一、Harbor介绍

Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。

官网地址:https://github.com/goharbor/harbor

二、实验环境

服务器配置和操作系统如下:

序号

名称

详情

1

硬件配置

2vCPU + 4G + 20G硬盘

2

操作系统

CentOS7.9

3

IP地址

192.168.5.226(根据自己的网络进行配置)

三、准备工作

3.1、签发证书

希望通过https访问harbor,自签CA证书。

  • 创建Harbor项目目录和ssl存储目录。
[root@K8s-Harbor ~]# cd /usr/local/ 
[root@K8s-Harbor local]# mkdir Harbor
[root@K8s-Harbor local]# cd Harbor/
[root@K8s-Harbor Harbor]# pwd
/usr/local/Harbor											# 创建Harbor项目目录
[root@K8s-Harbor Harbor]# mkdir ssl
[root@K8s-Harbor Harbor]# cd ssl
[root@K8s-Harbor ssl]# pwd
/usr/local/Harbor/ssl									# 创建ssl证书生成存储目录
  • 生成ca证书
# 生成3072位的ca私钥
[root@K8s-Harbor ssl]# openssl genrsa -out ca.key 3072							
Generating RSA private key, 3072 bit long modulus
.........................................................................................................................................++
....................................................................................................++
e is 65537 (0x10001)
[root@K8s-Harbor ssl]#
# 生成一个数字证书ca.pem, 3650表示证书的有效期是10年,可以按以下步骤填写。
[root@K8s-Harbor ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CH
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
  • 生成域名的证书
# 生成3072位的harbor.key的私钥文件
[root@K8s-Harbor ssl]# openssl genrsa -out  harbor.key 3072
Generating RSA private key, 3072 bit long modulus
......................................................++
............................................++
e is 65537 (0x10001)
# 生产一个数字证书harbor.csr,签发证书时需要的。按照以下填写即可
[root@K8s-Harbor ssl]# openssl req -new -key harbor.key -out harbor.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CH
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:harbor
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

注:这里在创建秘钥文件时配置了harbor这个域名,所以需要在需要从私有镜像仓库拉取镜像的docker机器,都要配置/etc/hosts文件,配置192.168.5.226和harbor的解析。不然docker机器在登录私有镜像仓库时会报解析错误。

[root@K8s-Harbor Harbor]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.5.226 harbor				# 自己的ip地址和自己配置的证书域名
[root@K8s-Harbor Harbor]#
  • 签发证书
[root@K8s-Harbor ssl]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
Signature ok
subject=/C=CH/ST=GD/L=SZ/O=Default Company Ltd/CN=harbor
Getting CA Private Key
  • 查看证书
[root@K8s-Harbor ssl]# ls
ca.key  ca.pem  ca.srl  harbor.csr  harbor.key  harbor.pem
[root@K8s-Harbor ssl]# 
[root@K8s-Harbor ssl]# 
[root@K8s-Harbor ssl]# 

3.2、关闭防火墙

# 关闭firewalld防火墙
[root@K8s-Harbor ssl]# systemctl disable firewalld --now
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@K8s-Harbor ssl]#
# 关闭iptables防火墙,并清空防火墙规则
# 关闭iptables防火墙
[root@K8s-Harbor ssl]# systemctl disable iptables.service --now
Failed to execute operation: No such file or directory
# 清空防火墙规则
[root@K8s-Harbor ssl]# iptables -F
# 查看防火墙策略
[root@K8s-Harbor ssl]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
[root@K8s-Harbor ssl]# 

3.3、关闭selinux

# 临时关闭selinux,重启系统后失效
[root@K8s-Harbor ssl]# setenforce 0		
# 永久关闭,修改配置文件/etc/selinux/config
[root@K8s-Harbor ssl]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 
# 查看是否修改成功
[root@K8s-Harbor ssl]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 


