一、Harbor介绍
Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的。Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能。
官网地址:https://github.com/goharbor/harbor
二、实验环境
服务器配置和操作系统如下:
序号 | 名称 | 详情 |
1 | 硬件配置 | 2vCPU + 4G + 20G硬盘 |
2 | 操作系统 | CentOS7.9 |
3 | IP地址 | 192.168.5.226(根据自己的网络进行配置) |
三、准备工作
3.1、签发证书
希望通过https访问harbor,自签CA证书。
- 创建Harbor项目目录和ssl存储目录。
[root@K8s-Harbor ~]# cd /usr/local/
[root@K8s-Harbor local]# mkdir Harbor
[root@K8s-Harbor local]# cd Harbor/
[root@K8s-Harbor Harbor]# pwd
/usr/local/Harbor # 创建Harbor项目目录
[root@K8s-Harbor Harbor]# mkdir ssl
[root@K8s-Harbor Harbor]# cd ssl
[root@K8s-Harbor ssl]# pwd
/usr/local/Harbor/ssl # 创建ssl证书生成存储目录
- 生成ca证书
# 生成3072位的ca私钥
[root@K8s-Harbor ssl]# openssl genrsa -out ca.key 3072
Generating RSA private key, 3072 bit long modulus
.........................................................................................................................................++
....................................................................................................++
e is 65537 (0x10001)
[root@K8s-Harbor ssl]#
# 生成一个数字证书ca.pem, 3650表示证书的有效期是10年,可以按以下步骤填写。
[root@K8s-Harbor ssl]# openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CH
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
- 生成域名的证书
# 生成3072位的harbor.key的私钥文件
[root@K8s-Harbor ssl]# openssl genrsa -out harbor.key 3072
Generating RSA private key, 3072 bit long modulus
......................................................++
............................................++
e is 65537 (0x10001)
# 生产一个数字证书harbor.csr,签发证书时需要的。按照以下填写即可
[root@K8s-Harbor ssl]# openssl req -new -key harbor.key -out harbor.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CH
State or Province Name (full name) []:GD
Locality Name (eg, city) [Default City]:SZ
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:harbor
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:注:这里在创建秘钥文件时配置了harbor这个域名,所以需要在需要从私有镜像仓库拉取镜像的docker机器,都要配置/etc/hosts文件,配置192.168.5.226和harbor的解析。不然docker机器在登录私有镜像仓库时会报解析错误。
[root@K8s-Harbor Harbor]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.5.226 harbor # 自己的ip地址和自己配置的证书域名
[root@K8s-Harbor Harbor]#- 签发证书
[root@K8s-Harbor ssl]# openssl x509 -req -in harbor.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out harbor.pem -days 3650
Signature ok
subject=/C=CH/ST=GD/L=SZ/O=Default Company Ltd/CN=harbor
Getting CA Private Key- 查看证书
[root@K8s-Harbor ssl]# ls
ca.key ca.pem ca.srl harbor.csr harbor.key harbor.pem
[root@K8s-Harbor ssl]#
[root@K8s-Harbor ssl]#
[root@K8s-Harbor ssl]# 3.2、关闭防火墙
# 关闭firewalld防火墙
[root@K8s-Harbor ssl]# systemctl disable firewalld --now
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@K8s-Harbor ssl]#
# 关闭iptables防火墙,并清空防火墙规则
# 关闭iptables防火墙
[root@K8s-Harbor ssl]# systemctl disable iptables.service --now
Failed to execute operation: No such file or directory
# 清空防火墙规则
[root@K8s-Harbor ssl]# iptables -F
