Docker-compose私有镜像仓库Harbor(内置nginx)
Harbor介绍
Harbor 是为企业用户设计的开源镜像仓库项目,包括了权限管理(RBAC)、LDAP、审计、安全漏洞扫描、镜像验真、管理界面、自我注册、HA等企业必需的功能,同时针对中国用户的特点,设计镜像复制和中文支持等功能。
Harbor安装部署
可以准备台新的虚拟机:docker02 10.0.0.200 2核4G
# 1.harbor安装的环境要求
安装Harbor必须有docker环境和docker-compose环境
yum install -y docker-ce
yum install -y docker-compose
#参考文档
#https://github.com/goharbor/harbor/releases
# 2.解压harbor安装包
wget https://github.com/goharbor/harbor/releases/download/v2.11.2/harbor-offline-installer-v2.11.2.tgz
tar xf harbor-offline-installer-v2.11.2.tgz
[root@ceshi ~]$ ll harbor
总用量 616552
-rw-r--r-- 1 root root 3646 11月 14 14:50 common.sh
-rw-r--r-- 1 root root 631306450 11月 14 14:50 harbor.v2.11.2.tar.gz
-rw-r--r-- 1 root root 14270 11月 14 14:50 harbor.yml.tmpl
-rwxr-xr-x 1 root root 1975 11月 14 14:50 install.sh
-rw-r--r-- 1 root root 11347 11月 14 14:50 LICENSE
-rwxr-xr-x 1 root root 1882 11月 14 14:50 prepare
[root@ceshi ~]$
# harbor.yml //docker-compose的编排文件,有点像tower的Playbook
# 3.修改harbor配置
[root@docker02 ~/harbor]# vim harbor.yml
hostname: 10.0.0.200
harbor_admin_password: Harbor12345
# 4.执行安装脚本
[root@docker02 ~/harbor]# sh install.sh
[Step 1]: loading Harbor images ...
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
# 5.没启Docker,启下docker
[root@docker02 ~/harbor]# systemctl start docker
[root@ceshi ~/harbor]$ sh install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 26.1.4
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.27.1
[Step 2]: loading Harbor images ...
7e3e085aad00: Loading layer [==================================================>] 40.56MB/40.56MB
b7c5fb3793f7: Loading layer [==================================================>] 8.645MB/8.645MB
8699e44017ac: Loading layer [==================================================>] 4.096kB/4.096kB
5acf2113ede5: Loading layer [==================================================>] 3.072kB/3.072kB
5b27c976d4e4: Loading layer [==================================================>] 17.86MB/17.86MB
99dce882a0b7: Loading layer [==================================================>] 18.65MB/18.65MB
Loaded image: goharbor/registry-photon:v2.11.2
735708850366: Loading layer [==================================================>] 115.6MB/115.6MB
14d29efa6a3e: Loading layer [==================================================>] 6.703MB/6.703MB
3c01418d025f: Loading layer [==================================================>] 251.9kB/251.9kB
391e512c63f4: Loading layer [==================================================>] 1.477MB/1.477MB
Loaded image: goharbor/harbor-portal:v2.11.2
2c25bffefb46: Loading layer [==================================================>] 11.6MB/11.6MB
d53b6b501f40: Loading layer [==================================================>] 3.584kB/3.584kB
723ee3ad357e: Loading layer [==================================================>] 2.56kB/2.56kB
1d345de45454: Loading layer [==================================================>] 67.03MB/67.03MB
5ae1f905cf80: Loading layer [==================================================>] 5.632kB/5.632kB
5aacaf2bd0a6: Loading layer [==================================================>] 125.4kB/125.4kB
b41bbf91b8f8: Loading layer [==================================================>] 201.7kB/201.7kB
ccd95252247d: Loading layer [==================================================>] 68.15MB/68.15MB
35d4ae1c56b8: Loading layer [==================================================>] 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.11.2
25f6d303fc1c: Loading layer [==================================================>] 125.2MB/125.2MB
6a3e4e4a22f7: Loading layer [==================================================>] 3.584kB/3.584kB
2451c9db432c: Loading layer [==================================================>] 3.072kB/3.072kB
42be28bb03c4: Loading layer [==================================================>] 2.56kB/2.56kB
0d32464f8e56: Loading layer [==================================================>] 3.072kB/3.072kB
83fea3b73ca4: Loading layer [==================================================>] 3.584kB/3.584kB
84774a42cbee: Loading layer [==================================================>] 20.48kB/20.48kB
Loaded image: goharbor/harbor-log:v2.11.2
95fb141e4a22: Loading layer [==================================================>] 16.35MB/16.35MB
e7c0b354cb9b: Loading layer [==================================================>] 175MB/175MB
7b10d6a1815a: Loading layer [==================================================>] 26.1MB/26.1MB
74a898a79638: Loading layer [==================================================>] 18.44MB/18.44MB
931e5f3b6a94: Loading layer [==================================================>] 5.12kB/5.12kB
f4b563aea366: Loading layer [==================================================>] 6.144kB/6.144kB
