4.2 部署企业级私有镜像仓库 Harbor
虽然官方新推出的支持 chart 部署,推荐使用单独的一台服务器部署 harbor
硬件要求
| 资源 | 最小 | 推荐 |
|---|---|---|
| CPU | 2 CPU | 4 CPU |
| 内存 | 4 GB | 8 GB |
| 磁盘 | 40 GB | 160 GB |
软件要求
| 软件 | 版本 | 描述 |
|---|---|---|
| Docker引擎 | 17.06.0-ce+ | 安装指引,查看docker官方文档 |
| Docker Compose | 1.18.0+ | 安装指引,查看Docker Compose文档 |
| OpenSSL | 最好是最新版本 | 用于为Harbor生成证书和密钥 |
详情可查看官方文档
4.2.1 基础设置
systemctl disable --now firewalld
setenforce 0
sed -i '/^SELINUX/s/enforcing/disabled/' /etc/selinux/config
yum -y install wget vim bash-completion net-tools
4.2.2 安装 docker-ce
wget -O /etc/yum.repos.d/docker-ce.repo \
https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 查看版本列表
yum search docker-ce --show-duplicates
# 安装指定版本
yum -y install docker-ce-20.10.12 docker-ce-cli-20.10.12
配置镜像加速
mkdir /etc/docker
tee /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://mciwm180.mirror.aliyuncs.com",
"https://docker.mirrors.ustc.edu.cn/",
"https://registry.docker-cn.com"
],
"log-driver": "json-file",
"log-level": "warn",
"log-opts": {
"max-file": "10",
"max-size": "100m"
}
}
EOF
运行 docker
systemctl enable --now docker
检查安装
docker --version
Docker version 20.10.12, build e91ed57
4.2.2 安装 docker-compose
yum -y install epel-release
yum -y install docker-compose
# 查看版本, 满足要求
docker-compose --version
docker-compose version 1.18.0, build 8dd22a9
4.2.3 下载解压 harbor 离线安装包
github仓库地址
目前最新版本为 v2.4.1
wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz
mkdir /data
tar xf harbor-offline-installer-v2.4.1.tgz -C /data
4.2.4 加载镜像文件
cd /data/harbor
docker load -i harbor.v2.4.1.tar.gz
输出如下
1e3f0dc884e2: Loading layer [==================================================>] 39.45MB/39.45MB
3fd9ccd5eeaa: Loading layer [==================================================>] 5.275MB/5.275MB
c600bceee2f7: Loading layer [==================================================>] 4.096kB/4.096kB
724cd8711815: Loading layer [==================================================>] 3.072kB/3.072kB
d7c82a981c89: Loading layer [==================================================>] 17.32MB/17.32MB
a814341c2c44: Loading layer [==================================================>] 18.12MB/18.12MB
Loaded image: goharbor/registry-photon:v2.4.1
b00595b6932d: Loading layer [==================================================>] 5.27MB/5.27MB
e34892d856ce: Loading layer [==================================================>] 5.928MB/5.928MB
ac5a22c6047d: Loading layer [==================================================>] 14.47MB/14.47MB
3d1ac12eb215: Loading layer [==================================================>] 29.29MB/29.29MB
394b4b2ea0fa: Loading layer [==================================================>] 22.02kB/22.02kB
bb0deb7416e0: Loading layer [==================================================>] 14.47MB/14.47MB
Loaded image: goharbor/notary-signer-photon:v2.4.1
c3b02aec560c: Loading layer [==================================================>] 8.422MB/8.422MB
4d5b3acd128e: Loading layer [==================================================>] 3.584kB/3.584kB
7afbf44c3706: Loading layer [==================================================>] 2.56kB/2.56kB
31f95ac6eb9a: Loading layer [==================================================>] 75.59MB/75.59MB
8981a12f5c17: Loading layer [==================================================>] 5.632kB/5.632kB
16eb0821dcc3: Loading layer [==================================================>] 96.26kB/96.26kB
b19eba29a0de: Loading layer [==================================================>] 11.78kB/11.78kB
f0785d2e9965: Loading layer [==================================================>] 76.49MB/76.49MB
26ce29b9d7ab: Loading layer [==================================================>] 2.56kB/2.56kB
Loaded image: goharbor/harbor-core:v2.4.1
59e3814aa5f1: Loading layer [==================================================>] 119.8MB/119.8MB
1e99e9cd580e: Loading layer [==================================================>] 3.072kB/3.072kB
2bab205001c7: Loading layer [==================================================>] 59.9kB/59.9kB
c51450af480c: Loading layer [==================================================>] 61.95kB/61.95kB
