Harbor是一个开源的可信云原生注册表,用于存储、签名和扫描内容。它为开源Docker发行版添加了安全、身份和管理等功能。 ## 自动安装 ```console curl -LO https://raw.githubusercontent.com/bitnami/containers/main/bitnami/harbor-portal/docker-compose.yml curl -L https://github.com/bitnami/containers/archive/main.tar.gz | tar xz --strip=2 containers-main/bitnami/harbor-portal && cp -RL harbor-portal/config . && rm -rf harbor-portal docker-compose up ``` ## 手动安装 ### 1、下载安装包 ```shell wget https://github.com/goharbor/harbor/releases/download/v2.7.4/harbor-offline-installer-v2.7.4.tgz ``` ### 2、解压安装包,进入目录并展示文件 ```shell tar -xvf harbor-offline-installer-v2.7.4.tar cd harbor ll ``` ![image-20231208150823727](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702019310.png) ### 3、复制harbor.yml配置文件并编辑 ```shell cp harbor.yml.tmpl harbor.yml vim harbor.yml ``` ### 4、编辑文件内容如图 ![image-20231208151131781](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702019492.png) ### 5、启动项目 ```shell ./install.sh ``` 即可看到安装,等待安装完毕即可。 ## 简单使用 首先进入页面,输入上面设置的密码登录(默认访问80端口,ip:80) ![image-20231208151408705](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702019649.png) 进入页面后新建一个项目例如 `public` ![image-20231208151853837](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702019934.png) 访问级别是公开,存储限制为无限(镜像代理可以去配置aliyun,此代理是用户在harbor仓库中找不到,对应镜像,然后去代理仓库中查找镜像) ![image-20231208152259575](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702020179.png) 打开另外一台服务器,配置`docker`镜像设置 ```shell sudo vim /etc/docker/daemon.json ``` 将下面的内容复制进去(``更换为上述`Harbor`服务器地址) ```xml { "registry-mirrors": [ "https://hub.docker.com", "http://:80" ], "insecure-registries" : [ ":80" ] } ``` 保存退出,然后重新加载配置启动`docker` ```shell sudo systemctl daemon-reload sudo systemctl restart docker ``` 在本地镜像(下载了一个`redis`作为演示)打一个标签 ```shell #下载镜像 docker pull redis #给镜像打标签 # redis:latest 被打标签的本地镜像 # :80/public/redis:v1新的标签名称 # 是指定的 IP 地址,80 是端口号,public/redis:v1 是新的标签。 docker tag redis:latest :80/public/redis:v1 #登录远程Harbor仓库 docker login -u -p http://:80 #推送镜像 docker push :80/public/redis:v1 ``` ![image-20231208154658318](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702021618.png) 在`Harbor`中就可以看到镜像了 ![image-20231208230150057](https://lsky.hhdxw.top/imghub/2023/12/image-202312081702047710.png) ```yaml # Copyright VMware, Inc. # SPDX-License-Identifier: APACHE-2.0 version: '2' services: registry: image: docker.io/bitnami/harbor-registry:2 environment: - REGISTRY_HTTP_SECRET=CHANGEME volumes: - registry_data:/storage - ./config/registry/:/etc/registry/:ro registryctl: image: docker.io/bitnami/harbor-registryctl:2 environment: - CORE_SECRET=CHANGEME - JOBSERVICE_SECRET=CHANGEME - REGISTRY_HTTP_SECRET=CHANGEME volumes: - registry_data:/storage - ./config/registry/:/etc/registry/:ro - ./config/registryctl/config.yml:/etc/registryctl/config.yml:ro postgresql: image: docker.io/bitnami/postgresql:13 container_name: harbor-db environment: - POSTGRESQL_PASSWORD=bitnami - POSTGRESQL_DATABASE=registry volumes: - postgresql_data:/bitnami/postgresql core: image: docker.io/bitnami/harbor-core:2 container_name: harbor-core depends_on: - registry environment: - CORE_KEY=change-this-key - _REDIS_URL_CORE=redis://redis:6379/0 - SYNC_REGISTRY=false - CHART_CACHE_DRIVER=redis - _REDIS_URL_REG=redis://redis:6379/1 - PORT=8080 - LOG_LEVEL=info - EXT_ENDPOINT=http://reg.mydomain.com - DATABASE_TYPE=postgresql - REGISTRY_CONTROLLER_URL=http://registryctl:8080 - POSTGRESQL_HOST=postgresql - POSTGRESQL_PORT=5432 - POSTGRESQL_DATABASE=registry - POSTGRESQL_USERNAME=postgres - POSTGRESQL_PASSWORD=bitnami - POSTGRESQL_SSLMODE=disable - REGISTRY_URL=http://registry:5000 - TOKEN_SERVICE_URL=http://core:8080/service/token - HARBOR_ADMIN_PASSWORD=bitnami - CORE_SECRET=CHANGEME - JOBSERVICE_SECRET=CHANGEME - ADMIRAL_URL= - CORE_URL=http://core:8080 - JOBSERVICE_URL=http://jobservice:8080 - REGISTRY_STORAGE_PROVIDER_NAME=filesystem - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password - READ_ONLY=false - RELOAD_KEY= volumes: - core_data:/data - ./config/core/app.conf:/etc/core/app.conf:ro - ./config/core/private_key.pem:/etc/core/private_key.pem:ro portal: image: docker.io/bitnami/harbor-portal:2 container_name: harbor-portal depends_on: - core jobservice: image: docker.io/bitnami/harbor-jobservice:2 container_name: harbor-jobservice depends_on: - redis - core environment: - CORE_SECRET=CHANGEME - JOBSERVICE_SECRET=CHANGEME - CORE_URL=http://core:8080 - REGISTRY_CONTROLLER_URL=http://registryctl:8080 - REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user - REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password volumes: - jobservice_data:/var/log/jobs - ./config/jobservice/config.yml:/etc/jobservice/config.yml:ro redis: image: docker.io/bitnami/redis:7.0 environment: # ALLOW_EMPTY_PASSWORD is recommended only for development. - ALLOW_EMPTY_PASSWORD=yes harbor-nginx: image: docker.io/bitnami/nginx:1.25 container_name: nginx volumes: - ./config/proxy/nginx.conf:/opt/bitnami/nginx/conf/nginx.conf:ro ports: - '80:8080' depends_on: - postgresql - registry - core - portal volumes: registry_data: driver: local core_data: driver: local jobservice_data: driver: local postgresql_data: driver: local ```