摘要
平時經(jīng)常用Docker來部署各種環(huán)境,發(fā)現(xiàn)從DockerHub上下載鏡像有時候比較慢。第三方的鏡像還可以使用一些國內(nèi)的鏡像倉庫來加速,如果我們自己構(gòu)建的鏡像那就不行了。這時候搭建一個私有的鏡像倉庫很有必要,最近發(fā)現(xiàn)Harbor這個企業(yè)級鏡像倉庫,非常好用且功能強大,推薦給大家!
Harbor簡介
Harbor是一款開源的Docker鏡像倉庫服務(wù),在Github上目前有13.4k+Star。提供了基于角色的鏡像訪問機制,可以保護你的鏡像安全。
安裝
學習開源項目的第一步,一般都是把它運行起來,我們先來把Harbor運行起來吧!
- 下載Harbor安裝包,這里下載的是v1.10.6離線版本,下載地址:https://github.com/goharbor/harbor/releases
- 下載完成后上傳到linux服務(wù)器,使用如下命令解壓;
tar xvf harbor-offline-installer-v1.10.6.tgz
復制代碼
- 解壓完成后,所有文件內(nèi)容如下;
[root@linux-local harbor]# ll
total 700260
drwxr-xr-x. 3 root root 20 Dec 2 11:18 common
-rw-r--r--. 1 root root 3398 Nov 17 11:58 common.sh
-rw-r--r--. 1 root root 5348 Dec 2 14:41 docker-compose.yml
-rw-r--r--. 1 root root 717021676 Nov 17 11:59 harbor.v1.10.6.tar.gz
-rw-r--r--. 1 root root 5882 Dec 2 11:21 harbor.yml
-rwxr-xr-x. 1 root root 2284 Nov 17 11:58 install.sh
-rw-r--r--. 1 root root 11347 Nov 17 11:58 LICENSE
-rwxr-xr-x. 1 root root 1749 Nov 17 11:58 prepare
復制代碼
- 修改Harbor的配置文件harbor.yml,修改hostname,并注釋掉https配置,相關(guān)屬性說明參考注釋即可;
# 指定Harbor的管理界面及鏡像倉庫訪問地址
hostname: 192.168.3.101
# http相關(guān)配置
http:
# http端口,如果配置了https,默認使用https
port: 80
# https相關(guān)配置
#https:
# # https端口
# port: 443
# # 指定Habor中Nginx的https的證書和私鑰地址
# certificate: /your/certificate/path
# private_key: /your/private/key/path
# Harbor默認管理員賬號admin的密碼
harbor_admin_password: Harbor12345
# Harbor內(nèi)置PostgreSQL數(shù)據(jù)庫配置
database:
# root用戶密碼
password: root123
# 最大空閑連接數(shù),小于等于0表示無空閑連接
max_idle_conns: 50
# 最大連接數(shù),小于等于0表示無限制
max_open_conns: 100
# 默認數(shù)據(jù)目錄
data_volume: /data
# Clair configuration
clair:
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
updaters_interval: 12
jobservice:
# Maximum number of job workers in job service
max_job_workers: 10
notification:
# Maximum retry count for webhook job
webhook_job_max_retry: 10
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
# 日志配置
log:
# 日志級別配置: debug, info, warning, error, fatal
level: info
# 日志本地存儲策略
local:
# 日志文件滾動數(shù)量,超過該數(shù)量會刪除日志文件
rotate_count: 50
# 日志滾動大小,超過該大小會生成新的日志文件
rotate_size: 200M
# 日志存儲路徑
location: /var/log/harbor
# This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 1.10.0
# Configure proxies to be used by Clair, the replication jobservice, and Harbor. Leave blank if no proxies are required.
proxy:
http_proxy:
https_proxy:
# no_proxy endpoints will Appended to 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server
no_proxy:
components:
- core
- jobservice
- clair
復制代碼
- 使用install.sh腳本安裝Harbor:
./install.sh
復制代碼
- Harbor啟動成功后會輸出如下信息,這里需要注意的是Harbor會啟動Nginx、Redis之類的容器,以前創(chuàng)建過的需要先刪除掉,看到started successfully就表示啟動成功了;
[Step 0]: checking if docker is installed ...