# 查看防火墙策略
[root@K8s-Harbor ssl]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@K8s-Harbor ssl]# 3.3、关闭selinux
# 临时关闭selinux,重启系统后失效
[root@K8s-Harbor ssl]# setenforce 0
# 永久关闭,修改配置文件/etc/selinux/config
[root@K8s-Harbor ssl]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
# 查看是否修改成功
[root@K8s-Harbor ssl]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@K8s-Harbor ssl]#3.4、配置时间同步
- 方法一:安装ntp,ntpdate,配合计划任务crontab
# 安装ntp和ntpdate服务
[root@K8s-Harbor ssl]# yum -y install ntp ntpdate
# 同步网络时间
[root@K8s-Harbor ssl]# ntpdate cn.pool.ntp.org
# 配置计划任务,每小时同步一次时间
[root@K8s-Harbor ssl]# crontab -e
* */1 * * * /usr/sbin/ntpdate cn.pool.ntp.org- 方法二:安装chrony时间同步服务。(推荐使用)
# 安装chrony服务
[root@K8s-Harbor ssl]# yum -y install chrony
# 修改配置文件,将ntp时间同步服务器改为阿里云的ntp服务器ntp.aliyun.com
[root@K8s-Harbor ssl]# [root@K8s-Harbor ssl]#
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst # 注释三行
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburserver
server ntp.aliyun.com iburst # 配置阿里云ntp服务器
# 重启chronyd服务
[root@K8s-Harbor ssl]#systemctl restart chronyd.service
# 配置chronyd服务开机启动
[root@K8s-Harbor ssl]#systemctl enable chronyd.service
# 查看当前时间是否和网络时间同步
[root@K8s-Harbor ssl]# date
Tue Feb 6 16:31:39 CST 2024
[root@K8s-Harbor ssl]# 四、安装Docker
安装Harbor需要安装docker。
4.1、安装基础软件包
[root@K8s-Harbor harbor]# yum install -y wget net-tools nfs-utils lrzsz gcc gcc-c++ make cmake libxml2-devel openssl-devel curl curl-devel unzip sudo ntp libaio-devel wget vim ncurses-devel autoconf automake zlib-devel python-devel epel-release openssh-server socat ipvsadm conntrack4.2、配置docker-ce国内yum源(阿里云)
# 配置docker-ce国内yum源,
[root@K8s-Harbor harbor]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
-bash: yum-config-manager: command not found # 此报错为未装yum-utils
# 查询是否安装yum-utils软件,没有结果表示未安装
[root@K8s-Harbor harbor]# rpm -qa |grep yum-utils
# 安装yum-utils
[root@K8s-Harbor harbor]# yum -y install yum-utils
# 再次配置yum源
[root@K8s-Harbor harbor]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
Loaded plugins: fastestmirror
adding repo from: http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
grabbing file http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
repo saved to /etc/yum.repos.d/docker-ce.repo
# 验证是否配置好yum源,查看/etc/yum.repos.d/docker-ce.repo,有内容表示安装完成。
[root@K8s-Harbor harbor]# cat /etc/yum.repos.d/docker-ce.repo
[docker-ce-stable]
name=Docker CE Stable - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test]
name=Docker CE Test - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly]
name=Docker CE Nightly - $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo $basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/debug-$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/$releasever/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
[root@K8s-Harbor harbor]#4.3、安装docker-ce
# 安装docker-ce
[root@K8s-Harbor harbor]# yum -y install docker-ce
# 启动docker,并设置开机启动
[root@K8s-Harbor harbor]# systemctl enable docker --now
