Shulou(Shulou.com)06/01 Report--

This article to share with you is about Kubernetes how to configure high-availability enterprise-level mirror repository Harbor, Xiaobian feel quite practical, so share with you to learn, I hope you can gain something after reading this article, not much to say, follow Xiaobian to see it.

1. Introduction to Harbor

1. Introduction to Harbor

Harbor is an enterprise-class Registry server for storing and distributing Docker images that extends open source Docker Distribution by adding enterprise-essential features such as security, identity, and administration. As an enterprise-class private Registry server, Harbor provides better performance and security. Increase the efficiency of users using Registry build and runtime environments to transfer images. Harbor supports replication of mirrored resources installed on multiple Registry nodes, all of which are stored in private registries, ensuring that data and intellectual property are managed in the company's internal network. Harbor also provides advanced security features such as user management, access control, and activity auditing.

2. Harbor characteristics

Role-based access control: Users and Docker image repositories are organized and managed through "projects". A user can have different permissions on multiple image repositories in the same namespace (project).

Mirror replication: Mirrors can be replicated (synchronously) across multiple Registry instances. Especially suitable for Load Balancer, high availability, mixed cloud and cloudy scenarios.

Graphical user interface: Users can browse through browsers, retrieve current Docker image repositories, manage projects and namespaces.

AD/LDAP support: Harbor can integrate existing AD/LDAP within the enterprise for authentication management.

Audit management: All operations against the mirror repository can be tracked for audit management.

Internationalization: Localized versions are available in English, Chinese, German, Japanese and Russian. More languages will be added.

RESTful API: The RESTful API gives administrators more control over Harbor and makes integration with other administrative software easier.

Deployment is simple: both online and offline installation tools are available, and can also be installed on vSphere platform (OVA mode) virtual appliances.

3. Harbor component

Harbor is architecturally composed of six main components:

Proxy: Harbor registry, UI, token and other services, through a pre-reverse proxy unified reception browser, Docker client requests, and forward the request to different backend services.

Registry: responsible for storing Docker images and handling docker push/pull commands. Because we want to control user access, that is, different users have different read and write permissions on Docker image, Registry will point to a token service, forcing users to carry a legal token in each docker pull/push request, Registry will decrypt the token through public key verification.

Core services: This is the core function of Harbor, mainly providing the following services:

UI: Provides a graphical interface to help users manage images on the registry and authorize users.

webhook: In order to obtain the status change of image on registry in time, configure webhook on Registry and pass the status change to UI module.

token service: responsible for issuing tokens to each docker push/pull command based on user permissions. Docker client requests to Regiøstry service, if they do not contain tokens, will be redirected here, and then request Registry again after obtaining tokens.

Database: Provides database services for core services, responsible for storing user permissions, audit logs, Docker image grouping information and other data.

Job Services: Provides mirror remote replication capabilities that synchronize local mirrors to other Harbor instances.

Log collector: To help monitor Harbor operations, it is responsible for collecting logs of other components for later analysis.

The relationship between the components is shown in the following figure:

Installation and configuration of Harbor

1. Environmental preparation

CentOS Linux release 7.3.1611 (Core)docker-ce-18.06.1docker-compose version 1.21.2, build a133471harbor-v1.8.0

2. Install docker

#Use Alibaba Cloud mirror repository wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo-O /etc/yum.repos.d/docker-ce.repo#Install dockeryum install -y docker-ce-18.06.1.ce-3 #You may not find the installation package yum -y install https://mirrors.aliyun.com/docker-ce/linux/centos/7/x86_64/stable/Packages/docker-ce-18.06.3.ce-3.el7.x86_64.rpm# Set docker startup parameters (optional)# graph: Set docker data directory: Select a larger partition (I don't need to configure it if it is the root directory here, the default is/var/lib/docker)# exec-opts: Set cgroup driver (default is cgroupfs, it is not recommended to set systemd)# insecure-registries: Set private repository cat >/etc/docker/daemon. json

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.