docker 镜像仓库Harbor
企业级镜像仓库HarborHarbor概述
Habor是由VMWare公司开源的容器镜像仓库。事实上,Habor是在Docker Registry上进行了相应的
企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的访
问控制 ,AD/LDAP集成以及审计日志等,足以满足基本企业需求。
官方地址:https://vmware.github.io/harbor/cn/
http://i2.运维网.com/images/blog/201811/27/7aed213fd4a040a229cb7fd0ef404bee.png
安装
1、解压
# tar xf harbor-offline-installer-v1.6.1.tgz
2、修改配置文件(2个地方)
# vi harbor.cfg
(1)hostname
hostname = 192.168.1.13
(2)密码
harbor_admin_password = 123456
docker-compose:单机编排,批量管理多个容器
# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
# chmod +x /usr/bin/docker-compose
执行:
# ./prepare
Generated and saved secret to file: /data/secretkey
Generated configuration file: ./common/config/nginx/nginx.conf
Generated configuration file: ./common/config/adminserver/env
Generated configuration file: ./common/config/ui/env
Generated configuration file: ./common/config/registry/config.yml
Generated configuration file: ./common/config/db/env
Generated configuration file: ./common/config/jobservice/env
Generated configuration file: ./common/config/jobservice/config.yml
Generated configuration file: ./common/config/log/logrotate.conf
Generated configuration file: ./common/config/registryctl/env
Generated configuration file: ./common/config/ui/app.conf
Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt
The configuration files are ready, please use docker-compose to start the service.
安装:
# ./install.sh
http://i2.运维网.com/images/blog/201811/27/2e5a9df7f6b6be01c19aae4119802d04.png
启动:
# docker-compose up -d
查看状态(up状态就可以访问了):
http://i2.运维网.com/images/blog/201811/27/681e23a092e125955481bec86465888d.png
访问:
http://192.168.1.13/harbor/sign-in
用户名:admin 密码:123456
http://i2.运维网.com/images/blog/201811/27/2b572066aafa753b6c8c5d7a1e9d32fd.png
新建用户(密码满足复杂性):
http://i2.运维网.com/images/blog/201811/27/1f6868355ab728b65228e4c8050a5014.png
讲用户赋予哪个项目权限
以下是公开的项目,任意下载,但是上传需要用户登录
http://i2.运维网.com/images/blog/201811/27/c8d685ebb587ac4f80c1c593b93f3464.png
指定用户
http://i2.运维网.com/images/blog/201811/27/1a95e3d09fedcb02d25f8ae48549bed5.png
将构建的镜像都上传到这个项目中:
# docker tag tomcat:v8.5.32 192.168.1.13/library/tomcat:v8.5.32
需要添加可信任,因为是http访问
# vi /etc/docker/daemon.json
{"registry-mirrors": ["http://f1361db2.m.daocloud.io"],
"insecure-registries":["192.168.1.13"]
}
重启docker才生效
# systemctl restart docker
# docker-compose up -d
如果将192.168.1.13的镜像推送到192.168.1.25的镜像仓库中
1、需要在192.168.1.13上设置:
vi /etc/docker/daemon.json
{"registry-mirrors": ["http://f1361db2.m.daocloud.io"],
"insecure-registries":["192.168.1.25"]
}
2、重启docker
3、# docker login 192.168.1.25
Username: admin
# docker tag tomcat:v8.5.32 192.168.1.25/java/tomcat:v8.5.32
# docker push 192.168.1.25/java/tomcat:v8.5.32
需要登录才能把镜像推入到仓库
# docker login 192.168.1.13
Username: jacker
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
把镜像推送到仓库
# docker push 192.168.1.13/library/tomcat:v8.5.32
推入成功:
http://i2.运维网.com/images/blog/201811/27/a6222824cef3d646c7816da07052dab7.png
推入nginx:
# docker tag nginx:v1.15 192.168.1.13/library/nginx:v1.15
# docker push 192.168.1.13/library/nginx:v1.15
推入php:
# docker tag php:v5.6.32 192.168.1.13/library/php:v5.6.32
# docker push 192.168.1.13/library/php:v5.6.32
总结:
1、配置http镜像仓库可信任
vi /etc/docker/daemon.json
{"insecure-registries":["reg.ctnrs.com"]}
systemctl restart docker
2、打标签
docker tag centos:6 reg.ctnrs.com/library/centos:6
3、上传
docker push reg.ctnrs.com/library/centos:6
4、下载
docker pull reg.ctnrs.com/library/centos:6
http://i2.运维网.com/images/blog/201811/27/29c693f410de01e3073a1b1b5b9609ad.png
页:
[1]