首页 > 其他分享 >Podman 安装 harbor

Podman 安装 harbor

时间:2024-12-31 17:53:09浏览次数:1  
标签:etc harbor Podman proxy env -- 安装 registry

看了官方文档,harbor无法直接支持Podman,于是尝试手工部署,理论上无容器环境也可以部署,只需要将其中的关系和相关配置文件梳理清楚。手工过程确实很繁琐,没那个耐心还是用官方推荐的方式进行吧。

初始化

安装podman

我部署的操作系统是用的Debian,差异的地方我认为就仅安装podman的方式不同

apt install podman

创建网络

# 创建一个容器网络
podman network create --subnet 10.8.0.0/16 harbor

# 若不想创建网络,可以使用默认podman网络,但需要将dns解析打开
# 默认网络当前版本没有开启dns解析,要不然容器之间没法通过主机名进行互访。
# 修改配置文件后需要将网络接口删除或重启主机才能生效。
sed '/dns_enabled/s/false/true/' -i /etc/containers/networks/podman.json

获取harbor资源

这里演示的是离线版本,如果服务器可以访问网络可跳过此步骤

# 下载官方发布的离线版本
wget https://github.com/goharbor/harbor/releases/download/v2.12.1-rc2/harbor-offline-installer-v2.12.1-rc2.tgz

# 解压文件
tar zxf harbor-offline-installer-v2.12.1-rc2.tgz

# 镜像导入到Podman
cd harbor
podman load -i harbor-offline-installer-v2.12.1.tgz

# 检查是否成功
podman images
#>
REPOSITORY                                                             TAG             IMAGE ID           CREATED        SIZE
localhost/goharbor/harbor-exporter            v2.12.1     41d5aefe8846  1 hours ago  133 MB
localhost/goharbor/redis-photon                  v2.12.1     457a2577be56  1 hours ago  190 MB
localhost/goharbor/trivy-adapter-photon  v2.12.1     a54102844638  1 hours ago  355 MB
localhost/goharbor/harbor-registryctl      v2.12.1     64d95156960d  1 hours ago  166 MB
localhost/goharbor/registry-photon            v2.12.1     cf003d3f3fd2  1 hours ago  92.1 MB
localhost/goharbor/nginx-photon                  v2.12.1     d217054fe55b  1 hours ago  178 MB
localhost/goharbor/harbor-log                      v2.12.1     c21feee6bf65  1 hours ago  188 MB
localhost/goharbor/harbor-jobservice       v2.12.1     9b04f819cefc  1 hours ago  179 MB
localhost/goharbor/harbor-core                   v2.12.1     cc5987a3d926  1 hours ago  201 MB
localhost/goharbor/harbor-portal               v2.12.1     8067171d0ca3  1 hours ago  187 MB
localhost/goharbor/harbor-db                       v2.12.1     43d273c7031f  1 hours ago  299 MB
localhost/goharbor/prepare                           v2.12.1     9251998ce48d  1 hours ago  223 MB

部署各个组件

个别组件相互依赖,需要按照顺序进行部署,否则组件无法启动

部署redis

redis用户缓存用户令牌和其他信息,不依赖其他组件,可以先行部署

启动redis

# 启动容器
podman run --name redis --restart=always --detach \
    --network=podman \
    --cap-add=chown \
    --cap-add=setuid \
    --cap-add=setgid \
    --cap-drop=all \
    --volume=redis:/var/lib/redis:z \
    goharbor/redis-photon:v2.12.1

部署postgresql

pg数据库存储harbor配置和用户等信息,不依赖其他组件,可以先进行部署

创建密码

# 创建secrt
printf 'root123' | podman secret create db-secret -

启动pg

# 启动容器
podman run --name postgresql --restart=always --detach \
    --network=podman \
    --cap-add=chown \
    --cap-add=setuid \
    --cap-add=setgid \
    --cap-add=dac_override \
    --cap-drop=all \
    --shm-size=1gb \
    --secret=db-secret,type=env,target=POSTGRES_PASSWORD \
    --volume=postgresql:/var/lib/postgresql/data:z \
    goharbor/harbor-db:v2.12.1

