国外开源镜像开源镜像仓库

转载

mob64ca140a59b0 2024-05-08 11:27:03

文章标签 国外开源镜像 docker Docker 2d 文章分类 云原生云计算

Harbor是构建企业级私有docker镜像的仓库的开源解决方案，它是Docker Registry的更高级封装，它除了提供友好的Web UI界面，角色和用户权限管理，用户操作审计等功能外，它还整合了K8s的插件(Add-ons)仓库，即Helm通过chart方式下载，管理，安装K8s插件，而chartmuseum可以提供存储chart数据的仓库【注:helm就相当于k8s的yum】。另外它还整合了两个开源的安全组件，一个是Notary，另一个是Clair，Notary类似于私有CA中心，而Clair则是容器安全扫描工具，它通过各大厂商提供的CVE漏洞库来获取最新漏洞信息，并扫描用户上传的容器是否存在已知的漏洞信息，这两个安全功能对于企业级私有仓库来说是非常具有意义的。

# 如果没有安装docker，运行本行代码
安装并启动docker
[root@localhost ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
设置稳定存储库
[root@localhost ~]# yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
安装Docker CE
[root@localhost ~]# yum install -y docker-ce docker-ce-cli containerd.io
安装Docker-compose
[root@localhost ~]# curl -L https:///docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
对二进制文件赋可执行权限
[root@localhost ~]# chmod +x /usr/local/bin/docker-compose
测试docker-compose是否安装成功
[root@localhost ~]# docker-compose --version
docker-compose version 1.13.0, build 1719ceb

下载Harbod安装包【如果github下载慢，安装包网盘有】
[root@localhost ~]# mkdir -p /harbor
[root@localhost ~]# cd /harbor/
[root@localhost harbor]# yum -y install wget
[root@localhost harbor]# wget https:///vmware/harbor/releases/download/v1.1.2/harbor-online-installer-v1.1.2.tgz
[root@localhost harbor]# ls
harbor-online-installer-v1.1.2.tgz
[root@localhost harbor]# tar -zxf harbor-online-installer-v1.1.2.tgz 


配置Harbor
[root@localhost harbor]# ls
harbor  harbor-online-installer-v1.1.2.tgz
[root@localhost harbor]# cd harbor
[root@localhost harbor]# ls
common  docker-compose.notary.yml  docker-compose.yml  harbor_1_1_0_template  harbor.cfg    LICENSE  NOTICE  prepare  upgrade
[root@localhost harbor]# vim harbor.cfg
# hostname设置访问地址，可以使用ip、域名，不可以设置为127.0.0.1或localhost
hostname = 192.168.66.13

# 访问协议，默认是http，也可以设置https，如果设置https，则nginx ssl需要设置on
ui_url_protocol = http

# mysql数据库root用户默认密码root123，实际使用时修改下
db_password = 123456

max_job_workers = 3 

customize_crt = on

ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.key

secretkey_path = /data

admiral_url = NA
# 邮件设置，发送重置密码邮件时使用
email_identity = 

email_server = 
email_server_port = 25
email_username = sample_admin@mydomain.com
email_password = abc
email_from = admin <sample_admin@mydomain.com>
email_ssl = false

# 启动Harbor后，管理员UI登录的密码，默认是Harbor12345
harbor_admin_password = 123456

# 认证方式，这里支持多种认证方式，如LADP、本次存储、数据库认证。默认是db_auth，mysql数据库认证
auth_mode = db_auth

# LDAP认证时配置项
ldap_url = ldaps://
#ldap_searchdn = uid=searchuser,ou=people,dc=mydomain,dc=com
#ldap_search_pwd = password
ldap_basedn = ou=people,dc=mydomain,dc=com
#ldap_filter = (objectClass=person)
ldap_uid = uid
ldap_scope = 3
ldap_timeout = 5

