本文主要是介绍使用 Docker 搭建企业级私有仓库HARBOR,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
目录
1 HARBOR 的获取
1.1 下载软件包地址
1.2 HARBOR 的介绍
2 部署harbor
2.1 仓库端操作
2.1.1 修改harbor配置文件
2.1.2 生成服务端的证书与秘钥
2.1.3 管理HARBOR
2.1.4 查看是否运行
2.2 客户端操作
2.2.1 证书拷贝给客户端
2.2.2 环境配置
2.2.3 批量读取本地镜像
2.2.4 批量打标签
2.2.5 批量上传打过标签的镜像
2.2.6 删除打过标签的镜像
3 编写自动化上传脚本
1 HARBOR 的获取
1.1 下载软件包地址
Releases · goharbor/harbor (github.com)
https://github.com/goharbor/harbor/releases
1.2 HARBOR 的介绍
Harbor 是由vmware公司开源的企业级 Docker Registry 项目。
它提供了以下主要功能和特点:
1. 基于角色的访问控制(RBAC):可以为不同的用户和用户组分配不同的权限,增强了安全性和管理的灵活性。
2. 镜像复制:支持在不同的 Harbor 实例之间复制镜像,方便在多个数据中心或环境中分发镜像。
3. 图形化用户界面(UI):提供了直观的 Web 界面,便于管理镜像仓库、项目、用户等。
4. 审计日志:记录了对镜像仓库的各种操作,有助于追踪和审查活动。
5. 垃圾回收:可以清理不再使用的镜像,节省存储空间。
2 部署harbor
2.1 仓库端操作
2.1.1 修改harbor配置文件
[root@complete ~]# tar xzf harbor-offline-installer-v2.11.1.tgz
[root@complete ~]# ls
公共 视频 文档 音乐 anaconda-ks.cfg certs harbor-offline-installer-v2.11.1.tgz
模板 图片 下载 桌面 busybox-latest.tar.gz harbor script[root@complete ~]# cd harbor/
[root@complete harbor]# cp harbor.yml.tmpl harbor.yml# 打开yml管理文件修改以下参数
[root@complete harbor]# vim harbor.ymlharbor_admin_password: 123456 # 设置管理员密码
hostname: reg.shuyan.com # 设置本机主机名certificate: /data/certs/shuyan.crt # 证书地址private_key: /data/certs/shuyan.key # 私钥地址2.1.2 生成服务端的证书与秘钥
[root@complete harbor]# mkdir /data/certs -p
[root@complete ~]# openssl req -newkey rsa:4096 \
-nodes -sha256 -keyout /data/certs/shuyan.key \
-addext "subjectAltName = DNS:reg.shuyan.com" \
-x509 -days 365 -out /data/certs/shuyan.crt
.......+.........+.........+..+.+.....+....+.....+.........+.......+..+...+....+.....+....+.....+....+......+..+...+.+...+..+.+..+......+......+...+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..+.......+........+......+..........+..+.........+..........+..................+......+..+...+.........+......+.......+..+.......+......+.....+....+.....+.+............+......+..............+......+............+.......+.....+.......+.....+..........+...........+.........................+............+..+...+...+.............+....................+.+..............+....+........+...+.+...+........+...+...................+.....+.......+..................+..+...............+.+.........+.....+......+...+..........+............+.....+.........+...+...............+.+.........+.......................+...+.......+.........+......+.....+...+....+........+.........+...+......................+......+.......................+.........+......+.......+.....+.......+..+.+..................+.................+...+.+.....................+..+.+.....+......+...+............+.+...+...........+.+..+.+...............+.....+..........+......+...+......+.....+.+...........+..........+..+...+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+...+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+++++++++++++++++++++++++++++++++++++++++++...+......+...............+.+...............+..............+.+.....+......+...............+.............+.........+........+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:guangxi
Locality Name (eg, city) [Default City]:wu'zhou
Organization Name (eg, company) [Default Company Ltd]:docker
Organizational Unit Name (eg, section) []:shuyan
Common Name (eg, your name or your server's hostname) []:reg.shuyan.com
