在k8s上安装Harbor

先前条件

《kubernetes(k8s) 存储动态挂载》
《在k8s(kubernetes)上安装 ingress V1.1.3》
参考我之前的文档进行部署
https://www.oiox.cn/index.php/archives/32/
https://www.oiox.cn/index.php/archives/142/

我用到的批量将dockerhub导入阿里云

  1.  
  1. #!/bin/bash
  3. for((i=0;i<n;i++)); do
  4.     echo "${i}"
  5. done
  7. export docker_images="goharbor/harbor-db:v2.6.2 goharbor/harbor-jobservice:v2.6.2 goharbor/harbor-portal:v2.6.2 goharbor/harbor-registryctl:v2.6.2 goharbor/notary-server-photon:v2.6.2 goharbor/notary-signer-photon:v2.6.2 goharbor/redis-photon:v2.6.2 goharbor/registry-photon:v2.6.2 goharbor/trivy-adapter-photon:v2.6.2"
  9. export aliyun_image="registry.cn-hangzhou.aliyuncs.com/chenby/"
  11. for images in $docker_images;do
  12.     export end_image=`echo "$images" | awk -F "/" '{print $NF}'`
  13.     docker pull "$images"
  14.     docker tag "$images" "$aliyun_image""$end_image"
  15.     docker push "$aliyun_image""$end_image"
  16.     docker rmi "$images"
  17.     docker rmi "$aliyun_image""$end_image"
  18. done

安装helm工具

  1.  
  1. # 安装helm工具
  2. curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
  3. chmod 700 get_helm.sh
  4. ./get_helm.sh

添加Harbor 官方Helm Chart仓库

  1.  
  1. # 添加Harbor 官方Helm Chart仓库
  2. root@cby:~# helm repo add harbor  https://helm.goharbor.io
  3. WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
  4. WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
  5. "harbor" has been added to your repositories

查看源列表

  1.  
  1. # 查看源列表
  2. root@cby:~# helm repo list
  3. WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
  4. WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
  5. NAME    URL
  6. devtron https://helm.devtron.ai
  7. harbor  https://helm.goharbor.io
  8. root@cby:~#

列出最新版本的包

  1.  
  1. # 列出最新版本的包
  2. root@cby:~# helm search repo harbor -l |  grep harbor/harbor  | head  -4
  3. WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
  4. WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
  5. harbor/harbor   1.10.2          2.6.2           An open source trusted cloud native registry th...
  6. harbor/harbor   1.10.1          2.6.1           An open source trusted cloud native registry th...
  7. harbor/harbor   1.10.0          2.6.0           An open source trusted cloud native registry th...
  8. harbor/harbor   1.9.4           2.5.4           An open source trusted cloud native registry th...
  9. root@cby:~#

下载Chart包到本地

  1.  
  1. # 下载Chart包到本地
  2. root@cby:~# helm pull harbor/harbor --version 1.10.2
  3. WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
  4. WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
  5. root@cby:~#
  6. root@cby:~# ls harbor-1.10.2.tgz
  7. harbor-1.10.2.tgz
  8. root@cby:~#
  9. root@cby:~# tar zxvf harbor-1.10.2.tgz
  11. root@cby:~# cd harbor/
  12. root@cby:~/harbor# ll
  13. total 276
  14. drwxr-xr-x  5 root root   4096 Nov 22 10:35 ./
  15. drwx------ 12 root root   4096 Nov 22 10:35 ../
  16. drwxr-xr-x  2 root root   4096 Nov 22 10:35 cert/
  17. -rw-r--r--  1 root root    567 Nov 10 09:08 Chart.yaml
  18. drwxr-xr-x  2 root root   4096 Nov 22 10:35 conf/
  19. -rw-r--r--  1 root root     57 Nov 10 09:08 .helmignore
  20. -rw-r--r--  1 root root  11357 Nov 10 09:08 LICENSE
  21. -rw-r--r--  1 root root 202142 Nov 10 09:08 README.md
  22. drwxr-xr-x 16 root root   4096 Nov 22 10:35 templates/
  23. -rw-r--r--  1 root root  33779 Nov 10 09:08 values.yaml
  24. root@cby:~/harbor#

