部署 Docker harbor (http/https)及使用

官网下载docker harbor 和docker-compose 下载最新版本即可

https://github.com/goharbor/harbor

https://github.com/docker/compose/releases

一.Docker harbor 配置http使用

1.解压harbor.tar

# 解压至指定目录
[root@docker ~]# tar -xf harbor-offline-installer-v2.9.1.tgz -C /usr/local/

# 安装docker-compose
[root@docker ~]# mv docker-compose-linux-x86_64 /usr/local/bin/docker-compose
[root@docker ~]# chmod +x /usr/local/bin/docker-compose
[root@docker ~]# docker-compose -v
Docker Compose version v2.24.6

2.使用http协议下的harbor

[root@docker ~]# cd /usr/local/harbor/

# 拷贝演示文件
[root@docker harbor]# cp -a harbor.yml.tmpl harbor.yml

# 修改配置文件
[root@docker harbor]# vim harbor.yml
 5 hostname: 192.168.73.128		#修改为本机ip地址
  6 
  7 # http related config
  8 http:
  9   # port for http, default is 80. If https enabled, this por    t will redirect to https port
 10   port: 80
 11 
 # 将https注释掉
 12 # https related config
 13 #https:
 14   # https port for harbor, default is 443
 15 #  port: 443
 16   # The path of cert and key files for nginx
 17 #  certificate: /your/certificate/path
 18 #  private_key: /your/private/key/path
# 登录密码
 36    harbor_admin_password: Harbor12345

3.执行安装脚本

[root@docker harbor]# ./install.sh

4.浏览器访问

新建一个项目

5.推送镜像环境

# 使用tag为本地拉取的官方镜像打上标签
[root@docker ~]# docker tag centos:7 192.168.73.130/demo/centos7:v1
[root@docker ~]# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED         SIZE
192.168.73.130/demo/centos7     v1        eeb6ee3f44bd   3 years ago     204MB
centos                          7         eeb6ee3f44bd   3 years ago     204MB

# 修改daemon.json
[root@docker ~]# cat /etc/docker/daemon.json 
{
  "insecure-registries": ["http://192.168.73.130"]
}
[root@docker ~]# systemctl restart docker

# 测试是否能够登录
[root@docker ~]# docker login 192.168.73.130
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

# 推送本地镜像
[root@docker ~]# docker push 192.168.73.130/demo/centos7:v1
The push refers to repository [192.168.73.130/demo/centos7]
174f56854903: Layer already exists 
v1: digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f size: 529

二.Docker habor 配置https使用

1.创建自签名证书

[root@docker ~]# mkdir -pv /data/ca
mkdir: 已创建目录 "/data/ca"
[root@docker ~]# cd /data/ca
[root@docker ca]# openssl genrsa -out /data/ca/harbor-ca.key
Generating RSA private key, 2048 bit long modulus
........................+++
........................................................................................................................................................+++
e is 65537 (0x10001)
[root@docker ca]# openssl req -x509 -new -nodes -key /data/ca/harbor-ca.key  -subj "/CN=harbor.linux.com" -days 7120 -out /data/ca/harbor-ca.crt
[root@docker ca]# ls
harbor-ca.crt  harbor-ca.key

2.修改配置文件和域名解析

[root@docker harbor]# vim harbor.yml
# 修改为域名登录
5 hostname: harbor.linux.com
  6 
  # 将http注释
  7 # http related config    
  8 #http:
  9   # port for http, default is 80. If https enabled, this por    t will redirect to https port
 10 #  port: 80
 11 
 12 # https related config
 13 https:
 14   # https port for harbor, default is 443
 15   port: 443
 16   # The path of cert and key files for nginx
 #  修改密钥存放目录
 17   certificate: /data/ca/harbor-ca.crt
 18   private_key: /data/ca/harbor-ca.key
 36 harbor_admin_password: Harbor12345 

# 配置本机域名解析
[root@docker ~]# tail -1 /etc/hosts
192.168.73.130 harbor.linux.com

# 配置浏览器域名解析
C:\Windows\System32\drivers\etc\hosts  << Windows的域名解析文件
192.168.73.130 harbor.linux.com

# 配置daemon.json
[root@docker ~]# cat  /etc/docker/daemon.json
{
 "insecure-registries": ["https://harbor.linux.com"]  
}

# 重启docker和harbor
[root@docker ~]# systemctl restart docker
[root@docker ~]# cd /usr/lcoal/harbor
[root@docker ~]# cd /usr/local/harbor
[root@docker harbor]# docker-compose restart
[+] Restarting 9/9
 ✔ Container harbor-log         Started                   10.3s 
 ✔ Container redis              Start...                   0.5s 
 ✔ Container harbor-db          S...                       0.3s 
 ✔ Container harbor-jobservice  Started                    0.4s 
 ✔ Container harbor-core        Started                    0.4s 
 ✔ Container harbor-portal      Started                    0.3s 
 ✔ Container nginx              Start...                   0.4s 
 ✔ Container registryctl        Started                    0.5s 
 ✔ Container registry           St...                      0.4s 

3.本机测试登录

[root@docker ~]# docker login harbor.linux.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

4.浏览器登录

https://harbor.linux.com

三.harbor客户端配置

1.配置认证证书

[root@docker02 ~]# mkdir -pv /etc/docker/certs.d/harbor.linux.com/
[root@docker02 ~]# scp 192.168.73.130:/data/ca/harbor-ca.crt /etc/docker/certs.d/harbor.linux.com/

# 配置域名解析
[root@docker02 ~]# tail -1 /etc/hosts
192.168.73.130  harbor.linux.com 

# 测试登录
[root@docker02 ~]# docker login harbor.linux.com
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

2.配置客户端harbor仓库地址

[root@docker02 ~]# cat  /etc/docker/daemon.json
{
  "insecure-registries": ["harbor.liunx.com","192.168.73.130:443"]
}

# 重启docker服务
[root@docker02 ~]# systemctl restart docker

# 测试域名和ip登录
[root@docker02 ~]# docker login harbor.linux.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@docker02 ~]# docker login 192.168.73.130:443
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

[root@docker02 ~]# cat /root/.docker/config.json
{
        "auths": {
                "192.168.73.130:443": {
                        "auth": "YWRtaW46SHVhd2VpQDEyMw=="
                },
                "harbor.linux.com": {
                        "auth": "YWRtaW46SHVhd2VpQDEyMw=="
                }
        }

3.从harbor服务端拉取镜像

[root@docker02 ~]# docker pull harbor.linux.com/demo/centos7:v1
v1: Pulling from demo/centos7
Digest: sha256:dead07b4d8ed7e29e98de0f4504d87e8880d4347859d839686a31da35a3b532f
Status: Image is up to date for harbor.linux.com/demo/centos7:v1
harbor.linux.com/demo/centos7:v1

[root@docker02 ~]# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE
harbor.linux.com/demo/centos7   v1        eeb6ee3f44bd   3 years ago    204MB