1.helm部署harbor
1.1.helm安装
$ wget https://get.helm.sh/helm-v3.14.4-linux-amd64.tar.gz
$ mv linux-amd64/helm /usr/local/bin/helm
1.2.下载包
$ helm repo add harbor https://helm.goharbor.io
$ helm search repo harbor -l | grep harbor/harbor | head -4
$ helm pull harbor/harbor --version 2.10.2
$ helm show values harbor/harbor --version 2.10.2 > values2.yaml
1.3.修改配置文件
- 在配置文件里面指定harborAdminPassword参数是无效的,因为算法的原因导致的,因此要在部署的时候指定参数才行。
nodeport
# externalURL和harborAdminPassword必须配置,并且不能使用引号
expose:
type: nodePort
tls:
enabled: false
ipFamily:
ipv4:
enabled: true
ipv6:
enabled: false
externalURL: http://registry.leepongmin.com
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
chartmuseum:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
jobservice:
jobLog:
storageClass: "nfs-csi"
accessMode: ReadWriteOnce
size: 1Gi
database:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
redis:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
trivy:
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
harborAdminPassword: Harbor12345
ingress
expose:
type: ingress
tls:
enabled: true
certSource: auto
ingress:
hosts:
core: registry.leepongmin.com
notary: notary.leepongmin.com
controller: default
annotations:
kubernetes.io/ingress.class: "nginx"
ipFamily:
ipv4:
enabled: true
ipv6:
enabled: false
externalURL: https://registry.leepongmin.com
# 持久化存储配置部分
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim: # 定义Harbor各个组件的PVC持久卷
registry: # registry组件(持久卷)
storageClass: "nfs-csi" # 前面创建的StorageClass,其它组件同样配置
accessMode: ReadWriteMany # 卷的访问模式,需要修改为ReadWriteMany
size: 5Gi
chartmuseum: # chartmuseum组件(持久卷)
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
jobservice:
jobLog:
storageClass: "nfs-csi"
accessMode: ReadWriteOnce
size: 1Gi
#scanDataExports:
# storageClass: "nfs-csi"
# accessMode: ReadWriteOnce
# size: 1Gi
database: # PostgreSQl数据库组件
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
redis: # Redis缓存组件
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 2Gi
trivy: # Trity漏洞扫描
storageClass: "nfs-csi"
accessMode: ReadWriteMany
size: 5Gi
harborAdminPassword: "leepongmin.com"
1.4.部署
$ kubectl create namespace harbor
$ helm install harbor --set harborAdminPassword=leepongmin -f values.yaml harbor/harbor -n harbor
# 常用的参数
$ kubectl create namespace devops
$ helm install harbor harbor/harbor \
--set expose.type=loadBalancer \
--set expose.tls.enabled=true \
--set expose.tls.auto.commonName=harbor.hzde.com \
--set externalURL=https://harbor.hzde.com \
--set harborAdminPassword=Harbor12345 \
--set imagePullPolicy=IfNotPresent \
--set chartmuseum.enabled=false \
-n devops
1.5.卸载
$ helm -n harbor ls
$ helm uninstall harbor -n harbor
1.6.查看harbor密码
$ kubectl exec -it -n harbor harbor-core-6d645795d7-lhr8w -- /bin/bash
harbor [ /harbor ]$ printenv | grep PASSWORD
HARBOR_ADMIN_PASSWORD=Harbor12345
POSTGRESQL_PASSWORD=changeit
REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password