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
# 查看docker状态
[root@K8s-Harbor harbor]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-02-06 17:15:12 CST; 8s ago4.4、开启包转发功能和修改内核参数
内核参数修改:br_netfilter模块用于将桥接流量转发至iptables链,br_netfilter内核参数需要开启转发。
# 加载br_netfilter,防止net.bridge.bridge-nf-call-ip6tables,net.bridge.bridge-nf-call-iptables修改报错。
[root@K8s-Harbor harbor]# modprobe br_netfilter
# 创建/etc/sysctl.d/docker.confpeizhi配置文件,并传入文件内容。
[root@K8s-Harbor harbor]# cat > /etc/sysctl.d/docker.conf <<EOF
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> net.ipv4.ip_forward = 1
> EOF
# 查看文件内容
[root@K8s-Harbor harbor]# cat /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
# 使配置文件生效
[root@K8s-Harbor harbor]# sysctl -p /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
[root@K8s-Harbor harbor]#systemctl restart docker注:net.ipv4.ip_forward = 1,将Linux系统作为路由或者VPN服务就必须要开启IP转发功能。当linux主机有多个网卡时一个网卡收到的信息是否能够传递给其他的网卡 如果设置成1 的话 可以进行数据包转发,可以实现VxLAN 等功能。不开启会导致docker部署应用无法访问。
4.5、配置docker镜像加速器
配置国内镜像加速器,可以提升镜像下载速度。
# 切换到/etc/docker路径
[root@K8s-Harbor harbor]# cd /etc/docker/
# 创建/etc/docker/daemon.json并传入文件内容,不要直接复制,https://******.mirror.aliyuncs.comwei为个人阿里云账号的镜像加速地址,可在网上查找如何获取镜像加速地址。
[root@K8s-Harbor docker]# sudo tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://******.mirror.aliyuncs.com"]
> }
> EOF
# 查看文件是否创建并写入正确内容
[root@K8s-Harbor docker]# cat daemon.json
{
"registry-mirrors": ["https://******.mirror.aliyuncs.com"]
}
[root@K8s-Harbor docker]#
# 重启docker
[root@K8s-Harbor docker]# sudo systemctl daemon-reload
[root@K8s-Harbor docker]# sudo systemctl restart docker
五、安装harbor
5.1、安装harbor
这里以v2.9.1为例安装harbor。
注:harbor默认的账号密码:admin/Harbor12345
下载地址:https://github.com/goharbor/harbor/releases/download/v2.9.1/harbor-offline-installer-v2.9.1.tgz
下载后上传到服务器上。我这里上传路径是:/usr/local/Harbor/install/,这个路径需要自己创建,也可以自己定义路径。
# 在harbor项目目录下创建install目录
[root@K8s-Harbor Harbor]# mkdir install
[root@K8s-Harbor Harbor]# cd install/
[root@K8s-Harbor install]# ls
harbor-offline-installer-v2.9.1.tgz # harbor的安装包已经上传到服务器install目录下。
[root@K8s-Harbor install]#
# 解压安装包
[root@K8s-Harbor install]# tar -xzf harbor-offline-installer-v2.9.1.tgz
[root@K8s-Harbor install]# ls
harbor harbor-offline-installer-v2.9.1.tgz
[root@K8s-Harbor install]# cd harbor/
[root@K8s-Harbor harbor]# ls
common.sh harbor.v2.9.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
# 拷贝模板配置文件生成配置文件
[root@K8s-Harbor harbor]# cp harbor.yml.tmpl harbor.yml
# 修改配置文件
# 修改hostname,跟上面签发的证书域名保持一致
# 协议用https,配置证书路径,上面自签证书的存放路径
[root@K8s-Harbor harbor]# vim harbor.yml
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /usr/local/Harbor/ssl/harbor.pem
private_key: /usr/local/Harbor/ssl/harbor.key
...
...
# 安装Harbor
[root@K8s-Harbor harbor]# cd /usr/local/Harbor/install/harbor/
[root@K8s-Harbor harbor]# ./install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 25.0.2
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.24.5
...
...
[Step 5]: starting Harbor ...
