我们将 Helm 客户端安装在 k8s-master 节点上:
$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
$ chmod 700 get_helm.sh
$ ./get_helm.sh
安装完成后查看 Helm 的版本号:
$ helm version
安装命令补全:
$ echo 'source <(helm completion bash)' >> ~/.bashrc
$ source ~/.bashrc
添加阿里云镜像仓库
$ helm repo add aliyun https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts
$ helm repo update
查看仓库列表:
$ helm repo list
安装harbor
可以去helm官网查找harbor版本,本实例安装的是 v2.4.1
https://artifacthub.io/packages/search?ts_query_web=harbor&sort=relevance&page=1
添加 Harbor 仓库:
$ helm repo add harbor https://helm.goharbor.io
$ helm repo update
搜索 Harbor:
$ helm search repo harbor/harbor
NAME CHART VERSION APP VERSION DESCRIPTION
harbor/harbor 1.8.1 2.4.1 An open source...
先将 Harbor 下载到本地:
$ helm fetch harbor/harbor --version 1.8.1
由于镜像在国外不好下载所以可以先下载压缩包文件然后导入到本地镜像
$ wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz
$ mkdir /data
$ tar xf harbor-offline-installer-v2.4.1.tgz -C /data
加载镜像文件
cd /data/harbor
docker load -i harbor.v2.4.1.tar.gz
创建 pvc-harbor
# 先创建一个命名空间,后面harbor的都放到这个空间里面
kubectl create ns harbor
# 创建pv
$ cat pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
namespace: harbor
name: harbor-pv
spec:
capacity:
storage: 30Gi
#指定访问模式
accessModes:
#pv能以readwrite模式mount到单个节点
- ReadWriteOnce
#指定pv的回收策略,即pvc资源释放后的事件.recycle(不建议,使用动态供给代替)删除pvc的所有文件
persistentVolumeReclaimPolicy: Recycle
#指定pv的class为nfs,相当于为pv分类,pvc将指定class申请pv
storageClassName: mynfs
#指定pv为nfs服务器上对应的目录
nfs:
path: /data/harbor
server: 192.168.10.11
# 创建pvc
$ cat pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
namespace: harbor
name: harbor-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 30Gi
storageClassName: mynfs
# 至于nfs 怎么创建的 详情请看https://www.lnmt.vip/archives/centos%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AEnfs%E6%9C%8D%E5%8A%A1%E8%AF%A6%E7%BB%86%E6%AD%A5%E9%AA%A4
修改配置文件 values.yaml,具体查看GitHub上面的配置列表Configuration。
这里修改了以下几个配置:
expose:
type: nodePort
tls:
enabled: false
nodePort:
ports:
http:
nodePort: 30004
https:
nodePort: 30005
notary:
nodePort: 30006
externalURL: http://192.168.10.11:30004
persistence:
persistentVolumeClaim:
registry:
existingClaim: "harbor-pvc"
storageClass: "-"
subPath: "registry"
chartmuseum:
existingClaim: "harbor-pvc"
storageClass: "-"
subPath: "chartmuseum"
jobservice:
existingClaim: "harbor-pvc"
storageClass: "-"
subPath: "jobservice"
database:
existingClaim: "harbor-pvc"
storageClass: "-"
subPath: "database"
redis:
existingClaim: "harbor-pvc"
storageClass: "-"
subPath: "redis"
部署 Harbor:
# $ helm install harbor -f values.yaml . -n harbor
Then you should be able to visit the Harbor portal at http://192.168.10.11:30004.
For more details, please visit https://github.com/goharbor/harbor.
查看启动状态
$ kubectl get pods -n harbor -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
harbor-chartmuseum-54c897bb85-qfchh 1/1 Running 4 (36m ago) 2d21h 10.244.2.73 k8s-node-01 <none> <none>
harbor-core-85466b7c7b-rg8cm 1/1 Running 3 (39m ago) 5h45m 10.244.3.41 k8s-node-03 <none> <none>
harbor-database-0 1/1 Running 3 (39m ago) 2d21h 10.244.3.42 k8s-node-03 <none> <none>
harbor-jobservice-78cbb89f96-d99gf 1/1 Running 3 (37m ago) 5h45m 10.244.1.71 k8s-node-02 <none> <none>
harbor-nginx-776c5fdc5-p7jbf 1/1 Running 7 (39m ago) 5h45m 10.244.3.44 k8s-node-03 <none> <none>
harbor-notary-server-64ccc4448b-n8shs 1/1 Running 6 (36m ago) 5h45m 10.244.2.76 k8s-node-01 <none> <none>
harbor-notary-signer-6cf7df5dc7-d6mb6 1/1 Running 5 (38m ago) 5h45m 10.244.3.45 k8s-node-03 <none> <none>
harbor-portal-79b8c94db8-crkxv 1/1 Running 4 (36m ago) 2d21h 10.244.2.75 k8s-node-01 <none> <none>
harbor-redis-0 1/1 Running 4 (39m ago) 2d21h 10.244.3.43 k8s-node-03 <none> <none>
harbor-registry-6887f4b557-4t5gb 2/2 Running 4 (5h41m ago) 2d21h 10.244.1.70 k8s-node-02 <none> <none>
harbor-trivy-0 1/1 Running 4 (5h41m ago) 2d21h 10.244.1.69 k8s-node-02 <none> <none>
部署成功,等待 Harbor 启动完成,然后就可以通过http://192.168.10.11:30004 访问Harbor,默认用户名是admin,密码是Harbor12345。
由于 Docker 自从 1.3.x 之后,docker registry 交互默认使用的是HTTPS,而我们搭建的 Harbor 使用的是HTTP,所以为了避免 pull/push 镜像时得到错误:http: server gave HTTP response to HTTPS client,需要修改 docker 的配置文件 /etc/docker/daemon.json,加入以下配置:
{
"insecure-registries": ["192.168.10.11:30004"]
}
保存后重启 docker 服务:
$ sudo systemctl restart docker
上传第一个镜像
下载一个 busybox 镜像:
$ docker pull busybox:latest
修改 tag:
$ docker tag busybox:latest 192.168.10.11:30004/library/busybox:latest
library 是 Harbor 的默认项目地址,也可以登录 Harbor 自行新建一个项目。
使用 docker login 登录到 Harbor,并输入用户名和密码:
$ docker login 192.168.10.11:30004
登录成功后,上传镜像到 Harbor:
$ docker push 192.168.10.11:30004/library/busybox:latest
评论区