kubernetes環境下harbor安裝

時間 2021-05-04

標籤 linux git github redis docker api 瀏覽器 bash 服務器 app 欄目 Linux 简体版

原文原文鏈接

介紹

harbor支持docker compose和helm兩種方式進行安裝，通常狀況下若是是kubernetes運行環境推薦用helm進行安裝，若是是純docker環境建議用docker compose進行安裝，本次安裝使用helm進行安裝，安裝版本爲v2.2.1linux

建立命名空間

harbor包含服務較多，建議單首創建命名空間進行安裝，便於後續的管理git

apiVersion: v1
kind: Namespace
metadata:
  name: harbor
  labels:
    name: harbor

另存爲harbor-namespace.yaml文件，並執行kubectl apply -f harbor-namespace.yaml命令進行建立github

建立共享目錄

目錄必須建立在共享存儲的介質上面，好比NFS等redis

mkdir -p /u02/appdata/harbor/registry
mkdir -p /u02/appdata/harbor/chartmuseum
mkdir -p /u02/appdata/harbor/jobservice
mkdir -p /u02/appdata/harbor/database
mkdir -p /u02/appdata/harbor/redis
mkdir -p /u02/appdata/harbor/trivy
chmod 777 /u02/appdata/harbor/registry
chmod 777 /u02/appdata/harbor/chartmuseum
chmod 777 /u02/appdata/harbor/jobservice
chmod 777 /u02/appdata/harbor/database
chmod 777 /u02/appdata/harbor/redis
chmod 777 /u02/appdata/harbor/trivy

建立PV PVC

PV根據實際狀況進行建立，這裏直接建立本地目錄PV，經過PVC進行綁定關聯docker

apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-registry-pv"
  labels:
    name: harbor-registry-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/registry
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-chartmuseum-pv"
  labels:
    name: harbor-chartmuseum-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/chartmuseum
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-jobservice-pv"
  labels:
    name: harbor-jobservice-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/jobservice
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-database-pv"
  labels:
    name: harbor-database-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/database
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-redis-pv"
  labels:
    name: harbor-redis-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/redis
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: "harbor-trivy-pv"
  labels:
    name: harbor-trivy-pv
    release: stable
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /u02/appdata/harbor/trivy
    type: DirectoryOrCreate
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-registry-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-registry-pv
      release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-chartmuseum-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-chartmuseum-pv
      release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-jobservice-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-jobservice-pv
      release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-database-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-database-pv
      release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-redis-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-redis-pv
      release: stable
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: harbor-trivy-pvc
  namespace: harbor
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  selector:
    matchLabels:
      name: harbor-trivy-pv
      release: stable

另存爲harbor-pv.yaml文件，並執行kubectl apply -f harbor-pv.yaml命令進行建立api

helm安裝

下載helm

從helm的gitlab倉庫根據平臺下載最新版本helm安裝包，本次使用的是Helm v3.5.4瀏覽器

將安裝包上傳至服務器

[root]
tar -xvf helm-v3.5.4-linux-amd64.tar.gz
cp linux-amd64/helm /usr/local/bin
$ helm version
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /home/rke/.kube/config
version.BuildInfo{Version:"v3.5.4", GitCommit:"1b5edb69df3d3a08df77c9902dc17af864ff05d1", GitTreeState:"clean", GoVersion:"go1.15.11"}

下載harbor Chart

helm repo add harbor https://helm.goharbor.io
helm fetch harbor/harbor --untar
cd harbor
$ ls -l
drwxr-xr-x  2 rke rke  4096 5月   3 12:44 cert
-rw-r--r--  1 rke rke   576 5月   3 12:44 Chart.yaml
drwxr-xr-x  2 rke rke  4096 5月   3 12:44 conf
-rw-r--r--  1 rke rke 11357 5月   3 12:44 LICENSE
-rw-r--r--  1 rke rke 73049 5月   3 12:44 README.md
drwxr-xr-x 15 rke rke  4096 5月   3 12:44 templates
-rw-r--r--  1 rke rke 25565 5月   3 15:54 values.yaml

編輯values.yaml文件

## 1. 配置訪問地址
ingress:
    hosts:
      core: harbor.xxx.com
      notary: notary.xxx.com
## 2. 配置訪問地址
externalURL: https://harbor.xxx.com
## 3. 配置pvc
persistence:
  enabled: true
  resourcePolicy: "keep"
  persistentVolumeClaim:
    registry:
      existingClaim: "harbor-registry-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    chartmuseum:
      existingClaim: "harbor-chartmuseum-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      existingClaim: "harbor-jobservice-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    # If external database is used, the following settings for database will
    # be ignored
    database:
      existingClaim: "harbor-database-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    # If external Redis is used, the following settings for Redis will
    # be ignored
    redis:
      existingClaim: "harbor-redis-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    trivy:
      existingClaim: "harbor-trivy-pvc"
      storageClass: ""
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
 # 配置harbor管理員密碼
 harborAdminPassword: "Harbor12345"

離線問題解決

helm須要從遠程倉庫下載chart配置信息，若是安裝服務器沒法鏈接外網，能夠在外網先下載好配置信息再上傳至服務器bash

安裝harbor

helm install harbor . --namespace harbor

初次安裝時間會稍微長些，由於後臺在下載鏡像，若是全部的服務都running說明安裝成功服務器

$ kubectl get pods -n harbor
NAME                                           READY   STATUS    RESTARTS   AGE
harbor-harbor-chartmuseum-5cf6f98675-l9rrc     1/1     Running   0          18m
harbor-harbor-core-6d9c598549-6ln2r            1/1     Running   1          18m
harbor-harbor-database-0                       1/1     Running   0          18m
harbor-harbor-jobservice-6446db544f-thwx9      1/1     Running   1          18m
harbor-harbor-notary-server-657f4cfcd4-c2cxs   1/1     Running   2          18m
harbor-harbor-notary-signer-8dbf9794b-kdx8r    1/1     Running   2          18m
harbor-harbor-portal-5f46795dc7-dwmj8          1/1     Running   0          18m
harbor-harbor-redis-0                          1/1     Running   0          18m
harbor-harbor-registry-cb4c66c75-bb8bm         2/2     Running   0          18m
harbor-harbor-trivy-0                          1/1     Running   0          18m

配置訪問地址

harbor經過Ingress進行訪問，Ingerss訪問地址就是上面配置的externalURLapp

$ kubectl get ing -n harbor
NAME                           HOSTS                   ADDRESS                  
harbor-harbor-ingress          harbor.xxx.com   10.116.2.108,10.116.2.111
harbor-harbor-ingress-notary   notary.xxx.com   10.116.2.108,10.116.2.111

若是是本地測試，須要將地址加入本地hosts文件，經過瀏覽器便可訪問，若是是正式系統須要加入企業內部dns域名系統中進行解析