普拉多VX

人生一路,不问来时,不知归期

0%

Harbor私有仓库部署

Harbor

Harbor(港口)是一个开放源代码注册中心,Harbor是CNCF项目,VMware公司开源。用于构建企业级私有docker镜像的仓库的开源解决方案,它是Docker Registry的更高级封装,它除了提供友好的Web UI界面。

安装Harbor

安装条件

Resource Minimum Recommended
CPU 2 CPU 4 CPU
Mem 4 GB 8 GB
Disk 40 GB 160 GB

Software Version Description
Docker engine Version 17.06.0-ce+ or higher For installation instructions, see Docker Engine documentation
Docker Compose Version 1.18.0 or higher For installation instructions, see Docker Compose documentation
Openssl Latest is preferred Used to generate certificate and keys for Harbor

1.配置环境

安装docker-ce

1
2
3
4
5
6
7
8
9
10
11
12
[root@iZ2zedqqdtca3xspuss20zZ ~]# yum update
[root@iZ2zedqqdtca3xspuss20zZ ~]# yum -y install wget curl yum-utils
[root@iZ2zedqqdtca3xspuss20zZ ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo #添加阿里源
[root@iZ2zedqqdtca3xspuss20zZ ~]# yum update docker-ce docker-compose
[root@iZ2zedqqdtca3xspuss20zZ ~]# systemctl start docker
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[root@iZ2zedqqdtca3xspuss20zZ ~]#

[root@iZ2zedqqdtca3xspuss20zZ ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@iZ2zedqqdtca3xspuss20zZ ~]#

检查docker版本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker version
Client: Docker Engine - Community
Version: 19.03.12
API version: 1.40
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:46:54 2020
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 19.03.12
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:45:28 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683

检查docker-compose版本

1
2
3
4
5
6
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker-compose version
docker-compose version 1.18.0, build 8dd22a9
docker-py version: 2.6.1
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
[root@iZ2zedqqdtca3xspuss20zZ ~]#

2.下载Harbor

两种安装方式

  • 在线
  • 离线安装包

下载离线包(需要加速,或者可续上网。我是下载后上传到服务器)

1
2
3
4
5
6
7
8
[root@iZ2zedqqdtca3xspuss20zZ ~]# wget https://github.com/goharbor/harbor/releases/download/v2.0.2/harbor-offline-installer-v2.0.2.tgz
[root@iZ2zedqqdtca3xspuss20zZ ~]# tar xf harbor-offline-installer-latest.tgz
[root@iZ2zedqqdtca3xspuss20zZ ~]# cd harbor
[root@iZ2zedqqdtca3xspuss20zZ harbor]# ls
common.sh harbor.v2.0.2.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
[root@iZ2zedqqdtca3xspuss20zZ harbor]#
# 复制模版文件
[root@iZ2zedqqdtca3xspuss20zZ harbor]# cp harbor.yml.tmpl harbor.yml

目录结构

1
2
3
4
5
6
7
8
.
├── common.sh
├── harbor.v2.0.2.tar.gz
├── harbor.yml
├── harbor.yml.tmpl
├── install.sh
├── LICENSE
└── prepare
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
hostname: 101.200.233.146   # 修改hostname为客户的可以访问的ip或者域名
http:
port: 80 # 默认端口

# https related config # 没有证书可以屏蔽掉
#https:
# # https port for harbor, default is 443
# port: 443
# # The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path

harbor_admin_password: Harbor12345
database: # 数据库密码
password: root123
max_idle_conns: 50
max_open_conns: 1000
data_volume: /data
clair:
updaters_interval: 12
trivy:
ignore_unfixed: false
skip_update: false
insecure: false
jobservice:
max_job_workers: 10
notification:
webhook_job_max_retry: 10
chart:
absolute_url: disabled
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 2.0.0
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- clair
- trivy

3.执行安装

准备安装包,然后安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@iZ2zedqqdtca3xspuss20zZ harbor]# ./prepare 
[root@iZ2zedqqdtca3xspuss20zZ harbor]# ./install.sh
......


