Harbor 安装条件

官网给出了安装需要的最低硬件和软件的条件:https://goharbor.io/docs/2.0.0/install-config/installation-prereqs/

最低硬件要求:

资源 最低限度 推荐的
CPU 2核 4 核
内存 4GB 8 GB
磁盘 40 GB 160 GB

最低软件要求:

软件 版本 描述
Docker engine 版本 17.06.0-ce+ 或更高版本 有关安装说明,请参阅 Docker 引擎文档
Docker Compose 版本 1.18.0 或更高版本 有关安装说明,请参阅 Docker Compose 文档
OpenSSL 最新的优先 用于为 Harbor 生成证书和密钥

Harbor 要求在目标主机上打开以下端口:

端口号 协议 描述
443 HTTPS Harbor 门户和核心 API 接受此端口上的 HTTPS 请求。您可以在配置文件中更改此端口。
4443 HTTPS 与 Harbor 的 Docker 内容信任服务的连接。仅在启用 Notary 时才需要。您可以在配置文件中更改此端口。
80 HTTP Harbor 门户和核心 API 接受此端口上的 HTTP 请求。您可以在配置文件中更改此端口。

在线安装和离线安装

可以从 官方发布页面下载 Harbor 安装程序。下载在线安装程序或离线安装程序。

  • 在线安装程序:在线安装程序从 Docker 中心下载 Harbor 镜像。因此,安装程序的尺寸非常小。
  • 离线安装程序:如果要部署 Harbor 的主机没有连接到 Internet,请使用离线安装程序。离线安装程序包含预先构建的映像,因此它比在线安装程序大

在线和离线安装程序的安装过程几乎相同。

这里我主要使用离线安装,因为在线安装因为墙、内部网络等原因,有的同学会下载很慢,而离线安装包都包含了预先构建的镜像,所以直接现在离线安装包最好!

离线安装

官方发布 页面下载离线安装包:

下载后将压缩包上传到服务器使用命令tar -zxf harbor-offline-installer-v2.4.2.tgz解压,解压后如下图:

解压后在当前的解压路径可以得到文件夹harborcd harbor 进文件夹:

可以看到文件夹有一堆文件,其中最主要的是 harbor.yml.tmplinstall.sh ,他们分别是配置文件和安装执行文件。

# 复制并重命名一份新的配置文件
cp harbor.yml.tmpl harbor.yml
# 使用 vim 编辑配置文件,如果提示找不到vim ,使用以下命令安装 vim
# ubuntu 使用 sudo apt-get install vim
# redHat/Fedora/CentOS 使用 yum install vim
vim harbor.yml # 或者使用 vi harbor.yml 编辑

打开harbor.yml,最主要是更改一下几点,其他的保持默认即可:

harbor.yml示例模板:

# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: 192.168.0.2 # http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 8088 # 不使用HTTPS
# https related config
# https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
# certificate: /your/certificate/path
# private_key: /your/private/key/path # # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal # Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433 # The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345 # Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 100
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgres of harbor.
max_open_conns: 900 # The default data volume
data_volume: /mnt/harbor/data # Harbor Storage settings by default is using /data dir on local filesystem
# Uncomment storage_service setting If you want to using external storage
# storage_service:
# # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
# # of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
# ca_bundle: # # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
# # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
# filesystem:
# maxthreads: 100
# # set disable to true when you want to disable registry redirect
# redirect:
# disabled: false # Trivy configuration
#
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
# It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
# in the local file system. In addition, the database contains the update timestamp so Trivy can detect whether it
# should download a newer version from the Internet or use the cached one. Currently, the database is updated every
# 12 hours and published as a new release to GitHub.
trivy:
# ignoreUnfixed The flag to display only fixed vulnerabilities
ignore_unfixed: false
# skipUpdate The flag to enable or disable Trivy DB downloads from GitHub
#
# You might want to enable this flag in test or CI/CD environments to avoid GitHub rate limiting issues.
# If the flag is enabled you have to download the `trivy-offline.tar.gz` archive manually, extract `trivy.db` and
# `metadata.json` files and mount them in the `/home/scanner/.cache/trivy/db` path.
skip_update: false
#
# The offline_scan option prevents Trivy from sending API requests to identify dependencies.
# Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it.
# For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't
# exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode.
# It would work if all the dependencies are in local.
# This option doesn’t affect DB download. You need to specify "skip-update" as well as "offline-scan" in an air-gapped environment.
offline_scan: false
#
# insecure The flag to skip verifying registry certificate
insecure: false
# github_token The GitHub access token to download Trivy DB
#
# Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
# for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
# requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
# https://developer.github.com/v3/#rate-limiting
#
# You can create a GitHub token by following the instructions in
# https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
#
# github_token: xxx jobservice:
# Maximum number of job workers in job service
max_job_workers: 10 notification:
# Maximum retry count for webhook job
webhook_job_max_retry: 10 chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled # Log configurations
log:
# options are debug, info, warning, error, fatal
level: info
# configs for logs in local storage
local:
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
rotate_count: 50
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
# are all valid.
rotate_size: 200M
# The directory on your host that store log
location: /var/log/harbor # Uncomment following lines to enable external syslog endpoint.
# external_endpoint:
# # protocol used to transmit log to external endpoint, options is tcp or udp
# protocol: tcp
# # The host of external endpoint
# host: localhost
# # Port of external endpoint
# port: 5140 #This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 2.5.0 # Uncomment external_database if using external database.
# external_database:
# harbor:
# host: harbor_db_host
# port: harbor_db_port
# db_name: harbor_db_name
# username: harbor_db_username
# password: harbor_db_password
# ssl_mode: disable
# max_idle_conns: 2
# max_open_conns: 0
# notary_signer:
# host: notary_signer_db_host
# port: notary_signer_db_port
# db_name: notary_signer_db_name
# username: notary_signer_db_username
# password: notary_signer_db_password
# ssl_mode: disable
# notary_server:
# host: notary_server_db_host
# port: notary_server_db_port
# db_name: notary_server_db_name
# username: notary_server_db_username
# password: notary_server_db_password
# ssl_mode: disable # Uncomment external_redis if using external Redis server
# external_redis:
# # support redis, redis+sentinel
# # host for redis: <host_redis>:<port_redis>
# # host for redis+sentinel:
# # <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
# host: redis:6379
# password:
# # sentinel_master_set must be set to support redis+sentinel
# #sentinel_master_set:
# # db_index 0 is for core, it's unchangeable
# registry_db_index: 1
# jobservice_db_index: 2
# chartmuseum_db_index: 3
# trivy_db_index: 5
# idle_timeout_seconds: 30 # Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
# ca_file: /path/to/ca # Global proxy
# Config http proxy for components, e.g. http://my.proxy.com:3128
# Components doesn't need to connect to each others via http proxy.
# Remove component from `components` array if want disable proxy
# for it. If you want use proxy for replication, MUST enable proxy
# for core and jobservice, and set `http_proxy` and `https_proxy`.
# Add domain to the `no_proxy` field, when you want disable proxy
# for some special registry.
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy # metric:
# enabled: false
# port: 9090
# path: /metrics # Trace related config
# only can enable one trace provider(jaeger or otel) at the same time,
# and when using jaeger as provider, can only enable it with agent mode or collector mode.
# if using jaeger collector mode, uncomment endpoint and uncomment username, password if needed
# if using jaeger agetn mode uncomment agent_host and agent_port
# trace:
# enabled: true
# # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth
# sample_rate: 1
# # # namespace used to differenciate different harbor services
# # namespace:
# # # attributes is a key value dict contains user defined attributes used to initialize trace provider
# # attributes:
# # application: harbor
# # # jaeger should be 1.26 or newer.
# # jaeger:
# # endpoint: http://hostname:14268/api/traces
# # username:
# # password:
# # agent_host: hostname
# # # export trace data by jaeger.thrift in compact mode
# # agent_port: 6831
# # otel:
# # endpoint: hostname:4318
# # url_path: /v1/traces
# # compression: false
# # insecure: true
# # timeout: 10s # enable purge _upload directories
upload_purging:
enabled: true
# remove files in _upload directories which exist for a period of time, default is one week.
age: 168h
# the interval of the purge operations
interval: 24h
dryrun: false

编辑完成后按ESC,然后使用命令:wq保存并推出。

然后继续用命令执行安装./install.sh

安装过程(从别人博客上扒下来的图):

当出现红箭头指向的提示的时候,就表示安装成功了!

然后根据在harbor.yml文件中配置的端口与IP地址(或域名)进行访问

现在Harbor已经可以使用了!

由于我部署的时候没有使用HTTPS,所以使用docker登录的时候会出现一下异常信息(还是借的别人的图):

原因:Docker自从1.3.X之后docker registry交互默认使用的是HTTPS,但是搭建私有镜像默认使用的是HTTP服务,所以与私有镜像交时出现以上错误。

解决办法:

找到docker 的 daemon.json 配置文件,CentOS 7 的路径:/etc/docker/daemon.json(系统版本不同所处位置不同,其他版本的请自行百度),如果路径下没有这个文件自己创建即可。然后再配置文件里加上:

{
// docker 镜像下载地址
"registry-mirrors": ["https://mirror.ccs.tencentyun.com"],
// 不安全的镜像仓库(此处配置Harbor 的地址+端口号)
"insecure-registries": ["192.168.0.2:8088"],
}

操作完后让这个文件生效:

a.修改完成后reload配置文件
sudo systemctl daemon-reload b.重启docker服务
sudo systemctl restart docker.service

本次的Harbor安装教程就到此为止了,如需了解Harbor的更多详情信息请移步其他博客!

Harbor-私有镜像仓库的安装部署的更多相关文章

  1. 部署Harbor私有镜像仓库

    Harbor私有镜像仓库无坑搭建 目录 1. harbor介绍 2. docker-ce的安装 3. docker-compose的安装 4. Harbor私有仓库的安装 5. 客户端连接镜像仓库配置 ...

