harbor搭建-主从复制
harbor搭建文章目录harbor搭建1、Harbor概述2、Harbor架构3、Harbor部署3.1 hostname配置3.2 dns配置3.3 yum源配置3.4 docker安装和启动3.5 harbor安装包准备3.6 harbor安装3.6.1 harbor安装前置工作3.6.2 https证书生成3.6.2 harbor正式安装启动3.7 Harbor web界面访问3.8 do
·
harbor搭建
文章目录
1、Harbor概述
VMware开源的企业级Registry项目Harbor,以Docker公司开源的registry 为基础,提供了管理UI, 基于角色的访问控制(Role Based Access Control),AD/LDAP集成、以及审计日志(Audit logging) 等企业用户需求的功能,同时还原生支持中文,主要特点:
- 基于角色的访问控制 - 用户与 Docker 镜像仓库通过“项目”进行组织管理,一个用户可以对多个镜像仓库在同一命名空间(project)里有不同的权限。
- 镜像复制 - 镜像可以在多个 Registry 实例中复制(同步)。尤其适合于负载均衡,高可用,混合云和多云的场景。
- 图形化用户界面 - 用户可以通过浏览器来浏览,检索当前 Docker 镜像仓库,管理项目和命名空间。
- AD/LDAP 支持 - Harbor 可以集成企业内部已有的 AD/LDAP,用于鉴权认证管理。
- 审计管理 - 所有针对镜像仓库的操作都可以被记录追溯,用于审计管理。
- 国际化 - 已拥有英文、中文、德文、日文和俄文的本地化版本。更多的语言将会添加进来。
- RESTful API - RESTful API 提供给管理员对于 Harbor 更多的操控, 使得与其它管理软件集成变得更容易。
- 部署简单 - 提供在线和离线两种安装工具, 也可以安装到 vSphere 平台(OVA 方式)虚拟设备
2、Harbor架构
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-AcycqU0M-1648889121949)(harbor搭建.assets/image-20210915112416374.png)]
如上图所描述,Harbor由6个大的模块所组成:
- Proxy: Harbor的registry、UI、token services等组件,都处在一个反向代理后边。该代理将来自浏览器、docker clients的请求转发到后端服务上。
- Registry: 负责存储Docker镜像,以及处理Docker push/pull请求。因为Harbor强制要求对镜像的访问做权限控制, 在每一次push/pull请求时,Registry会强制要求客户端从token service那里获得一个有效的token。
- Core services: Harbor的核心功能,主要包括如下3个服务:
1)UI: 作为Registry Webhook, 以图像用户界面的方式辅助用户管理镜像。
2) WebHook:WebHook是在registry中配置的一种机制, 当registry中镜像发生改变时,就可以通知到Harbor的webhook endpoint。Harbor使用webhook来更新日志、初始化同步job等。
3) Token 服务:负责根据用户权限给每个docker push/pull命令签发token. Docker 客户端向Regiøstry服务发起的请求,如果不包含token,会被重定向到这里,获得token后再重新向Registry进行请求 - Database:为core services提供数据库服务,负责储存用户权限、审计日志、Docker image分组信息等数据。
- Job services: 主要用于镜像复制,本地镜像可以被同步到远程Harbor实例上。
- Log collector: 负责收集其他组件的日志到一个地方
这里我们与上面运行的7个容器对比,对harbor-adminserver感觉有些疑虑。其实这里harbor-adminserver主要是作为一个后端的配置数据管理,并没有太多的其他功能。harbor-ui所要操作的所有数据都通过harbor-adminserver这样一个数据配置管理中心来完成。
3、Harbor部署
3.1 hostname配置
hostnamectl set-hostname demon-harbor
3.2 dns配置
vim /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
nameserver xx.xx.xx.xx
3.3 yum源配置
#本地yum
mount /dev/sr0 /mnt/
cd /etc/yum.repos.d
mkdir ./bak
mv ./*.repo ./bak/
vim yum.repo
[centos7]
name=centos7
baseurl=file:///mnt
enable=1
gpgcheck=0
yum clean all
yum makecache
#新yum源配置
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#yum -y install yum-utils
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3.4 docker安装和启动
yum -y install docker-ce
systemctl enable docker && systemctl start docker
3.5 harbor安装包准备
#harbor安装包地址
https://github.com/goharbor/harbor/releases
#我这里选择的是v2.2.3
harbor-offline-installer-v2.2.3.tgz
3.6 harbor安装
3.6.1 harbor安装前置工作
#安装Python-pip
yum install python-pip -y
pip install --upgrade pip
#安装docker-compose
pip install docker-compose
docker-compose -v
##这个种方式试过docker-compose安装没成功,选择了下面方式
#安装docker-compose,可以选择相应的版本 https://github.com/docker/compose/releases
wget "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -O /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
#harbor安装
makdir -p /root/zhs #上传harbor的包到该目录下
tar xf /root/zhs/harbor-offline-installer-v2.2.3.tgz
ls /root/zhs/harbor
cd /root/zhs/harbor
#========关键配置===========
cp harbor.yml.tmpl harbor.yml
#创建harbor持久化数据目录
mkdir -p /opt/application/harbor
#harbor.yml配置文件
修改部分,hostname,data_volume,https的证书路径,其他默认即可
#==================================================================================================================
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor-zhsn.dcesg.cn ##这里填写ip或者域名
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/docker/CA/harbor.pem
private_key: /etc/docker/CA/harbor-key.pem
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345 ##harbor默认密码
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123 ##数据库默认密码
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 50
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgres of harbor.
max_open_conns: 1000
# The default data volume
data_volume: /opt/application/harbor ##数据路径
```
3.6.2 https证书生成
参考官网https://goharbor.io/docs/2.2.0/install-config/configure-https/
openssl生成证书
开始使用openssl方式依据官网一步一步来做,但是证书还是有问题,最后选择cfssl方式没问题
#!/bin/bash
# 在该目录下操作生成证书,正好供harbor.yml使用
mkdir -p /data/cert
cd /data/cert
openssl genrsa -out ca.key 4096
openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor-zhsn.dcesg.cn" -key ca.key -out ca.crt
openssl genrsa -out harbor-zhsn.dcesg.cn.key 4096
openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=harbor-zhsn.dcesg.cn" -key harbor-zhsn.dcesg.cn.key -out harbor-zhsn.dcesg.cn.csr
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
#下面的配置按自己的实际配置
[alt_names]
DNS.1=harbor-zhsn.dcesg.cn
DNS.2=harbor
DNS.3=demon-harbor
EOF
openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in harbor-zhsn.dcesg.cn.csr -out harbor-zhsn.dcesg.cn.crt
openssl x509 -inform PEM -in harbor-zhsn.dcesg.cn.crt -out harbor-zhsn.dcesg.cn.cert
cp harbor.dcesg.cn.crt /etc/pki/ca-trust/source/anchors/harbor-zhsn.dcesg.cn.crt
update-ca-trust
# 把这三个复制到docke下
mkdir -p /etc/docker/certs.d/harbor-zhsn.dcesg.cn/
cp harbor-zhsn.dcesg.cn.cert /etc/docker/certs.d/harbor-zhsn.dcesg.cn/
cp harbor-zhsn.dcesg.cn.key /etc/docker/certs.d/harbor-zhsn.dcesg.cn/
cp ca.crt /etc/docker/certs.d/harbor-zhsn.dcesg.cn/
cp /etc/docker/certs.d/harbor-zhsn.dcesg.cn/ca.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
下面操作过程不用操作,如果是先部署号harbor再配置https就需要下面的操作
最终docker目录结构:
[root@localhost certs.d]# tree
.
└── harbor.digitalchina.com
├── harbor.digitalchina.com.cert <-- Server certificate signed by CA
├── harbor.digitalchina.com.key <-- Server key signed by CA
└── ca.crt <-- Certificate authority that signed the registry certificate
1 directory, 3 files
# 重启docker
systemctl restart docker.service
# 停止
docker-compose -v down
# 重新生成配置文件
cd /root/zhs/harbor
./prepare --with-notary --with-clair --with-chartmuseum #这个有错执行下面的
./prepare
# 启动
docker-compose up -d
cfssl生成https证书
fssl 是 CloudFlare 开源的一款 PKI/TLS 工具,cfssl 包含一个命令行工具和一个用于签名,验证并且捆绑 TLS 证书的HTTP API服务,使用 Go 语言编写
==================================================================================================
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor-zhsn.dcesg.cn ##这里填写ip或者域名
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /etc/docker/CA/harbor.pem
private_key: /etc/docker/CA/harbor-key.pem
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345 ##harbor默认密码
# Harbor DB configuration
database:
