docker私库Harbor的架构与组件是什么

这篇文章主要介绍“Docker私库Harbor的架构与组件是什么”，在日常操作中，相信很多人在docker私库Harbor的架构与组件是什么问题上存在疑惑，小编查阅了各式资料，整理出简单好用的操作方法，希望对大家解答”docker私库Harbor的架构与组件是什么”的疑惑有所帮助！接下来，请跟着小编一起来学习吧！

架构

容器信息

[root@liumiao harbor]# docker-compose ps
    name           command        state                ports                
------------------------------------------------------------------------------------------------------------------------------
harbor-adminserver  /harbor/start.sh         up                          
harbor-db      /usr/local/bin/docker-entr ...  up   3306/tcp                       
harbor-jobservice  /harbor/start.sh         up                          
harbor-log      /bin/sh -c /usr/local/bin/ ...  up   127.0.0.1:1514->10514/tcp                    
harbor-ui      /harbor/start.sh         up                          
Nginx        nginx -g daemon off;       up   0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp, 0.0.0.0:80->80/tcp 
Redis        docker-entrypoint.sh redis ...  up   6379/tcp                       
reGIStry       /entrypoint.sh serve /etc/ ...  up   5000/tcp                       [root@liumiao harbor]#

具体说明

proxy

proxy就是使用nginx作为反向代理，而整个的核心则在于nginx的设定文件，通过如下的设定文件可以清楚的看到harbor所解释的将各个其他组件集成在一起的说明内容，而实际的实现也基本上就是靠nginx的设定。

[root@liumiao harbor]# ls
license common          docker-compose.notary.yml ha     harbor.v1.5.2.tar.gz open_source_license
notice  docker-compose.clair.yml docker-compose.yml     harbor.cfg install.sh      prepare
[root@liumiao harbor]# cat common/config/nginx/nginx.conf 
worker_processes auto;
events {
 worker_connections 1024;
 use epoll;
 multi_accept on;
}
Http {
 tcp_nodelay on;
 # this is necessary for us to be able to disable request buffering in all cases
 proxy_http_version 1.1;
 upstream registry {
  server registry:5000;
 }
 upstream ui {
  server ui:8080;
 }
 log_fORMat timed_combined '$remote_addr - '
  '"$request" $status $body_bytes_sent '
  '"$http_referer" "$http_user_agent" '
  '$request_time $upstream_response_time $pipe';
 access_log /dev/stdout timed_combined;
 server {
  listen 80;
  server_tokens off;
  # disable any limits to avoid http 413 for large image uploads
  client_max_body_size 0;
  location / {
   proxy_pass http://ui/;
   proxy_set_header host $host;
   proxy_set_header x-real-ip $remote_addr;
   proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
   # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header x-forwarded-proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /v1/ {
   return 404;
  }
  location /v2/ {
   proxy_pass http://ui/registryproxy/v2/;
   proxy_set_header host $http_host;
   proxy_set_header x-real-ip $remote_addr;
   proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
   # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header x-forwarded-proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /service/ {
   proxy_pass http://ui/service/;
   proxy_set_header host $host;
   proxy_set_header x-real-ip $remote_addr;
   proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
   # when setting up harbor behind other proxy, such as an nginx instance, remove the below line if the proxy already has similar settings.
   proxy_set_header x-forwarded-proto $scheme;
   proxy_buffering off;
   proxy_request_buffering off;
  }
  location /service/notifications {
   return 404;
  }
 }
}
[root@liumiao harbor]#

database

可以看到使用的是mariadb 10.2.14, harbor的数据库名称为registry

[root@liumiao harbor]# docker exec -it harbor-db sh
sh-4.3# Mysql -uroot -pliumiaopw
welcome to the mariadb monitor. commands end with ; or \g.
your mariadb connection id is 21
server version: 10.2.14-mariadb source distribution
copyright (c) 2000, 2018, oracle, mariadb corporation ab and others.
type 'help;' or '\h' for help. type '\c' to clear the current input statement.
mariadb [(none)]> show databases;
+--------------------+
| database      |
+--------------------+
| information_schema |
| mysql       |
| performance_schema |
| registry      |
+--------------------+
4 rows in set (0.00 sec)
mariadb [(none)]>

