Harbor 搭建

Harbor 搭建

Harbor 是一个开源可信的云原生注册表项目,用于存储、签名和扫描内容。用于存储 docker image

要求

  1. Linux 主机
  2. docker 17.06.0-ce 以上
  3. docker-compose 1.18.0 以上

链接跳转:docker 安装

安装

  1. 下载程序

在线安装包

1wget https://github.com/goharbor/harbor/releases/download/v1.10.10/harbor-online-installer-v1.10.10.tgz

离线安装包

1wget https://github.com/goharbor/harbor/releases/download/v1.10.10/harbor-offline-installer-v1.10.10.tgz
  1. 安装
1mkdir -p /data
2cd /data
3tar -zxvf harbor-offline-installer-v1.10.10.tgz
4cd /harbor
5./install.sh

接下来只要安静的等待安装就可以了

配置

  1# Configuration file of Harbor
  2
  3# The IP address or hostname to access admin UI and registry service.
  4# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
  5hostname: <域名>
  6
  7# http related config
  8http:
  9  # port for http, default is 80. If https enabled, this port will redirect to https port
 10  port: 80
 11
 12# https related config
 13https:
 14  # https port for harbor, default is 443
 15  port: 443
 16  # SSL证书
 17  certificate: /hub/ssl/bundle.pem
 18  private_key: /hub/ssl/key
 19
 20# Uncomment external_url if you want to enable external proxy
 21# And when it enabled the hostname will no longer used
 22# external_url: https://reg.mydomain.com:8433
 23
 24# The initial password of Harbor admin
 25# It only works in first time to install harbor
 26# Remember Change the admin password from UI after launching Harbor.
 27harbor_admin_password: <密码>
 28
 29# Harbor DB configuration
 30database:
 31  # The password for the root user of Harbor DB. Change this before any production use.
 32  password: <密码>
 33  # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
 34  max_idle_conns: 50
 35  # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
 36  # Note: the default number of connections is 100 for postgres.
 37  max_open_conns: 100
 38
 39# The default data volume
 40data_volume: /data
 41
 42# Harbor Storage settings by default is using /data dir on local filesystem
 43# Uncomment storage_service setting If you want to using external storage
 44# storage_service:
 45#   # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
 46#   # of registry's and chart repository's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.
 47#   ca_bundle:
 48
 49#   # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
 50#   # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
 51#   filesystem:
 52#     maxthreads: 100
 53#   # set disable to true when you want to disable registry redirect
 54#   redirect:
 55#     disabled: false
 56
 57# Clair configuration
 58clair:
 59  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
 60  updaters_interval: 12
 61
 62jobservice:
 63  # Maximum number of job workers in job service
 64  max_job_workers: 10
 65
 66notification:
 67  # Maximum retry count for webhook job
 68  webhook_job_max_retry: 10
 69
 70chart:
 71  # Change the value of absolute_url to enabled can enable absolute url in chart
 72  absolute_url: disabled
 73
 74# Log configurations
 75log:
 76  # options are debug, info, warning, error, fatal
 77  level: info
 78  # configs for logs in local storage
 79  local:
 80    # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
 81    rotate_count: 50
 82    # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
 83    # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
 84    # are all valid.
 85    rotate_size: 200M
 86    # The directory on your host that store log
 87    location: /var/log/harbor
 88
 89  # Uncomment following lines to enable external syslog endpoint.
 90  # external_endpoint:
 91  #   # protocol used to transmit log to external endpoint, options is tcp or udp
 92  #   protocol: tcp
 93  #   # The host of external endpoint
 94  #   host: localhost
 95  #   # Port of external endpoint
 96  #   port: 5140
 97
 98#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
 99_version: 1.10.0
100
101# Uncomment external_database if using external database.
102# external_database:
103#   harbor:
104#     host: harbor_db_host
105#     port: harbor_db_port
106#     db_name: harbor_db_name
107#     username: harbor_db_username
108#     password: harbor_db_password
109#     ssl_mode: disable
110#     max_idle_conns: 2
111#     max_open_conns: 0
112#   clair:
113#     host: clair_db_host
114#     port: clair_db_port
115#     db_name: clair_db_name
116#     username: clair_db_username
117#     password: clair_db_password
118#     ssl_mode: disable
119#   notary_signer:
120#     host: notary_signer_db_host
121#     port: notary_signer_db_port
122#     db_name: notary_signer_db_name
123#     username: notary_signer_db_username
124#     password: notary_signer_db_password
125#     ssl_mode: disable
126#   notary_server:
127#     host: notary_server_db_host
128#     port: notary_server_db_port
129#     db_name: notary_server_db_name
130#     username: notary_server_db_username
131#     password: notary_server_db_password
132#     ssl_mode: disable
133
134# Uncomment external_redis if using external Redis server
135# external_redis:
136#   host: redis
137#   port: 6379
138#   password:
139#   # db_index 0 is for core, it's unchangeable
140#   registry_db_index: 1
141#   jobservice_db_index: 2
142#   chartmuseum_db_index: 3
143#   clair_db_index: 4
144
145# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
146# uaa:
147#   ca_file: /path/to/ca
148
149# Global proxy
150# Config http proxy for components, e.g. http://my.proxy.com:3128
151# Components doesn't need to connect to each others via http proxy.
152# Remove component from `components` array if want disable proxy
153# for it. If you want use proxy for replication, MUST enable proxy
154# for core and jobservice, and set `http_proxy` and `https_proxy`.
155# Add domain to the `no_proxy` field, when you want disable proxy
156# for some special registry.
157proxy:
158  http_proxy:
159  https_proxy:
160  # no_proxy endpoints will appended to 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server
161  no_proxy:
162  components:
163    - core
164    - jobservice
165    - clair