部署registry

registry主要存放docker镜像,需要依赖redis才能启动

创建配置文件

# 创建配置文件存放目录harbor
install -d -o root -g root /etc/harbor

# 创建空文件
touch /etc/harbor/registry.yml

将下面内容保存到/etc/harbor/registry.yml文件中

version: 0.1
log:
  level: info fields:
    service: registry
storage:
  cache:
    layerinfo: redis
  filesystem:
    # 数据存储目录
    rootdirectory: /storage
  maintenance:
    uploadpurging:
      enabled: true
      age: 168h
      interval: 24h
      dryrun: false
  delete:
    enabled: true
redis:
  # Redis服务器地址和端口,这里使用容器名
  addr: redis:6379
  readtimeout: 10s
  writetimeout: 10s
  dialtimeout: 10s
  password:
  db: 1
  pool:
    maxidle: 100
    maxactive: 500
    idletimeout: 60s
http:
  addr: :5000
  secret: placeholder
  debug:
    addr: localhost:5001
auth:
  htpasswd:
    realm: harbor-registry-basic-realm
    # 认证账号和密码,这里从 podman 的 secret获取
    path: /run/secrets/passwd
validation:
  disabled: true
compatibility:
  schema1:
    enabled: true

创建密码

这里创建用户名为harbor_registry_user密码为3wPdmfYhiKzodsFwSMaOiFinZKTtj7Iu的密文

# 创建secret
printf "harbor_registry_user:$2y$05$LX.g96mzhV5VMT7Zngx8oe9oItdURVN7wcFDj3xn2snqF4KKMNH5a" \
  | podman secret create registry-auth -

启动registry

# 启动容器
podman run --name=registry --restart=always --detach \
    --network=podman \
    --cap-add=chown \
    --cap-add=setuid \
    --cap-add=setgid \
    --cap-drop=all \
    --secret=registry-auth,target=/run/secrets/passwd \
    --volume=registry:/storage:z \
    --volume=/etc/harbor/registry.yml:/etc/registry/config.yml:ro \
    --volume=/etc/ssl/certs/ca-certificates.crt:/etc/registry/root.crt:ro \
    goharbor/registry-photon:v2.12.1

