4.2 部署企业级私有镜像仓库 Harbor

虽然官方新推出的支持 chart 部署,推荐使用单独的一台服务器部署 harbor

harbor 安装文档

硬件要求

资源 最小 推荐
CPU 2 CPU 4 CPU
内存 4 GB 8 GB
磁盘 40 GB 160 GB

软件要求

软件 版本 描述
Docker引擎 17.06.0-ce+ 安装指引,查看docker官方文档
Docker Compose 1.18.0+ 安装指引,查看Docker Compose文档
OpenSSL 最好是最新版本 用于为Harbor生成证书和密钥

详情可查看官方文档

4.2.1 基础设置

systemctl disable --now firewalld
setenforce 0
sed -i '/^SELINUX/s/enforcing/disabled/' /etc/selinux/config

yum -y install wget vim bash-completion net-tools

4.2.2 安装 docker-ce

wget -O /etc/yum.repos.d/docker-ce.repo \
  https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# 查看版本列表
yum search docker-ce --show-duplicates

# 安装指定版本
yum -y install docker-ce-20.10.12 docker-ce-cli-20.10.12

配置镜像加速

mkdir /etc/docker
tee /etc/docker/daemon.json <<EOF
{
  "registry-mirrors": [
    "https://mciwm180.mirror.aliyuncs.com",
    "https://docker.mirrors.ustc.edu.cn/",
    "https://registry.docker-cn.com"
  ],
  "log-driver": "json-file",
  "log-level": "warn",
  "log-opts": {
    "max-file": "10",
    "max-size": "100m"
  }
}
EOF

运行 docker

systemctl enable --now docker

检查安装

docker --version
Docker version 20.10.12, build e91ed57

4.2.2 安装 docker-compose

yum -y install epel-release

yum -y install docker-compose
# 查看版本, 满足要求
docker-compose --version
docker-compose version 1.18.0, build 8dd22a9

4.2.3 下载解压 harbor 离线安装包

github仓库地址

目前最新版本为 v2.4.1

wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz
mkdir /data
tar xf harbor-offline-installer-v2.4.1.tgz -C /data

