docker部署镜像仓库Harbor · SpringCloud微服务实战 · 看云
导航
在实际工作中,公司一般会有搭建一套自己的镜像仓库,不会将镜像推送到Docker Hub,Harbor是一款开源的Docker镜像存储仓库,它扩展了Docker Distribution,在此基础上添加了我们常用的功能,比如安全认证,RBAC用户权限管理,可视化页面操作等功能。我们只需要将自己的镜像推送到Harbor 即可。
1. 环境准备
在home 目录下新建一个harbor的目录
mkdir harbor
也可以使用命令拉去
wget https://github.com/goharbor/harbor/releases/download/v1.10.2/harbor-offline-installer-v1.10.2.tgz
解压
tar -xzvf harbor.v1.10.2.tar.gz
修改Harbor 的配置文件
第一步将https 的配置注释掉,否则安装的时候会报如下错误
[Step 4]: preparing harbor configs ...
prepare base dir is set to /usr/local/harbor
ERROR:root:Error: The protocol is https but attribute ssl_cert is not set
第二步将你服务器的这是hostname 设置进去,可以是域名或ip地址
执行安装命令
sh harbor/install.sh
看到下图所示的就安装成功了
2. 运行
默认的用户名密码为:admin,Harbor12345,登录后可以看到如下页面
3. 测试Harbor
下面通过新建项目和用户来演示
3.1 新建项目
新建项目名和并且可以设置项目的存储容量,都设置为-1 表示不限制
3.2 创建用户
现在我们创建一个测试的用户:fwcloud 密码: Fwcloud123
3.3 为项目绑定用户
在前面创建的项目fwcloud下绑定新建的用户fwcloud
创建一个开发的角色
3.4 Docker 配置修改
如果需要在Docker 登录到http docker仓库,还需要修改Docker 的配置内容
vi /etc/docker/daemon.json
添加内容如下:
"insecure-registries": ["122.51.209.48"]
修改完之后重启Docker
systemctl restart docker
登录Harbor 测试,如下所示,说明登录成功
[root@vm-0-4-centos harbor]# docker login 122.51.209.48
Username: fwcloud
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
3.5 镜像测试
从官方Docker Hub中拉取Nginx镜像
docker pull nginx
然后给该镜像打标签
docker tag nginx:latest 122.51.209.48/fwcloud/nginx:latest
将打包好的镜像推送到我们搭建Harbor仓库
docker push 122.51.209.48/fwcloud/nginx:latest
推送的日志如下
[root@vm-0-4-centos harbor]# docker push 122.51.209.48/fwcloud/nginx:latest
The push refers to repository [122.51.209.48/fwcloud/nginx]
be91fceb796e: Pushed
919b6770519b: Pushing [================================================> ] 56.29MB/57.56MB
b60e5c3bcef2: Pushed
通过Harbor 页面查看,Nginx镜像已经被推送上来
4. Docker 远程调用配置
后面我们计划是在Idea的Docker插件远程构建镜像,然后再推送到Harbor中
修改Docker 配置
vi /lib/systemd/system/docker.service
修改内容如下,将原先的内容注释掉,新加开发TCP协议的2375端口
#ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:/
重新加载配置文件
systemctl daemon-reload
重启服务
systemctl restart docker
通过GET请求http://122.51.209.48:2375/info如果可以获取下面的Json 结果,说明配置好了
{"ID":"JXU2:7DPO:RON3:JGPC:MOBU:PIWV:XOEV:UHGG:V5DA:EQUJ:ZRMH:TI2V","Containers":17,"ContainersRunning":9,"ContainersPaused":0,"ContainersStopped":8,"Images":22,"Driver":"overlay2","DriverStatus":[["Backing Filesystem","<unknown>"],["Supports d_type","true"],["Native Overlay Diff","true"]],"SystemStatus":null,"Plugins":{"Volume":["local"],"Network":["bridge","host","ipvlan","macvlan","null","overlay"],"Authorization":null,"Log":["awslogs","fluentd","gcplogs","gelf","journald","json-file","local","logentries","splunk","syslog"]},"MemoryLimit":true,"SwapLimit":true,"KernelMemory":true,"KernelMemoryTCP":true,"CpuCfsPeriod":true,"CpuCfsQuota":true,"CPUShares":true,"CPUSet":true,"PidsLimit":true,"IPv4Forwarding":true,"BridgeNfIptables":true,"BridgeNfIp6tables":true,"Debug":false,"NFd":88,"OomKillDisable":true,"NGoroutines":93,"SystemTime":"2020-04-19T18:01:25.594311151+08:00","LoggingDriver":"json-file","CgroupDriver":"cgroupfs","NEventsListener":0,"KernelVersion":"3.10.0-862.el7.x86_64","OperatingSystem":"CentOS