helm-harbor 的 GitHub 地址: https://github.com/goharbor/harbor-helm
修改 values.YAML 文件
- expose:
- type: ingress
- tls:
- enabled: false ### 改成 false
- secretName: "" notarySecretName:""
- commonName: ""
- ingress:
- hosts:
- core: fana.harbor ##
- notary: notary.harbor ##
- controller: default
- annotations:
- ingress.kubernetes.io/ssl-redirect: "false" ##
- ingress.kubernetes.io/proxy-body-size: "0"
- nginx.ingress.kubernetes.io/ssl-redirect: "false" ##
- nginx.ingress.kubernetes.io/proxy-body-size: "0"
- clusterIP:
- name: harbor
- ports:
- httpPort: 80
- httpsPort: 443
- notaryPort: 4443
- nodePort:
- name: harbor
- ports:
- http:
- port: 80
- nodePort: 30002
- https:
- port: 443
- nodePort: 30003
- notary:
- port: 4443
- nodePort: 30004
- loadBalancer:
- name: harbor
- IP: ""
- ports:
- httpPort: 80
- httpsPort: 443
- notaryPort: 4443
- annotations: {}
- sourceRanges: []
- externalURL: http://fana.harbor ##
- persistence:
- enabled: true
- resourcePolicy: "keep"
- persistentVolumeClaim:
- registry:
- existingClaim: "harbor-pvc" ##pvc
- storageClass: "" subPath:"registry" ##
- accessMode: ReadWriteOnce
- size: 5Gi
- chartmuseum:
- existingClaim: "harbor-pvc" ##
- storageClass: "" subPath:"chartmuseum" ##
- accessMode: ReadWriteOnce
- size: 5Gi
- jobservice:
- existingClaim: "harbor-pvc" ##
- storageClass: "" subPath:"jobservice" ##
- accessMode: ReadWriteOnce
- size: 1Gi
- database:
- existingClaim: "harbor-pvc" ##
- storageClass: "" subPath:"database" ##
- accessMode: ReadWriteOnce
- size: 1Gi
- Redis:
- existingClaim: "harbor-pvc" ##
- storageClass: "" subPath:"redis" ##
- accessMode: ReadWriteOnce
- size: 1Gi
- imageChartStorage:
- disableredirect: false
- type: filesystem
- filesystem:
- rootdirectory: /storage
- azure:
- accountname: accountname
- accountkey: base64encodedaccountkey
- container: containername
- gcs:
- bucket: bucketname
- encodedkey: base64-encoded-JSON-key-file
- s3:
- region: us-west-1
- bucket: bucketname
- swift:
- authurl: https://storage.myprovider.com/v3/auth
- username: username
- password: password
- container: containername
- oss:
- accesskeyid: accesskeyid
- accesskeysecret: accesskeysecret
- region: regionname
- bucket: bucketname
- imagePullPolicy: IfNotPresent
- imagePullSecrets:
- updateStrategy:
- type: RollingUpdate
- logLevel: info
- harborAdminPassword: "Harbor12345" ## 密码
- secretKey: "not-a-secure-key"
- proxy:
- httpProxy:
- httpsProxy:
- noProxy: 127.0.0.1,localhost,.local,.internal
- components:
- - core
- - jobservice
- - clair
- nginx:
- image:
- repository: goharbor/nginx-photon
- tag: v1.9.3
- replicas: 1
- nodeSelector: {}
- tolerations: []
- affinity: {}
- podAnnotations: {}
- portal:
- image:
- repository: goharbor/harbor-portal
- tag: v1.9.3
- replicas: 1
- nodeSelector: {}
- tolerations: []
- affinity: {}
- podAnnotations: {}
- core:
- image:
- repository: goharbor/harbor-core
- tag: v1.9.3
- replicas: 1
- livenessProbe:
- initialDelaySeconds: 300
- nodeSelector: {}
- tolerations: []
- affinity: {}
- podAnnotations: {}
- secret: "" secretName:""
- xsrfKey: ""
- jobservice:
- image:
- repository: goharbor/harbor-jobservice
- tag: v1.9.3
- replicas: 1
- maxJobWorkers: 10
- jobLogger: file
- nodeSelector: {}
- tolerations: []
- affinity: {}
- podAnnotations: {}
- secret: ""
- registry:
- registry:
- image:
- repository: goharbor/registry-photon
- tag: v2.7.1-patch-2819-2553-v1.9.3
- controller:
- image:
- repository: goharbor/harbor-registryctl
- tag: v1.9.3
- replicas: 1
- nodeSelector: {}
- tolerations: []
- affinity: {}
- podAnnotations: {}
- secret: ""
- relativeurls: false
- middleware:
- enabled: false
- type: cloudFront
- cloudFront:
- baseurl: example.cloudfront.NET
- keypairid: KEYPAIRID
- duration: 3000s
- ipfilteredby: none
- privateKeySecret: "my-secret"
- chartmuseum:
- enabled: true
- absoluteUrl: false
- image:
- repository: goharbor/chartmuseum-photon
- tag: v0.9.0-v1.9.3
- replicas: 1
- nodeSelector: {}
- tolerations: []
- affinity: {}
- podAnnotations: {}
- clair:
- enabled: true
- clair:
- image:
- repository: goharbor/clair-photon
- tag: v2.1.0-v1.9.3
- adapter:
- image:
- repository: goharbor/clair-adapter-photon
- tag: dev
- replicas: 1
- updatersInterval: 12
- nodeSelector: {}
- tolerations: []
- affinity: {}
