一、Docker搭建Registry
- Docker 官方提供了一个搭建私有仓库的镜像 registry ,只需把镜像下载下来,运行容器并暴露5000端口,就可以使用了。
- 步骤:
[root@docker ~]# docker pull registry:2 #下载镜像 2: Pulling from library/registry ddad3d7c1e96: Pull complete 6eda6749503f: Pull complete 363ab70c2143: Pull complete 5b94580856e6: Pull complete 12008541203a: Pull complete Digest: sha256:aba2bfe9f0cff1ac0618ec4a54bfefb2e685bbac67c8ebaf3b6405929b3e616f Status: Downloaded newer image for registry:2 [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 4cdc5dd7eaad 2 weeks ago 133MB registry 2 1fd8e1b0bb7e 3 months ago 26.2MB [root@docker ~]# docker run -d -v /opt/registry:/var/lib/registry -p 5000:5000 --name myregistry registry:2 731047396a0a9f7fa6896f770a1e86a72f8183ab273842107eed8b46742226fb #创建容器,挂载目录,指定端口 [root@docker ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 731047396a0a registry:2 "/entrypoint.sh /etc…" 8 seconds ago Up 8 seconds 0.0.0.0:5000->5000/tcp myregistry #Registry服务默认会将上传的镜像保存在容器的/var/lib/registry,我们将主机的/opt/registry目录挂载到该目录,即可实现将镜像保存到主机的/opt/registry目录了。 浏览器访问http://192.168.100.202:5000/v2,出现下面情况说明registry运行正常。
[root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 4cdc5dd7eaad 2 weeks ago 133MB registry 2 1fd8e1b0bb7e 3 months ago 26.2MB [root@docker ~]# docker tag registry:2 localhost:5000/cangku:lastest #需要先修改标签,修改成仓库ip加端口然后/镜像名称 [root@docker ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest 4cdc5dd7eaad 2 weeks ago 133MB registry 2 1fd8e1b0bb7e 3 months ago 26.2MB localhost:5000/cangku lastest 1fd8e1b0bb7e 3 months ago 26.2MB [root@docker ~]# docker push localhost:5000/cangku:lastest The push refers to repository [localhost:5000/cangku] 7b9a3910f3c3: Pushed 3764c3e89288: Pushed b4592cba0628: Pushed de9819405bcf: Pushed 9a5d14f9f550: Pushed lastest: digest: sha256:42043edfae481178f07aa077fa872fcc242e276d302f4ac2026d9d2eb65b955f size: 1363 [root@docker ~]# docker tag nginx:latest localhost:5000/nginx:latest #同样把nginx镜像也传上去 [root@docker ~]# docker push localhost:5000/nginx:latest The push refers to repository [localhost:5000/nginx] 9d1af766c818: Pushed d97733c0a3b6: Pushed c553c6ba5f13: Pushed 48b4a40de359: Pushed ace9ed9bcfaf: Pushed 764055ebc9a7: Pushed latest: digest: sha256:1c70a669bbf07f9862f269162d776c35144b116938d1becb4e4676270cff8f75 size: 1570 #使用浏览器访问http://192.168.100.202:5000/v2/_catalog,可以看到多了一个仓库
#使用另一台docker主机拉取仓库镜像 #安装并启动docker(略) [root@Centos7 ~]# hostnamectl set-hostname test [root@Centos7 ~]# su [root@test ~]# docker images #现在在本地是没有镜像的 REPOSITORY TAG IMAGE ID CREATED SIZE #两台docker主机的daemon文件都需要修改 [root@test ~]# vim /etc/docker/daemon.json #在下载镜像时,是不支持http的需要https,所以需要修改配置文件指定镜像仓库 { "registry-mirrors": ["https://w4uieobw.mirror.aliyuncs.com"], #要记住后面的逗号 "insecure-registries": ["192.168.100.202:5000"] #这里写仓库服务器的ip } #保存退出 [root@Centos7 ~]# systemctl restart docker #在test主机去推送镜像 [root@test ~]# ll 总用量 138524 -rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg drwxr-xr-x 3 root root 4096 7月 28 21:47 docker -rw-r--r-- 1 root root 141838848 7月 28 21:47 httpd [root@test ~]# docker load -i httpd 764055ebc9a7: Loading layer [==================================================>] 72.53MB/72.53MB 9fbbeddcc4e4: Loading layer [==================================================>] 3.072kB/3.072kB 61172cb5065c: Loading layer [==================================================>] 7.483MB/7.483MB 9262f7dd1498: Loading layer [==================================================>] 61.79MB/61.79MB 239871c4cac5: Loading layer [==================================================>] 3.584kB/3.584kB Loaded image: httpd:latest [root@test ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE httpd latest bd29370f84ea 2 weeks ago 138MB [root@test ~]# docker tag httpd:latest 192.168.100.202:5000/httpd:latest [root@test ~]# docker push 192.168.100.202:5000/httpd:latest #同样的修改镜像名称进行推送 The push refers to repository [192.168.100.202:5000/httpd] 239871c4cac5: Pushed 9262f7dd1498: Pushed 61172cb5065c: Pushed 9fbbeddcc4e4: Pushed 764055ebc9a7: Pushed latest: digest: sha256:51dabee6ad1cca2ae3a80e974224f30e7121dab1da9edf62e11179f8c652b09e size: 1366
成功推送到了镜像仓库!
