平时常常用Docker来部署各种环境,发现从DockerHub上下载镜像有时候比较慢。第三方的镜像还能够应用一些国内的镜像仓库来减速,如果咱们本人构建的镜像那就不行了。这时候搭建一个公有的镜像仓库很有必要,最近发现Harbor这个企业级镜像仓库,十分好用且功能强大,举荐给大家!
SpringBoot实战电商我的项目mall(40k+star)地址:https://github.com/macrozheng/mall
Harbor简介
Harbor是一款开源的Docker镜像仓库服务,在Github上目前有13.4k+Star。提供了基于角色的镜像拜访机制,能够爱护你的镜像平安。
装置
学习开源我的项目的第一步,个别都是把它运行起来,咱们先来把Harbor运行起来吧!
- 下载Harbor安装包,这里下载的是
v1.10.6离线版本,下载地址:https://github.com/goharbor/h...
- 下载实现后上传到Linux服务器,应用如下命令解压;
tar xvf harbor-offline-installer-v1.10.6.tgz- 解压实现后,所有文件内容如下;
[root@linux-local harbor]# lltotal 700260drwxr-xr-x. 3 root root 20 Dec 2 11:18 common-rw-r--r--. 1 root root 3398 Nov 17 11:58 common.sh-rw-r--r--. 1 root root 5348 Dec 2 14:41 docker-compose.yml-rw-r--r--. 1 root root 717021676 Nov 17 11:59 harbor.v1.10.6.tar.gz-rw-r--r--. 1 root root 5882 Dec 2 11:21 harbor.yml-rwxr-xr-x. 1 root root 2284 Nov 17 11:58 install.sh-rw-r--r--. 1 root root 11347 Nov 17 11:58 LICENSE-rwxr-xr-x. 1 root root 1749 Nov 17 11:58 prepare- 批改Harbor的配置文件
harbor.yml,批改hostname,并正文掉https配置,相干属性阐明参考正文即可;
# 指定Harbor的治理界面及镜像仓库拜访地址hostname: 192.168.3.101# http相干配置http: # http端口,如果配置了https,默认应用https port: 80# https相干配置#https:# # https端口# port: 443# # 指定Habor中Nginx的https的证书和私钥地址# certificate: /your/certificate/path# private_key: /your/private/key/path# Harbor默认管理员账号admin的明码harbor_admin_password: Harbor12345# Harbor内置PostgreSQL数据库配置database: # root用户明码 password: root123 # 最大闲暇连接数,小于等于0示意无闲暇连贯 max_idle_conns: 50 # 最大连接数,小于等于0示意无限度 max_open_conns: 100# 默认数据目录data_volume: /data# Clair configurationclair: # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters. updaters_interval: 12jobservice: # Maximum number of job workers in job service max_job_workers: 10notification: # Maximum retry count for webhook job webhook_job_max_retry: 10chart: # Change the value of absolute_url to enabled can enable absolute url in chart absolute_url: disabled# 日志配置log: # 日志级别配置: debug, info, warning, error, fatal level: info # 日志本地存储策略 local: # 日志文件滚动数量,超过该数量会删除日志文件 rotate_count: 50 # 日志滚动大小,超过该大小会生成新的日志文件 rotate_size: 200M # 日志存储门路 location: /var/log/harbor# This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!_version: 1.10.0# Configure proxies to be used by Clair, the replication jobservice, and Harbor. Leave blank if no proxies are required.proxy: http_proxy: https_proxy: # no_proxy endpoints will appended to 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server no_proxy: components: - core - jobservice - clair- 应用
install.sh脚本装置Harbor:
./install.sh- Harbor启动胜利后会输入如下信息,这里须要留神的是Harbor会启动Nginx、Redis之类的容器,以前创立过的须要先删除掉,看到
started successfully就示意启动胜利了;