4.2.4 加载镜像文件

cd /data/harbor
docker load -i harbor.v2.4.1.tar.gz

输出如下

1e3f0dc884e2: Loading layer [==================================================>]  39.45MB/39.45MB
3fd9ccd5eeaa: Loading layer [==================================================>]  5.275MB/5.275MB
c600bceee2f7: Loading layer [==================================================>]  4.096kB/4.096kB
724cd8711815: Loading layer [==================================================>]  3.072kB/3.072kB
d7c82a981c89: Loading layer [==================================================>]  17.32MB/17.32MB
a814341c2c44: Loading layer [==================================================>]  18.12MB/18.12MB
Loaded image: goharbor/registry-photon:v2.4.1
b00595b6932d: Loading layer [==================================================>]   5.27MB/5.27MB
e34892d856ce: Loading layer [==================================================>]  5.928MB/5.928MB
ac5a22c6047d: Loading layer [==================================================>]  14.47MB/14.47MB
3d1ac12eb215: Loading layer [==================================================>]  29.29MB/29.29MB
394b4b2ea0fa: Loading layer [==================================================>]  22.02kB/22.02kB
bb0deb7416e0: Loading layer [==================================================>]  14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.4.1
c3b02aec560c: Loading layer [==================================================>]  8.422MB/8.422MB
4d5b3acd128e: Loading layer [==================================================>]  3.584kB/3.584kB
7afbf44c3706: Loading layer [==================================================>]   2.56kB/2.56kB
31f95ac6eb9a: Loading layer [==================================================>]  75.59MB/75.59MB
8981a12f5c17: Loading layer [==================================================>]  5.632kB/5.632kB
16eb0821dcc3: Loading layer [==================================================>]  96.26kB/96.26kB
b19eba29a0de: Loading layer [==================================================>]  11.78kB/11.78kB
f0785d2e9965: Loading layer [==================================================>]  76.49MB/76.49MB
26ce29b9d7ab: Loading layer [==================================================>]   2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.4.1
59e3814aa5f1: Loading layer [==================================================>]  119.8MB/119.8MB
1e99e9cd580e: Loading layer [==================================================>]  3.072kB/3.072kB
2bab205001c7: Loading layer [==================================================>]   59.9kB/59.9kB
c51450af480c: Loading layer [==================================================>]  61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.4.1
3636ff090145: Loading layer [==================================================>]  8.421MB/8.421MB
fa3d57c372c8: Loading layer [==================================================>]  3.584kB/3.584kB
a2c97825dcbf: Loading layer [==================================================>]   2.56kB/2.56kB
366b1363b528: Loading layer [==================================================>]  86.95MB/86.95MB
3d2fd6d13a0f: Loading layer [==================================================>]  87.74MB/87.74MB
Loaded image: goharbor/harbor-jobservice:v2.4.1
8f71cf8bc1c6: Loading layer [==================================================>]  5.275MB/5.275MB
5cb3457d8e25: Loading layer [==================================================>]  4.096kB/4.096kB
02c18fad9dc6: Loading layer [==================================================>]  17.32MB/17.32MB
7bbcea1ec44e: Loading layer [==================================================>]  3.072kB/3.072kB
f2842e1ada70: Loading layer [==================================================>]  28.69MB/28.69MB
4665575c3f9e: Loading layer [==================================================>]  46.81MB/46.81MB
Loaded image: goharbor/harbor-registryctl:v2.4.1
439595cfbbc0: Loading layer [==================================================>]  7.192MB/7.192MB
Loaded image: goharbor/nginx-photon:v2.4.1
a19de03ace6b: Loading layer [==================================================>]   5.27MB/5.27MB
35bbd4cf35b6: Loading layer [==================================================>]  5.928MB/5.928MB
88f852ebd746: Loading layer [==================================================>]  15.88MB/15.88MB
e3c0db81a28c: Loading layer [==================================================>]  29.29MB/29.29MB
f74e521b7a55: Loading layer [==================================================>]  22.02kB/22.02kB
7d97a705f439: Loading layer [==================================================>]  15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.4.1
1e6473070b18: Loading layer [==================================================>]    124MB/124MB
f05c1a477d2d: Loading layer [==================================================>]  3.584kB/3.584kB
bcab3e00aa98: Loading layer [==================================================>]  3.072kB/3.072kB
970d569f474a: Loading layer [==================================================>]   2.56kB/2.56kB
c659c9812277: Loading layer [==================================================>]  3.072kB/3.072kB
9d401ff8bf07: Loading layer [==================================================>]  3.584kB/3.584kB
968dfed00d2e: Loading layer [==================================================>]  19.97kB/19.97kB
Loaded image: goharbor/harbor-log:v2.4.1
b64000a1cd2c: Loading layer [==================================================>]  1.097MB/1.097MB
e3fb7ac15701: Loading layer [==================================================>]  5.889MB/5.889MB
d6e7f8008582: Loading layer [==================================================>]  165.9MB/165.9MB
eff0812a8c6f: Loading layer [==================================================>]  15.07MB/15.07MB
91a6abd7a540: Loading layer [==================================================>]  4.096kB/4.096kB
47e875926154: Loading layer [==================================================>]  6.144kB/6.144kB
04876e025d4a: Loading layer [==================================================>]  3.072kB/3.072kB
b817a88114e6: Loading layer [==================================================>]  2.048kB/2.048kB
e5fb37021dff: Loading layer [==================================================>]   2.56kB/2.56kB
767486d5c318: Loading layer [==================================================>]   2.56kB/2.56kB
b92f2b842b46: Loading layer [==================================================>]   2.56kB/2.56kB
e90e3a7ea4e9: Loading layer [==================================================>]  8.704kB/8.704kB
Loaded image: goharbor/harbor-db:v2.4.1
daf3d38cddc8: Loading layer [==================================================>]  8.422MB/8.422MB
8013b2cbc0b9: Loading layer [==================================================>]  18.13MB/18.13MB
4445f5ea7083: Loading layer [==================================================>]  4.608kB/4.608kB
32e035f0af8e: Loading layer [==================================================>]  18.93MB/18.93MB
Loaded image: goharbor/harbor-exporter:v2.4.1
0ad72e88d766: Loading layer [==================================================>]   8.54MB/8.54MB
fe195f48d47b: Loading layer [==================================================>]  4.096kB/4.096kB
71f2671db231: Loading layer [==================================================>]  3.072kB/3.072kB
ddda0b4a8eae: Loading layer [==================================================>]  39.27MB/39.27MB
c3fe76027866: Loading layer [==================================================>]  12.37MB/12.37MB
d82a7403c39a: Loading layer [==================================================>]  52.43MB/52.43MB
Loaded image: goharbor/trivy-adapter-photon:v2.4.1
03e449493f09: Loading layer [==================================================>]  5.275MB/5.275MB
4f4a25c7cc0d: Loading layer [==================================================>]   64.5MB/64.5MB
77a37df05436: Loading layer [==================================================>]  3.072kB/3.072kB
47c58e48962d: Loading layer [==================================================>]  4.096kB/4.096kB
5dd56c28f3fc: Loading layer [==================================================>]  65.29MB/65.29MB
Loaded image: goharbor/chartmuseum-photon:v2.4.1
8b7cbddd8918: Loading layer [==================================================>]  165.6MB/165.6MB
b8157b6f7cb8: Loading layer [==================================================>]   57.6MB/57.6MB
4a53b9a92b30: Loading layer [==================================================>]   2.56kB/2.56kB
59184fc56c3c: Loading layer [==================================================>]  1.536kB/1.536kB
99431fe2c10f: Loading layer [==================================================>]  12.29kB/12.29kB
3735b7f4881f: Loading layer [==================================================>]   2.62MB/2.62MB
bcff3633b236: Loading layer [==================================================>]  325.6kB/325.6kB
Loaded image: goharbor/prepare:v2.4.1
eb57d0945b2e: Loading layer [==================================================>]  7.192MB/7.192MB
dd9069fd53a8: Loading layer [==================================================>]  7.355MB/7.355MB
e779dab1d180: Loading layer [==================================================>]  1.754MB/1.754MB
Loaded image: goharbor/harbor-portal:v2.4.1

4.2.5 创建tls证书

创建CA证书

1.生成CA证书私钥

cd /etc/pki
openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
.....................................................................................................................................++
..................................++
e is 65537 (0x10001)

2.创建 CA 证书

openssl req -x509 -new -nodes -sha512 -days 3650 \
 -subj "/C=CN/ST=GD/L=ShenZhen/O=example/OU=Personal/CN=hzde.com" \
 -key ca.key \
 -out ca.crt

创建 Harbor 证书

1.生成私钥

openssl genrsa -out harbor.key 4096
Generating RSA private key, 4096 bit long modulus
...................++
............................................................................................++
e is 65537 (0x10001)

2.创建证书颁发请求(CSR)

[!Note] CN要跟你的域名保持一致,不然docker login登录不上

openssl req -sha512 -new \
    -subj "/C=CN/ST=GD/L=ShenZhen/O=example/OU=Personal/CN=harbor.hzde.com" \
    -key harbor.key \
    -out harbor.csr

3.创建 v3 扩展文件

cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1=harbor.hzde.com
DNS.2=harbor
IP.1=192.168.122.40
EOF

4.创建 Harbor 证书

openssl x509 -req -sha512 -days 3650 \
    -extfile v3.ext \
    -CA ca.crt -CAkey ca.key -CAcreateserial \
    -in harbor.csr \
    -out harbor.crt

将 harbor 证书拷贝到 /etc/harbor

mkdir -p /etc/harbor/ssl
cp harbor.crt harbor.key /etc/harbor/ssl/

4.2.6 修改 harbor 配置文件

cd /data/harbor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
...
hostname: harbor.hzde.com
...
https:
  port: 443
  certificate: /etc/harbor/ssl/harbor.crt
  private_key: /etc/harbor/ssl/harbor.key
...
harbor_admin_password: Harbor12345 # Harbor登录密码,根据自己的需要进行修改

其他的配置项保持不变

4.2.7 启动服务

[!Note] 参数说明:

  • --with-notary:可保证镜像的真实性
  • --with-trivy:漏洞扫描工具,之前是--with-clair
  • --with-chartmuseum:启用chart仓库
./install.sh --with-notary --with-trivy --with-chartmuseum

安装详情


[Step 0]: checking if docker is installed ...

