白云网站建设公司,wordpress标题不居中,wordpress 如何添加模板文件,做集装箱的网站华子目录 harbor简介实验环境准备下载软件包安装docker-cehosts解析 实验步骤配置https加密传输解压进入解压目录#xff0c;修改文件配置启动harbor 测试客户端配置harbor本地加速器注意 通过docker compose管理harbor harbor简介
harbor是由wmware公司开源的企业级docker r… 华子目录 harbor简介实验环境准备下载软件包安装docker-cehosts解析 实验步骤配置https加密传输解压进入解压目录修改文件配置启动harbor 测试客户端配置harbor本地加速器注意 通过docker compose管理harbor harbor简介
harbor是由wmware公司开源的企业级docker registry项目
它提供了以下主要功能和特点
基于角色的访问控制RBAC可以为不同的用户和用户组分配不同的权限增强了安全性和管理的灵活性惊醒复制支持在不同的harbor实例之间复制镜像方便在多个数据中心或环境中分发镜像图形化用户界面UI提供了直观的web界面便于管理镜像仓库、项目、用户等。审计日志记录了对镜像仓库的各种操作有助于追踪和审查活动垃圾回收可以清理不再使用的镜像节约存储空间
实验环境准备
下载软件包
网址https://github.com/goharbor/harbor/releases 这里我们选择v2.5.4版本 选择.tgz的包进行下载
安装docker-ce
[rootdocker-harbor ~]# yum install docker-ce -y[rootdocker-harbor ~]# systemctl enable --now dockerhosts解析
[rootdocker-harbor ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.254.139 reg.huazi.com实验步骤
配置https加密传输
做证书和key
[rootdocker-harbor ~]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout certs/huazi.com.key -addext subjectAltName DNS:reg.huazi.com -x509 -days 365 -out certs/huazi.com.crt
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:shanxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:docker
Organizational Unit Name (eg, section) []:registry
Common Name (eg, your name or your servers hostname) []:reg.huazi.com
Email Address []:adminhuazi.com[rootdocker-harbor ~]# cd certs/
[rootdocker-harbor certs]# ls
huazi.com.crt huazi.com.key
[rootdocker-harbor certs]#证书位置/root/certs/huazi.com.crtkey位置/root/certs/huazi.com.key
客户端获取harbor端的证书
[rootdocker-harbor ~]# mkdir -p /etc/docker/certs.d/reg.huazi.com/
[rootdocker-harbor ~]# cp /root/certs/huazi.com.crt /etc/docker/certs.d/reg.huazi.com/ca.crt[rootdocker-harbor ~]# systemctl restart docker解压
[rootdocker-harbor ~]# tar -zxvf harbor-offline-installer-v2.5.4.tgz
harbor/harbor.v2.5.4.tar.gz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/common.sh
harbor/harbor.yml.tmpl进入解压目录修改文件配置
[rootdocker-harbor ~]# cd harbor/
[rootdocker-harbor harbor]# ls
common.sh harbor.v2.5.4.tar.gz harbor.yml.tmpl install.sh LICENSE prepare[rootdocker-harbor harbor]# cp harbor.yml.tmpl harbor.yml[rootdocker-harbor harbor]# ls
common.sh harbor.v2.5.4.tar.gz harbor.yml harbor.yml.tmpl install.sh LICENSE prepare#其中harbor.v2.5.4.tar.gz是一个镜像包[rootdocker-harbor harbor]# vim harbor.ymlhostname: reg.huazi.com# http related config
http:# port for http, default is 80. If https enabled, this port will redirect to https portport: 80# https related config
https:# https port for harbor, default is 443port: 443# The path of cert and key files for nginxcertificate: /root/certs/huazi.com.crtprivate_key: /root/certs/huazi.com.key# enable strong ssl ciphers (default: false)# strong_ssl_ciphers: falseharbor_admin_password: 123456启动harbor
[rootdocker-harbor harbor]# ./install.sh --helpNote: Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https.
Please set --with-trivy if needs enable Trivy in Harbor
Please set --with-chartmuseum if needs enable Chartmuseum in Harbor设置主机名和其他必要属性 确实您需要在harbor.yml文件中设置主机名hostname和其他必要的配置属性。主机名不应设置为localhost或127.0.0.1因为Harbor需要能够被外部客户端访问。 关于Notary 注意根据Harbor的最新文档Notary可能已经被弃用或不再是Harbor的核心组件。在配置Harbor时如果您看到关于Notary的文档或选项请确保它们与您正在使用的Harbor版本保持一致。如果Notary已被弃用则不应再尝试启用它。如果您的Harbor版本仍然支持Notary并且您需要在Harbor中启用它那么您可能需要在安装或配置Harbor时添加--with-notary选项尽管这取决于您的Harbor版本。但是由于Notary需要HTTPS您还必须在harbor.yml中设置ui_url_protocol为https并提供有效的SSL证书ssl_cert和ssl_cert_key。 关于Trivy 如果您需要在Harbor中启用Trivy一个用于容器镜像的漏洞扫描器请在安装或配置Harbor时添加--with-trivy选项。 关于Chartmuseum 注意同样地根据Harbor的最新文档Chartmuseum可能已经被整合为Harbor的一个内置组件或者作为可选插件提供或者已经完全被另一个组件取代。请查阅您正在使用的Harbor版本的官方文档以获取准确信息。如果您的Harbor版本仍然支持Chartmuseum作为独立组件并且您需要在Harbor中启用它那么您可能需要在安装或配置Harbor时添加--with-chartmuseum选项。但是请注意如果Chartmuseum已被整合或取代则此选项可能不再有效。
这里我们需要Chartmuseum组件
[rootdocker-harbor harbor]# ./install.sh --with-chartmuseum[Step 0]: checking if docker is installed ...Note: docker version: 27.3.1[Step 1]: checking docker-compose is installed ...Note: Docker Compose version v2.29.7[Step 2]: loading Harbor images ...
......
......
......
[] Running 12/12✔ Network harbor_harbor-chartmuseum Created 0.1s✔ Network harbor_harbor Created 0.1s✔ Container harbor-log Started 0.4s✔ Container harbor-portal Started 1.4s✔ Container chartmuseum Started 1.1s✔ Container redis Started 1.5s✔ Container registry Started 1.4s✔ Container registryctl Started 1.2s✔ Container harbor-db Started 1.4s✔ Container harbor-core Started 1.8s✔ Container harbor-jobservice Started 2.3s✔ Container nginx Started 2.3s
✔ ----Harbor has been installed and started successfully.----[rootdocker-harbor harbor]# ls
common docker-compose.yml harbor.yml install.sh prepare
common.sh harbor.v2.5.4.tar.gz harbor.yml.tmpl LICENSE当执行完后我们发现出现了docker-compose.yml文件这时就可以使用docker compose工具管理harbor后台
[rootdocker-harbor harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.5.4 388b5ac2eed4 2 years ago 87.4MB
goharbor/chartmuseum-photon v2.5.4 e5134e6ca037 2 years ago 231MB
goharbor/redis-photon v2.5.4 c89d59625d5a 2 years ago 155MB
goharbor/trivy-adapter-photon v2.5.4 1142826e8329 2 years ago 251MB
goharbor/notary-server-photon v2.5.4 e542ccac08c2 2 years ago 112MB
goharbor/notary-signer-photon v2.5.4 65644cf6aaa1 2 years ago 109MB
goharbor/harbor-registryctl v2.5.4 984f0c8cd458 2 years ago 136MB
goharbor/registry-photon v2.5.4 5e2d95b5227f 2 years ago 78.1MB
goharbor/nginx-photon v2.5.4 0e682f78c76f 2 years ago 154MB
goharbor/harbor-log v2.5.4 1c30eb78ebc4 2 years ago 161MB
goharbor/harbor-jobservice v2.5.4 01ec4f1c5ddd 2 years ago 233MB
goharbor/harbor-core v2.5.4 fb4df7c64e84 2 years ago 208MB
goharbor/harbor-portal v2.5.4 bba3d21bc4b9 2 years ago 162MB
goharbor/harbor-db v2.5.4 76e7b3295f2b 2 years ago 225MB
goharbor/prepare v2.5.4 5582f3ef9fbe 2 years ago 163MB
[rootdocker-harbor harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9750c866f450 goharbor/nginx-photon:v2.5.4 nginx -g daemon of… About a minute ago Up About a minute (healthy) 0.0.0.0:80-8080/tcp, [::]:80-8080/tcp, 0.0.0.0:443-8443/tcp, [::]:443-8443/tcp nginx
7d2a693579de goharbor/harbor-jobservice:v2.5.4 /harbor/entrypoint.… About a minute ago Up About a minute (healthy) harbor-jobservice