[Step 0]: checking if docker is installed ...Note: docker version: 19.03.5[Step 1]: checking docker-compose is installed ...Note: docker-compose version: 1.24.0[Step 2]: loading Harbor images ...Loaded image: goharbor/harbor-migrator:v1.10.6Loaded image: goharbor/harbor-core:v1.10.6Loaded image: goharbor/harbor-db:v1.10.6Loaded image: goharbor/harbor-registryctl:v1.10.6Loaded image: goharbor/nginx-photon:v1.10.6Loaded image: goharbor/clair-photon:v1.10.6Loaded image: goharbor/clair-adapter-photon:v1.10.6Loaded image: goharbor/harbor-portal:v1.10.6Loaded image: goharbor/harbor-log:v1.10.6Loaded image: goharbor/registry-photon:v1.10.6Loaded image: goharbor/notary-signer-photon:v1.10.6Loaded image: goharbor/harbor-jobservice:v1.10.6Loaded image: goharbor/redis-photon:v1.10.6Loaded image: goharbor/prepare:v1.10.6Loaded image: goharbor/notary-server-photon:v1.10.6Loaded image: goharbor/chartmuseum-photon:v1.10.6[Step 3]: preparing environment ...[Step 4]: preparing harbor configs ...prepare base dir is set to /mydata/harbor/harborWARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to httpsClearing the configuration file: /config/log/logrotate.confClearing the configuration file: /config/log/rsyslog_docker.confClearing the configuration file: /config/nginx/nginx.confClearing the configuration file: /config/core/envClearing the configuration file: /config/core/app.confClearing the configuration file: /config/registry/config.ymlClearing the configuration file: /config/registry/root.crtClearing the configuration file: /config/registryctl/envClearing the configuration file: /config/registryctl/config.ymlClearing the configuration file: /config/db/envClearing the configuration file: /config/jobservice/envClearing the configuration file: /config/jobservice/config.ymlGenerated configuration file: /config/log/logrotate.confGenerated configuration file: /config/log/rsyslog_docker.confGenerated configuration file: /config/nginx/nginx.confGenerated configuration file: /config/core/envGenerated configuration file: /config/core/app.confGenerated configuration file: /config/registry/config.ymlGenerated configuration file: /config/registryctl/envGenerated configuration file: /config/db/envGenerated configuration file: /config/jobservice/envGenerated configuration file: /config/jobservice/config.ymlloaded secret from file: /secret/keys/secretkeyGenerated configuration file: /compose_location/docker-compose.ymlClean up the input dirNote: stopping existing Harbor instance ...Stopping harbor-jobservice ... doneStopping harbor-core ... doneStopping redis ... doneStopping registryctl ... doneStopping registry ... doneStopping harbor-db ... doneStopping harbor-portal ... doneStopping harbor-log ... doneRemoving harbor-jobservice ... doneRemoving harbor-core ... doneRemoving redis ... doneRemoving registryctl ... doneRemoving registry ... doneRemoving harbor-db ... doneRemoving harbor-portal ... doneRemoving harbor-log ... doneRemoving network harbor_harbor[Step 5]: starting Harbor ...Creating network "harbor_harbor" with the default driverCreating harbor-log ... doneCreating harbor-portal ... doneCreating registry ... doneCreating harbor-db ... doneCreating registryctl ... doneCreating redis ... doneCreating harbor-core ... doneCreating harbor-jobservice ... doneCreating nginx ... done✔ ----Harbor has been installed and started successfully.----- 咱们能够应用