# The password for the root user of Harbor DB. Change this before any production use.
password: root123 ##数据库默认密码
# The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
max_idle_conns: 50
# The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgres of harbor.
max_open_conns: 1000
# The default data volume
data_volume: /opt/application/harbor ##数据路径
```
==================================================================================================
#wget如果面可以先下下来在放在服务器上
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/local/bin/cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/local/bin/cfssljson
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl*
mkdir /root/harbor-ca
cd /root/harbor-ca
cfssl print-defaults config > ca-config.json
cfssl print-defaults csr > ca-csr.json
vim ca-config.json
----------------------------------------------------
{
"signing": {
"default": {
"expiry": "876000h"
},
"profiles": {
"harbor": {
"expiry": "876000h",
"usages": [
"signing",
"key encipherment",
"server auth"
]
}
}
}
}
------------------------------------------------------
vim ca-csr.json
-----------------------------------------------------
{
"CN": "CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "hangzhou",
"L": "hangzhou",
"O": "harbor",
"OU": "System"
}
]
}
------------------------------------------------------
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
tree
├── ca-config.json #这是刚才的json
├── ca.csr
├── ca-csr.json #这也是刚才申请证书的json
├── ca-key.pem
├── ca.pem
vim harbor-csr.json
-----------------------------------------------------
{
"CN": "harbor-test",
"hosts": [
"dcesg.cn",
"*.dcesg.cn"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "CA",
"L": "San Francisco",
"O": "harbor",
"OU": "System"
}
]
}
---------------------------------------------------
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=harbor harbor-csr.json | cfssljson -bare harbor
tree
.
├── ca-config.json
├── ca.csr
├── ca-csr.json
├── ca-key.pem
├── ca.pem
├── harbor.csr
├── harbor-csr.json
├── harbor-key.pem
├── harbor.pem
#如果是jar包方式部署harbor需要下面操作
mkdir -p /etc/docker/certs.d/harbor-zhsn.dcesg.cn
mkdir -p /etc/docker/CA/
cp /root/harbor-ca/harbor-key.pem /etc/docker/CA/
cp /root/harbor-ca/harbor.pem /etc/docker/CA/
cp /root/harbor-ca/harbor.pem /etc/docker/certs.d/harbor-zhsn.dcesg.cn/harbor.crt
cp /root/harbor-ca/ca.pem /etc/pki/ca-trust/source/anchors/ca.crt
3.6.2 harbor正式安装启动
安装
安装harbor时候没有加参数–with-chartmuseum,harbor上没有chart内容
cd /root/zhs/harbor
./install.sh --with-chartmuseum
#harbor看开机自起
[root@demon-harbor harbor]# cat /lib/systemd/system/harbor.service
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/local/bin/docker-compose -f /root/zhs/harbor/docker-compose.yml up
ExecStop=/usr/local/bin/docker-compose -f /root/zhs/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
[root@demon-harbor harbor]# systemctl status harbor
● harbor.service - Harbor
Loaded: loaded (/usr/lib/systemd/system/harbor.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2021-12-03 21:04:51 CST; 2min 51s ago
Docs: http://github.com/vmware/harbor
Main PID: 26352 (docker-compose)
Tasks: 12
Memory: 66.5M
CGroup: /system.slice/harbor.service
