nodeport模式
k8s部署harbor,官方推荐使用helm安装
安装helm
见k8s学习记录
部署harbor
[root@k8s1 helm]# helm search harbor NAME CHART VERSION APP VERSION DESCRIPTION harbor/harbor 1.2.1 1.9.1 An open source trusted cloud native registry that stores,... #helm install harbor/harbor,即可安装,但需要修改一些配置。install时将文件下载在,压缩包形式 #[root@k8s1 archive]# pwd #/root/.helm/cache/archive #[root@k8s1 archive]# ls #harbor-1.2.1.tgz mysql-1.4.0.tgz
先删除刚刚创建的
helm list
helm delete releaseName
-----------------------------------------------------------------------------------------------------------------------
values.yaml文件
解压,修改配置文件,values.yaml,values.yaml文件解析
本实验采用 type: nodePort
commonName: "core.harbor.domain" #要填写你访问域名,要不docker login的时候会报错:你的证书跟网站不匹配
externalURL: https://core.harbor.domain:30003 #很重要,默认是externalURL: https://core.harbor.domain,因为默认是ingress,docker login的时候访问的是core.harbor.domain,而nodeport访问的是core.harbor.domain:30003
需要证书
获取证书
部署证书位置
如果是externalURL: https://core.harbor.domain 就会报这个这个错误
如果是在集群内部,将域名指向127.0.0.1,就不需要配置证书,也能docker login成功
修改persistentVolumeClaim的 storageClass: "nfs"
其他默认
-----------------------------------------------------------------------------------------------------------------------
database-ss.yaml文件
helm install时,通过kubectl logs pioneering-billygoat-harbor-database-0 得知,PostgreSQL不能是root用户启动,k8s部署会以root用户启动,
通过docker 直接启动可知,PostgreSQL启动的用户的uid是999,修改配置文件,修改启动用户
database-ss.yaml
-----------------------------------------------------------------------------------------------------
nfs服务器
创建目录,修改权限 777,
[root@test01 core.harbor.domain:30003]# vim /etc/exports /registry *(rw,sync,no_root_squash,no_all_squash) /chartmuseum *(rw,sync,no_root_squash,no_all_squash) /jobservice *(rw,sync,no_root_squash,no_all_squash) /database *(rw,sync,no_root_squash,no_all_squash) /redis *(rw,sync,no_root_squash,no_all_squash)
k8s集群node节点都要安装nfs-utils
systemctl start nfs
pv
cat pv.yaml
apiVersion: v1 kind: PersistentVolume metadata: name: mypv1 spec: capacity: storage: 5Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs: path: /registry server: 192.168.0.154 --- apiVersion: v1 kind: PersistentVolume metadata: name: mypv2 spec: capacity: storage: 5Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs: path: /chartmuseum server: 192.168.0.154 --- apiVersion: v1 kind: PersistentVolume metadata: name: mypv3 spec: capacity: storage: 1Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs: path: /jobservice server: 192.168.0.154 --- apiVersion: v1 kind: PersistentVolume metadata: name: mypv4 spec: capacity: storage: 1Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs: path: /database server: 192.168.0.154 --- apiVersion: v1 kind: PersistentVolume metadata: name: mypv5 spec: capacity: storage: 1Gi accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain storageClassName: nfs nfs: path: /redis server: 192.168.0.154
kubectl create -f pv.yml
安装harbor
helm install .helm/cache/archive/harbor
有可能会出现registry的pod错误日志database “registry” does not exist,需要进入database
pod 手动创建数据库
# 1. 进入数据库 Pod $ kubectl exec -it harbor-harbor-database-0 -n kube-ops /bin/bash # 2. 连接数据库 root [ / ]# psql --username postgres psql (9.6.10) Type "help" for help. # 3. 创建 registry 数据库 postgres=# CREATE DATABASE registry ENCODING 'UTF8'; CREATE DATABASE postgres=# c registry; You are now connected to database "registry" as user "postgres". registry=# CREATE TABLE schema_migrations(version bigint not null primary key, dirty boolean not null); CREATE TABLE registry-# quit
网页访问,https://core.harbor.domain:30003, 账号密码在values.yaml里设置
docker login -u admin -p Harbor12345 core.harbor.domain:30003
harbor使用解析
在tag保留规则里,保留一个最新的pus镜像,实际会保留这3个,因为他们的hash是一样的,所以系统就会认为是一个
在页面上删除镜像时,镜像会进入垃圾桶,需要点击垃圾清理,也会释放存储空间
ingress模式
安装ingress控制器(本文采用nginx-ingress)
使用helm安装
要修改values文件,将controller的hostNetwork改为host模式(这样集群外才能访问),hostNetwork: true,实际配置中要制定ingress controller的pod在指定的node上。或使用daemonset部署
helm install stable/nginx-ingress --values=/root/.helm/cache/archive/nginx-ingress/values.yaml -n nginx-ingress
nginx-ingress实际上会安装两个pod一个是控制器一个是 提供404页面,将错误的请求都发给404页面
安装harbor
修改values文件
commonName: "core.harbor.domain"
externalURL: https://core.harbor.domain
storageClass: "nfs"
然后安装nodeport方法部署即可
验证访问
将core.harbor.domain 指向ingress控制器的node ip,这个弄得才会监听80端口,
浏览器防伪core.harbor.domain即可,
docker登录,从网页上下载ca证书,部署到真机上即可