一 ：整體工作流程

工作機制.jpg

注意：這里為了清晰將docker 的客戶端和服務端（docker daemon）分開了，實際一般都在一臺機器上。當然也有分開部署的。
docker 客戶端通過命令（api）向docker server 發(fā)送請求，docker server 與私有倉庫交互完成用戶的請求，docker push / pull

二 ：安裝部署

2.1 安裝docker

這里為了后面的k8s 集群安裝 ，安裝docker 18.06版本。

1.安裝yum-utils （如有可省略）

yum install -y yum-utils

2.設置 docker yum 源

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

3. 版本預覽&安裝

yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce-18.06.1.ce-3.el7

4.啟動&設置開機啟動

systemctl start docker 
systemctl enable docker

5.查看docker 版本

docker version
[root@k8s-node1 docker]# docker version
Client:
 Version:           18.06.1-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        e68fc7a
 Built:             Tue Aug 21 17:23:03 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.1-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       e68fc7a
  Built:            Tue Aug 21 17:25:29 2018
  OS/Arch:          linux/amd64
  Experimental:     false

3.1 Harbor 安裝

1.Harbor 鏡像 依賴 docker-compose 管理
上GitHub下載最新的release版本https://github.com/vmware/harbor/releases
docker-compose 版本 ：https://github.com/docker/compose/releases/
這里下載的是

v1.7.1

下載 Harbor online installer

-rw-r--r--. 1 root root    381 2月  27 17:15 1
-rw-------. 1 root root   1423 8月  28 2018 anaconda-ks.cfg
drwxr-xr-x. 3 root root    251 2月  28 11:56 harbor
-rw-r--r--. 1 root root 163595 2月  28 14:37 harbor-online-installer-v1.7.1.tgz

2. 解壓得到harbor

tar -zxvf harbor-online-installer-v1.7.1.tgz

3.進行最簡單配置

cd harbor
-rw-r--r--. 1 root root    238 2月  28 11:56 1
drwxr-xr-x. 4 root root     37 2月  27 17:23 common
-rw-r--r--. 1 root root    939 1月   7 13:53 docker-compose.chartmuseum.yml
-rw-r--r--. 1 root root    975 1月   7 13:53 docker-compose.clair.yml
-rw-r--r--. 1 root root   1434 1月   7 13:53 docker-compose.notary.yml
-rw-r--r--. 1 root root   5608 1月   7 13:53 docker-compose.yml
-rw-r--r--. 1 root root   8031 2月  28 11:49 harbor.cfg
-rwxr-xr-x. 1 root root   5739 1月   7 13:53 install.sh
-rw-r--r--. 1 root root  11347 1月   7 13:53 LICENSE
-rw-r--r--. 1 root root 748160 1月   7 13:53 open_source_license
-rwxr-xr-x. 1 root root  36337 1月   7 13:53 prepare
#配置 harbor.cfg 
vim harbor.cfg 
#設置hostname
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version = 1.7.0
#The IP address or hostname to access admin UI and registry service.
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
#DO NOT comment out this line, modify the value of "hostname" directly, or the installation will fail.
hostname = xxx.com（或者設置ip 192.168.229.20）

4.安裝

./install.sh

等待docker-compose 下載相關的docker image，默認安裝完成后會自動運行相關鏡像

docker ps #查看
ad6b75b133db        goharbor/nginx-photon:v1.7.1                        "nginx -g 'daemon of…"   21 hours ago        Up 3 hours (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
7b3d6fa358f1        goharbor/harbor-portal:v1.7.1                       "nginx -g 'daemon of…"   21 hours ago        Up 3 hours (healthy)   80/tcp                                                             harbor-portal
d248fb290d22        goharbor/harbor-jobservice:v1.7.1                   "/harbor/start.sh"       21 hours ago        Up 3 hours                                                                                harbor-jobservice
15947394ae84        goharbor/harbor-core:v1.7.1                         "/harbor/start.sh"       21 hours ago        Up 3 hours (healthy)                                                                      harbor-core
b40c1817fd99        goharbor/redis-photon:v1.7.1                        "docker-entrypoint.s…"   21 hours ago        Up 3 hours             6379/tcp                                                           redis
00c65a2b4239        goharbor/harbor-db:v1.7.1                           "/entrypoint.sh post…"   21 hours ago        Up 3 hours (healthy)   5432/tcp                                                           harbor-db
bab4d5e22e86        goharbor/harbor-registryctl:v1.7.1                  "/harbor/start.sh"       21 hours ago        Up 3 hours (healthy)                                                                      registryctl
6f83af4bfbc6        goharbor/registry-photon:v2.6.2-v1.7.1              "/entrypoint.sh /etc…"   21 hours ago        Up 3 hours (healthy)   5000/tcp                                                           registry
4326255fb989        goharbor/harbor-adminserver:v1.7.1                  "/harbor/start.sh"       21 hours ago        Up 3 hours (healthy)                                                                      harbor-adminserver
cd6ef6445d5d        goharbor/harbor-log:v1.7.1                          "/bin/sh -c /usr/loc…"   21 hours ago        Up 3 hours (healthy)   127.0.0.1:1514->10514/tcp                                          harbor-log

這里使用了nginx，默認80端口提供服務。
5.如需重啟/或者停止 Harbor

#切換到 harbor 目錄
cd harbor
docker-compose stop
docker-compose start
docker-compose restart

查看 docker-compose 命令使用

docker-compose --help
[root@k8s-master harbor]# docker-compose --help
Define and run multi-container applications with Docker.