Loaded image: goharbor/redis-photon:v2.4.1
3636ff090145: Loading layer [==================================================>] 8.421MB/8.421MB
fa3d57c372c8: Loading layer [==================================================>] 3.584kB/3.584kB
a2c97825dcbf: Loading layer [==================================================>] 2.56kB/2.56kB
366b1363b528: Loading layer [==================================================>] 86.95MB/86.95MB
3d2fd6d13a0f: Loading layer [==================================================>] 87.74MB/87.74MB
Loaded image: goharbor/harbor-jobservice:v2.4.1
8f71cf8bc1c6: Loading layer [==================================================>] 5.275MB/5.275MB
5cb3457d8e25: Loading layer [==================================================>] 4.096kB/4.096kB
02c18fad9dc6: Loading layer [==================================================>] 17.32MB/17.32MB
7bbcea1ec44e: Loading layer [==================================================>] 3.072kB/3.072kB
f2842e1ada70: Loading layer [==================================================>] 28.69MB/28.69MB
4665575c3f9e: Loading layer [==================================================>] 46.81MB/46.81MB
Loaded image: goharbor/harbor-registryctl:v2.4.1
439595cfbbc0: Loading layer [==================================================>] 7.192MB/7.192MB
Loaded image: goharbor/nginx-photon:v2.4.1
a19de03ace6b: Loading layer [==================================================>] 5.27MB/5.27MB
35bbd4cf35b6: Loading layer [==================================================>] 5.928MB/5.928MB
88f852ebd746: Loading layer [==================================================>] 15.88MB/15.88MB
e3c0db81a28c: Loading layer [==================================================>] 29.29MB/29.29MB
f74e521b7a55: Loading layer [==================================================>] 22.02kB/22.02kB
7d97a705f439: Loading layer [==================================================>] 15.88MB/15.88MB
Loaded image: goharbor/notary-server-photon:v2.4.1
1e6473070b18: Loading layer [==================================================>] 124MB/124MB
f05c1a477d2d: Loading layer [==================================================>] 3.584kB/3.584kB
bcab3e00aa98: Loading layer [==================================================>] 3.072kB/3.072kB
970d569f474a: Loading layer [==================================================>] 2.56kB/2.56kB
c659c9812277: Loading layer [==================================================>] 3.072kB/3.072kB
9d401ff8bf07: Loading layer [==================================================>] 3.584kB/3.584kB
968dfed00d2e: Loading layer [==================================================>] 19.97kB/19.97kB
Loaded image: goharbor/harbor-log:v2.4.1
b64000a1cd2c: Loading layer [==================================================>] 1.097MB/1.097MB
e3fb7ac15701: Loading layer [==================================================>] 5.889MB/5.889MB
d6e7f8008582: Loading layer [==================================================>] 165.9MB/165.9MB
eff0812a8c6f: Loading layer [==================================================>] 15.07MB/15.07MB
91a6abd7a540: Loading layer [==================================================>] 4.096kB/4.096kB
47e875926154: Loading layer [==================================================>] 6.144kB/6.144kB
04876e025d4a: Loading layer [==================================================>] 3.072kB/3.072kB
b817a88114e6: Loading layer [==================================================>] 2.048kB/2.048kB
e5fb37021dff: Loading layer [==================================================>] 2.56kB/2.56kB
767486d5c318: Loading layer [==================================================>] 2.56kB/2.56kB
b92f2b842b46: Loading layer [==================================================>] 2.56kB/2.56kB
e90e3a7ea4e9: Loading layer [==================================================>] 8.704kB/8.704kB
Loaded image: goharbor/harbor-db:v2.4.1
daf3d38cddc8: Loading layer [==================================================>] 8.422MB/8.422MB
8013b2cbc0b9: Loading layer [==================================================>] 18.13MB/18.13MB
4445f5ea7083: Loading layer [==================================================>] 4.608kB/4.608kB
