安装部署
安装部署 docker
[root@harbor ~]# vim /etc/hosts192.168.1.30 harbor
# 安装部署 docker 及 compose 组件[root@harbor ~]# dnf install -y docker-ce docker-compose-plugin[root@harbor ~]# systemctl enable --now docker
- 拷贝 public/harbor-v2.7.0.tgz 到 harbor 主机
rsync -av public/harbor-v2.7.0.tgz 192.168.1.30:./
创建 https 证书
# 导入 harbor 项目镜像[root@harbor ~]# tar -zxf harbor-v2.7.0.tgz -C /usr/local/[root@harbor ~]# cd /usr/local/harbor[root@harbor harbor]# docker load -i harbor.v2.7.0.tar.gz# 创建 https 证书[root@harbor harbor]# mkdir tls[root@harbor harbor]# openssl genrsa -out tls/cert.key 2048[root@harbor harbor]# openssl req -new -x509 -days 3650 \ -key tls/cert.key -out tls/cert.crt \ -subj "/C=CN/ST=BJ/L=BJ/O=Tedu/OU=NSD/CN=harbor"
创建并启动项目
# 修改配置文件[root@harbor harbor]# cp harbor.yml.tmpl harbor.yml[root@harbor harbor]# vim harbor.yml05: hostname: harbor08: # http:10: # port: 8017: certificate: /usr/local/harbor/tls/cert.crt18: private_key: /usr/local/harbor/tls/cert.key34: harbor_admin_password: admin123
# 预安装环境检查,生成项目文件[root@harbor harbor]# /usr/local/harbor/prepare# 创建并启动项目[root@harbor harbor]# docker compose -f docker-compose.yml up -d# 添加开机自启动[root@harbor harbor]# chmod 0755 /etc/rc.d/rc.local[root@harbor harbor]# echo "/usr/bin/docker compose -p harbor start" >>/etc/rc.d/rc.local
# 查看项目[root@harbor harbor]# docker compose lsNAME STATUS CONFIG FILESharbor running(9) /usr/local/harbor/docker-compose.yml# 查看容器状态[root@harbor harbor]# docker compose -p harbor psNAME COMMAND SERVICE STATUSharbor-core "/harbor/entrypoint.…" core running (healthy)harbor-db "/docker-entrypoint.…" postgresql running (healthy)harbor-jobservice "/harbor/entrypoint.…" jobservice running (healthy)harbor-log "/bin/sh -c /usr/loc…" log running (healthy)harbor-portal "nginx -g 'daemon of…" portal running (healthy)nginx "nginx -g 'daemon of…" proxy running (healthy)redis "redis-server /etc/r…" redis running (healthy)registry "/home/harbor/entryp…" registry running (healthy)registryctl "/home/harbor/start.…" registryctl running (healthy)
- 通过 ELB 发布 harbor 服务,通过浏览器配置管理
harbor 管理
| 容器管理命令 | 说明 |
|---|
| docker login | 登录私有镜像仓库 |
| docker logout | 退出登录 |
登录私有仓库
# 添加主机配置[root@docker ~]# vim /etc/hosts192.168.1.30 harbor192.168.1.35 registry# 添加私有仓库配置[root@docker ~]# vim /etc/docker/daemon.json{ "registry-mirrors": ["https://harbor:443", "http://registry:5000"], "insecure-registries":["harbor:443", "registry:5000"]}[root@docker ~]# systemctl restart docker
# 登录 harbor 仓库[root@docker ~]# docker login harbor:443Username: luckPassword: ********... ...Login Succeeded# 认证信息记录文件[root@docker ~]# cat /root/.docker/config.json { "auths": { "harbor:443": { "auth": "bHVjazoqKioqKioqKg==" } }}# 退出登录[root@docker ~]# docker logout harbor:443Removing login credentials for harbor:443
上传镜像
# 设置标签[root@docker ~]# docker tag rockylinux:8.5 harbor:443/myimg/rockylinux:8.5# 没有登录上传失败[root@docker ~]# docker push harbor:443/myimg/rockylinux:8.565dbea0a4b39: Preparing unauthorized: unauthorized to access repository ......
# 登录成功后才可以上传[root@docker ~]# docker login harbor:443Username: luckPassword: ********
Login Succeeded# 上传成功[root@docker ~]# docker push harbor:443/myimg/rockylinux:8.5 The push refers to repository [harbor:443/myimg/rockylinux]......
# 设置标签[root@docker ~]# docker tag myos:latest harbor:443/library/myos:latest# 上传镜像到 library 项目,没有权限上传失败[root@docker ~]# docker push harbor:443/library/myos:latestThe push refers to repository [harbor:443/library/myos]65dbea0a4b39: Preparing unauthorized: unauthorized to access repository: ......
# 赋权后重新上传镜像[root@docker ~]# docker push harbor:443/library/myos:latestThe push refers to repository [harbor:443/library/myos]......
[root@docker ~]# docker tag myos:httpd harbor:443/myimg/httpd:latest[root@docker ~]# docker push harbor:443/myimg/httpd:latest[root@docker ~]# docker rmi harbor:443/myimg/httpd:latest[root@docker ~]# for i in 8.5 httpd nginx php-fpm latest;do docker tag myos:${i} harbor:443/library/myos:${i} docker push harbor:443/library/myos:${i} docker rmi myos:${i} harbor:443/library/myos:${i}