2a1fb073de9b: Loading layer [==================================================>] 3.072kB/3.072kB
78383705f279: Loading layer [==================================================>] 2.048kB/2.048kB
a1e5fb322262: Loading layer [==================================================>] 2.56kB/2.56kB
958e977e7694: Loading layer [==================================================>] 7.68kB/7.68kB
Loaded image: goharbor/harbor-db:v2.11.2
87f25aec2a57: Loading layer [==================================================>] 11.6MB/11.6MB
c233354a43b9: Loading layer [==================================================>] 3.584kB/3.584kB
d49be8eb0188: Loading layer [==================================================>] 2.56kB/2.56kB
0b6ebe66006c: Loading layer [==================================================>] 54.2MB/54.2MB
f3d9d03f3291: Loading layer [==================================================>] 54.99MB/54.99MB
Loaded image: goharbor/harbor-jobservice:v2.11.2
f3516a4426ea: Loading layer [==================================================>] 8.645MB/8.645MB
e5ba977ab436: Loading layer [==================================================>] 4.096kB/4.096kB
ff84095a1129: Loading layer [==================================================>] 17.86MB/17.86MB
bf86942e0e5f: Loading layer [==================================================>] 3.072kB/3.072kB
5f4a426c3fc9: Loading layer [==================================================>] 38.78MB/38.78MB
151dd1100160: Loading layer [==================================================>] 57.42MB/57.42MB
Loaded image: goharbor/harbor-registryctl:v2.11.2
8d04e586bf47: Loading layer [==================================================>] 115.6MB/115.6MB
Loaded image: goharbor/nginx-photon:v2.11.2
23e78727ab4a: Loading layer [==================================================>] 9.137MB/9.137MB
8c28d2bfc282: Loading layer [==================================================>] 4.096kB/4.096kB
9ed1df8a63f5: Loading layer [==================================================>] 3.072kB/3.072kB
68142b296c5e: Loading layer [==================================================>] 133.8MB/133.8MB
235478fb591e: Loading layer [==================================================>] 14.89MB/14.89MB
82d21983f014: Loading layer [==================================================>] 149.5MB/149.5MB
Loaded image: goharbor/trivy-adapter-photon:v2.11.2
faebe453cc4b: Loading layer [==================================================>] 106.7MB/106.7MB
e8d8565c9983: Loading layer [==================================================>] 46.48MB/46.48MB
9c15ef707b0c: Loading layer [==================================================>] 13.86MB/13.86MB
771d6693db72: Loading layer [==================================================>] 66.05kB/66.05kB
7db7ce7738f9: Loading layer [==================================================>] 2.56kB/2.56kB
029c27b3f91b: Loading layer [==================================================>] 1.536kB/1.536kB
659dc40ce3b7: Loading layer [==================================================>] 12.29kB/12.29kB
ee793768fa5f: Loading layer [==================================================>] 2.746MB/2.746MB
c6844997789a: Loading layer [==================================================>] 492.5kB/492.5kB
Loaded image: goharbor/prepare:v2.11.2
6d23bb381515: Loading layer [==================================================>] 11.6MB/11.6MB
affe8930250d: Loading layer [==================================================>] 28.46MB/28.46MB
3c22ae1a8288: Loading layer [==================================================>] 4.608kB/4.608kB
77dcdafb6660: Loading layer [==================================================>] 29.25MB/29.25MB
Loaded image: goharbor/harbor-exporter:v2.11.2
809f11a2a8fa: Loading layer [==================================================>] 16.35MB/16.35MB
cd64e0c8c9c1: Loading layer [==================================================>] 110.6MB/110.6MB
b8a0c0f2e1cb: Loading layer [==================================================>] 3.072kB/3.072kB
4623c5b1c6fc: Loading layer [==================================================>] 59.9kB/59.9kB
ce9fdd61da0b: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.11.2
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete
[Step 5]: starting Harbor ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete
[+] Running 10/10
✔ Network harbor_harbor Created 0.1s
✔ Container harbor-log Started 0.4s
✔ Container redis Started 1.0s
✔ Container registry Started 1.0s
✔ Container registryctl Started 0.9s
✔ Container harbor-portal Started 1.0s
✔ Container harbor-db Started 0.9s
✔ Container harbor-core Started 1.3s
✔ Container harbor-jobservice Started 1.8s
✔ Container nginx Started 1.9s
✔ ----Harbor has been installed and started successfully.----
Now you should be able to visit the admin portal at http://10.0.0.200.