Note: docker version: 20.10.12

[Step 1]: checking docker-compose is installed ...

Note: docker-compose version: 1.18.0

[Step 2]: loading Harbor images ...
Loaded image: goharbor/registry-photon:v2.4.1
Loaded image: goharbor/notary-signer-photon:v2.4.1
Loaded image: goharbor/harbor-core:v2.4.1
Loaded image: goharbor/redis-photon:v2.4.1
Loaded image: goharbor/harbor-jobservice:v2.4.1
Loaded image: goharbor/harbor-registryctl:v2.4.1
Loaded image: goharbor/nginx-photon:v2.4.1
Loaded image: goharbor/notary-server-photon:v2.4.1
Loaded image: goharbor/harbor-log:v2.4.1
Loaded image: goharbor/harbor-db:v2.4.1
Loaded image: goharbor/harbor-exporter:v2.4.1
Loaded image: goharbor/trivy-adapter-photon:v2.4.1
Loaded image: goharbor/chartmuseum-photon:v2.4.1
Loaded image: goharbor/prepare:v2.4.1
Loaded image: goharbor/harbor-portal:v2.4.1


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/harbor
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Successfully called func: create_root_cert
Successfully called func: create_cert
Copying certs for notary signer
Copying nginx configuration file for notary
Generated configuration file: /config/nginx/conf.d/notary.upstream.conf
Generated configuration file: /config/nginx/conf.d/notary.server.conf
Generated configuration file: /config/notary/server-config.postgres.json
Generated configuration file: /config/notary/server_env
Generated and saved secret to file: /data/secret/keys/defaultalias
Generated configuration file: /config/notary/signer_env
Generated configuration file: /config/notary/signer-config.postgres.json
Creating harbor-log ... done
Generated configuration file: /config/chartserver/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Creating redis ... done
Creating harbor-db ... done
Creating network "harbor_harbor" with the default driver
Creating notary-signer ... done
Creating harbor-core ... done
Creating network "harbor_notary-sig" with the default driver
Creating nginx ... done
Creating harbor-db ...
Creating harbor-portal ...
Creating registry ...
Creating chartmuseum ...
Creating redis ...
Creating registryctl ...
Creating trivy-adapter ...
Creating notary-signer ...
Creating harbor-core ...
Creating notary-server ...
Creating harbor-jobservice ...
Creating nginx ...
✔ ----Harbor has been installed and started successfully.----

4.2.8 检查服务运行状态

docker ps -a

输出如下

CONTAINER ID   IMAGE                                  COMMAND                  CREATED          STATUS                    PORTS                                                                                                                       NAMES
631e2cf70ce3   goharbor/nginx-photon:v2.4.1           "nginx -g 'daemon of…"   39 seconds ago   Up 36 seconds (healthy)   0.0.0.0:4443->4443/tcp, :::4443->4443/tcp, 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp   nginx
6858728f0599   goharbor/harbor-jobservice:v2.4.1      "/harbor/entrypoint.…"   39 seconds ago   Up 37 seconds (healthy)                                                                                                                               harbor-jobservice
3d36ad387caf   goharbor/notary-server-photon:v2.4.1   "/bin/sh -c 'migrate…"   39 seconds ago   Up 37 seconds                                                                                                                                         notary-server
86dcc41a934b   goharbor/harbor-core:v2.4.1            "/harbor/entrypoint.…"   41 seconds ago   Up 39 seconds (healthy)                                                                                                                               harbor-core
d268b926f15c   goharbor/notary-signer-photon:v2.4.1   "/bin/sh -c 'migrate…"   41 seconds ago   Up 39 seconds                                                                                                                                         notary-signer
118f3c2c06da   goharbor/trivy-adapter-photon:v2.4.1   "/home/scanner/entry…"   41 seconds ago   Up 39 seconds (healthy)                                                                                                                               trivy-adapter
514d5087fa3f   goharbor/harbor-registryctl:v2.4.1     "/home/harbor/start.…"   44 seconds ago   Up 41 seconds (healthy)                                                                                                                               registryctl
63183394cec8   goharbor/redis-photon:v2.4.1           "redis-server /etc/r…"   44 seconds ago   Up 41 seconds (healthy)                                                                                                                               redis
1e39c7017cdd   goharbor/registry-photon:v2.4.1        "/home/harbor/entryp…"   44 seconds ago   Up 41 seconds (healthy)                                                                                                                               registry
537de07bc143   goharbor/harbor-portal:v2.4.1          "nginx -g 'daemon of…"   44 seconds ago   Up 42 seconds (healthy)                                                                                                                               harbor-portal
5f550dc9c27b   goharbor/chartmuseum-photon:v2.4.1     "./docker-entrypoint…"   44 seconds ago   Up 42 seconds (healthy)                                                                                                                               chartmuseum
0097e262713c   goharbor/harbor-db:v2.4.1              "/docker-entrypoint.…"   44 seconds ago   Up 41 seconds (healthy)                                                                                                                               harbor-db
1f6ec0ba6db2   goharbor/harbor-log:v2.4.1             "/bin/sh -c /usr/loc…"   44 seconds ago   Up 43 seconds (healthy)   127.0.0.1:1514->10514/tcp                                                                                                   harbor-log

