harbor-1. 安装

375 阅读1分钟

helm安装harbor

1. install helm

helm3

wget helm-v3.0.0-linux-amd64.tar.gz
tar -zxvf helm-v3.0.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/bin/

2. install nginx-ingress

helm repo add stable https://kubernetes-charts.storage.googleapis.com/
helm install stable/nginx-ingress --name-template nginx-ingress -n kube-system

kubectl set image deployment/nginx-ingress-default-backend nginx-ingress-default-backend=gcr.azk8s.cn/google-containers/defaultbackend-amd64:1.5
kubectl patch deployment nginx-ingress-controller -p '{"spec":{"template":{"spec":{"hostNetwork":"true"}}}}'

官方的 Ingress Controller 有个坑,没有绑定到宿主机 80 端口,也就是说前端 Nginx 没有监听宿主机 80 端口;所以需要把配置搞下来自己加一下 hostNetwork 更正:应该是要访问svc

3. install harbor

参考官网: [harbor-helm](%3Ca href="github.com/goharbor/ha…)

helm repo add harbor https://helm.goharbor.io
kubectl create namespace harbor
helm pull harbor/harbor
#修改pvc storageClass: rbd
helm install -n harbor harbor/harbor --name-template harbor \
     #--set expose.type=ingress \
     #--set expose.ingress.hosts.core=ddd.com \
     #--set expose.ingress.hosts.notary=aaa.com \
     #--set externalURL=http://ddd.com:21520 \
     #--set persistence.enabled=false \
     #--set expose.tls.enabled=false \
     #--set harborAdminPassword=admin #默认Harbor12345

4. config

###配置本地host
172.25.58.2 core.harbor.domain
172.25.58.2 notary.harbor.domain

###配置文件 /etc/docker/daemon.json
{  "insecure-registries" : ["core.harbor.domain"]}

###查看harbor证书
kubectl get secrets -n harbor harbor-1575950167-harbor-ingress -o jsonpath="{.data.ca\.crt}" |base64 -d

5. 验证

###查看nginx配置harbor
kubectl exec -it -n kube-system nginx-ingress-controller-xxx cat nginx.conf
###查看nginx机器IP
kubectl get po -n kube-system nginx-ingress-controller-xxx -o wide 
###查看harbor ingress配置
kubectl get ing -n harbor harbor-harbor-ingress

###push
docker login core.harbor.domain
admin/Harbor12345
docker push core.harbor.domain/library/xxx

6.清理存储

# 执行以下脚本尝试通过api模拟删除manifests
docker run -it \
    -v /home/someuser/registry:/registry \
    -e REGISTRY_URL=https://registry.example.com \
    -e DRY_RUN="true" \
    -e SELF_SIGNED_CERT="true" \
    -e REGISTRY_AUTH="myuser:sickpassword" \
    mortensrasmussen/docker-registry-manifest-cleanup:1.1.1
# 如上一步没有报错,执行以下脚本,真正删除
docker run -it \
    -v /home/someuser/registry:/registry \
    -e REGISTRY_URL=https://registry.example.com \
    -e SELF_SIGNED_CERT="true" \
    -e REGISTRY_AUTH="myuser:sickpassword" \
    mortensrasmussen/docker-registry-manifest-cleanup:1.1.1