helm repo add harbor https://helm.goharbor.io2、下载 Harbor Helm目录
helm pull harbor/harbor --version 1.7.4
查找自己Kubernetes对应的Harbor版本
3、压缩 tgz包tar zxf harbor-1.7.4.tgz4、创建 Harbor所需要的存储类
cd harbor/ cat <5、在 NFS 上创建pv所需要的目录harbor-pv-pvc.yaml apiVersion: v1 kind: PersistentVolume metadata: name: harbor-chartmuseum spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce # 只允许一个容器可以使用 persistentVolumeReclaimPolicy: Retain # 手动回收 storageClassName: harbor-chartmuseum nfs: path: /data/shareNFS/harbor/harbor-chartmuseum server: 10.52.16.31 --- apiVersion: v1 kind: PersistentVolume metadata: name: harbor-jobservice spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce # 只允许一个容器可以使用 persistentVolumeReclaimPolicy: Retain # 手动回收 storageClassName: harbor-jobservice nfs: path: /data/shareNFS/harbor/harbor-jobservice server: 10.52.16.31 --- apiVersion: v1 kind: PersistentVolume metadata: name: harbor-registry spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce # 只允许一个容器可以使用 persistentVolumeReclaimPolicy: Retain # 手动回收 storageClassName: harbor-registry nfs: path: /data/shareNFS/harbor/harbor-registry server: 10.52.16.31 --- apiVersion: v1 kind: PersistentVolume metadata: name: harbor-database spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce # 只允许一个容器可以使用 persistentVolumeReclaimPolicy: Retain # 手动回收 storageClassName: harbor-database nfs: path: /data/shareNFS/harbor/harbor-database server: 10.52.16.31 --- apiVersion: v1 kind: PersistentVolume metadata: name: harbor-redis spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce # 只允许一个容器可以使用 persistentVolumeReclaimPolicy: Retain # 手动回收 storageClassName: harbor-redis nfs: path: /data/shareNFS/harbor/harbor-redis server: 10.52.16.31 --- apiVersion: v1 kind: PersistentVolume metadata: name: harbor-trivy spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce # 只允许一个容器可以使用 persistentVolumeReclaimPolicy: Retain # 手动回收 storageClassName: harbor-trivy nfs: path: /data/shareNFS/harbor/harbor-trivy server: 10.52.16.31 EOF kubectl apply -f harbor-pv-pvc.yaml
mkdir /data/shareNFS/harbor cd /data/shareNFS/harbor mkdir harbor-chartmuseum harbor-database harbor-jobservice harbor-redis harbor-registry harbor-trivy chown 999.999 harbor-database/ -R chown 999.999 harbor-redis/ -R chown 10000.10000 harbor-trivy -R chown 10000.10000 harbor-chartmuseum -R chown 10000.10000 harbor-jobservice -R chown 10000.10000 harbor-registry -R6、修改 Harbor Values文件
vim values.yaml expose.type="nodePort" // 用NodePort访问、如果想用域名就改成Ingress expose.tls.enabled="false" // 关闭证书 externalURL="http://10.52.16.21:30002" // 写Node地址,如果是Ingress类型那这里就得写域名 persistence.persistentVolumeClaim.registry.storageClass="harbor-registry" persistence.persistentVolumeClaim.chartmuseum.storageClass="harbor-chartmuseum" persistence.persistentVolumeClaim.jobservice.storageClass="harbor-jobservice" persistence.persistentVolumeClaim.database.storageClass="harbor-database" persistence.persistentVolumeClaim.redis.storageClass="harbor-redis" persistence.persistentVolumeClaim.trivy.storageClass="harbor-trivy"7、部署 Harbor
helm install -n harbor --create-namespace harbor . // 启动完你会看到有一些容器没起来、或者说有报错,不过都没有关系全都可以忽略掉,这是因为我们关闭了ssl访问他全都是一些提示找不到相关的证书。8、访问 Harbor
http://10.52.16.21:30002
Harbor 默认用户密码是admin Harbor12345 如果想修改默认密码 vim values.yaml harborAdminPassword=""10、验证 10.1、首先在Harbor上创建一个test项目 10.2、修改daemon.json
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://c2rmvhy3.mirror.aliyuncs.com"], // 镜像加速器,下载dockerhub镜像更快
"insecure-registries": ["10.52.16.21:30002"] // 信任Docker仓库
}
systemctl daemon-reload
systemctl restart docker
10.3、登录Harbor、并push镜像验证
docker pull alpine:3.10 docker login 10.52.16.21:30002 --username admin --password Harbor12345 docker tag alpine:3.10 10.52.16.21:30002/test/alpine:3.10 docker push 10.52.16.21:30002/test/alpine:3.10 The push refers to repository [10.52.16.21:30002/test/alpine] 9fb3aa2f8b80: Layer already exists 3.10: digest: sha256:e515aad2ed234a5072c4d2ef86a1cb77d5bfe4b11aa865d9214875734c4eeb3c size: 52810.4、登录Harbor页面验证是否成功 到此为止实验结束
