Flexusx 实例与 Harbor 私有镜像仓库的完美结合

前言

华为云 828 企业上云节，Flexus X 实例携手 Harbor 私有镜像仓库，共创云上安全高效新生态！Flexus X 以其卓越性能与稳定性，为 Harbor 提供了理想的运行环境。Harbor 作为领先的私有镜像仓库，与 Flexus X 完美结合，助力企业轻松管理 Docker 镜像，确保应用部署的安全与高效。828 特惠期间，选择 Flexus X + Harbor，不仅享受华为云的强大技术支持，还能在云上构建更加安全、可控的应用环境。企业上云，就选 Flexus X + Harbor，让数字化转型之路更加稳健！

链接直达：华为云Flexus云服务器X实例

Harbor 介绍

Harbor 是一个开源的企业级 Registry 服务器，用于管理和存储 Docker 镜像和 OCI 容器镜像。作为一个高可用、安全可靠的容器镜像仓库，Harbor 提供了丰富的功能和管理工具，以帮助组织有效地构建和管理容器镜像。

Harbor 架构及特点

多租户支持：Harbor 支持多租户环境，允许不同的用户或组织拥有私有的镜像仓库。

容器化部署：Harbor 以容器化的形式提供，这意味着它可以在任何支持 Docker 的平台上运行。

Flexus X 实例上搭建 Harbor 的好处

高性能与灵活性：Flexus X 实例作为华为云推出的下一代柔性算力云服务器，具有卓越的性能表现。通过 X-Turbo 加速技术和瑶光云脑智能调度，Flexus X 实例能够显著提升 Harbor 的运行效率，确保镜像仓库的稳定性和高效性。

快速部署：Flexus X 实例支持快速部署和一键操作，用户可以在短时间内完成 Harbor 的搭建和配置工作，提高业务上线的速度。

良好兼容性：Flexus X 实例支持多种操作系统和镜像类型，包括 Huawei Cloud EulerOS 2.0 等公共镜像，能够满足 Harbor 在不同操作系统环境下的运行需求。

系统设置

关闭防火墙和 selinux

[root@flexusx-251f ~]# systemctl stop  firewalld.service[root@flexusx-251f ~]# systemctl disable firewalld.service[root@flexusx-251f ~]# setenforce 0

环境规划

Harbor 安装

需要了解：

• 采用 docker 方式进行部署 Harbor 企业级私有镜像仓库搭建

• 详细购买配置实例可参考文章： 快速部署华为云Flexus X实例，开启您的云端之旅

• 部署 docker 服务请参考文章：华为FlexusX与Docker+Nginx的高效整合之路

下载安装包并解压

Harbor 安装包下载地址，下载之后可通过远程工具进行传包

[root@flexusx-251f ~]# mkdir harbor[root@flexusx-251f ~]# cd harbor/[root@flexusx-251f harbor]# lsharbor-offline-installer-v2.7.0.tgz[root@flexusx-251f harbor]# tar -zxvf harbor-offline-installer-v2.7.1.tgzharbor/harbor.v2.7.1.tar.gzharbor/prepareharbor/LICENSEharbor/install.shharbor/common.shharbor/harbor.yml.tmpl

配置 Harbor

修改 harbor.yml

[root@flexusx-251f harbor]# lsharbor  harbor-offline-installer-v2.7.1.tgz[root@flexusx-251f harbor]# cd harbor/[root@flexusx-251f harbor]# lscommon.sh  harbor.v2.7.1.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare[root@flexusx-251f harbor]# cp harbor.yml.tmpl harbor.yml[root@flexusx-251f harbor]# vim harbor.yml#修改主机名为本机 ip 地址 # Configuration file of Harbor# The IP address or hostname to access admin UI and registry service.# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.hostname: 123.249.27.118#修改端口号为 4000，可以自定义 # http related confighttp:  # port for http, default is 80. If https enabled, this port will redirect to https port  port: 4000#注释 https# https related config#https:#  # https port for harbor, default is 443#  port: 443#  # The path of cert and key files for nginx#  certificate: /your/certificate/path#  private_key: /your/private/key/path

修改 docker.service

[root@flexusx-251f harbor]# vim /lib/systemd/system/docker.service# #在 ExecStart 参数后面添加--insecure-registry=123.249.27.117:4000ExecStart=/usr/bin/dockerd -H fd:// --cnotallow=/run/containerd/containerd.sock --insecure-registry=123.249.27.117:4000#重新启动 docker 服务[root@flexusx-251f harbor]# systemctl daemon-reload[root@flexusx-251f harbor]# systemctl restart docker.service

导入离线镜像

[root@flexusx-251f harbor]# lsharbor  harbor-2.7.1.tar  harbor-offline-installer-v2.7.1.tgz[root@flexusx-251f harbor]# docker load -i harbor-2.7.1.tar[root@flexusx-251f harbor]# docker imagesREPOSITORY                                                          TAG       IMAGE ID       CREATED         SIZEgoharbor/harbor-exporter                                            v2.7.1    d40eb452ec72   18 months ago   96.5MBgoharbor/chartmuseum-photon                                         v2.7.1    e6ab349a4f12   18 months ago   227MBgoharbor/redis-photon                                               v2.7.1    229dd1844a26   18 months ago   127MBgoharbor/trivy-adapter-photon                                       v2.7.1    729fab8418df   18 months ago   442MBgoharbor/notary-server-photon                                       v2.7.1    12adb40b7a3b   18 months ago   113MBgoharbor/notary-signer-photon                                       v2.7.1    f114329e0165   18 months ago   110MBgoharbor/harbor-registryctl                                         v2.7.1    9b2219d529c8   18 months ago   140MBgoharbor/registry-photon                                            v2.7.1    9d50b10d3700   18 months ago   78.1MBgoharbor/nginx-photon                                               v2.7.1    e98018335c0d   18 months ago   126MBgoharbor/harbor-log                                                 v2.7.1    eeb93d98a358   18 months ago   133MBgoharbor/harbor-jobservice                                          v2.7.1    829d13e6aae7   18 months ago   252MBgoharbor/harbor-core                                                v2.7.1    49d6c8a15d6c   18 months ago   215MBgoharbor/harbor-portal                                              v2.7.1    fe05b1b0bcfd   18 months ago   135MBgoharbor/harbor-db                                                  v2.7.1    b3f8d9d6c213   18 months ago   174MBgoharbor/prepare                                                    v2.7.1    d9e019294af2   18 months ago   164MB

