Docker - 基于Harbor搭建Docker私有镜像仓库

简介

什么是Harbor

Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. A CNCF Incubating project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker.

Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器。

安装要求

目标主机需要Docker和Docker Compose才能安装Harbor

硬件要求

资源 最低要求 官方推荐
CPU 2 CPU 4 CPU
Mem 4 GB 8 GB
Disk 40 GB 160 GB

软件要求

软件 版本
Docker engine 17.06.0-ce 以上或者更高
Docker Compose 1.18.0 以上或者更高
Openssl 最新版优先

Openssl用于生成Harbor的证书和密钥

主机配置

Vagrantfile

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.require_version ">=1.6.0"
boxes = [
{
:name => "dk", #主机名
:eth1 => "192.168.22.22", #Ip
:mem => "4096", #内存
:cpu => "4" #核心数
}
]

Vagrant.configure("2") do |config|
config.vm.box = "centos-7.7"
config.disksize.size='40G'
boxes.each do |opts|
config.vm.define opts[:name] do |config|
config.vm.hostname = opts[:name]
config.vm.provider "virtualbox" do |v|
v.customize ["modifyvm", :id, "--memory", opts[:mem]]
v.customize ["modifyvm", :id, "--cpus", opts[:cpu]]
end
config.vm.network :private_network,ip: opts[:eth1]
end
end
# config.vm.network "public_network", ip: "192.168.10.11"
config.vm.provision "shell", privileged: true, path: "./config.sh"
config.vm.synced_folder "~/Share", "/home/vagrant/labs" #共享目录
end

安装过程

基础环境安装

Docker-ce

参考: https://developer.aliyun.com/mirror/docker-ce

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# step 1: 安装必要的一些系统工具
[root@dk ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
# Step 2: 添加软件源信息
[root@dk ~]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# Step 3: 更新并安装Docker-CE
[root@dk ~]# yum makecache fast
[root@dk ~]# yum -y install docker-ce
# Step 4: 配置Docker镜像加速
[root@dk ~]# mkdir -p /etc/docker
[root@dk ~]# tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://********.mirror.aliyuncs.com"]
}
EOF
[root@dk ~]# systemctl daemon-reload

# Step 5: 重启Docker服务
[root@dk ~]# systemctl restart docker

# 注意:
# 官方软件源默认启用了最新的软件,您可以通过编辑软件源的方式获取各个版本的软件包。例如官方并没有将测试版本的软件源置为可用,您可以通过以下方式开启。同理可以开启各种测试版本等。
# vim /etc/yum.repos.d/docker-ee.repo
# 将[docker-ce-test]下方的enabled=0修改为enabled=1
#
# 安装指定版本的Docker-CE:
# Step 1: 查找Docker-CE的版本:
# yum list docker-ce.x86_64 --showduplicates | sort -r
# Loading mirror speeds from cached hostfile
# Loaded plugins: branch, fastestmirror, langpacks
# docker-ce.x86_64 17.03.1.ce-1.el7.centos docker-ce-stable
# docker-ce.x86_64 17.03.1.ce-1.el7.centos @docker-ce-stable
# docker-ce.x86_64 17.03.0.ce-1.el7.centos docker-ce-stable
# Available Packages
# Step2: 安装指定版本的Docker-CE: (VERSION例如上面的17.03.0.ce.1-1.el7.centos)
# sudo yum -y install docker-ce-[VERSION]

验证:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@dk ~]# docker version
Client: Docker Engine - Community
Version: 19.03.5
API version: 1.40
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:25:41 2019
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 19.03.5
API version: 1.40 (minimum version 1.12)
Go version: go1.12.12
Git commit: 633a0ea
Built: Wed Nov 13 07:24:18 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683

Docker-Compose

参考:https://docs.docker.com/compose/install/

1
2
3
4
# step 1: 安装docker-compose
[root@dk ~]# curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
# step 2: 配置权限
[root@dk ~]# chmod +x /usr/local/bin/docker-compose

验证:

1
2
3
4
5
[root@dk ~]# docker-compose version
docker-compose version 1.25.0, build 0a186604
docker-py version: 4.1.0
CPython version: 3.7.4
OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019

安装Harbor

Harbor为我们提供了两种安装方式 Online(在线) 、Offline(离线),使用离线安装的方式需要从Github上下载相关的安装包 大约600M,速度非常慢,此处我们选择在线安装的方式,此处由于配置了镜像加速器的原因,相对于离线安装的方式会快很多。

下载安装

下载完成后解压此文件,会出现Harbor目录

1
[root@dk ~]# wget https://github.com/goharbor/harbor/releases/download/v1.9.3/harbor-online-installer-v1.9.3.tgz
1
2
3
4
5
[root@dk ~]# tar  -xvf harbor-online-installer-v1.9.3.tgz
harbor/prepare
harbor/LICENSE
harbor/install.sh
harbor/harbor.yml

修改配置

进入到Harbor目录中修改harbor.yml文件,配置如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
hostname: 192.168.22.22
http:
port: 8888
harbor_admin_password: root
database:
password: root
max_idle_conns: 50
max_open_conns: 100
data_volume: /data
clair:
updaters_interval: 12
jobservice:
max_job_workers: 10
notification:
webhook_job_max_retry: 10
chart:
absolute_url: disabled
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 1.9.0
proxy:
http_proxy:
https_proxy:
no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair
components:
- core
- jobservice
- clair

执行启动

进入到Harbor目录下,执行 ./prepare 确认无误后,在执行 ./install脚本

1
2
[root@dk ~]# ./prepare
[root@dk ~]# ./install

访问地址:

访问 harbor.yml中配置的hostname 即可以访问Harbor服务了

http://192.168.22.22:8888/

参考资料

Harbor官方网站: https://goharbor.io/

Harbor安装文档: https://github.com/goharbor/harbor/blob/master/docs/installation_guide.md