2021年8月23日 星期一

自建 docker repository

Reference:
 
Uninstall old versions docker
  • yum remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine
install docker
  • yum install -y yum-utils
  • yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  • yum install docker-ce docker-ce-cli containerd.io
  • systemctl start docker
  • systemctl enable docker
Install Docker Compose
  • curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  • chmod +x /usr/local/bin/docker-compose
install horbor
  • 到 https://github.com/goharbor/harbor/releases/ 找 last-release
  • wget https://github.com/goharbor/harbor/releases/download/v2.3.1/harbor-offline-installer-v2.3.1.tgz
  • tar zxvf harbor-offline-installer-v2.3.1.tgz
  • cd harbor
  • ./install.sh
  • mkdir ssl
  • openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /root/harbor/ssl/nginx.key -out /root/harbor/ssl/nginx.crt
  • cp harbor.yml.tmpl harbor.yml
  • vi harbor.yml
    • hostname: <your_IP or hostname>
    • certificate: /root/harbor/ssl/nginx.crt
    • private_key: /root/harbor/ssl/nginx.key
    • harbor_admin_password: <your_password>
    • password: <your_password>
    • data_volume: /data
run docker-compose up -d at system start up
  • /etc/systemd/system/docker-compose-app.service
[Unit]
Description=Docker Compose Application Service
Requires=docker.service
After=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/srv/docker
ExecStart=/usr/local/bin/docker-compose up -d
ExecStop=/usr/local/bin/docker-compose down
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target
 
login harbor
  • http://<your_IP or hostname>
  • username: admin
  • password: <your_passw0rd>
create project
  • Project Name: baseimages
  • Access Level: Public

修改 docker config
  • vi /etc/docker/daemon.json

{
    "insecure-registries": ["<your_IP or hostname>"]
}

push image from client
  • docker tag SOURCE_IMAGE[:TAG] <your_IP or hostname>/baseimages/REPOSITORY[:TAG]
  • docker login <your_IP or hostname>
  • docker push <your_IP or hostname>/baseimages/REPOSITORY[:TAG]
docker push command可參考Harbor登入後的網頁
如果要刪除 docker tag
  • 用 docker image list 查出 REPOSITORY, TAG
  • docker rmi REPOSITORY[:TAG]
如果要把Harbor開放到外部使用,必須修改 /root/harbor/common/config/core/evn
  • EXT_ENDPOINT=https://external_domainname:port
  • vi  /etc/hosts
    • add  <private IP> <external domain name>
  • restart harbor service
    • docker-compose down
    • docker-compose up -d
  • Reference: Harbor使用外部代理问题记录 
 
2022/7/27 update:
如果要更換憑證,檔案目錄為 /data/secret/cert
舊檔案更名,將原本檔案名稱給新的憑證檔
restart harbor service 生效
張貼者: Chandler 下午2:59

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)