关于kubernetes:kubernetes环境下harbor安装

介绍

harbor反对docker compose和helm两种形式进行装置，个别状况下如果是kubernetes运行环境举荐用helm进行装置，如果是纯docker环境倡议用docker compose进行装置，本次装置应用helm进行装置，装置版本为v2.2.1

创立命名空间

harbor蕴含服务较多，倡议独自创立命名空间进行装置，便于后续的治理

apiVersion: v1kind: Namespacemetadata:  name: harbor  labels:    name: harbor

另存为harbor-namespace.yaml文件，并执行kubectl apply -f harbor-namespace.yaml命令进行创立

创立共享目录

目录必须创立在共享存储的介质下面，比方NFS等

mkdir -p /u02/appdata/harbor/registrymkdir -p /u02/appdata/harbor/chartmuseummkdir -p /u02/appdata/harbor/jobservicemkdir -p /u02/appdata/harbor/databasemkdir -p /u02/appdata/harbor/redismkdir -p /u02/appdata/harbor/trivychmod 777 /u02/appdata/harbor/registrychmod 777 /u02/appdata/harbor/chartmuseumchmod 777 /u02/appdata/harbor/jobservicechmod 777 /u02/appdata/harbor/databasechmod 777 /u02/appdata/harbor/redischmod 777 /u02/appdata/harbor/trivy

创立PV PVC

PV依据理论状况进行创立，这里间接创立本地目录PV，通过PVC进行绑定关联

apiVersion: v1kind: PersistentVolumemetadata:  name: "harbor-registry-pv"  labels:    name: harbor-registry-pv    release: stablespec:  capacity:    storage: 5Gi  accessModes:    - ReadWriteOnce  persistentVolumeReclaimPolicy: Retain  hostPath:    path: /u02/appdata/harbor/registry    type: DirectoryOrCreate---apiVersion: v1kind: PersistentVolumemetadata:  name: "harbor-chartmuseum-pv"  labels:    name: harbor-chartmuseum-pv    release: stablespec:  capacity:    storage: 5Gi  accessModes:    - ReadWriteOnce  persistentVolumeReclaimPolicy: Retain  hostPath:    path: /u02/appdata/harbor/chartmuseum    type: DirectoryOrCreate---apiVersion: v1kind: PersistentVolumemetadata:  name: "harbor-jobservice-pv"  labels:    name: harbor-jobservice-pv    release: stablespec:  capacity:    storage: 5Gi  accessModes:    - ReadWriteOnce  persistentVolumeReclaimPolicy: Retain  hostPath:    path: /u02/appdata/harbor/jobservice    type: DirectoryOrCreate---apiVersion: v1kind: PersistentVolumemetadata:  name: "harbor-database-pv"  labels:    name: harbor-database-pv    release: stablespec:  capacity:    storage: 5Gi  accessModes:    - ReadWriteOnce  persistentVolumeReclaimPolicy: Retain  hostPath:    path: /u02/appdata/harbor/database    type: DirectoryOrCreate---apiVersion: v1kind: PersistentVolumemetadata:  name: "harbor-redis-pv"  labels:    name: harbor-redis-pv    release: stablespec:  capacity:    storage: 5Gi  accessModes:    - ReadWriteOnce  persistentVolumeReclaimPolicy: Retain  hostPath:    path: /u02/appdata/harbor/redis    type: DirectoryOrCreate---apiVersion: v1kind: PersistentVolumemetadata:  name: "harbor-trivy-pv"  labels:    name: harbor-trivy-pv    release: stablespec:  capacity:    storage: 5Gi  accessModes:    - ReadWriteOnce  persistentVolumeReclaimPolicy: Retain  hostPath:    path: /u02/appdata/harbor/trivy    type: DirectoryOrCreate---apiVersion: v1kind: PersistentVolumeClaimmetadata:  name: harbor-registry-pvc  namespace: harborspec:  accessModes:    - ReadWriteOnce  resources:    requests:      storage: 5Gi  selector:    matchLabels:      name: harbor-registry-pv      release: stable---apiVersion: v1kind: PersistentVolumeClaimmetadata:  name: harbor-chartmuseum-pvc  namespace: harborspec:  accessModes:    - ReadWriteOnce  resources:    requests:      storage: 5Gi  selector:    matchLabels:      name: harbor-chartmuseum-pv      release: stable---apiVersion: v1kind: PersistentVolumeClaimmetadata:  name: harbor-jobservice-pvc  namespace: harborspec:  accessModes:    - ReadWriteOnce  resources:    requests:      storage: 5Gi  selector:    matchLabels:      name: harbor-jobservice-pv      release: stable---apiVersion: v1kind: PersistentVolumeClaimmetadata:  name: harbor-database-pvc  namespace: harborspec:  accessModes:    - ReadWriteOnce  resources:    requests:      storage: 5Gi  selector:    matchLabels:      name: harbor-database-pv      release: stable---apiVersion: v1kind: PersistentVolumeClaimmetadata:  name: harbor-redis-pvc  namespace: harborspec:  accessModes:    - ReadWriteOnce  resources:    requests:      storage: 5Gi  selector:    matchLabels:      name: harbor-redis-pv      release: stable---apiVersion: v1kind: PersistentVolumeClaimmetadata:  name: harbor-trivy-pvc  namespace: harborspec:  accessModes:    - ReadWriteOnce  resources:    requests:      storage: 5Gi  selector:    matchLabels:      name: harbor-trivy-pv      release: stable

