Harbor 镜像管理专家

Harbor是一个企业级的镜像管理仓库，是VMware主导的一个开源项目（github地址：https://github.com/vmware/harbor）。

 

 

Harbor提供了以下功能特性：

• Cloud native registry: With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.
• Role based access control: Users and repositories are organized via 'projects' and a user can have different permission for images under a project.
• Policy based image replication: Images can be replicated (synchronized) between multiple registry instances based on policies with multiple filters (repository, tag and label). Harbor will auto-retry to replicate if it encounters any errors. Great for load balancing, high availability, multi-datacenter, hybrid and multi-cloud scenarios.
• Vulnerability Scanning: Harbor scans images regularly and warns users of vulnerabilities.
• LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor and assigning proper project roles to them.
• Image deletion & garbage collection: Images can be deleted and their space can be recycled.
• Notary: Image authenticity can be ensured.
• Graphical user portal: User can easily browse, search repositories and manage projects.
• Auditing: All the operations to the repositories are tracked.
• RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems.
• Easy deployment: Provide both an online and offline installer.

 

部署要求

Harbor会被部署为多个Docker容器，因此可以被部署到任何支持Docker的发行版Linux上。

Hardware

Resource	Capacity	Description
CPU	minimal 2 CPU	4 CPU is prefered
Mem	minimal 4GB	8GB is prefered
Disk	minimal 40GB	160GB is prefered

Software

Software	Version	Description
Python	version 2.7 or higher	Note that you may have to install Python on Linux distributions (Gentoo, Arch) that do not come with a Python interpreter installed by default
Docker engine	version 1.10 or higher	For installation instructions, please refer to: https://docs.docker.com/engine/installation/
Docker Compose	version 1.6.0 or higher	For installation instructions, please refer to: https://docs.docker.com/compose/install/
Openssl	latest is prefered	Generate certificate and keys for Harbor

Network ports

Port	Protocol	Description
443	HTTPS	Harbor UI and API will accept requests on this port for https protocol
4443	HTTPS	Connections to the Docker Content Trust service for Harbor, only needed when Notary is enabled
80	HTTP	Harbor UI and API will accept requests on this port for http protocol

 

部署步骤

Install guide:
https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

Config https guide:
https://github.com/goharbor/harbor/blob/master/docs/configure_https.md

Download v1.5.3 link:
https://storage.googleapis.com/harbor-releases/harbor-offline-installer-v1.5.3.tgz


Config Harbor with Https
step 1, Create CA certificate:
    openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout ca.key \
    -x509 -days 365 -out ca.crt

step 2, Generate a Certificate Signing Request:
    openssl req \
    -newkey rsa:4096 -nodes -sha256 -keyout vmware-pso.com.key \
    -out vmware-pso.com.csr

    Note: If you use FQDN like reg.yourdomain.com to connect your registry host,
          then you must use reg.yourdomain.com as CN (Common Name).

step 3, Generate the Certificate of your registry host:
    openssl x509 -req \
    -days 356 -in vmware-pso.com.csr -CA ca.crt -CAkey ca.key \
    -CAcreateserial -out vmware-pso.com.crt


Install Harbor with Https
step 1, create harbor folder and copy file
    mkdir -p /data/app
    mkdir -p /data/cert
    tar -zxvf harbor.tar
    cp harbor /data/app
    cp vmware-pso.com.crt /data/cert
    cp vmware-pso.com.key /data/cert
    tar -zxvf harbor-offline-installer-v1.5.3.tgz -C /data/app/

step 2, config parameters in the file harbor.cfg
        hostname = harbor.vmware-pso.com
        ui_url_protocal = https
        customize_crt = on
        ssl_cert = /data/cert/vmware-pso.com.crt
        ssl_cert_key = /data/cert/vmware-pso.com.key
        secretkey_path = /data/
        db_password = Harbor12345

step 3, run install.sh
    # ./install.sh

    ...
    ✔ ----Harbor has been installed and started successfully.----

    Now you should be able to visit the admin portal at https://harbor.vmware-pso.com.
    For more details, please visit https://github.com/vmware/harbor .

step 4, change docker security
    add content to file /etc/docker/daemon.json
    {
        "insecure-registries": ["harbor.vmware-pso.com"]
    }

step 5, reload docker.service
    # systemctl daemon-reload
    # systemctl restart docker.service

step 6, login harbor
    url: https://harbor.vmware-pso.com
    username: admin         # default user
    password: Harbor12345   # default password

step 7, change image tag and push to harbor
    # docker tag k8s.gcr.io/metrics-server-amd64:v0.3.0 harbor.vmware-pso.com/library/metrics-server-adm64:v1
    # docker push harbor.vmware-pso.com/library/metrics-server-adm64:v1

step 8, list harbor status
    # cd /data/app/harbor/
    # docker-compose ps
           Name                     Command                  State                                    Ports
    -------------------------------------------------------------------------------------------------------------------------------------
    harbor-adminserver   /harbor/start.sh                 Up (healthy)
    harbor-db            /usr/local/bin/docker-entr ...   Up (healthy)   3306/tcp
    harbor-jobservice    /harbor/start.sh                 Up
    harbor-log           /bin/sh -c /usr/local/bin/ ...   Up (healthy)   127.0.0.1:1514->10514/tcp
    harbor-ui            /harbor/start.sh                 Up (healthy)
    nginx                nginx -g daemon off;             Up (healthy)   0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
    redis                docker-entrypoint.sh redis ...   Up             6379/tcp
    registry             /entrypoint.sh serve /etc/ ...   Up (healthy)   5000/tcp

step 9, stop and start harbor service
    # cd /data/app/harbor/
    # docker-compose stop
    Stopping nginx              ... done
    Stopping harbor-jobservice  ... done
    Stopping harbor-ui          ... done
    Stopping harbor-db          ... done
    Stopping registry           ... done
    Stopping harbor-adminserver ... done
    Stopping redis              ... done
    Stopping harbor-log         ... done

    # docker-compose start
    Starting log         ... done
    Starting redis       ... done
    Starting adminserver ... done
    Starting registry    ... done
    Starting ui          ... done
    Starting mysql       ... done
    Starting jobservice  ... done
    Starting proxy       ... done

 

 

参考文档：

https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md

转载于:https://www.cnblogs.com/vincenshen/p/9672915.html