docker images命令查看下装置Harbor装置的Docker镜像,还挺多的;
REPOSITORY TAG IMAGE ID CREATED SIZE latest dc3bacd8b5ea 8 days ago 1.23MBgoharbor/chartmuseum-photon v1.10.6 01b70eccaf71 2 weeks ago 178MBgoharbor/harbor-migrator v1.10.6 a5d4a4ee44e4 2 weeks ago 356MBgoharbor/redis-photon v1.10.6 99e25b65195c 2 weeks ago 132MBgoharbor/clair-adapter-photon v1.10.6 aa72598ecc12 2 weeks ago 61.3MBgoharbor/clair-photon v1.10.6 da1b03030e34 2 weeks ago 171MBgoharbor/notary-server-photon v1.10.6 37c8bed3e255 2 weeks ago 142MBgoharbor/notary-signer-photon v1.10.6 c56d82220929 2 weeks ago 139MBgoharbor/harbor-registryctl v1.10.6 1d3986d90c65 2 weeks ago 101MBgoharbor/registry-photon v1.10.6 3e669c8204ed 2 weeks ago 83.7MBgoharbor/nginx-photon v1.10.6 a39d8dd46060 2 weeks ago 43.7MBgoharbor/harbor-log v1.10.6 1085d3865a57 2 weeks ago 106MBgoharbor/harbor-jobservice v1.10.6 aa05538acecf 2 weeks ago 143MBgoharbor/harbor-core v1.10.6 193e76e6be5d 2 weeks ago 129MBgoharbor/harbor-portal v1.10.6 942a9c448850 2 weeks ago 51.8MBgoharbor/harbor-db v1.10.6 37da2e5414ae 2 weeks ago 170MBgoharbor/prepare v1.10.6 35f073e33ec5 2 weeks ago 177MB- 拜访Harbor的治理界面,输出账号密码
admin:Harbor12345登录即可,拜访地址:http://192.168.3.101/
应用
接下来咱们就能够应用Harbor来治理咱们的镜像了。
- 首先点击
新建我的项目按钮,新建一个我的项目:
- 这里新建一个叫做
test的公有我的项目;
- 因为
docker login命令默认不反对http拜访,所以咱们须要手动开启,应用Vim编辑器批改docker的配置文件daemon.json;
vi /etc/docker/daemon.json- 增加一行
insecure-registries配置即可,容许应用非平安形式拜访Harbor镜像仓库,留神不要少了端口号80;
{ "registry-mirrors":["https://xxx.aliyuncs.com"], "insecure-registries":["192.168.3.101:80"]}- 再次重新启动docker服务;
systemctl restart docker- 再次应用
install.sh启动Harbor服务;
./install.sh- 应用
docker login命令拜访Harbor镜像仓库,留神加上端口号为80;
[root@linux-local harbor]# docker login 192.168.3.101:80Username: adminPassword: WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded- 编写Dockerfile脚本,用于构建Docker镜像,一个最简略的busybox脚本如下;
FROM busybox:latest- 应用如下命令构建一个本人的busybox镜像;
docker build -t 192.168.3.101:80/test/busybox .- 将本人构建的busybox镜像推送到Harbor镜像仓库;
docker push 192.168.3.101:80/test/busybox- 推送胜利后在Harbor的治理界面中就能够查看到busybox镜像了;
- 因为Harbor是用Docker Compose部署的,能够间接应用Docker Compose的命令来进行和启动。
# 进行Harbordocker-compose stop# 启动Harbordocker-compose start联合SpringBoot应用
这里应用之前的mall-tiny-fabric我的项目来演示下,如何应用Maven插件一键打包并推送到Harbor镜像仓库。- 首先批改我的项目的
pom.xml文件,批改推送的镜像仓库地址,并增加认证信息即可;
<plugin> <groupId>io.fabric8</groupId> <artifactId>docker-maven-plugin</artifactId> <version>0.33.0</version> <executions> <!--如果想在我的项目打包时构建镜像增加--> <execution> <id>build-image</id> <phase>package</phase> <goals> <goal>build</goal> </goals> </execution> </executions> <configuration> <!-- Docker 远程管理地址--> <dockerHost>http://192.168.3.101:2375</dockerHost> <!-- Docker 推送镜像仓库地址--> <pushRegistry>http://192.168.3.101:80</pushRegistry> <!