服务器之家

服务器之家 > 正文

docker私库Harbor的架构与组件说明

时间:2021-03-14 18:09     来源/作者:liumiaocn

这篇文章来了解一下harbor架构的组成和运行时各个组件的使用方式。

架构

docker私库Harbor的架构与组件说明

容器信息

?
1
2
3
4
5
6
7
8
9
10
11
[root@liumiao harbor]# docker-compose ps
    name           command        state                ports               
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver  /harbor/start.sh         up                         
harbor-db      /usr/local/bin/docker-entr ...  up   3306/tcp                      
harbor-jobservice  /harbor/start.sh         up                         
harbor-log      /bin/sh -c /usr/local/bin/ ...  up   127.0.0.1:1514->10514/tcp                   
harbor-ui      /harbor/start.sh         up                         
nginx        nginx -g daemon off;       up   0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp
redis        docker-entrypoint.sh redis ...  up   6379/tcp                      
registry       /entrypoint.sh serve /etc/ ...  up   5000/tcp                       [root@liumiao harbor]#

具体说明

docker私库Harbor的架构与组件说明

proxy

proxy就是使用nginx作为反向代理,而整个的核心则在于nginx的设定文件,通过如下的设定文件可以清楚的看到harbor所解释的将各个其他组件集成在一起的说明内容,而实际的实现也基本上就是靠nginx的设定。

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
[root@liumiao harbor]# ls
license common          docker-compose.notary.yml ha     harbor.v1.5.2.tar.gz open_source_license
notice  docker-compose.clair.yml docker-compose.yml     harbor.cfg install.sh      prepare
[root@liumiao harbor]# cat common/config/nginx/nginx.conf
worker_processes auto;
events {
 worker_connections 1024;
 use epoll;
 multi_accept on;
}
http {
 tcp_nodelay on;
 # this is necessary for us to be able to disable request buffering in all cases
 proxy_http_version 1.1;
 upstream registry {
  server registry:5000;
 }
 upstream ui {
  server ui:8080;
 }
 log_format timed_combined '$remote_addr - '
  '"$request" $status $body_bytes_sent '
  '"$http_referer" "$http_user_agent" '
  '$request_time $upstream_response_time $pipe';
 access_log /dev/stdout timed_combined;
 server {
  listen 80;
  server_tokens off;
  # disable any limits to avoid http 413 for large image uploads
  client_max_body_size 0;
  location / {
   proxy_pass http://ui/;
   proxy_set_header host $host;
   proxy_set_header x-real-ip $remote_addr;
   proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
   # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header x-forwarded-proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /v1/ {
   return 404;
  }
  location /v2/ {
   proxy_pass http://ui/registryproxy/v2/;
   proxy_set_header host $http_host;
   proxy_set_header x-real-ip $remote_addr;
   proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
   # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header x-forwarded-proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /service/ {
   proxy_pass http://ui/service/;
   proxy_set_header host $host;
   proxy_set_header x-real-ip $remote_addr;
   proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
   # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header x-forwarded-proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /service/notifications {
   return 404;
  }
 }
}
[root@liumiao harbor]#

database

可以看到使用的是mariadb 10.2.14, harbor的数据库名称为registry

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@liumiao harbor]# docker exec -it harbor-db sh
sh-4.3# mysql -uroot -pliumiaopw
welcome to the mariadb monitor. commands end with ; or \g.
your mariadb connection id is 21
server version: 10.2.14-mariadb source distribution
copyright (c) 2000, 2018, oracle, mariadb corporation ab and others.
type 'help;' or '\h' for help. type '\c' to clear the current input statement.
mariadb [(none)]> show databases;
+--------------------+
| database      |
+--------------------+
| information_schema |
| mysql       |
| performance_schema |
| registry      |
+--------------------+
4 rows in set (0.00 sec)
mariadb [(none)]>

数据库表的信息进行确认后可以看到,当前版本的这种使用方式下,数据库的表有如下 20张表左右

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
mariadb [(none)]> use registry;
reading table information for completion of table and column names
you can turn off this feature to get a quicker startup with -a
database changed
mariadb [registry]> show tables;
+-------------------------------+
| tables_in_registry      |
+-------------------------------+
| access            |
| access_log          |
| alembic_version        |
| clair_vuln_timestamp     |
| harbor_label         |
| harbor_resource_label     |
| img_scan_job         |
| img_scan_overview       |
| project            |
| project_member        |
| project_metadata       |
| properties          |
| replication_immediate_trigger |
| replication_job        |
| replication_policy      |
| replication_target      |
| repository          |
| role             |
| user             |
| user_group          |
+-------------------------------+
20 rows in set (0.00 sec)
mariadb [registry]>