全部为 Up,并且为 Healthy 说明运行没有问题

4.2.8.1 docker 登录验证

添加 hosts

echo '192.168.122.40 harbor.hzde.com' >> /etc/hosts

登录 harbor 有 2 种方式

1.为 docker 添加私有证书

mkdir /etc/docker/certs.d/harbor.hzde.com/ -p
cp /etc/harbor/ssl/harbor.crt /etc/docker/certs.d/harbor.hzde.com/ca.crt

2.将 harbor 添加到 insecure-registries

vim /etc/docker/daemon.json
...
  "insecure-registries": ["harbor.hzde.com"]
...

登录 harbor

docker login harbor.hzde.com -u admin -p Harbor12345
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

4.2.8.2 Harbor 控制台登录

先修改 hosts,增加一条192.168.122.40 harbor.hzde.com,然后通过浏览器访问:https://harbor.hzde.com,默认用户名:admin,默认密码:Harbor12345,密码可以在harbor.yml中修改。

harbor-login

harbor-dashboard

4.2.9 测试推送镜像到私有仓库

下载镜像

docker pull nginx:1.20.2-alpine
1.20.2-alpine: Pulling from library/nginx
97518928ae5f: Pull complete
a15dfa83ed30: Pull complete
acae0b19bbc1: Pull complete
fd4282442678: Pull complete
b521ea0d9e3f: Pull complete
b3282d03aa58: Pull complete
Digest: sha256:74694f2de64c44787a81f0554aa45b281e468c0c58b8665fafceda624d31e556
Status: Downloaded newer image for nginx:1.20.2-alpine
docker.io/library/nginx:1.20.2-alpine

tag

docker tag nginx:1.20.2-alpine harbor.hzde.com/library/nginx:1.20.2-alpine

推送镜像到仓库

docker push harbor.hzde.com/library/nginx:1.20.2-alpine
The push refers to repository [harbor.hzde.com/library/nginx]
6f44c5b5d074: Pushed
002fcf848e67: Pushed
e419fa208fe1: Pushed
112ee9c2903a: Pushed
68e5252d0d33: Pushed
1a058d5342cc: Pushed
1.20.2-alpine: digest: sha256:f6609f898bcdad15047629edc4033d17f9f90e2339fb5ccb97da267f16902251 size: 1568

4.2.10 kubernetes 使用私有仓库

方法一

1.在每台 node 节点添加 hosts

echo '192.168.122.40 harbor.hzde.com' >> /etc/hosts

2.在每台 node 节点上将 harbor 的证书拷贝

mkdir /etc/docker/certs.d/harbor.hzde.com -p
scp root@harbor.hzde.com:/etc/harbor/ssl/harbor.crt /etc/docker/certs.d/harbor.hzde.com/ca.crt

3.执行 docker login

docker login harbor.hzde.com

方法二(推荐)

