Docker Compose 启动 Harbor 并指定网络
1. 介绍
Harbor 是一个开源的企业级 Docker 镜像仓库,提供镜像存储、访问控制、安全扫描等功能。使用 Docker Compose 启动 Harbor 时,您可以指定一个自定义网络,以便管理容器之间的网络通信。在本示例中,我们将创建一个名为 harbor 的网络,并为其指定子网 172.18.0.0/16。
2. 创建 docker-compose.yml 文件
以下是一个包含 Harbor 服务和指定网络的 docker-compose.yml 配置文件:
version: '3.7'services:log:image: goharbor/harbor-log:v2.12.1container_name: harbor-logrestart: alwayscap_drop:- ALLcap_add:- CHOWN- DAC_OVERRIDE- SETGID- SETUIDvolumes:- /var/log/harbor/:/var/log/docker/:z- type: bindsource: ./common/config/log/logrotate.conftarget: /etc/logrotate.d/logrotate.conf- type: bindsource: ./common/config/log/rsyslog_docker.conftarget: /etc/rsyslog.d/rsyslog_docker.confports:- 127.0.0.1:1514:10514networks:- harborregistry:image: goharbor/registry-photon:v2.12.1container_name: registryrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUIDvolumes:- /data/registry:/storage:z- ./common/config/registry/:/etc/registry/:z- type: bindsource: /data/secret/registry/root.crttarget: /etc/registry/root.crt- type: bindsource: ./common/config/shared/trust-certificatestarget: /harbor_cust_certnetworks:- harbordepends_on:- loglogging:driver: "syslog"options:syslog-address: "tcp://localhost:1514"tag: "registry"registryctl:image: goharbor/harbor-registryctl:v2.12.1container_name: registryctlenv_file:- ./common/config/registryctl/envrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUIDvolumes:- /data/registry:/storage:z- ./common/config/registry/:/etc/registry/:z- type: bindsource: ./common/config/registryctl/config.ymltarget: /etc/registryctl/config.yml- type: bindsource: ./common/config/shared/trust-certificatestarget: /harbor_cust_certnetworks:- harbordepends_on:- loglogging:driver: "syslog"options:syslog-address: "tcp://localhost:1514"tag: "registryctl"postgresql:image: goharbor/harbor-db:v2.12.1container_name: harbor-dbrestart: alwayscap_drop:- ALLcap_add:- CHOWN- DAC_OVERRIDE- SETGID- SETUIDvolumes:- /data/database:/var/lib/postgresql/data:znetworks:- harborenv_file:- ./common/config/db/envdepends_on:- loglogging:driver: "syslog"options:syslog-address: "tcp://localhost:1514"tag: "postgresql"shm_size: '1gb'core:image: goharbor/harbor-core:v2.12.1container_name: harbor-coreenv_file:- ./common/config/core/envrestart: alwayscap_drop:- ALLcap_add:- SETGID- SETUIDvolumes:- /data/ca_download/:/etc/core/ca/:z- /data/:/data/:z- ./common/config/core/certificates/:/etc/core/certificates/:z- type: bindsource: ./common/config/core/app.conftarget: /etc/core/app.conf- type: bindsource: /data/secret/core/private_key.pemtarget: /etc/core/private_key.pem- type: bindsource: /data/secret/keys/secretkeytarget: /etc/core/key- type: bindsource: ./common/config/shared/trust-certificatestarget: /harbor_cust_certnetworks:- harbordepends_on:- log- registry- redis- postgresqllogging:driver: "syslog"options:syslog-address: "tcp://localhost:1514"tag: "core"portal:image: goharbor/harbor-portal:v2.12.1container_name: harbor-portalrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUID- NET_BIND_SERVICEvolumes:- type: bindsource: ./common/config/portal/nginx.conftarget: /etc/nginx/nginx.confnetworks:- harbordepends_on:- loglogging:driver: "syslog"options:syslog-address: "tcp://localhost:1514"tag: "portal"jobservice:image: goharbor/harbor-jobservice:v2.12.1container_name: harbor-jobserviceenv_file:- ./common/config/jobservice/envrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUIDvolumes:- /data/job_logs:/var/log/jobs:z- type: bindsource: ./common/config/jobservice/config.ymltarget: /etc/jobservice/config.yml- type: bindsource: ./common/config/shared/trust-certificatestarget: /harbor_cust_certnetworks:- harbordepends_on:- corelogging:driver: "syslog"options:syslog-address: "tcp://localhost:1514"tag: "jobservice"redis:image: goharbor/redis-photon:v2.12.1container_name: redisrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUIDvolumes:- /data/redis:/var/lib/redisnetworks:- harbordepends_on:- loglogging:driver: "syslog"options:syslog-address: "tcp://localhost:1514"tag: "redis"proxy:image: goharbor/nginx-photon:v2.12.1container_name: nginxrestart: alwayscap_drop:- ALLcap_add:- CHOWN- SETGID- SETUID- NET_BIND_SERVICEvolumes:- ./common/config/nginx:/etc/nginx:z- type: bindsource: ./common/config/shared/trust-certificatestarget: /harbor_cust_certnetworks:- harborports:- 80:8080depends_on:- registry- core- portal- loglogging:driver: "syslog"options:syslog-address: "tcp://localhost:1514"tag: "proxy"networks:harbor:external: falseipam:config:- subnet: 172.18.0.0/16
3. 关键配置说明
-
networks 部分:
harbor: 定义了一个自定义的 Docker 网络。external: false: 表示该网络是 Docker Compose 创建的本地网络,而不是外部已存在的网络。ipam: 配置了 IP 地址管理(IPAM)参数,用来指定子网172.18.0.0/16。
-
services 部分:
- 每个 Harbor 服务(如
postgresql、core、registryctl等)都被配置为连接到harbor网络。 depends_on关键字用来指定容器之间的启动顺序,例如,core服务需要在postgresql启动后启动。
- 每个 Harbor 服务(如
-
ports 部分:
proxy服务通过ports关键字将容器的端口映射到主机
端口,以便外部可以访问 Harbor 服务。
4. 启动 Harbor
在包含 docker-compose.yml 文件的目录中,使用以下命令启动 Harbor:
docker-compose up -d
这将启动所有 Harbor 服务并连接到您定义的自定义网络 harbor。
5. 查看容器状态
您可以使用以下命令检查 Harbor 服务容器的运行状态:
docker-compose ps
6. 停止 Harbor
如果需要停止 Harbor 服务,可以使用以下命令:
docker-compose down
这样,您就成功配置并启动了一个带有自定义网络的 Harbor Docker Compose 环境。如果您有其他问题或需要进一步调整配置,随时可以提问!