热门标签
热门文章
- 1基于YOLOv8+Pyqt5火焰烟雾检测系统_yolov8与pyqt5结合,封装目标检测器
- 2终于解决!ElasticSearch公网无法访问的问题_连不上服务器的elesticsearch
- 3Aiseesoft Data Recovery for Mac:专业数据恢复软件
- 4三款好用的 Docker 可视化管理工具_docker管理工具
- 5数据要素价值实现,数据安全合规治理为先│朗言数安专家简析企业数据资产化前景与挑战
- 6在中文zh_core_web_sm-2.3.1和英文en_core_web_sm 中,token_pos 实际上分别各有多少个标签?
- 7gitlab服务下载安装_gitlab服务端下载
- 8虹科Pico汽车示波器 | 免拆诊断案例 | 2018款东风风神AX7车发动机怠速抖动、加速无力
- 9为全面发展信息技术应用创新 实现数字化转型,金融信创势在必行_银行数字化转型中的信创科技
- 10时间复杂度的计算_时间复杂度怎么算
当前位置: article > 正文
使用docker-compose安装harbor
作者:你好赵伟 | 2024-05-17 07:14:43
赞
踩
docker-compose安装harbor
一、harbor特性
1、基于角色的访问控制:用户和存储库是通过“项目”组织的,用户可以对多个镜像仓库统一命名空间拥有不同的权限。
2、镜像复制:可以基于具有多个Registry实例之间复制(同步)图像和图表。如果出现任何错误,Harbor会自动重试复制。非常适合于负载平衡、高可用性、多数据中心、混合和多云场景。
3、LDAP/AD支持:Harbor与现有企业LDAP/AD集成,用于用户身份验证和管理,并支持将LDAP组导入Harbor并为其分配适当的项目角色。
镜像删除和垃圾收集:镜像可以删除,其空间可以回收。
4、国际化:对多国语言支持(已拥有中文、英文、德文、日语和俄文);
5、图形化用户界面:用户可以轻松浏览、搜索存储库和管理项目。
6、审计管理:跟踪到存储库的所有操作。
7、RESTful API:用于大多数管理操作的RESTful API,易于与外部系统集成。一个嵌入式的Swagger用户界面可用于探索和测试API。
简单部署:提供在线和离线安装程序。此外,可以安装到vSphere平台的(OVA方式)虚拟设备。
二、Harbor 组件
1、proxy:Harbor的组件,如注册表、UI和令牌服务,都位于反向代理之后。代理将来自浏览器和Docker客户机的请求转发到各种后端服务。
2、Registry:负责存储Docker镜像和处理Docker推/拉命令。由于Harbor需要对映像进行访问权限控制,Registry将引导客户机访问令牌服务,以便为每个pull或push请求获取有效的令牌(token)。
3、Core Service:Harbor的核心功能,主要提供以下服务:
1)UI:提供图像化的图形用户界面,帮助人户管理镜像和对用户授权。
2)webhook: 为了及时获取registry上images的状态变化的情况,在Registry上配置webhook,把状态变化传递UI模块;
3)Token令牌服务:负责根据用户在项目中的角色为每个docker push/pull命令颁发令牌。如果从Docker客户机发送的请求中没有令牌,注册表将把请求重定向到令牌服务。
4、Datebase:为了给core services提供数据库舒服,负责储存用户权限、审计日志、Docker image分组信息等数据。
5、Job Services:提供镜像远程负责功能,能把本地镜像同步到其他harbor实例当中。
6、Log Collector:为了帮助监控Harbor运行,负责手机其他组件的log,供日后分析。
三、部署环境
centos-7.6 192.168.8.130
Docker version 1.19.3
docker-compose version 1.24.2
harbor-offline-installer-v1.8.6.tgz
- 1
- 2
- 3
- 4
- 5
四、安装docker-compose
方式1:
[root@centos130 ~]# curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
[root@centos130 ~]# chmod +x /usr/local/bin/docker-compose
方式2:
[root@centos130 ~]# wget https://bootstrap.pypa.io/get-pip.py
[root@centos130 ~]# python get-pip.py
[root@centos130 ~]# pip install docker-compose
- 1
- 2
- 3
- 4
- 5
- 6
- 7
五、卸载docker-compose
#二进制:
[root@centos130 ~]rm /usr/local/bin/docker-compose
#pip:
[root@centos130 ~]pip uninstall docker-compose
- 1
- 2
- 3
- 4
- 5
六、安装docker
[root@centos130 ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 添加一个稳定的源 [root@centos130 ~]# yum-config-manager --add-repo \ http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo [root@centos130 ~]# yum makecache fast 安装最新稳定版本的docker-ce [root@centos130 ~]# yum install -y docker-ce docker-ce-cli containerd.io vim [root@centos130 ~]# mkdir /etc/docker && vim /etc/docker/daemon.json { "registry-mirrors": ["https://yxrgrke0.mirror.aliyuncs.com"], "insecure-registries": ["192.168.8.130:5000"], "insecure-registries": ["centos130:80"], "log-driver": "json-file", "log-opts": { "max-size": "100m", "max-file": "3" } } 启动docker [root@centos130 ~]# systemctl daemon-reload [root@centos130 ~]# systemctl enable docker && systemctl start docker [root@centos130 ~]# systemctl status docker
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
七、安装harbor
harbor下载地址:
harbor github 地址 https://github.com/goharbor/harbor
http://harbor.orientsoft.cn/
[root@centos130 ~]# wget https://storage.googleapis.com/harbor-releases/release-1.8.6/harbor-offline-installer-v1.8.6.tgz