32e035f0af8e: Loading layer [==================================================>] 18.93MB/18.93MB
Loaded image: goharbor/harbor-exporter:v2.4.1
0ad72e88d766: Loading layer [==================================================>] 8.54MB/8.54MB
fe195f48d47b: Loading layer [==================================================>] 4.096kB/4.096kB
71f2671db231: Loading layer [==================================================>] 3.072kB/3.072kB
ddda0b4a8eae: Loading layer [==================================================>] 39.27MB/39.27MB
c3fe76027866: Loading layer [==================================================>] 12.37MB/12.37MB
d82a7403c39a: Loading layer [==================================================>] 52.43MB/52.43MB
Loaded image: goharbor/trivy-adapter-photon:v2.4.1
03e449493f09: Loading layer [==================================================>] 5.275MB/5.275MB
4f4a25c7cc0d: Loading layer [==================================================>] 64.5MB/64.5MB
77a37df05436: Loading layer [==================================================>] 3.072kB/3.072kB
47c58e48962d: Loading layer [==================================================>] 4.096kB/4.096kB
5dd56c28f3fc: Loading layer [==================================================>] 65.29MB/65.29MB
Loaded image: goharbor/chartmuseum-photon:v2.4.1
8b7cbddd8918: Loading layer [==================================================>] 165.6MB/165.6MB
b8157b6f7cb8: Loading layer [==================================================>] 57.6MB/57.6MB
4a53b9a92b30: Loading layer [==================================================>] 2.56kB/2.56kB
59184fc56c3c: Loading layer [==================================================>] 1.536kB/1.536kB
99431fe2c10f: Loading layer [==================================================>] 12.29kB/12.29kB
3735b7f4881f: Loading layer [==================================================>] 2.62MB/2.62MB
bcff3633b236: Loading layer [==================================================>] 325.6kB/325.6kB
Loaded image: goharbor/prepare:v2.4.1
eb57d0945b2e: Loading layer [==================================================>] 7.192MB/7.192MB
dd9069fd53a8: Loading layer [==================================================>] 7.355MB/7.355MB
e779dab1d180: Loading layer [==================================================>] 1.754MB/1.754MB
Loaded image: goharbor/harbor-portal:v2.4.1
4.2.5 创建tls证书
创建CA证书
1.生成CA证书私钥
cd /etc/pki
openssl genrsa -out ca.key 4096
Generating RSA private key, 4096 bit long modulus
.....................................................................................................................................++
..................................++
e is 65537 (0x10001)
2.创建 CA 证书
openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=CN/ST=GD/L=ShenZhen/O=example/OU=Personal/CN=hzde.com" \
-key ca.key \
-out ca.crt
创建 Harbor 证书
1.生成私钥
openssl genrsa -out harbor.key 4096
Generating RSA private key, 4096 bit long modulus
...................++
............................................................................................++
e is 65537 (0x10001)
2.创建证书颁发请求(CSR)
[!Note] CN要跟你的域名保持一致,不然docker login登录不上
openssl req -sha512 -new \
-subj "/C=CN/ST=GD/L=ShenZhen/O=example/OU=Personal/CN=harbor.hzde.com" \
-key harbor.key \
-out harbor.csr
3.创建 v3 扩展文件
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=harbor.hzde.com
DNS.2=harbor
IP.1=192.168.122.40
EOF
4.创建 Harbor 证书
openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in harbor.csr \
-out harbor.crt
将 harbor 证书拷贝到 /etc/harbor 下
mkdir -p /etc/harbor/ssl
cp harbor.crt harbor.key /etc/harbor/ssl/
4.2.6 修改 harbor 配置文件
cd /data/harbor
cp harbor.yml.tmpl harbor.yml
vim harbor.yml
...
hostname: harbor.hzde.com
...
https:
port: 443
certificate: /etc/harbor/ssl/harbor.crt
private_key: /etc/harbor/ssl/harbor.key
...
harbor_admin_password: Harbor12345 # Harbor登录密码,根据自己的需要进行修改
其他的配置项保持不变
4.2.7 启动服务
[!Note] 参数说明:
--with-notary:可保证镜像的真实性--with-trivy:漏洞扫描工具,之前是--with-clair--with-chartmuseum:启用chart仓库
./install.sh --with-notary --with-trivy --with-chartmuseum
安装详情
[Step 0]: checking if docker is installed ...
