在k8s上装置Harbor

先前条件

《kubernetes(k8s) 存储动静挂载》
《在k8s(kubernetes)上装置 ingress V1.1.3》
参考我之前的文档进行部署
https://www.oiox.cn/index.php/archives/32/
https://www.oiox.cn/index.php/archives/142/

我用到的批量将dockerhub导入阿里云

#!/bin/bashfor((i=0;i<n;i++)); do    echo "${i}"doneexport docker_images="goharbor/harbor-db:v2.6.2 goharbor/harbor-jobservice:v2.6.2 goharbor/harbor-portal:v2.6.2 goharbor/harbor-registryctl:v2.6.2 goharbor/notary-server-photon:v2.6.2 goharbor/notary-signer-photon:v2.6.2 goharbor/redis-photon:v2.6.2 goharbor/registry-photon:v2.6.2 goharbor/trivy-adapter-photon:v2.6.2"export aliyun_image="registry.cn-hangzhou.aliyuncs.com/chenby/"for images in $docker_images;do    export end_image=`echo "$images" | awk -F "/" '{print $NF}'`    docker pull "$images"    docker tag "$images" "$aliyun_image""$end_image"    docker push "$aliyun_image""$end_image"    docker rmi "$images"    docker rmi "$aliyun_image""$end_image"done

装置helm工具

# 装置helm工具curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3chmod 700 get_helm.sh./get_helm.sh

增加Harbor 官网Helm Chart仓库

# 增加Harbor 官网Helm Chart仓库root@cby:~# helm repo add harbor  https://helm.goharbor.ioWARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configWARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config"harbor" has been added to your repositories

查看源列表

# 查看源列表root@cby:~# helm repo listWARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configWARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/configNAME    URL                     devtron https://helm.devtron.ai harbor  https://helm.goharbor.ioroot@cby:~# 

列出最新版本的包

# 列出最新版本的包 root@cby:~# helm search repo harbor -l |  grep harbor/harbor  | head  -4WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configWARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/configharbor/harbor   1.10.2          2.6.2           An open source trusted cloud native registry th...harbor/harbor   1.10.1          2.6.1           An open source trusted cloud native registry th...harbor/harbor   1.10.0          2.6.0           An open source trusted cloud native registry th...harbor/harbor   1.9.4           2.5.4           An open source trusted cloud native registry th...root@cby:~# 

下载Chart包到本地

# 下载Chart包到本地root@cby:~# helm pull harbor/harbor --version 1.10.2WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configWARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/configroot@cby:~# root@cby:~# ls harbor-1.10.2.tgz harbor-1.10.2.tgzroot@cby:~# root@cby:~# tar zxvf harbor-1.10.2.tgzroot@cby:~# cd harbor/root@cby:~/harbor# lltotal 276drwxr-xr-x  5 root root   4096 Nov 22 10:35 ./drwx------ 12 root root   4096 Nov 22 10:35 ../drwxr-xr-x  2 root root   4096 Nov 22 10:35 cert/-rw-r--r--  1 root root    567 Nov 10 09:08 Chart.yamldrwxr-xr-x  2 root root   4096 Nov 22 10:35 conf/-rw-r--r--  1 root root     57 Nov 10 09:08 .helmignore-rw-r--r--  1 root root  11357 Nov 10 09:08 LICENSE-rw-r--r--  1 root root 202142 Nov 10 09:08 README.mddrwxr-xr-x 16 root root   4096 Nov 22 10:35 templates/-rw-r--r--  1 root root  33779 Nov 10 09:08 values.yamlroot@cby:~/harbor# 

批改values.yaml配置

# 批改values.yaml配置root@cby:~/harbor# sed -i "s#harbor.domain#oiox.cn#g" values.yaml# 设置为我的阿里云仓库root@cby:~/harbor# sed -i "s#repository: goharbor#repository: registry.cn-hangzhou.aliyuncs.com/chenby#g" values.yaml# 批改字段 externalURL  # 留神 30785 是我的ingress端口,各位的端口应该和我的不一样root@cby:~/harbor# vim values.yamlexternalURL: https://core.oiox.cn:30785# debug看看配置与本人的环境是否匹配,是否须要批改root@cby:~/harbor# helm install harbor ./ --dry-run | grep oiox.cnWARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configWARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config  EXT_ENDPOINT: "https://core.oiox.cn:30785"    - core.oiox.cn    host: core.oiox.cn    - notary.oiox.cn    host: notary.oiox.cnThen you should be able to visit the Harbor portal at https://core.oiox.cn:30785root@cby:~/harbor# 

