podman配置加速器、harbor镜像仓库部署
podman配置加速器、harbor镜像仓库部署
- podman配置加速器
- harbor镜像仓库部署
- Harbor简介
- harbor的功能
- Docker compose
- harbor镜像仓库部署
- web界面
- docker-compose
podman配置加速器
[root@192 ~]# cd /etc/containers/
[root@192 containers]# ls
certs.d policy.json registries.d
oci registries.conf storage.conf[root@192 containers]# cat registries.conf
......
[registries.search]
registries = ['docker.io'] #查找镜像的位置
......
[[registry]] #配置加速器
prefix = "docker.io"
location = "6xwxkj3n.mirror.aliyuncs.com"
......
harbor镜像仓库部署
Harbor简介
Harbor是由VMWare在Docker Registry的基础之上进行了二次封装,加进去了很多额外程序,而且提供了一个非常漂亮的web界面。
Project Harbor 是一个开源可信云原生注册表项目,用于存储、用户管理和搜索镜像
Harbor 通过添加用户通常需要的功能(例如安全性、身份和管理)来扩展开源 Docker Distribution。
Harbor 支持高级功能,例如用户管理、访问控制、活动监控和实例之间的复制
harbor的功能
- 多用户内容签名和验证
- 安全和漏洞分析
- 审计日志
- 身份集成和基于角色的访问控制
- 实例间镜像复制
- 可扩展的 API 和图形用户界面
- 国际化,支持多种语言
Docker compose
Harbor在物理机上部署是非常难的,而为了简化Harbor的应用,Harbor官方直接把Harbor做成了在容器中运行的应用,而且这个容器在Harbor中依赖类似redis、mysql、pgsql等很多存储系统,所以它需要编排很多容器协同起来工作,因此VMWare Harbor在部署和使用时,需要借助于Docker的单机编排工具(Docker compose)来实现。
Compose 是一个用于定义和运行多容器 Docker 应用程序的工具。借助 Compose,您可以使用 YAML 文件来配置应用程序的服务。然后,使用单个命令,从配置中创建并启动所有服务。
harbor镜像仓库部署
//添加域名解析
[root@docker ~]# hostname
docker.example.com
[root@docker ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.172.142 docker.example.com//安装docker-compose
[root@192 ~]# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed0 0 0 0 0 0 0 0 --:--:-- -100 664 100 664 0 0 1488 0 --:--:-- --:--:-- --:--:-- 1488//给文件执行权限
[root@192 ~]# cd /usr/local/bin/
[root@192 bin]# ls
docker-compose
[root@192 bin]# chmod +x docker-compose
[root@192 bin]# ll docker-compose
-rwxr-xr-x. 1 root root 12737304 Dec 16 11:22 docker-compose下载harbor并解压
[root@docker ~]# wget -c https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-offline-installer-v2.3.5.tgz
--2021-12-16 11:43:00-- https://github.com/goharbor/harbor/releases/download/v2.3.5/harbor-offline-installer-v2.3.5.tgz
Resolving github.com (github.com)... 20.205.243.166
Connecting to github.com (github.com)|20.205.243.166|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/200e9396-9027-4eb7-be24-ca05ad569d54?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20211216%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20211216T034259Z&X-Amz-Expires=300&X-Amz-Signature=630f59aa3fcdaa3ce8bda1370ad2534c7bb5e6a9a53fff88a0a6fd804369af6a&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v2.3.5.tgz&response-content-type=application%2Foctet-stream [following]
--2021-12-16 11:43:00-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/50613991/200e9396-9027-4eb7-be24-ca05ad569d54?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20211216%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20211216T034259Z&X-Amz-Expires=300&X-Amz-Signature=630f59aa3fcdaa3ce8bda1370ad2534c7bb5e6a9a53fff88a0a6fd804369af6a&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=50613991&response-content-disposition=attachment%3B%20filename%3Dharbor-offline-installer-v2.3.5.tgz&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.108.133, 185.199.111.133, 185.199.109.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 605228707 (577M) [application/octet-stream]
Saving to: 'harbor-offline-installer-v2.3.5.tgz'harbor-offlin 100% 577.19M 9.19MB/s in 2m 2s 2021-12-16 11:45:05 (4.72 MB/s) - 'harbor-offline-installer-v2.3.5.tgz' saved [605228707/605228707][root@docker ~]# tar xf harbor-offline-installer-v2.3.5.tgz -C /usr/local/[root@docker local]# cd harbor/
[root@docker harbor]# ls
LICENSE harbor.v2.3.5.tar.gz install.sh
common.sh harbor.yml.tmpl prepare
[root@docker harbor]# cp harbor.yml.tmpl harbor.yml[root@docker ~]# cat /usr/local/harbor/harbor.yml
# Configuration file of Harbor# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: docker.example.com #主机域名# http related config
http:# port for http, default is 80. If https enabled, this port will redirect to https portport: 80# https related config
#https: #没有证书,所以注释掉# https port for harbor, default is 443# port: 443# The path of cert and key files for nginx#certificate: /your/certificate/path#private_key: /your/private/key/path# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345 #web界面admin账户密码# Harbor DB configuration
database:# The password for the root user of Harbor DB. Change this before any production use.password: root123 #数据库密码# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.max_idle_conns: 100# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.# Note: the default number of connections is 1024 for postgres of harbor.max_open_conns: 900# The default data volume
