服务器基本需求:
- CPU 8个
- 内存 16GB
- 硬盘 700GB
- python 版本2.7以上docker版本1.10以
1、安装docker-compose
curl -L https://github.com/docker/compose/releases/download/1.9.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose
2、下载Harbor
#创建下载目录 mnkdir /data/ #下载离线安装包 wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.10.0.tgz #解压安装包 tar xvf harbor-offline-installer-v1.10.0.tgz # 进入Harbor目录 cd harbor [root@localhost harbor]# ll 总用量 629904 -rw-r--r-- 1 root root 3398 12月 6 2019 common.sh -rw-r--r-- 1 root root 644985680 12月 6 2019 harbor.v1.10.0.tar.gz -rw-r--r-- 1 root root 5882 12月 6 2019 harbor.yml #harbor配置文件 -rwxr-xr-x 1 root root 2284 12月 6 2019 install.sh #安装脚本 -rw-r--r-- 1 root root 11347 12月 6 2019 LICENSE -rwxr-xr-x 1 root root 1749 12月 6 2019 prepare
3、修改配置文件
vim harbor.yml # Configuration file of Harbor # The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. #配置harbor域名连接地址 hostname: harbor.mall.perfectdiary.com # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 # https related config https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx #配置从阿里云的nginx https证书 certificate: /data/cert/xxx.pem private_key: /data/cert/xxx.key # Uncomment external_url if you want to enable external proxy # And when it enabled the hostname will no longer used # external_url: https://reg.mydomain.com:8433 # The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor. #密码 harbor_admin_password: Harbor12345 # Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use. password: root123 # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. max_idle_conns: 50 # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. # Note: the default number of connections is 100 for postgres. max_open_conns: 100 # The default data volume #harbor存储路径 data_volume: /data/harbor_data # Harbor Storage settings by default is using /data dir on local filesystem # Uncomment storage_service setting If you want to using external storage # storage_service: # # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore # # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate. # ca_bundle: # # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss # # for more info about this configuration please refer https://docs.docker.com/registry/configuration/ # filesystem: # maxthreads: 100 # # set disable to true when you want to disable registry redirect # redirect: # disabled: false # Clair configuration clair: # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. updaters_interval: 12 jobservice: # Maximum number of job workers in job service max_job_workers: 10 notification: # Maximum retry count for webhook job webhook_job_max_retry: 10 chart: # Change the value of absolute_url to enabled can enable absolute url in chart absolute_url: disabled # Log configurations log: # options are debug, info, warning, error, fatal level: info # configs for logs in local storage local: # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. rotate_count: 50 # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G # are all valid. rotate_size: 200M # The directory on your host that store log location: /var/log/harbor # Uncomment following lines to enable external syslog endpoint. # external_endpoint: # # protocol used to transmit log to external endpoint, options is tcp or udp # protocol: tcp # # The host of external endpoint # host: localhost # # Port of external endpoint # port: 5140 #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! _version: 1.10.0 # Uncomment external_database if using external database. # external_database: # harbor: # host: harbor_db_host # port: harbor_db_port # db_name: harbor_db_name # username: harbor_db_username # password: harbor_db_password # ssl_mode: disable # max_idle_conns: 2 # max_open_conns: 0 # clair: # host: clair_db_host # port: clair_db_port # db_name: clair_db_name # username: clair_db_username # password: clair_db_password # ssl_mode: disable # notary_signer: # host: notary_signer_db_host # port: notary_signer_db_port # db_name: notary_signer_db_name # username: notary_signer_db_username # password: notary_signer_db_password # ssl_mode: disable # notary_server: # host: notary_server_db_host # port: notary_server_db_port # db_name: notary_server_db_name # username: notary_server_db_username # password: notary_server_db_password # ssl_mode: disable # Uncomment external_redis if using external Redis server # external_redis: # host: redis # port: 6379 # password: # # db_index 0 is for core, it's unchangeable # registry_db_index: 1 # jobservice_db_index: 2 # chartmuseum_db_index: 3 # clair_db_index: 4 # Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert. # uaa: # ca_file: /path/to/ca # Global proxy # Config http proxy for components, e.g. http://my.proxy.com:3128 # Components doesn't need to connect to each others via http proxy. # Remove component from `components` array if want disable proxy # for it. If you want use proxy for replication, MUST enable proxy # for core and jobservice, and set `http_proxy` and `https_proxy`. # Add domain to the `no_proxy` field, when you want disable proxy # for some special registry. proxy: http_proxy: https_proxy: # no_proxy endpoints will appended to 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server no_proxy: components: - core - jobservice - clair
4、安装
./install.sh
5、测试访问
3、创建需要的镜像仓库的项目
4、登陆镜像仓库
[root@s1 ~]# docker login https://xxx.com/ Username: xxx Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded #显示Succeeded表示登陆成功
5、Harbor推送拉去镜像
# 拉取一个测试镜像 docker pull daocloud.io/daocloud/phpmyadmin [root@localhost harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE daocloud.io/daocloud/phpmyadmin latest 626319eaebed 5 days ago 421MB # 标记本地镜像, 将其归入某一仓库(xxx.com) docker tag daocloud.io/daocloud/phpmyadmin:latest xxx.com/test/phpmyadmin:v1 [root@localhost harbor]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE daocloud.io/daocloud/phpmyadmin latest 626319eaebed 5 days ago 421MB xxx.com/test/phpmyadmin v1 626319eaebed 5 days ago 421MB # 将本地镜像推送到镜像仓库(需先登录镜像仓库) docker push xxx.com/test/phpmyadmin:v1
拉取
# 删除原来镜像 docker rmi daocloud.io/daocloud/phpmyadmin docker rmi xxx.com/test/phpmyadmin:v1 # 拉取 docker pull xxx.com/test/phpmyadmin:v1
相关链接: