Docker 镜像管理(三):harbor 高可用部署与版本升级

本篇目录

说明

Harbor 1.6.3 最后一次给出单独的高可用部署方案:high_availability_installation_guide.md。从 1.7.0 开始就不提供该文件了。issues/8393 中提到以后不在支持独立的高可用部署,有人建议用 harbor-helm,这样会使 harbor 与 kubernetes 耦合。

1.6.3 给出的高可用方案

Harbor 中的以下服务是无状态服务:

Adminserver
UI
Registry
Logs
Jobservice
Clair
Proxy

数据库和缓存是 harbor 中的有状态服务:

Harbor database(MariaDB)
Clair database(PostgresSQL)
Notary database(MariaDB)
Redis

建议方案如下:

harbor高可用方案

上面的方案针对的是 harbor 1.6.3,有一些组件 harbor 可能不再使用了,例如 1.10.0 提供的 docker-composer.yml 中只有 postgresql,没有 mariadb。

另外 1.10.0 等较新版本的配置文件格式也发生了变化了,相关配置分别是:

storage_service

storage_service:
  # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
  # of registry's and chart repository's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.
  ca_bundle:

  # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
  # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
  filesystem:
    maxthreads: 100
  # set disable to true when you want to disable registry redirect
  redirect:
    disabled: false

external_database:

external_database:
  harbor:
    host: harbor_db_host
    port: harbor_db_port
    db_name: harbor_db_name
    username: harbor_db_username
    password: harbor_db_password
    ssl_mode: disable
    max_idle_conns: 2
    max_open_conns: 0
  clair:
    host: clair_db_host
    port: clair_db_port
    db_name: clair_db_name
    username: clair_db_username
    password: clair_db_password
    ssl_mode: disable
  notary_signer:
    host: notary_signer_db_host
    port: notary_signer_db_port
    db_name: notary_signer_db_name
    username: notary_signer_db_username
    password: notary_signer_db_password
    ssl_mode: disable
  notary_server:
    host: notary_server_db_host
    port: notary_server_db_port
    db_name: notary_server_db_name
    username: notary_server_db_username
    password: notary_server_db_password
    ssl_mode: disable

external_redis:

external_redis:
  host: redis
  port: 6379
  password:
  # db_index 0 is for core, it's unchangeable
  registry_db_index: 1
  jobservice_db_index: 2
  chartmuseum_db_index: 3
  clair_db_index: 4

harbor-helm

harbor-helm 是社区一直维护的项目。

harbor 版本升级

1.7.x 到 1.9.x 的版本升级方法相同:v1.9.4 migration_guide.md

$ docker-compose down  # 停止服务
$ mv harbor /my_backup_dir/harbor # 备份数据
$ cp -r /data/database /my_backup_dir/
$ docker pull goharbor/harbor-migrator:v1.9.4
# 下载新的版本,并把新版本的 harbor.yml 挂载到容器中进行配置同步
$ docker run -it --rm -v harbor.yml:/harbor-migration/harbor-cfg/harbor.yml goharbor/harbor-migrator:v1.9.4 --cfg up
$ ./install.sh

harbor 的 webhook

harbor 从 1.9.0 开始支持 webhook,webhook 以 project 为单位,为每个 project 单独配置。

Webhook Notifications 列出了支持的事件和消息格式。

参考

  1. 李佶澳的博客
  2. high_availability_installation_guide.md
  3. issues/8393
  4. harbor-helm
  5. quay
  6. v1.9.4 migration_guide.md
  7. Webhook Notifications
  8. 谈谈我对Harbor认识

推荐阅读

站长微信(一般不闲聊)

赞助商广告

Copyright @2011-2019 All rights reserved. 转载请添加原文连接,合作请加微信lijiaocn或者发送邮件: [email protected],备注网站合作

友情链接:  李佶澳的博客  小鸟笔记  软件手册  编程手册  运营手册  爱马影视  网络课程  奇技淫巧  课程文档  精选文章  发现知识星球  百度搜索 谷歌搜索