- podAnnotations: {}
- notary:
- enabled: true
- server:
- image:
- repository: goharbor/notary-server-photon
- tag: v0.6.1-v1.9.3
- replicas: 1
- signer:
- image:
- repository: goharbor/notary-signer-photon
- tag: v0.6.1-v1.9.3
- replicas: 1
- nodeSelector: {}
- tolerations: []
- affinity: {}
- podAnnotations: {}
- secretName: ""
- database:
- type: internal
- internal:
- image:
- repository: goharbor/harbor-db
- tag: v1.9.3
- initContainerImage:
- repository: busybox
- tag: latest
- password: "changeit"
- nodeSelector: {}
- tolerations: []
- affinity: {}
- external:
- host: "192.168.0.1"
- port: "5432"
- username: "user"
- password: "password"
- coreDatabase: "registry"
- clairDatabase: "clair"
- notaryServerDatabase: "notary_server"
- notarySignerDatabase: "notary_signer"
- sslmode: "disable"
- maxIdleConns: 50
- maxOpenConns: 100
- podAnnotations: {}
- Redis:
- type: internal
- internal:
- image:
- repository: goharbor/Redis-photon
- tag: v1.9.3
- nodeSelector: {}
- tolerations: []
- affinity: {}
- external:
- host: "192.168.0.2"
- port: "6379"
- coreDatabaseIndex: "0"
- jobserviceDatabaseIndex: "1"
- registryDatabaseIndex: "2"
- chartmuseumDatabaseIndex: "3"
- clairAdapterIndex: "4"
- password: ""
- podAnnotations: {}
创建 pvc
- cat <<EOF> harbor-pvc.YAML
- kind: PersistentVolumeClaim
- apiVersion: v1
- metadata:
- name: harbor-pvc
- namespace: devops
- labels:
- App: GitLab
- spec:
- storageClassName: glusterfs
- accessModes:
- - ReadWriteMany
- resources:
- requests:
- storage: 20Gi
- EOF
- ## kubectl apply -f harbor-pvc.YAML #创建 PVC
- ## kubectl get pvc -n devops
- NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
- harbor-pvc Bound pvc-ef9c2335-2dd3-11ea-afe5-000c29f27a97 20Gi RWX glusterfs 1m
- ## helm install paas harbor-helm-master -n devops #安装
- ## helm uninstall paas -n devops ##### 卸载 #####
- ## kubectl get pod -n devops
- paas-harbor-chartmuseum-68b6858c7f-rkddt 1/1 Running 0 4m
- paas-harbor-clair-68d5d45b9d-d4m9n 2/2 Running 0 4m
- paas-harbor-core-76fbcbff9d-rksng 1/1 Running 1 4m
- paas-harbor-database-0 1/1 Running 1 4m
- paas-harbor-jobservice-869bcb9659-6sq8p 1/1 Running 1 4m
- paas-harbor-notary-server-5d87b9f64-s9n6m 1/1 Running 1 4m
- paas-harbor-notary-signer-5c9c95b4-kkxv2 1/1 Running 1 4m
- paas-harbor-portal-5c8664f669-8nbnw 1/1 Running 0 4m
- paas-harbor-Redis-0 1/1 Running 1 4m
- paas-harbor-registry-9465f5556-5s47k 2/2 Running 0 4m
验证
- ## 在每个 node 机器上写上 hosts
- cat <<EOF>> /etc/hosts
- 192.168.10.11 fana.harbor ## 写本机的 IP 地址
- EOF
- ## 浏览器登录 http://fana.harbor, 创建个项目
- ## 配置 / etc/docker/daemon.JSON
- cat <<EOF> /etc/docker/daemon.JSON
- {
- "log-driver": "journald",
- "log-opts": {
- "mode": "non-blocking",
- "max-buffer-size": "8m"
- },
- "data-root": "/data/docker/containerd",
- "insecure-registries": [
- "fana.harbor:80", ###harbor 的地址
- "fana.harbor"
- ]
- }
- overlay2
- {
- "storage-driver": "overlay2",
- "storage-opts": "overlay2.override_kernel_check=true",
- "log-driver": "journald",
- "log-opts": {
- "mode": "non-blocking",
- "max-buffer-size": "8m"
- },
- "data-root": "/data/docker/containerd",
- "insecure-registries": [
- "fana.harbor:80",
- "fana.harbor"
- ]
- }
- EOF
- ## 重启 docker
- systemctl restart docker
- ## 登录 harbor
- #### docker login -u admin -p Harbor12345 fana.harbor
- WARNING! Using --password via the CLI is insecure. Use --password-stdin.
- WARNING! Your password will be stored unencrypted in /root/.docker/config.JSON.
- Configure a credential helper to remove this warning. See
- https://docs.docker.com/engine/reference/commandline/login/#credentials-store
- Login Succeeded
- #### docker login -u admin -p Harbor12345 fana.harbor:80
- ## push 镜像
- #### docker push fana.harbor/base/pause-amd64:3.1
- The push refers to repository [fana.harbor/base/pause-amd64]
- e17133b79956: Layer already exists
- 3.1: digest: sha256:113e218ad463746a4b7608d3f7cef72e6ab01d0c06bad2ab7265497fba92cf9c size: 527
- ## pull 镜像
- #### docker pull fana.harbor/base/pause-amd64:3.1
- 3.1: Pulling from base/pause-amd64
- Digest: sha256:113e218ad463746a4b7608d3f7cef72e6ab01d0c06bad2ab7265497fba92cf9c
- Status: Downloaded newer image for fana.harbor/base/pause-amd64:3.1
- fana.harbor/base/pause-amd64:3.1
来源: http://www.bubuko.com/infodetail-3363471.html