在k8s上安装Harbor

先前条件

《kubernetes(k8s) 存储动态挂载》
《在k8s(kubernetes)上安装 ingress V1.1.3》
参考我之前的文档进行部署
https://www.oiox.cn/index.php/archives/32/
https://www.oiox.cn/index.php/archives/142/

我用到的批量将dockerhub导入阿里云



#!/bin/bash

for((i=0;i<n;i++)); do

    echo "${i}"

done

export docker_images="goharbor/harbor-db:v2.6.2 goharbor/harbor-jobservice:v2.6.2 goharbor/harbor-portal:v2.6.2 goharbor/harbor-registryctl:v2.6.2 goharbor/notary-server-photon:v2.6.2 goharbor/notary-signer-photon:v2.6.2 goharbor/redis-photon:v2.6.2 goharbor/registry-photon:v2.6.2 goharbor/trivy-adapter-photon:v2.6.2"

export aliyun_image="registry.cn-hangzhou.aliyuncs.com/chenby/"

for images in $docker_images;do

    export end_image=`echo "$images" | awk -F "/" '{print $NF}'`

    docker pull "$images"

    docker tag "$images" "$aliyun_image""$end_image"

    docker push "$aliyun_image""$end_image"

    docker rmi "$images"

    docker rmi "$aliyun_image""$end_image"

done


安装helm工具




# 安装helm工具

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3

chmod 700 get_helm.sh

./get_helm.sh


添加Harbor 官方Helm Chart仓库




# 添加Harbor 官方Helm Chart仓库

root@cby:~# helm repo add harbor  https://helm.goharbor.io

WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config

WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config

"harbor" has been added to your repositories


查看源列表




# 查看源列表

root@cby:~# helm repo list

WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config

WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config

NAME    URL

devtron https://helm.devtron.ai

harbor  https://helm.goharbor.io

root@cby:~#


列出最新版本的包




# 列出最新版本的包

root@cby:~# helm search repo harbor -l |  grep harbor/harbor  | head  -4

WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config

WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config

harbor/harbor   1.10.2          2.6.2           An open source trusted cloud native registry th...

harbor/harbor   1.10.1          2.6.1           An open source trusted cloud native registry th...

harbor/harbor   1.10.0          2.6.0           An open source trusted cloud native registry th...

harbor/harbor   1.9.4           2.5.4           An open source trusted cloud native registry th...

root@cby:~#


下载Chart包到本地




# 下载Chart包到本地

root@cby:~# helm pull harbor/harbor --version 1.10.2

WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config

WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config

root@cby:~#

root@cby:~# ls harbor-1.10.2.tgz

harbor-1.10.2.tgz

root@cby:~#

root@cby:~# tar zxvf harbor-1.10.2.tgz

root@cby:~# cd harbor/

root@cby:~/harbor# ll

total 276

drwxr-xr-x  5 root root   4096 Nov 22 10:35 ./

drwx------ 12 root root   4096 Nov 22 10:35 ../

drwxr-xr-x  2 root root   4096 Nov 22 10:35 cert/

-rw-r--r--  1 root root    567 Nov 10 09:08 Chart.yaml

drwxr-xr-x  2 root root   4096 Nov 22 10:35 conf/

-rw-r--r--  1 root root     57 Nov 10 09:08 .helmignore

-rw-r--r--  1 root root  11357 Nov 10 09:08 LICENSE

-rw-r--r--  1 root root 202142 Nov 10 09:08 README.md

drwxr-xr-x 16 root root   4096 Nov 22 10:35 templates/

-rw-r--r--  1 root root  33779 Nov 10 09:08 values.yaml

root@cby:~/harbor#


修改values.yaml配置




# 修改values.yaml配置

root@cby:~/harbor# sed -i "s#harbor.domain#oiox.cn#g" values.yaml

# 设置为我的阿里云仓库

root@cby:~/harbor# sed -i "s#repository: goharbor#repository: registry.cn-hangzhou.aliyuncs.com/chenby#g" values.yaml

# 修改字段 externalURL

# 注意 30785 是我的ingress端口,各位的端口应该和我的不一样

root@cby:~/harbor# vim values.yaml

externalURL: https://core.oiox.cn:30785

# debug看看配置与自己的环境是否匹配,是否需要修改

root@cby:~/harbor# helm install harbor ./ --dry-run | grep oiox.cn

WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config

WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config

  EXT_ENDPOINT: "https://core.oiox.cn:30785"

    - core.oiox.cn

    host: core.oiox.cn

    - notary.oiox.cn

    host: notary.oiox.cn

Then you should be able to visit the Harbor portal at https://core.oiox.cn:30785

root@cby:~/harbor#


安装




# 创建命名空间

root@cby:~/harbor# kubectl create namespace harbor

namespace/harbor created

root@cby:~/harbor# 

# 进行安装

root@cby:~/harbor# helm install  harbor . -n harbor

WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config

WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config

NAME: harbor

LAST DEPLOYED: Tue Nov 22 10:56:50 2022

NAMESPACE: harbor

STATUS: deployed

REVISION: 1

TEST SUITE: None

NOTES:

Please wait for several minutes for Harbor deployment to complete.