Linux 7 (Core)","OSType":"linux","Architecture":"x86_64","IndexServerAddress":"https://index.docker.io/v1/","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":[],"AllowNondistributableArtifactsHostnames":[],"InsecureRegistryCIDRs":["127.0.0.0/8"],"IndexConfigs":{"122.51.209.48":{"Name":"122.51.209.48","Mirrors":[],"Secure":false,"Official":false},"docker.io":{"Name":"docker.io","Mirrors":["https://registry.docker-cn.com/","https://reg-mirror.qiniu.com/","https://hub-mirror.c.163.com/","https://docker.mirrors.ustc.edu.cn/"],"Secure":true,"Official":true}},"Mirrors":["https://registry.docker-cn.com/","https://reg-mirror.qiniu.com/","https://hub-mirror.c.163.com/","https://docker.mirrors.ustc.edu.cn/"]},"NCPU":2,"MemTotal":3974090752,"GenericResources":null,"DockerRootDir":"/var/lib/docker","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"vm-0-4-centos","Labels":[],"ExperimentalBuild":false,"ServerVersion":"19.03.8","ClusterStore":"","ClusterAdvertise":"","Runtimes":{"runc":{"path":"runc"}},"DefaultRuntime":"runc","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"docker-init","ContainerdCommit":{"ID":"7ad184331fa3e55e52b890ea95e65ba581ae3429","Expected":"7ad184331fa3e55e52b890ea95e65ba581ae3429"},"RuncCommit":{"ID":"dc9208a3303feef5b3839f4323d9beb36df0a9dd","Expected":"dc9208a3303feef5b3839f4323d9beb36df0a9dd"},"InitCommit":{"ID":"fec3683","Expected":"fec3683"},"SecurityOptions":["name=seccomp,profile=default"],"Warnings":["WARNING: API is accessible on http://0.0.0.0:2375 without encryption.\n Access to the remote API is equivalent to root access on the host. Refer\n to the 'Docker daemon attack surface' section in the documentation for\n more information: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"]}
5. 测试IDEA 构建镜像
IDEA 里面默认已经安装了Docker插件,没有的话自己安装下,打开设置搜索docker,然后配置远程的Docker 地址,如果出现Connection successful 说明连接成功。
5.1 远程构建demo 演示
笔者在fw-cloud-docker 演示,在这个模块下面,添加Docker 配置,Run built image这个钩给它去掉,表示构建好不用启动容器
先打包jar
然后使用docker 打包镜像,看到successful 说明构建成功
到远程Docker 服务器可以输入命令docker images | grep fw-cloud-docker可以看到已经推上来了
[root@vm-0-4-centos ~]# docker images | grep fw-cloud-docker
122.51.209.48/fwcloud/fw-cloud-docker latest eb435f75645f 9 minutes ago 267MB
在远程启动刚才打包的镜像
docker run 122.51.209.48/fwcloud/fw-cloud-docker
可以看到启动正常
浏览器或Postman 输入http://服务器IP:8901/hello可以看到如下结果