部署portal

创建配置文件

# 创建空文件
touch /etc/harbor/portal.conf
``

将下面内容保存到`/etc/harbor/portal.conf`文件中

```bash
worker_processes auto;
pid /tmp/nginx.pid;

events {
    worker_connections  1024;
}

http {

    client_body_temp_path /tmp/client_body_temp;
    proxy_temp_path /tmp/proxy_temp;
    fastcgi_temp_path /tmp/fastcgi_temp;
    uwsgi_temp_path /tmp/uwsgi_temp;
    scgi_temp_path /tmp/scgi_temp;

    server {
        listen 8080;
        server_name  localhost;
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        include /etc/nginx/mime.types;

        gzip on;
        gzip_min_length 1000;
        gzip_proxied expired no-cache no-store private auth;
        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        location /devcenter-api-2.0 {
            try_files $uri $uri/ /swagger-ui-index.html;
        }

        location / {
            try_files $uri $uri/ /index.html;
        }

        location = /index.html {
            add_header Cache-Control "no-store, no-cache, must-revalidate";
        }
    }
}

运行portal

portal主要为容器间访问提供统一入口

# 启动容器
podman run --name=portal --restart=always --detach \
    --network=podman \
    --cap-add=setuid \
    --cap-add=setgid \
    --cap-add=net_bind_service \
    --cap-drop=all \
    --volume=/etc/harbor/portal.conf:/etc/nginx/nginx.conf:ro \
    goharbor/harbor-portal:v2.12.1

部署registryctl

registryctl提供对仓库的管理功能,如删除和打标签等。

创建配置文件

# 创建空文件
touch /etc/harbor/registryctl.yml

将下面内容保存到/etc/harbor/registryctl.yml文件中

---
protocol: "http"
port: 8080
log_level: info
registry_config: "/etc/registry/registry.yml"

创建密码

# 创建secret
printf "3wPdmfYhiKzodsFwSMaOiFinZKTtj7Iu" | podman secret create registry-passwd -

启动registryctl

# 启动容器
podman run --name=registryctl --restart=always --detach \
    --network=podman \
    --cap-add=setuid \
    --cap-add=setgid \
    --cap-drop=all \
    --secret=harbor-secret,type=env,target=CORE_SECRET \
    --secret=jobservice-secret,type=env,target=JOBSERVICE_SECRET \
    --volume=registry:/storage:z \
    --volume=/etc/harbor/registry.yml:/etc/registry/config.yml:ro \
    --volume=/etc/harbor/registryctl.yml:/etc/registryctl/config.yml:ro \
    --volume=/etc/ssl/certs/ca-certificates.crt:/etc/registry/root.crt:ro \
    goharbor/harbor-registryctl:v2.12.1

部署harbor

harbor主要是管理和管理各个组件的枢纽。

创建配置文件

# 创建空文件
touch /etc/harbor/harbor.conf

将下面内容保存到/etc/harbor/harbor.conf文件中

appname = Harbor
runmode = prod
enablegzip = true

[prod]
httpport = 8080

创建密码

# 创建secrt
# harbor密码
printf 'NWnE5xqgDJrvQF7k' | podman secret create harbor-secret -

# jobservice密码
printf '7ZA7muK2d4xcD7nO' | podman secret create jobservice-secret -

启动harhar

# 启动容器
podman run --name=harbor --restart=always --detach \
    --network=podman \
    --cap-add=setuid \
    --cap-add=setgid \
    --cap-drop=all \
    --env="CONFIG_PATH=/etc/harbor/app.conf" \
    --env=UAA_CA_ROOT=/etc/harbor/certificates/root.crt \
    --env=_REDIS_URL_CORE=redis://redis:6379?idle_timeout_seconds=30 \
    --env=_REDIS_URL_REG=redis://redis:6379/1?idle_timeout_seconds=30 \
    --env=SYNC_QUOTA=true \
    --env=LOG_LEVEL=info \
    --env=EXT_ENDPOINT=https://harbor.home.lan \
    --env=DATABASE_TYPE=postgresql \
    --env=POSTGRESQL_HOST=postgresql \
    --env=POSTGRESQL_PORT=5432 \
    --env=POSTGRESQL_USERNAME=postgres \
    --env=POSTGRESQL_DATABASE=registry \
    --env=POSTGRESQL_SSLMODE=disable \
    --env=POSTGRESQL_MAX_IDLE_CONNS=100 \
    --env=POSTGRESQL_MAX_OPEN_CONNS=900 \
    --env=POSTGRESQL_CONN_MAX_LIFETIME=5m \
    --env=POSTGRESQL_CONN_MAX_IDLE_TIME=0 \
    --env=REGISTRY_URL=http://registry:5000 \
    --secret=jobservice-secret,type=env,target=JOBSERVICE_SECRET \
    --env=PORTAL_URL=http://portal:8080 \
    --env=TOKEN_SERVICE_URL=http://harbor:8080/service/token \
    --env=HARBOR_ADMIN_PASSWORD=Harbor12345 \
    --env=MAX_JOB_WORKERS=10 \