Then you should be able to visit the Harbor portal at https://core.oiox.cn

For more details, please visit https://github.com/goharbor/harbor

root@cby:~/harbor#


编辑ingress配置




root@cby:~# kubectl edit ingress -n harbor harbor-ingress

root@cby:~# kubectl edit ingress -n harbor harbor-ingress-notary

# 添加字段  ingressClassName: nginx

spec:

  ingressClassName: nginx

  rules:

  - host: core.oiox.cn

    http:

# 查看

root@cby:~# kubectl get ingress -n harbor harbor-ingress -o yaml

apiVersion: networking.k8s.io/v1

kind: Ingress

metadata:

  annotations:

    ingress.kubernetes.io/proxy-body-size: "0"

    ingress.kubernetes.io/ssl-redirect: "true"

    meta.helm.sh/release-name: harbor

    meta.helm.sh/release-namespace: harbor

    nginx.ingress.kubernetes.io/proxy-body-size: "0"

    nginx.ingress.kubernetes.io/ssl-redirect: "true"

  creationTimestamp: "2022-11-22T15:21:35Z"

  generation: 3

  labels:

    app: harbor

    app.kubernetes.io/managed-by: Helm

    chart: harbor

    heritage: Helm

    release: harbor

  name: harbor-ingress

  namespace: harbor

  resourceVersion: "2070090"

  uid: def0b549-3a00-49a4-8ece-b5ce18205427

spec:

  ingressClassName: nginx

  rules:

  - host: core.oiox.cn

    http:

      paths:

      - backend:

          service:

            name: harbor-core

            port:

              number: 80

        path: /api/

        pathType: Prefix

      - backend:

          service:

            name: harbor-core

            port:

              number: 80

        path: /service/

        pathType: Prefix

      - backend:

          service:

            name: harbor-core

            port:

              number: 80

        path: /v2/

        pathType: Prefix

      - backend:

          service:

            name: harbor-core

            port:

              number: 80

        path: /chartrepo/

        pathType: Prefix

      - backend:

          service:

            name: harbor-core

            port:

              number: 80

        path: /c/

        pathType: Prefix

      - backend:

          service:

            name: harbor-portal

            port:

              number: 80

        path: /

        pathType: Prefix

  tls:

  - hosts:

    - core.oiox.cn

    secretName: harbor-ingress

status:

  loadBalancer:

    ingress:

    - ip: 192.168.8.65

root@cby:~# 

root@cby:~# kubectl get ingress -n harbor

NAME                    CLASS   HOSTS            ADDRESS        PORTS     AGE

harbor-ingress          nginx   core.oiox.cn     192.168.8.65   80, 443   9m8s

harbor-ingress-notary   nginx   notary.oiox.cn   192.168.8.65   80, 443   9m8s

root@cby:~#


访问测试




# 查看管理员密码

root@cby:~# kubectl get secret -n harbor harbor-core -o jsonpath='{.data.HARBOR_ADMIN_PASSWORD}'|base64 --decode

Harbor12345

# 写入本地hosts配置

root@cby:~# echo "192.168.8.65 core.oiox.cn" >> /etc/hosts

root@cby:~# sudo mkdir -p /etc/docker

root@cby:~# sudo tee /etc/docker/daemon.json <<-'EOF'

{

  "registry-mirrors": [

    "https://hub-mirror.c.163.com",

    "https://mirror.baidubce.com"

  ],

  "insecure-registries": [

    "hb.oiox.cn",

    "core.oiox.cn:30785"

  ],

  "exec-opts": ["native.cgroupdriver=systemd"]

}

EOF

root@cby:~# sudo systemctl daemon-reload

root@cby:~# sudo systemctl restart docker

root@cby:~# docker login -uadmin -pHarbor12345 core.oiox.cn:30785

WARNING! Using --password via the CLI is insecure. Use --password-stdin.

WARNING! Your password will be stored unencrypted in /root/.docker/config.json.

Configure a credential helper to remove this warning. See

https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded


关于


https://www.oiox.cn/


https://www.oiox.cn/index.php/start-page.html


CSDN、GitHub、51CTO、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客


全网可搜《小陈运维》


文章主要发布于微信公众号


												


											
在k8s上安装Harbor的更多相关文章
	

    
						
  1. 在k8s上安装Jenkins及常见问题
		
    持续集成和部署是DevOps的重要组成部分,Jenkins是一款非常流行的持续集成和部署工具,最近试验了一下Jenkins,发现它是我一段时间以来用过的工具中最复杂的.一个可能的原因是它需要与各种其它 ...
    
		
    2. 
						
  2. k8s上安装elasticsearch集群
		
    官方文档地址:https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html yaml文件地址:https://dow ...
    
		
    3. 
						
  3. k8s上安装安装 Ingress Controller &卸载
		
    在 master 节点上执行 nginx-ingress.yaml文件内容 # 如果打算用于生产环境,请参考 https://github.com/nginxinc/kubernetes-ingres ...
    
