搭建harbor私有镜像仓库 安装docker harbor
wget -c https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-offline-installer-v2.3.5.tgz
我的百度网盘
链接:https://pan.baidu.com/s/1eYsu5teqslfXE_SgCs_PeQ
提取码:mq57
文章图片
解压harbor包
root@debian:~/docker# ls
harbor-offline-installer-v2.3.3.tgz
root@debian:~/docker# tar -zxf harbor-offline-installer-v2.3.3.tgz -C /usr/local/
文章图片
修改harbor配置文件
root@debian:/usr/local# cd harbor/
root@debian:/usr/local/harbor# ls
common.shharbor.v2.3.3.tar.gzharbor.yml.tmplinstall.shLICENSEprepare
root@debian:/usr/local/harbor# cp harbor.yml.tmpl harbor.yml
文章图片
配置本地解析
vim /etc/hosts
127.0.0.1localhost
196.196.196.11debian# The following lines are desirable for IPv6 capable hosts
::1localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
196.196.196.11 harbor.example.com
文章图片
修改harbor.yml配置文件 我是用的这个 visual这个工具修改的
vim /usr/local/harbor/harbor.yml
第一处
hostname: harbor.example.com196.196.196.11#主机名修改为域名(也可以是ip)
文章图片
第二处
#注释掉以下没注释的
# https related config
# https:
# https port for harbor, default is 443#因为未做https,所以将https全部注释
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path
文章图片
密码
harbor_admin_password: Harbor12345#web界面登录密码
文章图片
启动脚本
//执行脚本
[root@harbor harbor]# ./install.sh
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating redis... done
Creating harbor-portal ... done
Creating registry... done
Creating harbor-db... done
Creating registryctl... done
Creating harbor-core... done
Creating nginx... done
Creating harbor-jobservice ... done
? ----Harbor has been installed and started successfully.----//安装成功
文章图片
启动报错 显示端口被占用,去查看端口或者改端口
【自己总结|docker搭建Harbor仓库】
文章图片
启动成功
文章图片
查看镜像
root@debian:/usr/local/harbor# docker images
REPOSITORYTAGIMAGE IDCREATEDSIZE
goharbor/harbor-exporterv2.3.3a75350aa1e3d8 months ago81.1MB
goharbor/chartmuseum-photonv2.3.324b85ee1f3ff8 months ago179MB
goharbor/redis-photonv2.3.35b8e952b8f458 months ago165MB
goharbor/trivy-adapter-photonv2.3.3271525f116198 months ago130MB
goharbor/notary-server-photonv2.3.3bea6e34658928 months ago110MB
goharbor/notary-signer-photonv2.3.3c5116fef5e4c8 months ago108MB
goharbor/harbor-registryctlv2.3.3ffea0a2c36748 months ago133MB
goharbor/registry-photonv2.3.308b0e6fe666e8 months ago81.9MB
goharbor/nginx-photonv2.3.343487013ae1e8 months ago45MB
goharbor/harbor-logv2.3.377b2d1cb3ab28 months ago168MB
goharbor/harbor-jobservicev2.3.3cb3b2c9d8f578 months ago211MB
goharbor/harbor-corev2.3.3f065d61635a88 months ago193MB
goharbor/harbor-portalv2.3.3eeb24c004c478 months ago58.2MB
goharbor/harbor-dbv2.3.37f32a2a212638 months ago237MB
goharbor/preparev2.3.39f7ce0f16ecc8 months ago262MB
文章图片
查看运行的 容器
root@debian:/usr/local/harbor# docker ps
CONTAINER IDIMAGECOMMANDCREATEDSTATUSPORTSNAMES
34143c398fffgoharbor/nginx-photon:v2.3.3"nginx -g 'daemon of…"About an hour agoUp About an hour (healthy)0.0.0.0:80->8080/tcp, :::80->8080/tcpnginx
41c5b9d90528goharbor/harbor-jobservice:v2.3.3"/harbor/entrypoint.…"About an hour agoUp About an hour (healthy)harbor-jobservice
190899f26070goharbor/harbor-core:v2.3.3"/harbor/entrypoint.…"About an hour agoUp About an hour (healthy)harbor-core
0be822fafc7bgoharbor/harbor-registryctl:v2.3.3"/home/harbor/start.…"About an hour agoUp About an hour (healthy)registryctl
f205740cd5f3goharbor/harbor-portal:v2.3.3"nginx -g 'daemon of…"About an hour agoUp About an hour (healthy)harbor-portal
f2e42ca499c2goharbor/registry-photon:v2.3.3"/home/harbor/entryp…"About an hour agoUp About an hour (healthy)registry
9559788d6d05goharbor/redis-photon:v2.3.3"redis-server /etc/r…"About an hour agoUp About an hour (healthy)redis
17ed48abfc39goharbor/harbor-db:v2.3.3"/docker-entrypoint.…"About an hour agoUp About an hour (healthy)harbor-db
4c206b580e82goharbor/harbor-log:v2.3.3"/bin/sh -c /usr/loc…"About an hour agoUp About an hour (healthy)127.0.0.1:1514->10514/tcpharbor-log
文章图片
查看端口占用
root@debian:/usr/local/harbor# ss -antl
StateRecv-QSend-QLocal Address:PortPeer Address:Port
LISTEN0128127.0.0.1:60110.0.0.0:*
LISTEN0128127.0.0.1:15140.0.0.0:*
LISTEN01280.0.0.0:800.0.0.0:*
LISTEN01280.0.0.0:220.0.0.0:*