log collector

harbor中的日志缺省会在如下目录下进行汇集和管理

?
1
2
3
[root@liumiao harbor]# ls /var/log/harbor
adminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log
[root@liumiao harbor]#

docker-compose.yml

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
[root@liumiao harbor]# cat docker-compose.yml
version: '2'
services:
 log:
  image: vmware/harbor-log:v1.5.2
  container_name: harbor-log
  restart: always
  volumes:
   - /var/log/harbor/:/var/log/docker/:z
   - ./common/config/log/:/etc/logrotate.d/:z
  ports:
   - 127.0.0.1:1514:10514
  networks:
   - harbor
 registry:
  image: vmware/registry-photon:v2.6.2-v1.5.2
  container_name: registry
  restart: always
  volumes:
   - /data/registry:/storage:z
   - ./common/config/registry/:/etc/registry/:z
  networks:
   - harbor
  environment:
   - godebug=netdns=cgo
  command:
   ["serve", "/etc/registry/config.yml"]
  depends_on:
   - log
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "registry"
 mysql:
  image: vmware/harbor-db:v1.5.2
  container_name: harbor-db
  restart: always
  volumes:
   - /data/database:/var/lib/mysql:z
  networks:
   - harbor
  env_file:
   - ./common/config/db/env
  depends_on:
   - log
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "mysql"
 adminserver:
  image: vmware/harbor-adminserver:v1.5.2
  container_name: harbor-adminserver
  env_file:
   - ./common/config/adminserver/env
  restart: always
  volumes:
   - /data/config/:/etc/adminserver/config/:z
   - /data/secretkey:/etc/adminserver/key:z
   - /data/:/data/:z
  networks:
   - harbor
  depends_on:
   - log
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "adminserver"
 ui:
  image: vmware/harbor-ui:v1.5.2
  container_name: harbor-ui
  env_file:
   - ./common/config/ui/env
  restart: always
  volumes:
   - ./common/config/ui/app.conf:/etc/ui/app.conf:z
   - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
   - ./common/config/ui/certificates/:/etc/ui/certificates/:z
   - /data/secretkey:/etc/ui/key:z
   - /data/ca_download/:/etc/ui/ca/:z
   - /data/psc/:/etc/ui/token/:z
  networks:
   - harbor
  depends_on:
   - log
   - adminserver
   - registry
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "ui"
 jobservice:
  image: vmware/harbor-jobservice:v1.5.2
  container_name: harbor-jobservice
  env_file:
   - ./common/config/jobservice/env
  restart: always
  volumes:
   - /data/job_logs:/var/log/jobs:z
   - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
  networks:
   - harbor
  depends_on:
   - redis
   - ui
   - adminserver
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "jobservice"
 redis:
  image: vmware/redis-photon:v1.5.2
  container_name: redis
  restart: always
  volumes:
   - /data/redis:/data
  networks:
   - harbor
  depends_on:
   - log
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "redis"
 proxy:
  image: vmware/nginx-photon:v1.5.2
  container_name: nginx
  restart: always
  volumes:
   - ./common/config/nginx:/etc/nginx:z
  networks:
   - harbor
  ports:
   - 80:80
   - 443:443
   - 4443:4443
  depends_on:
   - mysql
   - registry
   - ui
   - log
  logging:
   driver: "syslog"
   options:
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "proxy"
networks:
 harbor:
  external: false
[root@liumiao harbor]#