data_volume: /data# Harbor Storage settings by default is using /data dir on local filesystem
# Uncomment storage_service setting If you want to using external storage
# storage_service:
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
# ca_bundle:# # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
# filesystem:
# maxthreads: 100
# # set disable to true when you want to disable registry redirect
# redirect:
# disabled: false# Trivy configuration
#
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it
# should download a newer version from the Internet or use the cached one. Currently, the database is updated every
# 12 hours and published as a new release to GitHub.
trivy:# ignoreUnfixed The flag to display only fixed vulnerabilitiesignore_unfixed: false# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub## You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.# If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and# `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.skip_update: false## insecure The flag to skip verifying registry certificateinsecure: false# github_token The GitHub access token to download Trivy DB## Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough# for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000# requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult# https://developer.github.com/v3/#rate-limiting## You can create a GitHub token by following the instructions in# https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line## github_token: xxxjobservice:# Maximum number of job workers in job servicemax_job_workers: 10notification:# Maximum retry count for webhook jobwebhook_job_max_retry: 10chart:# Change the value of absolute_url to enabled can enable absolute url in chartabsolute_url: disabled# Log configurations
log:# options are debug, info, warning, error, fatallevel: info# configs for logs in local storagelocal:# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.rotate_count: 50# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G# are all valid.rotate_size: 200M# The directory on your host that store loglocation: /var/log/harbor# Uncomment following lines to enable external syslog endpoint.# external_endpoint:# # protocol used to transmit log to external endpoint, options is tcp or udp# protocol: tcp# # The host of external endpoint# host: localhost# # Port of external endpoint# port: 5140#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 2.3.0# Uncomment external_database if using external database.
# external_database:
# harbor:
# host: harbor_db_host
# port: harbor_db_port
# db_name: harbor_db_name
# username: harbor_db_username
# password: harbor_db_password
# ssl_mode: disable
# max_idle_conns: 2
# max_open_conns: 0
# notary_signer:
# host: notary_signer_db_host
# port: notary_signer_db_port
# db_name: notary_signer_db_name
# username: notary_signer_db_username
# password: notary_signer_db_password
# ssl_mode: disable
# notary_server:
# host: notary_server_db_host
# port: notary_server_db_port
# db_name: notary_server_db_name
# username: notary_server_db_username
# password: notary_server_db_password
# ssl_mode: disable# Uncomment external_redis if using external Redis server
# external_redis:
# # support redis, redis+sentinel
# # host for redis: <host_redis>:<port_redis>
# # host for redis+sentinel:
# # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
# host: redis:6379
# password:
# # sentinel_master_set must be set to support redis+sentinel
# #sentinel_master_set:
# # db_index 0 is for core, it's unchangeable
# registry_db_index: 1
# jobservice_db_index: 2
# chartmuseum_db_index: 3
# trivy_db_index: 5
# idle_timeout_seconds: 30# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
# ca_file: /path/to/ca# Global proxy
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:http_proxy:https_proxy:no_proxy:components:- core- jobservice- trivy# metric:
# enabled: false
# port: 9090
# path: /metrics//执行harbor目录下的安装脚本
[root@docker harbor]# ./install.sh [Step 0]: checking if docker is installed ...Note: docker version: 20.10.12[Step 1]: checking docker-compose is installed ...Note: docker-compose version: 1.29.2[Step 2]: loading Harbor images ...