[root@K8s-Harbor ssl]#

3.4、配置时间同步

  • 方法一:安装ntp,ntpdate,配合计划任务crontab
# 安装ntp和ntpdate服务
[root@K8s-Harbor ssl]# yum -y install ntp ntpdate
# 同步网络时间
[root@K8s-Harbor ssl]# ntpdate cn.pool.ntp.org
# 配置计划任务,每小时同步一次时间
[root@K8s-Harbor ssl]# crontab -e 
* */1 * * * /usr/sbin/ntpdate   cn.pool.ntp.org
  • 方法二:安装chrony时间同步服务。(推荐使用)
# 安装chrony服务
[root@K8s-Harbor ssl]# yum -y install chrony
# 修改配置文件,将ntp时间同步服务器改为阿里云的ntp服务器ntp.aliyun.com
[root@K8s-Harbor ssl]# [root@K8s-Harbor ssl]# 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst        # 注释三行
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburserver
server ntp.aliyun.com iburst								# 配置阿里云ntp服务器
# 重启chronyd服务
[root@K8s-Harbor ssl]#systemctl restart chronyd.service
# 配置chronyd服务开机启动
[root@K8s-Harbor ssl]#systemctl enable chronyd.service
# 查看当前时间是否和网络时间同步
[root@K8s-Harbor ssl]# date
Tue Feb  6 16:31:39 CST 2024
[root@K8s-Harbor ssl]# 

四、安装Docker

安装Harbor需要安装docker。

4.1、安装基础软件包

[root@K8s-Harbor harbor]# yum install -y  wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel  python-devel epel-release openssh-server socat  ipvsadm conntrack

4.2、配置docker-ce国内yum源(阿里云)

# 配置docker-ce国内yum源,
[root@K8s-Harbor harbor]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
-bash: yum-config-manager: command not found          # 此报错为未装yum-utils
# 查询是否安装yum-utils软件,没有结果表示未安装
[root@K8s-Harbor harbor]# rpm -qa |grep yum-utils
# 安装yum-utils
[root@K8s-Harbor harbor]# yum -y install yum-utils
# 再次配置yum源
[root@K8s-Harbor harbor]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
# 验证是否配置好yum源,查看/etc/yum.repos.d/docker-ce.repo,有内容表示安装完成。
[root@K8s-Harbor harbor]# cat /etc/yum.repos.d/docker-ce.repo 
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[root@K8s-Harbor harbor]#

4.3、安装docker-ce

# 安装docker-ce
[root@K8s-Harbor harbor]# yum -y install docker-ce
# 启动docker,并设置开机启动
[root@K8s-Harbor harbor]# systemctl enable docker --now
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
# 查看docker状态
[root@K8s-Harbor harbor]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2024-02-06 17:15:12 CST; 8s ago

4.4、开启包转发功能和修改内核参数

内核参数修改:br_netfilter模块用于将桥接流量转发至iptables链,br_netfilter内核参数需要开启转发。

# 加载br_netfilter,防止net.bridge.bridge-nf-call-ip6tables,net.bridge.bridge-nf-call-iptables修改报错。
[root@K8s-Harbor harbor]# modprobe br_netfilter
# 创建/etc/sysctl.d/docker.confpeizhi配置文件,并传入文件内容。
[root@K8s-Harbor harbor]# cat > /etc/sysctl.d/docker.conf <<EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> net.ipv4.ip_forward = 1
> EOF
# 查看文件内容
[root@K8s-Harbor harbor]# cat /etc/sysctl.d/docker.conf 
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
# 使配置文件生效
[root@K8s-Harbor harbor]# sysctl -p /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
[root@K8s-Harbor harbor]#systemctl restart docker

注:net.ipv4.ip_forward = 1,将Linux系统作为路由或者VPN服务就必须要开启IP转发功能。当linux主机有多个网卡时一个网卡收到的信息是否能够传递给其他的网卡 如果设置成1 的话 可以进行数据包转发,可以实现VxLAN 等功能。不开启会导致docker部署应用无法访问。