Note: docker version: 19.03.5
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.24.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-migrator:v1.10.6
Loaded image: goharbor/harbor-core:v1.10.6
Loaded image: goharbor/harbor-db:v1.10.6
Loaded image: goharbor/harbor-registryctl:v1.10.6
Loaded image: goharbor/nginx-photon:v1.10.6
Loaded image: goharbor/clair-photon:v1.10.6
Loaded image: goharbor/clair-adapter-photon:v1.10.6
Loaded image: goharbor/harbor-portal:v1.10.6
Loaded image: goharbor/harbor-log:v1.10.6
Loaded image: goharbor/registry-photon:v1.10.6
Loaded image: goharbor/notary-signer-photon:v1.10.6
Loaded image: goharbor/harbor-jobservice:v1.10.6
Loaded image: goharbor/redis-photon:v1.10.6
Loaded image: goharbor/prepare:v1.10.6
Loaded image: goharbor/notary-server-photon:v1.10.6
Loaded image: goharbor/chartmuseum-photon:v1.10.6
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /mydata/harbor/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping redis ... done
Stopping registryctl ... done
Stopping registry ... done
Stopping harbor-db ... done
Stopping harbor-portal ... done
Stopping harbor-log ... done
Removing harbor-jobservice ... done
Removing harbor-core ... done
Removing redis ... done
Removing registryctl ... done
Removing registry ... done
Removing harbor-db ... done
Removing harbor-portal ... done
Removing harbor-log ... done
Removing network harbor_harbor
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating registry ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating redis ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done
? ----Harbor has been installed and started successfully.----
復制代碼
- 我們可以使用docker images命令查看下安裝Harbor安裝的Docker鏡像,還挺多的;
REPOSITORY TAG IMAGE ID CREATED SIZE latest dc3bacd8b5ea 8 days ago 1.23MB
goharbor/chartmuseum-photon v1.10.6 01b70eccaf71 2 weeks ago 178MB
goharbor/harbor-migrator v1.10.6 a5d4a4ee44e4 2 weeks ago 356MB
goharbor/redis-photon v1.10.6 99e25b65195c 2 weeks ago 132MB
goharbor/clair-adapter-photon v1.10.6 aa72598ecc12 2 weeks ago 61.3MB
goharbor/clair-photon v1.10.6 da1b03030e34 2 weeks ago 171MB
goharbor/notary-server-photon v1.10.6 37c8bed3e255 2 weeks ago 142MB
goharbor/notary-signer-photon v1.10.6 c56d82220929 2 weeks ago 139MB
goharbor/harbor-registryctl v1.10.6 1d3986d90c65 2 weeks ago 101MB
goharbor/registry-photon v1.10.6 3e669c8204ed 2 weeks ago 83.7MB
goharbor/nginx-photon v1.10.6 a39d8dd46060 2 weeks ago 43.7MB
goharbor/harbor-log v1.10.6 1085d3865a57 2 weeks ago 106MB
goharbor/harbor-jobservice v1.10.6 aa05538acecf 2 weeks ago 143MB
goharbor/harbor-core v1.10.6 193e76e6be5d 2 weeks ago 129MB
goharbor/harbor-portal v1.10.6 942a9c448850 2 weeks ago 51.8MB
goharbor/harbor-db v1.10.6 37da2e5414ae 2 weeks ago 170MB
goharbor/prepare v1.10.6 35f073e33ec5 2 weeks ago 177MB
復制代碼
- 訪問Harbor的管理界面,輸入賬號密碼admin:Harbor12345登錄即可,訪問地址:http://192.168.3.101/
使用
接下來我們就可以使用Harbor來管理我們的鏡像了。
- 首先點擊新建項目按鈕,新建一個項目:
- 這里新建一個叫做test的私有項目;
- 由于docker login命令默認不支持http訪問,所以我們需要手動開啟,使用Vim編輯器修改docker的配置文件daemon.json;
vi /etc/docker/daemon.json
復制代碼
- 添加一行insecure-registries配置即可,允許使用非安全方式訪問Harbor鏡像倉庫,注意不要少了端口號80;
{
"registry-mirrors":["https://xxx.aliyuncs.com"],
"insecure-registries":["192.168.3.101:80"]
}
復制代碼
- 再次重新啟動docker服務(wù);
systemctl restart docker
復制代碼
- 再次使用install.sh啟動Harbor服務(wù);
./install.sh
復制代碼
- 使用docker login命令訪問Harbor鏡像倉庫,注意加上端口號為80;
[root@linux-local harbor]# docker login 192.168.3.101:80
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
復制代碼
- 編寫Dockerfile腳本,用于構(gòu)建Docker鏡像,一個最簡單的busybox腳本如下;
FROM busybox:latest
復制代碼
- 使用如下命令構(gòu)建一個自己的busybox鏡像;
docker build -t 192.168.3.101:80/test/busybox .
