• Harbor


    nodeport模式

    k8s部署harbor,官方推荐使用helm安装

    安装helm

    见k8s学习记录

    部署harbor

    [root@k8s1 helm]# helm search harbor
    NAME             CHART VERSION    APP VERSION    DESCRIPTION                                                 
    harbor/harbor    1.2.1            1.9.1          An open source trusted cloud native registry that stores,...
    #helm install harbor/harbor,即可安装,但需要修改一些配置。install时将文件下载在,压缩包形式
        #[root@k8s1 archive]# pwd
        #/root/.helm/cache/archive
        #[root@k8s1 archive]# ls
        #harbor-1.2.1.tgz  mysql-1.4.0.tgz
    先删除刚刚创建的
    helm list
    helm delete releaseName
    -----------------------------------------------------------------------------------------------------------------------
    values.yaml文件

    解压,修改配置文件,values.yaml,values.yaml文件解析

     本实验采用       type: nodePort

    commonName: "core.harbor.domain"      #要填写你访问域名,要不docker  login的时候会报错:你的证书跟网站不匹配

    externalURL: https://core.harbor.domain:30003 #很重要,默认是externalURL: https://core.harbor.domain,因为默认是ingress,docker login的时候访问的是core.harbor.domain,而nodeport访问的是core.harbor.domain:30003

        

          需要证书

        

          获取证书

        

          部署证书位置

          

          如果是externalURL: https://core.harbor.domain 就会报这个这个错误

                    如果是在集群内部,将域名指向127.0.0.1,就不需要配置证书,也能docker login成功

    修改persistentVolumeClaim的  storageClass: "nfs"

    其他默认

    -----------------------------------------------------------------------------------------------------------------------

    database-ss.yaml文件

    helm install时,通过kubectl logs pioneering-billygoat-harbor-database-0 得知,PostgreSQL不能是root用户启动,k8s部署会以root用户启动,

    通过docker 直接启动可知,PostgreSQL启动的用户的uid是999,修改配置文件,修改启动用户

    database-ss.yaml

     

     -----------------------------------------------------------------------------------------------------

     nfs服务器

    创建目录,修改权限 777,

    [root@test01 core.harbor.domain:30003]# vim /etc/exports
    
    /registry         *(rw,sync,no_root_squash,no_all_squash)
    /chartmuseum      *(rw,sync,no_root_squash,no_all_squash)
    /jobservice       *(rw,sync,no_root_squash,no_all_squash)
    /database         *(rw,sync,no_root_squash,no_all_squash)
    /redis            *(rw,sync,no_root_squash,no_all_squash)
    k8s集群node节点都要安装nfs-utils
    systemctl start nfs

     pv

    cat   pv.yaml

    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: mypv1
    spec:
      capacity:
        storage: 5Gi
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      storageClassName: nfs
      nfs:
        path: /registry
        server: 192.168.0.154
    ---
    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: mypv2
    spec:
      capacity:
        storage: 5Gi
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      storageClassName: nfs
      nfs:
        path: /chartmuseum
        server: 192.168.0.154
    ---
    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: mypv3
    spec:
      capacity:
        storage: 1Gi
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      storageClassName: nfs
      nfs:
        path: /jobservice
        server: 192.168.0.154
    ---
    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: mypv4
    spec:
      capacity:
        storage: 1Gi
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      storageClassName: nfs
      nfs:
        path: /database
        server: 192.168.0.154
    ---
    apiVersion: v1
    kind: PersistentVolume
    metadata:
      name: mypv5
    spec:
      capacity:
        storage: 1Gi
      accessModes:
        - ReadWriteMany
      persistentVolumeReclaimPolicy: Retain
      storageClassName: nfs
      nfs:
        path: /redis
        server: 192.168.0.154
    kubectl  create -f pv.yml

     安装harbor

    helm install .helm/cache/archive/harbor

    有可能会出现registry的pod错误日志database “registry” does not exist,需要进入database pod 手动创建数据库

    # 1. 进入数据库 Pod
    $ kubectl exec -it harbor-harbor-database-0 -n kube-ops /bin/bash
    # 2. 连接数据库
    root [ / ]# psql --username postgres
    psql (9.6.10)
    Type "help" for help.
    # 3. 创建 registry 数据库
    postgres=# CREATE DATABASE registry ENCODING 'UTF8';
    CREATE DATABASE
    postgres=# c registry;
    You are now connected to database "registry" as user "postgres".
    registry=# CREATE TABLE schema_migrations(version bigint not null primary key, dirty boolean not null);
    CREATE TABLE
    registry-# quit

     网页访问,https://core.harbor.domain:30003, 账号密码在values.yaml里设置

    docker login -u admin -p Harbor12345 core.harbor.domain:30003

     harbor使用解析

     

     

     

     在tag保留规则里,保留一个最新的pus镜像,实际会保留这3个,因为他们的hash是一样的,所以系统就会认为是一个

    在页面上删除镜像时,镜像会进入垃圾桶,需要点击垃圾清理,也会释放存储空间

    ingress模式

    安装ingress控制器(本文采用nginx-ingress)

    使用helm安装

    要修改values文件,将controller的hostNetwork改为host模式(这样集群外才能访问),hostNetwork: true,实际配置中要制定ingress controller的pod在指定的node上。或使用daemonset部署

    helm install stable/nginx-ingress --values=/root/.helm/cache/archive/nginx-ingress/values.yaml -n nginx-ingress

    nginx-ingress实际上会安装两个pod一个是控制器一个是 提供404页面,将错误的请求都发给404页面

    安装harbor

    修改values文件 

    commonName: "core.harbor.domain"

    externalURL: https://core.harbor.domain

    storageClass: "nfs"

    然后安装nodeport方法部署即可

    验证访问

    将core.harbor.domain 指向ingress控制器的node ip,这个弄得才会监听80端口,

    浏览器防伪core.harbor.domain即可,

    docker登录,从网页上下载ca证书,部署到真机上即可

     
  • 相关阅读:
    防止表单重复提交
    tp5中的配置机制
    PHP remove,empty和detach区别
    jquery data方法
    webstrom使用记录
    input checkbox问题和li里面包含checkbox
    【转】HTML中A标签与click事件的前世今生
    jquery toggle方法
    webstore+nodejs
    web storm使用和配置
  • 原文地址:https://www.cnblogs.com/fanever/p/11724949.html
Copyright © 2020-2023  润新知