SpringBoot e-commerce project mall (40K + STAR) address: github.com/macrozheng/…
Abstract
Usually use Docker to deploy a variety of environments, found from DockerHub download image is sometimes slow. Third party images can also use some of the domestic mirror warehouse to speed up, if we build our own image that is not possible. At this time to build a private mirror warehouse is necessary, recently found Harbor this enterprise-level mirror warehouse, very easy to use and powerful, recommended to everyone!
Introduction of Harbor
Harbor is an open source Docker image repository service currently available on Github at 13.4K +Star. Provides role-based mirror access mechanism to protect your image security.
The installation
The first step to learning about an open source project is to get it up and running. Let’s get Harbor up and running first.
- Download the Harbor installation package
v1.10.6Offline version, download address:Github.com/goharbor/ha…
- After the download is complete, upload it to the Linux server and run the following command to decompress it:
Tar XVF harbor - offline installer - v1.10.6. TGZCopy the code- After decompression, all files are as follows.
[root@linux-local harbor]# lltotal 700260 drwxr-xr-x. 3 root root 20 Dec 2 11:18 common -rw-r--r--. 1 root root 3398 Nov 17 11:58 common.sh -rw-r--r--. 1 root root 5348 Dec 2 14:41 docker-compose.yml -rw-r--r--. 1 root root 717021676 Nov 17 11:59 1 root root 5882 Dec 2 11:21 harbor.hml-rwxr-xr-x.1 root root 2284 Nov 17 11:58 install.sh -rw-r--r--. 1 root root 11347 Nov 17 11:58 LICENSE -rwxr-xr-x. 1 root root 1749 Nov 17 11:58 prepareCopy the code- Modify the Harbor configuration file
harbor.yml, modifyhostnameAnd comment it outhttpsFor configuration, refer to the annotations for related attributes.
Harbor management interface and mirror repository access address
hostname: 192.1683.101.
# HTTP configuration
http:
If HTTPS is configured, HTTPS is used by default
port: 80
# HTTPS related configuration
#https:
# HTTPS port
# port: 443
Habor specifies the certificate and private key address of Nginx HTTPS in Habor
# certificate: /your/certificate/path
# private_key: /your/private/key/path
Harbor Specifies the password of the default administrator account admin
harbor_admin_password: Harbor12345
Harbor built-in PostgreSQL database configuration
database:
Password of user root
password: root123
# Maximum number of idle connections. If the value is less than or equal to 0, there are no idle connections
max_idle_conns: 50
# Maximum number of connections, less than or equal to 0 indicates unlimited
max_open_conns: 100
Default data directory
data_volume: /data
# Clair configuration
clair:
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
updaters_interval: 12
jobservice:
# Maximum number of job workers in job service
max_job_workers: 10
notification:
# Maximum retry count for webhook job
webhook_job_max_retry: 10
chart:
# Change the value of absolute_url to enabled can enable absolute url in chart
absolute_url: disabled
# log configuration
log:
Log levels: DEBUG, INFO, Warning, error, FATAL
level: info
# Log local storage policy
local:
# Number of log files to scroll. If this number is exceeded, log files will be deleted
rotate_count: 50
# Log scroll size, beyond which new log files will be generated
rotate_size: 200M
# Log storage path
location: /var/log/harbor
# This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 1.10. 0
# Configure proxies to be used by Clair, the replication jobservice, and Harbor. Leave blank if no proxies are required.
proxy:
http_proxy:
https_proxy:
# no_proxy endpoints will appended to 127.0.0.1 localhost, local, internal, log, db, redis, nginx, core, portal, postgresql, jobservice, registry, registryctl, clair, cha rtmuseum,notary-server
no_proxy:
components:
- core
- jobservice
- clair
Copy the code- use
install.shTo install Harbor:
./install.sh
Copy the code- When Harbor is successfully started, the following message will be displayed: Harbor will start Nginx, Redis, etc
started successfullyIt means that the startup is successful;
[Step 0]: checking ifdocker is installed ... Note: Docker version: 19.03.5 [Step 1]: Checking docker-compose is installed... Note: Docker-compose version: 1.24.0 [Step 2]: Loading Harbor images... Goharbor /harbor-core:v1.10.6 Loaded image: Goharbor /harbor-core:v1.10.6 Loaded image: Goharbor /harbor-db:v1.10.6 Loaded image: goharbor/harbor-registryctl:v1.10.6 Loaded image: Goharbor/nginx-Photon :v1.10.6 Loaded image: Goharbor/air-adapter-Photon :v1.10.6 Loaded image: goharbor/harbor-portal:v1.10.6 Loaded image: Goharbor /harbor-log:v1.10.6 Loaded image: Goharbor /registry- Photon :v1.10.6 Loaded image: Goharbor /notary -signer-Photon :v1.10.6 Loaded image: goharbor/ harp-jobService :v1.10.6 Loaded image: Photon :v1.10.6 Loaded image: Goharbor /redis- Loaded image: Goharbor/notable-server-Photon :v1.10.6 Loaded image: Goharbor/ChartMuseum - Photon :v1.10.6 [Step 3]: preparing environment ... [Step 4]: preparing harbor configs ... prepare base dir isset to /mydata/harbor/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
Stopping harbor-jobservice ... done
Stopping harbor-core ... done
Stopping redis ... done
Stopping registryctl ... done
Stopping registry ... done
Stopping harbor-db ... done
Stopping harbor-portal ... done
Stopping harbor-log ... done
Removing harbor-jobservice ... done
Removing harbor-core ... done
Removing redis ... done
Removing registryctl ... done
Removing registry ... done
Removing harbor-db ... done
Removing harbor-portal ... done
Removing harbor-log ... done
Removing network harbor_harbor
[Step 5]: starting Harbor ...
