helm部署harbor

1.helm部署harbor

1.1.helm安装

$ wget https://get.helm.sh/helm-v3.14.4-linux-amd64.tar.gz
$ mv linux-amd64/helm /usr/local/bin/helm

1.2.下载包

$ helm repo add harbor https://helm.goharbor.io
$ helm search repo harbor -l | grep harbor/harbor | head -4
$ helm pull harbor/harbor --version 2.10.2

$ helm show values harbor/harbor --version 2.10.2 > values2.yaml

1.3.修改配置文件

• 在配置文件里面指定harborAdminPassword参数是无效的，因为算法的原因导致的，因此要在部署的时候指定参数才行。

nodeport

# externalURL和harborAdminPassword必须配置，并且不能使用引号
expose:
  type: nodePort
  tls:
    enabled: false
ipFamily:
  ipv4:
    enabled: true
  ipv6:
    enabled: false
externalURL: http://registry.leepongmin.com
persistence:
  enabled: true 
  resourcePolicy: "keep"
  persistentVolumeClaim:
    registry:
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 5Gi
    chartmuseum:
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 5Gi
    jobservice:
      jobLog:
        storageClass: "nfs-csi"
        accessMode: ReadWriteOnce
        size: 1Gi
    database:
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 2Gi
    redis:
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 2Gi
    trivy:
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 5Gi
harborAdminPassword: Harbor12345

ingress

expose:
  type: ingress
  tls:
    enabled: true  
    certSource: auto
  ingress:
    hosts:
      core: registry.leepongmin.com
      notary: notary.leepongmin.com
    controller: default
    annotations: 
      kubernetes.io/ingress.class: "nginx"
ipFamily:
  ipv4:
    enabled: true
  ipv6:
    enabled: false
externalURL: https://registry.leepongmin.com

# 持久化存储配置部分
persistence:
  enabled: true 
  resourcePolicy: "keep"
  persistentVolumeClaim:        # 定义Harbor各个组件的PVC持久卷
    registry:          # registry组件（持久卷）
      storageClass: "nfs-csi"           # 前面创建的StorageClass，其它组件同样配置
      accessMode: ReadWriteMany          # 卷的访问模式，需要修改为ReadWriteMany
      size: 5Gi
    chartmuseum:     # chartmuseum组件（持久卷）
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 5Gi
    jobservice:
      jobLog:
        storageClass: "nfs-csi"
        accessMode: ReadWriteOnce
        size: 1Gi
      #scanDataExports:
      #  storageClass: "nfs-csi"
      #  accessMode: ReadWriteOnce
      #  size: 1Gi
    database:        # PostgreSQl数据库组件
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 2Gi
    redis:    # Redis缓存组件
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 2Gi
    trivy:         # Trity漏洞扫描
      storageClass: "nfs-csi"
      accessMode: ReadWriteMany
      size: 5Gi
harborAdminPassword: "leepongmin.com"

1.4.部署

$ kubectl create namespace harbor
$ helm install harbor --set harborAdminPassword=leepongmin -f values.yaml harbor/harbor -n harbor

# 常用的参数
$ kubectl create namespace devops
$ helm install harbor harbor/harbor \
 --set expose.type=loadBalancer \
 --set expose.tls.enabled=true \
 --set expose.tls.auto.commonName=harbor.hzde.com \
 --set externalURL=https://harbor.hzde.com \
 --set harborAdminPassword=Harbor12345 \
  --set imagePullPolicy=IfNotPresent \
 --set chartmuseum.enabled=false \
 -n devops

1.5.卸载

$ helm -n harbor ls
$ helm uninstall harbor -n harbor

1.6.查看harbor密码

$ kubectl exec -it -n harbor harbor-core-6d645795d7-lhr8w -- /bin/bash 

harbor [ /harbor ]$ printenv | grep PASSWORD
HARBOR_ADMIN_PASSWORD=Harbor12345
POSTGRESQL_PASSWORD=changeit
REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password

更多精彩内容请关注个人公众号，谢谢！