復制代碼
- 將自己構(gòu)建的busybox鏡像推送到Harbor鏡像倉庫;
docker push 192.168.3.101:80/test/busybox
復制代碼
- 推送成功后在Harbor的管理界面中就可以查看到busybox鏡像了;
- 由于Harbor是用Docker Compose部署的,可以直接使用Docker Compose的命令來停止和啟動。
# 停止Harbor
docker-compose stop
# 啟動Harbor
docker-compose start
復制代碼
結(jié)合SpringBoot使用
這里使用之前的mall-tiny-fabric項目來演示下,如何使用Maven插件一鍵打包并推送到Harbor鏡像倉庫。
- 首先修改項目的pom.xml文件,修改推送的鏡像倉庫地址,并添加認證信息即可;
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>0.33.0</version>
<executions>
<!--如果想在項目打包時構(gòu)建鏡像添加-->
<execution>
<id>build-image</id>
<phase>package</phase>
<goals>
<goal>build</goal>
</goals>
</execution>
</executions>
<configuration>
<!-- Docker 遠程管理地址-->
<dockerHost>http://192.168.3.101:2375</dockerHost>
<!-- Docker 推送鏡像倉庫地址-->
<pushRegistry>http://192.168.3.101:80</pushRegistry>
<!-- 認證信息-->
<authConfig>
<push>
<username>admin</username>
<password>Harbor12345</password>
</push>
</authConfig>
<images>
<image>
<!--由于推送到私有鏡像倉庫,鏡像名需要添加倉庫地址-->
<name>192.168.3.101:80/mall-tiny/${project.name}:${project.version}</name>
<!--定義鏡像構(gòu)建行為-->
<build>
<!--定義基礎(chǔ)鏡像-->
<from>JAVA:8</from>
<args>
<JAR_FILE>${project.build.finalName}.jar</JAR_FILE>
</args>
<!--定義哪些文件拷貝到容器中-->
<assembly>
<!--定義拷貝到容器的目錄-->
<targetDir>/</targetDir>
<!--只拷貝生成的jar包-->
<descriptorRef>artifact</descriptorRef>
</assembly>
<!--定義容器啟動命令-->
<entryPoint>["java", "-jar","/${project.build.finalName}.jar"]</entryPoint>
<!--定義維護者-->
<maintainer>macrozheng</maintainer>
<!--使用Dockerfile構(gòu)建時打開-->
<!--<dockerFileDir>${project.basedir}</dockerFileDir>-->
</build>
<!--定義容器啟動行為-->
<run>
<!--設(shè)置容器名,可采用通配符-->
<containerNamePattern>${project.artifactId}</containerNamePattern>
<!--設(shè)置端口映射-->
<ports>
<port>8080:8080</port>
</ports>
<!--設(shè)置容器間連接-->
<links>
<link>MySQL:db</link>
</links>
<!--設(shè)置容器和宿主機目錄掛載-->
<volumes>
<bind>
<volume>/etc/localtime:/etc/localtime</volume>
<volume>/mydata/app/${project.artifactId}/logs:/var/logs</volume>
</bind>
</volumes>
</run>
</image>
</images>
</configuration>
</plugin>
復制代碼
- 推送鏡像之前需要在Harbor中創(chuàng)建好mall-tiny項目,否則會無法推送鏡像;
- 之后使用Maven插件打包鏡像并推送到Harbor倉庫,具體可以參考《還在手動部署SpringBoot應(yīng)用?試試這個自動化插件!》,推送過程中輸出信息如下;
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Building mall-tiny-fabric 0.0.1-SNAPSHOT
[INFO] ------------------------------------------------------------------------
[INFO]
[INFO] --- docker-maven-plugin:0.33.0:push (default-cli) @ mall-tiny-fabric ---
[INFO] DOCKER> The push refers to repository [192.168.3.101:80/mall-tiny/mall-tiny-fabric]
###############
[INFO] DOCKER> 0.0.1-SNAPSHOT: digest: sha256:3a54682fd3b04526f6da0916e98f3d0d5ba4193a8ad6aafbe6c05a1badf6c13b size: 2212
[INFO] DOCKER> Temporary image tag skipped. Target image '192.168.3.101:80/mall-tiny/mall-tiny-fabric:0.0.1-SNAPSHOT' already has registry set or no registry is available
[INFO] DOCKER> Pushed 192.168.3.101:80/mall-tiny/mall-tiny-fabric:0.0.1-SNAPSHOT in 2 minutes and 8 seconds
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:11 min
[INFO] Finished at: 2020-12-02T15:11:10+08:00
[INFO] Final Memory: 19M/219M
[INFO] ------------------------------------------------------------------------
Process finished with exit code 0
復制代碼
- 打開Harbor管理頁面,發(fā)現(xiàn)mall-tiny-fabric鏡像已經(jīng)存在了。
總結(jié)
Harbor提供了管理界面讓我們可以更方便地管理Docker鏡像,同時添加了基于角色的權(quán)限管理功能來保護鏡像的安全。之前我們?yōu)榱税踩厥褂苗R像,需要使用繁瑣的TLS來控制遠程Docker服務(wù)打包鏡像,具體參考《Docker服務(wù)開放了這個端口,服務(wù)器分分鐘變?nèi)鈾C!》。現(xiàn)在我們只要搭建一個Harbor鏡像倉庫,然后本地打包好鏡像上傳到Harbor,需要使用鏡像的時候直接從Harbor下載即可!
作者:MacroZheng
鏈接:https://juejin.cn/post/6907022706689245198
來源:掘金
著作權(quán)歸作者所有。商業(yè)轉(zhuǎn)載請聯(lián)系作者獲得授權(quán),非商業(yè)轉(zhuǎn)載請注明出處。