数据库表的信息进行确认后可以看到，当前版本的这种使用方式下，数据库的表有如下 20张表左右

mariadb [(none)]> use registry;
reading table information for completion of table and column names
you can turn off this feature to get a quicker startup with -a
database changed
mariadb [registry]> show tables;
+-------------------------------+
| tables_in_registry      |
+-------------------------------+
| access            |
| access_log          |
| alembic_version        |
| clair_vuln_timestamp     |
| harbor_label         |
| harbor_resource_label     |
| img_scan_job         |
| img_scan_overview       |
| project            |
| project_member        |
| project_metadata       |
| properties          |
| replication_immediate_trigger |
| replication_job        |
| replication_policy      |
| replication_target      |
| repository          |
| role             |
| user             |
| user_group          |
+-------------------------------+
20 rows in set (0.00 sec)
mariadb [registry]>

log collector

harbor中的日志缺省会在如下目录下进行汇集和管理

[root@liumiao harbor]# ls /var/log/harbor
adminserver.log jobservice.log mysql.log proxy.log redis.log registry.log ui.log
[root@liumiao harbor]#

docker-compose.yml

[root@liumiao harbor]# cat docker-compose.yml 
version: '2'
services:
 log:
  image: vmware/harbor-log:v1.5.2
  container_name: harbor-log 
  restart: always
  volumes:
   - /var/log/harbor/:/var/log/docker/:z
   - ./common/config/log/:/etc/logrotate.d/:z
  ports:
   - 127.0.0.1:1514:10514
  networks:
   - harbor
 registry:
  image: vmware/registry-photon:v2.6.2-v1.5.2
  container_name: registry
  restart: always
  volumes:
   - /data/registry:/storage:z
   - ./common/config/registry/:/etc/registry/:z
  networks:
   - harbor
  environment:
   - Godebug=netdns=cgo
  command:
   ["serve", "/etc/registry/config.yml"]
  depends_on:
   - log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "registry"
 mysql:
  image: vmware/harbor-db:v1.5.2
  container_name: harbor-db
  restart: always
  volumes:
   - /data/database:/var/lib/mysql:z
  networks:
   - harbor
  env_file:
   - ./common/config/db/env
  depends_on:
   - log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "mysql"
 adminserver:
  image: vmware/harbor-adminserver:v1.5.2
  container_name: harbor-adminserver
  env_file:
   - ./common/config/adminserver/env
  restart: always
  volumes:
   - /data/config/:/etc/adminserver/config/:z
   - /data/secreTKEy:/etc/adminserver/key:z
   - /data/:/data/:z
  networks:
   - harbor
  depends_on:
   - log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "adminserver"
 ui:
  image: vmware/harbor-ui:v1.5.2
  container_name: harbor-ui
  env_file:
   - ./common/config/ui/env
  restart: always
  volumes:
   - ./common/config/ui/app.conf:/etc/ui/app.conf:z
   - ./common/config/ui/private_key.pem:/etc/ui/private_key.pem:z
   - ./common/config/ui/certificates/:/etc/ui/certificates/:z
   - /data/secretkey:/etc/ui/key:z
   - /data/ca_download/:/etc/ui/ca/:z
   - /data/psc/:/etc/ui/token/:z
  networks:
   - harbor
  depends_on:
   - log
   - adminserver
   - registry
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "ui"
 jobservice:
  image: vmware/harbor-jobservice:v1.5.2
  container_name: harbor-jobservice
  env_file:
   - ./common/config/jobservice/env
  restart: always
  volumes:
   - /data/job_logs:/var/log/jobs:z
   - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z
  networks:
   - harbor
  depends_on:
   - redis
   - ui
   - adminserver
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "jobservice"
 redis:
  image: vmware/redis-photon:v1.5.2
  container_name: redis
  restart: always
  volumes:
   - /data/redis:/data
  networks:
   - harbor
  depends_on:
   - log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "redis"
 proxy:
  image: vmware/nginx-photon:v1.5.2
  container_name: nginx
  restart: always
  volumes:
   - ./common/config/nginx:/etc/nginx:z
  networks:
   - harbor
  ports:
   - 80:80
   - 443:443
   - 4443:4443
  depends_on:
   - mysql
   - registry
   - ui
   - log
  logging:
   driver: "syslog"
   options: 
    syslog-address: "tcp://127.0.0.1:1514"
    tag: "proxy"
networks:
 harbor:
  external: false
[root@liumiao harbor]#

