Harbor是一款开源的企业级Docker镜像仓库,支持基于角色的访问控制、镜像复制、图形化用户界面等功能。文章介绍了Harbor的特性,包括其对企业AD/LDAP的支持和审计管理,并提供了简单的部署指南,强调了docker-compose配置文件的注意事项。
Harbor简介
Harbor是一个企业级开源镜像仓库,也是首个加入 CNCF 且原创于中国的项目,时间于2018年8月。在2014年由VMware中国研发 中心内部立项和使用,并于2016年对社区开源。Harbor 项目扎根、成长和壮大于中国社区,在 CNCF 中是唯一原生支持中文的项目,深受中国用 户推崇和喜爱。
Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器。Harbor用于容器镜像管理,主要提供基于角色的镜像访问控 制、镜像复制、镜像漏洞分析、镜像验真和操作审计等功能。迄今为止,Harbor 在 GitHub 上已获得超过 4700+ 颗星。
- 基于角色的访问控制
用户与Docker镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限。
- 镜像复制
镜像可以在多个Registry实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景。
- 图形化用户界面
用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间。
- AD/LDAP 支持
Harbor可以集成企业内部已有的AD/LDAP,用于鉴权认证管理。
- 审计管理
所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
- 国际化
已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来。
- RESTful API
RESTful API 提供给管理员对于Harbor更多的操控, 使得与其它管理软件集成变得更容易。
- 部署简单
提供在线(online)和离线(offline)两种安装工具, 也可以安装到vSphere平台(OVA方式)虚拟设备
docker-compose
1.将下载好的docker-compose-Linux-x86_64-1.22.0 二进制文件移动到 /usr/local/bin/
mv docker-compose-Linux-x86_64-1.22.0 /usr/local/bin/
2.给docker-compose-Linux-x86_64-1.22.0做软链接
[root@server1 ~]# cd /usr/local/bin/
[root@server1 bin]# ln -s docker-compose-Linux-x86_64-1.22.0 docker-compose
[root@server1 bin]# ls
docker-compose docker-compose-Linux-x86_64-1.22.0
3.添加执行权限
[root@server1 bin]# chmod +x docker-compose-Linux-x86_64-1.22.0
[root@server1 bin]# ll
total 11476
lrwxrwxrwx 1 root root 34 Aug 5 09:08 docker-compose -> docker-compose-Linux-x86_64-1.22.0
-rwxr-xr-x 1 root root 11750136 Aug 5 09:07 docker-compose-Linux-x86_64-1.22.0
4.查看docker-compose版本
[root@server1 bin]# docker-compose --version
docker-compose version 1.22.0, build f46880fe
Harbor的搭建
1.获取harbor-offline-installer-v1.8.1.tgz
2.解压
tar zxf harbor-offline-installer-v1.8.1.tgz
[root@server1 ~]# ls
game2048.tar harbor harbor-offline-installer-v1.8.1.tgz registry.tar rhel7.tar ubuntu.tar
[root@server1 ~]# cd harbor/
[root@server1 harbor]# ls
harbor.v1.8.1.tar.gz harbor.yml install.sh LICENSE prepare
3.修改配置文件harbor.yml
##修改名称
5 hostname: westos.org
##注释http
7 ## http related config
8 #http:
9 # # port for http, default is 80. If https enabled, this port will redirect to https port
10 # port: 80
##打开https注释,并修改认证路径
!!!!一定要顶格
12 https related config
13 https:
14 # https port for harbor, default is 443
15 port: 443
16 # The path of cert and key files for nginx
17 certificate: /etc/docker/certs/westos.org.crt
18 private_key: /etc/docker/certs/westos.org.key
注意https的配置文件一定要顶格写
执行./install.sh,开始安装并启动
[root@server1 harbor]# ./install.sh
[Step 0]: checking installation environment ...
Note: docker version: 18.09.7
Note: docker-compose version: 1.22.0
[Step 1]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v1.8.1
Loaded image: goharbor/harbor-registryctl:v1.8.1
Loaded image: goharbor/redis-photon:v1.8.1
Loaded image: goharbor/notary-server-photon:v0.6.1-v1.8.1
Loaded image: goharbor/chartmuseum-photon:v0.8.1-v1.8.1
Loaded image: goharbor/harbor-db:v1.8.1
Loaded image: goharbor/harbor-jobservice:v1.8.1
Loaded image: goharbor/nginx-photon:v1.8.1
Loaded image: goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1
Loaded image: goharbor/harbor-migrator:v1.8.1
Loaded image: goharbor/prepare:v1.8.1
Loaded image: goharbor/harbor-portal:v1.8.1
Loaded image: goharbor/harbor-log:v1.8.1
Loaded image: goharbor/notary-signer-photon:v0.6.1-v1.8.1
Loaded image: goharbor/clair-photon:v2.0.8-v1.8.1
[Step 2]: preparing environment ...
prepare base dir is set to /root/harbor
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/cert/server.key
Clearing the configuration file: /config/cert/server.crt
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
[Step 3]: starting Harbor ...
Creating harbor-log ... done
Creating redis ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating registry ... done
Creating harbor-core ... done
Creating harbor-portal ... done
Creating harbor-jobservice ... done
Creating nginx ... done
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at https://westos.org.
For more details, please visit https://github.com/goharbor/harbor .
查看容器状态
[root@server1 harbor]# docker-compose ps
Name Command State Ports
------------------------------------------------------------------------------------------------
harbor-core /harbor/start.sh Up (healthy)
harbor-db /entrypoint.sh postgres Up (healthy) 5432/tcp
harbor-jobservice /harbor/start.sh Up
harbor-log /bin/sh -c /usr/local/bin/ Up (healthy) 127.0.0.1:1514->10514/tcp
...
harbor-portal nginx -g daemon off; Up (healthy) 80/tcp
nginx nginx -g daemon off; Up (healthy) 0.0.0.0:443->443/tcp,
0.0.0.0:80->80/tcp
redis docker-entrypoint.sh redis Up 6379/tcp
...
registry /entrypoint.sh /etc/regist Up (healthy) 5000/tcp
...
registryctl /harbor/start.sh Up (healthy) 真机做解析
使用默认登录名admin 密码:Harbor12345
扫一扫
3261
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
