Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how to deploy harbor visualization private image warehouse environment and services". In daily operation, I believe many people have doubts about how to deploy harbor visualization private image warehouse environment and services. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "harbor visualization private image warehouse environment and services". Next, please follow the editor to study!

Introduction to harbor

In the actual production operation and maintenance, it is often necessary to publish the image to dozens, hundreds or more nodes. At this time, images on a single Docker host can no longer be satisfied. There are more and more projects and more and more images, and it is not possible to put them on a single Docker host. We need a system like an image Git repository to manage images. Harbor, an enterprise image repository, is introduced here, which will serve as the image repository center for our container cloud platform.

Harbor is an open source container image repository with VMware payroll. In fact, Harbor extends the enterprise on Docker Rgestry, thus getting a wider range of applications. These new enterprise features include: management user interface, role-based access control, AD/LDAP integration and audit logs, which are sufficient to meet the basic enterprise needs.

Comparison between Harbor and Registry

Both Harbor and Registry are image repositories of Docker, but Harbor is the choice of more enterprises because it has many advantages over Registry.

Provide hierarchical transmission mechanism to optimize network transmission

Docker images are layered, and it is obviously not economical to use full files for each transfer (so using FTP is not appropriate). A mechanism must be provided to identify hierarchical transmission and identify the object of transmission with UUID as the identity.

Provide WEB interface to optimize user experience

It is obviously inconvenient to upload and download only the name of the image. A user interface is needed to support login and search functions, including distinguishing between public and private images.

Support for horizontally scaling clusters

Currently, users' upload and download operations on the image are concentrated on a certain server, so the corresponding access pressure needs to be decomposed.

Good security mechanism

The development team in the enterprise has many different positions, for different positions of personnel, assign different permissions, with better security

Harbor provides a role-based access control mechanism, and through the project to organize the image and access control. In kubernetes, resources are isolated through namespace. In enterprise application scenarios, the image resources used by kubernetes can be effectively managed and access controlled by combining the two, and the security of image use is enhanced. Especially in the multi-tenant scenario, the management of tenant image resources can be realized through the combination of tenant, namespace and project.

Preparation of harbor case demonstration environment

Prepare two servers and both docker services have been deployed

Hostname service IPharbor-client client (for uploading images) 192.168.117.130harbor-server server (for storing images) 192.168.117.131 service deployment

Harbor-server deployment

# download epel-release source [root@harbor-server ~] # yum install-y epel-release# download python package management system [root@harbor-server] # yum install-y python-pip# update pip installation package [root@harbor-server ~] # pip install-- upgrade pip# install docker-compose (docker orchestration tool) [root@harbor-server ~] # pip install docker-compose# download harbor Install the package and extract it (download from github) [root@harbor-server ~] # yum install-y wget [root@harbor-server ~] # wget https://github.com/goharbor/harbor/releases/download/v2.1.1/harbor-offline-installer-v2.1.1.tgz [root@harbor-server ~] # tar xf harbor-offline-installer-v2.1.1.tgz # modify the configuration file of harbor [root@harbor-server ~] # mv harbor/harbor.yml.tmpl / harbor/harbor.yml [root@harbor-server ~] # vim harbor/harbor.yml hostname: 192.168.117.131 # Native IP # comment out the following # https related config # https: # # https port for harbor Default is 443 # port: 443 # # The path of cert and key files for nginx # certificate: / your/certificate/path # private_key: / your/private/key/path# execute the harbor installation script [root@localhost harbor] # / harbor/install.sh. Slightly. ✔-Harbor has been installed and started successfully.----# to check the harbor user and password [root@localhost ~] # cat harbor/harbor.yml | grep admin # The IP address or hostname to access admin UI and registry service. # The initial password of Harbor admin # Remember Change the admin password from UI after launching Harbor. Harbor_admin_password: Harbor12345

The browser accesses http://192.168.117.131:80 and logs in to harbor

Upload a local image to harbor

New project

Enter the project name and allocate the storage capacity. If the project access level is not disclosed, you need to log in to harbor before uploading the image.

Harbor-client uploads image to harbor

# modify daemon.json configuration file [root@harbor-client ~] # vim / etc/docker/daemon.json {"registry-mirrors": ["https://3290299n.mirror.aliyuncs.com"], # Note: the upper and lower lines are used", "Segmentation # add the following parameters Docker-server IP and port "insecure-registries": ["192.168.117.131 docker 80"]} # restart the docker service [root@harbor-client ~] # systemctl restart docker# modify tomcat image name: project name / image name: label [root@harbor-client ~] # docker tag tomcat 192.168.117.131:80/tomcat/tomcat:harbor# project tomcat is not public, so log in to harbor first When uploading image [root@harbor-client ~] # docker login 192.168.117.131 Username 80 Username: admin Password: Harbor12345 [root@harbor-client ~] # docker push 192.168.117.131:80/tomcat/tomcat:harbor

The browser visits harbor to see if there is a newly uploaded image under the tomcat project.

Pull the tomcat image on harbor to the local image

The browser accesses harbor, click on the tomcat project and tomcat image, and then copy the pull command and execute it locally.

# Project tomcat is not made public, so log in to harbor first Pull image [root@harbor-client ~] # docker login 192.168.117.131 Username: admin Password: Harbor12345# image pull successfully [root@harbor-client ~] # docker pull 192.168.117.131:80/tomcat/tomcat@sha256:d9097a2878b148ddbdd69346dd902b55be74cf4271e1ac45a3bfb5273f93c181 sha256:d9097a2878b148ddbdd69346dd902b55be74cf4271e1ac45a3bfb5273f93c181: Pulling from tomcat/tomcat Digest: sha256:d9097a2878b148ddbdd69346dd902b55be74cf4271e1ac45a3bfb5273f93c181 Status: Downloaded newer image for 192.168.117.131:80/tomcat / tomcat@sha256:d9097a2878b148ddbdd69346dd902b55be74cf4271e1ac45a3bfb5273f93c181 192.168.117.131:80/tomcat/tomcat@sha256:d9097a2878b148ddbdd69346dd902b55be74cf4271e1ac45a3bfb5273f93c181# View Image [root@harbor-client ~] # docker images REPOSITORY TAG IMAGE ID CREATED SIZE tomcat latest 6fa48e047721 10 months ago 507MB 192.168.117.131:80/tomcat/tomcat 6fa48e047721 10 months ago 507MB

These are the details of the harbor visualization private image repository environment and service deployment examples. For more information about the deployment of harbor visualization private image repository environment, please pay attention to other related articles!

At this point, the study on "how to deploy the harbor visualization private image warehouse environment and services" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.