569947c42e90 goharbor/harbor-core:v2.5.4 /harbor/entrypoint.… About a minute ago Up About a minute (healthy) harbor-core
8ef39f2a9087 goharbor/harbor-registryctl:v2.5.4 /home/harbor/start.… About a minute ago Up About a minute (healthy) registryctl
ce6c6ddef843 goharbor/chartmuseum-photon:v2.5.4 ./docker-entrypoint… About a minute ago Up About a minute (healthy) chartmuseum
f2aaf4d9bdda goharbor/registry-photon:v2.5.4 /home/harbor/entryp… About a minute ago Up About a minute (healthy) registry
2f9cb0b7d2d6 goharbor/redis-photon:v2.5.4 redis-server /etc/r… About a minute ago Up About a minute (healthy) redis
1de7bf425061 goharbor/harbor-db:v2.5.4 /docker-entrypoint.… About a minute ago Up About a minute (healthy) harbor-db
ee52470792cd goharbor/harbor-portal:v2.5.4 nginx -g daemon of… About a minute ago Up About a minute (healthy) harbor-portal
497e949edfa7 goharbor/harbor-log:v2.5.4 /bin/sh -c /usr/loc… About a minute ago Up About a minute (healthy) 127.0.0.1:1514-10514/tcp harbor-log此时容器会被自动开启
测试 新建一个项目 huazi项目中目前没有镜像 客户端配置harbor本地加速器
[rootdocker-harbor docker]# cd /etc/docker/
[rootdocker-harbor docker]# vim daemon.json
{registry-mirrors: [https://reg.huazi.com]
}[rootdocker-harbor docker]# systemctl restart docker客户端登录到harbor仓库
[rootdocker-harbor harbor]# docker login reg.huazi.com
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-storesLogin Succeeded上传镜像上传到reg.huazi.com网址中的huazi目录下
[rootdocker-harbor ~]# docker images
timinglee/mario latest 9a35a9e43e8c 9 years ago 198MB[rootdocker-harbor docker]# docker tag timinglee/mario:latest reg.huazi.com/huazi/mario[rootdocker-harbor ~]# docker images
timinglee/mario latest 9a35a9e43e8c 9 years ago 198MB
reg.huazi.com/huazi/mario latest 9a35a9e43e8c 9 years ago 198MB#上传成功
[rootdocker-harbor docker]# docker push reg.huazi.com/huazi/mario
Using default tag: latest
The push refers to repository [reg.huazi.com/huazi/mario]
5f70bf18a086: Pushed
44e5704d49fb: Pushed
dbe97b1b7330: Pushed
90222f49bc4c: Pushed
708fd576a927: Pushed
4aeeaca5ce76: Pushed
latest: digest: sha256:f4a933fb5a431e84e3d2623bfaa776c0d973d572b6db0a0b16dc243ffc7bcfa1 size: 2392在huazi目录下发现上传的镜像 上传镜像上传到reg.huazi.com网址中的library目录下
[rootdocker-harbor docker]# docker tag timinglee/mario:latest reg.huazi.com/library/chaojimali[rootdocker-harbor docker]# docker images
reg.huazi.com/library/chaojimali latest 9a35a9e43e8c 9 years ago 198MB#发现上传成功
[rootdocker-harbor docker]# docker push reg.huazi.com/library/chaojimali
Using default tag: latest
The push refers to repository [reg.huazi.com/library/chaojimali]
5f70bf18a086: Pushed
44e5704d49fb: Pushed
dbe97b1b7330: Pushed
90222f49bc4c: Pushed
708fd576a927: Pushed
4aeeaca5ce76: Pushed
latest: digest: sha256:f4a933fb5a431e84e3d2623bfaa776c0d973d572b6db0a0b16dc243ffc7bcfa1 size: 2392在library目录下发现上传的镜像
注意
在docker tag时harbor仓库网址名称和项目名称一定要正确否则上传会失败harbor仓库搭建成功后默认会有一个管理员账户admin
当删掉这个chaojimali镜像后重新拉取
[rootdocker-harbor docker]# docker rmi reg.huazi.com/library/chaojimali:latest
Untagged: reg.huazi.com/library/chaojimali:latest
Untagged: reg.huazi.com/library/chaojimalisha256:f4a933fb5a431e84e3d2623bfaa776c0d973d572b6db0a0b16dc243ffc7bcfa1[rootdocker-harbor docker]# docker pull chaojimali
