devbox
从前慢现在也慢
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

Harbor—镜像仓库_harbor镜像仓库

作者:从前慢现在也慢 | 2024-08-04 10:40:39

harbor镜像仓库

1、Harbor介绍

        Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。
        官网地址:https://github.com/goharbor/harbor

2、Harbor镜像仓库部署

2.1、环境准备

harbor:192.168.4.5 2CPU、内存4G

关闭防火墙、selinux

2.2、自签发证书

1)创建存放证书目录

  1. [root@harbor ~]# openssl version     # 检查是否安装了openssl
  2. [root@harbor ~]# mkdir /opt/harbor-ca-key
  3. [root@harbor ~]# cd /opt/harbor-ca-key/

2)创建ca证书

  1. [root@harbor harbor-ca-key]# openssl genrsa -out ca.key 3072  # 生成3072位的ca.key的私钥
  2. [root@harbor harbor-ca-key]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem  # 生成一个数字证书 ca.pem,3650 表示证书的有效时间是 10 年,按箭头提示填写即可,没有箭头 标注的为空:
  3. You are about to be asked to enter information that will be incorporated
  4. into your certificate request.
  5. What you are about to enter is what is called a Distinguished Name or a DN.
  6. There are quite a few fields but you can leave some blank
  7. For some fields there will be a default value,
  8. If you enter '.', the field will be left blank.
  9. -----
  10. Country Name (2 letter code) [XX]:CN
  11. State or Province Name (full name) []:guangdong
  12. Locality Name (eg, city) [Default City]:guangzhou
  13. Organization Name (eg, company) [Default Company Ltd]:harbor
  14. Organizational Unit Name (eg, section) []:CA
  15. Common Name (eg, your name or your server's hostname) []:harbor64.cn
  16. Email Address []:jy@163.com

3)生成域名的证书 

  1.  
  2. [root@harbor harbor-ca-key]# openssl genrsa -out harbor.key 3072   # 生成一个 3072 位的 key,也就是私钥
  3.  
  4. [root@harbor harbor-ca-key]# openssl req -new -key harbor.key -out harbor.csr  #生成一个证书请求,一会签发证书时需要的,标箭头的按提示填写,没有箭头标注的为空:
  5.  
  6. You are about to be asked to enter information that will be incorporated
  7. into your certificate request.
  8. What you are about to enter is what is called a Distinguished Name or a DN.
  9. There are quite a few fields but you can leave some blank
  10. For some fields there will be a default value,
  11. If you enter '.', the field will be left blank.
  12. -----
  13. Country Name (2 letter code) [XX]:CN
  14. State or Province Name (full name) []:guangdong
  15. Locality Name (eg, city) [Default City]:guangzhou
  16. Organization Name (eg, company) [Default Company Ltd]:harbor
  17. Organizational Unit Name (eg, section) []:CA
  18. Common Name (eg, your name or your server's hostname) []:harbor64.cn
  19. Email Address []:jy@163.com
  21. Please enter the following 'extra' attributes
  22. to be sent with your certificate request
  23. A challenge password []:1234
  24. An optional company name []:harbor

4)签发证书

  1. [root@harbor harbor-ca-key]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
  2. Signature ok
  3. subject=/C=CN/ST=guangdong/L=guangzhou/O=harbor/OU=CA/CN=harbor64.cn/emailAddress=jy@163.com
  4. Getting CA Private Key
  5.  
  6. [root@harbor harbor-ca-key]# openssl x509 -noout -text -in harbor.pem   # 查看证书是否有效
  7.  
  8. Certificate:
  9.     Data:
  10.         Version: 1 (0x0)
  11.         Serial Number:
  12.             ed:66:8a:c0:ca:d3:2b:9e
  13.     Signature Algorithm: sha256WithRSAEncryption
  14.         Issuer: C=CN, ST=guangdong, L=guangzhou, O=harbor, OU=CA, CN=harbor64.cn/emailAddress=jy@163.com
  15.         Validity
  16.             Not Before: Jun  5 10:33:54 2022 GMT
  17.             Not After : Jun  2 10:33:54 2032 GMT
  18.         Subject: C=CN, ST=guangdong, L=guangzhou, O=harbor, OU=CA, CN=harbor64.cn/emailAddress=jy@163.com
  19.         Subject Public Key Info:
  20.             Public Key Algorithm: rsaEncryption
  21.                 Public-Key: (3072 bit)
  22.                 Modulus:
  23. …………………………………………………… # 显示以上内容证明有效
  24.  
  25. [root@harbor harbor-ca-key]# ls
  26. ca.key  ca.pem  ca.srl  harbor.csr  harbor.key  harbor.pem

