Harbor是由VMware公司开源的企业级的Docker Registry管理项目，相比docker官方拥有更丰富的权限权利和完善的架构设计，适用大规模docker集群部署提供仓库服务,并且提供UI界面。
一般harbor可以通过helm或者docker-compose安装，本文以compose安装为例，介绍harbor如何配置腾讯云对象存储COS作为私有镜像仓库存储地址。

一 部署过程

1 准备：

安装docker-compose

curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

2 重启docker

systemctl daemon-reload

3 下载habor装包解压 harbor.v2.1.0.tar.gz

3.1 配置项注意：

• hostname 修改主机地址，即访问域名
• https 增加HTTPS证书配置，注意如果使用了CLB，需要在CLB同时配置证书
• storage_service 中配置COS信息，注意harbor支持aws S3,可以在s3中配置COS桶信息，需要在对象存储提前建好对应桶信息
• 注意harbor日志路径：默认 /var/log/harbor/registryctl.log

# harbor.v2.1.0.tar.gz vi harbor.yml -----------harbor.yml--------- # Configuration file of Harbor # The IP address or hostname to access admin UI and registry service. # DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. hostname: harbor.yourset.com # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 80 # https related config https: # https port for harbor, default is 443 port: 443 # The path of cert and key files for nginx certificate: /data/key/harbor.yourset.com.crt private_key: /data/key/harbor.yourset.xyz.key # # Uncomment following will enable tls communication between all harbor components # internal_tls: # # set enabled to true means internal tls is enabled # enabled: true # # put your cert and key files on dir # dir: /etc/harbor/tls/internal # Uncomment external_url if you want to enable external proxy # And when it enabled the hostname will no longer used # external_url: https://reg.mydomain.com:8433 # The initial password of Harbor admin # It only works in first time to install harbor # Remember Change the admin password from UI after launching Harbor. harbor_admin_password: Harborxxx # Harbor DB configuration database: # The password for the root user of Harbor DB. Change this before any production use. password: root123 # The maximum number of connections in the idle connection pool. If it 
4 启动，进入安装目录
 
$ docker-compose down -v

# 修改配置后，需要重新检查运行环境
$ ./prepare

# 启动harbor服务
$ docker-compose up -d
 
5 测试
 
5.1 网页测试，如果需要https访问，需要申请证书并配置在CLB及harbor服务器上
 
配置在harbor.yml的https中：
 
-----------------
  https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /data/key/harbor.yourset.com.crt
  private_key: /data/key/harbor.yourset.xyz.key
 
 
 
 
5.2 本地测试，输入密码
 
 
 
 
5.3 测试推镜像
 
 注意事项：需要在harbor中先建立项目，否则会推送失败
 
[root@centos ~/tmp]# docker tag hello-world 127.0.0.1/s3/hello-world:v1.0.0 
[root@centos ~/tmp]# docker push 127.0.0.1/s3/hello-world:v1.0.0
The push refers to repository [127.0.0.1/s3/hello-world]
f22b99068db9: Preparing 
unauthorized: project not found, name: s3: project not found, name: s3
[root@centos ~/tmp]# docker push 127.0.0.1/s3/hello-world:v1.0.0
The push refers to repository [127.0.0.1/s3/hello-world]
f22b99068db9: Pushed 
v1.0.0: digest: sha256:1b26826f602946860c279fce65829b57792 size: 525
 
5.4 对象存储中也生成了相关文件：
 
 
 
 
 
二 踩坑记录
 
2.1 S3配置踩坑
 
网上搜的文章及其他用户反馈S3部分的配置如下：
 
s3:
      region: ap-xxx
      bucket: xx-sigp-xxxxxxx
      accesskey: xxxxxxx
      secretkey: xxxxx
      endpoint: cos.ap-singapore.myqcloud.com
      secure: true
 
使用该配置后，启动harbor后总会有harbor-registryclt等容器不断重启，造成无法推拉镜像：
 
 
 
 
查看错误日志：
 
tail -f /var/log/harbor/registryctl.log 

Aug  3 15:32:31 172.30.0.1 registryctl[28778]: 2021-08-03T07:32:31Z [ERROR] [/registryctl/config/config.go:63]: failed to load storage driver, err:No region parameter provided
Aug  3 15:32:31 172.30.0.1 registryctl[28778]: 2021-08-03T07:32:31Z [FATAL] [/registryctl/main.go:78]: Failed to load configurations with error: No region parameter provided
 
关键信息：
 
 
 
 
询问几个同事都没有结论，在google查了半天也没找到相关的文档，只好决定从源码入手，先去查看registryctl/main.go源码：
 
 
 
 
继续查看config.go:63
 
https://github.com/goharbor/harbor/blob/9e117539492b9e54658b8c4dd240af231c351cb5/src/registryctl/config/config.go#L71
 
 
 
 
查看setStorageDriver()
 
 
 
 
找出storagedriver中s3的相关代码
 
 
 
 
查看s3部分：
 
https://github.com/distribution/distribution/blob/01f589cf8726565aa3c5c053be12873bafedbedc/registry/storage/driver/s3-aws/s3.go#L109
 
发现一段特别的地方：
 
 
 
 
当"regionendpoint"为空时，程序会去aws的官方的 validRegins列表中查询可用区，而本次是要配置腾讯云COS地址，当然在aws的region列表里面没有，所以会提示 err:No region parameter provided。
 
 
 
 
 
因此需要传入"regionendpoint"的key才可避免查询aws自己的region list（网上的文章误导人啊），而不是传入"endpoint"
 
，所以需要在harbor.yml中把配置改为：
 
s3:
      region: ap-xxx
      bucket: xx-sigp-xxxxxxx
      accesskey: xxxxxxx
      secretkey: xxxxx
      regionendpoint: cos.ap-singapore.myqcloud.com
      secure: true
 
修改后重载harbor启动成功，推拉镜像正常。
 
 
三 总结
 
 1 部署过程及时记录自己操作过程，关注日志
 
 2 如果网上没有现成的答案，请教身边的专家
 
 3 实在解决不了，去查源码，所有的逻辑都已经写在代码里了
 
文章来源于互联网:腾讯云harbor私有仓库部署实践





        







      

阅读:79937 | 评论:0 | 标签:云 腾讯