......
✔ ----Harbor has been installed and started successfully.----//查看
[root@docker ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
goharbor/harbor-exporter v2.3.5 1730c6f650e2 5 days ago 81.9MB
goharbor/chartmuseum-photon v2.3.5 47004f032938 5 days ago 179MB
goharbor/redis-photon v2.3.5 3d0cedc89a0d 5 days ago 156MB
goharbor/trivy-adapter-photon v2.3.5 5c0212e98070 5 days ago 133MB
goharbor/notary-server-photon v2.3.5 f20a76c65359 5 days ago 111MB
goharbor/notary-signer-photon v2.3.5 b9fa38eef4d7 5 days ago 108MB
goharbor/harbor-registryctl v2.3.5 7a52567a76ca 5 days ago 133MB
goharbor/registry-photon v2.3.5 cf22d3e386b8 5 days ago 82.6MB
goharbor/nginx-photon v2.3.5 5e3b6d9ce11a 5 days ago 45.7MB
goharbor/harbor-log v2.3.5 a03e4bc963d6 5 days ago 160MB
goharbor/harbor-jobservice v2.3.5 2ac32df5a2e0 5 days ago 211MB
goharbor/harbor-core v2.3.5 23baee01156f 5 days ago 193MB
goharbor/harbor-portal v2.3.5 bb545cdedf5a 5 days ago 58.9MB
goharbor/harbor-db v2.3.5 9826c57a5749 5 days ago 221MB
goharbor/prepare v2.3.5 a1ceaabe47b2 5 days ago 255MB[root@docker ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f1dd4797aa94 goharbor/nginx-photon:v2.3.5 "nginx -g 'daemon of…" About a minute ago Up 54 seconds (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
f4af4c01c8f8 goharbor/harbor-jobservice:v2.3.5 "/harbor/entrypoint.…" About a minute ago Up 54 seconds (healthy) harbor-jobservice
c43d54396c94 goharbor/harbor-core:v2.3.5 "/harbor/entrypoint.…" About a minute ago Up 59 seconds (healthy) harbor-core
79b26073d903 goharbor/redis-photon:v2.3.5 "redis-server /etc/r…" About a minute ago Up About a minute (healthy) redis
5ce760e60920 goharbor/harbor-db:v2.3.5 "/docker-entrypoint.…" About a minute ago Up About a minute (healthy) harbor-db
c199e22ddc1a goharbor/harbor-portal:v2.3.5 "nginx -g 'daemon of…" About a minute ago Up About a minute (healthy) harbor-portal
1bc00421e02d goharbor/harbor-registryctl:v2.3.5 "/home/harbor/start.…" About a minute ago Up About a minute (healthy) registryctl
349f84fb0dfd goharbor/registry-photon:v2.3.5 "/home/harbor/entryp…" About a minute ago Up About a minute (healthy) registry
811c85e23312 goharbor/harbor-log:v2.3.5 "/bin/sh -c /usr/loc…" About a minute ago Up About a minute (healthy) 127.0.0.1:1514->10514/tcp harbor-log
web界面
IP访问
docker-compose
批量启动/关闭容器,必须在harbor安装目录
//关闭容器
[root@docker harbor]# docker-compose stop
Stopping nginx ... done
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping redis ... done
Stopping harbor-db ... done
Stopping harbor-portal ... done
Stopping registryctl ... done
Stopping registry ... done
Stopping harbor-log ... done//启动容器
[root@docker harbor]# docker-compose start
Starting log ... done
Starting registry ... done
Starting registryctl ... done
Starting postgresql ... done
Starting portal ... done
Starting redis ... done
Starting core ... done
Starting jobservice ... done
Starting proxy ... done
podman配置加速器、harbor镜像仓库部署相关推荐
- podman加速配置、harbor镜像仓库部署
podman镜像加速配置 镜像加速可以使用阿里云.清华大学.网易等多个镜像加速,这里我们使用阿里云的镜像加速. 前提需要你先登录,才可以获取你的镜像加速的地址 阿里云镜像加速 // 修改配置文件 ce ...