# 是否开启自注册
self_registration = on

# token有效时间，默认30分钟
token_expiration = 30

# 用户创建项目权限控制，默认是everyone（所有人），也可以设置为adminonly（只能管理员）
project_creation_restriction = everyone

verify_remote_cert = on


启动Harbor
[root@localhost harbor]# ./ 

Harbor依赖的镜像及启动服务如下
[root@localhost harbor]# docker-compose ps
       Name                     Command               State                                Ports                               
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver   /harbor/harbor_adminserver       Up                                                                       
harbor-db            docker- mysqld      Up      306/tcp                                                         
harbor-jobservice    /harbor/harbor_jobservice        Up                                                                       
harbor-log           /bin/sh -c crond && rm -f  ...   Up      127.0.0.1:1514->514/tcp                                          
harbor-ui            /harbor/harbor_ui                Up                                                                       
nginx                nginx -g daemon off;             Up      0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp 
registry             / serve /etc/ ...   Up      5000/tcp    


启动完成后，访问刚设置的hostname即可，默认是80端口，如果端口占用，可以去修改docker-compose.yml文件中，对应服务的端口映射

登录Harbor仓库

http://192.168.66.13/harbor/sign-in

国外开源镜像开源镜像仓库_国外开源镜像

国外开源镜像开源镜像仓库_Docker_02

新建项目slowlove

使用docker login登录
[root@localhost harbor]# docker login 192.168.66.13
Username: admin
Password: 
Error response from daemon: Get https://192.168.66.3/v2/: dial tcp 192.168.66.3:443: connect: connection refused

出现问题，查找docker.service
[root@localhost ~]# find / -name docker.service -type f
/usr/lib/systemd/system/docker.service

修改配置文件,添加“ --insecure-registry 192.168.66.13 ”
[root@localhost harbor]# vim /usr/lib/systemd/system/docker.service
ExecStart=/usr/bin/dockerd --insecure-registry 192.168.66.13 -H fd:// --containerd=/run/containerd/containerd.sock

重启docker服务
[root@localhost harbor]# systemctl daemon-reload
[root@localhost harbor]# systemctl restart docker
[root@localhost harbor]# systemctl status docker

重启harbor仓库
[root@localhost harbor]# ./ 

下载一个镜像
[root@localhost harbor]# docker pull busybox

查看镜像
[root@localhost harbor]# docker images
REPOSITORY                  TAG                 IMAGE ID            CREATED             SIZE
busybox                     latest              018c9d7b792b        4 weeks ago         1.22MB

修改镜像名字
[root@docker harbor]# docker tag busybox 192.168.66.13/slowlove/busybox:v0.1

查看镜像
[root@docker harbor]# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
192.168.66.13/slowlove/busybox                       v0.1                f0b02e9d092d        4 weeks ago         1.23MB
busybox                                              latest              f0b02e9d092d        4 weeks ago         1.23MB

登录harbor仓库
[root@docker harbor]# docker login 192.168.66.13
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

上传镜像
[root@docker harbor]# docker push 192.168.66.13/slowlove/busybox:v0.1
The push refers to repository [192.168.66.13/slowlove/busybox]
d2421964bad1: Pushed 
v0.1: digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc size: 527

删除镜像
[root@docker harbor]# docker rmi 192.168.66.13/slowlove/busybox:v0.1
Untagged: 192.168.66.13/slowlove/busybox:v0.1
Untagged: 192.168.66.13/slowlove/busybox@sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc

查看镜像
[root@docker harbor]# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
busybox                                              latest              f0b02e9d092d        4 weeks ago         1.23MB

下载harbor的镜像
[root@docker harbor]# docker pull 192.168.66.13/slowlove/busybox:v0.1
v0.1: Pulling from slowlove/busybox
Digest: sha256:c9249fdf56138f0d929e2080ae98ee9cb2946f71498fc1484288e6a935b5e5bc
Status: Downloaded newer image for 192.168.66.13/slowlove/busybox:v0.1
192.168.66.13/slowlove/busybox:v0.1

查看镜像
[root@docker harbor]# docker images
REPOSITORY                    TAG                 IMAGE ID            CREATED             SIZE
192.168.66.13/slowlove/busybox                       v0.1                f0b02e9d092d        4 weeks ago         1.23MB
busybox                                              latest              f0b02e9d092d        4 weeks ago         1.23MB

查看页面

国外开源镜像开源镜像仓库_docker_03