Creating harbor-log ... done
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Creating registry ... done
Creating harbor-core ... done
Creating network "harbor_harbor" with the default driver
Creating nginx ... done
Creating harbor-db ...
Creating registry ...
Creating harbor-portal ...
Creating redis ...
Creating registryctl ...
Creating harbor-core ...
Creating harbor-jobservice ...
Creating nginx ...
✔ ----Harbor has been installed and started successfully.----

配置Harbor

1.访问Harbor

http://x.x.x.x 默认账户是admin 密码 Harbor12345

2.登录系统。默认支持6种语言

3.支持2种主题,在左下角切换

4.创建项目(不等于仓库)

-1 表示不设置容量限制,同时在右上角能看到当前系统所占用的容量仪表

公开 表示任何人可以访问

5.推送镜像

6.创建用户

7.添加项目人员

4种角色

8.登录系统后开始推送

修改客户端docker配置

1
2
3
4
5
6
7
8
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# vim /etc/docker/daemon.json 
{
"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"],
"insecure-registries":["101.200.233.146"]
}

重启
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# systemctl restart docker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# docker login 101.200.233.146
Username: roddy
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded



root@iZm5e7rjmq1tkuwoy8h8vuZ:~# docker tag busybox 101.200.233.146/yunwei/busybox
root@iZm5e7rjmq1tkuwoy8h8vuZ:~# docker push 101.200.233.146/yunwei/busybox
The push refers to repository [101.200.233.146/yunwei/busybox]
514c3a3e64d4: Pushed
latest: digest: sha256:400ee2ed939df769d4681023810d2e4fb9479b8401d97003c710d0e20f7c49c6 size: 527

9.推送完成检查

10.关闭harbor

1
2
3
4
5
6
7
8
9
10
[root@iZ2zedqqdtca3xspuss20zZ harbor]# docker-compose stop
Stopping harbor-jobservice ...
Stopping nginx ... done
Stopping harbor-core ...
Stopping registryctl ...
Stopping registry ...
Stopping redis ...
Stopping harbor-portal ... done
Stopping harbor-db ...
Stopping harbor-log ...

Harbor权限

官方网站对权限有解释

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Action	Limited Guest	Guest	Developer	Master	Project Admin
See the project configurations ✓ ✓ ✓ ✓ ✓
Edit the project configurations ✓
See a list of project members ✓ ✓ ✓ ✓
Create/edit/delete project members ✓
See a list of project logs ✓ ✓ ✓ ✓
See a list of project replications ✓ ✓
See a list of project replication jobs ✓
See a list of project labels ✓ ✓
Create/edit/delete project labels ✓ ✓
See a list of repositories ✓ ✓ ✓ ✓ ✓
Create repositories ✓ ✓ ✓
Edit/delete repositories ✓ ✓
See a list of images ✓ ✓ ✓ ✓ ✓
Retag image ✓ ✓ ✓ ✓
Pull image ✓ ✓ ✓ ✓ ✓
Push image ✓ ✓ ✓
Scan/delete image ✓ ✓
Add scanners to Harbor
Edit scanners in projects ✓
See a list of image vulnerabilities ✓ ✓ ✓ ✓ ✓
See image build history ✓ ✓ ✓ ✓ ✓
Add/Remove labels of image ✓ ✓ ✓
See a list of helm charts ✓ ✓ ✓ ✓ ✓
Download helm charts ✓ ✓ ✓ ✓ ✓
Upload helm charts ✓ ✓ ✓
Delete helm charts ✓ ✓
See a list of helm chart versions ✓ ✓ ✓ ✓ ✓
Download helm chart versions ✓ ✓ ✓ ✓ ✓
Upload helm chart versions ✓ ✓ ✓
Delete helm chart versions ✓ ✓
Add/Remove labels of helm chart version ✓ ✓ ✓
See a list of project robots ✓ ✓
Create/edit/delete project robots ✓
See configured CVE whitelist ✓ ✓ ✓ ✓ ✓
Create/edit/remove CVE whitelist ✓
Enable/disable webhooks ✓ ✓ ✓
Create/delete tag retention rules ✓ ✓ ✓
Enable/disable tag retention rules ✓ ✓ ✓
Create/delete tag immutability rules
Enable/disable tag immutability rules
See project quotas ✓ ✓ ✓ ✓ ✓
Edit project quotas *

参考网站