  2. Harbor私有镜像仓库(上)

    上图配置为工作环境 特别注意:win10现在不允许使用私有ca证书,到时登录浏览器会失败,可以选用火狐浏览器. 创建自己的CA证书 openssl req -newkey rsa:4096 -node ...

  3. 搭建Harbor私有镜像仓库--v1.5.1

     搭建Harbor私有镜像仓库--v1.5.1 1.介绍 Docker容器应用的开发和运行离不开可靠的镜像管理,虽然Docker官方也提供了公共的镜像仓库,但是从安全和效率等方面考虑,部署我们私有环境 ...

  4. k8s创建harbor私有镜像仓库

    1. 部署准备 准备harbor软件包 在部署节点上: mv harbor-offline-installer-v1.4.0.tgz /opt/ && cd /opt tar zxvf ...

  5. harbor私有镜像仓库的搭建与使用与主从复制

    harbor私有镜像仓库,私有仓库有两种,一种是harbor,一种是小型的私有仓库,harbor有两种模式,一种是主 从,一种是高可用仓库,项目需求,需要两台服务器,都有docker.ldap权限统一 ...

  6. Harbor私有镜像仓库(下)

    Harbor私有镜像仓库(下) 链接:https://pan.baidu.com/s/1MAb0dllUwmoOk7TeVCZOVQ 提取码:ldt5 复制这段内容后打开百度网盘手机App,操作更方便 ...

  7. harbor 私有镜像仓库使用

    使用harbor私有镜像仓库 登录镜像仓库reg.lvusyy.com docker login reg.lvusyy.com [centos@k8smaster ~]$ sudo docker lo ...

  8. Harbor私有镜像仓库无坑搭建

    转载:https://k8s.abcdocker.com/kubernetes_harbor.html 一.介绍 Docker容器应用的开发和运行路不开可靠的镜像管理,虽然Docker官方也提供了公共 ...

  9. 03: 使用docker搭建Harbor私有镜像仓库

    1.1 harbor介绍 1.Harbor简介 1. Harbor是一个用于存储和分发Docker镜像的企业级Registry服务器. 2. 镜像的存储harbor使用的是官方的docker regi ...

随机推荐

  1. 如何设置notepad++为默认文本编辑器

    第一步:选择.txt文件: 第二步:右键单击选择属性: 第三步:打开方式选择notepad++: 然后以后的文件都是用notepad++编写的了:

  2. bs4 & 二进制写入图片视频

    适用于:数据都在网页源代码上,可以直接从中提取到对应数据 例子:北京新发地网 原理:拿到页面源代码的文本,交给BeautifulSoup解析,然后找到对应的标签,获取值 关键词:BeautifulSo ...

  3. CentOS 并没有死,Rocky Linux 让其重生

    点击上方"开源Linux",选择"设为星标" 回复"学习"获取独家整理的学习资料! 近日,CentOS 官方发文称CentOS Stream ...

  4. 【软件构造】Mutable类型与Immutable类型

    [软件构造]Mutable类型与Immutable类型 1.前言 在软件构造这门课中,对mutable类型和immutable类型的深入理解,有助于后续ADT.可维护性.可复用性的学习,因此我们有必要 ...

  5. Dapr学习(2)之Rancher2.63(k8s&k3s)环境安装Dapr

    前言:前面写过一篇关于dapr入门安装的文章,self-host模式,使用docker安装的本地调试环境,并进行了测试:本篇介绍k8s方式安装dapr,此文主要基于的环境是k3s,通过rancher2 ...

  6. postman 脚本和变量

    背景 后端接口有登录或鉴权验证,通过 swagger 调用比较费劲,并且 java 的 swagger 库(不够自动化,嵌套类支持需要各种配置才能正常显示 schema)个人感觉也没有 .net co ...

  7. 常见的邮箱服务器(SMTP,POP3)地址,端口

    163.com: POP3服务器地址:pop.163.com(端口:110) SMTP服务器地址:smtp.163.com(端口:25) sina.com: POP3服务器地址:pop3.sina.c ...

  8. Nginx禁止使用IP访问

    在nginx的访问日志中,会出现只显示IP,而不出现域名的情况,在经过尝试之后,是因为没有设置禁止IP访问导致的. 下面就是在配置文件中设置禁止IP访问,来实现日志文件中$host显示域名. vim ...

  9. python读取csv、excel、mysql内容

    前提:导入扩展包 import pandas as pd import pymysql ①读取csv文件 fpath='/test.csv'ratings=pd.read_csv(fpath)prin ...

  10. 动态调试JS脚本文件:(JS源映射 - sourceURL)与 debugger

    我们在进行js调试时经常会对js进行调试,chrome 对js提示对支持非常友好,只需要F12就可以打开chrome的调试器 在sources里面就是页面请求后加载的一些资源文件,我们可以找到我们的j ...