Creating network "harbor_harbor" with the default driver
Creating harbor-log ... done
Creating harbor-portal ... done
Creating registry ... done
Creating harbor-db ... done
Creating registryctl ... done
Creating redis ... done
Creating harbor-core ... done
Creating harbor-jobservice ... done
Creating nginx ... done➤ ----Harbor has been installed and started successfully.----Copy the code- We can use
docker imagesDocker Docker Docker Docker Docker Docker Docker Docker Docker Docker
REPOSITORY TAG IMAGE ID CREATED SIZE latest DC3BACd8b5EA 8 days ago 1.23MB Goharbor/ChartMuseum - Photon v1.10.6 01B70ECCAF71 2 weeks ago 178MB Goharbor /harbor-migrator v1.10.6a5d4a4EE44e4 2 weeks ago 356MB Goharbor/Redis - Photon V1.10.6 99E25b65195c 2 weeks ago 132MB Goharbor/Clair-adapter-Photon v1.10.6 aa72598ECC12 2 weeks ago 61.3MB Goharbor/Air - Photon v1.10.6 DA1b03030e34 2 weeks ago 171MB Goharbor/Notary - Server - Photon v1.10.6 37c8bed3e255 2 weeks Ago 142MB Goharbor/nobula-signer-Photon v1.10.6 C56d82220929 2 weeks ago 132MB goharbor/ harp-registryctl v1.10.6 1d3986d90C65 2 weeks ago 101MB Goharbor/Registry - Photon v1.10.6 3e669c8204ed 2 weeks ago 83.7MB Goharbor /nginx- Photon V1.10.6a39d8dd46060 2 weeks ago 43.7MB goharbor/harbor-log v1.10.6 1085d3865a57 2 weeks ago 106MB Goharbor/harbor-JobService v1.10.6aa05538ACECF 2 weeks ago 143MB Goharbor/Harbor-Core v1.10.6193e76e6be5d 2 weeks ago 129MB Goharbor /harbor-portal v1.10.6 942a9c448850 2 weeks ago 51.8MB Goharbor /harbor-db v1.10.6 37DA2e5414AE 2 weeks ago 170MB goharbor/prepare v1.10.6 35f073e33ec5 2 weeks ago 170MBCopy the code- Access Harbor’s admin interface and enter your account password
admin:Harbor12345Login, access address:http://192.168.3.101/
use
Next we can use Harbor to manage our image.
- First click on the
New projectButton to create a new project:
- I’m going to create a new one called
testPrivate projects;
- Due to the
docker loginThe command does not support HTTP access by default, so we need to manually enable it and use Vim editor to modify the docker configuration filedaemon.json;
vi /etc/docker/daemon.json
Copy the code- Add a line
insecure-registriesThe port number is not missing. The port number is not missing80;
{
"registry-mirrors": ["https://xxx.aliyuncs.com"]."insecure-registries": ["192.168.3.101:80"]}Copy the code- Restart the Docker service again;
systemctl restart docker
Copy the code- Again using
install.shStart Harbor service;
./install.sh
Copy the code- use
docker loginCommand to access Harbor mirror repository, note add port number as80;
[root@linux-local harbor]# docker login 192.168.3.101:80
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
Copy the code- Dockerfile script, used to build Docker image, one of the simplest busybox script is as follows;
FROM busybox:latest
Copy the code- Build your own BusyBox image using the following command;
Docker build -t 192.168.3.101:80 /test/busybox .
Copy the code- Push the busyBox image you built to the Harbor mirror warehouse;
Docker push 192.168.3.101:80 /test/busybox
Copy the code- The busyBox image can be viewed in the Harbor management interface after being successfully pushed.
- Because Harbor is deployed with Docker Compose, you can use Docker Compose commands directly to stop and start Harbor.
# stop Harbor
docker-compose stop
# start Harbor
docker-compose start
Copy the codeUsed with SpringBoot
Here we use the previous mall-Tiny-Fabric project to demonstrate how the Maven plugin can be packaged and pushed to the Harbor mirror repository with one click.
- Modify the project first
pom.xmlFile, modify pushMirror Warehouse AddressAnd addAuthentication informationCan;
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>0.33.0</version>
<executions>
<! -- If you want to build the image while the project is packaged add -->
<execution>
<id>build-image</id>
<phase>package</phase>
<goals>
<goal>build</goal>
</goals>
</execution>
</executions>
<configuration>
<! -- Docker remote management address -->
<dockerHost>http://192.168.3.101:2375</dockerHost>
<! Docker -->
<pushRegistry>http://192.168.3.101:80</pushRegistry>
<! -- Authentication information -->
<authConfig>
<push>
<username>admin</username>
<password>Harbor12345</password>
</push>
</authConfig>
<images>
<image>
<! -- Add repository address to mirror name because push to private repository -->
<name>192.168.3.101:80 / mall - tiny / ${project. The name} : ${project. Version}</name>
<! Define mirror build behavior -->
<build>
<! -- Define base image -->
<from>java:8</from>
<args>
<JAR_FILE>${project.build.finalName}.jar</JAR_FILE>
</args>
<! Define which files are copied to the container.
<assembly>
<! Define the directory to copy to container -->
<targetDir>/</targetDir>
<! Copy only the generated jar package -->
<descriptorRef>artifact</descriptorRef>
</assembly>
<! Container start command -->
<entryPoint>["java", "-jar","/${project.build.finalName}.jar"]</entryPoint>
<! -- Define maintainer
<maintainer>macrozheng</maintainer>
<! Build with Dockerfile -->
<! --<dockerFileDir>${project.basedir}</dockerFileDir>-->
</build>
<! Define container startup behavior -->
<run>
<! Set the container name to wildcard.
<containerNamePattern>${project.artifactId}</containerNamePattern>
<! -- Set port mapping -->
<ports>
<port>A 8080-8080</port>
</ports>
<! -- Set connection between containers -->
<links>
<link>mysql:db</link>
</links>
<! -- Set container and host directory mount -->
<volumes>
<bind>
<volume>/etc/localtime:/etc/localtime</volume>
<volume>/mydata/app/${project.artifactId}/logs:/var/logs</volume>
</bind>
</volumes>
</run>
</image>
</images>
</configuration>
</plugin>
Copy the code- You need to create the image in Harbor before pushing it
mall-tinyProject, otherwise will not be able to push the image;
- Then use the Maven plugin to package the image and push it to the Harbor repository. For details, see “Still manually deploying the SpringBoot application? Try this automation plugin!” , the output information in the push process is as follows;
[INFO] Scanning forprojects... [INFO] [INFO] ------------------------------------------------------------------------ [INFO] Building mall-tiny-fabric 0.0.1 - the SNAPSHOT [INFO] -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- [INFO] - [INFO] Docker-maven-plugin :0.33.0:push (default-cli) @mall-tiny-fabric -- [INFO] docker > The push refers to repository [192.168.3.101:80 / mall - tiny/mall - tiny - fabric]# # # # # # # # # # # # # # #[the INFO] DOCKER > 0.0.1 - the SNAPSHOT: digest: sha256:3 a54682fd3b04526f6da0916e98f3d0d5ba4193a8ad6aafbe6c05a1badf6c13b size: 2212 [INFO] DOCKER> Temporary image tag skipped. Target image'192.168.3.101:80 / mall - tiny/mall - tiny - fabric: 0.0.1 - the SNAPSHOT' already has registry setOr no registry is available [INFO] DOCKER> Pushed 192.168.3.101:80/mall-tiny/mall- tiny-Fabric :0.0.1-SNAPSHOTin 2 minutes and 8 seconds
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:11 min
[INFO] Finished at: 2020-12-02T15:11:10+08:00
[INFO] Final Memory: 19M/219M
[INFO] ------------------------------------------------------------------------
Process finished with exit code 0
Copy the code- Open Harbor management page and find
mall-tiny-fabricThe mirror already exists.
conclusion
Harbor provides a management interface that makes it easier to manage Docker images, and adds role-based permission management functions to protect image security. In order to safely use the image, we need to use TLS to control the remote Docker service package image. For details, please refer to “Docker service opened this port, server minute meat machine!” . Now we just need to build a Harbor image warehouse, and then pack the image locally and upload it to Harbor. When we need to use the image, we can download it directly from Harbor!
The resources
IO /docs/2.1.0/…
Project source code address
Github.com/macrozheng/…
In this paper, making github.com/macrozheng/… Already included, welcome everyone Star!