Dokcer Operation and Maintenance-Harbor Private Warehouse Actual Combat

Dokcer Operation and Maintenance-Harbor Private Warehouse Actual Combat

1. Harbor overview

Harbor can provide a visual web management interface, which can facilitate the management of Docker images, and provides mirror rights management and control functions for multiple projects

Advantages of Harbor

  1. Role-based control : There are administrators and ordinary users, and ordinary users can be empowered. For example, they can only upload and download, and can operate and manage according to the project.
  2. Mirror-based replication strategy : also related to permissions, for example, only some users and groups can perform corresponding operations on this project
  3. Support LDAP/AD : domain control, such as Nanjing to download
    the mirror image of Beijing harbor private warehouse, the two ends are marked with the address of the local area network, and they are connected together. The transmission of data information will pass through a tunnel with two layers of encryption. The first layer is tunnel encryption. , The second layer is data encryption, safe and reliable
  4. Image deletion and garbage collection : the recycle bin mechanism
  5. Graphical UI : with statistical functions, such as traffic and mirror download popularity
  6. Auditing : Logs are of little significance here, mainly relying on ELK
  7. RESTful API : Defines the format of the Web language specification, which is convenient to call Harbor's interface, and is also convenient for secondary development

2. The core components of Harbor

1.Proxy

A front-end reverse proxy uniformly receives
requests from browsers and Docker clients , and forwards the requests to different back-end services.
This is a reverse proxy component

2.Registry

Responsible for storing Docker images and
processing docker push/pull commands to upload and download

3.Core services

The core functions of Harbor, including UI, webhook, token service

webhook: some service functions of the website

token: token, providing authentication service

4.Database

Provide database services for core services. Database
record mirroring meta-information and user identity information

5.Log collector

Responsible for collecting logs of other components for analysis,
health checks, etc.

3. Harobor Private Warehouse Actual Combat

HostIP addressSoftware package
server192.168.0.100docker-ce, docker-compose, harbor
Client192.168.0.200docker-ce

① Environmental configuration

Install Docker-CE [ both are required ]
Install Docker-Compose [server]

curl -L https://get.daocloud.io/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose 
docker-compose --version

② Deploy harbor

Harbor official download address

#将文件上传并解压至
tar -zxvf harbor-offline-installer-v2.2.2.tgz -C /usr/local

cd /usr/local/harbor

#配置参数
mv harbor.yml.tmpl harbor.yml
vim harbor.yml
#旧版本文件名harbor.cfg
#vim harbor.cfg

hostname = 192.168.0.100
#用于访问用户界面和register服务,指向目标IP或域名,注,这里不要使用localhost或127.0.0.1
#https
  #port:443
#将https注释掉,新版如果不填写ssl_cert(证书的路径)就会安装报错

#开始安装harbor
./install.sh 

③ Check Harbor status

docker images
docker ps -a


④ New project for testing

Server test

Visit the Harbor site:http://192.168.0.100

Account : admin
Password : Harbor12345




Operation in Harbor server console

#登录账户
docker login -u admin -p Harbor12345 http://127.0.0.1
docker pull cirros
#打标签
docker tag cirros:latest 127.0.0.1/hellocat/cirros:cat
#上传至harbor
docker push 127.0.0.1/hellocat/cirros:cat

Return to the page site to view the project


Client test

#修改Docker配置
vim /usr/lib/systemd/system/docker.service

ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry 192.168.0.100 --containerd=/run/containerd/containerd.sock

systemctl daemon-reload
systemctl restart docker

docker login -u admin -p Harbor12345 http://192.168.0.100

docker pull cirros
#打标签
docker tag cirros:latest 192.168.0.100/hellocat/cirros:dog
#上传至harbor
docker push 192.168.0.100/hellocat/cirros:dog