This blog will introduce you how to use Harbor to build a safe and reliable private warehouse to ensure that your software packages and container images are properly managed and protected.
1. What is Harbor?
Harbor is an open source enterprise-level container image warehouse developed by VMware. It can provide enterprises with a centralized management platform for storing, distributing and protecting Docker images and Helm Charts. Harbor supports role-based access control, image replication, built-in security scanning and vulnerability management, allowing users to better control their software delivery process.
2. Steps to build Harbor private warehouse
Please install docker environment before installing harbor: you can refer to centos7 to install docker
1.Install harbor
You can download the latest Harbor installation package from Harbor's official GitHub page (https://github.com/goharbor/harbor/releases). Select the appropriate version according to your operating system, download it and transfer it to the virtual machine.
Or use the command (the version used in this article is v2.7.1):
# 可能下载不成功,建议下载后上传到环境
wget https://github.com/goharbor/harbor/releases/download/v2.7.1/harbor-offline-installer-v2.7.1.tgz
yum install -y docker-compose
2.Install harbor
[root@aliyun composetest]# ls
harbor-offline-installer-v2.7.1.tgz
[root@aliyun composetest]# mkdir /harb
[root@aliyun composetest]# mv harbor-offline-installer-v2.7.1.tgz /harb/
[root@aliyun composetest]# cd /harb/
[root@aliyun harb]# ls
harbor-offline-installer-v2.7.1.tgz
[root@aliyun harb]# tar xf harbor-offline-installer-v2.7.1.tgz
[root@aliyun harb]# ls
harbor harbor-offline-installer-v2.7.1.tgz
[root@aliyun harb]# cd harbor/
[root@aliyun harbor]# ls
common.sh harbor.v2.7.1.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
3. Modify configuration file
[root@aliyun harbor]# cp harbor.yml.tmpl harbor.yml
[root@aliyun harbor]# vim harbor.yml
Modify the IP and comment out the https below.
Comment out the following lines:
4.Install harbor
./install.sh
# 查看是否安装成功
docker-compose ps
3. Basic use of harbor
1. Web login
Enter http://ip:80 in the browser to access the Harbor page. The username and password are admin and Harbor12345 set by default in the harbor.yml configuration file.
When you see the following page, your login is successful:
2.Terminal login
Edit /etc/docker/daemon.json
and set the HTTP warehouse address that is allowed to be accessed.
{
"insecure-registries":["ip:80"] #harbor仓库IP地址
}
After modification, restart the docker service and enable harbor:
systemctl daemon-reload
systemctl restart docker
#进入harbor目录后执行以下命令
docker compose restart
Log in to the terminal and Login Succeeded
a message indicating successful login to the warehouse appears:
[root@aliyun harbor]# docker login IP:80
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
3. Image push
Modify image tag:
docker tag busybox:latest ip:80/library/busybox:latest
Push the image to Harbor:
[root@aliyun harbor]# docker push ip:80/library/busybox
Using default tag: latest
The push refers to repository [ip:80/library/busybox]
3d24ee258efc: Pushed
latest: digest: sha256:023917ec6a886d0e8e15f28fb543515a5fcd8d938edb091e8147db4efed388ee size: 528
Log in to the warehouse to view: