首现我们来验证以下公开项目
登陆harbor我们创建一个public项目
然后进入项目我们就能看到一些项目的配置
首先我们创建一个人员信息
把上面的人员信息添加到这个项目中,为开发角色
通过客户端进行上传镜像测试
--docker客户端配置
修改docker使用的镜像仓库
[root@registry /]# vim /etc/sysconfig/docker
ADD_REGISTRY='--add-registry harbor-registry.alex.com'
INSECURE_REGISTRY='--insecure-registry harbor-registry.alex.com'
BLOCK_REGISTRY='--block-registry public' #禁止使用公共仓库,docker.io
保存重启docker
[root@registry /]# systemctl restart docker
由于我使用的是自签名证书,需要把ca证书导入到docker这台机器上,
[root@registry /]# mkdir /etc/docker/certs.d/harbor-registry.alex.com/
[root@registry /]# scp root@harbor-registry.alex.com:/mycre/ca_cert.pem /etc/docker/certs.d/harbor-registry.alex.com/ca.crt
由于项目中还没有镜像,我们先上传一个,这里就不先执行登陆
更改本地images的标签,本地镜像可以通过导入或者从别的仓库中拉去
[root@registry /]# docker tag httpd harbor-registry.alex.com/public/httpd
把镜像上传到我们的仓库中
[root@registry /]# docker push harbor-registry.alex.com/public/httpd
The push refers to a repository [harbor-registry.alex.com/public/httpd] (len: 1)
9d845d7d8d26: Image push failed
9d845d7d8d26: Buffering to Disk
#这里就体现了我们上传镜像是需要权限的,输入我们的开发人员账户信息
Please login prior to push:
Username: kf
Password: *********
Email: kf@alex.com
WARNING: login credentials saved in /root/.docker/config.json
Login Succeeded
The push refers to a repository [harbor-registry.alex.com/public/httpd] (len: 1)
9d845d7d8d26: Image already exists
118c9509e172: Image successfully pushed
6ace9b13ff5e: Image successfully pushed
ccf7a5f58478: Image successfully pushed
f417fa2a82a5: Image successfully pushed
904dbd572cee: Image successfully pushed
dde8e59bffb1: Image successfully pushed
镜像上传完成,有兴趣的可以试试访客账户是否能上传,
我们把项目转换为私有项目,通过普通帐号进行pull操作
[root@registry /]# docker rmi harbor-registry.alex.com/public/httpd //删除本地的镜像
root@registry /]# docker login harbor-registry.alex.com //使用创建的普通帐号进行登陆
Username (kf): guest
Password: ********
Email (kf@alex.com): guest@alex.com
WARNING: login credentials saved in /root/.docker/config.json
Login Succeeded
[root@registry /]#
发现普通帐号并无法pull私有项目中的镜像
[root@registry /]# docker pull harbor-registry.alex.com/public/httpd:latest
Trying to pull repository harbor-registry.alex.com/public/httpd ... not found
Error: image public/httpd:latest not found
[root@registry /]#
在把项目转换为公有的进行测试
然后可以正常下载
[root@registry /]# docker pull harbor-registry.alex.com/public/httpd:latest
latest: Pulling from harbor-registry.alex.com/public/httpd
dde8e59bffb1: Already exists
904dbd572cee: Already exists
f417fa2a82a5: Already exists
ccf7a5f58478: Already exists
6ace9b13ff5e: Already exists
9d845d7d8d26: Already exists
Digest: sha256:e0dcf25006b96fb416e47f2fc40a18f247fc63a62eefda0866f0bcbf949f9add
Status: Downloaded newer image for harbor-registry.alex.com/public/httpd:latest
[root@registry /]#
日志记录
一些简单的使用就这样。
文章末尾固定信息
评论