当前位置:   article > 正文

docker pull 镜像仓库_10分钟自建企业级Docker镜像仓库!这个开源项目太顶了

docker 开源企业

摘要

平时经常用Docker来部署各种环境,发现从DockerHub上下载镜像有时候比较慢。第三方的镜像还可以使用一些国内的镜像仓库来加速,如果我们自己构建的镜像那就不行了。这时候搭建一个私有的镜像仓库很有必要,最近发现Harbor这个企业级镜像仓库,非常好用且功能强大,推荐给大家!

Harbor简介

Harbor是一款开源的Docker镜像仓库服务,在Github上目前有13.4k+Star。提供了基于角色的镜像访问机制,可以保护你的镜像安全。

安装

学习开源项目的第一步,一般都是把它运行起来,我们先来把Harbor运行起来吧!

  • 下载Harbor安装包,这里下载的是v1.10.6离线版本,下载地址:https://github.com/goharbor/harbor/releases
bb875723e439caca2f382a900d938d0b.png
  • 下载完成后上传到Linux服务器,使用如下命令解压;
tar xvf harbor-offline-installer-v1.10.6.tgz复制代码
  • 解压完成后,所有文件内容如下;
[root@linux-local harbor]# lltotal 700260drwxr-xr-x. 3 root root        20 Dec  2 11:18 common-rw-r--r--. 1 root root      3398 Nov 17 11:58 common.sh-rw-r--r--. 1 root root      5348 Dec  2 14:41 docker-compose.yml-rw-r--r--. 1 root root 717021676 Nov 17 11:59 harbor.v1.10.6.tar.gz-rw-r--r--. 1 root root      5882 Dec  2 11:21 harbor.yml-rwxr-xr-x. 1 root root      2284 Nov 17 11:58 install.sh-rw-r--r--. 1 root root     11347 Nov 17 11:58 LICENSE-rwxr-xr-x. 1 root root      1749 Nov 17 11:58 prepare复制代码
  • 修改Harbor的配置文件harbor.yml,修改hostname,并注释掉https配置,相关属性说明参考注释即可;
# 指定Harbor的管理界面及镜像仓库访问地址hostname: 192.168.3.101# http相关配置http:  # http端口,如果配置了https,默认使用https  port: 80# https相关配置#https:#  # https端口#  port: 443#  # 指定Habor中Nginx的https的证书和私钥地址#  certificate: /your/certificate/path#  private_key: /your/private/key/path# Harbor默认管理员账号admin的密码harbor_admin_password: Harbor12345# Harbor内置PostgreSQL数据库配置database:  # root用户密码  password: root123  # 最大空闲连接数,小于等于0表示无空闲连接  max_idle_conns: 50  # 最大连接数,小于等于0表示无限制  max_open_conns: 100# 默认数据目录data_volume: /data# Clair configurationclair:  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.  updaters_interval: 12jobservice:  # Maximum number of job workers in job service  max_job_workers: 10notification:  # Maximum retry count for webhook job  webhook_job_max_retry: 10chart:  # Change the value of absolute_url to enabled can enable absolute url in chart  absolute_url: disabled# 日志配置log:  # 日志级别配置: debug, info, warning, error, fatal  level: info  # 日志本地存储策略  local:    # 日志文件滚动数量,超过该数量会删除日志文件    rotate_count: 50    # 日志滚动大小,超过该大小会生成新的日志文件    rotate_size: 200M    # 日志存储路径    location: /var/log/harbor# This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!_version: 1.10.0# Configure proxies to be used by Clair, the replication jobservice, and Harbor. Leave blank if no proxies are required.proxy:  http_proxy:  https_proxy:  # no_proxy endpoints will appended to 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server  no_proxy:  components:    - core    - jobservice    - clair复制代码
  • 使用install.sh脚本安装Harbor:
./install.sh复制代码
  • Harbor启动成功后会输出如下信息,这里需要注意的是Harbor会启动Nginx、Redis之类的容器,以前创建过的需要先删除掉,看到started successfully就表示启动成功了;
[Step 0]: checking if docker is installed ...Note: docker version: 19.03.5[Step 1]: checking docker-compose is installed ...Note: docker-compose version: 1.24.0[Step 2]: loading Harbor images ...Loaded image: goharbor/harbor-migrator:v1.10.6Loaded image: goharbor/harbor-core:v1.10.6Loaded image: goharbor/harbor-db:v1.10.6Loaded image: goharbor/harbor-registryctl:v1.10.6Loaded image: goharbor/nginx-photon:v1.10.6Loaded image: goharbor/clair-photon:v1.10.6Loaded image: goharbor/clair-adapter-photon:v1.10.6Loaded image: goharbor/harbor-portal:v1.10.6Loaded image: goharbor/harbor-log:v1.10.6Loaded image: goharbor/registry-photon:v1.10.6Loaded image: goharbor/notary-signer-photon:v1.10.6Loaded image: goharbor/harbor-jobservice:v1.10.6Loaded image: goharbor/redis-photon:v1.10.6Loaded image: goharbor/prepare:v1.10.6Loaded image: goharbor/notary-server-photon:v1.10.6Loaded image: goharbor/chartmuseum-photon:v1.10.6[Step 3]: preparing environment ...