For more details, please visit https://github.com/goharbor/harbor .
# 6.浏览器访问http://10.0.0.130
用户名admin
密码Harbor12345
[root@docker02 ~]# docker images //看下,拉了一堆镜像,都是harbor要用的
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/chartmuseum-photon v0.9.0-v1.9.0 47c00be3913e 4 years ago 130MB
goharbor/harbor-migrator v1.9.0 9826462ead7c 4 years ago 363MB
goharbor/redis-photon v1.9.0 9796fe9032f1 4 years ago 108MB
...
[root@docker02 ~]# docker ps //也起了一堆容器,而且你重启docker后可以开容自启
...
[root@docker02 ~]# cd harbor //也多出来一些东西
[root@docker02 ~/harbor]# ll
total 605152
drwxr-xr-x 3 root root 20 Jan 3 14:15 common
-rw-r--r-- 1 root root 5285 Jan 3 14:15 docker-compose.yml #//这个就是harbor的docker-compose文件
-rw-r--r-- 1 root root 619632806 Sep 4 2019 harbor.v1.9.0.tar.gz
-rw-r--r-- 1 root root 5799 Jan 3 14:12 harbor.yml
-rwxr-xr-x 1 root root 5088 Sep 4 2019 install.sh
-rw-r--r-- 1 root root 11347 Sep 4 2019 LICENSE
-rwxr-xr-x 1 root root 1748 Sep 4 2019 prepare
# 重启机器后开启harbor的命令
[root@docker02 ~/harbor]# docker-compose up -d //在启动脚本里可以看到
在harbor中上传镜像
例:将上节docker01机器构建的镜像上传至harbor
# 1.修改镜像名称
# 查看镜像
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx c7_v3 b61e011c7a89 28 hours ago 289MB
# 给镜像改名(会生成一个新的镜像,与原镜像同一个ID,是一样的。原来的可以删掉)
[root@docker01 ~]# docker tag nginx:c7_v3 10.0.0.200/h5_games/nginx:c7_v3
[root@docker01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
10.0.0.200/h5_games/nginx c7_v3 88b3d5a6d73f 2 hours ago 289MB
nginx c7_v3 88b3d5a6d73f 2 hours ago 289MB
###命名规则###
照着上面截图命名即可:
harbor服务器地址/项目名称/镜像名称:标签
10.0.0.200/h5_games/nginx:c7_v3
# 2.修改docker配置文件,信任harbor仓库地址
[root@docker01 /etc/docker]# vim daemon.json
{
"bip": "192.168.10.1/24",
"registry-mirrors": ["https://pgz00k39.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.200"]
}
[root@docker01 ~]# systemctl restart docker
# 3.登录harbor
[root@docker01 ~]# docker login 10.0.0.200
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
# 4.推送镜像
[root@docker01 ~]# docker push 10.0.0.200/h5_games/nginx:c7_v3
The push refers to repository [10.0.0.200/h5_games/nginx]
cc5163efebe5: Pushed
dff3e2c393d5: Pushed
174f56854903: Pushed
c7_v3: digest: sha256:c1dd2312005598b49a1c2071ad86f45cd084eb46ffe3b2cc378417957f07fd1a size: 953
ps:每一层都有ID,其中有一个就是centos:7的层
拉取镜像到harbor本机
# 直接拉报错
[root@docker02 ~]# docker pull 10.0.0.200/app/web:v1
Error response from daemon: Get "https://10.0.0.200/v2/": dial tcp 10.0.0.200:443: connect: connection refused
[root@docker02 ~]# cd /etc/docker
[root@docker02 /etc/docker]# ll
total 0
[root@docker02 /etc/docker]# vim daemon.json
{
"bip": "192.168.10.1/24",
"registry-mirrors": ["https://pgz00k39.mirror.aliyuncs.com"],
"insecure-registries": ["http://10.0.0.200"]
}
[root@docker02 /etc/docker]# systemctl restart docker
[root@docker02 ~/harbor]# docker-compose up -d
# 要登录下才行
[root@docker02 ~/harbor]# docker login 10.0.0.200
