zoukankan      html  css  js  c++  java

  • 企业级 Harbor 镜像仓库

    Harbor是由VMWare公司开源的容器镜像仓库。事实上,Harbor是在Docker Registry上进行了相应
    的企业级扩展,从而获得了更加广泛的应用,这些新的企业级特性包括:管理用户界面,基于角色的
    访问控制 ,AD/LDAP集成以及审计日志等,足以满足基本企业需求。
     
    harbor-adminserver 配置管理中心
    harbor-db Mysql数据库
    harbor-jobservice 负责镜像复制
    harbor-log 记录操作日志
    harbor-ui Web管理页面和API
    nginx 前端代理,负责前端页面和镜像上传/下载转发
    redis 会话
    registry 镜像存储
     
    1、安装docker与docker-compose
    下载地址
    1、安装docker与docker-compose
 curl -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

2、解压离线包部署
#tar zxvf harbor-offline-installer-v1.9.1.tgz
# cd harbor
# vi harbor.yml
hostname: 192.168.31.70
# ./prepare
# ./install.sh

    输入IP即可访问,默认端口80,配置文件里有登录用户密码

    [root@k8s-node1 harbor]# cat harbor.yml |grep harbor_admin_password
    harbor_admin_password: Harbor12345

     默认有个library项目,可以把一些公共镜像放在这个推送到这个项目,比如Nginx,等不涉及敏感信息的镜像

     

    镜像仓库里边有显示推送地址

     

    1、配置http镜像仓库可信任
    # vi /etc/docker/daemon.json
    {"insecure-registries":["reg.ctnrs.com"]}
    # systemctl restart docker
    2、打标签
    # docker tag nginx:v1 reg.ctnrs.com/library/nginx:v1
    3、上传
    # docker push reg.ctnrs.com/library/nginx:v1
    4、下载
    # docker pull reg.ctnrs.com/library/nginx:v1
     
    实际操作
    配置http镜像仓库可信任,默认是https连接
    # vi /etc/docker/daemon.json 
{"insecure-registries":["192.168.146.130"]}
# systemctl restart docker
重启docker,需要重新启动docker-compose, -d参数是没有启动的就启动
[root@k8s-node1 harbor]# docker-compose up -d

    这里注意的是查看配置是否生效,用docker info命令来查看验证,如果不生效就用键值对的形式

    [root@k8s-node1 harbor]# cat /etc/docker/daemon.json 
{"registry-mirrors": [
"http://f1361db2.m.daocloud.io"
],
"insecure-registries": [
"192.168.146.130"
]
}

    登录

    [root@k8s-node1 harbor]# docker login 192.168.146.130
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

     打标签

     docker tag nginx:v1  192.168.146.130/library/nginx:v1

    推送

    [root@k8s-node1 harbor]# docker push 192.168.146.130/library/nginx:v1
The push refers to repository [192.168.146.130/library/nginx]
9f0d0e779a50: Pushed 
540f5c445a65: Pushed 
9e607bb861a7: Pushed 
v1: digest: sha256:7034e58ee345192be1c0bf4233276980f2847f5a1fd2618a948a733a37817c31 size: 953

    推送tomcat镜像

    docker tag tomcat:v1  192.168.146.130/library/tomcat:v1
docker push 192.168.146.130/library/tomcat:v1

    再另一台 机上,安装docker、添加可信任地址,然后下载镜像

    [root@k8s-node1 harbor]# scp /etc/yum.repos.d/docker-ce.repo root@192.168.146.131:/etc/yum.repos.d/

[root@k8s-node2 ~]# yum -y install docker-ce

[root@k8s-node2 ~]# cat /etc/docker/daemon.json 
{"registry-mirrors": [
"http://f1361db2.m.daocloud.io"
],
"insecure-registries": [
"192.168.146.130"
]
}

[root@k8s-node2 ~]# systemctl start docker

[root@k8s-node2 ~]# docker pull 192.168.146.130/library/nginx:v1
v1: Pulling from library/nginx
729ec3a6ada3: Pull complete 
4e0be3a87c9b: Pull complete 
95cf5f0db933: Pull complete 
Digest: sha256:7034e58ee345192be1c0bf4233276980f2847f5a1fd2618a948a733a37817c31
Status: Downloaded newer image for 192.168.146.130/library/nginx:v1
192.168.146.130/library/nginx:v1
[root@k8s-node2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
192.168.146.130/library/nginx v1 4ab138f8031a 29 hours ago 346MB
  • 相关阅读:
    学习博客
    file-max与ulimit的关系与差别
    buffer cache chain 图
    计算机体系结构 ---图2
    计算机体系结构-图
    工作于内存和文件之间的页缓存, Page Cache, the Affair Between Memory and Files
    Linux Kernel: buffers和cached的区别
    lnux内核的malloc实现(Oracle的cache buffer影子)
    内存管理概述、内存分配与释放、地址映射机制(mm_struct, vm_area_struct)、malloc/free 的实现
    Linux 内核的文件 Cache 管理机制介绍-ibm
  • 原文地址:https://www.cnblogs.com/w787815/p/11974013.html
Copyright © 2011-2022 走看看