Harbor

Harbor概述

Harbor是一个开源的容器镜像仓库管理系统，具有丰富的安全和管理功能。它可以在企业环境中搭建私有仓库，并提供可信度、多租户支持、定制性等特点。

官网：https://goharbor.io/

GitHub：https://github.com/goharbor/harbor

Harbor旨在提供企业级的镜像管理解决方案，具有以下特点和功能：

安全性：

Harbor提供了一套丰富的安全性功能，包括用户身份验证和授权、镜像签名验证、访问控制、漏洞扫描等。这可以帮助你保护你的镜像免受恶意攻击和漏洞利用。

可信度：

Harbor支持对镜像进行数字签名和验证，确保其完整性和来源可信。你可以使用自定义或第三方证书来签名和验证镜像的真实性。

多租户支持：

Harbor支持多个项目和多个仓库，可以根据不同的组织、团队或项目来进行分组和管理。每个项目都可以有自己的用户权限和访问控制策略。

可定制性：

Harbor提供了灵活的配置选项和扩展机制，可以根据你的需求进行自定义设置。你可以调整存储、网络和认证等配置，以适应不同的环境和需求。

高性能：

Harbor使用了缓存和复制策略来提高镜像的访问速度和可用性。它支持多个镜像存储后端，包括本地存储、S3存储等。

用户友好的界面：

Harbor提供了直观且易于使用的Web界面，可以方便地管理镜像、项目、用户和访问权限等。

安装Harbor

下载Harbor的二进制文件进行安装，Harbor安装与配置参考：https://goharbor.io/docs/2.9.0/install-config/

下载离线安装包

wget https://github.com/goharbor/harbor/releases/download/v2.7.3/harbor-offline-installer-v2.7.3.tgz

解压安装包

tar -zxvf harbor-offline-installer-v2.7.3.tgz

[root@master harbor]# ls
common.sh  harbor.v2.7.3.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare

进入Harbor目录

cd harbor

配置 Harbor

cp harbor.yml.tmpl  harbor.yml

vim harbor.yml

# 当前节点主机名或IP
hostname: 112.74.96.150

# http端口配置
http:
  port: 8080

# 这里不使用https，注释该配置
#https:
  # https port for harbor, default is 443
#  port: 443
  # The path of cert and key files for nginx
#  certificate: /your/certificate/path
#  private_key: /your/private/key/path  

# Harbor UI的初始密码  
harbor_admin_password: Harbor12345

# The default data volume
data_volume: /usr/local/program/harbor/data

运行安装程序脚本

当配置harbor.yml完成后，可以使用install.sh脚本安装并启动 Harbor

./install.sh

安装成功，将输出如下日志：

[Step 5]: starting Harbor ...
[+] Running 10/10
 ✔ Network harbor_harbor        Created                                                                                                                                                0.1s
 ✔ Container harbor-log         Started                                                                                                                                                0.1s
 ✔ Container registryctl        Started                                                                                                                                                0.2s
 ✔ Container harbor-db          Started                                                                                                                                                0.1s
 ✔ Container redis              Started                                                                                                                                                0.1s
 ✔ Container registry           Started                                                                                                                                                0.1s
 ✔ Container harbor-portal      Started                                                                                                                                                0.2s
 ✔ Container harbor-core        Started                                                                                                                                                0.1s
 ✔ Container harbor-jobservice  Started                                                                                                                                                0.1s
 ✔ Container nginx              Started                                                                                                                                                0.1s
✔ ----Harbor has been installed and started successfully.----

查看docker镜像，将出现与hardor相关的的镜像列表


[root@master harbor]# docker ps
CONTAINER ID   IMAGE                                COMMAND                  CREATED              STATUS                        PORTS                       NAMES
62343618f630   goharbor/nginx-photon:v2.7.3         "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)   0.0.0.0:8080->8080/tcp      nginx
a39ecd6eddf1   goharbor/harbor-jobservice:v2.7.3    "/harbor/entrypoint.…"   About a minute ago   Up About a minute (healthy)                               harbor-jobservice
f0c1a4957d04   goharbor/harbor-core:v2.7.3          "/harbor/entrypoint.…"   About a minute ago   Up About a minute (healthy)                               harbor-core
f64062148ccf   goharbor/harbor-registryctl:v2.7.3   "/home/harbor/start.…"   About a minute ago   Up About a minute (healthy)                               registryctl
6fc3d92cc65f   goharbor/harbor-db:v2.7.3            "/docker-entrypoint.…"   About a minute ago   Up About a minute (healthy)                               harbor-db
fc9917cad78e   goharbor/harbor-portal:v2.7.3        "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)                               harbor-portal
8622fab2670f   goharbor/registry-photon:v2.7.3      "/home/harbor/entryp…"   About a minute ago   Up About a minute (healthy)                               registry
27e3ba43f9f8   goharbor/redis-photon:v2.7.3         "redis-server /etc/r…"   About a minute ago   Up About a minute (healthy)                               redis
feef079dcbd4   goharbor/harbor-log:v2.7.3           "/bin/sh -c /usr/loc…"   About a minute ago   Up About a minute (healthy)   127.0.0.1:1514->10514/tcp   harbor-log

启动与停止Harbor

停止Harbor

[root@master harbor]# docker-compose stop
[+] Running 9/9
 ⠿ Container harbor-jobservice  Stopped                                                                                                                                                0.0s
 ⠿ Container nginx              Stopped                                                                                                                                                0.0s
 ⠿ Container registryctl        Stopped                                                                                                                                               10.2s
 ⠿ Container harbor-portal      Stopped                                                                                                                                                0.3s
 ⠿ Container harbor-core        Stopped                                                                                                                                                0.0s
 ⠿ Container harbor-db          Stopped                                                                                                                                                0.4s
 ⠿ Container registry           Stopped                                                                                                                                                0.2s
 ⠿ Container redis              Stopped                                                                                                                                                0.5s
 ⠿ Container harbor-log         Stopped                                                                                                                                               10.2s

启动Harbor

[root@master harbor]# docker-compose start
[+] Running 9/9
 ⠿ Container harbor-log         Started                                                                                                                                                0.3s
 ⠿ Container redis              Started                                                                                                                                                0.9s
 ⠿ Container registryctl        Started                                                                                                                                                0.7s
 ⠿ Container harbor-portal      Started                                                                                                                                                1.0s
 ⠿ Container harbor-db          Started                                                                                                                                                0.8s
 ⠿ Container registry           Started                                                                                                                                                1.0s
 ⠿ Container harbor-core        Started                                                                                                                                                0.3s
 ⠿ Container nginx              Started                                                                                                                                                0.5s
 ⠿ Container harbor-jobservice  Started

登录Harbor仓库

要登录到Harbor私有仓库，执行以下命令来登录到Harbor仓库：

docker login <Harbor仓库地址>

登录异常

[root@master harbor]# docker login 112.74.96.150:8080
Username: admin
Password:
Error response from daemon: Get "https://112.74.96.150:8080/v2/": http: server gave HTTP response to HTTPS client

原因：

默认通过 HTTPS 协议与 Harbor 仓库进行通信，但是 Harbor 仓库只配置了 HTTP 服务而没有启用 HTTPS 服务。

解决方案

方案一：

查找docker.service所在目录

[root@master harbor]# find / -name docker.service -type f
/usr/lib/systemd/system/docker.service

编辑vim /usr/lib/systemd/system/docker.service

修改这行配置：

ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

使用--insecure选项来跳过https证书验证，改成如下这样：

ExecStart=/usr/bin/dockerd --insecure-registry 112.74.96.150:8080  -H fd:// --containerd=/run/containerd/containerd.sock

方案二：

修改/etc/docker/daemon.json文件，添加配置，指定镜像仓库IP地址
{
    
    
    "insecure-registries": ["112.74.96.150"]
}

[root@master harbor]# docker login 112.74.96.150:8080
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

退出

退出Harbor私有仓库的登录状态

docker logout <Harbor仓库地址>

[root@master ~]# docker login 112.74.96.150:8080
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

推送拉取Harbor镜像

镜像命名规范

Harbor的镜像名称，存在一定命名规范，差异之处在于：必须以项目名称作为镜像名称的一部分，具体参考如下示例说明

构建镜像

docker build -t <Harbor仓库地址>/<项目名称>/<镜像名称>:<标签> .