-- 认证信息--> <authConfig> <push> <username>admin</username> <password>Harbor12345</password> </push> </authConfig> <images> <image> <!--因为推送到公有镜像仓库,镜像名须要增加仓库地址--> <name>192.168.3.101:80/mall-tiny/${project.name}:${project.version}</name> <!--定义镜像构建行为--> <build> <!--定义根底镜像--> <from>java:8</from> <args> <JAR_FILE>${project.build.finalName}.jar</JAR_FILE> </args> <!--定义哪些文件拷贝到容器中--> <assembly> <!--定义拷贝到容器的目录--> <targetDir>/</targetDir> <!--只拷贝生成的jar包--> <descriptorRef>artifact</descriptorRef> </assembly> <!--定义容器启动命令--> <entryPoint>["java", "-jar","/${project.build.finalName}.jar"]</entryPoint> <!--定义维护者--> <maintainer>macrozheng</maintainer> <!--应用Dockerfile构建时关上--> <!--<dockerFileDir>${project.basedir}</dockerFileDir>--> </build> <!--定义容器启动行为--> <run> <!--设置容器名,可采纳通配符--> <containerNamePattern>${project.artifactId}</containerNamePattern> <!--设置端口映射--> <ports> <port>8080:8080</port> </ports> <!--设置容器间连接--> <links> <link>mysql:db</link> </links> <!--设置容器和宿主机目录挂载--> <volumes> <bind> <volume>/etc/localtime:/etc/localtime</volume> <volume>/mydata/app/${project.artifactId}/logs:/var/logs</volume> </bind> </volumes> </run> </image> </images> </configuration></plugin>- 推送镜像之前须要在Harbor中创立好
mall-tiny我的项目,否则会无奈推送镜像;
- 之后应用Maven插件打包镜像并推送到Harbor仓库,具体能够参考《还在手动部署SpringBoot利用?试试这个自动化插件!》,推送过程中输入信息如下;
[INFO] Scanning for projects...[INFO] [INFO] ------------------------------------------------------------------------[INFO] Building mall-tiny-fabric 0.0.1-SNAPSHOT[INFO] ------------------------------------------------------------------------[INFO] [INFO] --- docker-maven-plugin:0.33.0:push (default-cli) @ mall-tiny-fabric ---[INFO] DOCKER> The push refers to repository [192.168.3.101:80/mall-tiny/mall-tiny-fabric]###############[INFO] DOCKER> 0.0.1-SNAPSHOT: digest: sha256:3a54682fd3b04526f6da0916e98f3d0d5ba4193a8ad6aafbe6c05a1badf6c13b size: 2212[INFO] DOCKER> Temporary image tag skipped. Target image '192.168.3.101:80/mall-tiny/mall-tiny-fabric:0.0.1-SNAPSHOT' already has registry set or no registry is available[INFO] DOCKER> Pushed 192.168.3.101:80/mall-tiny/mall-tiny-fabric:0.0.1-SNAPSHOT in 2 minutes and 8 seconds [INFO] ------------------------------------------------------------------------[INFO] BUILD SUCCESS[INFO] ------------------------------------------------------------------------[INFO] Total time: 02:11 min[INFO] Finished at: 2020-12-02T15:11:10+08:00[INFO] Final Memory: 19M/219M[INFO] ------------------------------------------------------------------------Process finished with exit code 0- 关上Harbor治理页面,发现
mall-tiny-fabric镜像曾经存在了。
总结
Harbor提供了治理界面让咱们能够更不便地治理Docker镜像,同时增加了基于角色的权限治理性能来爱护镜像的平安。之前咱们为了平安地应用镜像,须要应用繁琐的TLS来管制近程Docker服务打包镜像,具体参考《Docker服务凋谢了这个端口,服务器分分钟变肉机!》。当初咱们只有搭建一个Harbor镜像仓库,而后本地打包好镜像上传到Harbor,须要应用镜像的时候间接从Harbor下载即可!
参考资料
官网文档:https://goharbor.io/docs/2.1....
我的项目源码地址
https://github.com/macrozheng...
本文 GitHub https://github.com/macrozheng/mall-learning 曾经收录,欢送大家Star!