[Step 4]: preparing harbor configs ...prepare base dir is set to /mydata/harbor/harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsClearing the configuration file: /config/log/logrotate.confClearing the configuration file: /config/log/rsyslog_docker.confClearing the configuration file: /config/nginx/nginx.confClearing the configuration file: /config/core/envClearing the configuration file: /config/core/app.confClearing the configuration file: /config/registry/config.ymlClearing the configuration file: /config/registry/root.crtClearing the configuration file: /config/registryctl/envClearing the configuration file: /config/registryctl/config.ymlClearing the configuration file: /config/db/envClearing the configuration file: /config/jobservice/envClearing the configuration file: /config/jobservice/config.ymlGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlloaded secret from file: /secret/keys/secretkeyGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dirNote: stopping existing Harbor instance ...Stopping harbor-jobservice ... doneStopping harbor-core       ... doneStopping redis             ... doneStopping registryctl       ... doneStopping registry          ... doneStopping harbor-db         ... doneStopping harbor-portal     ... doneStopping harbor-log        ... doneRemoving harbor-jobservice ... doneRemoving harbor-core       ... doneRemoving redis             ... doneRemoving registryctl       ... doneRemoving registry          ... doneRemoving harbor-db         ... doneRemoving harbor-portal     ... doneRemoving harbor-log        ... doneRemoving network harbor_harbor[Step 5]: starting Harbor ...Creating network "harbor_harbor" with the default driverCreating harbor-log ... doneCreating harbor-portal ... doneCreating registry      ... doneCreating harbor-db     ... doneCreating registryctl   ... doneCreating redis         ... doneCreating harbor-core   ... doneCreating harbor-jobservice ... doneCreating nginx             ... done✔ ----Harbor has been installed and started successfully.----复制代码
  • 我们可以使用docker images命令查看下安装Harbor安装的Docker镜像,还挺多的;
REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE                              latest              dc3bacd8b5ea        8 days ago          1.23MBgoharbor/chartmuseum-photon          v1.10.6             01b70eccaf71        2 weeks ago         178MBgoharbor/harbor-migrator             v1.10.6             a5d4a4ee44e4        2 weeks ago         356MBgoharbor/redis-photon                v1.10.6             99e25b65195c        2 weeks ago         132MBgoharbor/clair-adapter-photon        v1.10.6             aa72598ecc12        2 weeks ago         61.3MBgoharbor/clair-photon                v1.10.6             da1b03030e34        2 weeks ago         171MBgoharbor/notary-server-photon        v1.10.6             37c8bed3e255        2 weeks ago         142MBgoharbor/notary-signer-photon        v1.10.6             c56d82220929        2 weeks ago         139MBgoharbor/harbor-registryctl          v1.10.6             1d3986d90c65        2 weeks ago         101MBgoharbor/registry-photon             v1.10.6             3e669c8204ed        2 weeks ago         83.7MBgoharbor/nginx-photon                v1.10.6             a39d8dd46060        2 weeks ago         43.7MBgoharbor/harbor-log                  v1.10.6             1085d3865a57        2 weeks ago         106MBgoharbor/harbor-jobservice           v1.10.6             aa05538acecf        2 weeks ago         143MBgoharbor/harbor-core                 v1.10.6             193e76e6be5d        2 weeks ago         129MBgoharbor/harbor-portal               v1.10.6             942a9c448850        2 weeks ago         51.8MBgoharbor/harbor-db                   v1.10.6             37da2e5414ae        2 weeks ago         170MBgoharbor/prepare                     v1.10.6             35f073e33ec5        2 weeks ago         177MB复制代码
  • 访问Harbor的管理界面,输入账号密码admin:Harbor12345登录即可,访问地址:http://192.168.3.101/
9eea1665c4d6f17b913ba6fe88762905.png

