

1.1 获取阿里云容器镜像加速地址


1.2 配置Docker daemon加速器 


# vim /etc/docker/daemon.json
# cat /etc/docker/daemon.json
        "registry-mirrors": ["https://s27w6kze.mirror.aliyuncs.com"]

# systemctl daemon-reload
# systemctl restart docker

# docker pull centos

二、 容器镜像仓库 

2.1 Docker hub 

2.1.1 注册  


2.1.2 登录 


2.1.3 创建容器仓库 




2.1.4 在本地登录Docker Hub 

 默认可以不添加docker hub容器镜像仓库地址

[root@hcss-ecs-c9aa ~]# docker login
Log in with your Docker ID or email address to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com/ to create one.
You can log in with your password or a Personal Access Token (PAT). Using a limited-scope PAT grants better security and is required for organizations using SSO. Learn more at https://docs.docker.com/go/access-tokens/

Username: jokermqc
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See

Login Succeeded
[root@hcss-ecs-c9aa ~]# 


[root@hcss-ecs-c9aa ~]# docker logout
Removing login credentials for https://index.docker.io/v1/
[root@hcss-ecs-c9aa ~]# 

2.1.5 上传容器镜像 

 在登录Docker Hub主机上传容器镜像,向全球用户共享容器镜像。



[root@hcss-ecs-c9aa ~]# docker images
centos       latest    5d0da3dc9764   2 years ago   231MB

[root@hcss-ecs-c9aa ~]# docker tag centos jokermqc/centons:v1
[root@hcss-ecs-c9aa ~]# docker images
REPOSITORY         TAG       IMAGE ID       CREATED       SIZE
jokermqc/centons   v1        5d0da3dc9764   2 years ago   231MB
centos             latest    5d0da3dc9764   2 years ago   231MB
[root@hcss-ecs-c9aa ~]# 


 将本地镜像推送到docker hub中

[root@hcss-ecs-c9aa ~]# docker images
REPOSITORY         TAG       IMAGE ID       CREATED       SIZE
jokermqc/centons   v1        5d0da3dc9764   2 years ago   231MB
centos             latest    5d0da3dc9764   2 years ago   231MB
[root@hcss-ecs-c9aa ~]# docker push jokermqc/centos:v1
The push refers to repository [docker.io/jokermqc/centos]
74ddd0ec08fa: Mounted from library/centos 
v1: digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc size: 529
[root@hcss-ecs-c9aa ~]# 


2.1.6 下载容器镜像 

 [root@hcss-ecs-c9aa ~]# docker images -q | xargs docker rmi
Error response from daemon: conflict: unable to delete 5d0da3dc9764 (must be forced) - image is referenced in multiple repositories
Error response from daemon: conflict: unable to delete 5d0da3dc9764 (must be forced) - image is referenced in multiple repositories
Error response from daemon: conflict: unable to delete 5d0da3dc9764 (must be forced) - image is referenced in multiple repositories
[root@hcss-ecs-c9aa ~]# docker pull jokermqc/centos:v1
v1: Pulling from jokermqc/centos
Digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc
Status: Image is up to date for jokermqc/centos:v1
[root@hcss-ecs-c9aa ~]# docker images
REPOSITORY         TAG       IMAGE ID       CREATED       SIZE
jokermqc/centos    v1        5d0da3dc9764   2 years ago   231MB
centos             latest    5d0da3dc9764   2 years ago   231MB
jokermqc/centons   v1        5d0da3dc9764   2 years ago   231MB
[root@hcss-ecs-c9aa ~]#

 2.2 harbor

2.2.1 获取docker compost二进制文件 

# wget https://github.com/docker/compose/releases/download/1.25.0/docker-compose-Linux-x86_64

# ls

# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose

# chmod +x /usr/bin/docker-compose

# docker-compose version
docker-compose version 1.25.0, build 0a186604
docker-py version: 4.1.0
CPython version: 3.7.4
OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019

 2.2.2 获取harbor安装文件





# wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz

# ls

 2.2.3 获取TLS文件

# ls

# unzip kubemsb.com_nginx.zip
Archive:  kubemsb.com_nginx.zip
Aliyun Certificate Download
  inflating: 6864844_kubemsb.com.pem
  inflating: 6864844_kubemsb.com.key

# ls

2.2.4 修改配置文件 

# tar xf harbor-offline-installer-v2.4.1.tgz

# ls

# # mv 6864844_kubemsb.com.* harbor

# cd harbor/
# mv harbor.yml.tmpl harbor.yml 


# vim harbor.yml

# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or, because Harbor needs to be accessed by external clients.
hostname: www.kubemsb.com 修改为域名,而且一定是证书签发的域名

# http related config
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /root/harbor/6864844_kubemsb.com.pem 证书
  private_key: /root/harbor/6864844_kubemsb.com.key 密钥

# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
#   # set enabled to true means internal tls is enabled
#   enabled: true
#   # put your cert and key files on dir
#   dir: /etc/harbor/tls/internal

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: 12345 访问密码

2.2.5 执行预备脚本 

 # ./prepare

prepare base dir is set to /root/harbor
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir

2.2.6 执行安装脚本 

 # ./install.sh

[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.12

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.25.0

[Step 2]: loading Harbor images ...