4.5、配置docker镜像加速器

配置国内镜像加速器,可以提升镜像下载速度。

# 切换到/etc/docker路径
[root@K8s-Harbor harbor]# cd /etc/docker/
# 创建/etc/docker/daemon.json并传入文件内容,不要直接复制,https://******.mirror.aliyuncs.comwei为个人阿里云账号的镜像加速地址,可在网上查找如何获取镜像加速地址。
[root@K8s-Harbor docker]# sudo tee /etc/docker/daemon.json <<-'EOF'
> {
>   "registry-mirrors": ["https://******.mirror.aliyuncs.com"]
> }
> EOF
# 查看文件是否创建并写入正确内容
[root@K8s-Harbor docker]# cat daemon.json 
{
  "registry-mirrors": ["https://******.mirror.aliyuncs.com"]
}
[root@K8s-Harbor docker]#
# 重启docker
[root@K8s-Harbor docker]# sudo systemctl daemon-reload
[root@K8s-Harbor docker]# sudo systemctl restart docker

五、安装harbor

5.1、安装harbor

这里以v2.9.1为例安装harbor。

注:harbor默认的账号密码:admin/Harbor12345

下载地址:https://github.com/goharbor/harbor/releases/download/v2.9.1/harbor-offline-installer-v2.9.1.tgz

下载后上传到服务器上。我这里上传路径是:/usr/local/Harbor/install/,这个路径需要自己创建,也可以自己定义路径。

# 在harbor项目目录下创建install目录
[root@K8s-Harbor Harbor]# mkdir install
[root@K8s-Harbor Harbor]# cd install/
[root@K8s-Harbor install]# ls
harbor-offline-installer-v2.9.1.tgz					# harbor的安装包已经上传到服务器install目录下。
[root@K8s-Harbor install]# 
# 解压安装包
[root@K8s-Harbor install]# tar -xzf harbor-offline-installer-v2.9.1.tgz 
[root@K8s-Harbor install]# ls
harbor  harbor-offline-installer-v2.9.1.tgz
[root@K8s-Harbor install]# cd harbor/
[root@K8s-Harbor harbor]# ls
common.sh  harbor.v2.9.1.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare
# 拷贝模板配置文件生成配置文件
[root@K8s-Harbor harbor]# cp harbor.yml.tmpl harbor.yml
# 修改配置文件
# 修改hostname,跟上面签发的证书域名保持一致
# 协议用https,配置证书路径,上面自签证书的存放路径
[root@K8s-Harbor harbor]# vim harbor.yml
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /usr/local/Harbor/ssl/harbor.pem
  private_key: /usr/local/Harbor/ssl/harbor.key
  ...
  ...

# 安装Harbor
[root@K8s-Harbor harbor]# cd /usr/local/Harbor/install/harbor/
[root@K8s-Harbor harbor]# ./install.sh 
[Step 0]: checking if docker is installed ...
Note: docker version: 25.0.2
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.24.5
...
...
[Step 5]: starting Harbor ...
[+] Running 9/10
 ⠦ Network harbor_harbor        Created                                                                                                  2.6s 
 ✔ Container harbor-log         Started                                                                                                  0.9s 
 ✔ Container registry           Started                                                                                                  1.5s 
 ✔ Container harbor-portal      Started                                                                                                  1.7s 
 ✔ Container harbor-db          Started                                                                                                  1.5s 
 ✔ Container registryctl        Started                                                                                                  1.6s 
 ✔ Container redis              Started                                                                                                  1.4s 
 ✔ Container harbor-core        Started                                                                                                  1.9s 
 ✔ Container harbor-jobservice  Started                                                                                                  2.3s 
 ✔ Container nginx              Started                                                                                                  2.4s 
✔ ----Harbor has been installed and started successfully.----	   # 表示安装成功

5.2、安装docker-compose

docker-compose项目是Docker官方的开源项目,负责实现对Docker容器集群的快速编排。Docker-Compose的工程配置文件默认为docker-compose.yml,Docker-Compose运行目录下的必要有一个docker-compose.yml。docker-compose可以管理多个docker实例。

上传docker-compose-Linux-x86_64文件到harbor机器,然后移动到/usr/local/bin/下重命名为docker-compose,并赋予执行权限。这个文件在github中下载。