[+] Running 9/10
⠦ Network harbor_harbor Created 2.6s
✔ Container harbor-log Started 0.9s
✔ Container registry Started 1.5s
✔ Container harbor-portal Started 1.7s
✔ Container harbor-db Started 1.5s
✔ Container registryctl Started 1.6s
✔ Container redis Started 1.4s
✔ Container harbor-core Started 1.9s
✔ Container harbor-jobservice Started 2.3s
✔ Container nginx Started 2.4s
✔ ----Harbor has been installed and started successfully.---- # 表示安装成功5.2、安装docker-compose
docker-compose项目是Docker官方的开源项目,负责实现对Docker容器集群的快速编排。Docker-Compose的工程配置文件默认为docker-compose.yml,Docker-Compose运行目录下的必要有一个docker-compose.yml。docker-compose可以管理多个docker实例。
上传docker-compose-Linux-x86_64文件到harbor机器,然后移动到/usr/local/bin/下重命名为docker-compose,并赋予执行权限。这个文件在github中下载。
[root@K8s-Harbor install]# ls # 上传的docker-compose文件
docker-compose-Linux-x86_64.64 harbor harbor-offline-installer-v2.9.1.tgz
# 移动到/usr/local/bin/下重命名为docker-compose
[root@K8s-Harbor install]# mv docker-compose-Linux-x86_64.64 /usr/local/bin/docker-compose
# 并赋予执行权限
[root@K8s-Harbor install]# chmod u+x /usr/local/bin/docker-compose
[root@K8s-Harbor install]# 5.3、管理harbor
# 切换到harbor的解压目录
[root@K8s-Harbor harbor]# cd /usr/local/Harbor/install/harbor
# 关闭harbor
[root@K8s-Harbor harbor]# docker-compose stop
# 启动harbor
[root@K8s-Harbor harbor]# docker-compose start
[root@K8s-Harbor harbor]#5.4、验证harbor完成安装
在浏览器输入harbor的访问地址(自己harbor的服务器ip地址):
默认用户名密码:admin/Harbor12345
登录后的界面
六、测试使用harbor
6.1、创建一个新的项目
点击新建项目
项目名称:测试;勾选公开,
创建好新项目
6.2、修改docker配置
# 修改配置文件/etc/docker/daemon.json,增加一行"insecure-registries": ["your ip address","域名{可选}"],新增一行,上一行的末尾需要加一个逗号
[root@K8s-Harbor harbor]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://*******.mirror.aliyuncs.com"], # 这一行末尾加一个逗号
"insecure-registries": ["192.168.5.226","harbor"] # 加这一行,这里面的ip地址是harbor的ip地址,harbor是域名,如果配置了hosts文件,做了解析的话可以配置,否则只需添加ip地址就行。
}
# 修改了配置文件,需要重启docker
[root@K8s-Harbor harbor]#systemctl restart docker
[root@K8s-Harbor harbor]# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-02-06 18:27:18 CST; 2s ago
...
...配置新增加了一行内容如下:"insecure-registries":[“192.168.5.226","harbor"], 上面增加的内容表示我们内网访问harbor的时候走的是http,192.168.5.226是安装harbor机器的ip,harbor是域名,/etc/hosts文件中做了解析的话可以添加上,也可以不加。
6.3、通过命令行登录私有镜像仓库
通过命令行登录私有镜像仓库,验证私有仓库是否正常访问。
[root@K8s-Harbor harbor]# docker login 192.168.5.226
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@K8s-Harbor harbor]#错误处理:
出现以上错误是因为,没有在/etc/hosts中添加192.168.5.226 和 harbor解析,因为之前创建证书时,用的域名是harbor。
6.4、验证私有仓库的上传/下载功能
6.4.1、上传
上传一个tomcat的镜像到服务器中,也可以在未设置私有镜像前(修改docker配置文件前),先pull一个tomcat镜像下来。我这里直接上传一个镜像大包文件,然后导入镜像。就不详述了。如下图已导入tomcat镜像。
# 给tomcat:latest镜像打个标签
[root@K8s-Harbor Harbor]# docker tag tomcat:latest 192.168.5.226/test/tomcat:v1
