kubernetes 案例：基于 Helm 部署 Harbor

 

 

kubernetes 案例：基于 Helm 部署 Harbor

 

https://goharbor.cn/docs/2.13.0/install-config/harbor-ha-helm/
https://artifacthub.io/packages/helm/harbor/harbor

实现流程
使用helm将harbor部署到kubernetes集群
使用ingress发布到集群外部
使用 PVC 持久存储

 

范例：默认安装

#安装前准备
#ingress controller 基于nginx实现
#metallb
#SC名称为sc-nfs，并设为默认的SC

 

[root@master1 ~]# kubectl get sc
NAME               PROVISIONER                                   RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
sc-nfs (default)   k8s-sigs.io/nfs-subdir-external-provisioner   Delete          Immediate           false                  6d7h

 

[root@master1 ~]# kubectl get ingressclasses.networking.k8s.io  
NAME    CONTROLLER             PARAMETERS   AGE
nginx   k8s.io/ingress-nginx   <none>       4d19h

 

#添加仓库配置

helm repo add harbor https://helm.goharbor.io

helm repo list

#在repo中搜索

helm search repo harbor

#下载Chart，查看内容

helm pull harbor/harbor

[root@master1 helm]# ls -l harbor-1.19.1.tgz  
-rw-r--r-- 1 root root 54222 May 30 22:51 harbor-1.19.1.tgz

 

tar tf harbor-1.19.1.tgz 

#使用默认安装，第一个harbor表示repo仓库名，第二个harbor表示chart名,此方式如果没有配置默认的
SC,会因为缺少持久化存储配置导致pending

helm install myharbor harbor/harbor

#修改ingressClass

kubectl edit ingress myharbor-ingress 

spec: #添加下面一行ingressClassName: nginx

 

[root@master1 helm]# kubectl get ingress    
NAME               CLASS   HOSTS                ADDRESS        PORTS     AGE
myharbor-ingress   nginx   core.harbor.domain   192.168.3.10   80, 443   94s

 

#域名解析core.harbor.domain --> 192.168.3.10

 

#默认值，用户名密码admin/Harbor12345
#浏览器访问默认域名

https://core.harbor.domain/

 

#卸载

helm uninstall myharbor

 

范例：定制安装

#安装前准备
#ingress controller 基于nginx实现
#metallb
#SC名称为sc-nfs

 

#定制配置
#生成配置文件

helm show values harbor/harbor > harbor-values.yaml

#修改配置文件

vim harbor-values.yaml

 

expose:type: ingresstls:  enabled: true    certSource: autoingress:  hosts:    core: harbor.ming.org     #指定harbor访问的域名    notary: notary.org   #公证人，用于Docker image 签名和认证，开发者在发布镜像后
使用 Notary 进行签名，并发布签名信息。运维团队在拉取镜像时使用 Notary 来验证镜像的签名，确保其
没有被篡改  controller: default  className: "nginx"                      #新版用法，添加此行，指定ingress  annotations:     kubernetes.io/ingress.class: "nginx"  #添加此行，指定ingress，旧版使用
ipFamily:ipv4:  enabled: trueipv6:  enabled: false
externalURL: https://harbor.ming.org   #指定harbor访问的域名,和前面域名要一致
# 持久化存储配置部分，如果设置storageclass是默认值，下面可不修改
persistence:enabled: true resourcePolicy: "keep"persistentVolumeClaim:                # 定义Harbor各个组件的PVC持久卷  registry:                           # registry组件（持久卷）    storageClass: "sc-nfs"            # 前面创建的StorageClass，其它组件同样配置,如
果设置默认storageClass，可以不用配置    accessMode: ReadWriteMany         # 卷的访问模式，需要修改为ReadWriteMany    size: 5Gi  chartmuseum:                        # chartmuseum组件（持久卷）    storageClass: "sc-nfs"    accessMode: ReadWriteMany    size: 5Gi  jobservice:    jobLog:      storageClass: "sc-nfs"         #如果设置默认storageClass，可以不用配置      accessMode: ReadWriteOnce      size: 1Gi    scanDataExports:      storageClass: "sc-nfs"      accessMode: ReadWriteOnce      size: 1Gi  database:                            # PostgreSQl数据库组件    storageClass: "sc-nfs"             #如果设置默认storageClass，可以不用配置    accessMode: ReadWriteMany    size: 2Gi  redis:    # Redis缓存组件    storageClass: "sc-nfs"           #如果设置默认storageClass，可以不用配置    accessMode: ReadWriteMany    size: 2Gi  trivy:         # Trity漏洞扫描    storageClass: "sc-nfs"           #如果设置默认storageClass，可以不用配置    accessMode: ReadWriteMany    size: 1Gi
harborAdminPassword: "123456"

 

#创建名称空间(可选)

kubectl create namespace harbor

 

#安装Harbor,指定release为myharbor,可以自动创建namespace

helm install myharbor -f harbor-values.yaml harbor/harbor -n harbor --create-namespace
#查看

helm list -n harbor

 

[root@master1 helm]# kubectl get svc -n harbor
NAME                  TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
myharbor-core         ClusterIP   10.101.229.163   <none>        80/TCP              3m2s
myharbor-database     ClusterIP   10.110.223.99    <none>        5432/TCP            3m2s
myharbor-jobservice   ClusterIP   10.99.18.34      <none>        80/TCP              3m2s
myharbor-portal       ClusterIP   10.98.188.235    <none>        80/TCP              3m2s
myharbor-redis        ClusterIP   10.98.78.247     <none>        6379/TCP            3m2s
myharbor-registry     ClusterIP   10.111.62.135    <none>        5000/TCP,8080/TCP   3m2s
myharbor-trivy        ClusterIP   10.98.6.183      <none>        8080/TCP            3m2s