Email Address []:admin@shuayn.com2.1.3 管理HARBOR
管理harbor的容器:
[root@rockynode-1 harbor]# docker compose stop
[root@rockynode-1 harbor]# docker compose up -d
2.1.4 查看是否运行
[root@complete harbor]# docker compose -f /root/harbor/docker-compose.yml ps
WARN[0000] /root/harbor/docker-compose.yml: the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
harbor-core goharbor/harbor-core:v2.11.1 "/harbor/entrypoint.…" core 4 hours ago Up 4 hours (healthy)
harbor-db goharbor/harbor-db:v2.11.1 "/docker-entrypoint.…" postgresql 4 hours ago Up 4 hours (healthy)
harbor-jobservice goharbor/harbor-jobservice:v2.11.1 "/harbor/entrypoint.…" jobservice 4 hours ago Up 4 hours (healthy)
harbor-log goharbor/harbor-log:v2.11.1 "/bin/sh -c /usr/loc…" log 4 hours ago Up 4 hours (healthy) 127.0.0.1:1514->10514/tcp
harbor-portal goharbor/harbor-portal:v2.11.1 "nginx -g 'daemon of…" portal 4 hours ago Up 4 hours (healthy)
nginx goharbor/nginx-photon:v2.11.1 "nginx -g 'daemon of…" proxy 4 hours ago Up 4 hours (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp
redis goharbor/redis-photon:v2.11.1 "redis-server /etc/r…" redis 4 hours ago Up 4 hours (healthy)
registry goharbor/registry-photon:v2.11.1 "/home/harbor/entryp…" registry 4 hours ago Up 4 hours (healthy)
registryctl goharbor/harbor-registryctl:v2.11.1 "/home/harbor/start.…" registryctl 4 hours ago Up 4 hours (healthy)
其中library为默认的仓库,在里面的镜像不需要指定仓库名拉取镜像
2.2 客户端操作
2.2.1 证书拷贝给客户端
[root@complete harbor]# scp /data/certs/shuyan.crt root@192.168.239.10:~2.2.2 环境配置
# 删除原有的镜像
[root@rockynode-1 ~]# docker rmi `docker images | awk 'BEGIN{FS=" "} {if(NR>1)print $3}'`[root@rockynode-1 ~]# mkdir -p /etc/docker/certs.d/reg.shuyan.com/
[root@rockynode-1 ~]# cp shuyan.crt /etc/docker/certs.d/reg.shuyan.com/[root@rockynode-1 ~]# systemctl restart docker# 增加客户端的域名解析
[root@rockynode-1 ~]# vim /etc/hosts
192.168.239.20 reg.shuyan.com
2.2.3 批量读取本地镜像
# 批量读取镜像[root@rockynode-1 docker-page]# ls
busybox-latest.tar.gz game2048.tar.gz mario.tar.gz nginx-latest.tar.gz ubuntu-latest.tar.gz
centos-7.tar.gz haproxy-2.3.tar.gz mysql-5.7.tar.gz phpmyadmin-latest.tar.gz
debian11.tar.gz harbor-offline-installer-v2.5.4.tgz nginx-1.23.tar.gz registry.tag.gz[root@rockynode-1 docker-page]# for i in `ls`;do docker load -i $i;done[root@rockynode-1 docker-page]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 5ef79149e0ec 2 weeks ago 188MB
phpmyadmin latest 2b39e17532a1 2 weeks ago 562MB
ubuntu latest edbfe74c41f8 4 weeks ago 78.1MB
mysql 5.7 5107333e08a8 8 months ago 501MB
registry latest cfb4d9904335 11 months ago 25.4MB
nginx 1.23 a7be6198544f 15 months ago 142MB
busybox latest 65ad0d468eb1 15 months ago 4.26MB
haproxy 2.3 7ecd3fda00f4 2 years ago 99.4MB
centos 7 eeb6ee3f44bd 2 years ago 204MB
timinglee/game2048 latest 19299002fdbe 7 years ago 55.5MB
timinglee/mario latest 9a35a9e43e8c 9 years ago 198MB
gcr.io/distroless/base-debian11 latest 2a6de77407bf N/A 20.6MB2.2.4 批量打标签
[root@rockynode-1 ~]# docker images | awk '{if(NR>1) system("docker tag "$1":"$2" reg.shuyan.com/library/"$1":"$2"")}'# 查看所有镜像
[root@rockynode-1 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 5ef79149e0ec 2 weeks ago 188MB
reg.shuyan.com/library/nginx latest 5ef79149e0ec 2 weeks ago 188MB
phpmyadmin latest 2b39e17532a1 2 weeks ago 562MB
