利用阿里云ECS部署自己的私有harbor镜像仓库

Posted 2021-08-10 大聪明Smart

文章目录

• 利用阿里云ECS部署自己的私有harbor镜像仓库
• • harbor简介
  • harbor的部署
  • • 安装依赖
    • • 安装docker
      • 安装docker-compose
    • 安装harbor
    • • harbor的一些镜像
    • 浏览器访问
    • 向harbor推送nginx镜像

利用阿里云ECS部署自己的私有harbor镜像仓库

harbor简介

• 虽然Docker官方提供了公共的镜像仓库，但是从安全和效率等方面考虑，部署我们私有环境内的Registry也是非常必要的。
• Harbor是由VMware公司开源的企业级的Docker Registry管理项目，相比docker官方拥有更丰富的权限权利和完善的架构设计，适用大规模docker集群部署提供仓库服务。
• 它主要提供 Dcoker Registry 管理界面UI，可基于角色访问控制,镜像复制， AD/LDAP 集成，日志审核等功能，完全的支持中文。
  

harbor的部署

安装依赖

harbor是依赖于docker和docker-compose的，所以先安装它俩

阿里云180端口放行

安装docker

# epel源
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum install epel-release -y
Repository epel is listed more than once in the configuration
Last metadata expiration check: 2:47:33 ago on Wed 16 Jun 2021 03:07:22 PM CST.
Package epel-release-8-10.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!


# 安装docker
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum install -y yum-utils
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum list docker-ce --showduplicate
Repository epel is listed more than once in the configuration
Docker CE Stable - x86_64                                                     78 kB/s |  14 kB     00:00    
Available Packages
docker-ce.x86_64                              3:19.03.13-3.el8                               docker-ce-stable
docker-ce.x86_64                              3:19.03.14-3.el8                               docker-ce-stable
docker-ce.x86_64                              3:19.03.15-3.el8                               docker-ce-stable
docker-ce.x86_64                              3:20.10.0-3.el8                                docker-ce-stable
docker-ce.x86_64                              3:20.10.1-3.el8                                docker-ce-stable
docker-ce.x86_64                              3:20.10.2-3.el8                                docker-ce-stable
docker-ce.x86_64                              3:20.10.3-3.el8                                docker-ce-stable
docker-ce.x86_64                              3:20.10.4-3.el8                                docker-ce-stable
docker-ce.x86_64                              3:20.10.5-3.el8                                docker-ce-stable
docker-ce.x86_64                              3:20.10.6-3.el8                                docker-ce-stable
docker-ce.x86_64                              3:20.10.7-3.el8                                docker-ce-stable
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# yum install docker-ce -y



# 开机自启动
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl enable docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.
# 启动docker
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl start docker
# 配置
[root@iZuf6g4e6vhdv58sz2z1klZ ~]#vi /etc/docker/daemon.json
{
	"graph": "/mydata/docker",
	"storage-driver": "overlay2",
	"insecure-registries": ["registry.access.redhat.com", "quay.io", "harbor.liboer.top"],  # 在此处让你的域名受信任，如果你配了ssl证书可以不用写
	"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com/"],
    "bip": "172.17.0.1/24",
    "exec-opts": ["native.cgroupdriver=systemd"],
    "live-restore":true
}

# 启动docker
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl daemon-reload
[root@iZuf6g4e6vhdv58sz2z1klZ ~]# systemctl restart docker

# 查看版本
docker --version

安装docker-compose

[root@aliyun ~]# curl -L https://github.com/docker/compose/releases/download/1.25.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   633  100   633    0     0   1128      0 --:--:-- --:--:-- --:--:--  1128
100 16.2M  100 16.2M    0     0   749k      0  0:00:22  0:00:22 --:--:-- 3145k
[root@aliyun ~]# chmod +x /usr/local/bin/docker-compose
[root@aliyun ~]# docker-compose --version
docker-compose version 1.25.0, build 0a186604

