文章

Harbor

Harbor是一个开源的可信云原生注册表,用于存储、签名和扫描内容。它为开源Docker发行版添加了安全、身份和管理等功能。

自动安装

curl -LO https://raw.githubusercontent.com/bitnami/containers/main/bitnami/harbor-portal/docker-compose.yml

curl -L https://github.com/bitnami/containers/archive/main.tar.gz | tar xz --strip=2 containers-main/bitnami/harbor-portal && cp -RL harbor-portal/config . && rm -rf harbor-portal

docker-compose up

手动安装

1、下载安装包

wget https://github.com/goharbor/harbor/releases/download/v2.7.4/harbor-offline-installer-v2.7.4.tgz

2、解压安装包,进入目录并展示文件

tar -xvf harbor-offline-installer-v2.7.4.tar
cd harbor
ll

image-20231208150823727

3、复制harbor.yml配置文件并编辑

cp harbor.yml.tmpl harbor.yml
vim harbor.yml

4、编辑文件内容如图

image-20231208151131781

5、启动项目

./install.sh

即可看到安装,等待安装完毕即可。

简单使用

首先进入页面,输入上面设置的密码登录(默认访问80端口,ip:80)

image-20231208151408705

进入页面后新建一个项目例如 public

image-20231208151853837

访问级别是公开,存储限制为无限(镜像代理可以去配置aliyun,此代理是用户在harbor仓库中找不到,对应镜像,然后去代理仓库中查找镜像)

image-20231208152259575

打开另外一台服务器,配置docker镜像设置

sudo vim /etc/docker/daemon.json

将下面的内容复制进去(<ip>更换为上述Harbor服务器地址)

{
  "registry-mirrors": [
		"https://hub.docker.com",
    "http://<ip>:80"
  ],
  "insecure-registries" : [
    "<ip>:80"
  ]
}

保存退出,然后重新加载配置启动docker

sudo systemctl daemon-reload
sudo systemctl restart docker

在本地镜像(下载了一个redis作为演示)打一个标签

#下载镜像
docker pull redis

#给镜像打标签
# redis:latest 被打标签的本地镜像
# <ip>:80/public/redis:v1新的标签名称
# <ip> 是指定的 IP 地址,80 是端口号,public/redis:v1 是新的标签。
docker tag redis:latest <ip>:80/public/redis:v1


#登录远程Harbor仓库
docker login -u <username> -p <password> http://<ip>:80

#推送镜像
docker push <ip>:80/public/redis:v1

image-20231208154658318

Harbor中就可以看到镜像了

image-20231208230150057

# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0

version: '2'

services:
  registry:
    image: docker.io/bitnami/harbor-registry:2
    environment:
      - REGISTRY_HTTP_SECRET=CHANGEME
    volumes:
      - registry_data:/storage
      - ./config/registry/:/etc/registry/:ro
  registryctl:
    image: docker.io/bitnami/harbor-registryctl:2
    environment:
      - CORE_SECRET=CHANGEME
      - JOBSERVICE_SECRET=CHANGEME
      - REGISTRY_HTTP_SECRET=CHANGEME
    volumes:
      - registry_data:/storage
      - ./config/registry/:/etc/registry/:ro
      - ./config/registryctl/config.yml:/etc/registryctl/config.yml:ro
  postgresql:
    image: docker.io/bitnami/postgresql:13
    container_name: harbor-db
    environment:
      - POSTGRESQL_PASSWORD=bitnami
      - POSTGRESQL_DATABASE=registry
    volumes:
      - postgresql_data:/bitnami/postgresql
  core:
    image: docker.io/bitnami/harbor-core:2
    container_name: harbor-core
    depends_on:
      - registry
    environment:
      - CORE_KEY=change-this-key
      - _REDIS_URL_CORE=redis://redis:6379/0
      - SYNC_REGISTRY=false
      - CHART_CACHE_DRIVER=redis
      - _REDIS_URL_REG=redis://redis:6379/1
      - PORT=8080
      - LOG_LEVEL=info
      - EXT_ENDPOINT=http://reg.mydomain.com
      - DATABASE_TYPE=postgresql
      - REGISTRY_CONTROLLER_URL=http://registryctl:8080
      - POSTGRESQL_HOST=postgresql
      - POSTGRESQL_PORT=5432
      - POSTGRESQL_DATABASE=registry
      - POSTGRESQL_USERNAME=postgres
      - POSTGRESQL_PASSWORD=bitnami
      - POSTGRESQL_SSLMODE=disable
      - REGISTRY_URL=http://registry:5000
      - TOKEN_SERVICE_URL=http://core:8080/service/token
      - HARBOR_ADMIN_PASSWORD=bitnami
      - CORE_SECRET=CHANGEME
      - JOBSERVICE_SECRET=CHANGEME
      - ADMIRAL_URL=
      - CORE_URL=http://core:8080
      - JOBSERVICE_URL=http://jobservice:8080
      - REGISTRY_STORAGE_PROVIDER_NAME=filesystem
      - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
      - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
      - READ_ONLY=false
      - RELOAD_KEY=
    volumes:
      - core_data:/data
      - ./config/core/app.conf:/etc/core/app.conf:ro
      - ./config/core/private_key.pem:/etc/core/private_key.pem:ro
  portal:
    image: docker.io/bitnami/harbor-portal:2
    container_name: harbor-portal
    depends_on:
      - core
  jobservice:
    image: docker.io/bitnami/harbor-jobservice:2
    container_name: harbor-jobservice
    depends_on:
      - redis
      - core
    environment:
      - CORE_SECRET=CHANGEME
      - JOBSERVICE_SECRET=CHANGEME
      - CORE_URL=http://core:8080
      - REGISTRY_CONTROLLER_URL=http://registryctl:8080
      - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
      - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
    volumes:
      - jobservice_data:/var/log/jobs
      - ./config/jobservice/config.yml:/etc/jobservice/config.yml:ro
  redis:
    image: docker.io/bitnami/redis:7.0
    environment:
      # ALLOW_EMPTY_PASSWORD is recommended only for development.
      - ALLOW_EMPTY_PASSWORD=yes
  harbor-nginx:
    image: docker.io/bitnami/nginx:1.25
    container_name: nginx
    volumes:
      - ./config/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro
    ports:
      - '80:8080'
    depends_on:
      - postgresql
      - registry
      - core
      - portal
volumes:
  registry_data:
    driver: local
  core_data:
    driver: local
  jobservice_data:
    driver: local
  postgresql_data:
    driver: local

License:  CC BY 4.0