Using default tag: latest
latest: Pulling from library/chaojimali
Digest: sha256:f4a933fb5a431e84e3d2623bfaa776c0d973d572b6db0a0b16dc243ffc7bcfa1
Status: Downloaded newer image for chaojimali:latest
docker.io/library/chaojimali:latest[rootdocker-harbor docker]# docker images
chaojimali latest 9a35a9e43e8c 9 years ago 198MB通过docker compose管理harbor
docker compose down停止并删除容器
[rootdocker-harbor harbor]# docker compose down
WARN[0000] /root/harbor/docker-compose.yml: the attribute version is obsolete, it will be ignored, please remove it to avoid potential confusion
[] Running 12/12✔ Container harbor-jobservice Removed 0.1s✔ Container chartmuseum Removed 0.1s✔ Container nginx Removed 0.2s✔ Container registryctl Removed 10.1s✔ Container harbor-portal Removed 0.1s✔ Container harbor-core Removed 0.1s✔ Container harbor-db Removed 0.1s✔ Container registry Removed 0.1s✔ Container redis Removed 0.2s✔ Container harbor-log Removed 10.1s✔ Network harbor_harbor Removed 0.1s✔ Network harbor_harbor-chartmuseum Removed 0.1sdocker compose up -d启动容器-d后台运行
[rootdocker-harbor harbor]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES[rootdocker-harbor harbor]# docker compose up -d
WARN[0000] /root/harbor/docker-compose.yml: the attribute version is obsolete, it will be ignored, please remove it to avoid potential confusion
[] Running 12/12✔ Network harbor_harbor-chartmuseum Created 0.1s✔ Network harbor_harbor Created 0.1s✔ Container harbor-log Started 0.3s✔ Container harbor-db Started 1.0s✔ Container chartmuseum Started 0.9s✔ Container registry Started 1.1s✔ Container registryctl Started 1.0s✔ Container harbor-portal Started 0.9s✔ Container redis Started 1.1s✔ Container harbor-core Started 1.4s✔ Container harbor-jobservice Started 1.7s✔ Container nginx Started 1.8s
[rootdocker-harbor harbor]#
[rootdocker-harbor harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
61e8a6e26ad5 goharbor/nginx-photon:v2.5.4 nginx -g daemon of… 19 seconds ago Up 17 seconds (health: starting) 0.0.0.0:80-8080/tcp, [::]:80-8080/tcp, 0.0.0.0:443-8443/tcp, [::]:443-8443/tcp nginx
fa10c0be1ad3 goharbor/harbor-jobservice:v2.5.4 /harbor/entrypoint.… 19 seconds ago Up 17 seconds (health: starting) harbor-jobservice
cbd69a01ce0d goharbor/harbor-core:v2.5.4 /harbor/entrypoint.… 19 seconds ago Up 18 seconds (health: starting) harbor-core
4352cec1c54b goharbor/harbor-registryctl:v2.5.4 /home/harbor/start.… 19 seconds ago Up 18 seconds (health: starting) registryctl
b4568f0c1d07 goharbor/chartmuseum-photon:v2.5.4 ./docker-entrypoint… 19 seconds ago Up 18 seconds (health: starting) chartmuseum
eed6568a9ea5 goharbor/redis-photon:v2.5.4 redis-server /etc/r… 19 seconds ago Up 18 seconds (health: starting) redis
ff667909ae29 goharbor/registry-photon:v2.5.4 /home/harbor/entryp… 19 seconds ago Up 18 seconds (health: starting) registry
132db9f5db03 goharbor/harbor-db:v2.5.4 /docker-entrypoint.… 19 seconds ago Up 18 seconds (health: starting) harbor-db
287bc1e29cdf goharbor/harbor-portal:v2.5.4 nginx -g daemon of… 19 seconds ago Up 18 seconds (health: starting) harbor-portal
255ae63496e6 goharbor/harbor-log:v2.5.4 /bin/sh -c /usr/loc… 19 seconds ago Up 19 seconds (health: starting) 127.0.0.1:1514-10514/tcp harbor-log