使用注意事项：自定义端口号

在前一篇文章的例子中我们使用默认的80口作为harbor的端口，如果希望进行更改（比如改为8848），按照如下步骤进行修改即可

设定内容

可以通过查看数据库的properties或者api/systeminfo来确认harbor设定项目的详细信息

properties

[root@liumiao harbor]# docker exec -it harbor-db sh
sh-4.3# mysql -uroot -pliumiaopw
welcome to the mariadb monitor. commands end with ; or \g.
your mariadb connection id is 153
server version: 10.2.14-mariadb source distribution
copyright (c) 2000, 2018, oracle, mariadb corporation ab and others.
type 'help;' or '\h' for help. type '\c' to clear the current input statement.
mariadb [(none)]> use registry
reading table information for completion of table and column names
you can turn off this feature to get a quicker startup with -a
database changed
mariadb [registry]> select * from properties;
+----+--------------------------------+----------------------------------------------+
| id | k               | v                      |
+----+--------------------------------+----------------------------------------------+
| 1 | cfg_expiration         | 5                      |
| 2 | project_creation_restriction  | everyone                   |
| 3 | uaa_client_secret       | <enc-v1>cbvrpcg+p3onvnjh8vm+sjvlceskyg==   |
| 4 | clair_db_host         | postgres                   |
| 5 | token_service_url       | http://ui:8080/service/token         |
| 6 | mysql_passWord         | <enc-v1>hdqd+pbhcg9ewk9df3rzm43fttpvcjdvyq== |
| 7 | uaa_endpoint          | uaa.mydomain.org               |
| 8 | max_job_workers        | 50                      |
| 9 | sqlite_file          |                       |
| 10 | email_from           | admin <sample_admin@mydomain.com>      |
| 11 | ldap_base_dn          | ou=people,dc=mydomain,dc=com         |
| 12 | clair_db_port         | 5432                     |
| 13 | mysql_port           | 3306                     |
| 14 | ldap_search_dn         |                       |
| 15 | clair_db_username       | postgres                   |
| 16 | email_insecure         | false                    |
| 17 | database_type         | mysql                    |
| 18 | ldap_filter          |                       |
| 19 | with_notary          | false                    |
| 20 | admin_initial_password     | <enc-v1>4zevd/gfbysdf9i6pfei/xivfghpitad3w== |
| 21 | notary_url           | http://notary-server:4443          |
| 22 | auth_mode           | db_auth                   |
| 23 | ldap_group_search_scope    | 2                      |
| 24 | ldap_uid            | uid                     |
| 25 | email_username         | sample_admin@mydomain.com          |
| 26 | mysql_database         | registry                   |
| 27 | reload_key           |                       |
| 28 | clair_url           | http://clair:6060              |
| 29 | ldap_group_search_filter    | objectclass=group              |
| 30 | email_password         | <enc-v1>h18ptbum5oJwtkozjj4x5loipw==     |
| 31 | email_ssl           | false                    |
| 32 | ldap_timeout          | 5                      |
| 33 | uaa_client_id         | id                      |
| 34 | registry_storage_provider_name | filesystem                  |
| 35 | self_registration       | true                     |
| 36 | email_port           | 25                      |
| 37 | ui_url             | http://ui:8080                |
| 38 | token_expiration        | 30                      |
| 39 | email_identity         |                       |
| 40 | clair_db            | postgres                   |
| 41 | uaa_verify_cert        | true                     |
| 42 | ldap_verify_cert        | true                     |
| 43 | ldap_group_attribute_name   | cn                      |
| 44 | mysql_host           | mysql                    |
| 45 | read_only           | false                    |
| 46 | ldap_url            | ldaps://ldap.mydomain.com          |
| 47 | ext_endpoint          | http://192.168.163.128            |
| 48 | ldap_group_base_dn       | ou=group,dc=mydomain,dc=com         |
| 49 | with_clair           | false                    |
| 50 | admiral_url          | na                      |
| 51 | ldap_scope           | 2                      |
| 52 | registry_url          | http://registry:5000             |
| 53 | jobservice_url         | http://jobservice:8080            |
| 54 | email_host           | smtp.mydomain.com              |
| 55 | ldap_search_password      | <enc-v1>f2qzkeeptqpsj9knsbwcxa==       |
| 56 | mysql_username         | root                     |
| 57 | clair_db_password       | <enc-v1>igbg3nxvt7qcygib+zizax+gojom7ao2vq== |
+----+--------------------------------+----------------------------------------------+
57 rows in set (0.00 sec)
mariadb [registry]>

api/systeminfo

[root@liumiao harbor]# curl http://localhost/api/systeminfo 
{
 "with_notary": false,
 "with_clair": false,
 "with_admiral": false,
 "admiral_endpoint": "na",
 "auth_mode": "db_auth",
 "registry_url": "192.168.163.128",
 "project_creation_restriction": "everyone",
 "self_registration": true,
 "has_ca_root": false,
 "harbor_version": "v1.5.2-8e61deae",
 "next_scan_all": 0,
 "registry_storage_provider_name": "filesystem",
 "read_only": false
}[root@liumiao harbor]#

到此，关于“docker私库Harbor的架构与组件是什么”的学习就结束了，希望能够解决大家的疑惑。理论与实践的搭配能更好的帮助大家学习，快去试试吧！若想继续学习更多相关知识，请继续关注编程网网站，小编会继续努力为大家带来更多实用的文章！