Note: docker version: 20.10.12
[Step 1]: checking docker-compose is installed ...
Note: docker-compose version: 1.18.0
[Step 2]: loading Harbor images ...
Loaded image: goharbor/registry-photon:v2.4.1
Loaded image: goharbor/notary-signer-photon:v2.4.1
Loaded image: goharbor/harbor-core:v2.4.1
Loaded image: goharbor/redis-photon:v2.4.1
Loaded image: goharbor/harbor-jobservice:v2.4.1
Loaded image: goharbor/harbor-registryctl:v2.4.1
Loaded image: goharbor/nginx-photon:v2.4.1
Loaded image: goharbor/notary-server-photon:v2.4.1
Loaded image: goharbor/harbor-log:v2.4.1
Loaded image: goharbor/harbor-db:v2.4.1
Loaded image: goharbor/harbor-exporter:v2.4.1
Loaded image: goharbor/trivy-adapter-photon:v2.4.1
Loaded image: goharbor/chartmuseum-photon:v2.4.1
Loaded image: goharbor/prepare:v2.4.1
Loaded image: goharbor/harbor-portal:v2.4.1
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /data/harbor
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
Generated and saved secret to file: /data/secret/keys/secretkey
Successfully called func: create_root_cert
Successfully called func: create_root_cert
Successfully called func: create_cert
Copying certs for notary signer
Copying nginx configuration file for notary
Generated configuration file: /config/nginx/conf.d/notary.upstream.conf
Generated configuration file: /config/nginx/conf.d/notary.server.conf
Generated configuration file: /config/notary/server-config.postgres.json
Generated configuration file: /config/notary/server_env
Generated and saved secret to file: /data/secret/keys/defaultalias
Generated configuration file: /config/notary/signer_env
Generated configuration file: /config/notary/signer-config.postgres.json
Creating harbor-log ... done
Generated configuration file: /config/chartserver/env
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Creating redis ... done
Creating harbor-db ... done
Creating network "harbor_harbor" with the default driver
Creating notary-signer ... done
Creating harbor-core ... done
Creating network "harbor_notary-sig" with the default driver
Creating nginx ... done
Creating harbor-db ...
Creating harbor-portal ...
Creating registry ...
Creating chartmuseum ...
Creating redis ...
Creating registryctl ...
Creating trivy-adapter ...
Creating notary-signer ...
Creating harbor-core ...
Creating notary-server ...
Creating harbor-jobservice ...
Creating nginx ...
