Docker Harbor is built and used

We usually use Harbor to manage docker images. The internal images built by the company will be uploaded to Harbor. When we help customers build services, we can directly pull the images from Harbor of the company

Docker and Docker-compose must be installed before harbor is installed

Download, extract, and configure

Due to network reasons, we adopt offline installation, installation files downloaded from https://github.com/goharbor/harbor/releases/tag/v2.2.2 offline, is nearly 500 m of that file

/usr/local/harbor: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf

> harbor.yyml. TMPL > harbor.yyml. TMPL > harbor.yyml.

1. hostnameThis is the domain name, you need to change to your company’s own domain name, if it is your own test, you can fill in a domain name, and then in/etc/hostsTo resolve the domain name to 127.0.0.1, here we type hub.demo.com
2. http.portThis is the port. The default value is 80, which is not changed unless port 80 is occupied
3. httpsThis is an HTTPS configuration, and the SSL certificate needs to be provided. If the certificate is generated by yourself, it needs to be set in the Docker configuration fileinsecure-registriesOtherwise, Docker will consider it an insecure domain name. Docker will generate a certificate and come back to modify it later
4. harbor_admin_passwordThis is the administrator password provided by Harbor to manage the background
5. databaseThe configuration below this node is harbor’s own database password and connection parameters
6. data_volumeDocker-comemess. yml: Docker-comemess. yml: Docker-comemess. yml: Docker-comemess. yml: docker-comemess. yml: docker-comemess. yml: docker-comemess. yml

The rest of the configuration parameters are left untouched and the SSL certificate is generated

Generating an SSL Certificate

Note: the SSL certificate generation introduced here is only used for testing, the real SSL certificate should be generated from a third party (such as Ali Cloud), the certificate generated casually, browser is not recognized

So let’s start generating

openssl genrsa -des3 -out server.key 2048
Copy the code

After executing the above command, you will be asked to fill in the password, the length of the password should not be less than 4 characters, we test a simpler password, enter 1234, after entering the password press Enter will generate a server. Key file in the current directory

openssl req -new -key server.key -out server.csr
Copy the code

When you run this command, you need to enter the password you entered in the previous step to generate server.key. Then you are asked to enter the country, province, city, organization name, and your own name in sequence

Next we remove the password for server.key

Old openssl rsa -in server.key.old -out server.keyCopy the code

Enter the password of the original server.key

Now you can generate the CRT certificate file

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Copy the code

After the above steps, two files need to be used, respectively: CRT and server.key, modify the harbor.yml. TMPL file, change the certificate in the HTTPS node to the path of server. CRT and private_key to the path of server.key

Install the harbor

Execute the following command

mv harbor.yml.tmpl harbor.yml
./install.sh
Copy the code

Since the Harbor we downloaded is offline version, all docker images needed have been downloaded, so the installation process is quick. If you download the harbor offline version, you may wait for a long time or even have a network error (you cannot download the image file).

Docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose down To modify the container configuration, edit the docker-comemess.yml file

Harbor’s Docker container is started by default after installation

Add 192.168.3.3 hub.demo.com to /etc/hosts, where IP is the IP address of the harbor server

If the browser can’t open it, modify the harbor.yml file, comment out the HTTPS configuration, and retry./install.sh. Notice it’s not HTTPS, it’s HTTP

Open harbor management as follows:

The user name is admin and the password is configured in harbor.yml. The following interface is displayed after login:

Click Users on the left to create a user, assuming the name is Test

On the left, click Projects to create a project named Test. If the project is created successfully, the project details page will be displayed. Click Members and click + USER to enter the test USER created above

Docker pushes images to Harbor

To log in to Harbor, run the Docker command

docker login http://hub.demo.com
Copy the code

Input created above the test user name and password, if prompted the Error response from the daemon: Get https://hub.demo.com/v2/: dial TCP: lookup hub.demo.com: If no such host is used, the host cannot resolve the domain name hub.demo.com and you need to change the /etc/hosts

The message Login Succeeded indicates that the Login is successful, and the image can be pushed

// Create an image from docker Images. // Tag the image with the Harbor domain name. I am here in busybox image, for example docker tag busybox: latest hub.demo.com/test/busybox:v1 / / push docker push hub.demo.com/test/busybox:v1Copy the code

To explain the above tag hub.demo.com/test/busybox:v1, hub.demo.com is the domain of harbor, the test is the project name in the harbor, busybox: v1 is mirror of the name and version number

After the push, refresh harbor administration background, you can see that the test project has a busybox: V1 image

Docker pulls the image from Harbor

Also log in to harbor via docker command. Why not log in to other image repositories? Because they set it up so everyone can pull the mirror

docker login http://hub.demo.com
Copy the code

To verify that the pull is successful, delete busybox:v1 from the local tag

docker rmi hub.demo.com/test/busybox:v1
Copy the code

Start pulling the mirror

docker pull hub.demo.com/test/busybox:v1
Copy the code

Check whether the mirror is pulled successfully

docker images | grep busybox
Copy the code

After the pull is successful, you can tag the local image again