- podman加速配置、harbor镜像仓库的部署
podman加速配置.harbor镜像仓库的部署 1. podman镜像加速配置 2. harbor镜像仓库部署 2.1 harbor简介 2.3 Harbor的功能 2.4 Docker compo ...
- Harbor镜像仓库部署
一.简介 Harbor是VMware中国研发团队开发并开源企业级Registry,对中文支持很友好. Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器. Harbor具有 ...
- Harbor—镜像仓库
1.Harbor介绍 Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry也是非常必要的. ...
- 企业实战(6)修改Harbor镜像仓库默认存储路径
相关文章: 以下文章包含了Harbor镜像仓库搭建所需环境以及部署使用.报错解决. Docker与Docker Engine部署:https://blog.csdn.net/qq_44895681/ ...
- 一:部署harbor镜像仓库
Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境内的Registry 也是非常必要的.之前介绍了Docke ...
- 在Kubernetes集群上部署高可用Harbor镜像仓库
这里主要介绍使用kubectl部署Harbor镜像仓库到Kubernetes集群中. 使用Helm部署,参考: https://my.oschina.net/u/2306127/blog/181969 ...
- jar k8s 自己的 部署_k8s+jenkins+harbor镜像仓库实现持续集成
一丶准备工作 1.安装好jenkins 2.安装好k8s 3.熟悉Docker,K8S,Jenkins基本使用 了解代码版本仓库(Git),容器镜像仓库(Harbor)了解Java项目发布流程 二丶H ...
- k8s和harbor的集成_在Kubernetes集群上部署高可用Harbor镜像仓库
在Kubernetes集群上部署高可用Harbor镜像仓库 一.Kubernetes上的高可用Harbor方案 首先,我可以肯定给出一个回答:Harbor支持在Kubernetes部署.只不过Harb ...
- harbor镜像仓库-https访问的证书配置 (docker配置harbor https证书)
harbor镜像仓库-https访问的证书配置 生成CA证书 随便搞个什么文件夹,用于存放生成的证书 创建key文件: root@eb7023:/data/certs>openssl genrs ...
最新文章
- 使用Aspose.Cells的基础知识整理
- php取得文件的大小
- python struct.pack()函数 (返回一个字节对象,其中包含根据格式字符串fmt打包的值v1,v2,...)
- 闪灯什么意思_开车闪一下闪二下闪三下大灯是什么意思
- 经Apache将tomcat转用80port这两个域名
- vconfig命令打通直连网络
- 船员英语老师是面试还是计算机答题,面试时的英语介绍
- 利用PPT要怎样绘制正弦曲线
- 怎样才能写好一份高质量的市场需求文档(MRD)
- jqwidgets日历插件如何改为中文版24小时制和bootstrap的日期控件如何改成24小时制
- 灰、黄、蓝三种颜色的收集装置模型练习及实现思路
- 解决ntp的错误:no server can be used,exiting
- 安卓小游戏:小板弹球
- 手机网站开发的经验总结
- GAL 高压缩版辅助工具
- 应用进程占内存大问题分析方法
- Could not find a getter for name in class org.tarena.entity1.City
- RadioButtonList 横着排列
- c 管理信息系统mysql,输入数据并输出信息的系统都称为()。A、信息系统B、数据库系统C、事务处理系统D、管理信息系统...
- The Recent Ten Years