[root@K8s-Harbor Harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.9.1 37bfd4fa26bc 3 months ago 105MB
goharbor/redis-photon v2.9.1 67827413c0fd 3 months ago 209MB
goharbor/trivy-adapter-photon v2.9.1 a02695b8f8ea 3 months ago 469MB
goharbor/harbor-registryctl v2.9.1 a076218bb631 3 months ago 148MB
goharbor/registry-photon v2.9.1 2f01ea8b1853 3 months ago 82.7MB
goharbor/nginx-photon v2.9.1 5200203dd7ef 3 months ago 153MB
goharbor/harbor-log v2.9.1 ac1cdcc94a5f 3 months ago 162MB
goharbor/harbor-jobservice v2.9.1 d9ff6fc98cc8 3 months ago 139MB
goharbor/harbor-core v2.9.1 0a3a7953409c 3 months ago 166MB
goharbor/harbor-portal v2.9.1 345284db8ca1 3 months ago 161MB
goharbor/harbor-db v2.9.1 69606d285be1 3 months ago 358MB
goharbor/prepare v2.9.1 adb2d804c458 3 months ago 253MB
192.168.5.226/test/tomcat v1 921ef208ab56 2 years ago 668MB
tomcat latest 921ef208ab56 2 years ago 668MB
# 推送镜像到私有仓库
[root@K8s-Harbor Harbor]# docker push 192.168.5.226/test/tomcat:v1
The push refers to repository [192.168.5.226/test/tomcat]
a9502f3f1738: Pushed
26cdef4ed0c4: Pushed
e48093759a19: Pushed
c47f8e016290: Pushed
c0848348e2f7: Pushed
79c550eb7bd2: Pushed
7095af798ace: Pushed
fe6a4fdbedc0: Pushed
e4d0e810d54a: Pushed
4e006334a6fd: Pushed
v1: digest: sha256:a3e9f6c942098d3b32c7810d3ec00079719198c9af41c3a32f6fc5d66124155f size: 2421
[root@K8s-Harbor Harbor]#查看私有仓库是否有上传的镜像。
6.4.2、下载
先删除本地的192.168.5.226/test/tomcat:v1镜像,然后从私有仓库中把这个镜像下载下来。
从私有镜像仓库下载镜像
[root@K8s-Harbor Harbor]# docker pull 192.168.5.226/test/tomcat:v1
v1: Pulling from test/tomcat
Digest: sha256:a3e9f6c942098d3b32c7810d3ec00079719198c9af41c3a32f6fc5d66124155f
Status: Downloaded newer image for 192.168.5.226/test/tomcat:v1
192.168.5.226/test/tomcat:v1
[root@K8s-Harbor Harbor]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.9.1 37bfd4fa26bc 3 months ago 105MB
goharbor/redis-photon v2.9.1 67827413c0fd 3 months ago 209MB
goharbor/trivy-adapter-photon v2.9.1 a02695b8f8ea 3 months ago 469MB
goharbor/harbor-registryctl v2.9.1 a076218bb631 3 months ago 148MB
goharbor/registry-photon v2.9.1 2f01ea8b1853 3 months ago 82.7MB
goharbor/nginx-photon v2.9.1 5200203dd7ef 3 months ago 153MB
goharbor/harbor-log v2.9.1 ac1cdcc94a5f 3 months ago 162MB
goharbor/harbor-jobservice v2.9.1 d9ff6fc98cc8 3 months ago 139MB
goharbor/harbor-core v2.9.1 0a3a7953409c 3 months ago 166MB
goharbor/harbor-portal v2.9.1 345284db8ca1 3 months ago 161MB
goharbor/harbor-db v2.9.1 69606d285be1 3 months ago 358MB
goharbor/prepare v2.9.1 adb2d804c458 3 months ago 253MB
192.168.5.226/test/tomcat v1 921ef208ab56 2 years ago 668MB
tomcat latest 921ef208ab56 2 years ago 668MB
Harbor私有镜像仓库搭建并测试完成。