二、Docker搭建Harbor
(1)Harbor简介
- 这是VMware的开源项目https://github.com/vmware/harbor
- harbor可帮助用户迅速搭建企业级的注册服务。它提供了管理图形界面,基于角色的访问控制(Role Based Access Control),镜像远程复制同步,AD/lDAP集成,以及审计日志等企业用户需求的功能,同时还原生支持中文,该项目自推出以来,在GitHub获得了超过3300多个star和900多个forks
- Harbor的优点
- 基于角色的访问控制
用户与Docker镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限
- 图像化用户界面
用户可以通过浏览器来浏览,检索当前Docker镜像仓库,管理项目和命名空间
- 审计管理
所有针对镜像仓库的操作都可以被记录追溯,用户审计管理
- 国际化
基于英文与中文语言进行了本地化,可以增加更多的语言支持
- RESTful API:
提供给管理员对于Harbor更多的操控,使得与其他管理软件集成变得更容易。
- 镜像复制
基于策略的Docker镜像复制功能,可在不同的数据中心,不同的运行环境之间同步镜像,并提供友好的管理界面,大大简化了实际运维中的镜像管理工作。
- 与Clair集成
与Clair集成,添加漏洞扫描功能,Clair是coreos开源的容器漏洞扫描工具,在容器逐渐普及的今天,容器镜像安全问题日益严重,Clair是目前少数的开源安全扫描工具
- Notary签名工具
Notary是Docker镜像的签名工具,用来保证镜像在pull,push和传输工程中的一致性和完整性,避免中间人攻击,避免非法的镜像更新,运行
(2)搭建Harbor
-安装Harbor
******(1)安装并且启动Docker(略) #最好提前修改两台docker主机的配置文件 [root@Centos7 ~]# vim /etc/docker/daemon.json { "registry-mirrors": ["https://w4uieobw.mirror.aliyuncs.com"], "insecure-registries": ["192.168.100.202"] #镜像仓库地址,如果是https需要把登录镜像仓库的主机的这个选项改为域名 } #保存退出 [root@Centos7 harbor]# systemctl restart docker ******(2)上传harbor压缩包,解压并安装 [root@Centos7 ~]# ll 总用量 775232 -rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg drwxr-xr-x 3 root root 4096 7月 28 21:46 docker -rw-r--r-- 1 root root 629571428 7月 29 02:50 harbor-offline-installer-v2.3.1.tgz -rw-r--r-- 1 root root 137441280 7月 28 21:47 nginx -rw-r--r-- 1 root root 26815488 7月 28 21:46 registry [root@Centos7 ~]# tar xf harbor-offline-installer-v2.3.1.tgz -C /usr/local/ ******(3)上传docker-compose,使用harbor的install.sh脚本需要使用compose命令 [root@Centos7 ~]# cd /usr/bin/ [root@Centos7 bin]# ll | grep docker-compose -rw-r--r-- 1 root root 11748168 7月 29 02:54 docker-compose [root@Centos7 bin]# chmod a+x docker-compose #Harbor在上传和下载时,也是有http协议和https协议的区分的
-搭建HTTP协议的Harbor
******(1)修改配置文件 [root@Centos7 ~]# vim /usr/local/harbor/harbor.yml.tmpl #修改配置文件,修改完之后复制一份harbor.yml 1 # Configuration file of Harbor 2 3 # The IP address or hostname to access admin UI and registry service. 4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. 5 hostname: 192.168.100.202 #修改host地址 6 7 # http related config 8 http: 9 # port for http, default is 80. If https enabled, this port will redirect to https port 10 port: 80 #可以看到是80端口,所以在浏览器访问harbor时使用80端口 11 12 # https related config 13 #https: #把https的选项全部注释 14 # https port for harbor, default is 443 15 #port: 443 16 # The path of cert and key files for nginx 17 #certificate: /your/certificate/path 18 #private_key: /your/private/key/path 19 。。。。。。 #保存退出 [root@Centos7 harbor]# ./prepare #在第一次安装后,之后修改配置文件需要先执行这个命令然后再重启 ******(2)开启harbor [root@Centos7 bin]# cd /usr/local/harbor/ [root@Centos7 harbor]# cp harbor.yml.tmpl harbor.yml [root@Centos7 harbor]# sh install.sh #首次安装启动可使用/usr/local/harbor/install.sh 脚本,后续可使用“docker-compose up -d”命令启动 Harbor,使用“docker-compose stop”命令关闭 Harbor [root@Centos7 harbor]# echo $? 0 [root@Centos7 harbor]# ps aux | grep docker-compose #查看是否启动 root 17466 0.0 0.0 112676 988 pts/0 R+ 02:59 0:00 grep --color=auto docker-compose [root@Centos7 harbor]# docker images #查看镜像,发现自动创建了很多镜像 REPOSITORY TAG IMAGE ID CREATED SIZE goharbor/harbor-exporter v2.3.1 719fd825651e 9 days ago 81MB goharbor/chartmuseum-photon v2.3.1 3aba4510af16 9 days ago 178MB goharbor/redis-photon v2.3.1 4a0d49a4ece0 9 days ago 191MB goharbor/trivy-adapter-photon v2.3.1 a285847f857a 9 days ago 164MB goharbor/notary-server-photon v2.3.1 87a2dbfd122e 9 days ago 110MB goharbor/notary-signer-photon v2.3.1 7e29ff33ec85 9 days ago 107MB goharbor/harbor-registryctl v2.3.1 91e798004920 9 days ago 132MB goharbor/registry-photon v2.3.1 972ce19b1882 9 days ago 81.2MB goharbor/nginx-photon v2.3.1 3b3ede1db494 9 days ago 44.3MB goharbor/harbor-log v2.3.1 40a54594fe22 9 days ago 194MB goharbor/harbor-jobservice v2.3.1 d6e174ae0a00 9 days ago 171MB goharbor/harbor-core v2.3.1 f05acc3947d6 9 days ago 158MB goharbor/harbor-portal v2.3.1 4a15c5622fda 9 days ago 57.6MB goharbor/harbor-db v2.3.1 b16a9c81ef03 9 days ago 263MB goharbor/prepare v2.3.1 4ce629d59c20 9 days ago 288MB nginx latest 4cdc5dd7eaad 3 weeks ago 133MB localhost:5000/nginx latest 4cdc5dd7eaad 3 weeks ago 133MB registry 2 1fd8e1b0bb7e 3 months ago 26.2MB localhost:5000/cangku lastest 1fd8e1b0bb7e 3 months ago 26.2MB [root@Centos7 harbor]# docker ps #自动创建了容器 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 26a93947a33b goharbor/harbor-jobservice:v2.3.1 "/harbor/entrypoint.…" 38 seconds ago Up 36 seconds (healthy) harbor-jobservice 78446210fa0f goharbor/nginx-photon:v2.3.1 "nginx -g 'daemon of…" 38 seconds ago Up 36 seconds (healthy) 0.0.0.0:80->8080/tcp nginx c0960ed77baa goharbor/harbor-core:v2.3.1 "/harbor/entrypoint.…" 39 seconds ago Up 38 seconds (healthy) harbor-core 96cbc954ba82 goharbor/harbor-registryctl:v2.3.1 "/home/harbor/start.…" 40 seconds ago Up 38 seconds (healthy) registryctl b13ff2d09aff goharbor/registry-photon:v2.3.1 "/home/harbor/entryp…" 40 seconds ago Up 38 seconds (healthy) registry f74c86c3f2af goharbor/harbor-portal:v2.3.1 "nginx -g 'daemon of…" 40 seconds ago Up 38 seconds (healthy) harbor-portal bff785ec0b21 goharbor/harbor-db:v2.3.1 "/docker-entrypoint.…" 40 seconds ago Up 39 seconds (healthy) harbor-db 53169511a567 goharbor/redis-photon:v2.3.1 "redis-server /etc/r…" 41 seconds ago Up 39 seconds (healthy) redis 1a18a7fc38a3 goharbor/harbor-log:v2.3.1 "/bin/sh -c /usr/loc…" 41 seconds ago Up 40 seconds (healthy) 127.0.0.1:1514->10514/tcp harbor-log
使用浏览器进行访问192.168.100.202的80端口,因为harbor使用的web是nginx,用户名admin密码Harbor12345