[root@centos130 ~]# tar -xf harbor-offline-installer-v1.8.6.tgz -C /usr/local/
[root@centos130 ~]# cd /usr/local/harbor/
[root@centos130 ~]# vim harbor.yml
hostname = centos130
#这里只是简单的测试,所以只编辑这一行,其他的默认不做修改
#禁止用户注册
self_registration = off
#设置只有管理员可以创建项目
project_creation_restriction = adminonly
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
八、执行安装脚本
[root@centos130 ~]# ./instsll.sh
说明:安装报错 找不到docker-proxy 、 docker-runc
执行
[root@centos130 ~]# ln -s /usr/libexec/docker/docker-runc-current /usr/bin/docker-runc
[root@centos130 ~]# ln -s /usr/libexec/docker/docker-proxy-current /usr/bin/docker-proxy
查看启动的镜像文件
[root@centos130 ~]# docker-compose ps
Harbor容器的stop与start:
[root@centos130 ~]# cd /usr/local/harbor/
[root@centos130 ~]# docker-compose stop
[root@centos130 ~]# docker-compose start
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
九、登录harbor
到此便安装完成了,直接打开浏览器登陆,并创建my项目:
默认用户密码是:admin/Harbor12345
Shell命令行终端登录harbor仓库
[root@centos130 ~]# harbor上传镜像
[root@centos130 ~]# docker login centos130:80
[root@centos130 ~]# docker login -u admin -p Harbor12345 centos130:80 #账号密码: admin/Harbor12345
Username: admin
Password:
Login Succeeded
- 1
- 2
- 3
- 4
- 5
- 6
- 7
测试镜像上传
[root@centos130 ~]# docker pull nginx [root@centos130 ~]# docker tag nginx:latest centos130:80/my/nginx:latest [root@centos130 ~]# docker images [root@centos130 ~]# docker push centos130:80/my/nginx:latest The push refers to repository [centos130:80/my/nginx] 55a77731ed26: Pushed 71f2244bc14d: Pushed f2cb0ecef392: Pushed latest: digest: sha256:3936fb3946790d711a68c58be93628e43cbca72439079e16d154b5db216b58da size: 948 说明: 格式为: userip/项目名/image名字:版本号 (项目名需要在webui 提前建好) [root@centos130 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE centos130:80/my/nginx:latest latest 5a3221f0137b 5 days ago 126MB nginx latest 5a3221f0137b 5 days ago 126MB 删除本地nginx镜像,测试下载 [root@centos130 ~]# docker pull centos130:80/my/nginx:latest
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
十、harbor修改端口号
1、修改docker-compose.yml文件映射为1180端口:
修改配置文件 [root@centos130 ~]# cat /usr/local/harbor/docker-compose.yml version: '2.3' services: log: image: goharbor/harbor-log:v1.8.6 container_name: harbor-log restart: always dns_search: . cap_drop: - ALL cap_add: - CHOWN - DAC_OVERRIDE - SETGID - SETUID volumes: - /var/log/harbor/:/var/log/docker/:z - ./common/config/log/:/etc/logrotate.d/:z ports: - 127.0.0.1:1514:10514 networks: - harbor registry: image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.6 container_name: registry restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID volumes: - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z - type: bind source: /data/secret/registry/root.crt target: /etc/registry/root.crt networks: - harbor dns_search: . depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registry" registryctl: image: goharbor/harbor-registryctl:v1.8.6 container_name: registryctl env_file: - ./common/config/registryctl/env restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID volumes: - /data/registry:/storage:z - ./common/config/registry/:/etc/registry/:z - type: bind source: ./common/config/registryctl/config.yml target: /etc/registryctl/config.yml networks: - harbor dns_search: . depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "registryctl" postgresql: image: goharbor/harbor-db:v1.8.6 container_name: harbor-db restart: always