2022年3月22日 星期二

利用Docker安裝Harbor私有倉庫


Harbor私有倉庫是VMware所開發的開源專案,與docker官方所提供的registry私有倉庫不同的是,Harbor能夠對不同的帳號成員做權限控管、支援多個Registry間的replication,甚至還提供了較有親和力的WEBGUI介面供私人倉庫的瀏覽管理。 





安裝與測試


先決條件:作業系統需事前安裝好docker與docker-compose 本例作業系統為CentOS7.6、docker版本為19.03.1、docker-compose版本為1.21.2
1. 前往 https://github.com/goharbor/harbor/releases 下載所需版本的tgz安裝壓縮檔 (可選offline或online版本),本例選擇online版本線上安裝

2. 於docker本機找一工作目錄解壓縮該安裝壓縮檔 (本例為/root/docker_home)

3. 於/root/docker_home/harbor/ 中修改harbor.yml
hostname: Your IP or DOMAIN name
http:
    port:8080 # 請依照需求自行設定
#https:
#certificate: /your/certificate/path
#private_key: /your/private/key/path

harbor_admin_password: Harbor12345 # 請依照需求自行設定
data_volume: /root/docker_home/harbor/data # 請依照需求自行設定掛載路徑以避免污染主機
4. 執行 ./install.sh,完成後會生成docker-compose.yml和一些其他檔案目錄
...
Pulling proxy (goharbor/nginx-photon:v1.10.10)...
v1.10.10: Pulling from goharbor/nginx-photon
c8313cc33c74: Already exists
f659c91d0ed6: Pull complete
Digest: sha256:0a8a04270e04c53be587bbabc00a7a3a734732033970c7724b006d38b0213b83
Status: Downloaded newer image for goharbor/nginx-photon:v1.10.10
Creating harbor-log ... done
Creating harbor-db     ... done
Creating registry      ... done
Creating registryctl   ... done
Creating harbor-portal ... done
Creating redis         ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
✔ ----Harbor has been installed and started successfully.----
5. 因應Docker自從1.3.X之後docker registry交互默認使用的是HTTPS,故修改私有倉庫地址參數
# nano /etc/docker/daemon.json

{
   "registry-mirrors": ["https://mirror.gcr.io"],
   "insecure-registries": ["yourIP_or_yourDOMAIN:8088"]
}
6. 重啟docker服務
# systemctl reload docker && systemctl restart docker
7. 瀏覽器開啟並登入私有倉庫地址 http://yourIP_or_yourDOMAIN:8088

8. 創建一個Project(+NEW PROJECT)

9. 回到console端登入Harbor私有倉庫
# docker login http://yourIP_or_yourDOMAIN:8088
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
如果登入倉庫時出現 Error response from daemon: login attempt to http://x.x.x.x:8088/v2/ failed with status: 502 Bad Gateway,執行以下步驟重新起用Harbor,並重複步驟8、9
# cd /root/docker_home/harbor
# docker-compose down
# systemctl restart docker
# docker-compose up -d
10. 從dockerHUB拉取一個測試用的映像檔
# docker pull alpine:3.15.0
11. 將拉取下來的映像檔案tag成私有倉庫的形狀
# docker tag alpine:3.15.0 yourIP_or_yourDOMAIN:8088/test/alpine:3.15.0
12. 確認本地端的映像檔狀況
# docker image ls
alpine                           3.15.0     c059bfaa849c   3 months ago   5.59MB
192.168.88.69:8088/test/alpine   3.15.0     c059bfaa849c   3 months ago   5.59MB
13. 將映像檔推送至Harbor私人倉庫
# docker push yourIP_or_yourDOMAIN:8088/test/alpine:3.15.0
The push refers to repository yourIP_or_yourDOMAIN:8088/test/alpine]
8d3ac3489996: Pushed 
3.15.0: digest: sha256:e7d88de73db3d3fd9b2d63aa7f447a10fd0220b7cbf39803c803f2af9ba256b3 size: 528
14. 從網頁管理UI確認到映像檔已進入Harbor私人倉庫囉





測試上遇到的問題


目前遇到的問題是如果從內網以外的ip(比如vpn)來存取WEBGUI會有無法連線的狀況,workaround是透過內網中的nginx upstream反向代理來服務internet或內網以外的client



Latest
Next Post

0 comments: