10分钟自建企业级Docker镜像仓库!这个开源项目太顶了!
> SpringBoot实战电商项目mall(40k+star)地址:[github.com/macrozheng/…](https://github.com/macrozheng/mall)
摘要
--
平时经常用Docker来部署各种环境,发现从DockerHub上下载镜像有时候比较慢。第三方的镜像还可以使用一些国内的镜像仓库来加速,如果我们自己构建的镜像那就不行了。这时候搭建一个私有的镜像仓库很有必要,最近发现Harbor这个企业级镜像仓库,非常好用且功能强大,推荐给大家!
Harbor简介
--------
Harbor是一款开源的Docker镜像仓库服务,在Github上目前有13.4k+Star。提供了基于角色的镜像访问机制,可以保护你的镜像安全。
安装
--
> 学习开源项目的第一步,一般都是把它运行起来,我们先来把Harbor运行起来吧!
* 下载Harbor安装包,这里下载的是`v1.10.6`离线版本,下载地址:https://github.com/goharbor/harbor/releases
![](18307A0371F2D3FE272DD36D7AFDD5AA.png)
* 下载完成后上传到Linux服务器,使用如下命令解压;
tar xvf harbor-offline-installer-v1.10.6.tgz
复制代码
- 解压完成后,所有文件内容如下;
[root@linux-local harbor]\# ll
total 700260
drwxr-xr-x. 3 root root 20 Dec 2 11:18 common
-rw-r--r--. 1 root root 3398 Nov 17 11:58 common.sh
-rw-r--r--. 1 root root 5348 Dec 2 14:41 docker-compose.yml
-rw-r--r--. 1 root root 717021676 Nov 17 11:59 harbor.v1.10.6.tar.gz
-rw-r--r--. 1 root root 5882 Dec 2 11:21 harbor.yml
-rwxr-xr-x. 1 root root 2284 Nov 17 11:58 install.sh
-rw-r--r--. 1 root root 11347 Nov 17 11:58 LICENSE
-rwxr-xr-x. 1 root root 1749 Nov 17 11:58 prepare
复制代码
- 修改Harbor的配置文件
harbor.yml
,修改hostname
,并注释掉https
配置,相关属性说明参考注释即可;
\# 指定Harbor的管理界面及镜像仓库访问地址
hostname: 192.168.3.101
\# http相关配置
http:
\# http端口,如果配置了https,默认使用https
port: 80
\# https相关配置
\#https:
\# \# https端口
\# port: 443
\# \# 指定Habor中Nginx的https的证书和私钥地址
\# certificate: /your/certificate/path
\# private\_key: /your/private/key/path
\# Harbor默认管理员账号admin的密码
harbor\_admin\_password: Harbor12345
\# Harbor内置PostgreSQL数据库配置
database:
\# root用户密码
password: root123
\# 最大空闲连接数,小于等于0表示无空闲连接
max\_idle\_conns: 50
\# 最大连接数,小于等于0表示无限制
max\_open\_conns: 100
\# 默认数据目录
data\_volume: /data
\# Clair configuration
clair:
\# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
updaters\_interval: 12
jobservice:
\# Maximum number of job workers in job service
max\_job\_workers: 10
notification:
\# Maximum retry count for webhook job
webhook\_job\_max\_retry: 10
chart:
\# Change the value of absolute\_url to enabled can enable absolute url in chart
absolute\_url: disabled
\# 日志配置
log:
\# 日志级别配置: debug, info, warning, error, fatal
level: info
\# 日志本地存储策略
local:
\# 日志文件滚动数量,超过该数量会删除日志文件
rotate\_count: 50
\# 日志滚动大小,超过该大小会生成新的日志文件
rotate\_size: 200M
\# 日志存储路径
location: /var/log/harbor
\# This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
\_version: 1.10.0
\# Configure proxies to be used by Clair, the replication jobservice, and Harbor. Leave blank if no proxies are required.
