kubernetes环境下harbor安装

wls1036

介绍

harbor支持docker compose和helm两种方式进行安装,一般情况下如果是kubernetes运行环境推荐用helm进行安装,如果是纯docker环境建议用docker compose进行安装,本次安装使用helm进行安装,安装版本为v2.2.1

创建命名空间

harbor包含服务较多,建议单独创建命名空间进行安装,便于后续的管理

apiVersion: v1
kind: Namespace
metadata:
  name: harbor
  labels:
    name: harbor

另存为harbor-namespace.yaml文件,并执行kubectl apply -f harbor-namespace.yaml命令进行创建

创建共享目录

目录必须创建在共享存储的介质上面,比如NFS等

mkdir -p /u02/appdata/harbor/registry
mkdir -p /u02/appdata/harbor/chartmuseum
mkdir -p /u02/appdata/harbor/jobservice
mkdir -p /u02/appdata/harbor/database
mkdir -p /u02/appdata/harbor/redis
mkdir -p /u02/appdata/harbor/trivy
chmod 777 /u02/appdata/harbor/registry
chmod 777 /u02/appdata/harbor/chartmuseum
chmod 777 /u02/appdata/harbor/jobservice
chmod 777 /u02/appdata/harbor/database
chmod 777 /u02/appdata/harbor/redis
chmod 777 /u02/appdata/harbor/trivy

创建PV PVC

PV根据实际情况进行创建,这里直接创建本地目录PV,通过PVC进行绑定关联

apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-registry-pv"
  labels:
    name: harbor-registry-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/registry
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-chartmuseum-pv"
  labels:
    name: harbor-chartmuseum-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/chartmuseum
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-jobservice-pv"
  labels:
    name: harbor-jobservice-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/jobservice
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-database-pv"
  labels:
    name: harbor-database-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/database
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-redis-pv"
  labels:
    name: harbor-redis-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/redis
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-trivy-pv"
  labels:
    name: harbor-trivy-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/trivy
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-registry-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-registry-pv
      release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-chartmuseum-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-chartmuseum-pv
      release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-jobservice-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-jobservice-pv
      release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-database-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-database-pv
      release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-redis-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-redis-pv
      release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-trivy-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-trivy-pv
      release: stable

另存为harbor-pv.yaml文件,并执行kubectl apply -f harbor-pv.yaml命令进行创建

helm安装

  • 下载helm

从helm的gitlab仓库根据平台下载最新版本helm安装包,本次使用的是Helm v3.5.4

  • 将安装包上传至服务器
[root]
tar -xvf helm-v3.5.4-linux-amd64.tar.gz
cp linux-amd64/helm /usr/local/bin
$ helm version
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rke/.kube/config
version.BuildInfo{Version:"v3.5.4", GitCommit:"1b5edb69df3d3a08df77c9902dc17af864ff05d1", GitTreeState:"clean", GoVersion:"go1.15.11"}
  • 下载harbor Chart
helm repo add harbor https://helm.goharbor.io
helm fetch harbor/harbor --untar
cd harbor
$ ls -l
drwxr-xr-x  2 rke rke  4096 5月   3 12:44 cert
-rw-r--r--  1 rke rke   576 5月   3 12:44 Chart.yaml
drwxr-xr-x  2 rke rke  4096 5月   3 12:44 conf
-rw-r--r--  1 rke rke 11357 5月   3 12:44 LICENSE
-rw-r--r--  1 rke rke 73049 5月   3 12:44 README.md
drwxr-xr-x 15 rke rke  4096 5月   3 12:44 templates
-rw-r--r--  1 rke rke 25565 5月   3 15:54 values.yaml
  • 编辑values.yaml文件
## 1. 配置访问地址
ingress:
    hosts:
      core: harbor.xxx.com
      notary: notary.xxx.com
## 2. 配置访问地址
externalURL: https://harbor.xxx.com
## 3. 配置pvc
persistence:
  enabled: true
  resourcePolicy: "keep"
  persistentVolumeClaim:
    registry:
      existingClaim: "harbor-registry-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    chartmuseum:
      existingClaim: "harbor-chartmuseum-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      existingClaim: "harbor-jobservice-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    # If external database is used, the following settings for database will
    # be ignored
    database:
      existingClaim: "harbor-database-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    # If external Redis is used, the following settings for Redis will
    # be ignored
    redis:
      existingClaim: "harbor-redis-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    trivy:
      existingClaim: "harbor-trivy-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
 # 配置harbor管理员密码
 harborAdminPassword: "Harbor12345"
  • 离线问题解决

helm需要从远程仓库下载chart配置信息,如果安装服务器无法连接外网,可以在外网先下载好配置信息再上传至服务器

  • 安装harbor
helm install harbor . --namespace harbor

初次安装时间会稍微长些,因为后台在下载镜像,如果所有的服务都running说明安装成功

$ kubectl get pods -n harbor
NAME                                           READY   STATUS    RESTARTS   AGE
harbor-harbor-chartmuseum-5cf6f98675-l9rrc     1/1     Running   0          18m
harbor-harbor-core-6d9c598549-6ln2r            1/1     Running   1          18m
harbor-harbor-database-0                       1/1     Running   0          18m
harbor-harbor-jobservice-6446db544f-thwx9      1/1     Running   1          18m
harbor-harbor-notary-server-657f4cfcd4-c2cxs   1/1     Running   2          18m
harbor-harbor-notary-signer-8dbf9794b-kdx8r    1/1     Running   2          18m
harbor-harbor-portal-5f46795dc7-dwmj8          1/1     Running   0          18m
harbor-harbor-redis-0                          1/1     Running   0          18m
harbor-harbor-registry-cb4c66c75-bb8bm         2/2     Running   0          18m
harbor-harbor-trivy-0                          1/1     Running   0          18m

配置访问地址

harbor通过Ingress进行访问,Ingerss访问地址就是上面配置的externalURL

$ kubectl get ing -n harbor
NAME                           HOSTS                   ADDRESS                  
harbor-harbor-ingress          harbor.xxx.com   10.116.2.108,10.116.2.111
harbor-harbor-ingress-notary   notary.xxx.com   10.116.2.108,10.116.2.111

如果是本地测试,需要将地址加入本地hosts文件,通过浏览器即可访问,如果是正式系统需要加入企业内部dns域名系统中进行解析

阅读 1.3k

yaya平台
记录yaya平台技术细节

幸福是奋斗出来的

249 声望
72 粉丝
0 条评论
你知道吗?

幸福是奋斗出来的

249 声望
72 粉丝
文章目录
宣传栏