    --env=WITH_TRIVY=True \
    --env=CORE_URL=http://harbor:8080 \
    --env=CORE_LOCAL_URL=http://127.0.0.1:8080 \
    --env=JOBSERVICE_URL=http://jobservice:8080 \
    --env=TRIVY_ADAPTER_URL=http://trivy:8080 \
    --env=REGISTRY_STORAGE_PROVIDER_NAME=filesystem \
    --env=READ_ONLY=false \
    --env=RELOAD_KEY= \
    --env=REGISTRY_CONTROLLER_URL=http://registryctl:8080 \
    --env=REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user\
    --env=CSRF_KEY=uKpy1a5ueQksB6PCF0Y9jzhggIm5BqbA \
    --env=ROBOT_SCANNER_NAME_PREFIX=O1tyYzRA \
    --env=PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE="docker-hub,harbor,azure-acr,ali-acr,aws-ecr,google-gcr,quay,dock|jobservice/
er-registry,github-ghcr,jfrog-artifactory" \
    --env=HTTP_PROXY= \
    --env=HTTPS_PROXY= \
    --env=PORT=8080  \
    --env=QUOTA_UPDATE_PROVIDER=db \
    --secret=harbor-secret,type=env,target=CORE_SECRET \
    --secret=db-secret,type=env,target=POSTGRESQL_PASSWORD \
    --secret=jobservice-secret,type=env,target=JOBSERVICE_SECRET \
    --secret=registry-passwd,type=env,target=REGISTRY_CREDENTIAL_PASSWORD \
    --volume=harbor:/data:Z \
    --volume=/etc/harbor/harbor.conf:/etc/core/app.conf:ro \
    --volume=/etc/ssl/certs/ca-certificates.crt:/etc/core/certificates/root.crt:ro \
    --volume=/usr/share/zoneinfo/Asia/Shanghai:/etc/localtime:ro \
    goharbor/harbor-core:v2.12.1

若不需要TRIVY安全扫描需要将True改为False

  • --env=WITH_TRIVY=: True --> False

部署jobservice

jobservice 主要提供任务执行管理,如镜像同步任务、空间清理任务等支持。

创建配置文件

# 创建空文件
touch /etc/harbor/jobservice.yml

将下面内容保存到/etc/harbor/jobservice.yml文件中

---
#Protocol used to serve
protocol: "http"

#Server listening port
port: 8080

#Worker pool
worker_pool:
  #Worker concurrency
  workers: 10
  backend: "redis"
  #Additional config if use 'redis' backend
  redis_pool:
    #redis://[arbitrary_username:password@]ipaddress:port/database_index
    redis_url: redis://redis:6379/2?idle_timeout_seconds=30
    namespace: "harbor_job_service_namespace"
    idle_timeout_second: 3600
#Loggers for the running job
job_loggers:
  # The jobLoggers backend name, only support "STD_OUTPUT", "FILE" and/or "DB"
  - name: "STD_OUTPUT"
    level: "INFO" # INFO/DEBUG/WARNING/ERROR/FATAL
  - name: "FILE"
    level: "INFO"
    settings: # Customized settings of logger
      base_dir: "/var/log/jobs"
    sweeper:
      duration: 1 #days
      settings: # Customized settings of sweeper
        work_dir: "/var/log/jobs"

#Loggers for the job service
loggers:
  - name: "STD_OUTPUT" # Same with above
    level: "INFO"

reaper:
  # the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24,
  max_update_hours: 24
  # the max time for execution in running state without new task created
  max_dangling_hours: 168

# the max size of job log returned by API, default is 10M
max_retrieve_size_mb: 10

启动jobservice

# 启动容器
podman run --name=jobservice --restart=always --detach \
    --network=podman \
    --cap-add=setuid \
    --cap-add=setgid \
    --cap-add=chown \
    --cap-drop=all \
    --env=REGISTRY_URL=http://registry:5000 \
    --env=CORE_URL=http://harbor:8080 \
    --env=REGISTRY_CONTROLLER_URL=http://registryctl:8080 \
    --env=JOBSERVICE_WEBHOOK_JOB_MAX_RETRY=3 \
    --env=JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT=3 \
    --env=REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user \
    --secret=harbor-secret,type=env,target=CORE_SECRET \
    --secret=jobservice-secret,type=env,target=JOBSERVICE_SECRET \
    --secret=registry-passwd,type=env,target=REGISTRY_CREDENTIAL_PASSWORD \
    --volume=/etc/harbor/jobservice.yml:/etc/jobservice/config.yml \
    --volume=jobservice:/var/log/jobs:z \
    --volume=/etc/ssl/certs/ca-certificates.crt:/harbor_cust_cert/root.crt:ro \
    goharbor/harbor-jobservice:v2.12.1

部署nginx

nginx主要对外提供统一访问的反向代理。

创建配置文件