proxy:
http\_proxy:
https\_proxy:
\# no\_proxy endpoints will appended to 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server
no\_proxy:
components:
- core
- jobservice
- clair
复制代码
- 使用
install.sh
脚本安装Harbor:
./install.sh
复制代码
- Harbor启动成功后会输出如下信息,这里需要注意的是Harbor会启动Nginx、Redis之类的容器,以前创建过的需要先删除掉,看到
started successfully
就表示启动成功了;
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.5
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.24.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-migrator:v1.10.6
Loaded image: goharbor/harbor-core:v1.10.6
Loaded image: goharbor/harbor-db:v1.10.6
Loaded image: goharbor/harbor-registryctl:v1.10.6
Loaded image: goharbor/nginx-photon:v1.10.6
Loaded image: goharbor/clair-photon:v1.10.6
Loaded image: goharbor/clair-adapter-photon:v1.10.6
Loaded image: goharbor/harbor-portal:v1.10.6
Loaded image: goharbor/harbor-log:v1.10.6
Loaded image: goharbor/registry-photon:v1.10.6
Loaded image: goharbor/notary-signer-photon:v1.10.6
Loaded image: goharbor/harbor-jobservice:v1.10.6
Loaded image: goharbor/redis-photon:v1.10.6
Loaded image: goharbor/prepare:v1.10.6
Loaded image: goharbor/notary-server-photon:v1.10.6
Loaded image: goharbor/chartmuseum-photon:v1.10.6
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /mydata/harbor/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping redis ... done
Stopping registryctl ... done
Stopping registry ... done
Stopping harbor-db ... done
Stopping harbor-portal ... done
Stopping harbor-log ... done
Removing harbor-jobservice ... done
Removing harbor-core ... done
Removing redis ... done
Removing registryctl ... done
Removing registry ... done
Removing harbor-db ... done
Removing harbor-portal ... done
Removing harbor-log ... done
Removing network harbor_harbor
[Step 5]: starting Harbor ...
Creating network "harbor\_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating registry ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating redis ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
复制代码
- 我们可以使用
docker images
命令查看下安装Harbor安装的Docker镜像,还挺多的;
REPOSITORY TAG IMAGE ID CREATED SIZE latest dc3bacd8b5ea 8 days ago 1.23MB
goharbor/chartmuseum-photon v1.10.6 01b70eccaf71 2 weeks ago 178MB
goharbor/harbor-migrator v1.10.6 a5d4a4ee44e4 2 weeks ago 356MB
goharbor/redis-photon v1.10.6 99e25b65195c 2 weeks ago 132MB
goharbor/clair-adapter-photon v1.10.6 aa72598ecc12 2 weeks ago 61.3MB
goharbor/clair-photon v1.10.6 da1b03030e34 2 weeks ago 171MB
goharbor/notary-server-photon v1.10.6 37c8bed3e255 2 weeks ago 142MB
goharbor/notary-signer-photon v1.10.6 c56d82220929 2 weeks ago 139MB
goharbor/harbor-registryctl v1.10.6 1d3986d90c65 2 weeks ago 101MB
goharbor/registry-photon v1.10.6 3e669c8204ed 2 weeks ago 83.7MB
goharbor/nginx-photon v1.10.6 a39d8dd46060 2 weeks ago 43.7MB
goharbor/harbor-log v1.10.6 1085d3865a57 2 weeks ago 106MB
goharbor/harbor-jobservice v1.10.6 aa05538acecf 2 weeks ago 143MB
goharbor/harbor-core v1.10.6 193e76e6be5d 2 weeks ago 129MB
goharbor/harbor-portal v1.10.6 942a9c448850 2 weeks ago 51.8MB
goharbor/harbor-db v1.10.6 37da2e5414ae 2 weeks ago 170MB
goharbor/prepare v1.10.6 35f073e33ec5 2 weeks ago 177MB
复制代码
- 访问Harbor的管理界面,输入账号密码
admin:Harbor12345
登录即可,访问地址:http://192.168.3.101/
![](0014150B8EF3B04291D635328F2838FA.png)
使用
接下来我们就可以使用Harbor来管理我们的镜像了。
* 首先点击`新建项目`按钮,新建一个项目:
![](79F1909FF6CE0F8B998EA5C6E1D21B0D.png)
* 这里新建一个叫做`test`的私有项目;
![](A1149DF1DF109D01B00F9814160DDAF4.png)
- 由于
docker login
命令默认不支持http访问,所以我们需要手动开启,使用Vim编辑器修改docker的配置文件daemon.json
;
vi /etc/docker/daemon.json
复制代码
- 添加一行
insecure-registries
配置即可,允许使用非安全方式访问Harbor镜像仓库,注意不要少了端口号80