helm安装harbor
1. install helm
helm3
wget helm-v3.0.0-linux-amd64.tar.gz
tar -zxvf helm-v3.0.0-linux-amd64.tar.gz
mv linux-amd64/helm /usr/bin/
2. install nginx-ingress
helm repo add stable https://kubernetes-charts.storage.googleapis.com/
helm install stable/nginx-ingress --name-template nginx-ingress -n kube-system
kubectl set image deployment/nginx-ingress-default-backend nginx-ingress-default-backend=gcr.azk8s.cn/google-containers/defaultbackend-amd64:1.5
kubectl patch deployment nginx-ingress-controller -p '{"spec":{"template":{"spec":{"hostNetwork":"true"}}}}'
官方的 Ingress Controller 有个坑,没有绑定到宿主机 80 端口,也就是说前端 Nginx 没有监听宿主机 80 端口;所以需要把配置搞下来自己加一下 hostNetwork 更正:应该是要访问svc
3. install harbor
参考官网: [harbor-helm](%3Ca href="github.com/goharbor/ha…)
helm repo add harbor https://helm.goharbor.io
kubectl create namespace harbor
helm pull harbor/harbor
#修改pvc storageClass: rbd
helm install -n harbor harbor/harbor --name-template harbor \
#--set expose.type=ingress \
#--set expose.ingress.hosts.core=ddd.com \
#--set expose.ingress.hosts.notary=aaa.com \
#--set externalURL=http://ddd.com:21520 \
#--set persistence.enabled=false \
#--set expose.tls.enabled=false \
#--set harborAdminPassword=admin #默认Harbor12345
4. config
###配置本地host
172.25.58.2 core.harbor.domain
172.25.58.2 notary.harbor.domain
###配置文件 /etc/docker/daemon.json
{ "insecure-registries" : ["core.harbor.domain"]}
###查看harbor证书
kubectl get secrets -n harbor harbor-1575950167-harbor-ingress -o jsonpath="{.data.ca\.crt}" |base64 -d
5. 验证
###查看nginx配置harbor
kubectl exec -it -n kube-system nginx-ingress-controller-xxx cat nginx.conf
###查看nginx机器IP
kubectl get po -n kube-system nginx-ingress-controller-xxx -o wide
###查看harbor ingress配置
kubectl get ing -n harbor harbor-harbor-ingress
###push
docker login core.harbor.domain
admin/Harbor12345
docker push core.harbor.domain/library/xxx
6.清理存储
# 执行以下脚本尝试通过api模拟删除manifests
docker run -it \
-v /home/someuser/registry:/registry \
-e REGISTRY_URL=https://registry.example.com \
-e DRY_RUN="true" \
-e SELF_SIGNED_CERT="true" \
-e REGISTRY_AUTH="myuser:sickpassword" \
mortensrasmussen/docker-registry-manifest-cleanup:1.1.1
# 如上一步没有报错,执行以下脚本,真正删除
docker run -it \
-v /home/someuser/registry:/registry \
-e REGISTRY_URL=https://registry.example.com \
-e SELF_SIGNED_CERT="true" \
-e REGISTRY_AUTH="myuser:sickpassword" \
mortensrasmussen/docker-registry-manifest-cleanup:1.1.1