另存为harbor-pv.yaml文件，并执行kubectl apply -f harbor-pv.yaml命令进行创立

helm装置

• 下载helm

从helm的gitlab仓库依据平台下载最新版本helm安装包，本次应用的是Helm v3.5.4

• 将安装包上传至服务器

[root]tar -xvf helm-v3.5.4-linux-amd64.tar.gzcp linux-amd64/helm /usr/local/bin$ helm versionWARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rke/.kube/configversion.BuildInfo{Version:"v3.5.4", GitCommit:"1b5edb69df3d3a08df77c9902dc17af864ff05d1", GitTreeState:"clean", GoVersion:"go1.15.11"}

• 下载harbor Chart

helm repo add harbor https://helm.goharbor.iohelm fetch harbor/harbor --untarcd harbor$ ls -ldrwxr-xr-x  2 rke rke  4096 5月   3 12:44 cert-rw-r--r--  1 rke rke   576 5月   3 12:44 Chart.yamldrwxr-xr-x  2 rke rke  4096 5月   3 12:44 conf-rw-r--r--  1 rke rke 11357 5月   3 12:44 LICENSE-rw-r--r--  1 rke rke 73049 5月   3 12:44 README.mddrwxr-xr-x 15 rke rke  4096 5月   3 12:44 templates-rw-r--r--  1 rke rke 25565 5月   3 15:54 values.yaml

• 编辑values.yaml文件

## 1. 配置拜访地址ingress:    hosts:      core: harbor.xxx.com      notary: notary.xxx.com## 2. 配置拜访地址externalURL: https://harbor.xxx.com## 3. 配置pvcpersistence:  enabled: true  resourcePolicy: "keep"  persistentVolumeClaim:    registry:      existingClaim: "harbor-registry-pvc"      storageClass: ""      subPath: ""      accessMode: ReadWriteOnce      size: 5Gi    chartmuseum:      existingClaim: "harbor-chartmuseum-pvc"      storageClass: ""      subPath: ""      accessMode: ReadWriteOnce      size: 5Gi    jobservice:      existingClaim: "harbor-jobservice-pvc"      storageClass: ""      subPath: ""      accessMode: ReadWriteOnce      size: 1Gi    # If external database is used, the following settings for database will    # be ignored    database:      existingClaim: "harbor-database-pvc"      storageClass: ""      subPath: ""      accessMode: ReadWriteOnce      size: 1Gi    # If external Redis is used, the following settings for Redis will    # be ignored    redis:      existingClaim: "harbor-redis-pvc"      storageClass: ""      subPath: ""      accessMode: ReadWriteOnce      size: 1Gi    trivy:      existingClaim: "harbor-trivy-pvc"      storageClass: ""      subPath: ""      accessMode: ReadWriteOnce      size: 5Gi # 配置harbor管理员明码 harborAdminPassword: "Harbor12345"

• 离线问题解决

helm须要从近程仓库下载chart配置信息，如果装置服务器无奈连贯外网，能够在外网先下载好配置信息再上传至服务器

• 装置harbor

helm install harbor . --namespace harbor

首次安装时间会略微长些，因为后盾在下载镜像，如果所有的服务都running阐明装置胜利

$ kubectl get pods -n harborNAME                                           READY   STATUS    RESTARTS   AGEharbor-harbor-chartmuseum-5cf6f98675-l9rrc     1/1     Running   0          18mharbor-harbor-core-6d9c598549-6ln2r            1/1     Running   1          18mharbor-harbor-database-0                       1/1     Running   0          18mharbor-harbor-jobservice-6446db544f-thwx9      1/1     Running   1          18mharbor-harbor-notary-server-657f4cfcd4-c2cxs   1/1     Running   2          18mharbor-harbor-notary-signer-8dbf9794b-kdx8r    1/1     Running   2          18mharbor-harbor-portal-5f46795dc7-dwmj8          1/1     Running   0          18mharbor-harbor-redis-0                          1/1     Running   0          18mharbor-harbor-registry-cb4c66c75-bb8bm         2/2     Running   0          18mharbor-harbor-trivy-0                          1/1     Running   0          18m

配置拜访地址

harbor通过Ingress进行拜访，Ingerss拜访地址就是下面配置的externalURL

$ kubectl get ing -n harborNAME                           HOSTS                   ADDRESS                  harbor-harbor-ingress          harbor.xxx.com   10.116.2.108,10.116.2.111harbor-harbor-ingress-notary   notary.xxx.com   10.116.2.108,10.116.2.111

如果是本地测试，须要将地址退出本地hosts文件，通过浏览器即可拜访，如果是正式零碎须要退出企业外部dns域名零碎中进行解析