# 创建空文件
touch /etc/harbor/nginx.conf

# 为Nginx做自签名证书,如果自己有证书的直接替换文件既可
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/harbor/cert/server.key -out /etc/harbor/cert/server.crt

将下面内容保存到/etc/harbor/nginx.conf文件中

worker_processes auto;
pid /tmp/nginx.pid;

events {
  worker_connections 3096;
  use epoll;
  multi_accept on;
}

http {
  client_body_temp_path /tmp/client_body_temp;
  proxy_temp_path /tmp/proxy_temp;
  fastcgi_temp_path /tmp/fastcgi_temp;
  uwsgi_temp_path /tmp/uwsgi_temp;
  scgi_temp_path /tmp/scgi_temp;
  tcp_nodelay on;
  include /etc/nginx/conf.d/*.upstream.conf;

  # this is necessary for us to be able to disable request buffering in all cases
  proxy_http_version 1.1;

  upstream harbor {
    server harbor:8080;
  }

  upstream portal {
    server portal:8080;
  }

  log_format timed_combined '$remote_addr - '
    '"$request" $status $body_bytes_sent '
    '"$http_referer" "$http_user_agent" '
    '$request_time $upstream_response_time $pipe';

  access_log /dev/stdout timed_combined;

  map $http_x_forwarded_proto $x_forwarded_proto {
    default $http_x_forwarded_proto;
    ""      $scheme;
  }

  include /etc/nginx/conf.d/*.server.conf;

  server {
    listen 8443 ssl;
#    server_name harbordomain.com;
    server_tokens off;
    # SSL
    ssl_certificate /etc/cert/server.crt;
    ssl_certificate_key /etc/cert/server.key;

    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    # disable any limits to avoid HTTP 413 for large image uploads
    client_max_body_size 0;

    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
    chunked_transfer_encoding on;

    # Add extra headers
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header Content-Security-Policy "frame-ancestors 'none'";

    # customized location config file can place to /etc/nginx dir with prefix harbor.https. and suffix .conf
    include /etc/nginx/conf.d/harbor.https.*.conf;

    location / {
      proxy_pass http://portal/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $x_forwarded_proto;

      proxy_cookie_path / "/; HttpOnly; Secure";

      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /c/ {
      proxy_pass http://harbor/c/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $x_forwarded_proto;

      proxy_cookie_path / "/; Secure";

      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /api/ {
      proxy_pass http://harbor/api/;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $x_forwarded_proto;

      proxy_cookie_path / "/; Secure";

      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /v1/ {
      return 404;
    }
    location /v2/ {
      proxy_pass http://harbor/v2/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
      proxy_buffering off;
      proxy_request_buffering off;
      proxy_send_timeout 900;
      proxy_read_timeout 900;
    }

    location /service/ {
      proxy_pass http://harbor/service/;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $x_forwarded_proto;

      proxy_cookie_path / "/; Secure";

      proxy_buffering off;
      proxy_request_buffering off;
    }

    location /service/notifications {
      return 404;
    }
  }
  server {
      listen 8080;
      #server_name harbordomain.com;
      return 308 https://$host:443$request_uri;
  }
}

启动nginx

# 启动容器
podman run --name=nginx --restart=always --detach \
    --network=podman \
    --cap-add=setuid \
    --cap-add=setgid \
    --cap-add=chown \
    --cap-add=net_bind_service \
    --cap-drop=all \
    --volume=/etc/harbor/jobservice.yml:/etc/jobservice/config.yml \
    --volume=/etc/harbor/nginx.conf:/etc/nginx/nginx.conf:ro \
    --volume=/etc/harbor/cert:/etc/cert:ro \
    --publish=80:8080/tcp \
    --publish=443:8443/tcp \
    goharbor/nginx-photon:v2.12.1

部署trivy

trivy主要是做镜像安全扫描的

启动trivy

# 启动容器
podman run --name=trivy --restart=always --detach \
    --network=podman \