LISTEN05127.0.0.1:6310.0.0.0:*
LISTEN0128[::1]:6011[::]:*
LISTEN050[::ffff:127.0.0.1]:9600*:*
LISTEN0128[::]:80[::]:*
LISTEN0128*:9200*:*
LISTEN0128*:9300*:*
LISTEN0128[::]:22[::]:*
LISTEN05[::1]:631[::]:*
文章图片
使用IP登录管理Harbor
账户:admin
密码:Harbor12345
文章图片
登陆之后页面
文章图片
配置https方式访问
[root@kub-k8s-master ~]# mkdir -pv /data/cert/
[root@kub-k8s-master ~]# openssl genrsa -out /data/cert/server.key 2048
Generating RSA private key, 2048 bit long modulus
............................................+++
............+++
e is 65537 (0x10001)
[root@kub-k8s-master ~]# openssl req -x509 -new -nodes -key /data/cert/server.key -subj "/CN=192.168.246.166" -days 3650 -out /data/cert/server.crt
[root@kub-k8s-master ~]# ll -a /data/cert
[root@kub-k8s-master ~]# cd harbor
[root@kub-k8s-master harbor]# vim harbor.yml#编辑如下
文章图片
重启
重启
[root@kub-k8s-master harbor]# ./prepare
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir如果出错,重启Docker服务,再次执行./prepare
[root@kub-k8s-master harbor]# docker-compose down
Stopping nginx... done
Stopping harbor-portal... done
Stopping harbor-jobservice ... done
Stopping harbor-core... done
Stopping harbor-db... done
Stopping redis... done
Stopping registryctl... done
Stopping registry... done
Stopping harbor-log... done
Removing nginx... done
Removing harbor-portal... done
Removing harbor-jobservice ... done
Removing harbor-core... done
Removing harbor-db... done
Removing redis... done
Removing registryctl... done
Removing registry... done
Removing harbor-log... done
Removing network harbor_harbor
[root@kub-k8s-master harbor]# docker-compose up -d#放后台
文章图片
查看
文章图片
访问测试
文章图片
文章图片
配置push镜像配置
[root@harbor harbor]# vim /etc/docker/daemon.json
[root@harbor harbor]# cat /etc/docker/daemon.json
{
"dns": ["8.8.8.8","8.8.4.4"],
"insecure-registries": [""https://harbor.example.com","https://196.196.196.11""]
}
文章图片
重启服务 systemctl restart docker 重启服务以后需要再跑一遍脚本,80端口才会启动 登录harbor仓库
[root@harbor harbor]# docker login 196.196.196.11我这里报错了,遇到下面报错
文章图片
解决账号登陆报错
默认时,client 与 Registry 的交互是通过 https 通信的。在 install Registry 时,若未配置任何tls 相关的 key 和 crt 文件,https 访问必然失败。使用 "–insecure-registry "可以指定 client 与 Registry 以 http 的方式进行通信。
修改 /lib/systemd/system/docker.service 文件里的 ExecStart= 行:
vim /lib/systemd/system/docker.service
添加这个
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=196.196.196.11
文章图片
重载、重启 docker 服务,验证配置是否生效
python@job:/lib/systemd/system$ systemctl daemon-reload
python@job:/lib/systemd/system$ systemctl restart docker
python@job:/lib/systemd/system$ docker info
————————————————可以看到
Insecure Registries:
196.196.196.11
127.0.0.0/8
文章图片
登陆成功
root@debian:/usr/local/harbor# docker login 196.196.196.11
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
创建harbor账号
文章图片
文章图片
账号:aike
密码:Aike@52100
项目授权
文章图片
再次登录harbor仓库 推送前创建一个项目
文章图片
文章图片
重新打包镜像并推送
docker pull daocloud.io/library/nginxroot@debian:/usr/local/harbor# docker images | grep nginx
goharbor/nginx-photonv2.3.343487013ae1e8 months ago45MB
nginx/ceshiv2.3.343487013ae1e8 months ago45MB
daocloud.io/library/nginxlatest298ec0e2876015 months ago133MBroot@debian:/usr/local/harbor# docker tag daocloud.io/library/nginx:latest 196.196.196.11/bimuyu/nginx
文章图片
推送镜像
The push refers to repository [196.196.196.11/bimuyu/nginx]
d9eb91d66e2a: Pushed
ae1f545e4c08: Pushed
c20672db3628: Pushed
4cbb728cd302: Pushed
9eb82f04c782: Pushed
latest: digest: sha256:1a53eb723d17523512bd25c27299046cfa034cce309f4ed330c943a304513f59 size: 1362
文章图片
效果
inx
[外链图片转存中...(img-3Tf9U9Ee-1659600781403)]### 推送镜像```shell
The push refers to repository [196.196.196.11/bimuyu/nginx]
d9eb91d66e2a: Pushed
ae1f545e4c08: Pushed
c20672db3628: Pushed
4cbb728cd302: Pushed
9eb82f04c782: Pushed
latest: digest: sha256:1a53eb723d17523512bd25c27299046cfa034cce309f4ed330c943a304513f59 size: 1362
[外链图片转存中…(img-h9UAdwQo-1659600781403)]
效果
文章图片
推荐阅读
- 云原生|【云原生之k8s】kubeadm搭建k8s集群
- linux|DHCP服务与配置
- docker|Docker容器之harbor私有仓库部署与管理
- 云原生|【云原生之k8s】k8s基础详解
- kubernetes|k8s中根据时间动态扩缩容
- Linux系统限制ip ssh连接
- docker|docker 的oci标准
- Linux|linux基础知识及虚拟机中的安装与设置
- linux|linux mysql优化_Linux数据库的MySQL性能优化技巧