修改values.yaml配置

  1.  
  1. # 修改values.yaml配置
  2. root@cby:~/harbor# sed -i "s#harbor.domain#oiox.cn#g" values.yaml
  4. # 设置为我的阿里云仓库
  5. root@cby:~/harbor# sed -i "s#repository: goharbor#repository: registry.cn-hangzhou.aliyuncs.com/chenby#g" values.yaml
  7. # 修改字段 externalURL
  8. # 注意 30785 是我的ingress端口,各位的端口应该和我的不一样
  9. root@cby:~/harbor# vim values.yaml
  10. externalURL: https://core.oiox.cn:30785
  12. # debug看看配置与自己的环境是否匹配,是否需要修改
  13. root@cby:~/harbor# helm install harbor ./ --dry-run | grep oiox.cn
  14. WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
  15. WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
  16.   EXT_ENDPOINT: "https://core.oiox.cn:30785"
  17.     - core.oiox.cn
  18.     host: core.oiox.cn
  19.     - notary.oiox.cn
  20.     host: notary.oiox.cn
  21. Then you should be able to visit the Harbor portal at https://core.oiox.cn:30785
  22. root@cby:~/harbor#

安装

  1.  
  1. # 创建命名空间
  2. root@cby:~/harbor# kubectl create namespace harbor
  3. namespace/harbor created
  4. root@cby:~/harbor# 
  6. # 进行安装
  7. root@cby:~/harbor# helm install  harbor . -n harbor
  8. WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/.kube/config
  9. WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /root/.kube/config
  10. NAME: harbor
  11. LAST DEPLOYED: Tue Nov 22 10:56:50 2022
  12. NAMESPACE: harbor
  13. STATUS: deployed
  14. REVISION: 1
  15. TEST SUITE: None
  16. NOTES:
  17. Please wait for several minutes for Harbor deployment to complete.
  18. Then you should be able to visit the Harbor portal at https://core.oiox.cn
  19. For more details, please visit https://github.com/goharbor/harbor
  20. root@cby:~/harbor#

编辑ingress配置

  1.  
  1. root@cby:~# kubectl edit ingress -n harbor harbor-ingress
  2. root@cby:~# kubectl edit ingress -n harbor harbor-ingress-notary
  4. # 添加字段  ingressClassName: nginx
  5. spec:
  6.   ingressClassName: nginx
  7.   rules:
  8.   - host: core.oiox.cn
  9.     http:
  11. # 查看
  12. root@cby:~# kubectl get ingress -n harbor harbor-ingress -o yaml
  13. apiVersion: networking.k8s.io/v1
  14. kind: Ingress
  15. metadata:
  16.   annotations:
  17.     ingress.kubernetes.io/proxy-body-size: "0"
  18.     ingress.kubernetes.io/ssl-redirect: "true"
  19.     meta.helm.sh/release-name: harbor
  20.     meta.helm.sh/release-namespace: harbor
  21.     nginx.ingress.kubernetes.io/proxy-body-size: "0"
  22.     nginx.ingress.kubernetes.io/ssl-redirect: "true"
  23.   creationTimestamp: "2022-11-22T15:21:35Z"
  24.   generation: 3
  25.   labels:
  26.     app: harbor
  27.     app.kubernetes.io/managed-by: Helm
  28.     chart: harbor
  29.     heritage: Helm
  30.     release: harbor
  31.   name: harbor-ingress
  32.   namespace: harbor
  33.   resourceVersion: "2070090"
  34.   uid: def0b549-3a00-49a4-8ece-b5ce18205427
  35. spec:
  36.   ingressClassName: nginx
  37.   rules:
  38.   - host: core.oiox.cn
  39.     http:
  40.       paths:
  41.       - backend:
  42.           service:
  43.             name: harbor-core
  44.             port:
  45.               number: 80
  46.         path: /api/
  47.         pathType: Prefix
  48.       - backend:
  49.           service:
  50.             name: harbor-core
  51.             port:
  52.               number: 80
  53.         path: /service/
  54.         pathType: Prefix
  55.       - backend:
  56.           service:
  57.             name: harbor-core
  58.             port:
  59.               number: 80
  60.         path: /v2/
  61.         pathType: Prefix
  62.       - backend:
  63.           service:
  64.             name: harbor-core
  65.             port:
  66.               number: 80
  67.         path: /chartrepo/
  68.         pathType: Prefix
  69.       - backend:
  70.           service:
  71.             name: harbor-core
  72.             port:
  73.               number: 80
  74.         path: /c/
  75.         pathType: Prefix
  76.       - backend:
  77.           service:
  78.             name: harbor-portal
  79.             port:
  80.               number: 80
  81.         path: /
  82.         pathType: Prefix
  83.   tls:
  84.   - hosts:
  85.     - core.oiox.cn
  86.     secretName: harbor-ingress
  87. status:
  88.   loadBalancer:
  89.     ingress:
  90.     - ip: 192.168.8.65
  91. root@cby:~# 
  93. root@cby:~# kubectl get ingress -n harbor
  94. NAME                    CLASS   HOSTS            ADDRESS        PORTS     AGE
  95. harbor-ingress          nginx   core.oiox.cn     192.168.8.65   80, 443   9m8s
  96. harbor-ingress-notary   nginx   notary.oiox.cn   192.168.8.65   80, 443   9m8s
  97. root@cby:~#