├─26352 /usr/local/bin/docker-compose -f /root/zhs/harbor/docker-compose.yml up
└─26353 /usr/local/bin/docker-compose -f /root/zhs/harbor/docker-compose.yml up
12月 03 21:04:52 demon-harbor docker-compose[26352]: nginx is up-to-date
12月 03 21:04:52 demon-harbor docker-compose[26352]: Attaching to harbor-log, registry, harbor-db, harbor-portal, redis, registryctl, harbor-core, harbor-jobservice, nginx
12月 03 21:04:52 demon-harbor docker-compose[26352]: registry | WARNING: no logs are available with the 'syslog' log driver
12月 03 21:04:52 demon-harbor docker-compose[26352]: harbor-db | WARNING: no logs are available with the 'syslog' log driver
12月 03 21:04:52 demon-harbor docker-compose[26352]: harbor-portal | WARNING: no logs are available with the 'syslog' log driver
12月 03 21:04:52 demon-harbor docker-compose[26352]: redis | WARNING: no logs are available with the 'syslog' log driver
12月 03 21:04:52 demon-harbor docker-compose[26352]: registryctl | WARNING: no logs are available with the 'syslog' log driver
12月 03 21:04:52 demon-harbor docker-compose[26352]: harbor-core | WARNING: no logs are available with the 'syslog' log driver
12月 03 21:04:52 demon-harbor docker-compose[26352]: harbor-jobservice | WARNING: no logs are available with the 'syslog' log driver
12月 03 21:04:52 demon-harbor docker-compose[26352]: nginx | WARNING: no logs are available with the 'syslog' log driver
[root@demon-harbor harbor]#
查看运行的容器
docker ps
遇到的问题
如果遇到报错https相关,可以先注释掉https相关部分,https配置在部署好 harbor在进行配置
3.7 Harbor web界面访问
url:https://harbor-zhsn.dcesg.cn
账号:admin
密码:Harbor12345
3.8 docker后置配置
vim /etc/docker/daemon.json
{
"insecure-registry": ["harbor-zhsn.dcesg.cn"]
}
systemctl daemon-reload
systemctl restart docker
#查看harbor的pod把停掉的pod在启动起来
docker ps -a
3.9 harbor仓库测试
docker pull alpine
docker login harbor.digitalchina.com
docker tag alpine:latest harbor-zhsn.dcesg.cn/test/alpine:latest
docker push harbor-zhsn.dcesg.cn/test/alpine:latest
4、部署中的问题
4.1 harbor部署中报错
harbor部署中报错https的问题
解决办法:
先注释掉harbor.yml文件中相关https的内容,部署完harbor在进行https配置,在开启相关内容
4.2 docker login报错
Get "https://10.11.90.244/v2/": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0
解决办法:
查看资料是说是go的版本,一是修改go的环境变量GODEBUG=x509ignoreCN=0,二是使用SAN字段的证书,本人这两个方式都没有用
在docker.service在添加参数,下面是示例:
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock \
--insecure-registry develop-harbor.geostar.com.cn \
--insecure-registry test-harbor.geostar.com.cn \
--insecure-registry release-harbor.geostar.com.cn \
说明:这种方式其实还是走http,后来我用cfssl重新自签https证书就好了
5、harbor相关信息
5.1 web界面
url:https://harbor-zhsn.dcesg.cn
账号:admin
密码:Harbor12345
5.2 数据存放路径
/opt/application/harbor
5.3 证书存放路径
/data/cert
etc/docker/certs.d/harbor-zhsn.dcesg.cn/
6、更新pod
harbor的pod异常退出自动重启
for ns in `docker ps -a | awk 'NR>=2{print $1}'` ; do docker update --restart=always $ns ;done
for ns in `docker ps -a | awk 'NR>=2{print $1}'` ; do docker restart $ns ;done
7、harbor集成LDAP
注意:在用LDAP认证登陆的前提是harbor没有用户,如果有用户auth_mode: ldap_auth不会生效,需要在db中吧用户删除,admin除外
7.1 harbor-db中删除用户
[root@demon-harbor harbor]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4df5fc8aacfa goharbor/harbor-jobservice:v2.2.3 "/harbor/entrypoint.…" 11 minutes ago Up 11 minutes (healthy) harbor-jobservice
