九、Kubernetes学习指南:保姆级实操手册09——harbor镜像仓库安装
一、NFS安装
参考第八章:持久化存储-NFS安装 [[8、持久化存储部署]]
二、Harbor
1、介绍 Harbor是一个开源注册中心,它通过策略和基于角色的访问控制来保护工件,确保图像经过扫描且没有漏洞,并将图像签名为受信任。Harbor是CNCF Graduated项目,可提供合规性、性能和互操作性,帮助您跨Kubernetes和Docker等云原生计算平台一致、安全地管理构件。
2、helm 安装 harbor
2.1、添加Helm仓库
2.2、搜所显示版本
2.3、拉取镜像
2.4、解压到当前目录
2.5、修改Values.yaml文件
修改 values.yaml,与harbor相关的所有配置项都在 values.yaml 中
- 修改 values.yaml
1.修改 hostname,自己定义的域名
2.修改 expose.type:nodePort, 关闭 tls
expose:
# Set how to expose the service. Set the type as "ingress", "clusterIP", "nodePort" or "loadBalancer"
# and fill the information in the corresponding section
type: nodePort
tls:
enabled: false
3.持久卷修改storageClass ,修改前面定义nfs-storage
VIM编辑模式下::s/storageClass: ""/
storageClass: "nfs-storage-1"/g
提示有5处修改项
persistentVolumeClaim:
registry:
existingClaim: ""
storageClass: "nfs-storage-1"
jobservice:
jobLog:
existingClaim: ""
storageClass: "nfs-storage-1"
database:
existingClaim: ""
storageClass: "nfs-storage-1"
redis:
existingClaim: ""
storageClass: "nfs-storage-1"
trivy:
existingClaim: ""
storageClass: "nfs-storage-1"
修改 className: "nginx"
4.修改指定harbor 的“adminPassword”
grep -n 'adminPassword' values.yaml
72:## @param adminPassword The initial password of Harbor admin. Change it from portal after launching Harbor
74:adminPassword: "Harbor12345"
5.如有必要修改拉取镜像(helm 拉取的镜像包,可以不用修改)
image:
repository: goharbor/harbor-core
tag: v2.9.0
pullPolicy: IfNotPresent
#修改成
image:
repository: registry.cn-hangzhou.aliyuncs.com/goharbor/harbor-core
tag: v2.9.0
pullPolicy: IfNotPresent
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
- 25.
- 26.
- 27.
- 28.
- 29.
- 30.
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37.
- 38.
- 39.
- 40.
- 41.
- 42.
- 43.
- 44.
- 45.
- 46.
- 47.
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58.
- 59.
- 60.
- 61.
- 62.
- 63.
- 64.
2.6创建空间名harbor,并安装到集群
kubectl create ns harbor
[root@k8s-master01 harbor]# helm install harbor harbor/harbor -f values.yaml -n harbor
NAME: harbor
LAST DEPLOYED: Wed Jun 5 16:20:04 2024
NAMESPACE: harbor
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at https://harbor.fq.com
For more details, please visit https://github.com/goharbor/harbor
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
3、harbor使用
3.1、添加记录到/etc/hosts文件
3.2、访问Harbor的https UI
3.3、客户端主机登录到harbor
- Copy the certificate and paste it at the end of /etc/ssl/certs/ca-certificates.crt
kubectl get secret harbor-ingress -n harbor -o json | jq -r '.data."ca.crt"' | base64 -d > harbor-ca.crt
mkdir -p /etc/docker/certs.d/harbor.fq.com
cp harbor-ca.crt /etc/docker/certs.d/harbor.fq.com/ca.crt
systemctl restart docker
docker login harbor.fq.com
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
3.4、使用docker从harbor上传,下载镜像
#创建文件夹
mkdir -p /etc/docker/certs.d/harbor.fq.com
#拷贝证书
cp /etc/ssl/certs/harbor-ca.crt /etc/docker/certs.d/harbor.fq.com/
#修改/etc/hosts文件 ,追加A记录
echo "10.255.209.40 harbor.fq.com" >>/etc/hosts
#登录 harbor
docker login -u admin -p Harbor12345 [http://harbor.fq.com](http://harbor.fq.com)
#打标签
docker tag bitnami/nginx:1.26.0-debian-12-r1 [harbor.fq.com/public/nginx:1.26.0](http://harbor.fq.com/public/nginx:1.26.0)
#列出
docker image ls |grep harbor
#上传镜像
docker push [harbor.fq.com/public/nginx:1.26.0](http://harbor.fq.com/public/nginx:1.26.0)
#下载拉取镜像
docker pull harbor.fq.com/public/nginx:1.26.0
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
4、从UI登录提示harbor 密码错误问题解决
: 使用默认账号(admin)密码(Harbor123456)登录,提示账号密码错误:
1、查看pod名称
[root@k8s-master01 harbor]# kubectl get pod -n harbor |grep harbor-core
harbor-core-5c879d58cb-mhzb6 1/1 Running 2 (2d23h ago) 2d23h
2、登进pod,
[root@k8s-master01 core]# kubectl exec -it pod/harbor-core-5c879d58cb-mhzb6 -n harbor /bin/bash
3、查看环境,过滤出密码
I have no name!@harbor-core-5c879d58cb-mhzb6:/opt/bitnami/harbor-core$ printenv |grep -i "password"
HARBOR_ADMIN_PASSWORD=Py9uALDVuu
POSTGRESQL_PASSWORD=not-secure-database-password
REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password
# HARBOR_ADMIN_PASSWORD=Py9uALDVuu 为admin的登录密码
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.