******(3)从另一台docker主机往搭建镜像仓库的主机上传镜像,要提前装好并开启docker,记得修改daemon.json配置文件 [root@test ~]# ll 总用量 138524 -rw-------. 1 root root 1264 1月 12 2021 anaconda-ks.cfg drwxr-xr-x 3 root root 4096 7月 29 03:52 docker -rw-r--r-- 1 root root 141838848 7月 29 03:59 httpd [root@test ~]# docker load -i httpd 764055ebc9a7: Loading layer [==================================================>] 72.53MB/72.53MB 9fbbeddcc4e4: Loading layer [==================================================>] 3.072kB/3.072kB 61172cb5065c: Loading layer [==================================================>] 7.483MB/7.483MB 9262f7dd1498: Loading layer [==================================================>] 61.79MB/61.79MB 239871c4cac5: Loading layer [==================================================>] 3.584kB/3.584kB Loaded image: httpd:latest [root@test ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE httpd latest bd29370f84ea 2 weeks ago 138MB [root@test ~]# docker tag httpd:latest 192.168.100.202/library/httpd:latest #修改镜像名称,格式为仓库地址/项目名称 [root@test ~]# docker push 192.168.100.202/library/httpd:latest #开启推送镜像发现无法推送 The push refers to repository [192.168.100.202/library/httpd] 239871c4cac5: Preparing 9262f7dd1498: Preparing 61172cb5065c: Preparing 9fbbeddcc4e4: Preparing 764055ebc9a7: Preparing unauthorized: unauthorized to access repository: library/httpd, action: push: unauthorized to access repository: library/httpd, action: push [root@test ~]# docker login -u admin -p Harbor12345 192.168.100.202 #需要先登录镜像仓库才可以进行推送 WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@test ~]# docker push 192.168.100.202/library/httpd:latest #再次推送,推送成功 The push refers to repository [192.168.100.202/library/httpd] 239871c4cac5: Pushed 9262f7dd1498: Pushed 61172cb5065c: Pushed 9fbbeddcc4e4: Pushed 764055ebc9a7: Pushed latest: digest: sha256:51dabee6ad1cca2ae3a80e974224f30e7121dab1da9edf62e11179f8c652b09e size: 1366
去浏览器验证,发现成功推送
******(4)使用Docker从镜像仓库下载镜像 [root@test ~]# docker rmi httpd:latest Untagged: httpd:latest [root@test ~]# docker rmi 192.168.100.202/library/httpd:latest Untagged: 192.168.100.202/library/httpd:latest Untagged: 192.168.100.202/library/httpd@sha256:51dabee6ad1cca2ae3a80e974224f30e7121dab1da9edf62e11179f8c652b09e Deleted: sha256:bd29370f84eac6a9fa5373f8ed702f66820e784e5f680b62670af9f851017c96 Deleted: sha256:91fe878e1dedb23768919989d6123dc6cf22bda8f052b891876f71b92bf38803 Deleted: sha256:764b68edcbc2938e3d53f4977145d094fcc321aed11d2a254740966b826dd30c Deleted: sha256:356e3acf71a1a4ccc94a250fa7e6351f7b1691b7dc0ee48be96c97709cd1b7b8 Deleted: sha256:43c41c92588e603f75963bab3a334a02109a6381002f784223bdeec5f46ba7a3 Deleted: sha256:764055ebc9a7a290b64d17cf9ea550f1099c202d83795aa967428ebdf335c9f7 [root@test ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE [root@test ~]# docker pull 192.168.100.202/library/httpd:latest #下载镜像 latest: Pulling from library/httpd b4d181a07f80: Pull complete 4b72f5187e6e: Pull complete 12b2c44d04b2: Pull complete 35c238b46d30: Pull complete 1adcec05f52b: Pull complete Digest: sha256:51dabee6ad1cca2ae3a80e974224f30e7121dab1da9edf62e11179f8c652b09e Status: Downloaded newer image for 192.168.100.202/library/httpd:latest [root@test ~]# docker images #成功下载! REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.100.202/library/httpd latest bd29370f84ea 2 weeks ago 138MB
至此,HTTP协议的Harbor仓库搭建并测试完成!!!!