61af3ebef629 goharbor/nginx-photon:v2.2.3 "nginx -g 'daemon of…" 11 minutes ago Up 11 minutes (healthy) 0.0.0.0:4443->4443/tcp, :::4443->4443/tcp, 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp nginx
352abee1a3ac goharbor/harbor-core:v2.2.3 "/harbor/entrypoint.…" 11 minutes ago Up 11 minutes (healthy) harbor-core
acc63749ca23 goharbor/harbor-registryctl:v2.2.3 "/home/harbor/start.…" 11 minutes ago Up 11 minutes (healthy) registryctl
ed250d21130d goharbor/notary-server-photon:v2.2.3 "/bin/sh -c 'migrate…" 8 days ago Up 11 minutes notary-server
1c4be3c474fc goharbor/notary-signer-photon:v2.2.3 "/bin/sh -c 'migrate…" 8 days ago Up 11 minutes notary-signer
996f3ed2bbe4 goharbor/harbor-db:v2.2.3 "/docker-entrypoint.…" 8 days ago Up 11 minutes (healthy) harbor-db
cac03ff68ec3 goharbor/redis-photon:v2.2.3 "redis-server /etc/r…" 8 days ago Up 11 minutes (healthy) redis
dbde067a26cc goharbor/chartmuseum-photon:v2.2.3 "./docker-entrypoint…" 8 days ago Up 11 minutes (healthy) chartmuseum
565383dcc7de goharbor/registry-photon:v2.2.3 "/home/harbor/entryp…" 8 days ago Up 11 minutes (healthy) registry
7a2b2a564893 goharbor/harbor-portal:v2.2.3 "nginx -g 'daemon of…" 8 days ago Up 11 minutes (healthy) harbor-portal
9d1b124948a5 goharbor/harbor-log:v2.2.3 "/bin/sh -c /usr/loc…" 8 days ago Up 11 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
#进入harbor-db中
docker exec -it 996f3ed2bbe4 /bin/bash
psql -U postgres -h postgresql -p root123
\c registry
select * from harbor_user;
update harbor_user set deleted='t' where user_id=3;
delete from harbor_user where user_id=3;
select * from harbor_user;
\q
exit
7.2 调用接口更改LDAP认证
https://goharbor.io/docs/2.3.0/install-config/configure-user-settings-cli/
curl -X PUT -u "<username>:<password>" -H "Content-Type: application/json" -ki https://harbor.sample.domain/api/v2.0/configurations -d'{"auth_mode":"ldap_auth"}'
curl -X PUT -u "admin:Harbor12345" -H "Content-Type: application/json" -ki https://harbor.digitalchina.com/api/v2.0/configurations -d'{"auth_mode":"ldap_auth"}'
#状态码返回200是成功,其他失败,在查看具体的message
7.3 登陆harbor进行界面修改
注意:尝试过使用配置文件修改但是没有生效,在界面改后成功了
ou=Group,dc=digitalchina,dc=com
ou=People,dc=digitalchina,dc=com
10.11.99.21
cn=ebg,dc=digitalchina,dc=com
P@ssw0rd
ldap://xx.xx.xx.xx:389
7.4 测试LDAP账号登陆
[root@demon-harbor harbor]# docker login harbor.digitalchina.com
Username: zhanghsn
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
[root@demon-harbor harbor]#
[root@demon-harbor harbor]# docker tag harbor.digitalchina.com/test/alpine:1.0.0 harbor.digitalchina.com/test2/alpine:1.0.0
[root@demon-harbor harbor]# docker push harbor.digitalchina.com/test2/alpine:1.0.0
The push refers to repository [harbor.digitalchina.com/test2/alpine]
e2eb06d8af82: Mounted from test/alpine
1.0.0: digest: sha256:69704ef328d05a9f806b6b8502915e6a0a4faa4d72018dc42343f511490daf8a size: 528
[root@demon-harbor harbor]#
7.5 harbor账号
admin/******
8 harbor主从复制
8.1 从harbor配置
在仓库管理进行目标新建 ,并测试能正常连通,看下图。
注意:自签证书一定不能勾选验证远程证书
8.2 主harbor创建项目
在主harbor创建一个项目,并上传一个nginx的镜像
8.3 从harbor复制配置
在从harbor配置复制管理
8.4 从harbor同步主harbor
8.5 查看同步内容
项目和镜像都已经同步过来
为开发者提供学习成长、分享交流、生态实践、资源工具等服务,帮助开发者快速成长。
更多推荐
1
0- 0
已为社区贡献1条内容
所有评论(0)