将镜像推送到Harbor仓库

docker push <Harbor仓库地址>/<项目名称>/<镜像名称>:<标签>

拉取Harbor镜像

docker pull <Harbor仓库地址>/<项目名称>/<镜像名称>:<标签>

创建项目

在Harbor仓库的界面或使用Harbor API来创建项目

界面创建

Harbor API创建

curl -X POST -u username:password -H "Content-Type: application/json" -d '{
  "project_name": "projectname",
  "public": 1,
  "content_trust": "disabled"
}' https://<Harbor仓库地址>/api/projects

推送镜像

拉取一个测试镜像

[root@master ~]# docker pull testcontainers/helloworld

查看该镜像

[root@master ~]# docker images | grep hello
testcontainers/helloworld       latest       6974669be52b   2 years ago     12.7MB

标记本地镜像, 将其归入Harbor仓库

注意：需要多一级，作为项目名

[root@master harbor]# docker tag testcontainers/helloworld:latest 112.74.96.150:8080/projectname/helloworld:v1

再次查看镜像

[root@master harbor]# docker images | grep hello
112.74.96.150:8080/projectname/helloworld   v1           6974669be52b   2 years ago     12.7MB
testcontainers/helloworld                   latest       6974669be52b   2 years ago     12.7MB

将本地镜像推送到镜像仓库(需先登录镜像仓库)

[root@master harbor]# docker push  112.74.96.150:8080/projectname/helloworld:v1
The push refers to repository [112.74.96.150:8080/projectname/helloworld]
802cca11a560: Pushing [============================================>      ]  6.194MB/7.019MB
80b7fe966245: Pushed
50644c29ef5a: Pushing [=============================================>     ]  5.068MB/5.575MB

登录Harbor，查看新建项目projectname下，已成功推送1个镜像

拉取镜像

删除已存在镜像

[root@master harbor]# docker images | grep hello
112.74.96.150:8080/projectname/helloworld   v1           6974669be52b   2 years ago     12.7MB
testcontainers/helloworld                   latest       6974669be52b   2 years ago     12.7MB

[root@master harbor]# docker rmi 112.74.96.150:8080/projectname/helloworld:v1
Untagged: 112.74.96.150:8080/projectname/helloworld:v1
Untagged: 112.74.96.150:8080/projectname/helloworld@sha256:4ee5a832ef6eee533df7224b80d4cceb9ab219599014f408d0b69690be94c396

[root@master harbor]# docker rmi testcontainers/helloworld:latest
Untagged: testcontainers/helloworld:latest
Untagged: testcontainers/helloworld@sha256:4ee5a832ef6eee533df7224b80d4cceb9ab219599014f408d0b69690be94c396

从Harbor拉取镜像

[root@master harbor]# docker pull 112.74.96.150:8080/projectname/helloworld:v1
v1: Pulling from projectname/helloworld
df20fa9351a1: Downloading [==========>                                        ]  614.1kB/2.798MB
7d694ce25b07: Download complete
99f5116afda5: Downloading [================================>                  ]  
2.389MB/3.655MB

查看拉取的镜像

[root@master harbor]# docker images | grep hell
112.74.96.150:8080/projectname/helloworld   v1           6974669be52b   2 years ago     12.7MB

企业级镜像仓库Harbor的安装与配置

Harbor

Harbor概述

安装Harbor

配置 Harbor

运行安装程序脚本

登录

启动与停止Harbor

登录Harbor仓库

登录异常

解决方案

登录

退出

推送拉取Harbor镜像

镜像命名规范

创建项目

推送镜像

拉取镜像

热门文章

最新文章

相关课程

相关电子书

相关实验场景