5月
03
介绍
harbor支持docker compose和helm两种方式进行安装,一般情况下如果是kubernetes运行环境推荐用helm进行安装,如果是纯docker环境建议用docker compose进行安装,本次安装使用helm进行安装,安装版本为v2.2.1
创建命名空间
harbor包含服务较多,建议单独创建命名空间进行安装,便于后续的管理
apiVersion: v1
kind: Namespace
metadata:
name: harbor
labels:
name: harbor
另存为harbor-namespace.yaml文件,并执行kubectl apply -f harbor-namespace.yaml命令进行创建
创建共享目录
目录必须创建在共享存储的介质上面,比如NFS等
mkdir -p /u02/appdata/harbor/registry mkdir -p /u02/appdata/harbor/chartmuseum mkdir -p /u02/appdata/harbor/jobservice mkdir -p /u02/appdata/harbor/database mkdir -p /u02/appdata/harbor/redis mkdir -p /u02/appdata/harbor/trivy chmod 777 /u02/appdata/harbor/registry chmod 777 /u02/appdata/harbor/chartmuseum chmod 777 /u02/appdata/harbor/jobservice chmod 777 /u02/appdata/harbor/database chmod 777 /u02/appdata/harbor/redis chmod 777 /u02/appdata/harbor/trivy
创建PV PVC
PV根据实际情况进行创建,这里直接创建本地目录PV,通过PVC进行绑定关联
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-registry-pv"
labels:
name: harbor-registry-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/registry
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-chartmuseum-pv"
labels:
name: harbor-chartmuseum-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/chartmuseum
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-jobservice-pv"
labels:
name: harbor-jobservice-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/jobservice
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-database-pv"
labels:
name: harbor-database-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/database
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-redis-pv"
labels:
name: harbor-redis-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/redis
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "harbor-trivy-pv"
labels:
name: harbor-trivy-pv
release: stable
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /u02/appdata/harbor/trivy
type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-registry-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-registry-pv
release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-chartmuseum-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-chartmuseum-pv
release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-jobservice-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-jobservice-pv
release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-database-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-database-pv
release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-redis-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-redis-pv
release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-trivy-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
selector:
matchLabels:
name: harbor-trivy-pv
release: stable
另存为harbor-pv.yaml文件,并执行kubectl apply -f harbor-pv.yaml命令进行创建
helm安装
- 下载helm
从helm的gitlab仓库根据平台下载最新版本helm安装包,本次使用的是Helm v3.5.4
- 将安装包上传至服务器
[root]
tar -xvf helm-v3.5.4-linux-amd64.tar.gz
cp linux-amd64/helm /usr/local/bin
$ helm version
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rke/.kube/config
version.BuildInfo{Version:"v3.5.4", GitCommit:"1b5edb69df3d3a08df77c9902dc17af864ff05d1", GitTreeState:"clean", GoVersion:"go1.15.11"}
- 下载harbor Chart
helm repo add harbor https://helm.goharbor.io helm fetch harbor/harbor --untar cd harbor $ ls -l drwxr-xr-x 2 rke rke 4096 5月 3 12:44 cert -rw-r--r-- 1 rke rke 576 5月 3 12:44 Chart.yaml drwxr-xr-x 2 rke rke 4096 5月 3 12:44 conf -rw-r--r-- 1 rke rke 11357 5月 3 12:44 LICENSE -rw-r--r-- 1 rke rke 73049 5月 3 12:44 README.md drwxr-xr-x 15 rke rke 4096 5月 3 12:44 templates -rw-r--r-- 1 rke rke 25565 5月 3 15:54 values.yaml
- 编辑values.yaml文件
配置访问地址</h2>
ingress:
hosts:
core: harbor.xxx.com
notary: notary.xxx.com<h2>2. 配置访问地址</h2>
externalURL: https://harbor.xxx.com<h2>3. 配置pvc</h2>
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
existingClaim: "harbor-registry-pvc"
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
chartmuseum:
existingClaim: "harbor-chartmuseum-pvc"
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
jobservice:
existingClaim: "harbor-jobservice-pvc"
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 1Gi
# If external database is used, the following settings for database will
# be ignored
database:
existingClaim: "harbor-database-pvc"
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 1Gi
# If external Redis is used, the following settings for Redis will
# be ignored
redis:
existingClaim: "harbor-redis-pvc"
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 1Gi
trivy:
existingClaim: "harbor-trivy-pvc"
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
# 配置harbor管理员密码
harborAdminPassword: "Harbor12345"
- 离线问题解决
helm需要从远程仓库下载chart配置信息,如果安装服务器无法连接外网,可以在外网先下载好配置信息再上传至服务器
- 安装harbor
helm install harbor . --namespace harbor
初次安装时间会稍微长些,因为后台在下载镜像,如果所有的服务都running说明安装成功
$ kubectl get pods -n harbor NAME READY STATUS RESTARTS AGE harbor-harbor-chartmuseum-5cf6f98675-l9rrc 1/1 Running 0 18m harbor-harbor-core-6d9c598549-6ln2r 1/1 Running 1 18m harbor-harbor-database-0 1/1 Running 0 18m harbor-harbor-jobservice-6446db544f-thwx9 1/1 Running 1 18m harbor-harbor-notary-server-657f4cfcd4-c2cxs 1/1 Running 2 18m harbor-harbor-notary-signer-8dbf9794b-kdx8r 1/1 Running 2 18m harbor-harbor-portal-5f46795dc7-dwmj8 1/1 Running 0 18m harbor-harbor-redis-0 1/1 Running 0 18m harbor-harbor-registry-cb4c66c75-bb8bm 2/2 Running 0 18m harbor-harbor-trivy-0 1/1 Running 0 18m
配置访问地址
harbor通过Ingress进行访问,Ingerss访问地址就是上面配置的externalURL
$ kubectl get ing -n harbor NAME HOSTS ADDRESS harbor-harbor-ingress harbor.xxx.com 10.116.2.108,10.116.2.111 harbor-harbor-ingress-notary notary.xxx.com 10.116.2.108,10.116.2.111
如果是本地测试,需要将地址加入本地hosts文件,通过浏览器即可访问,如果是正式系统需要加入企业内部dns域名系统中进行解析
Address: https://zhengjianfeng.cn/?p=539
no comment untill now