✔ ----Harbor has been installed and started successfully.----
4.2.8 检查服务运行状态
docker ps -a
输出如下
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
631e2cf70ce3 goharbor/nginx-photon:v2.4.1 "nginx -g 'daemon of…" 39 seconds ago Up 36 seconds (healthy) 0.0.0.0:4443->4443/tcp, :::4443->4443/tcp, 0.0.0.0:80->8080/tcp, :::80->8080/tcp, 0.0.0.0:443->8443/tcp, :::443->8443/tcp nginx
6858728f0599 goharbor/harbor-jobservice:v2.4.1 "/harbor/entrypoint.…" 39 seconds ago Up 37 seconds (healthy) harbor-jobservice
3d36ad387caf goharbor/notary-server-photon:v2.4.1 "/bin/sh -c 'migrate…" 39 seconds ago Up 37 seconds notary-server
86dcc41a934b goharbor/harbor-core:v2.4.1 "/harbor/entrypoint.…" 41 seconds ago Up 39 seconds (healthy) harbor-core
d268b926f15c goharbor/notary-signer-photon:v2.4.1 "/bin/sh -c 'migrate…" 41 seconds ago Up 39 seconds notary-signer
118f3c2c06da goharbor/trivy-adapter-photon:v2.4.1 "/home/scanner/entry…" 41 seconds ago Up 39 seconds (healthy) trivy-adapter
514d5087fa3f goharbor/harbor-registryctl:v2.4.1 "/home/harbor/start.…" 44 seconds ago Up 41 seconds (healthy) registryctl
63183394cec8 goharbor/redis-photon:v2.4.1 "redis-server /etc/r…" 44 seconds ago Up 41 seconds (healthy) redis
1e39c7017cdd goharbor/registry-photon:v2.4.1 "/home/harbor/entryp…" 44 seconds ago Up 41 seconds (healthy) registry
537de07bc143 goharbor/harbor-portal:v2.4.1 "nginx -g 'daemon of…" 44 seconds ago Up 42 seconds (healthy) harbor-portal
5f550dc9c27b goharbor/chartmuseum-photon:v2.4.1 "./docker-entrypoint…" 44 seconds ago Up 42 seconds (healthy) chartmuseum
0097e262713c goharbor/harbor-db:v2.4.1 "/docker-entrypoint.…" 44 seconds ago Up 41 seconds (healthy) harbor-db
1f6ec0ba6db2 goharbor/harbor-log:v2.4.1 "/bin/sh -c /usr/loc…" 44 seconds ago Up 43 seconds (healthy) 127.0.0.1:1514->10514/tcp harbor-log
全部为 Up,并且为 Healthy 说明运行没有问题
4.2.8.1 docker 登录验证
添加 hosts
echo '192.168.122.40 harbor.hzde.com' >> /etc/hosts
登录 harbor 有 2 种方式
1.为
docker添加私有证书
mkdir /etc/docker/certs.d/harbor.hzde.com/ -p
cp /etc/harbor/ssl/harbor.crt /etc/docker/certs.d/harbor.hzde.com/ca.crt
2.将
harbor添加到insecure-registries中
vim /etc/docker/daemon.json
...
"insecure-registries": ["harbor.hzde.com"]
...
登录 harbor
docker login harbor.hzde.com -u admin -p Harbor12345
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
4.2.8.2 Harbor 控制台登录
先修改 hosts,增加一条192.168.122.40 harbor.hzde.com,然后通过浏览器访问:https://harbor.hzde.com,默认用户名:admin,默认密码:Harbor12345,密码可以在harbor.yml中修改。
4.2.9 测试推送镜像到私有仓库
下载镜像
docker pull nginx:1.20.2-alpine
1.20.2-alpine: Pulling from library/nginx
97518928ae5f: Pull complete
a15dfa83ed30: Pull complete
acae0b19bbc1: Pull complete
fd4282442678: Pull complete
b521ea0d9e3f: Pull complete
b3282d03aa58: Pull complete
Digest: sha256:74694f2de64c44787a81f0554aa45b281e468c0c58b8665fafceda624d31e556
Status: Downloaded newer image for nginx:1.20.2-alpine
docker.io/library/nginx:1.20.2-alpine
打 tag
docker tag nginx:1.20.2-alpine harbor.hzde.com/library/nginx:1.20.2-alpine
推送镜像到仓库