reg.shuyan.com/library/phpmyadmin latest 2b39e17532a1 2 weeks ago 562MB
ubuntu latest edbfe74c41f8 4 weeks ago 78.1MB
reg.shuyan.com/library/ubuntu latest edbfe74c41f8 4 weeks ago 78.1MB
mysql 5.7 5107333e08a8 8 months ago 501MB
reg.shuyan.com/library/mysql 5.7 5107333e08a8 8 months ago 501MB
registry latest cfb4d9904335 11 months ago 25.4MB
reg.shuyan.com/library/registry latest cfb4d9904335 11 months ago 25.4MB
nginx 1.23 a7be6198544f 15 months ago 142MB
reg.shuyan.com/library/nginx 1.23 a7be6198544f 15 months ago 142MB
busybox latest 65ad0d468eb1 15 months ago 4.26MB
reg.shuyan.com/library/busybox latest 65ad0d468eb1 15 months ago 4.26MB
haproxy 2.3 7ecd3fda00f4 2 years ago 99.4MB
reg.shuyan.com/library/haproxy 2.3 7ecd3fda00f4 2 years ago 99.4MB
centos 7 eeb6ee3f44bd 2 years ago 204MB
reg.shuyan.com/library/centos 7 eeb6ee3f44bd 2 years ago 204MB
timinglee/game2048 latest 19299002fdbe 7 years ago 55.5MB
reg.shuyan.com/library/timinglee/game2048 latest 19299002fdbe 7 years ago 55.5MB
timinglee/mario latest 9a35a9e43e8c 9 years ago 198MB
reg.shuyan.com/library/timinglee/mario latest 9a35a9e43e8c 9 years ago 198MB
gcr.io/distroless/base-debian11 latest 2a6de77407bf N/A 20.6MB
reg.shuyan.com/library/gcr.io/distroless/base-debian11 latest 2a6de77407bf N/A 20.6MB# 查看打过标签的镜像
[root@rockynode-1 ~]# docker images | awk '/reg.shuyan.com/{print $1":"$2}'
reg.shuyan.com/library/nginx:latest
reg.shuyan.com/library/phpmyadmin:latest
reg.shuyan.com/library/ubuntu:latest
reg.shuyan.com/library/mysql:5.7
reg.shuyan.com/library/registry:latest
reg.shuyan.com/library/nginx:1.23
reg.shuyan.com/library/busybox:latest
reg.shuyan.com/library/haproxy:2.3
reg.shuyan.com/library/centos:7
reg.shuyan.com/library/timinglee/game2048:latest
reg.shuyan.com/library/timinglee/mario:latest
reg.shuyan.com/library/gcr.io/distroless/base-debian11:latest2.2.5 批量上传打过标签的镜像
# 将标签赋值给变量~]# reg_shuyan=$(docker images | awk -v store="$store" \
> -v ip="$hub_ip" '$1 ~ ip "/"store"/" {print $1":"$2}')# 遍历变量批量上传~]# for i in $reg_shuyan
> do
> docker push $i
> done2.2.6 删除打过标签的镜像
~]# docker images | awk '$1 ~ /reg\.shuyan\.com/ {print $1":"$2}'3 编写自动化上传脚本
# 演示
[root@rockynode-1 ~]# reg_shuyan=$(docker images | awk '/reg.shuyan.com/{print $1":"$2}')
[root@rockynode-1 ~]# echo -e "$reg_shuyan"
reg.shuyan.com/library/nginx:latest
reg.shuyan.com/library/phpmyadmin:latest
reg.shuyan.com/library/ubuntu:latest
reg.shuyan.com/library/mysql:5.7
reg.shuyan.com/library/registry:latest
reg.shuyan.com/library/nginx:1.23
reg.shuyan.com/library/busybox:latest
reg.shuyan.com/library/haproxy:2.3
reg.shuyan.com/library/centos:7
reg.shuyan.com/library/timinglee/game2048:latest
reg.shuyan.com/library/timinglee/mario:latest
reg.shuyan.com/library/gcr.io/distroless/base-debian11:latest[root@rockynode-1 script]# vim hub.sh#!/bin/bashhub_ip=reg.shuyan.com
store=shuyan
docker images | awk -v ip="$hub_ip" -v store="$store" 'NR > 1 {system("docker tag " $1 ":" $2 " " ip "/"store"/" $1 ":" $2)
}'reg_shuyan=$(docker images | awk -v store="$store" -v ip="$hub_ip" '$1 ~ ip "/"store"/" {print $1":"$2}')for i in $reg_shuyan; dodocker push $i
donedocker rmi $(docker images | awk -v ip="$hub_ip" -v store="$store" '$1 ~ ip "/"store"/" {print $1":"$2}')这篇关于使用 Docker 搭建企业级私有仓库HARBOR的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