装置

# 创立命名空间root@cby:~/harbor# kubectl create namespace harbornamespace/harbor createdroot@cby:~/harbor# # 进行装置root@cby:~/harbor# helm install  harbor . -n harborWARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/configWARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/configNAME: harborLAST DEPLOYED: Tue Nov 22 10:56:50 2022NAMESPACE: harborSTATUS: deployedREVISION: 1TEST SUITE: NoneNOTES:Please wait for several minutes for Harbor deployment to complete.Then you should be able to visit the Harbor portal at https://core.oiox.cnFor more details, please visit https://github.com/goharbor/harborroot@cby:~/harbor# 

编辑ingress配置

root@cby:~# kubectl edit ingress -n harbor harbor-ingressroot@cby:~# kubectl edit ingress -n harbor harbor-ingress-notary# 增加字段  ingressClassName: nginxspec:  ingressClassName: nginx  rules:  - host: core.oiox.cn    http:# 查看root@cby:~# kubectl get ingress -n harbor harbor-ingress -o yamlapiVersion: networking.k8s.io/v1kind: Ingressmetadata:  annotations:    ingress.kubernetes.io/proxy-body-size: "0"    ingress.kubernetes.io/ssl-redirect: "true"    meta.helm.sh/release-name: harbor    meta.helm.sh/release-namespace: harbor    nginx.ingress.kubernetes.io/proxy-body-size: "0"    nginx.ingress.kubernetes.io/ssl-redirect: "true"  creationTimestamp: "2022-11-22T15:21:35Z"  generation: 3  labels:    app: harbor    app.kubernetes.io/managed-by: Helm    chart: harbor    heritage: Helm    release: harbor  name: harbor-ingress  namespace: harbor  resourceVersion: "2070090"  uid: def0b549-3a00-49a4-8ece-b5ce18205427spec:  ingressClassName: nginx  rules:  - host: core.oiox.cn    http:      paths:      - backend:          service:            name: harbor-core            port:              number: 80        path: /api/        pathType: Prefix      - backend:          service:            name: harbor-core            port:              number: 80        path: /service/        pathType: Prefix      - backend:          service:            name: harbor-core            port:              number: 80        path: /v2/        pathType: Prefix      - backend:          service:            name: harbor-core            port:              number: 80        path: /chartrepo/        pathType: Prefix      - backend:          service:            name: harbor-core            port:              number: 80        path: /c/        pathType: Prefix      - backend:          service:            name: harbor-portal            port:              number: 80        path: /        pathType: Prefix  tls:  - hosts:    - core.oiox.cn    secretName: harbor-ingressstatus:  loadBalancer:    ingress:    - ip: 192.168.8.65root@cby:~# root@cby:~# kubectl get ingress -n harbor NAME                    CLASS   HOSTS            ADDRESS        PORTS     AGEharbor-ingress          nginx   core.oiox.cn     192.168.8.65   80, 443   9m8sharbor-ingress-notary   nginx   notary.oiox.cn   192.168.8.65   80, 443   9m8sroot@cby:~# 

拜访测试

# 查看管理员明码root@cby:~# kubectl get secret -n harbor harbor-core -o jsonpath='{.data.HARBOR_ADMIN_PASSWORD}'|base64 --decodeHarbor12345# 写入本地hosts配置root@cby:~# echo "192.168.8.65 core.oiox.cn" >> /etc/hostsroot@cby:~# sudo mkdir -p /etc/dockerroot@cby:~# sudo tee /etc/docker/daemon.json <<-'EOF'{  "registry-mirrors": [    "https://hub-mirror.c.163.com",    "https://mirror.baidubce.com"  ],  "insecure-registries": [    "hb.oiox.cn",    "core.oiox.cn:30785"  ],  "exec-opts": ["native.cgroupdriver=systemd"]}EOFroot@cby:~# sudo systemctl daemon-reloadroot@cby:~# sudo systemctl restart dockerroot@cby:~# docker login -uadmin -pHarbor12345 core.oiox.cn:30785WARNING! Using --password via the CLI is insecure. Use --password-stdin.WARNING! Your password will be stored unencrypted in /root/.docker/config.json.Configure a credential helper to remove this warning. Seehttps://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded

对于

https://www.oiox.cn/

https://www.oiox.cn/index.php...

CSDN、GitHub、51CTO、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、集体博客

全网可搜《小陈运维》

文章次要公布于微信公众号