Note/环境/安装教程/Harbor.md

239 lines
6.4 KiB
Markdown
Raw Normal View History

2024-01-12 10:13:34 +08:00
Harbor是一个开源的可信云原生注册表用于存储、签名和扫描内容。它为开源Docker发行版添加了安全、身份和管理等功能。
## 自动安装
```console
curl -LO https://raw.githubusercontent.com/bitnami/containers/main/bitnami/harbor-portal/docker-compose.yml
curl -L https://github.com/bitnami/containers/archive/main.tar.gz | tar xz --strip=2 containers-main/bitnami/harbor-portal && cp -RL harbor-portal/config . && rm -rf harbor-portal
docker-compose up
```
## 手动安装
### 1、下载安装包
```shell
wget https://github.com/goharbor/harbor/releases/download/v2.7.4/harbor-offline-installer-v2.7.4.tgz
```
### 2、解压安装包,进入目录并展示文件
```shell
tar -xvf harbor-offline-installer-v2.7.4.tar
cd harbor
ll
```
![image-20231208150823727](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702019310.png)
### 3、复制harbor.yml配置文件并编辑
```shell
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
```
### 4、编辑文件内容如图
![image-20231208151131781](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702019492.png)
### 5、启动项目
```shell
./install.sh
```
即可看到安装,等待安装完毕即可。
## 简单使用
首先进入页面输入上面设置的密码登录默认访问80端口ip:80
![image-20231208151408705](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702019649.png)
进入页面后新建一个项目例如 `public`
![image-20231208151853837](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702019934.png)
访问级别是公开存储限制为无限镜像代理可以去配置aliyun此代理是用户在harbor仓库中找不到对应镜像然后去代理仓库中查找镜像
![image-20231208152259575](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702020179.png)
打开另外一台服务器,配置`docker`镜像设置
```shell
sudo vim /etc/docker/daemon.json
```
将下面的内容复制进去(`<ip>`更换为上述`Harbor`服务器地址)
```xml
{
"registry-mirrors": [
"https://hub.docker.com",
"http://<ip>:80"
],
"insecure-registries" : [
"<ip>:80"
]
}
```
保存退出,然后重新加载配置启动`docker`
```shell
sudo systemctl daemon-reload
sudo systemctl restart docker
```
在本地镜像(下载了一个`redis`作为演示)打一个标签
```shell
#下载镜像
docker pull redis
#给镜像打标签
# redis:latest 被打标签的本地镜像
# <ip>:80/public/redis:v1新的标签名称
# <ip> 是指定的 IP 地址80 是端口号public/redis:v1 是新的标签。
docker tag redis:latest <ip>:80/public/redis:v1
#登录远程Harbor仓库
docker login -u <username> -p <password> http://<ip>:80
#推送镜像
docker push <ip>:80/public/redis:v1
```
![image-20231208154658318](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702021618.png)
在`Harbor`中就可以看到镜像了
2024-01-12 16:25:33 +08:00
![image-20231208230150057](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702047710.png)
```yaml
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
version: '2'
services:
registry:
image: docker.io/bitnami/harbor-registry:2
environment:
- REGISTRY_HTTP_SECRET=CHANGEME
volumes:
- registry_data:/storage
- ./config/registry/:/etc/registry/:ro
registryctl:
image: docker.io/bitnami/harbor-registryctl:2
environment:
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- REGISTRY_HTTP_SECRET=CHANGEME
volumes:
- registry_data:/storage
- ./config/registry/:/etc/registry/:ro
- ./config/registryctl/config.yml:/etc/registryctl/config.yml:ro
postgresql:
image: docker.io/bitnami/postgresql:13
container_name: harbor-db
environment:
- POSTGRESQL_PASSWORD=bitnami
- POSTGRESQL_DATABASE=registry
volumes:
- postgresql_data:/bitnami/postgresql
core:
image: docker.io/bitnami/harbor-core:2
container_name: harbor-core
depends_on:
- registry
environment:
- CORE_KEY=change-this-key
- _REDIS_URL_CORE=redis://redis:6379/0
- SYNC_REGISTRY=false
- CHART_CACHE_DRIVER=redis
- _REDIS_URL_REG=redis://redis:6379/1
- PORT=8080
- LOG_LEVEL=info
- EXT_ENDPOINT=http://reg.mydomain.com
- DATABASE_TYPE=postgresql
- REGISTRY_CONTROLLER_URL=http://registryctl:8080
- POSTGRESQL_HOST=postgresql
- POSTGRESQL_PORT=5432
- POSTGRESQL_DATABASE=registry
- POSTGRESQL_USERNAME=postgres
- POSTGRESQL_PASSWORD=bitnami
- POSTGRESQL_SSLMODE=disable
- REGISTRY_URL=http://registry:5000
- TOKEN_SERVICE_URL=http://core:8080/service/token
- HARBOR_ADMIN_PASSWORD=bitnami
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- ADMIRAL_URL=
- CORE_URL=http://core:8080
- JOBSERVICE_URL=http://jobservice:8080
- REGISTRY_STORAGE_PROVIDER_NAME=filesystem
- REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
- REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
- READ_ONLY=false
- RELOAD_KEY=
volumes:
- core_data:/data
- ./config/core/app.conf:/etc/core/app.conf:ro
- ./config/core/private_key.pem:/etc/core/private_key.pem:ro
portal:
image: docker.io/bitnami/harbor-portal:2
container_name: harbor-portal
depends_on:
- core
jobservice:
image: docker.io/bitnami/harbor-jobservice:2
container_name: harbor-jobservice
depends_on:
- redis
- core
environment:
- CORE_SECRET=CHANGEME
- JOBSERVICE_SECRET=CHANGEME
- CORE_URL=http://core:8080
- REGISTRY_CONTROLLER_URL=http://registryctl:8080
- REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
- REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
volumes:
- jobservice_data:/var/log/jobs
- ./config/jobservice/config.yml:/etc/jobservice/config.yml:ro
redis:
image: docker.io/bitnami/redis:7.0
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
harbor-nginx:
image: docker.io/bitnami/nginx:1.25
container_name: nginx
volumes:
- ./config/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro
ports:
- '80:8080'
depends_on:
- postgresql
- registry
- core
- portal
volumes:
registry_data:
driver: local
core_data:
driver: local
jobservice_data:
driver: local
postgresql_data:
driver: local
```