-搭建HTTPS协议的Harbor
******(1)生成CA证书私钥 [root@Centos7 ~]# mkdir /CA [root@Centos7 ~]# cd /CA/ [root@Centos7 CA]# openssl genrsa -out ca.key 4096 Generating RSA private key, 4096 bit long modulus ...................................................................................++ ................................++ e is 65537 (0x10001) ******(2)生成CA证书 [root@Centos7 CA]# openssl req -x509 -new -nodes -sha512 -days 3650 \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=www.rzy.com" \ -key ca.key \ -out ca.crt ******(3)生成域名私钥 [root@Centos7 CA]# openssl genrsa -out www.rzy.com.key 4096 Generating RSA private key, 4096 bit long modulus ..........................................................................................................................................++ ...........................................................................................................................................++ e is 65537 (0x10001) ******(4)生成证书签名请求(CSR) [root@Centos7 CA]# openssl req -sha512 -new \ -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=www.rzy.com" \ -key www.rzy.com.key \ -out www.rzy.com.csr ******(5)生成一个x509 v3扩展文件 [root@Centos7 CA]# cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=www.rzy.com EOF ******(6)使用该v3.ext文件为您的Harbor主机生成证书 [root@Centos7 CA]# openssl x509 -req -sha512 -days 3650 \ -extfile v3.ext \ -CA ca.crt -CAkey ca.key -CAcreateserial \ -in www.rzy.com.csr \ -out www.rzy.com.crt Signature ok #提示ok subject=/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=www.rzy.com Getting CA Private Key ******(7)提供证书给Harbor和Docker [root@Centos7 CA]# mkdir -p /data/cert/ [root@Centos7 CA]# cp www.rzy.com.crt www.rzy.com.key /data/cert/ ******(8)docker客户端证书文件转换 转换ww.rzy.com.crt为www.rzy.com.cert,供Docker使用。 Docker守护程序将.crt文件解释为CA证书,并将.cert文件解释为客户端证书。 [root@Centos7 CA]# openssl x509 -inform PEM -in www.rzy.com.crt -out www.rzy.com.cert ******(9)服务器证书拷贝 将服务器证书,密钥和CA文件复制到Harbor主机上的Docker certificate文件夹中。您必须首先创建适当的文件夹。 [root@Centos7 CA]# mkdir -p /etc/docker/certs.d/www.rzy.com/ [root@Centos7 CA]# cp www.rzy.com.cert /etc/docker/certs.d/www.rzy.com/ [root@Centos7 CA]# cp www.rzy.com.key /etc/docker/certs.d/www.rzy.com/ [root@Centos7 CA]# cp ca.crt /etc/docker/certs.d/www.rzy.com/ ******(10)修改配置文件harbor.yml [root@Centos7 CA]# vim /usr/local/harbor/harbor.yml 。。。。。。 4 # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. 5 hostname: www.rzy.com 6 7 # http related config 8 #http: #注释http相关选项 9 # port for http, default is 80. If https enabled, this port will redirect to https port 10 #port: 80 11 12 # https related config 13 https: 14 # https port for harbor, default is 443 15 port: 443 16 # The path of cert and key files for nginx 17 certificate: /data/cert/www.rzy.com.crt 18 private_key: /data/cert/www.rzy.com.key 19 。。。。。。 #保存退出 [root@Centos7 CA]# docker-compose down -v #如果harbor开启要先关闭 [root@Centos7 CA]# cd /usr/local/harbor/ [root@Centos7 harbor]# ./prepare #更新配置文件 [root@Centos7 harbor]# echo $? 0 [root@Centos7 harbor]# bash install.sh #执行install脚本 #等待启动完成
修改本地主机的hosts配置文件
