共计 6403 个字符,预计需要花费 17 分钟才能阅读完成。
介绍
harbor 反对 docker compose 和 helm 两种形式进行装置,个别状况下如果是 kubernetes 运行环境举荐用 helm 进行装置,如果是纯 docker 环境倡议用 docker compose 进行装置,本次装置应用 helm 进行装置,装置版本为v2.2.1
创立命名空间
harbor 蕴含服务较多,倡议独自创立命名空间进行装置,便于后续的治理
apiVersion: v1
kind: Namespace
metadata:
name: harbor
labels:
name: harbor另存为 harbor-namespace.yaml 文件,并执行 kubectl apply -f harbor-namespace.yaml 命令进行创立
创立共享目录
目录必须创立在共享存储的介质下面,比方 NFS 等
mkdir -p /u02/appdata/harbor/registry
mkdir -p /u02/appdata/harbor/chartmuseum
mkdir -p /u02/appdata/harbor/jobservice
mkdir -p /u02/appdata/harbor/database
mkdir -p /u02/appdata/harbor/redis
mkdir -p /u02/appdata/harbor/trivy
chmod 777 /u02/appdata/harbor/registry
chmod 777 /u02/appdata/harbor/chartmuseum
chmod 777 /u02/appdata/harbor/jobservice
chmod 777 /u02/appdata/harbor/database
chmod 777 /u02/appdata/harbor/redis
chmod 777 /u02/appdata/harbor/trivy创立 PV PVC
PV 依据理论状况进行创立,这里间接创立本地目录 PV,通过 PVC 进行绑定关联
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-registry-pv"
labels:
name: harbor-registry-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/registry
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-chartmuseum-pv"
labels:
name: harbor-chartmuseum-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/chartmuseum
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-jobservice-pv"
labels:
name: harbor-jobservice-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/jobservice
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-database-pv"
labels:
name: harbor-database-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/database
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-redis-pv"
labels:
name: harbor-redis-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/redis
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-trivy-pv"
labels:
name: harbor-trivy-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/trivy
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-registry-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-registry-pv
release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-chartmuseum-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-chartmuseum-pv
release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-jobservice-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-jobservice-pv
release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-database-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-database-pv
release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-redis-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-redis-pv
release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-trivy-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-trivy-pv
release: stable另存为 harbor-pv.yaml 文件,并执行 kubectl apply -f harbor-pv.yaml 命令进行创立
helm 装置
- 下载 helm
从 helm 的 gitlab 仓库依据平台下载最新版本 helm 安装包,本次应用的是Helm v3.5.4
- 将安装包上传至服务器
[root]
tar -xvf helm-v3.5.4-linux-amd64.tar.gz
cp linux-amd64/helm /usr/local/bin
$ helm version
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rke/.kube/config
version.BuildInfo{Version:"v3.5.4", GitCommit:"1b5edb69df3d3a08df77c9902dc17af864ff05d1", GitTreeState:"clean", GoVersion:"go1.15.11"}- 下载 harbor Chart
helm repo add harbor https://helm.goharbor.io
helm fetch harbor/harbor --untar
cd harbor
$ ls -l
drwxr-xr-x 2 rke rke 4096 5 月 3 12:44 cert
-rw-r--r-- 1 rke rke 576 5 月 3 12:44 Chart.yaml
drwxr-xr-x 2 rke rke 4096 5 月 3 12:44 conf
-rw-r--r-- 1 rke rke 11357 5 月 3 12:44 LICENSE
-rw-r--r-- 1 rke rke 73049 5 月 3 12:44 README.md
drwxr-xr-x 15 rke rke 4096 5 月 3 12:44 templates
-rw-r--r-- 1 rke rke 25565 5 月 3 15:54 values.yaml- 编辑 values.yaml 文件
## 1. 配置拜访地址
ingress:
hosts:
core: harbor.xxx.com
notary: notary.xxx.com
## 2. 配置拜访地址
externalURL: https://harbor.xxx.com
## 3. 配置 pvc
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
existingClaim: "harbor-registry-pvc"
storageClass: ""subPath:""
accessMode: ReadWriteOnce
size: 5Gi
chartmuseum:
existingClaim: "harbor-chartmuseum-pvc"
storageClass: ""subPath:""
accessMode: ReadWriteOnce
size: 5Gi
jobservice:
existingClaim: "harbor-jobservice-pvc"
storageClass: ""subPath:""
accessMode: ReadWriteOnce
size: 1Gi
# If external database is used, the following settings for database will
# be ignored
database:
existingClaim: "harbor-database-pvc"
storageClass: ""subPath:""
accessMode: ReadWriteOnce
size: 1Gi
# If external Redis is used, the following settings for Redis will
# be ignored
redis:
existingClaim: "harbor-redis-pvc"
storageClass: ""subPath:""
accessMode: ReadWriteOnce
size: 1Gi
trivy:
existingClaim: "harbor-trivy-pvc"
storageClass: ""subPath:""
accessMode: ReadWriteOnce
size: 5Gi
# 配置 harbor 管理员明码
harborAdminPassword: "Harbor12345"- 离线问题解决
helm 须要从近程仓库下载 chart 配置信息,如果装置服务器无奈连贯外网,能够在外网先下载好配置信息再上传至服务器
- 装置 harbor
helm install harbor . --namespace harbor首次安装时间会略微长些,因为后盾在下载镜像,如果所有的服务都 running 阐明装置胜利
$ kubectl get pods -n harbor
NAME READY STATUS RESTARTS AGE
harbor-harbor-chartmuseum-5cf6f98675-l9rrc 1/1 Running 0 18m
harbor-harbor-core-6d9c598549-6ln2r 1/1 Running 1 18m
harbor-harbor-database-0 1/1 Running 0 18m
harbor-harbor-jobservice-6446db544f-thwx9 1/1 Running 1 18m
harbor-harbor-notary-server-657f4cfcd4-c2cxs 1/1 Running 2 18m
harbor-harbor-notary-signer-8dbf9794b-kdx8r 1/1 Running 2 18m
harbor-harbor-portal-5f46795dc7-dwmj8 1/1 Running 0 18m
harbor-harbor-redis-0 1/1 Running 0 18m
harbor-harbor-registry-cb4c66c75-bb8bm 2/2 Running 0 18m
harbor-harbor-trivy-0 1/1 Running 0 18m配置拜访地址
harbor 通过 Ingress 进行拜访,Ingerss 拜访地址就是下面配置的externalURL
$ kubectl get ing -n harbor
NAME HOSTS ADDRESS
harbor-harbor-ingress harbor.xxx.com 10.116.2.108,10.116.2.111
harbor-harbor-ingress-notary notary.xxx.com 10.116.2.108,10.116.2.111如果是本地测试,须要将地址退出本地 hosts 文件,通过浏览器即可拜访,如果是正式零碎须要退出企业外部 dns 域名零碎中进行解析
正文完