cap_drop: - ALL cap_add: - CHOWN - DAC_OVERRIDE - SETGID - SETUID volumes: - /data/database:/var/lib/postgresql/data:z networks: harbor: dns_search: . env_file: - ./common/config/db/env depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "postgresql" core: image: goharbor/harbor-core:v1.8.6 container_name: harbor-core env_file: - ./common/config/core/env restart: always cap_drop: - ALL cap_add: - SETGID - SETUID volumes: - /data/ca_download/:/etc/core/ca/:z - /data/psc/:/etc/core/token/:z - /data/:/data/:z - ./common/config/core/certificates/:/etc/core/certificates/:z - type: bind source: ./common/config/core/app.conf target: /etc/core/app.conf - type: bind source: /data/secret/core/private_key.pem target: /etc/core/private_key.pem - type: bind source: /data/secret/keys/secretkey target: /etc/core/key networks: harbor: dns_search: . depends_on: - log - registry logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "core" portal: image: goharbor/harbor-portal:v1.8.6 container_name: harbor-portal restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID - NET_BIND_SERVICE networks: - harbor dns_search: . depends_on: - log - core logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "portal" jobservice: image: goharbor/harbor-jobservice:v1.8.6 container_name: harbor-jobservice env_file: - ./common/config/jobservice/env restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID volumes: - /data/job_logs:/var/log/jobs:z - type: bind source: ./common/config/jobservice/config.yml target: /etc/jobservice/config.yml networks: - harbor dns_search: . depends_on: - redis - core logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "jobservice" redis: image: goharbor/redis-photon:v1.8.6 container_name: redis restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID volumes: - /data/redis:/var/lib/redis networks: harbor: dns_search: . depends_on: - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "redis" proxy: image: goharbor/nginx-photon:v1.8.6 container_name: nginx restart: always cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID - NET_BIND_SERVICE volumes: - ./common/config/nginx:/etc/nginx:z networks: - harbor dns_search: . ports: - 1180:80 - 443:443 - 4443:4443 depends_on: - postgresql - registry - core - portal - log logging: driver: "syslog" options: syslog-address: "tcp://127.0.0.1:1514" tag: "proxy" networks: harbor: external: false
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
2、修改/etc/docker/daemon.json文件将80修改为1180端口:
修改daemon配置
[root@centos130 ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://yxrgrke0.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.8.130:5000"],
"insecure-registries": ["centos130:1180"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
3、修改/usr/locat/harbor/harbor.yml文件的hostname
修改hostname配置
cat /usr/locat/harbor/harbor.yml
hostname: centos130:1180
- 1
- 2
- 3
- 4
4、停止harbor,重新启动并生成配置文件
重新初始化
[root@centos130 ~]# cd /usr/locat/harbor/
[root@centos130 ~]# docker-compose stop
[root@centos130 ~]# ./install.sh
- 1
- 2
- 3
- 4
- 5
5、重新启动docker
[root@centos130 ~]# systemctl daemon-reload
[root@centos130 ~]# systemctl restart docker.service
验证
[root@centos130 ~]# docker login centos130:1180
Username: admin
Password: Harbor12345
- 1
- 2
- 3
- 4
- 5
- 6
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/你好赵伟/article/detail/582522
推荐阅读
相关标签
