complete
a94eb2f868d4: Pull complete
c586fe4fadf8: Pull complete
43b3a019c715: Pull complete
023b5954bdc6: Pull complete
34af0787da3f: Pull complete
bf886315698e: Pull complete
4be5be8d33ff: Pull complete
2b5f950c5f93: Pull complete
ce20c531e959: Pull complete
fb9260ed3508: Pull complete
Digest: sha256:94cb263172bac2eb23ea0d9cf96f2fc9f166af9d38b9f39796ecb1f09d90402f
Status: Downloaded newer image for goharbor/harbor-db:v2.4.1
Pulling portal (goharbor/harbor-portal:v2.4.1)...
v2.4.1: Pulling from goharbor/harbor-portal
91519930665a: Already exists
13d5ba8d917c: Pull complete
72a5713783c5: Pull complete
897acabf0af9: Pull complete
Digest: sha256:2c0b7dfe22fe9d9df8becae2ab156d1725effb0ef23e6e9bd28beb9988aa0779
Status: Downloaded newer image for goharbor/harbor-portal:v2.4.1
Pulling redis (goharbor/redis-photon:v2.4.1)...
v2.4.1: Pulling from goharbor/redis-photon
91519930665a: Already exists
f5ba58eec5c1: Pull complete
0a542c48469e: Pull complete
aefd68e14944: Pull complete
07c82b707a19: Pull complete
Digest: sha256:6698ad0a4eb04dc29f2e5fd219ea6614011bb86a9e42660af1291efcf4c9a2dc
Status: Downloaded newer image for goharbor/redis-photon:v2.4.1
Pulling core (goharbor/harbor-core:v2.4.1)...
v2.4.1: Pulling from goharbor/harbor-core
91519930665a: Already exists
fe20ec80180f: Pull complete
c907bdfac371: Pull complete
5127dd3c28e8: Pull complete
389370d1b7f2: Pull complete
4c120ad6395f: Pull complete
fa9bc3726210: Pull complete
350dd977cbe6: Pull complete
769b1c950806: Pull complete
0e9ed7ae3b1f: Pull complete
Digest: sha256:e557bc17b9a70c44717a768b6d404de60a6c1488f4ad4fd033f2001cee7658e5
Status: Downloaded newer image for goharbor/harbor-core:v2.4.1
Pulling jobservice (goharbor/harbor-jobservice:v2.4.1)...
v2.4.1: Pulling from goharbor/harbor-jobservice
91519930665a: Already exists
4b10d4608c04: Pull complete
5821b115e354: Pull complete
b32b6e2dbcc1: Pull complete
c8b51cb74987: Pull complete
8870cd08dfb8: Pull complete
Digest: sha256:99f8a360d75c02bcb85ed86206f06a1f58c05c3ea1b9817a84b8925df9ade42f
Status: Downloaded newer image for goharbor/harbor-jobservice:v2.4.1
Pulling proxy (goharbor/nginx-photon:v2.4.1)...
v2.4.1: Pulling from goharbor/nginx-photon
91519930665a: Already exists
1a75461db609: Pull complete
Digest: sha256:9a93495c4583f85b008ca0d591563332aa6f2b4da85b63e92cebb09efedaa804
Status: Downloaded newer image for goharbor/nginx-photon:v2.4.1
Creating harbor-log ... done
Creating registryctl   ... done
Creating harbor-db     ... done
Creating redis         ... done
Creating registry      ... done
Creating harbor-portal ... done
Creating harbor-core   ... done
Creating nginx             ... done
Creating harbor-jobservice ... done
✔ ----Harbor has been installed and started successfully.----

到这里，说明我们的Harbor已经安装成功了，我们去Portainer看一下运行起来的容器

可以看到容器都启动起来了，其实install.sh脚本会先根据配置文件生成config配置文件，然后生成docker-compose.yml,最后便是执行docker-compose up -d命令启动容器。我们来看一下docker-compose.yml脚本吧

[root@VM-12-3-centos harbor]# cat docker-compose.yml
version: '2.3'
services:
  log:
    image: goharbor/harbor-log:v2.4.1
    container_name: harbor-log
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - DAC_OVERRIDE
      - SETGID
      - SETUID
    volumes:
      - /var/log/harbor/:/var/log/docker/:z
      - type: bind
        source: ./common/config/log/logrotate.conf
        target: /etc/logrotate.d/logrotate.conf
      - type: bind
        source: ./common/config/log/rsyslog_docker.conf
        target: /etc/rsyslog.d/rsyslog_docker.conf
    ports:
      - 127.0.0.1:1514:10514
    networks:
      - harbor
  registry:
    image: goharbor/registry-photon:v2.4.1
    container_name: registry
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
      - type: bind
        source: /data/secret/registry/root.crt
        target: /etc/registry/root.crt
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      - harbor
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://localhost:1514"
        tag: "registry"
  registryctl:
    image: goharbor/harbor-registryctl:v2.4.1
    container_name: registryctl
    env_file:
      - ./common/config/registryctl/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/registry:/storage:z
      - ./common/config/registry/:/etc/registry/:z
      - type: bind
        source: ./common/config/registryctl/config.yml
        target: /etc/registryctl/config.yml
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      - harbor
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://localhost:1514"
        tag: "registryctl"
  postgresql:
    image: goharbor/harbor-db:v2.4.1
    container_name: harbor-db
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - DAC_OVERRIDE
      - SETGID
      - SETUID
    volumes:
      - /data/database:/var/lib/postgresql/data:z
    networks:
      harbor:
    env_file:
      - ./common/config/db/env
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://localhost:1514"
        tag: "postgresql"
    shm_size: '1gb'
  core:
    image: goharbor/harbor-core:v2.4.1
    container_name: harbor-core
    env_file:
      - ./common/config/core/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - SETGID
      - SETUID
    volumes:
      - /data/ca_download/:/etc/core/ca/:z
      - /data/:/data/:z
      - ./common/config/core/certificates/:/etc/core/certificates/:z
      - type: bind
        source: ./common/config/core/app.conf
        target: /etc/core/app.conf
      - type: bind
        source: /data/secret/core/private_key.pem
        target: /etc/core/private_key.pem
      - type: bind
        source: /data/secret/keys/secretkey
        target: /etc/core/key
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      harbor:
    depends_on:
      - log
      - registry
      - redis
      - postgresql
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://localhost:1514"
        tag: "core"
  portal:
    image: goharbor/harbor-portal:v2.4.1
    container_name: harbor-portal
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - NET_BIND_SERVICE
    volumes:
      - type: bind
        source: ./common/config/portal/nginx.conf
        target: /etc/nginx/nginx.conf
    networks:
      - harbor
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://localhost:1514"
        tag: "portal"