使用注意事项:自定义端口号

在前一篇文章的例子中我们使用默认的80口作为harbor的端口,如果希望进行更改(比如改为8848),按照如下步骤进行修改即可

docker私库Harbor的架构与组件说明

设定内容

可以通过查看数据库的properties或者api/systeminfo来确认harbor设定项目的详细信息

properties

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
[root@liumiao harbor]# docker exec -it harbor-db sh
sh-4.3# mysql -uroot -pliumiaopw
welcome to the mariadb monitor. commands end with ; or \g.
your mariadb connection id is 153
server version: 10.2.14-mariadb source distribution
copyright (c) 2000, 2018, oracle, mariadb corporation ab and others.
type 'help;' or '\h' for help. type '\c' to clear the current input statement.
mariadb [(none)]> use registry
reading table information for completion of table and column names
you can turn off this feature to get a quicker startup with -a
database changed
mariadb [registry]> select * from properties;
+----+--------------------------------+----------------------------------------------+
| id | k               | v                      |
+----+--------------------------------+----------------------------------------------+
| 1 | cfg_expiration         | 5                      |
| 2 | project_creation_restriction  | everyone                   |
| 3 | uaa_client_secret       | <enc-v1>cbvrpcg+p3onvnjh8vm+sjvlceskyg==   |
| 4 | clair_db_host         | postgres                   |
| 5 | token_service_url       | http://ui:8080/service/token         |
| 6 | mysql_password         | <enc-v1>hdqd+pbhcg9ewk9df3rzm43fttpvcjdvyq== |
| 7 | uaa_endpoint          | uaa.mydomain.org               |
| 8 | max_job_workers        | 50                      |
| 9 | sqlite_file          |                       |
| 10 | email_from           | admin <sample_admin@mydomain.com>      |
| 11 | ldap_base_dn          | ou=people,dc=mydomain,dc=com         |
| 12 | clair_db_port         | 5432                     |
| 13 | mysql_port           | 3306                     |
| 14 | ldap_search_dn         |                       |
| 15 | clair_db_username       | postgres                   |
| 16 | email_insecure         | false                    |
| 17 | database_type         | mysql                    |
| 18 | ldap_filter          |                       |
| 19 | with_notary          | false                    |
| 20 | admin_initial_password     | <enc-v1>4zevd/gfbysdf9i6pfei/xivfghpitad3w== |
| 21 | notary_url           | http://notary-server:4443          |
| 22 | auth_mode           | db_auth                   |
| 23 | ldap_group_search_scope    | 2                      |
| 24 | ldap_uid            | uid                     |
| 25 | email_username         | sample_admin@mydomain.com          |
| 26 | mysql_database         | registry                   |
| 27 | reload_key           |                       |
| 28 | clair_url           | http://clair:6060              |
| 29 | ldap_group_search_filter    | objectclass=group              |
| 30 | email_password         | <enc-v1>h18ptbum5ojwtkozjj4x5loipw==     |
| 31 | email_ssl           | false                    |
| 32 | ldap_timeout          | 5                      |
| 33 | uaa_client_id         | id                      |
| 34 | registry_storage_provider_name | filesystem                  |
| 35 | self_registration       | true                     |
| 36 | email_port           | 25                      |
| 37 | ui_url             | http://ui:8080                |
| 38 | token_expiration        | 30                      |
| 39 | email_identity         |                       |
| 40 | clair_db            | postgres                   |
| 41 | uaa_verify_cert        | true                     |
| 42 | ldap_verify_cert        | true                     |
| 43 | ldap_group_attribute_name   | cn                      |
| 44 | mysql_host           | mysql                    |
| 45 | read_only           | false                    |
| 46 | ldap_url            | ldaps://ldap.mydomain.com          |
| 47 | ext_endpoint          | http://192.168.163.128            |
| 48 | ldap_group_base_dn       | ou=group,dc=mydomain,dc=com         |
| 49 | with_clair           | false                    |
| 50 | admiral_url          | na                      |
| 51 | ldap_scope           | 2                      |
| 52 | registry_url          | http://registry:5000             |
| 53 | jobservice_url         | http://jobservice:8080            |
| 54 | email_host           | smtp.mydomain.com              |
| 55 | ldap_search_password      | <enc-v1>f2qzkeeptqpsj9knsbwcxa==       |
| 56 | mysql_username         | root                     |
| 57 | clair_db_password       | <enc-v1>igbg3nxvt7qcygib+zizax+gojom7ao2vq== |
+----+--------------------------------+----------------------------------------------+
57 rows in set (0.00 sec)
mariadb [registry]>

api/systeminfo

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@liumiao harbor]# curl http://localhost/api/systeminfo
{
 "with_notary": false,
 "with_clair": false,
 "with_admiral": false,
 "admiral_endpoint": "na",
 "auth_mode": "db_auth",
 "registry_url": "192.168.163.128",
 "project_creation_restriction": "everyone",
 "self_registration": true,
 "has_ca_root": false,
 "harbor_version": "v1.5.2-8e61deae",
 "next_scan_all": 0,
 "registry_storage_provider_name": "filesystem",
 "read_only": false
}[root@liumiao harbor]#

总结

以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,谢谢大家对服务器之家的支持。如果你想了解更多相关内容请查看下面相关链接

原文链接:https://blog.csdn.net/liumiaocn/article/details/81812876

标签:

相关文章

热门资讯

2022年最旺的微信头像大全 微信头像2022年最新版图片
2022年最旺的微信头像大全 微信头像2022年最新版图片 2022-01-10
蜘蛛侠3英雄无归3正片免费播放 蜘蛛侠3在线观看免费高清完整
蜘蛛侠3英雄无归3正片免费播放 蜘蛛侠3在线观看免费高清完整 2021-08-24
背刺什么意思 网络词语背刺是什么梗
背刺什么意思 网络词语背刺是什么梗 2020-05-22
yue是什么意思 网络流行语yue了是什么梗
yue是什么意思 网络流行语yue了是什么梗 2020-10-11
暖暖日本高清免费中文 暖暖在线观看免费完整版韩国
暖暖日本高清免费中文 暖暖在线观看免费完整版韩国 2021-05-08
返回顶部