[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor

[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-db     ... done
Creating registry      ... done
Creating registryctl   ... done
Creating redis         ... done
Creating harbor-portal ... done
Creating harbor-core   ... done
Creating harbor-jobservice ... done
Creating nginx             ... done
✔ ----Harbor has been installed and started successfully.----

2.2.7 验证安装情况 

 # docker ps
CONTAINER ID   IMAGE                                COMMAND                  CREATED              STATUS                        PORTS                                                                            NAMES
71c0db683e4a   goharbor/nginx-photon:v2.4.1         "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)>8080/tcp, :::80->8080/tcp,>8443/tcp, :::443->8443/tcp   nginx
4e3b53a86f01   goharbor/harbor-jobservice:v2.4.1    "/harbor/entrypoint.…"   About a minute ago   Up About a minute (healthy)                                                                                    harbor-jobservice
df76e1eabbf7   goharbor/harbor-core:v2.4.1          "/harbor/entrypoint.…"   About a minute ago   Up About a minute (healthy)                                                                                    harbor-core
eeb4d224dfc4   goharbor/harbor-portal:v2.4.1        "nginx -g 'daemon of…"   About a minute ago   Up About a minute (healthy)                                                                                    harbor-portal
70e162c38b59   goharbor/redis-photon:v2.4.1         "redis-server /etc/r…"   About a minute ago   Up About a minute (healthy)                                                                                    redis
8bcc0e9b06ec   goharbor/harbor-registryctl:v2.4.1   "/home/harbor/start.…"   About a minute ago   Up About a minute (healthy)                                                                                    registryctl
d88196398df7   goharbor/registry-photon:v2.4.1      "/home/harbor/entryp…"   About a minute ago   Up About a minute (healthy)                                                                                    registry
ed5ba2ba9c82   goharbor/harbor-db:v2.4.1            "/docker-entrypoint.…"   About a minute ago   Up About a minute (healthy)                                                                                    harbor-db
dcb4b57c7542   goharbor/harbor-log:v2.4.1           "/bin/sh -c /usr/loc…"   About a minute ago   Up About a minute (healthy)>10514/tcp                                                        harbor-log

2.2.8 访问harbor UI界面


三、docker 镜像上传至Harbor

3.1 修改docker daemon使用harbor 


# vim /etc/docker/daemon.json
# cat /etc/docker/daemon.json
        "insecure-registries": ["www.xxxx.com"]

# systemctl daemon-reload

# systemctl restart docker

3.2 docker tag 

# docker images
REPOSITORY                      TAG       IMAGE ID       CREATED        SIZE



[root@hcss-ecs-c9aa ~]# docker images
centos       latest    5d0da3dc9764   2 years ago   231MB

[root@hcss-ecs-c9aa ~]# docker tag centos jokermqc/centons:v1
[root@hcss-ecs-c9aa ~]# docker images
REPOSITORY         TAG       IMAGE ID       CREATED       SIZE
jokermqc/centons   v1        5d0da3dc9764   2 years ago   231MB
centos             latest    5d0da3dc9764   2 years ago   231MB
[root@hcss-ecs-c9aa ~]# 

3.3 docker push 

 # docker login www.xxxx.com
Username: admin  用户名 admin
Password:        密码   12345
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See

Login Succeeded 登陆成功

# docker push www.xxxx.com/library/centos:v1

3.4 docker pull 


# vim /etc/docker/daemon.json
# cat /etc/docker/daemon.json
        "insecure-registries": ["www.xxxx.com"]

 # systemctl daemon-reload
# systemctl restart docker

# docker pull www.xxx.com/library/centos:v1
v1: Pulling from library/centos
Digest: sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc
Status: Downloaded newer image for www.kubemsb.com/library/centos:v1

# docker images
REPOSITORY                       TAG       IMAGE ID       CREATED        SIZE
www.xxx.com/library/centos   v1        5d0da3dc9764   4 months ago   231MB


    2024-03-17 01:36:01      44 阅读