		
    4. 
						
  4. kubernetes(k8s) helm安装kafka、zookeeper
		
    通过helm在k8s上部署kafka.zookeeper 通过helm方法安装 k8s上安装kafka,可以使用helm,将kafka作为一个应用安装.当然这首先要你的k8s支持使用helm安装.he ...
    
		
    5. 
						
  5. kubernetes上安装MongoDB-3.6.5集群副本集方式
		
    一.安装部署: 想直接一步创建集群的小伙伴直接按以下步骤安装(再往后是记录自己出过的错): 1.生成docker镜像: docker build -t 144.202.127.156/library/ ...
    
		
    6. 
						
  6. kubernetes实战(十):k8s使用Helm安装harbor
		
    1.基本概念 对于复杂的应用中间件,需要设置镜像运行的需求.环境变量,并且需要定制存储.网络等设置,最后设计和编写Deployment.Configmap.Service及Ingress等相关yaml ...
    
		
    7. 
						
  7. .NET遇上Docker - Harbor的安装与基本使用
		
    Harbor是一个开源企业级Docker注册中心,可以用于搭建私有的Docker Image仓库.可以实现权限控制等. 安装Harbor 首先,需要安装Docker和Docker Compose,参考 ...
    
		
    8. 
						
  8. 在 Ubuntu 上安装 K8S教程
		
    在 Ubuntu 上安装 K8S教程 1,更新系统源 如果系统本身自带得镜像地址,服务器在国外,下载速度会很慢,可以打开 /etc/apt/sources.lis 替换为国内得镜像源. apt upg ...
    
		
    9. 
						
  9. Istio(二):在Kubernetes(k8s)集群上安装部署istio1.14
		
    目录 一.模块概览 二.系统环境 三.安装istio 3.1 使用 Istioctl 安装 3.2 使用 Istio Operator 安装 3.3 生产部署情况如何? 3.4 平台安装指南 四.Ge ...
    
		
    10. 
						
  10. 超详细实操教程!在现有K8S集群上安装JenkinsX,极速提升CI/CD体验!
		
    在2018年年初,Jenkins X首次发布,它由Apache Groovy语言的创建者Jame Strachan创建.Jenkins X 是一个高度集成化的 CI/CD 平台,基于 Jenkins  ...
    
		
    11. 
		

	


随机推荐
	

    
									
  1. vue 添加多条数据 添加日期
			
    效果图添加多条数据,日期是具体到天. 后端数据格式time:[ { s_time:' ' , e_time: ' ' }] <p v-for="(item,index) in form ...
    
			
    2. 
						
  2. Android studio 使用Internet传递信息
			
    使用Intent在Activity之间传递信息1.首先创建一个新的Activity,在activity_main.xml中设计页面,将android.support.constraint.Constr ...
    
			
    3. 
						
  3. 使用Jquery的.css('border')在火狐不兼容
			
    改成如下就可以兼容火狐.IE.谷歌(border-left-color.border-left-width等)
    
			
    4. 
						
  4. database.properties基本配置
			
    database.properties基本配置 jdbc.driver=com.mysql.jdbc.Driver # jdbc.url=jdbc:mysql://localhost:3306/ssm ...
    
			
    5. 
						
  5. c# 连接SQLite 查询数据 写入txt文本
			
    using Newtonsoft.Json.Linq; using System; using System.Data.SQLite; using System.IO; namespace @publ ...
    
			
    6. 
						
  6. 【Unity】利用C#反射打印类的字段信息
			
    最近在用protobuf-net序列化功能生成.bytes配置文件时,遇到了需要把.bytes配置文件再另外转成Lua配置文件(Lua配置表内容举例)的需求.Lua配置文件需要记录配置类的各个字段名和 ...
    
			
    7. 
						
  7. Mysql_5.7编译部署
			
    自述 - 概述:数据库是"按照数据结构来组织.存储和管理数据的仓库".是一个长期存储在计算机内的.有组织的.可共享的.统一管理的大量数据的集合:本文主要介绍mysql_5.7的部署 ...
    
			
    8. 
						
  8. Docker不启动容器的情况下修改配置文件
			
    应用场景: 1.容器中配置文件错误无法启动. 2.任何不启动容器时修改配置文件. 方法: 1.Copy容器中的配置文件出来. 2.修改此配置文件 3.将配置文件重新覆盖回容器内 命令 docker c ...
    
			
    9. 
						
  9. manjaro安装指导
			
    本文"指导"二字口气有点大,是说给自己听的,指导我下次的安装. 正文: 1.安装系统:在清华大学开源站上下载KDE版(本机适用19版54内核无驱动问题),用rufus烧制启动盘,以 ...
    
			
    10. 
						
  10. 2021.06.18 思科anyconnect安全移动客户端通知
			
    mac系统更新后,开关机后都会弹出思科anyconnect安全移动客户端通知的弹框,很烦,所以要干掉它! 打开终端,执行以下两行命令即可: cd /Library/LaunchAgents/ mv / ...
    
			
    11.