  jobservice:
    image: goharbor/harbor-jobservice:v2.4.1
    container_name: harbor-jobservice
    env_file:
      - ./common/config/jobservice/env
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/job_logs:/var/log/jobs:z
      - type: bind
        source: ./common/config/jobservice/config.yml
        target: /etc/jobservice/config.yml
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      - harbor
    depends_on:
      - core
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://localhost:1514"
        tag: "jobservice"
  redis:
    image: goharbor/redis-photon:v2.4.1
    container_name: redis
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
    volumes:
      - /data/redis:/var/lib/redis
    networks:
      harbor:
    depends_on:
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://localhost:1514"
        tag: "redis"
  proxy:
    image: goharbor/nginx-photon:v2.4.1
    container_name: nginx
    restart: always
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - SETGID
      - SETUID
      - NET_BIND_SERVICE
    volumes:
      - ./common/config/nginx:/etc/nginx:z
      - type: bind
        source: ./common/config/shared/trust-certificates
        target: /harbor_cust_cert
    networks:
      - harbor
    ports:
      - 80:8080
    depends_on:
      - registry
      - core
      - portal
      - log
    logging:
      driver: "syslog"
      options:
        syslog-address: "tcp://localhost:1514"
        tag: "proxy"
networks:
  harbor:
    external: false

在docker-compose.yml中，我们可以看到整个Harbor的安装需要harbor-log、registry-photon、harbor-registryctl、harbor-db(postgresql)、 harbor-core、harbor-portal、harbor-jobservice、redis-photon（redis）、nginx-photon(nginx)这些组件。

Harbor的使用

前面，我们已经把Harbor安装好了，接下里就是去体验一下咱们的劳动成果,

配置Docker私有仓库

编辑daemon.json文件配置insecure-registries，

1	vim /etc/docker/daemon.json

我的配置如下:


{
        "registry-mirrors": ["https://reg-mirror.qiniu.com"],
        "insecure-registries":["http://101.34.179.216"]

}

然后重启Docker

1	systemctl restart docker

如果不配置地址，登录时会报错

上传镜像到私有仓库

在上传之前,需要先去Harbor创建一个仓库，这里我创建了一个名为selfrepo的仓库，

接下来我们得弄一个镜像，那就用Harbor推荐的命令把宿主机的nginx镜像重新打一个标签

1	docker tag nginx 101.34.179.216/selfrepo/nginx:1.0

然后登陆私有仓库docker login 仓库地址

[root@VM-12-3-centos harbor]# docker login http://仓库地址/
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

也可以直接带上用户名和密码docker login 仓库地址 -u admin -p adminadmin,推送镜像

[root@VM-12-3-centos harbor]# docker push 101.34.179.216/selfrepo/nginx:1.0
The push refers to repository [101.34.179.216/selfrepo/nginx]
An image does not exist locally with the tag: 101.34.179.216/selfrepo/nginx
[root@VM-12-3-centos harbor]# docker tag nginx 101.34.179.216/selfrepo/nginx:1.0
[root@VM-12-3-centos harbor]# docker push 101.34.179.216/selfrepo/nginx:1.0
The push refers to repository [101.34.179.216/selfrepo/nginx]
51a4ac025eb4: Pushed
4ded77d16e76: Pushed
32359d2cd6cd: Pushed
4270b63061e5: Pushed
5f5f780b24de: Pushed
2edcec3590a4: Pushed
1.0: digest: sha256:2e87d9ff130deb0c2d63600390c3f2370e71e71841573990d54579bc35046203 size: 1570

镜像已经上传成功，我们到Harbor上看看

现在我们来使用上传到私有仓库的镜像


[root@VM-12-3-centos harbor]# docker run -d --name nginx-ccc -v /root/nginx/:/etc/nginx/ -p 9900:80 101.34.179.216/selfrepo/nginx:1.0
Unable to find image '101.34.179.216/selfrepo/nginx:1.0' locally
1.0: Pulling from selfrepo/nginx
Digest: sha256:2e87d9ff130deb0c2d63600390c3f2370e71e71841573990d54579bc35046203
Status: Downloaded newer image for 101.34.179.216/selfrepo/nginx:1.0
bcd919168fa101b7b19df3b2bd0679457e394050139cc6f73c1feeeba0e7ea2d

Docker实践之基于Harbor搭建私有镜像仓库

https://blogs.52fx.biz/posts/2512686695.html