Usage:
  docker-compose [-f <arg>...] [options] [COMMAND] [ARGS...]
  docker-compose -h|--help

Options:
  -f, --file FILE             Specify an alternate compose file
                              (default: docker-compose.yml)
  -p, --project-name NAME     Specify an alternate project name
                              (default: directory name)
  --verbose                   Show more output
  --log-level LEVEL           Set log level (DEBUG, INFO, WARNING, ERROR, CRITICAL)
  --no-ansi                   Do not print ANSI control characters
  -v, --version               Print version and exit
  -H, --host HOST             Daemon socket to connect to

  --tls                       Use TLS; implied by --tlsverify
  --tlscacert CA_PATH         Trust certs signed only by this CA
  --tlscert CLIENT_CERT_PATH  Path to TLS certificate file
  --tlskey TLS_KEY_PATH       Path to TLS key file
  --tlsverify                 Use TLS and verify the remote
  --skip-hostname-check       Don't check the daemon's hostname against the
                              name specified in the client certificate
  --project-directory PATH    Specify an alternate working directory
                              (default: the path of the Compose file)
  --compatibility             If set, Compose will attempt to convert deploy
                              keys in v3 files to their non-Swarm equivalent

Commands:
  build              Build or rebuild services
  bundle             Generate a Docker bundle from the Compose file
  config             Validate and view the Compose file
  create             Create services
  down               Stop and remove containers, networks, images, and volumes
  events             Receive real time events from containers
  exec               Execute a command in a running container
  help               Get help on a command
  images             List images
  kill               Kill containers
  logs               View output from containers
  pause              Pause services
  port               Print the public port for a port binding
  ps                 List containers
  pull               Pull service images
  push               Push service images
  restart            Restart services
  rm                 Remove stopped containers
  run                Run a one-off command
  scale              Set number of containers for a service
  start              Start services
  stop               Stop services
  top                Display the running processes
  unpause            Unpause services
  up                 Create and start containers
  version            Show the Docker-Compose version information

6.UI 界面登陸 admin/Harbor12345 (harbor.cfg 可查看/修改admin 密碼)
http://harborserver[ip]-> 192.168.x.20

harbor 首頁

內(nèi)容頁

4.1 push 鏡像到harbor 私有倉庫

1 .設置docker 私有倉庫

#如果沒有 daemon.json 就是創(chuàng)建
vim /etc/docker/daemon.json
{
  "insecure-registries": ["192.168.229.20"]
}

如果不設置該私服地址會出現(xiàn) xxxx 443 類似的錯誤，也就是
Error response from daemon: Get https://192.168.x.20/v1/users/: dial tcp 192.168.229.20:443: getsockopt: connection refused
harbor 默認使用 https ，這里的配置就是 告訴 docker daemon 支持 http 訪問方式，并在設置了代理服務器地址。簡單點就是配置私服地址，這個地址也可以作為鏡像倉庫（理解可能不準確，請勿深究!）

2. 登陸 到 harbor （類似登陸github）

docker login 192.168.229.20

命令行會提示 輸入 username/password，可以是 admin/Harbor12345

[root@k8s-node1 docker]# docker login 192.168.229.20
Username: admin
Password: 
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded
[root@k8s-node1 docker]# 

3. push 鏡像到 haebor 私服

[root@k8s-node1 docker]# docker images
REPOSITORY                                           TAG                 IMAGE ID            CREATED             SIZE
192.168.229.20/user/user-setvice                     v2.0                3dc0481535b8        2 hours ago         122MB
nginx                                                alpine              b411e34b4606        3 weeks ago         16.1MB
registry.aliyuncs.com/google_containers/kube-proxy   v1.13.1             fdb321fd30a0        2 months ago        80.2MB
quay.io/coreos/flannel                               v0.10.0-amd64       f0fad859c909        13 months ago       44.6MB
registry.aliyuncs.com/google_containers/pause        3.1                 da86e6ba6ca1        14 months ago       742kB
nginx                                                1.9.1               94ec7e53edfc        3 years ago         133MB
nginx                                                1.7.9               84581e99d807        4 years ago         91.7MB

注意： 192.168.229.20/user/user-setvice:v2.0 鏡像的tag 必須是 私服ip[域名]/項目名稱/自定義:tag
192.168.x.20 ： 私服ip
user ：harbor 創(chuàng)建的項目名稱 user
user-sertvice: 自定義 名稱

項目列表

#push
docker push 192.168.229.20/user/user-setvice:v2.0
#pull
docker pull 192.168.229.20/user/user-setvice:v2.0