2.3、安装 Harbor

1)安装docker、docker-compose 

  1. [root@harbor ~]# yum -y install wget
  2.  
  3. # 安装epel源,并将repo 配置中的地址替换为阿里云镜像站地址
  4. [root@harbor ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
  5. [root@harbor ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
  6. [root@harbor ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
  7.  
  8. # 下载阿里云的yum源文件
  9. [root@harbor ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.cloud.tencent.com/repo/centos7_base.repo
  10.  
  11.  
  12. # 配置docker源
  13. [root@harbor ~]# wget https://download.docker.com/linux/centos/docker-ce.repo -P /etc/yum.repos.d/
  14.  
  15. [root@harbor ~]# yum clean all && yum makecache 
  16. [root@harbor ~]# yum install -y docker-ce docker-compose
  17. [root@harbor ~]# systemctl enable docker
  18. [root@harbor ~]# systemctl restart docker

2)安装harbor

  1. [root@harbor ~]# wget --no-check-certificate http://github.com/goharbor/harbor/releases/download/v2.3.0/harbor-offline-installer-v2.3.0.tgz
  2. [root@harbor ~]# cd harbor/
  3. [root@harbor harbor]# cp harbor.yml.tmpl harbor.yml
  4. [root@harbor harbor]# vim harbor.yml
  5.   5 hostname: harbor64     #  修改 hostname,跟上面签发的证书域名保持一致
  6.  17 certificate: /opt/harbor-ca-key/harbor.pem
  7.  18 private_key: /opt/harbor-ca-key/harbor.key

3) 在 hosts 文件添加如下一行,然后保存即可 

 192.168.4.5 harbor64

4)安装Harbor

  1. [root@harbor harbor]# ./install.sh 
  2. [root@harbor harbor]# docker-compose stop    # 停止harbor
  3. [root@harbor harbor]# docker-compose start   # 启动harbor

5)Harbor图形化界面

浏览器输入网址:https://harbor64

 输入用户名:admin    密码:Harbor12345 

 Harbor界面登录成功

2.4、Harbor镜像仓库使用

        所有基础镜像都会放在 library 里面,这是一个公开的镜像仓库。

1)新建项目—>起个项目名字 test(把访问级别公开那个选中,让项目才可以被公开使用)

 

 2.5、在node1上测试使用 harbor64 的 harbor 镜像仓库

1)修改 docker 配置

  1. [root@node01 ~]# vim /etc/docker/daemon.json 
  2. {
  3. "exec-opts": ["native.cgroupdriver=systemd"],
  4. "registry-mirrors": ["http://f1361db2.m.daocloud.io"],
  5. "insecure-registries": ["192.168.4.5"]
  6. }

2)重启docker,查看docker是否启动成功

  1. [root@node01 ~]# systemctl daemon-reload && systemctl restart docker
  2. [root@node01 ~]# systemctl status docker

3)登录harbor,验证

  1. [root@node01 ~]# docker login 192.168.4.5
  2. Username: admin
  3. Password: 密码
  4. WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
  5. Configure a credential helper to remove this warning. See
  6. https://docs.docker.com/engine/reference/commandline/login/#credentials-store
  7.  
  8. Login Succeeded

4)导入 nginx 镜像

  1. [root@node01 ~]# ls
  2. anaconda-ks.cfg  k8s-install  nginx.tar.gz
  3. [root@node01 ~]# docker load -i nginx.tar.gz 
  4. [root@node01 ~]# docker tag nginx:latest 192.168.4.5/test/nginx:v1
  5. [root@node01 ~]# docker push 192.168.4.5/test/nginx:v1  #执行命令把nginx:v1上传到 harbor 里的 test 项目下

 5)Harbor仓库,可以查看到nginx镜像

 6)从 Harbor 仓库下载镜像

  1. [root@node01 ~]# docker images
  2. REPOSITORY                                           TAG       IMAGE ID       CREATED        SIZE
  3. 192.168.4.5/test/nginx                               v1        0e901e68141f   8 days ago     142MB
  4. nginx                                                latest    0e901e68141f   8 days ago     142MB
  5. [root@node01 ~]# docker rmi -f 192.168.4.5/test/nginx:v1    # 删除镜像
  6. [root@node01 ~]# docker pull 192.168.4.5/test/nginx:v1      # 拉取镜像

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/从前慢现在也慢/article/detail/927419
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号