一、Harbor 简介
Harbor 是一个开源的企业级 Docker Registry 服务,它提供了一个安全、可信赖的仓库来存储和管理 Docker 镜像。以下操作必须在服务器安装 docker 和 docker-compose 的前提下
二、Harbor 的下载
2.1.通过 Linux 命令下载
wget https://github.com/goharbor/harbor/releases/download/v2.12.3/harbor-offline-installer-v2.12.3.tgz
2.2.GitHup 下载
下载地址:https://github.com/goharbor/harbor/releases
下载成功后,把包通过 上传到 服务器。
2.3.解压
解压文件
tar -zxvf harbor-offline-installer-v2.12.3.tgz
三、启动 Harbor
3.1 修改配置文件
复制 harbor.yml.tmpl 文件并重命令为 harbor.yml 修改此配置文件,需要设置 hostname、端口、数据库密码登。
cp harbor.yml.tmpl harbor.yml #拷贝
vim harbor.yml
修改配置文件:
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
# 修改 hostname 的值,如果没有域名就使用本机 IP 地址
hostname: 192.168.1.150
# http related config
# 配置启动端口
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 5000
# https related config
# 如果没有申请证书,需要隐藏 https
#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# enable strong ssl ciphers (default: false)
# strong_ssl_ciphers: false
# Remember Change the admin password from UI after launching Harbor.
# admin 用户登录密码
harbor_admin_password: root@1234
3.2 启动
配置文件修改成功后,执行 install.sh 脚本进行安装 harbor
./install.sh
提示安装成功。可以访问 Harbor 了。http://192.168.1.150:5000/
访问成功,由于 Harbor 是通过 docker 管理的,所以启动非常方便。如上图所示,表示 Docker 私有 仓库已经部署成功了。
四、Docker 命令使用私有仓库
4.1 登录
首先登录私有仓库地址:
docker login -u admin -p root@1234 http://192.168.1.50:5000
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: Get "https://192.168.1.50:5000/v2/": proxyconnect tcp: dial tcp 192.168.65.7:3128: connect: connection refused
docker 认为这个地址是不安全的,所以需要再 docker 守护进程配置文件中把该地址加入安全范围
{
"registry-mirrors": ["https://docker.m.daocloud.io"],
"log-driver":"json-file",
"log-opts": {"max-size":"1g", "max-file":"3"},
"live-restore": true,
"insecure-registries": ["192.168.1.50:5000"]
}
# insecure-registries 不安全的注册表配置一些不安全的地址信息,让Docker认为是安全的。多个地址使用 "," 分割
加入配置成功后,重启 docker 服务,harbor服务,再次登录
[root@localhost harbor]# docker login -u admin -p root@1234 http://192.168.1.50:5000
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
4.2 推送
标记镜像
首先,需要使用docker tag 命令为本地的镜像添加一个新的标签,该标签应包含 Harbor 仓库的地址、项目名称以及要使用的镜像名称和标签。
假设本地镜像 ID 或者 名称是 nginx,并且标签为 latest ,可以这样操作:
docker tag nginx:latest 192.168.1.50:5000/crm_public/nginx:latest
docker push 192.168.1.50:5000/crm_public/nginx:latest
输出结果如下
[root@localhost ~]# docker push 192.168.1.50:5000/crm_public/nginx:latest
The push refers to repository [192.168.1.50:5000/crm_public/nginx]
8030dd26ec5d: Pushed
d84233433437: Pushed
f8455d4eb3ff: Pushed
286733b13b0f: Pushed
46a24b5c31d8: Pushed
84accda66bf0: Pushed
6c4c763d22d0: Pushed
latest: digest: sha256:056c8ad1921514a2fc810a792b5bd18a02d003a99d6b716508bf11bc98c413c3 size: 1778
查看 Harbor 仓库,推送成功
4.3 拉取
通过另一台服务器,使用 docker pull 从私有仓库拉取镜像:
docker pull 192.168.1.50:5000/crm_public/nginx:latest
[root@localhost ~]# docker pull 192.168.1.50:5000/crm_public/nginx:latest
latest: Pulling from crm_public/nginx
61ffccc6e275: Pull complete
913115292750: Pull complete
3e544d53ce49: Pull complete
4f21ed9ac0c0: Pull complete
d38f2ef2d6f2: Pull complete
40a6e9f4e456: Pull complete
d3dc5ec71e9d: Pull complete
Digest: sha256:056c8ad1921514a2fc810a792b5bd18a02d003a99d6b716508bf11bc98c413c3
Status: Downloaded newer image for 192.168.1.50:5000/crm_public/nginx:latest
192.168.1.50:5000/crm_public/nginx:latest注意:本文归作者所有,未经作者允许,不得转载
