私有镜像仓库 Harbor 极简搭建指南(HTTP 版)

本文简要介绍私有镜像仓库 Harbor 的搭建指南(HTTP 版),以及使用方法。搭建部分主要参考官网。本文基于以下版本:

1
2
3
Docker: 20.10.12
Docker-compose: 1.29.2
Harbor: 2.4.1

准备工作

安装Docker与Docker Compose

请直接参考官网。这里仅给出在 CentOS 上的例子:

1
2
3
4
5
6
7
8
9
10
sudo yum install -y yum-utils
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce docker-ce-cli containerd.io
sudo systemctl start docker
sudo systemctl enable docker

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

安装 OpenSSL

这里仅给出 CentOS 的例子:

1
yum install -y openssl

安装 Harbor

官网给出了两种安装模式,在线安装包或离线安装包。其区别是离线安装包里面含有镜像,在线版本在安装时则去Docker Hub拉取镜像。我们这里使用离线安装包。

1
2
3
wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz
tar zxvf harbor-offline-installer-v2.4.1.tgz
cd harbor

harbor 文件夹里可以看到有一份文件 harbor.yml.tmpl,这是 Harbor 的配置信息,我们复制一份并进行修改(以下仅显示修改部分):

1
cp harbor.yml.tmpl harbor.yml
harbor.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
- hostname: reg.mydomain.com
+ hostname: your.domain.com (自行指定)

# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80

# https related config
# 直接禁用 HTTPS
- https:
+ # https:
# https port for harbor, default is 443
- port: 443
+ # port: 443
# The path of cert and key files for nginx
- certificate: /your/certificate/path
- private_key: /your/private/key/path
+ # certificate: /your/certificate/path
+ # private_key: /your/private/key/path

# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
- harbor_admin_password: Harbor12345
+ harbor_admin_password: yourPassword (自行指定)

修改完毕后,直接运行 ./install.sh,并等待Docker Compose执行完毕。部署完毕后,你就可以使用这台机器的80端口看到Harbor界面了。如果需要启动 Helm Chart 的管理功能,请使用 ./install.sh --with-chartmuseum

登录与使用方法

在安装Harbor的本机,可以直接在/etc/hosts里配置,在127.0.0.1后面加上你在配置文件里定义的hostname,随后可以使用如下命令直接登录:

1
docker login -u admin -p yourPassword http://your.domain.com

上面的密码与hostname需要自行替换。

如果在其他机器登录,首先还是需要配/etc/hosts,将hostname指向安装Harbor的机器IP。登录时,可能会遇到如下情况:

1
2
3
$ docker login -u admin -p yourPassword http://your.domain.com

Error response from daemon: Get https://your.domain.com/v2/: dial tcp xxx.xxx.xxx.xxx:443: connect: connection refused

这个原因是访问HTTPS被拒绝(我们只配置了HTTP),需要关闭安全验证。修改/etc/docker/daemon.json并加入如下内容:

/etc/docker/daemon.json
1
+ "insecure-registries": ["your.domain.com:port", "0.0.0.0"]

如果是80端口号则可以忽略端口部分。修改完毕后,重启Docker:

1
sudo systemctl restart docker

必要时,可以在安装Harbor的机器上重启Harbor:

1
2
3
cd harbor
docker-compose down -v
docker-compose up -d

再次登录即可正常使用。需要注意,使用Harbor时,镜像需要遵循以下格式:

1
2
3
4
5
6
7
8
9
10
11
12
# Docker
docker tag SOURCE_IMAGE[:TAG] your.domain.com/PROJECT_NAME/REPOSITORY[:TAG]
docker push your.domain.com/PROJECT_NAME/REPOSITORY[:TAG]
docker pull your.domain.com/PROJECT_NAME/REPOSITORY[:TAG]

# Helm
helm repo add --username admin --password ADMIN_PASSWORD harbor http://your.domain.com/chartrepo/
helm plugin install https://github.com/chartmuseum/helm-push
helm cm-push CHART_PATH --version="CHART_VERSION" harbor
helm repo update
helm search repo CHART_PATH
helm install RELEASE_NAME CHART_NAME

其中PROJECT_NAME是你在Harbor UI新建的项目名,CHART_PATH是存储Helm Chart的路径,CHART_NAME是使用helm search后搜索到的Chart名称,RELEASE_NAME是Helm部署后的自定义名称。