成功访问
******(11)在开启一台docker主机去推送镜像 安装并开启docker(略) [root@test ~]# vim /etc/docker/daemon.json #修改docker配置文件 { "registry-mirrors": ["https://w4uieobw.mirror.aliyuncs.com"], "insecure-registries": ["www.rzy.com"] } #保存退出 [root@test ~]# systemctl restart docker [root@test ~]# echo "192.168.100.202 www.rzy.com" >> /etc/hosts ******(12)使用这台docker登录镜像仓库 [root@test ~]# docker login -u admin -p Harbor12345 www.rzy.com WARNING! Using --password via the CLI is insecure. Use --password-stdin. WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded [root@test ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.100.202/library/httpd latest bd29370f84ea 2 weeks ago 138MB [root@test ~]# docker tag 192.168.100.202/library/httpd:latest www.rzy.com/library/httpd:latest [root@test ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE 192.168.100.202/library/httpd latest bd29370f84ea 2 weeks ago 138MB www.rzy.com/library/httpd latest bd29370f84ea 2 weeks ago 138MB [root@test ~]# docker push www.rzy.com/library/httpd:latest #推送成功 The push refers to repository [www.rzy.com/library/httpd] 239871c4cac5: Pushed 9262f7dd1498: Pushed 61172cb5065c: Pushed 9fbbeddcc4e4: Pushed 764055ebc9a7: Pushed latest: digest: sha256:51dabee6ad1cca2ae3a80e974224f30e7121dab1da9edf62e11179f8c652b09e size: 1366
至此,搭建基于HTTPS的Harbor镜像仓库完成!!!
(3)推送、下载镜像的规则
- 登录harbor仓库
推送、下载镜像需要根据镜像仓库的地址、项目来进行下载,需要登录 [root@test ~]# docker login -u admin -p Harbor12345 www.rzy.com #登录镜像仓库 -u:用户名 -p:密码 www.rzy.com:是镜像仓库地址,使用http协议的话直接写ip地址即可,使用https则需要写域名
- 推送镜像:
#示例: [root@test ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE httpd latest bd29370f84ea 2 weeks ago 138MB 例如这样的镜像名称是httpd:latest,在推送push之前需要修改镜像名称,修改为: [root@test ~]# docker tag httpd:latest 192.168.100.202/library/httpd:latest #例如这样的 192.168.100.202是镜像仓库的地址,这是使用http传输才会修改的格式,如果是https协议传输,则需要写成域名形式的 library是项目名称 httpd:latest其实就是标注一下 [root@test ~]# docker push 192.168.100.202/library/httpd:latest #推送,直接推送即可
- 下载镜像:
[root@test ~]# docker images #现在是没有镜像的 REPOSITORY TAG IMAGE ID CREATED SIZE [root@test ~]# docker pull www.rzy.com/library/httpd:latest #同样的下载镜像需要标注镜像仓库名称和项目名称 latest: Pulling from library/httpd b4d181a07f80: Pull complete 4b72f5187e6e: Pull complete 12b2c44d04b2: Pull complete 35c238b46d30: Pull complete 1adcec05f52b: Pull complete Digest: sha256:51dabee6ad1cca2ae3a80e974224f30e7121dab1da9edf62e11179f8c652b09e Status: Downloaded newer image for www.rzy.com/library/httpd:latest [root@test ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE www.rzy.com/library/httpd latest bd29370f84ea 2 weeks ago 138MB
- 注意事项:
1. Docker版本和Harbor版本可能会不匹配,会出现重启docker后Harbor-db容器启动不了,一直是restarting状态 2. 在下载和推送镜像时,最好把docker的daemon.json文件修改,例如: [root@test ~]# cat /etc/docker/daemon.json { "registry-mirrors": ["https://w4uieobw.mirror.aliyuncs.com"], "insecure-registries": ["www.rzy.com"] #镜像仓库使用http协议就直接写镜像仓库的ip,https就写域名,不过要记得修改hosts文件或者搭建dns }