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@docker02 ~/harbor]# docker pull 10.0.0.200/app/web:v1
部署harbor-exporter
1、添加harbor部署参数
cat <<'EOF' | sudo tee -a /etc/kubernetes/addons/harbor-value.yml
# harbor暴露metrics数据
metrics:
enabled: true
EOF
2、更新harbor
helm -n harbor upgrade harbor -f /etc/kubernetes/addons/harbor-value.yml /etc/kubernetes/addons/harbor
3、验证服务
$ kubectl -n harbor get pod
NAME READY STATUS RESTARTS AGE
harbor-core-655b8cdd5d-n7vbx 1/1 Running 0 71s
harbor-core-655b8cdd5d-pb896 1/1 Running 0 51s
harbor-exporter-5b789d5fb6-4dcr2 1/1 Running 0 71s
harbor-exporter-5b789d5fb6-6lzgf 1/1 Running 0 95s
harbor-jobservice-69c54699b9-8wlhw 1/1 Running 0 71s
harbor-jobservice-69c54699b9-tsbm7 1/1 Running 0 41s
harbor-portal-767957d4c6-ggrc2 1/1 Running 1 (168m ago) 29h
harbor-portal-767957d4c6-lkrsj 1/1 Running 1 (168m ago) 30h
harbor-registry-86b67f89fc-7w67v 2/2 Running 0 68s
harbor-registry-86b67f89fc-rbqtf 2/2 Running 0 71s
harbor-trivy-0 1/1 Running 1 (168m ago) 29h
harbor-trivy-1 1/1 Running 1 (168m ago) 30h
Prometheus采集harbor指标
1、Prometheus采集harbor数据
$ kubectl -n kube-system edit cm prometheus
- job_name: 'harbor-exporter'
scrape_interval: 15s
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_service_port_name]
action: keep
regex: harbor;harbor-exporter;http-metrics
- job_name: 'harbor-core'
scrape_interval: 15s
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_service_port_name]
action: keep
regex: harbor;harbor-core;http-metrics
- job_name: 'harbor-registry'
scrape_interval: 15s
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_service_port_name]
action: keep
regex: harbor;harbor-registry;http-metrics
- job_name: 'harbor-jobservice'
scrape_interval: 15s
kubernetes_sd_configs:
- role: service
relabel_configs:
- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name, __meta_kubernetes_service_port_name]
action: keep
regex: harbor;harbor-jobservice;http-metrics
2、验证是否采集成功
$ curl -s $(kubectl -n kube-system get svc prometheus -ojsonpath='{.spec.clusterIP}:{.spec.ports[0].port}')/prometheus/api/v1/query --data-urlencode 'query=up{job=~"harbor-.*"}' | jq '.data.result[] | {job: .metric.job, status: .value[1]}'
{
"job": "harbor-core",
"status": "1"
}
{
"job": "harbor-exporter",
"status": "1"
}
{
"job": "harbor-jobservice",
"status": "1"
}
{
"job": "harbor-registry",
"status": "1"
}
grafana添加Harbor监控面板
grafana上添加harbor_exporter官方面板地址:https://github.com/goharbor/harbor/blob/main/contrib/grafana-dashboard/metrics-example.json
优化参考连接
https://www.cnblogs.com/myzony/p/14229597.html
Harbor 密码重置
问题:
登陆账户信息:管理员账号:admin,密码:Harbor12345(生产环境必须修改)。登陆时报错了
用户或密码不正确
docker exec -it harbor-db /bin/bash
psql -h postgresql -d postgres -U postgres
#这要输入默认密码:root123 。
\c registry
select * from harbor_user;
update harbor_user set salt='', password='' where username='admin';
#重新启动Harbor私有镜像仓库后,密码就会自动重置为之前安装时配置的Harbor12345
\q
exit
#docker-compose down
#./prepare
#docker-compose up -d
评论区