[root@K8s-Harbor install]# ls				# 上传的docker-compose文件
docker-compose-Linux-x86_64.64  harbor  harbor-offline-installer-v2.9.1.tgz
# 移动到/usr/local/bin/下重命名为docker-compose
[root@K8s-Harbor install]# mv docker-compose-Linux-x86_64.64 /usr/local/bin/docker-compose
# 并赋予执行权限
[root@K8s-Harbor install]# chmod u+x /usr/local/bin/docker-compose
[root@K8s-Harbor install]# 

5.3、管理harbor

# 切换到harbor的解压目录
[root@K8s-Harbor harbor]# cd /usr/local/Harbor/install/harbor
# 关闭harbor
[root@K8s-Harbor harbor]# docker-compose stop
# 启动harbor
[root@K8s-Harbor harbor]# docker-compose start
[root@K8s-Harbor harbor]#

5.4、验证harbor完成安装

在浏览器输入harbor的访问地址(自己harbor的服务器ip地址):

https://192.168.5.226

默认用户名密码:admin/Harbor12345

Docker私有镜像仓库harbor_docker

登录后的界面

Docker私有镜像仓库harbor_私有镜像仓库_02

六、测试使用harbor

6.1、创建一个新的项目

点击新建项目

Docker私有镜像仓库harbor_私有镜像仓库_03

项目名称:测试;勾选公开,

Docker私有镜像仓库harbor_docker_04

创建好新项目

Docker私有镜像仓库harbor_私有镜像仓库_05

6.2、修改docker配置

# 修改配置文件/etc/docker/daemon.json,增加一行"insecure-registries": ["your ip address","域名{可选}"],新增一行,上一行的末尾需要加一个逗号
[root@K8s-Harbor harbor]# cat /etc/docker/daemon.json 
{
  "registry-mirrors": ["https://*******.mirror.aliyuncs.com"],		# 这一行末尾加一个逗号
  "insecure-registries": ["192.168.5.226","harbor"]					# 加这一行,这里面的ip地址是harbor的ip地址,harbor是域名,如果配置了hosts文件,做了解析的话可以配置,否则只需添加ip地址就行。
}
# 修改了配置文件,需要重启docker
[root@K8s-Harbor harbor]#systemctl restart docker 
[root@K8s-Harbor harbor]# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2024-02-06 18:27:18 CST; 2s ago
   ...
   ...

配置新增加了一行内容如下:"insecure-registries":[“192.168.5.226","harbor"], 上面增加的内容表示我们内网访问harbor的时候走的是http,192.168.5.226是安装harbor机器的ip,harbor是域名,/etc/hosts文件中做了解析的话可以添加上,也可以不加。

6.3、通过命令行登录私有镜像仓库

通过命令行登录私有镜像仓库,验证私有仓库是否正常访问。

[root@K8s-Harbor harbor]# docker login 192.168.5.226
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@K8s-Harbor harbor]#

错误处理:

Docker私有镜像仓库harbor_centos_06

出现以上错误是因为,没有在/etc/hosts中添加192.168.5.226 和 harbor解析,因为之前创建证书时,用的域名是harbor。

6.4、验证私有仓库的上传/下载功能

6.4.1、上传

上传一个tomcat的镜像到服务器中,也可以在未设置私有镜像前(修改docker配置文件前),先pull一个tomcat镜像下来。我这里直接上传一个镜像大包文件,然后导入镜像。就不详述了。如下图已导入tomcat镜像。