harbor 配置和使用

配置host地址

1vim /etc/hosts
1192.168.0.230 harbor.dev

配置docker参数

查找docker.service地址

1systemctl status docker

我的地址是 /usr/lib/systemd/system/docker.service

1vim /usr/lib/systemd/system/docker.service

增加 --insecure-registry=harbor.dev

 1[Unit]
 2Description=Docker Application Container Engine
 3Documentation=https://docs.docker.com
 4After=network-online.target docker.socket firewalld.service containerd.service time-set.target
 5Wants=network-online.target containerd.service
 6Requires=docker.socket
 7
 8[Service]
 9Type=notify
10# the default is not to use systemd for cgroups because the delegate issues still
11# exists and systemd currently does not support the cgroup feature set required
12# for containers run by docker
13# 增加 私有harbor 地址
14ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=harbor.dev  --containerd=/run/containerd/containerd.sock
15ExecReload=/bin/kill -s HUP $MAINPID
16TimeoutStartSec=0
17RestartSec=2
18Restart=always
19
20# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
21# Both the old, and new location are accepted by systemd 229 and up, so using the old location
22# to make them work for either version of systemd.
23StartLimitBurst=3
24
25# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
26# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
27# this option work for either version of systemd.
28StartLimitInterval=60s
29
30# Having non-zero Limit*s causes performance problems due to accounting overhead
31# in the kernel. We recommend using cgroups to do container-local accounting.
32LimitNOFILE=infinity
33LimitNPROC=infinity
34LimitCORE=infinity
35
36# Comment TasksMax if your systemd version does not support it.
37# Only systemd 226 and above support this option.
38TasksMax=infinity
39
40# set delegate yes so that systemd does not reset the cgroups of docker containers
41Delegate=yes
42
43# kill only the docker process, not all processes in the cgroup
44KillMode=process
45OOMScoreAdjust=-500
46
47[Install]
48WantedBy=multi-user.target

重新加载docker

1sudo systemctl daemon-reload
2sudo systemctl restart docker

登陆

在你需要上传的服务器上执行

1docker login <harbor域名>

输入用户名和密码,出现以下提示说明登录成功

1Login Succeeded

推送到harbor

标记本地镜像, 将其归入某一仓库,这里使用test仓库

docker tag <域名>/<仓库>/<镜像名>:<版本号>

1docker tag 127.0.0.1/test/nginx:v1

将本地镜像推送到镜像仓库(需先登录镜像仓库)

1docker push 127.0.0.1/test/nginx:v1