    --cap-drop=all \
    --env=REGISTRY_URL=http://registry:5000 \
    --env=SCANNER_LOG_LEVEL=info \
    --env=SCANNER_REDIS_URL=redis://redis:6379/5?idle_timeout_seconds=30 \
    --env=SCANNER_STORE_REDIS_URL=redis://redis:6379/5?idle_timeout_seconds=30 \
    --env=SCANNER_STORE_REDIS_NAMESPACE=harbor.scanner.trivy:store \
    --env=SCANNER_STORE_REDIS_NAMESPACE=harbor.scanner.trivy:store \
    --env=SCANNER_JOB_QUEUE_REDIS_URL=redis://redis:6379/5?idle_timeout_seconds=30 \
    --env=SCANNER_JOB_QUEUE_REDIS_NAMESPACE=harbor.scanner.trivy:job-queue \
    --env=SCANNER_TRIVY_CACHE_DIR=/home/scanner/.cache/trivy \
    --env=SCANNER_TRIVY_REPORTS_DIR=/home/scanner/.cache/reports \
    --env=SCANNER_TRIVY_VULN_TYPE=os,library \
    --env=SCANNER_TRIVY_SEVERITY=UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL \
    --env=SCANNER_TRIVY_IGNORE_UNFIXED=False \
    --env=SCANNER_TRIVY_SKIP_UPDATE=False \
    --env=SCANNER_TRIVY_SKIP_JAVA_DB_UPDATE=False \
    --env=SCANNER_TRIVY_OFFLINE_SCAN=False \
    --env=SCANNER_TRIVY_SECURITY_CHECKS=vuln \
    --env=SCANNER_TRIVY_GITHUB_TOKEN= \
    --env=SCANNER_TRIVY_INSECURE=False \
    --env=SCANNER_TRIVY_TIMEOUT=5m0s \
    goharbor/trivy-adapter-photon:v2.12.1

检查

检查配置文件数量

find /etc/harbor/ | sort
#>
/etc/harbor/
/etc/harbor/cert
/etc/harbor/cert/server.crt
/etc/harbor/cert/server.key
/etc/harbor/harbor.conf
/etc/harbor/jobservice.yml
/etc/harbor/nginx.conf
/etc/harbor/portal.conf
/etc/harbor/registry.yml
/etc/harbor/registryctl.yml

检查secret数量

podman secret ls
#>
ID                                                 NAME                            DRIVER      CREATED        UPDATED
4b6b7a7389b944e14183e3f15  harbor-secret          file          3 hours ago  3 hours ago
53a5324e536df904f4937bc7e  registry-passwd      file          3 hours ago  3 hours ago
8d51148dd09167d01c05efbb1  db-secret                  file          3 hours ago  3 hours ago
02d967fca4901534dfd4d7602  registry-auth          file          3 hours ago  3 hours ago
2b797e30d891f3e4faa9eb4ea  jobservice-secret  file          3 hours ago  3 hours ago

检查卷数量

podman volume ls
#>
DRIVER      VOLUME NAME
local       redis
local       postgresql
local       registry
local       harbor
local       jobservice
local       fcb0cf615f4f418e6940575b7f2ff4134fa16f022e5796d13665941935ed28cc
local       8873dd561ad8a729ed41ffa142935faabee2bd7f7ac7008b00e64b9cb52d4c6b
local       afa887b699a4a4544e264aaa3aaef741c59030802396501b6e9e9b8cc7a9988c
local       141c9d2ddd2f51458e260553099b7c557ef375170d83e3dcf29c9f8619a02864
local       18b0b3f8d0664a53f649072c063c582c44e33bc76455124084dca80a75cbe5e8
local       7cabf92013a6d373e5fce5e04e1c1a64f7552b84ce8f1be4a9cc4596338b1e5b
local       906e32a9ed2cdc35c029d9719fda7b92bbed1f9c81049dded7455f0a48e35e4f

检查容器运行数量

podman ps
#>
CONTAINER ID   IMAGE                                                                                         COMMAND                            CREATED           STATUS                               PORTS                                                                               NAMES
cf90d9f591e7  localhost/goharbor/redis-photon:v2.12.1                    redis-server /etc...  8 minutes ago  Up  8 minutes (healthy)                                                                                          redis
6e21f92af144  localhost/goharbor/harbor-db:v2.12.1                                                                    8 minutes ago  Up 8 minutes (healthy)                                                                                          postgresql
822f1651fe33  localhost/goharbor/registry-photon:v2.12.1                                                        8 minutes ago  Up 7 minutes (healthy)                                                                                          registry
