In the cloud native era, various system services are run as Docker containers. Image warehouse, as the name implies, is used to store Docker images, which is one of the cores of cloud native architecture. At present, the most popular private mirror warehouse is Harbor, one of CNCF graduates.

This article describes how to install and configure Harbor on CentOS 7.

Install Docker and Docker Compose

Configure Ali’s YUM source and install the Docker CE version. Note: The latest version is 19.03.6:

$ yum install -y yum-utils device-mapper-persistent-data lvm2
$ yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
$ yum install -y docker-ce docker-ce-cli
Copy the code

Create Docker daemon configuration file, including using Ali image repository to improve download speed, and restart Docker:

$ mkdir /etc/docker
$ cat << EOF > /etc/docker/daemon.json
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "registry-mirrors": ["https://umqjaxg5.mirror.aliyuncs.com"],
  "storage-driver": "overlay2",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
EOF
$ systemctl daemon-reload
$ systemctl start docker
Copy the code

Continue to install docker-compse:

$curl - L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname - s) - $(uname -m)" - o /usr/local/bin/docker-compose $ chmod +x /usr/local/bin/docker-composeCopy the code

Install the Harbor

Download the Habor offline installation package and unzip it:

Wget $$tar XVF - https://github.com/goharbor/harbor/releases/download/v1.10.1/harbor-offline-installer-v1.10.1.tgz Harbor - offline installer - v1.10.1. / opt/TGZ - CCopy the code

Open the /opt/harbor/harbor.yml file and modify the hostname domain name and HTTPS certificate as follows:

# Configuration file of Harbor # The IP address or hostname to access admin UI and registry service. # DO NOT use Email exchange with external clients. Hostname: registry.k8sadm.xinhua.tech # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 # https related config https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate: /opt/certs/registry.k8sadm.xinhua.tech.cert private_key: /opt/certs/registry.k8sadm.xinhua.tech.keyCopy the code

Then run the following command to install:

$ ./install.sh --with-clair
Copy the code

The above installation commands also install Clair service, a tool for static analysis of user image vulnerabilities. If not, you can omit this option.

After the installation is successful, you can use the docker login command to test the connectivity of the warehouse. If the following message is displayed, the installation is successful (you can also access the Web UI through a browser) :

$ docker login registry.k8sadm.xinhua.tech
Username: admin
Password: Passw0rd

Login Succeeded
Copy the code

At this point, the private mirror repository Harbor is installed.

Try a Harbor

In Harbor, mirrors are organized as projects. We create a test project named Foo on the page and push the BusyBox image pulled from the Docker Hub to our repository:

$docker pull busybox: 1.31.1 $docker tag busybox: 1.31.1 registry. Admtest. Xinhua. The tech/foo/busybox: 1.31.1 $docker push Registry. Admtest. Xinhua. Tech/foo/busybox: 1.31.1Copy the code

Finally, you can view the busyBox image you just uploaded on the project page:

other

To restart the Harbor service, go to the Harbor installation directory and run the following command:

$ cd /opt/harbor
$ docker-compse down -v
$ docker-compse up -d
Copy the code