Docker私有镜像仓库harbor_linux_07

# 给tomcat:latest镜像打个标签
[root@K8s-Harbor Harbor]# docker tag tomcat:latest 192.168.5.226/test/tomcat:v1
[root@K8s-Harbor Harbor]# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE
goharbor/harbor-exporter        v2.9.1    37bfd4fa26bc   3 months ago   105MB
goharbor/redis-photon           v2.9.1    67827413c0fd   3 months ago   209MB
goharbor/trivy-adapter-photon   v2.9.1    a02695b8f8ea   3 months ago   469MB
goharbor/harbor-registryctl     v2.9.1    a076218bb631   3 months ago   148MB
goharbor/registry-photon        v2.9.1    2f01ea8b1853   3 months ago   82.7MB
goharbor/nginx-photon           v2.9.1    5200203dd7ef   3 months ago   153MB
goharbor/harbor-log             v2.9.1    ac1cdcc94a5f   3 months ago   162MB
goharbor/harbor-jobservice      v2.9.1    d9ff6fc98cc8   3 months ago   139MB
goharbor/harbor-core            v2.9.1    0a3a7953409c   3 months ago   166MB
goharbor/harbor-portal          v2.9.1    345284db8ca1   3 months ago   161MB
goharbor/harbor-db              v2.9.1    69606d285be1   3 months ago   358MB
goharbor/prepare                v2.9.1    adb2d804c458   3 months ago   253MB
192.168.5.226/test/tomcat       v1        921ef208ab56   2 years ago    668MB
tomcat                          latest    921ef208ab56   2 years ago    668MB
# 推送镜像到私有仓库
[root@K8s-Harbor Harbor]# docker push 192.168.5.226/test/tomcat:v1
The push refers to repository [192.168.5.226/test/tomcat]
a9502f3f1738: Pushed 
26cdef4ed0c4: Pushed 
e48093759a19: Pushed 
c47f8e016290: Pushed 
c0848348e2f7: Pushed 
79c550eb7bd2: Pushed 
7095af798ace: Pushed 
fe6a4fdbedc0: Pushed 
e4d0e810d54a: Pushed 
4e006334a6fd: Pushed 
v1: digest: sha256:a3e9f6c942098d3b32c7810d3ec00079719198c9af41c3a32f6fc5d66124155f size: 2421
[root@K8s-Harbor Harbor]#

查看私有仓库是否有上传的镜像。

Docker私有镜像仓库harbor_docker_08

6.4.2、下载

先删除本地的192.168.5.226/test/tomcat:v1镜像,然后从私有仓库中把这个镜像下载下来。

Docker私有镜像仓库harbor_linux_09

从私有镜像仓库下载镜像

[root@K8s-Harbor Harbor]# docker pull 192.168.5.226/test/tomcat:v1
v1: Pulling from test/tomcat
Digest: sha256:a3e9f6c942098d3b32c7810d3ec00079719198c9af41c3a32f6fc5d66124155f
Status: Downloaded newer image for 192.168.5.226/test/tomcat:v1
192.168.5.226/test/tomcat:v1
[root@K8s-Harbor Harbor]# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE
goharbor/harbor-exporter        v2.9.1    37bfd4fa26bc   3 months ago   105MB
goharbor/redis-photon           v2.9.1    67827413c0fd   3 months ago   209MB
goharbor/trivy-adapter-photon   v2.9.1    a02695b8f8ea   3 months ago   469MB
goharbor/harbor-registryctl     v2.9.1    a076218bb631   3 months ago   148MB
goharbor/registry-photon        v2.9.1    2f01ea8b1853   3 months ago   82.7MB
goharbor/nginx-photon           v2.9.1    5200203dd7ef   3 months ago   153MB
goharbor/harbor-log             v2.9.1    ac1cdcc94a5f   3 months ago   162MB
goharbor/harbor-jobservice      v2.9.1    d9ff6fc98cc8   3 months ago   139MB
goharbor/harbor-core            v2.9.1    0a3a7953409c   3 months ago   166MB
goharbor/harbor-portal          v2.9.1    345284db8ca1   3 months ago   161MB
goharbor/harbor-db              v2.9.1    69606d285be1   3 months ago   358MB
goharbor/prepare                v2.9.1    adb2d804c458   3 months ago   253MB
192.168.5.226/test/tomcat       v1        921ef208ab56   2 years ago    668MB
tomcat                          latest    921ef208ab56   2 years ago    668MB

Docker私有镜像仓库harbor_Harbor_10

Harbor私有镜像仓库搭建并测试完成。