We usually use Harbor to manage docker images. The internal images built by the company will be uploaded to Harbor. When we help customers build services, we can directly pull the images from Harbor of the company
Docker and Docker-compose must be installed before harbor is installed
Download, extract, and configure
Due to network reasons, we adopt offline installation, installation files downloaded from https://github.com/goharbor/harbor/releases/tag/v2.2.2 offline, is nearly 500 m of that file
/usr/local/harbor: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf: tar -xzvf
> harbor.yyml. TMPL > harbor.yyml. TMPL > harbor.yyml.
hostnameThis is the domain name, you need to change to your company’s own domain name, if it is your own test, you can fill in a domain name, and then in/etc/hostsTo resolve the domain name to 127.0.0.1, here we type hub.demo.comhttp.portThis is the port. The default value is 80, which is not changed unless port 80 is occupiedhttpsThis is an HTTPS configuration, and the SSL certificate needs to be provided. If the certificate is generated by yourself, it needs to be set in the Docker configuration fileinsecure-registriesOtherwise, Docker will consider it an insecure domain name. Docker will generate a certificate and come back to modify it laterharbor_admin_passwordThis is the administrator password provided by Harbor to manage the backgrounddatabaseThe configuration below this node is harbor’s own database password and connection parametersdata_volumeDocker-comemess. yml: Docker-comemess. yml: Docker-comemess. yml: Docker-comemess. yml: docker-comemess. yml: docker-comemess. yml: docker-comemess. yml
The rest of the configuration parameters are left untouched and the SSL certificate is generated
Generating an SSL Certificate
Note: the SSL certificate generation introduced here is only used for testing, the real SSL certificate should be generated from a third party (such as Ali Cloud), the certificate generated casually, browser is not recognized
So let’s start generating
openssl genrsa -des3 -out server.key 2048
Copy the codeAfter executing the above command, you will be asked to fill in the password, the length of the password should not be less than 4 characters, we test a simpler password, enter 1234, after entering the password press Enter will generate a server. Key file in the current directory
openssl req -new -key server.key -out server.csr
Copy the codeWhen you run this command, you need to enter the password you entered in the previous step to generate server.key. Then you are asked to enter the country, province, city, organization name, and your own name in sequence
Next we remove the password for server.key
Old openssl rsa -in server.key.old -out server.keyCopy the codeEnter the password of the original server.key
Now you can generate the CRT certificate file
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Copy the codeAfter the above steps, two files need to be used, respectively: CRT and server.key, modify the harbor.yml. TMPL file, change the certificate in the HTTPS node to the path of server. CRT and private_key to the path of server.key
Install the harbor
Execute the following command
mv harbor.yml.tmpl harbor.yml
./install.sh
Copy the codeSince the Harbor we downloaded is offline version, all docker images needed have been downloaded, so the installation process is quick. If you download the harbor offline version, you may wait for a long time or even have a network error (you cannot download the image file).
Docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose up -d: docker-compose down To modify the container configuration, edit the docker-comemess.yml file
Harbor’s Docker container is started by default after installation
Add 192.168.3.3 hub.demo.com to /etc/hosts, where IP is the IP address of the harbor server
If the browser can’t open it, modify the harbor.yml file, comment out the HTTPS configuration, and retry./install.sh. Notice it’s not HTTPS, it’s HTTP
Open harbor management as follows:
The user name is admin and the password is configured in harbor.yml. The following interface is displayed after login:
Click Users on the left to create a user, assuming the name is Test
On the left, click Projects to create a project named Test. If the project is created successfully, the project details page will be displayed. Click Members and click + USER to enter the test USER created above
Docker pushes images to Harbor
To log in to Harbor, run the Docker command
docker login http://hub.demo.com
Copy the codeInput created above the test user name and password, if prompted the Error response from the daemon: Get https://hub.demo.com/v2/: dial TCP: lookup hub.demo.com: If no such host is used, the host cannot resolve the domain name hub.demo.com and you need to change the /etc/hosts
The message Login Succeeded indicates that the Login is successful, and the image can be pushed
// Create an image from docker Images. // Tag the image with the Harbor domain name. I am here in busybox image, for example docker tag busybox: latest hub.demo.com/test/busybox:v1 / / push docker push hub.demo.com/test/busybox:v1Copy the codeTo explain the above tag hub.demo.com/test/busybox:v1, hub.demo.com is the domain of harbor, the test is the project name in the harbor, busybox: v1 is mirror of the name and version number
After the push, refresh harbor administration background, you can see that the test project has a busybox: V1 image
Docker pulls the image from Harbor
Also log in to harbor via docker command. Why not log in to other image repositories? Because they set it up so everyone can pull the mirror
docker login http://hub.demo.com
Copy the codeTo verify that the pull is successful, delete busybox:v1 from the local tag
docker rmi hub.demo.com/test/busybox:v1
Copy the codeStart pulling the mirror
docker pull hub.demo.com/test/busybox:v1
Copy the codeCheck whether the mirror is pulled successfully
docker images | grep busybox
Copy the codeAfter the pull is successful, you can tag the local image again