使用

接下来我们就可以使用Harbor来管理我们的镜像了。

  • 首先点击新建项目按钮,新建一个项目:
a0e10a3d857dd30847c69f9e0294e7cc.png
  • 这里新建一个叫做test的私有项目;
63679deab87fbcdae7167692bdc71c20.png
  • 由于docker login命令默认不支持http访问,所以我们需要手动开启,使用Vim编辑器修改docker的配置文件daemon.json;
vi /etc/docker/daemon.json复制代码
  • 添加一行insecure-registries配置即可,允许使用非安全方式访问Harbor镜像仓库,注意不要少了端口号80;
{ "registry-mirrors":["https://xxx.aliyuncs.com"], "insecure-registries":["192.168.3.101:80"]}复制代码
  • 再次重新启动docker服务;
systemctl restart docker复制代码
  • 再次使用install.sh启动Harbor服务;
./install.sh复制代码
  • 使用docker login命令访问Harbor镜像仓库,注意加上端口号为80;
[root@linux-local harbor]# docker login 192.168.3.101:80Username: adminPassword: WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded复制代码
  • 编写Dockerfile脚本,用于构建Docker镜像,一个最简单的busybox脚本如下;
FROM busybox:latest复制代码
  • 使用如下命令构建一个自己的busybox镜像;
docker build -t 192.168.3.101:80/test/busybox .复制代码
  • 将自己构建的busybox镜像推送到Harbor镜像仓库;
docker push 192.168.3.101:80/test/busybox复制代码
  • 推送成功后在Harbor的管理界面中就可以查看到busybox镜像了;
aab22ee02bb8aecd325fb574dbee25fa.png
  • 由于Harbor是用Docker Compose部署的,可以直接使用Docker Compose的命令来停止和启动。
# 停止Harbordocker-compose stop# 启动Harbordocker-compose start复制代码

结合SpringBoot使用

这里使用之前的mall-tiny-fabric项目来演示下,如何使用Maven插件一键打包并推送到Harbor镜像仓库。

  • 首先修改项目的pom.xml文件,修改推送的镜像仓库地址,并添加认证信息即可;
io.fabric8     docker-maven-plugin     0.33.0build-imagepackagebuildhttp://192.168.3.101:2375http://192.168.3.101:80adminHarbor12345192.168.3.101:80/mall-tiny/${project.name}:${project.version}java:8${project.build.finalName}.jar/artifact["java", "-jar","/${project.build.finalName}.jar"]macrozheng${project.artifactId}8080:8080mysql:db                     /etc/localtime:/etc/localtime/mydata/app/${project.artifactId}/logs:/var/logs复制代码
  • 推送镜像之前需要在Harbor中创建好mall-tiny项目,否则会无法推送镜像;
2203446932d9ae03b71e5848b13bed3d.png
  • 之后使用Maven插件打包镜像并推送到Harbor仓库,具体可以参考《还在手动部署SpringBoot应用?试试这个自动化插件!》,推送过程中输出信息如下;
[INFO] Scanning for projects...[INFO]                                                                         [INFO] ------------------------------------------------------------------------[INFO] Building mall-tiny-fabric 0.0.1-SNAPSHOT[INFO] ------------------------------------------------------------------------[INFO] [INFO] --- docker-maven-plugin:0.33.0:push (default-cli) @ mall-tiny-fabric ---[INFO] DOCKER> The push refers to repository [192.168.3.101:80/mall-tiny/mall-tiny-fabric]###############[INFO] DOCKER> 0.0.1-SNAPSHOT: digest: sha256:3a54682fd3b04526f6da0916e98f3d0d5ba4193a8ad6aafbe6c05a1badf6c13b size: 2212[INFO] DOCKER> Temporary image tag skipped. Target image '192.168.3.101:80/mall-tiny/mall-tiny-fabric:0.0.1-SNAPSHOT' already has registry set or no registry is available[INFO] DOCKER> Pushed 192.168.3.101:80/mall-tiny/mall-tiny-fabric:0.0.1-SNAPSHOT in 2 minutes and 8 seconds [INFO] ------------------------------------------------------------------------[INFO] BUILD SUCCESS[INFO] ------------------------------------------------------------------------[INFO] Total time: 02:11 min[INFO] Finished at: 2020-12-02T15:11:10+08:00[INFO] Final Memory: 19M/219M[INFO] ------------------------------------------------------------------------Process finished with exit code 0复制代码
  • 打开Harbor管理页面,发现mall-tiny-fabric镜像已经存在了。
7de51a90432ea7791a49dbeb611914ed.png

总结

Harbor提供了管理界面让我们可以更方便地管理Docker镜像,同时添加了基于角色的权限管理功能来保护镜像的安全。之前我们为了安全地使用镜像,需要使用繁琐的TLS来控制远程Docker服务打包镜像,具体参考《Docker服务开放了这个端口,服务器分分钟变肉机!》。现在我们只要搭建一个Harbor镜像仓库,然后本地打包好镜像上传到Harbor,需要使用镜像的时候直接从Harbor下载即可!


作者:MacroZheng
链接:https://juejin.cn/post/6907022706689245198
来源:掘金
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/AllinToyou/article/detail/160384
推荐阅读
相关标签
  

闽ICP备14008679号