docker 映象倉庫Harbor
企業級映象倉庫Harbor
Harbor概述
Habor是由VMWare公司開源的容器映象倉庫。事實上,Habor是在Docker Registry上進行了相應的
企業級擴充套件,從而獲得了更加廣泛的應用,這些新的企業級特性包括:管理使用者介面,基於角色的訪
問控制 ,AD/LDAP整合以及審計日誌等,足以滿足基本企業需求。
官方地址:https://vmware.github.io/harbor/cn/
安裝
1、解壓
[[email protected] tools]# tar xf harbor-offline-installer-v1.6.1.tgz
2、修改配置檔案(2個地方)
[
(1)hostname
hostname = 192.168.1.13
(2)密碼
harbor_admin_password = 123456
docker-compose:單機編排,批量管理多個容器
[[email protected] tools]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
[[email protected] tools]# chmod +x /usr/bin/docker-compose
執行:
[[email protected]harbor]# ./prepare Generated and saved secret to file: /data/secretkey Generated configuration file: ./common/config/nginx/nginx.conf Generated configuration file: ./common/config/adminserver/env Generated configuration file: ./common/config/ui/env Generated configuration file: ./common/config/registry/config.yml Generated configuration file: ./common/config/db/env Generated configuration file: ./common/config/jobservice/env Generated configuration file: ./common/config/jobservice/config.yml Generated configuration file: ./common/config/log/logrotate.conf Generated configuration file: ./common/config/registryctl/env Generated configuration file: ./common/config/ui/app.conf Generated certificate, key file: ./common/config/ui/private_key.pem, cert file: ./common/config/registry/root.crt The configuration files are ready, please use docker-compose to start the service.
安裝:
[[email protected] harbor]# ./install.sh
啟動:
[[email protected] harbor]# docker-compose up -d
檢視狀態(up狀態就可以訪問了):
訪問:
http://192.168.1.13/harbor/sign-in
使用者名稱:admin 密碼:123456
新建使用者(密碼滿足複雜性):
講使用者賦予哪個專案許可權
以下是公開的專案,任意下載,但是上傳需要使用者登入
指定使用者
將構建的映象都上傳到這個專案中:
[[email protected] harbor]# docker tag tomcat:v8.5.32 192.168.1.13/library/tomcat:v8.5.32
需要新增可信任,因為是http訪問
[[email protected] harbor]# vi /etc/docker/daemon.json
{"registry-mirrors": ["http://f1361db2.m.daocloud.io"],
"insecure-registries":["192.168.1.13"]
}
重啟docker才生效
[[email protected] harbor]# systemctl restart docker
[[email protected] harbor]# docker-compose up -d
需要登入才能把映象推入到倉庫
[[email protected] harbor]# docker login 192.168.1.13
Username: jacker
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
把映象推送到倉庫
[[email protected] harbor]# docker push 192.168.1.13/library/tomcat:v8.5.32
推入成功:
推入nginx:
[[email protected] harbor]# docker tag nginx:v1.15 192.168.1.13/library/nginx:v1.15
[[email protected] harbor]# docker push 192.168.1.13/library/nginx:v1.15
推入php:
[[email protected] harbor]# docker tag php:v5.6.32 192.168.1.13/library/php:v5.6.32
[[email protected] harbor]# docker push 192.168.1.13/library/php:v5.6.32
總結:
1、配置http映象倉庫可信任
vi /etc/docker/daemon.json
{"insecure-registries":["reg.ctnrs.com"]}
systemctl restart docker
2、打標籤
docker tag centos:6 reg.ctnrs.com/library/centos:6
3、上傳
docker push reg.ctnrs.com/library/centos:6
4、下載
docker pull reg.ctnrs.com/library/centos:6