1.在每台 node 节点添加 hosts

echo '192.168.122.40 harbor.hzde.com' >> /etc/hosts

2.在每台 node 节点上将 harbor 的证书拷贝

mkdir /etc/docker/certs.d/harbor.hzde.com -p
scp root@harbor.hzde.com:/etc/harbor/ssl/harbor.crt /etc/docker/certs.d/harbor.hzde.com/ca.crt

3.创建 secret

kubectl create secret docker-registry my-harbor --docker-server=harbor.hzde.com --docker-username=admin --docker-password=Harbor12345
secret/my-harbor created

4.1.在 yaml 中指定 imagePullSecrets

    image: harbor.hzde.com/library/nginx:alpine
    imagePullSecrets:
    - name: my-harbor

4.2.在 serviceaccount 中绑定

kubectl patch sa default -p '{"imagePullSecrets":[{"name":"my-harbor"}]}'
serviceaccount/default patched

kubectl get sa default -ojsonpath='{.imagePullSecrets[0].name}'
my-harbor

4.3测试

kubectl create deploy nginx --image=harbor.hzde.com/library/nginx:alpine
deployment.apps/nginx created

kubectl get po -l app=nginx
NAME                     READY   STATUS    RESTARTS   AGE
nginx-5bc9dd7946-ggczh   1/1     Running   0          64s

4.2.11 harbor-chart 使用

自行制作或者从其他 chart 仓库下载 chart

下载 chart

搜索

helm search repo redis
NAME                    CHART VERSION   APP VERSION     DESCRIPTION
bitnami/redis           16.2.1          6.2.6           Open source, advanced key-value store. It is of...
bitnami/redis-cluster   7.2.1           6.2.6           Open source, advanced key-value store. It is of...

下载

helm fetch bitnami/redis --version 16.2.1

执行完之后得到 redis-16.2.1.tgz 文件

上传 chart

可以通过网页上传或者 curl 进行 post 上传

curl -k -u "admin:Harbor12345" -X POST https://harbor.hzde.com/api/chartrepo/library/charts -F "chart=@redis-16.2.1.tgz"
{"saved":true}

添加 harbor-chart 仓库

1.添加 chart

scp harbor.hzde.com:/etc/pki/{ca.crt,harbor.crt,harbor.key} /etc/pki/
helm repo add --ca-file /etc/pki/ca.crt --cert-file /etc/pki/harbor.crt --key-file /etc/pki/harbor.key     --username admin --password Harbor12345 my-harbor https://harbor.hzde.com/chartrepo/library       
"my-harbor" has been added to your repositories

2.更新 repo

helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "my-harbor" chart repository
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈

3.查找上传的 chart

helm search repo redis
NAME                    CHART VERSION   APP VERSION     DESCRIPTION
bitnami/redis           16.2.1          6.2.6           Open source, advanced key-value store. It is of...
bitnami/redis-cluster   7.2.1           6.2.6           Open source, advanced key-value store. It is of...
my-harbor/redis         16.2.1          6.2.6           Open source, advanced key-value store. It is of...

看到已经能搜索到 my-harbor/redis 这个 chart

4.安装 chart

helm install my-harbor/redis --generate-name
NAME: redis-1643445471
LAST DEPLOYED: Sat Jan 29 16:37:55 2022
NAMESPACE: monitoring
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: redis
CHART VERSION: 16.2.1
APP VERSION: 6.2.6

** Please be patient while the chart is being deployed **

Redis&trade; can be accessed on the following DNS names from within your cluster:

    redis-1643445471-master.monitoring.svc.cluster.local for read/write operations (port 6379)
    redis-1643445471-replicas.monitoring.svc.cluster.local for read-only operations (port 6379)



To get your password run:

    export REDIS_PASSWORD=$(kubectl get secret --namespace monitoring redis-1643445471 -o jsonpath="{.data.redis-password}" | base64 --decode)

To connect to your Redis&trade; server:

1. Run a Redis&trade; pod that you can use as a client:

   kubectl run --namespace monitoring redis-client --restart='Never'  --env REDIS_PASSWORD=$REDIS_PASSWORD  --image docker.io/bitnami/redis:6.2.6-debian-10-r103 --command -- sleep infinity

   Use the following command to attach to the pod:

   kubectl exec --tty -i redis-client \
   --namespace monitoring -- bash

2. Connect using the Redis&trade; CLI:
   REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-1643445471-master
   REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-1643445471-replicas

