一:harbor简介
Harbor 是由 vmware 公司开源的企业级 Docker Registry 项目。 它提供了以下主要功能和特点:- 基于角色的访问控制(RBAC):可以为不同的用户和用户组分配不同的权限,增强了安全性和管理的灵活性。
- 镜像复制:支持在不同的 Harbor 实例之间复制镜像,方便在多个数据中心或环境中分发镜像。
- 图形化用户界面(UI):提供了直观的 Web 界面,便于管理镜像仓库、项目、用户等。
- 审计日志:记录了对镜像仓库的各种操作,有助于追踪和审查活动。
- 垃圾回收:可以清理不再使用的镜像,节省存储空间。
1.1:部署harbor
首先把harbor的gz文件丢进来
然后运行一下:tar zxf harbor-offline-installer-v2.5.4.tgz
cd harbor/ cp harbor.yml.tmpl harbor.yml vim harbor.yml hostname: www.chl.org certificate: /data/certs/chl.org.crt private_key: /data/certs/chl.org.key harbor_admin_password: redhat
./install.sh
1. 2:管理仓库
1.21:登录
注意!!!!记得window做本地解析,不然浏览器无法访问
1.22:建立仓库项目
首先为Registry提加密传输:
# 生成认证 key 和证书 [root@docker ~] # openssl req -newkey rsa:4096 \ -nodes -sha256 -keyout certs/chl.org.key \ -addext "subjectAltName = DNS:www.chl.org" \ # 指定备用名称 -x509 -days 365 -out certs/chl.org.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.' , the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shaanxi Locality Name (eg, city) [Default City]:Xi 'an Organization Name (eg, company) [Default Company Ltd]:timinglee Organizational Unit Name (eg, section) []:docker Common Name (eg, your name or your server 's hostname) []:www.chl.org Email Address []:[email protected]
然后启动registry仓库
[root@docker ~]# docker run -d -p 443:443 --restart=always --name registry \ > --name registry -v /opt/registry:/var/lib/registry \ > -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ > -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/chl.org.crt \ > -e REGISTRY_HTTP_TLS_KEY=/certs/chl.org.key registry
测试:
[root@docker docker] # docker push www.chl.org/busybox:latest #docker 客 户端没有 key 和证书 Error response from daemon: Get "https://www.chl.org/v2/" : tls: failed to verify certificate: x509: certificate signed by unknown authority
报这个错误就是因为没有给客户端做证书
[root@docker docker]# mkdir /etc/docker/certs.d/www.chl.org/ -p [root@docker docker]# cp /root/certs/chl.org.crt /etc/docker/certs.d/chl.timinglee.org/ca.crt [root@docker docker]# systemctl restart docker
此时就可以了!!!!
1.23:上传镜像到harbor网站里面去
首先登录到网站
[root@docker harbor]# docker login www.chl.org Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credential-stores Login Succeeded
然后把需要的所有镜像安装,我采用直接下载gz文件
然后把所有的gz文件全部安装
把所有的gz文件一次性安装
[root@docker-harbor ~]# for i in `ls *.gz`
> do
> docker load -i $i
> done
然后把存在的所有镜像进行打包并且全部push到网站去的命令
#把存在的所有镜像进行打包
[root@docker-harbor ~]# docker images | awk 'NR>1{system("docker tag "$1":"$2"www.chl.org/library/"$1":"$2)}'
###把打包好的镜像全部push到网站去
[root@docker-harbor ~]# docker images | awk '/www.chl.org/{system("docker push "$1":"$2)}'
此时在网站查看镜像是否上传完毕
ok!!!!!私有仓库搭建完毕!!!!!!!!!!!
标签:美少女,harbor,chl,无敌,企业级,镜像,org,docker,root From: https://blog.csdn.net/qq_26553949/article/details/141759352