运行脚本 prepare 准备镜像

[root@flexusx-251f harbor]# ./prepareprepare base dir is set to /root/harbor/harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsGenerated configuration file: /config/portal/nginx.confGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/registryctl/config.ymlGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlGenerated and saved secret to file: /data/secret/keys/secretkeySuccessfully called func: create_root_certGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dir

检查脚本命令

我们系统中 docker compose 的命令为 docker-compose，和脚本中相同

如果不同需要修改 common.sh 和 install.sh 中的 docker-compose

#检查 common.sh[root@flexusx-251f harbor]# vim common.sh 119         elif [[ $(docker-compose --version) =~ (([0-9]+)\.([    0-9]+)([\.0-9]*)) ]]#检查 install.sh[root@flexusx-251f harbor]# vim install.sh  26 DOCKER_COMPOSE=docker-compose

安装 Harbor

[root@flexusx-251f harbor]# ./install.sh#部分日志流记录[Step 0]: checking if docker is installed ...Note: docker version: 27.1.1[Step 1]: checking docker-compose is installed ...Note: Docker Compose version v2.29.1[Step 2]: loading Harbor images ........................ it will be ignored, please remove it to avoid potential confusion[+] Running 10/10 ✔ Network harbor_harbor        Created                                           0.0s ✔ Container harbor-log         Started                                           0.3s ✔ Container harbor-portal      Started                                           0.4s ✔ Container harbor-db          Started                                           0.4s ✔ Container registryctl        Started                                           0.5s ✔ Container redis              Started                                           0.5s ✔ Container registry           Started                                           0.4s ✔ Container harbor-core        Started                                           0.6s ✔ Container nginx              Started                                           0.7s ✔ Container harbor-jobservice  Started                                           0.7s✔ ----Harbor has been installed and started successfully.----

登录 Harbor

在控制台配置安全组规则，放行 4000 端口

默认管理员账号 admin，密码为 harbor.yml 文件中的自定义密码

登录访问：http://主机地址：4000

测试

创建项目

访问级别设置为公开，可以进行匿名拉取，存储容量默认-1 表示大小没有限制

推送镜像

进入项目后，在右上角推送命令中可查看操作语句，注意推送镜像之前需要身份认证

#标记镜像[root@flexusx-251f harbor]# docker tag mysql:latest 123.249.27.118:4000/mycloud/mysql:latest[root@flexusx-251f harbor]# docker images | grep mysqlmysql                                                               5.7       87eca374c0ed   3 years ago     447MB123.249.27.118:4000/mycloud/mysql                                   latest    8457e9155715   3 years ago     546MBmysql                                                               latest    8457e9155715   3 years ago     546MB#登录仓库（身份验证）[root@flexusx-251f harbor]# docker login 123.249.27.118:4000Username: adminPassword:Error response from daemon: Get "https://123.249.27.118:4000/v2/": http: server gave HTTP response to HTTPS client

报错处理，修改客户端/etc/docker/daemon.json，增加 insecure-registries 内容

[root@flexusx-251f harbor]# vim /etc/docker/daemon.json[root@flexusx-251f harbor]# cat /etc/docker/daemon.json{    "registry-mirrors": [ "https://2a6bf1988cb6428c877f723ec7530dbc.mirror.swr.myhuaweicloud.com" ],    "insecure-registries": [ "123.249.27.118:4000" ]}[root@flexusx-251f harbor]# systemctl daemon-reload[root@flexusx-251f harbor]# systemctl restart docker.service[root@flexusx-251f harbor]# docker login 123.249.27.118:4000Username: adminPassword: WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded#推送镜像（可在 web 页面进行查看）[root@flexusx-251f harbor]# docker push  123.249.27.118:4000/mycloud/mysql:latest#拉取镜像 docker pull  123.249.27.118:4000/mycloud/mysql:latest

搭建完成，此刻你就拥有了属于自己的私有镜像仓库

体验和感受

Harbor，作为开源的 Docker 镜像仓库管理项目，以其丰富的功能、灵活的扩展性和高度的安全性，成为了企业构建私有镜像仓库的首选。与 Flexus X 实例的强强联合，不仅实现了镜像的快速上传、下载与共享，还通过严格的权限管理和加密传输机制，确保了镜像数据的安全无虞。

在 828 华为云企业上云节之际，和我一起体验 Flexus X 实例与 Harbor 私有镜像仓库的完美结合。这一组合，将为您的云端部署带来前所未有的便捷与安全。无论是快速构建应用环境，还是实现应用的持续集成与持续部署，Flexus X 实例与 Harbor 私有镜像仓库都能助您一臂之力。

选择 Flexus X 实例与 Harbor 私有镜像仓库的组合，就是选择了云端部署的新高度。点击下方链接，立即开始搭建属于你的企业级私有镜像仓库吧！

产品链接：华为云Flexus云服务器X实例直播建站服务器-华为云