访问测试

  1.  
  1. # 查看管理员密码
  2. root@cby:~# kubectl get secret -n harbor harbor-core -o jsonpath='{.data.HARBOR_ADMIN_PASSWORD}'|base64 --decode
  3. Harbor12345
  5. # 写入本地hosts配置
  6. root@cby:~# echo "192.168.8.65 core.oiox.cn" >> /etc/hosts
  8. root@cby:~# sudo mkdir -p /etc/docker
  9. root@cby:~# sudo tee /etc/docker/daemon.json <<-'EOF'
  10. {
  11.   "registry-mirrors": [
  12.     "https://hub-mirror.c.163.com",
  13.     "https://mirror.baidubce.com"
  14.   ],
  15.   "insecure-registries": [
  16.     "hb.oiox.cn",
  17.     "core.oiox.cn:30785"
  18.   ],
  19.   "exec-opts": ["native.cgroupdriver=systemd"]
  20. }
  21. EOF
  22. root@cby:~# sudo systemctl daemon-reload
  23. root@cby:~# sudo systemctl restart docker
  25. root@cby:~# docker login -uadmin -pHarbor12345 core.oiox.cn:30785
  26. WARNING! Using --password via the CLI is insecure. Use --password-stdin.
  27. WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
  28. Configure a credential helper to remove this warning. See
  29. https://docs.docker.com/engine/reference/commandline/login/#credentials-store
  31. Login Succeeded

关于

https://www.oiox.cn/

https://www.oiox.cn/index.php/start-page.html

CSDN、GitHub、51CTO、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客

全网可搜《小陈运维》

文章主要发布于微信公众号

在k8s上安装Harbor的更多相关文章

  1. 在k8s上安装Jenkins及常见问题

    持续集成和部署是DevOps的重要组成部分,Jenkins是一款非常流行的持续集成和部署工具,最近试验了一下Jenkins,发现它是我一段时间以来用过的工具中最复杂的.一个可能的原因是它需要与各种其它 ...

  2. k8s上安装elasticsearch集群

    官方文档地址:https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html yaml文件地址:https://dow ...

  3. k8s上安装安装 Ingress Controller &卸载

    在 master 节点上执行 nginx-ingress.yaml文件内容 # 如果打算用于生产环境,请参考 https://github.com/nginxinc/kubernetes-ingres ...

  4. kubernetes(k8s) helm安装kafka、zookeeper

    通过helm在k8s上部署kafka.zookeeper 通过helm方法安装 k8s上安装kafka,可以使用helm,将kafka作为一个应用安装.当然这首先要你的k8s支持使用helm安装.he ...