8e294920c5d8  localhost/goharbor/harbor-portal:v2.12.1                  nginx -g daemon o...     7 minutes ago  Up 7 minutes (healthy)                                                                                          portal
d4a8efa87fee  localhost/goharbor/harbor-jobservice:v2.12.1                                                    7 minutes ago  Up 7 minutes (healthy)                                                                                          jobservice
8ca7b98b4db0  localhost/goharbor/harbor-registryctl:v2.12.1                                                  7 minutes ago  Up 7 minutes (healthy)                                                                                          registryctl
bd7f6ad9ba06  localhost/goharbor/harbor-core:v2.12.1                                                                7 minutes ago  Up 7 minutes (healthy)                                                                                          harbor
d49c1ba26e4e  localhost/goharbor/nginx-photon:v2.12.1                    nginx -g daemon o...    7 minutes ago   Up 7 minutes (healthy)  0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp  nginx
2fc8d84a450f  localhost/goharbor/trivy-adapter-photon:v2.12.1                                             7 minutes ago   Up 7 minutes (healthy)                                                                                          trivy

访问测试

curl 127.0.0.1
#>
<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx/1.26.2</center>
</body>
</html>

这里因为启用了ssl,而我们默认访问http,所以被nginx重定向到https。

标签:etc,harbor,Podman,proxy,env,--,安装,registry
From: https://www.cnblogs.com/zggzcgy/p/18639254

相关文章

  • 不再担心安装问题!手把手教你在 CentOS 上安装 MySQL 8
    目录......
  • 速成AI绘画大师:Stable Diffusion(SD)入门指南与安装实操
    2024Ai绘画技术大爆发的一年,目前两款Ai神器大火,一款是大名鼎鼎的Midjourney,另外一款—StableDiffusion。而StableDiffusion它究竟能做什么?看来这么多那么要开始讲一讲今天的重点东西了更多实操教程和AI绘画工具,可以扫描下方,免费获取1,StableDiffusion原理:Stable......
  • 一文带你轻松学会Windows版Stable Diffusion本地安装方法,快学起来!
    朋友们,大家好,正在学习研究StableDiffusion,致力于用最为朴素直白的语言为你介绍AI绘画的相关知识。StableDiffusion的门槛过高、不会安装?没关系,这篇文章教会你如何安装!(文末扫码可直接获取免费安装包~)StableDiffusion的安装部署其实并不困难,只需简单点击几下,几分钟就能......
  • docker安装odoo17
    docker部署部署数据库dockernetworkcreate--driverbridgeodoo-netmkdir/mydata/services/odoo/dbdockerrun--networkodoo-net-d-v/mydata/services/odoo/db:/var/lib/postgresql/data-ePOSTGRES_USER=odoo-ePOSTGRES_PASSWORD=odoo-ePOSTGRES_DB=postgres......
  • Windows安装anaconda并使用虚拟环境
    在清华源下载Anacondahttps://mirrors.tuna.tsinghua.edu.cn/help/anaconda/安装默认安装即可测试打开安装好的AnacondaPrompt,输入conda-V打印版本即可创建虚拟环境condacreate-nmyenvpython=3.12查看虚拟环境列表condaenvlist激活虚拟环境condaactivatem......
  • debian11部署harbor
    在Debian11上部署Harbor,您可以遵循以下步骤:1.安装Docker和相关依赖:sudoaptupdatesudoaptinstallca-certificatescurlgnupglsb-releasecurl-fsSLhttps://download.docker.com/linux/debian/gpg|sudogpg--dearmor-o/usr/share/keyrings/docker-archive-keyrin......
  • 关于 IntelliJ IDEA 2024 安装激活使用教程以及常见问题(激活至2026,实际上永久,亲测!)
    申明:本教程IntelliJIDEA补丁、激活码均收集于网络,请勿商用,仅供个人学习使用,如有侵权,请联系作者删除。若条件允许,希望大家购买正版!卸载老版本IDEA首先,如果小伙伴的电脑上有安装老版本的IDEA,需要将其彻底卸载掉,如下所示(没有安装则不用管,直接安装即可):TIP:如果你之前使......
  • PCL的安装和环境配置
    1、软件下载下载vs2022和PCL1.8.1vs2022:https://visualstudio.microsoft.com/downloadsPCL1.8.1:https://download.csdn.net/download/qq_29385297/902061382、PCL安装直接运行PCL-1.8.1-AllInOne-msvc2017-win64.exe选择AddPCLtothesystemPATHforallusers选项......
  • 一、安装Node.js
    文章目录一、Node.js详解二、下载Node.js三、安装Node.js四、设置node_global和node_cache五、设置环境变量六、常用npm命令一、Node.js详解  Node.js是当下编程领域极具影响力的工具,官方定义其为“anopen-source,cross-platformJavaScriptruntime......
  • ScriptCS安装报错
    最近在写C#,在使用Chocolatey安装ScriptCS(命令:chocoinstallscriptcs)的过程中,出现以下报错:ERROR:Theterm'Write-ChocolateyFailure'isnotrecognizedasthenameofacmdlet,function,scriptfile,oroperableprogram.Checkthespellingofthename,orifapath......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99