To connect to your database from outside the cluster execute the following commands:

    kubectl port-forward --namespace monitoring svc/redis-1643445471-master : &
    REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p

4.2.12 helm 安装 harbor

个人建议还是将 harbor 部署在单独的服务器上

helm 安装 Harbor 官方文档

# 添加helm仓库
helm repo add harbor https://helm.goharbor.io
"harbor" has been added to your repositories

# 安装chart
helm install harbor harbor/harbor

# 暴露给外部使用
kubectl patch svc harbor-harbor-portal -p '{"spec":{"type":"NodePort"}}'

# 自定义安装harbor
helm fetch harbor/harbor --untar
cd harbor

# 根据实际情况修改values.yaml
helm install --name harbor ./ -f values.yaml

或者通过 --set 指定参数进行安装

harbor 安装的时候需要用到存储类,如果没有安装可以参考 2.9 安装 ceph-rbd 存储类 StorageClass

kubectl create namespace devops
helm install harbor harbor/harbor \
 --set expose.type=loadBalancer \
 --set expose.tls.enabled=true \
 --set expose.tls.auto.commonName=harbor.hzde.com \
 --set externalURL=https://harbor.hzde.com \
 --set imagePullPolicy=IfNotPresent \
 --set harborAdminPassword=Harbor12345 \
 --set chartmuseum.enabled=false \
 -n devops

输出如下

NAME: harbor
LAST DEPLOYED: Sat Jan 29 16:47:15 2022
NAMESPACE: devops
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at https://harbor.hzde.com
For more details, please visit https://github.com/goharbor/harbor

检查安装

kubectl get po -n devops
NAME                                    READY   STATUS    RESTARTS        AGE
harbor-core-d556b74c8-bnsg5             1/1     Running   4 (2m2s ago)    7m29s
harbor-database-0                       1/1     Running   0               7m29s
harbor-jobservice-796b7777b4-7sz2c      0/1     Running   4 (68s ago)     7m29s
harbor-nginx-67658bd774-gkn2c           1/1     Running   0               7m29s
harbor-notary-server-7bd4777c6-hkfbc    1/1     Running   1 (6m50s ago)   7m29s
harbor-notary-signer-67974559cc-czpxd   1/1     Running   1 (6m53s ago)   7m29s
harbor-portal-5598f9d6db-vmb6p          1/1     Running   0               7m29s
harbor-redis-0                          1/1     Running   0               7m29s
harbor-registry-5db9c77d44-5jmz7        2/2     Running   0               7m29s
harbor-trivy-0                          1/1     Running   0               7m29s

kubectl get svc -n devops
NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP       PORT(S)                                     AGE
harbor                 LoadBalancer   10.101.230.45    192.168.122.196   80:31701/TCP,443:32576/TCP,4443:31081/TCP   7m35s
harbor-core            ClusterIP      10.97.22.114     <none>            80/TCP                                      7m36s
harbor-database        ClusterIP      10.100.14.62     <none>            5432/TCP                                    7m36s
harbor-jobservice      ClusterIP      10.100.238.141   <none>            80/TCP                                      7m36s
harbor-notary-server   ClusterIP      10.99.24.250     <none>            4443/TCP                                    7m37s
harbor-notary-signer   ClusterIP      10.111.45.90     <none>            7899/TCP                                    7m37s
harbor-portal          ClusterIP      10.97.136.198    <none>            80/TCP                                      7m37s
harbor-redis           ClusterIP      10.101.36.168    <none>            6379/TCP                                    7m36s
harbor-registry        ClusterIP      10.106.188.110   <none>            5000/TCP,8080/TCP                           7m37s
harbor-trivy           ClusterIP      10.107.236.37    <none>            8080/TCP                                    7m38s

在需要登录的电脑上配置 hosts192.168.122.196 harbor.hzde.com,然后打开浏览器,输入 https://harbor.hzde.com 进行访问,默认用户名 admin ,默认密码 Harbor12345

Copyright © huangzhongde.cn 2021 all right reserved,powered by Gitbook该文件修订时间: 2022-01-30 17:51:13

results matching ""

    No results matching ""