docker push harbor.hzde.com/library/nginx:1.20.2-alpine
The push refers to repository [harbor.hzde.com/library/nginx]
6f44c5b5d074: Pushed
002fcf848e67: Pushed
e419fa208fe1: Pushed
112ee9c2903a: Pushed
68e5252d0d33: Pushed
1a058d5342cc: Pushed
1.20.2-alpine: digest: sha256:f6609f898bcdad15047629edc4033d17f9f90e2339fb5ccb97da267f16902251 size: 1568
4.2.10 kubernetes 使用私有仓库
方法一
1.在每台 node 节点添加 hosts
echo '192.168.122.40 harbor.hzde.com' >> /etc/hosts
2.在每台 node 节点上将 harbor 的证书拷贝
mkdir /etc/docker/certs.d/harbor.hzde.com -p
scp root@harbor.hzde.com:/etc/harbor/ssl/harbor.crt /etc/docker/certs.d/harbor.hzde.com/ca.crt
3.执行 docker login
docker login harbor.hzde.com
方法二(推荐)
1.在每台 node 节点添加 hosts
echo '192.168.122.40 harbor.hzde.com' >> /etc/hosts
2.在每台 node 节点上将 harbor 的证书拷贝
mkdir /etc/docker/certs.d/harbor.hzde.com -p
scp root@harbor.hzde.com:/etc/harbor/ssl/harbor.crt /etc/docker/certs.d/harbor.hzde.com/ca.crt
3.创建 secret
kubectl create secret docker-registry my-harbor --docker-server=harbor.hzde.com --docker-username=admin --docker-password=Harbor12345
secret/my-harbor created
4.1.在 yaml 中指定 imagePullSecrets
image: harbor.hzde.com/library/nginx:alpine
imagePullSecrets:
- name: my-harbor
4.2.在 serviceaccount 中绑定
kubectl patch sa default -p '{"imagePullSecrets":[{"name":"my-harbor"}]}'
serviceaccount/default patched
kubectl get sa default -ojsonpath='{.imagePullSecrets[0].name}'
my-harbor
4.3测试
kubectl create deploy nginx --image=harbor.hzde.com/library/nginx:alpine
deployment.apps/nginx created
kubectl get po -l app=nginx
NAME READY STATUS RESTARTS AGE
nginx-5bc9dd7946-ggczh 1/1 Running 0 64s
4.2.11 harbor-chart 使用
自行制作或者从其他 chart 仓库下载 chart
下载 chart
搜索
helm search repo redis
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/redis 16.2.1 6.2.6 Open source, advanced key-value store. It is of...
bitnami/redis-cluster 7.2.1 6.2.6 Open source, advanced key-value store. It is of...
下载
helm fetch bitnami/redis --version 16.2.1
执行完之后得到 redis-16.2.1.tgz 文件
上传 chart
可以通过网页上传或者 curl 进行 post 上传
curl -k -u "admin:Harbor12345" -X POST https://harbor.hzde.com/api/chartrepo/library/charts -F "chart=@redis-16.2.1.tgz"
{"saved":true}
添加 harbor-chart 仓库
1.添加 chart
scp harbor.hzde.com:/etc/pki/{ca.crt,harbor.crt,harbor.key} /etc/pki/
helm repo add --ca-file /etc/pki/ca.crt --cert-file /etc/pki/harbor.crt --key-file /etc/pki/harbor.key --username admin --password Harbor12345 my-harbor https://harbor.hzde.com/chartrepo/library
"my-harbor" has been added to your repositories
2.更新 repo
helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "my-harbor" chart repository
...Successfully got an update from the "bitnami" chart repository
Update Complete. ⎈Happy Helming!⎈
3.查找上传的 chart
helm search repo redis
NAME CHART VERSION APP VERSION DESCRIPTION
bitnami/redis 16.2.1 6.2.6 Open source, advanced key-value store. It is of...
bitnami/redis-cluster 7.2.1 6.2.6 Open source, advanced key-value store. It is of...
my-harbor/redis 16.2.1 6.2.6 Open source, advanced key-value store. It is of...
