侧边栏壁纸
博主头像
往事随风博主等级

当你感到悲哀痛苦时,最好是去学些什么东西。学习会使你永远立于不败之地!

  • 累计撰写 14 篇文章
  • 累计创建 6 个标签
  • 累计收到 1 条评论
标签搜索

目 录CONTENT

文章目录

Helm安装harbor到k8s

往事随风
2022-11-07 / 0 评论 / 0 点赞 / 56 阅读 / 1,233 字 / 正在检测是否收录...

我们将 Helm 客户端安装在 k8s-master 节点上:

$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
$ chmod 700 get_helm.sh
$ ./get_helm.sh

安装完成后查看 Helm 的版本号:

$ helm version

安装命令补全:

$ echo 'source <(helm completion bash)' >> ~/.bashrc
$ source ~/.bashrc

添加阿里云镜像仓库

$ helm repo add aliyun  https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
$ helm repo update

查看仓库列表:

$ helm repo list

安装harbor

可以去helm官网查找harbor版本,本实例安装的是 v2.4.1

https://artifacthub.io/packages/search?ts_query_web=harbor&sort=relevance&page=1

添加 Harbor 仓库:

$ helm repo add harbor https://helm.goharbor.io
$ helm repo update

搜索 Harbor:

$ helm search repo harbor/harbor

NAME            CHART VERSION   APP VERSION     DESCRIPTION
harbor/harbor   1.8.1           2.4.1          An open source...

先将 Harbor 下载到本地:

$ helm fetch harbor/harbor --version 1.8.1

由于镜像在国外不好下载所以可以先下载压缩包文件然后导入到本地镜像

$ wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz
$ mkdir /data
$ tar xf harbor-offline-installer-v2.4.1.tgz -C /data

加载镜像文件

cd /data/harbor
docker load -i harbor.v2.4.1.tar.gz

创建 pvc-harbor

# 先创建一个命名空间,后面harbor的都放到这个空间里面 
kubectl create ns harbor
# 创建pv
$ cat pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  namespace: harbor
  name: harbor-pv
spec:

  capacity:
    storage: 30Gi
  #指定访问模式
  accessModes:
    #pv能以readwrite模式mount到单个节点
    - ReadWriteOnce
  #指定pv的回收策略,即pvc资源释放后的事件.recycle(不建议,使用动态供给代替)删除pvc的所有文件
  persistentVolumeReclaimPolicy: Recycle
  #指定pv的class为nfs,相当于为pv分类,pvc将指定class申请pv
  storageClassName: mynfs
  #指定pv为nfs服务器上对应的目录
  nfs:
    path: /data/harbor
    server: 192.168.10.11

# 创建pvc
$ cat pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  namespace: harbor
  name: harbor-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 30Gi
  storageClassName: mynfs

# 至于nfs 怎么创建的 详情请看https://www.lnmt.vip/archives/centos%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AEnfs%E6%9C%8D%E5%8A%A1%E8%AF%A6%E7%BB%86%E6%AD%A5%E9%AA%A4

修改配置文件 values.yaml,具体查看GitHub上面的配置列表Configuration。

这里修改了以下几个配置:

expose:
  type: nodePort
  tls:
    enabled: false
  nodePort:
    ports:
      http:
        nodePort: 30004
      https:
        nodePort: 30005
      notary:
        nodePort: 30006
externalURL: http://192.168.10.11:30004
persistence:
  persistentVolumeClaim:
    registry:
      existingClaim: "harbor-pvc"
      storageClass: "-"
      subPath: "registry"
    chartmuseum:
      existingClaim: "harbor-pvc"
      storageClass: "-"
      subPath: "chartmuseum"
    jobservice:
      existingClaim: "harbor-pvc"
      storageClass: "-"
      subPath: "jobservice"
    database:
      existingClaim: "harbor-pvc"
      storageClass: "-"
      subPath: "database"
    redis:
      existingClaim: "harbor-pvc"
      storageClass: "-"
      subPath: "redis"

部署 Harbor:

# $ helm install harbor -f values.yaml . -n harbor

Then you should be able to visit the Harbor portal at http://192.168.10.11:30004.
For more details, please visit https://github.com/goharbor/harbor.

查看启动状态

$ kubectl get pods -n harbor  -o wide
NAME                                    READY   STATUS    RESTARTS        AGE     IP            NODE          NOMINATED NODE   READINESS GATES
harbor-chartmuseum-54c897bb85-qfchh     1/1     Running   4 (36m ago)     2d21h   10.244.2.73   k8s-node-01   <none>           <none>
harbor-core-85466b7c7b-rg8cm            1/1     Running   3 (39m ago)     5h45m   10.244.3.41   k8s-node-03   <none>           <none>
harbor-database-0                       1/1     Running   3 (39m ago)     2d21h   10.244.3.42   k8s-node-03   <none>           <none>
harbor-jobservice-78cbb89f96-d99gf      1/1     Running   3 (37m ago)     5h45m   10.244.1.71   k8s-node-02   <none>           <none>
harbor-nginx-776c5fdc5-p7jbf            1/1     Running   7 (39m ago)     5h45m   10.244.3.44   k8s-node-03   <none>           <none>
harbor-notary-server-64ccc4448b-n8shs   1/1     Running   6 (36m ago)     5h45m   10.244.2.76   k8s-node-01   <none>           <none>
harbor-notary-signer-6cf7df5dc7-d6mb6   1/1     Running   5 (38m ago)     5h45m   10.244.3.45   k8s-node-03   <none>           <none>
harbor-portal-79b8c94db8-crkxv          1/1     Running   4 (36m ago)     2d21h   10.244.2.75   k8s-node-01   <none>           <none>
harbor-redis-0                          1/1     Running   4 (39m ago)     2d21h   10.244.3.43   k8s-node-03   <none>           <none>
harbor-registry-6887f4b557-4t5gb        2/2     Running   4 (5h41m ago)   2d21h   10.244.1.70   k8s-node-02   <none>           <none>
harbor-trivy-0                          1/1     Running   4 (5h41m ago)   2d21h   10.244.1.69   k8s-node-02   <none>           <none>

部署成功,等待 Harbor 启动完成,然后就可以通过http://192.168.10.11:30004 访问Harbor,默认用户名是admin,密码是Harbor12345。

由于 Docker 自从 1.3.x 之后,docker registry 交互默认使用的是HTTPS,而我们搭建的 Harbor 使用的是HTTP,所以为了避免 pull/push 镜像时得到错误:http: server gave HTTP response to HTTPS client,需要修改 docker 的配置文件 /etc/docker/daemon.json,加入以下配置:

{
    "insecure-registries": ["192.168.10.11:30004"]
}

保存后重启 docker 服务:

$ sudo systemctl restart docker

上传第一个镜像
下载一个 busybox 镜像:

$ docker pull busybox:latest

修改 tag:

$ docker tag busybox:latest 192.168.10.11:30004/library/busybox:latest

library 是 Harbor 的默认项目地址,也可以登录 Harbor 自行新建一个项目。

使用 docker login 登录到 Harbor,并输入用户名和密码:

$ docker login 192.168.10.11:30004

登录成功后,上传镜像到 Harbor:

$ docker push 192.168.10.11:30004/library/busybox:latest
0

评论区