Harbor
Harbor是一个开源的可信云原生注册表,用于存储、签名和扫描内容。它为开源Docker发行版添加了安全、身份和管理等功能。
自动安装
curl -LO https://raw.githubusercontent.com/bitnami/containers/main/bitnami/harbor-portal/docker-compose.yml
curl -L https://github.com/bitnami/containers/archive/main.tar.gz | tar xz --strip=2 containers-main/bitnami/harbor-portal && cp -RL harbor-portal/config . && rm -rf harbor-portal
docker-compose up
手动安装
1、下载安装包
wget https://github.com/goharbor/harbor/releases/download/v2.7.4/harbor-offline-installer-v2.7.4.tgz
2、解压安装包,进入目录并展示文件
tar -xvf harbor-offline-installer-v2.7.4.tar
cd harbor
ll
3、复制harbor.yml配置文件并编辑
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
4、编辑文件内容如图
5、启动项目
./install.sh
即可看到安装,等待安装完毕即可。
简单使用
首先进入页面,输入上面设置的密码登录(默认访问80端口,ip:80)
进入页面后新建一个项目例如 public
访问级别是公开,存储限制为无限(镜像代理可以去配置aliyun,此代理是用户在harbor仓库中找不到,对应镜像,然后去代理仓库中查找镜像)
打开另外一台服务器,配置docker
镜像设置
sudo vim /etc/docker/daemon.json
将下面的内容复制进去(<ip>
更换为上述Harbor
服务器地址)
{
"registry-mirrors": [
"https://hub.docker.com",
"http://<ip>:80"
],
"insecure-registries" : [
"<ip>:80"
]
}
保存退出,然后重新加载配置启动docker
sudo systemctl daemon-reload
sudo systemctl restart docker
在本地镜像(下载了一个redis
作为演示)打一个标签
#下载镜像
docker pull redis
#给镜像打标签
# redis:latest 被打标签的本地镜像
# <ip>:80/public/redis:v1新的标签名称
# <ip> 是指定的 IP 地址,80 是端口号,public/redis:v1 是新的标签。
docker tag redis:latest <ip>:80/public/redis:v1
#登录远程Harbor仓库
docker login -u <username> -p <password> http://<ip>:80
#推送镜像
docker push <ip>:80/public/redis:v1
在Harbor
中就可以看到镜像了
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
version: '2'
services:
registry:
image: docker.io/bitnami/harbor-registry:2
environment:
- REGISTRY_HTTP_SECRET=CHANGEME
volumes:
- registry_data:/storage
- ./config/registry/:/etc/registry/:ro
registryctl:
image: docker.io/bitnami/harbor-registryctl:2
environment:
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- REGISTRY_HTTP_SECRET=CHANGEME
volumes:
- registry_data:/storage
- ./config/registry/:/etc/registry/:ro
- ./config/registryctl/config.yml:/etc/registryctl/config.yml:ro
postgresql:
image: docker.io/bitnami/postgresql:13
container_name: harbor-db
environment:
- POSTGRESQL_PASSWORD=bitnami
- POSTGRESQL_DATABASE=registry
volumes:
- postgresql_data:/bitnami/postgresql
core:
image: docker.io/bitnami/harbor-core:2
container_name: harbor-core
depends_on:
- registry
environment:
- CORE_KEY=change-this-key
- _REDIS_URL_CORE=redis://redis:6379/0
- SYNC_REGISTRY=false
- CHART_CACHE_DRIVER=redis
- _REDIS_URL_REG=redis://redis:6379/1
- PORT=8080
- LOG_LEVEL=info
- EXT_ENDPOINT=http://reg.mydomain.com
- DATABASE_TYPE=postgresql
- REGISTRY_CONTROLLER_URL=http://registryctl:8080
- POSTGRESQL_HOST=postgresql
- POSTGRESQL_PORT=5432
- POSTGRESQL_DATABASE=registry
- POSTGRESQL_USERNAME=postgres
- POSTGRESQL_PASSWORD=bitnami
- POSTGRESQL_SSLMODE=disable
- REGISTRY_URL=http://registry:5000
- TOKEN_SERVICE_URL=http://core:8080/service/token
- HARBOR_ADMIN_PASSWORD=bitnami
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- ADMIRAL_URL=
- CORE_URL=http://core:8080
- JOBSERVICE_URL=http://jobservice:8080
- REGISTRY_STORAGE_PROVIDER_NAME=filesystem
- REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
- REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
- READ_ONLY=false
- RELOAD_KEY=
volumes:
- core_data:/data
- ./config/core/app.conf:/etc/core/app.conf:ro
- ./config/core/private_key.pem:/etc/core/private_key.pem:ro
portal:
image: docker.io/bitnami/harbor-portal:2
container_name: harbor-portal
depends_on:
- core
jobservice:
image: docker.io/bitnami/harbor-jobservice:2
container_name: harbor-jobservice
depends_on:
- redis
- core
environment:
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- CORE_URL=http://core:8080
- REGISTRY_CONTROLLER_URL=http://registryctl:8080
- REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
- REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
volumes:
- jobservice_data:/var/log/jobs
- ./config/jobservice/config.yml:/etc/jobservice/config.yml:ro
redis:
image: docker.io/bitnami/redis:7.0
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
harbor-nginx:
image: docker.io/bitnami/nginx:1.25
container_name: nginx
volumes:
- ./config/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro
ports:
- '80:8080'
depends_on:
- postgresql
- registry
- core
- portal
volumes:
registry_data:
driver: local
core_data:
driver: local
jobservice_data:
driver: local
postgresql_data:
driver: local
License:
CC BY 4.0