I. Harbor
Harbor is an open-source enterprise Docker Registry project of VMware company
(1) Harbor's strengths:
Role based control;
Mirror based replication strategy;
Support LDAP / AD;
Image deletion and garbage collection;
Graphic UI;
Audit;
RESTful API;
(2) Harbor Architecture Composition:
1. Proxy: a front-end reverse proxy uniformly accepts requests from the browser and Docker clients, and forwards the requests to different back-end services.
2. Registry: store the Docker image and process the docker push/pull command.
3. Core services: the core functions of Harbor, including UI, webhook and token services.
4. Database: provides database services for core services.
5. Log collector: collect logs of other components for future analysis.
2, Advantages of private warehouse:
In fact, the original source of the image of the private library is downloaded from the public library. However, why don't all enterprises directly use the image required by the public library to download? It is allowed to use registry to build the local private warehouse, which has the advantages that the public library does not have:
1. Save network bandwidth. For each image, you don't need to go to the central warehouse to download, you just need to download from the private warehouse;
2. Provide image resource utilization. For the image used within the company, it is pushed to the local private warehouse for use by relevant personnel within the company.
Next, you can build a private docker warehouse:
(1) Install related packages:
install harbor: [root@localhost abc]# tar zvxf harbor-offline-installer-v1.2.2.tgz -C /usr/local/ //To install docker compose: [root@localhost abc]# cp docker-compose /usr/bin/ //Copy the docker compose command to the directory / bin /. After the system recognizes it, you can use the docker compose command directly.
(2) Modify the harbor.cfg configuration file:
(3) Start
[root@localhost local]# cd harbor/ [root@localhost harbor]# ls common docker-compose.yml harbor.v1.2.2.tar.gz NOTICE docker-compose.clair.yml harbor_1_1_0_template install.sh prepare docker-compose.notary.yml harbor.cfg LICENSE upgrade [root@localhost harbor]# sh /usr/local/harbor/install.sh / / enable
(4) To see if both the mirror and the container are started:
docker images //View mirroring docker ps -a //View container docker-compose ps //View container
(5) Verification: access 192.168.220.131 with browser
The user name, password and other information can be found in the file harbor.cfg. If they are not modified, the default is:
User name: admin
Password: Harbor 12345
(6) Create image manually (click "+ project"): create a project named myproject KGC:
(7) After the image is created, go back to the console and log in and push the image locally through 127.0.0.1 through the docker command:
docker login -u admin -p Harbor12345 http://127.0.0.1
(8) Download an image from the public database and upload it to the private database:
[root@localhost harbor]# Docker pull mirrors / / download images [root@localhost harbor]# Docker tag cirros 127.0.0.1 / myproject KGC / cirros: V1 / / image change label
(9) Upload the image just labeled to the private library
[root@localhost harbor]# docker push 127.0.0.1/myproject-kgc/cirros
(10) After uploading, we can see the image in Harbor:
(11) Open a virtual machine as the client, connect Harbor to upload and download images:
1. First, modify the / usr/lib/systemd/system/docker.service configuration file, associate with the private library, and add the following code (be sure to add, otherwise an error will be reported):
--insecure-registry 192.168.220.131
2, loading
systemctl daemon-reload //heavy load systemctl restart docker //restart
3. Login
docker login -u admin -p Harbor12345 http://192.168.220.131
4. Now we can download the existing image in the private library on this client:
docker pull 192.168.220.131/myproject-kgc/cirros:v1
5. Or download an image from the public database, label it, and upload it to the private database:
[root@localhost ~]# docker pull cirros [root@localhost ~]# docker tag cirros:latest 192.168.220.131/myproject-kgc/cirros:v2 [root@localhost ~]# docker push 192.168.220.131/myproject-kgc/cirros:v2
6. At this time, you can find another image uploaded in Harbor:
7. We can also download our commonly used images, label them and upload them to the private library:
[root@localhost ~]# docker pull nginx [root@localhost ~]# docker tag nginx:latest 192.168.220.131/myproject-kgc/nginx:v1 [root@localhost ~]# docker push 192.168.220.131/myproject-kgc/nginx:v1
8. At this point, Harbor will have a new image:
3, Manage private bank:
[root@localhost harbor]# Docker compose down - V / / close all containers
[root@localhost harbor]# docker-compose up -d
Add user: user management - > create user (note password needs upper case + lower case)
[root@localhost ~]# docker logout http://192.168.220.131 [root@localhost ~]# docker login http://192.168.220.131