Shulou(Shulou.com)06/03 Report--

In the actual production, operation and maintenance, it is often necessary to publish the images to dozens, hundreds or more nodes. At this time, images on a single Docker host can no longer be satisfied. As there are more and more projects, there are more and more images. It is not possible to put them on a single Docker host. We need a system like a Git repository to manage images uniformly. Harbor, an enterprise image repository, is introduced here, which will serve as the image repository center for our container cloud platform.

Habor is an open source container image repository by VMWare. In fact, Habor has been extended to the enterprise level on Docker Registry, thus getting a wider range of applications. These new enterprise-level features include: management user interface, role-based access control, AD/LDAP integration and audit logs, which are sufficient to meet the basic enterprise needs.

Official address: https://vmware.github.io

Github: https://github.com/goharbor/harbor

1. Main functions of Harbor role-based access control (RBAC)

In an enterprise, there are usually different development teams responsible for different projects, and images are like code, and each person has different roles and needs, so access control is needed and corresponding permissions are assigned according to roles.

For example, developers need to build on the project, which uses read and write permissions (push/pull), testers only need read permissions (pull), operators generally manage image repositories, have the ability to assign permissions, and project managers have all permissions.

Mirror replication

Mirrors in the repository can be synchronized to a remote Harbor, similar to the MySQL master-slave synchronization function.

LDAP

Harbor supports LDAP authentication and can easily access existing LDAP.

Image deletion and space reclamation

Harbor supports deleting images in Web, recycling useless images, and freeing disk space.

Graphic page management

Users are very good at searching for images and project management.

Audit

All operations of the warehouse are recorded.

REST API

Complete API, easy to integrate with the outside.

2. Harbor components

Component function harbor-adminserver configuration management center harbor-dbMysql database harbor-jobservice is responsible for mirror replication harbor-log record operation log harbor-uiWeb management page and APInginx front-end agent, responsible for front-end pages and image upload / download forwarding redis session registry image storage 3, Harbor deployment

Environmental requirements:

There are three ways to install Harbor:

Online installation: download Harbor related images from Docker Hub, so the installation package is very small

Offline installation: the installation package contains the relevant images of the deployment, so the installation package is relatively large

OVA installer: when the user has a vCenter environment, use this installer to start Harbor after deploying OVA

We use offline installation. First download the offline installation package: https://github.com/vmware/harbor/releases

Deployment in HTTP mode

Basic configuration:

Prepare the configuration file:

#. / prepare

Install and start Harbor:

#. / install.sh

View the running status:

The deployment is complete, isn't it easy!

If there is a non-Up status, check the log first:

# ls / var/log/harbor/

Adminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log

HTTPS deployment:

If you want to provide services in https encryption, you can refer to this free video tutorial: https://ke.qq.com/course/311382

Or refer to the official document: https://github.com/vmware/harbor/blob/master/docs/configure_https.md

4. Log in to the Web page

Browser input: http://10.206.240.188

Account number: admin

Password: Harbor12345

There are four projects here. Library comes with it by default. It is usually used to store some public images. Anyone can pull images under this project, but push,push cannot be logged in first. The other three projects are created by myself, please ignore them.

5. The library project gives new users push rights.

Create a user first:

Enter the library project and add the user to this member:

This gives the lizhenliang user push access to the library project.

Note: creating a new project gives users the same permissions.

7. Upload image

Next, push the image you just built to the Harbor repository, and first take a look at the image we want to push:

Before pushing, you need to pay attention to the first column, which is in the full format:

If the image is only stored locally, REPOSITORY can write anything, but if it is pushed to the image repository, you must specify the address of the repository center.

Therefore, to rename REPOSITORY first is to refer to the source image to mark a target image:

Access denied. As I just said, push needs to log in first:

8. Download the image

How do other Docker hosts download the image just pushed?

Since the Harbor we built is provided by HTTP, and Docker CLI accesses the repository with HTTPS by default, you must configure trustworthy first, otherwise the pull image repository will fail. If HTTPS provides services, there is no need to configure this step.

The address of pull is the same as that of push.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.