 

[root@master1 helm]# kubectl get ingress   -n harbor                             
NAME               CLASS   HOSTS             ADDRESS        PORTS     AGE
myharbor-ingress   nginx   harbor.ming.org   192.168.3.10   80, 443   5m2s

 

[root@master1 helm]# kubectl get pod -n harbor -o wide                           
NAME                                   READY   STATUS    RESTARTS         AGE    IP             NODE        NOMINATED NODE   READINESS GATES
myharbor-core-5d7949f87-ldp95          1/1     Running   11 (8m37s ago)   48m    10.244.2.100   node2.org   <none>           <none>
myharbor-core-749dbf66c4-bmmj5         0/1     Running   0                4s     10.244.2.103   node2.org   <none>           <none>
myharbor-database-0                    1/1     Running   0                6m7s   10.244.2.102   node2.org   <none>           <none>
myharbor-jobservice-7cd9fc494d-z69w9   1/1     Running   3 (2m55s ago)    21m    10.244.1.110   node1.org   <none>           <none>
myharbor-portal-7d66b7896d-gqdmg       1/1     Running   0                48m    10.244.2.99    node2.org   <none>           <none>
myharbor-redis-0                       1/1     Running   0                76m    10.244.1.107   node1.org   <none>           <none>
myharbor-registry-746f87566c-fnr52     2/2     Running   0                48m    10.244.1.109   node1.org   <none>           <none>
myharbor-trivy-0                       1/1     Running   0                76m    10.244.1.106   node1.org   <none>           <none>

 

[root@master1 helm]# kubectl get pvc -n harbor 
NAME                                STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   VOLUMEATTRIBUTESCLASS   AGE
data-myharbor-redis-0               Bound    pvc-a27b7cb0-7573-434c-aef6-f0854a9be208   1Gi        RWO            sc-nfs         <unset>                 77m
data-myharbor-trivy-0               Bound    pvc-724b3ecf-af2f-4d77-b1ef-311fe5c16df3   5Gi        RWO            sc-nfs         <unset>                 77m
database-data-myharbor-database-0   Bound    pvc-bbf96c51-1c43-46b8-b14b-e2f956672d19   1Gi        RWO            sc-nfs         <unset>                 77m
myharbor-jobservice                 Bound    pvc-e8c92c54-393d-4239-bbaa-0ace5e34e530   1Gi        RWO            sc-nfs         <unset>                 77m
myharbor-registry                   Bound    pvc-7c9331a0-bb5b-4cf1-911d-367d609fb42d   5Gi        RWO            sc-nfs         <unset>                 77m

 

root@master1 helm]# kubectl get pv -n harbor 
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                                       STORAGECLASS   VOLUMEATTRIBUTESCLASS   REASON   AGE
pvc-293c769e-5435-4eab-ac98-82ed4a481378   5Gi        RWO            Delete           Bound    default/myharbor-registry                   sc-nfs         <unset>                          95m
pvc-2bb036fa-e565-4347-ab16-f56f61e90424   1Gi        RWO            Delete           Bound    default/database-data-myharbor-database-0   sc-nfs         <unset>                          95m
pvc-2e6411c2-39fd-4b31-a42c-074f28db0782   1Gi        RWO            Delete           Bound    default/myharbor-jobservice                 sc-nfs         <unset>                          95m
pvc-43a9bdcf-d837-4d0f-ac04-830dc0988136   5Gi        RWO            Delete           Bound    default/data-myharbor-trivy-0               sc-nfs         <unset>                          95m
pvc-724b3ecf-af2f-4d77-b1ef-311fe5c16df3   5Gi        RWO            Delete           Bound    harbor/data-myharbor-trivy-0                sc-nfs         <unset>                          77m
pvc-7c9331a0-bb5b-4cf1-911d-367d609fb42d   5Gi        RWO            Delete           Bound    harbor/myharbor-registry                    sc-nfs         <unset>                          77m
pvc-9a264bad-82c1-41fe-aa8a-a30b31e599b9   1Gi        RWO            Delete           Bound    default/data-myharbor-redis-0               sc-nfs         <unset>                          95m
pvc-a27b7cb0-7573-434c-aef6-f0854a9be208   1Gi        RWO            Delete           Bound    harbor/data-myharbor-redis-0                sc-nfs         <unset>                          77m
pvc-bbf96c51-1c43-46b8-b14b-e2f956672d19   1Gi        RWO            Delete           Bound    harbor/database-data-myharbor-database-0    sc-nfs         <unset>                          77m
pvc-e8c92c54-393d-4239-bbaa-0ace5e34e530   1Gi        RWO            Delete           Bound    harbor/myharbor-jobservice                  sc-nfs         <unset>                          77m

 

 

 

 

#使用用户名密码:admin/123456登录验证
#如果不改密码：默认是Habor12345
#域名解析将harbor.ming.org--》IP
#浏览器访问：
http://harbor.ming.org

 

 

 

 

#删除

helm delete myharbor -n harbor

 

 

 

 

翻译

搜索

复制