看到已经能搜索到 my-harbor/redis 这个 chart
4.安装 chart
helm install my-harbor/redis --generate-name
NAME: redis-1643445471
LAST DEPLOYED: Sat Jan 29 16:37:55 2022
NAMESPACE: monitoring
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: redis
CHART VERSION: 16.2.1
APP VERSION: 6.2.6
** Please be patient while the chart is being deployed **
Redis™ can be accessed on the following DNS names from within your cluster:
redis-1643445471-master.monitoring.svc.cluster.local for read/write operations (port 6379)
redis-1643445471-replicas.monitoring.svc.cluster.local for read-only operations (port 6379)
To get your password run:
export REDIS_PASSWORD=$(kubectl get secret --namespace monitoring redis-1643445471 -o jsonpath="{.data.redis-password}" | base64 --decode)
To connect to your Redis™ server:
1. Run a Redis™ pod that you can use as a client:
kubectl run --namespace monitoring redis-client --restart='Never' --env REDIS_PASSWORD=$REDIS_PASSWORD --image docker.io/bitnami/redis:6.2.6-debian-10-r103 --command -- sleep infinity
Use the following command to attach to the pod:
kubectl exec --tty -i redis-client \
--namespace monitoring -- bash
2. Connect using the Redis™ CLI:
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-1643445471-master
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h redis-1643445471-replicas
To connect to your database from outside the cluster execute the following commands:
kubectl port-forward --namespace monitoring svc/redis-1643445471-master : &
REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p
4.2.12 helm 安装 harbor
个人建议还是将 harbor 部署在单独的服务器上
# 添加helm仓库
helm repo add harbor https://helm.goharbor.io
"harbor" has been added to your repositories
# 安装chart
helm install harbor harbor/harbor
# 暴露给外部使用
kubectl patch svc harbor-harbor-portal -p '{"spec":{"type":"NodePort"}}'
# 自定义安装harbor
helm fetch harbor/harbor --untar
cd harbor
# 根据实际情况修改values.yaml
helm install --name harbor ./ -f values.yaml
或者通过 --set 指定参数进行安装
harbor 安装的时候需要用到存储类,如果没有安装可以参考 2.9 安装 ceph-rbd 存储类 StorageClass
kubectl create namespace devops
helm install harbor harbor/harbor \
--set expose.type=loadBalancer \
--set expose.tls.enabled=true \
--set expose.tls.auto.commonName=harbor.hzde.com \
--set externalURL=https://harbor.hzde.com \
--set imagePullPolicy=IfNotPresent \
--set harborAdminPassword=Harbor12345 \
--set chartmuseum.enabled=false \
-n devops
输出如下
NAME: harbor
LAST DEPLOYED: Sat Jan 29 16:47:15 2022
NAMESPACE: devops
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at https://harbor.hzde.com
For more details, please visit https://github.com/goharbor/harbor
检查安装
kubectl get po -n devops
NAME READY STATUS RESTARTS AGE
harbor-core-d556b74c8-bnsg5 1/1 Running 4 (2m2s ago) 7m29s
harbor-database-0 1/1 Running 0 7m29s
harbor-jobservice-796b7777b4-7sz2c 0/1 Running 4 (68s ago) 7m29s
harbor-nginx-67658bd774-gkn2c 1/1 Running 0 7m29s
harbor-notary-server-7bd4777c6-hkfbc 1/1 Running 1 (6m50s ago) 7m29s
harbor-notary-signer-67974559cc-czpxd 1/1 Running 1 (6m53s ago) 7m29s
harbor-portal-5598f9d6db-vmb6p 1/1 Running 0 7m29s
harbor-redis-0 1/1 Running 0 7m29s
harbor-registry-5db9c77d44-5jmz7 2/2 Running 0 7m29s
harbor-trivy-0 1/1 Running 0 7m29s
kubectl get svc -n devops
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
harbor LoadBalancer 10.101.230.45 192.168.122.196 80:31701/TCP,443:32576/TCP,4443:31081/TCP 7m35s
harbor-core ClusterIP 10.97.22.114 <none> 80/TCP 7m36s
harbor-database ClusterIP 10.100.14.62 <none> 5432/TCP 7m36s
harbor-jobservice ClusterIP 10.100.238.141 <none> 80/TCP 7m36s
harbor-notary-server ClusterIP 10.99.24.250 <none> 4443/TCP 7m37s
harbor-notary-signer ClusterIP 10.111.45.90 <none> 7899/TCP 7m37s
harbor-portal ClusterIP 10.97.136.198 <none> 80/TCP 7m37s
harbor-redis ClusterIP 10.101.36.168 <none> 6379/TCP 7m36s
harbor-registry ClusterIP 10.106.188.110 <none> 5000/TCP,8080/TCP 7m37s
harbor-trivy ClusterIP 10.107.236.37 <none> 8080/TCP 7m38s
在需要登录的电脑上配置 hosts:192.168.122.196 harbor.hzde.com,然后打开浏览器,输入 https://harbor.hzde.com 进行访问,默认用户名 admin ,默认密码 Harbor12345