  5. kubernetes上安装MongoDB-3.6.5集群副本集方式

    一.安装部署: 想直接一步创建集群的小伙伴直接按以下步骤安装(再往后是记录自己出过的错): 1.生成docker镜像: docker build -t 144.202.127.156/library/ ...

  6. kubernetes实战(十):k8s使用Helm安装harbor

    1.基本概念 对于复杂的应用中间件,需要设置镜像运行的需求.环境变量,并且需要定制存储.网络等设置,最后设计和编写Deployment.Configmap.Service及Ingress等相关yaml ...

  7. .NET遇上Docker - Harbor的安装与基本使用

    Harbor是一个开源企业级Docker注册中心,可以用于搭建私有的Docker Image仓库.可以实现权限控制等. 安装Harbor 首先,需要安装Docker和Docker Compose,参考 ...

  8. 在 Ubuntu 上安装 K8S教程

    在 Ubuntu 上安装 K8S教程 1,更新系统源 如果系统本身自带得镜像地址,服务器在国外,下载速度会很慢,可以打开 /etc/apt/sources.lis 替换为国内得镜像源. apt upg ...

  9. Istio(二):在Kubernetes(k8s)集群上安装部署istio1.14

    目录 一.模块概览 二.系统环境 三.安装istio 3.1 使用 Istioctl 安装 3.2 使用 Istio Operator 安装 3.3 生产部署情况如何? 3.4 平台安装指南 四.Ge ...

  10. 超详细实操教程!在现有K8S集群上安装JenkinsX,极速提升CI/CD体验!

    在2018年年初,Jenkins X首次发布,它由Apache Groovy语言的创建者Jame Strachan创建.Jenkins X 是一个高度集成化的 CI/CD 平台,基于 Jenkins ...

随机推荐

  1. VUE-使用touchstart、touchmove、touchend实现拖拽卡片列表,实现更新排序功能

    感谢本文参考地址,原文解析更加清晰如有需要请移步:https://blog.csdn.net/weixin_40400844/article/details/114849253 怕原链接失效,将代码拷 ...

  2. 使用idea从零编写SpringCloud项目-Ribbo

    git:https://github.com/bmdcheng/product_server git:https://github.com/bmdcheng/order_server 1.需要创建两个 ...

  3. ASP.NET Core 读取配置文件信息

    一:读取配置文件 先来看一下appsettings.json文件的内容,如下图: { "ConnectionStrings": { "ServerConnection&q ...

  4. home:76 Uncaught TypeError: AMap.MouseTool is not a constructor

    利用高德地图API标记已知点并测量已知点之间的距离,在调用高德地图的类方法的时候会遇到这样的问题 home:76 Uncaught TypeError: AMap.MouseTool is not a ...

  5. Ext.form.ComboBox 中如何移除事件,如何添加事件,动态设置事件

    Ext.form.ComboBox 中如何移除事件,如何添加事件 背景: 希望Ext.form.ComboBox动态设置forceSelection属性,动态控制Combobox的可读可写状态,是否允 ...

  6. tortoiseGit配置和git常用命令

    tortoiseGit配置:https://blog.csdn.net/hjwdz2015/article/details/90487554 常用命令 一.git config --global us ...

  7. [C#]Windows窗体应用基础-1

    代码参考: using System; using System.Collections.Generic; using System.Linq; using System.Text; using Sy ...

  8. Matlab %壹

    第一章 基本操作 MATLAB as A Calculator operators: + - * / ^ 顺序: Parenthesis () Power (^) *or/ +or- 特殊的: sqr ...

  9. python,数据类型和变量,数据类型和变量,集合,字符串拼接

    可不可变: 可变:列表,字典 不可变:字符串,数字,元祖 访问顺序: 直接访问:数字 顺序访问:字符串,列表,元祖 映射:字典 存放元素个数 容器类型:列表,元祖,字典 原子:数字,字符串 集合 1. ...

  10. 3-XSS漏洞

    1.XSS原理 跨站脚本攻击是一种针对网站应用程序的安全漏洞攻击技术,是代码注入的一种.它允许恶意用户将代码注入网页,其他用户在浏览网页时会受到影响.恶意用户利用xss代码攻击成功后,可能得到很高的权 ...