安装harbor

[root@hdss12-200 ~]# cd /opt
[root@hdss12-200 opt]# mkdir src
[root@hdss12-200 opt]# cd src
[root@hdss12-200 src]# wget https://github.com/goharbor/harbor/releases/download/v1.9.4/harbor-offline-installer-v1.9.4.tgz
[root@hdss12-200 src]# ls
harbor-offline-installer-v1.9.4.tgz
[root@hdss12-200 src]# tar xf harbor-offline-installer-v1.9.4.tgz -C /opt/
[root@hdss12-200 src]# cd /opt/
[root@hdss12-200 opt]# ll
total 0
drwxr-xr-x. 2 root root  71 Jun 19 02:20 certs
drwx--x--x. 4 root root  28 Jun 19 02:50 containerd
drwxr-xr-x  2 root root 100 Jun 19 04:26 harbor
drwxr-xr-x  2 root root  49 Jun 19 04:07 src
[root@hdss12-200 opt]# mv harbor /opt/harbor-v1.9.4
# 软连接
[root@hdss12-200 opt]# ln -s /opt/harbor-v1.9.4 /opt/harbor
[root@hdss12-200 opt]# ll
total 0
drwxr-xr-x. 2 root root  71 Jun 19 02:20 certs
drwx--x--x. 4 root root  28 Jun 19 02:50 containerd
lrwxrwxrwx  1 root root  18 Jun 19 04:27 harbor -> /opt/harbor-v1.9.4
drwxr-xr-x  2 root root 100 Jun 19 04:26 harbor-v1.9.4
drwxr-xr-x  2 root root  49 Jun 19 04:07 src
[root@hdss12-200 opt]# vim /opt/harbor/harbor.yml
hostname: harbor.liboer.top
http:
  port: 180
data_volume: /mydata/harbor
location: /mydata/harbor/logs
[root@hdss12-200 ~]# mkdir -p /mydata/harbor /mydata/harbor/logs
[root@hdss12-200 ~]# cd /opt/harbor/
[root@hdss12-200 ~]# systemctl restart  docker
[root@hdss12-200 harbor]# ./install.sh
[root@hdss12-200 harbor]# docker ps -a
[root@hdss12-200 harbor]# yum install nginx -y
# 在nginx上添加一个server
server {
    listen       80;
    server_name  harbor.liboer.top;
    
    client_max_body_size 1000m;

    location / {
        proxy_pass http://127.0.0.1:180;
    }
}

harbor的一些镜像

[root@aliyun harbor-v1.9.4]# docker ps -a
CONTAINER ID   IMAGE                                                    COMMAND                  CREATED          STATUS                     PORTS                                     NAMES
0e86a8db6253   goharbor/nginx-photon:v1.9.4                             "nginx -g 'daemon of…"   13 minutes ago   Up 13 minutes (healthy)    0.0.0.0:180->8080/tcp, :::180->8080/tcp   nginx
f5a364606d76   goharbor/harbor-jobservice:v1.9.4                        "/harbor/harbor_jobs…"   13 minutes ago   Up 13 minutes (healthy)                                              harbor-jobservice
972a7a00ffcf   goharbor/harbor-core:v1.9.4                              "/harbor/harbor_core"    13 minutes ago   Up 13 minutes (healthy)                                              harbor-core
d6d338f6ebd7   goharbor/registry-photon:v2.7.1-patch-2819-2553-v1.9.4   "/entrypoint.sh /etc…"   13 minutes ago   Up 13 minutes (healthy)    5000/tcp                                  registry
db6f600d19d5   goharbor/harbor-registryctl:v1.9.4                       "/harbor/start.sh"       13 minutes ago   Up 13 minutes (healthy)                                              registryctl
467f4455614a   goharbor/harbor-db:v1.9.4                                "/docker-entrypoint.…"   13 minutes ago   Up 13 minutes (healthy)    5432/tcp                                  harbor-db
e7bd7b41ca61   goharbor/harbor-portal:v1.9.4                            "nginx -g 'daemon of…"   13 minutes ago   Up 13 minutes (healthy)    8080/tcp                                  harbor-portal
02456f6a16ca   goharbor/redis-photon:v1.9.4                             "redis-server /etc/r…"   13 minutes ago   Up 13 minutes (healthy)    6379/tcp                                  redis
97075c4f04a7   goharbor/harbor-log:v1.9.4                               "/bin/sh -c /usr/loc…"   13 minutes ago   Up 13 minutes (healthy)    127.0.0.1:1514->10514/tcp                 harbor-log

浏览器访问

http://harbor.liboer.top

用户名：admin

密码：/opt/harbor/harbor.yml中你修改的密码

即可登入

向harbor推送nginx镜像

新建一个公共仓库public,然后像public推送镜像

 ~]# docker pull nginx:1.7.9
 ~]# docker tag nginx:1.7.9  harbor.liboer.top/public/nginx:v1.7.9
 ~]# docker login harbor.liboer.top
 ~]# docker push harbor.liboer.top/public/nginx:v1.7.9

此时查看你的harbor仓库，已经推送过来