k8s和harbor的集成_基于kubernetes1.11安装Harbor私有镜像库(四)

简介

本节主要说明如何安装，配置及运行harbor私有库。

获取Harbor 1.6源

git clone -b release-1.6.0 https://github.com/goharbor/harbor.git

修改harbor.cfg

# cd harbor/make

# vim harbor.cfg

# 主要修改以下几项:

hostname = hub.example.com # 按实际情况修改

ui_url_protocol = https # http -> https

ssl_cert = /etc/k8s/ssl/ssl.crt # 改成ssl文件的实际目录路径

ssl_cert_key = /etc/k8s/ssl/ssl.key

secretkey_path = /opt

harbor_admin_password = xxxxx

给K8s添加gluster的endpoint和service

#cd make/kubernetes

#mkdir glusterfs

# 新建glusterfs/harbor-gluster.yaml, 填入如下内容：

apiVersion: v1

kind: Endpoints

metadata:

name: ep-glusterfs-harbor-r2

subsets:

- addresses:

- ip: 192.168.1.xx # 这里修改为实际的gluster-manager-ip

ports:

- port: 49152

protocol: TCP

---

apiVersion: v1

kind: Service

metadata:

name: ep-glusterfs-harbor-r2

spec:

ports:

- port: 49152

protocol: TCP

targetPort: 49152

sessionAffinity: None

type: ClusterIP

修改pv/registy.pv.yaml,pv/storage.pv.yaml配置

#cd make/kubernetes/pv

#vim registy.pv.yaml, 修改存储为glusterfs：

apiVersion: v1

kind: PersistentVolume

metadata:

name: registry-pv

labels:

type: registry

spec:

capacity:

storage: 100Gi

accessModes:

- ReadWriteMany

persistentVolumeReclaimPolicy: Retain

glusterfs:

endpoints: "ep-glusterfs-harbor-r2"

path: "harbordata"

readOnly: false

#vim storage.pv.yaml, 修改存储为glusterfs：

apiVersion: v1

kind: PersistentVolume

metadata:

name: storage-pv

labels:

type: storage

spec:

capacity:

storage: 20Gi

accessModes:

- ReadWriteMany

persistentVolumeReclaimPolicy: Retain

glusterfs:

endpoints: "ep-glusterfs-harbor-r2"

path: "harbordata"

readOnly: false

修改mysql的存储源

#cd make/kubernetes/mysql

#vim mysql.deploy.yaml, 使用共享存储storage-pvc

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

name: mysql

labels:

name: mysql

spec:

replicas: 1

template:

metadata:

labels:

name: mysql-apps

spec:

containers:

- name: mysql-app

image: vmware/harbor-db:v1.2.0

imagePullPolicy: IfNotPresent

ports:

- containerPort: 3306

env:

- name: MYSQL_ROOT_PASSWORD

valueFrom:

configMapKeyRef:

name: harbor-mysql-config

key: MYSQL_ROOT_PASSWORD

volumeMounts:

- name: mysql-storage

mountPath: /var/lib/mysql

subPath: "storage"

volumes:

- name: mysql-storage

persistentVolumeClaim:

claimName: storage-pvc

修改registry的存储源

#cd make/kubernetes/registry/

#vim registry.deploy.yaml, 使用共享存储registry-pvc

apiVersion: extensions/v1beta1

kind: Deployment

metadata:

name: registry

labels:

name: registry

spec:

replicas: 1

template:

metadata:

labels:

name: registry-apps

spec:

initContainers:

- name: init-registry-app

image: vmware/registry:2.6.2-photon

command: ['sh', '-c', "cp -f /etc/registry/tmpconfig/* /tmp/"]

volumeMounts:

- name: workdir

mountPath: /tmp

- name: config

mountPath: /etc/registry/tmpconfig

containers:

- name: registry-app

image: vmware/registry:2.6.2-photon

imagePullPolicy: IfNotPresent

ports:

- containerPort: 5000

- containerPort: 5001

volumeMounts:

- name: workdir

mountPath: /etc/registry

- name: storage

mountPath: /storage

subPath: "registry"

volumes:

- name: config

configMap:

name: harbor-registry-config

items:

- key: config

path: config.yml

- key: cert

path: root.crt

- name: workdir

emptyDir: {}

- name: storage

persistentVolumeClaim:

claimName: registry-pvc

注意这里的configMap的挂载由于readonly的原因，采取了emptyDir曲线救国的方式

生成configmap文件

python make/kubernetes/k8s-prepare

修改默认的ingress.yaml

# 修改后内容如下：

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

name: harbor

annotations:

nginx.ingress.kubernetes.io/proxy-body-size: 2048m

nginx.ingress.kubernetes.io/upstream-hash-by: "$remote_addr"

ingress.kubernetes.io/ssl-redirect: "false"

spec:

rules:

- host: hub.xxx.com

http:

paths:

- path: /

backend:

serviceName: ui

servicePort: 80

- path: /v2

backend:

serviceName: registry

servicePort: repo

- path: /service

backend:

serviceName: ui

servicePort: 80

根据官方文档按顺序启动服务

# create pv & pvc

kubectl apply -f make/kubernetes/glusterfs/harbor-gluster.yaml

kubectl apply -f make/kubernetes/pv/log.pv.yaml

kubectl apply -f make/kubernetes/pv/registry.pv.yaml

kubectl apply -f make/kubernetes/pv/storage.pv.yaml

kubectl apply -f make/kubernetes/pv/log.pvc.yaml

kubectl apply -f make/kubernetes/pv/registry.pvc.yaml

kubectl apply -f make/kubernetes/pv/storage.pvc.yaml

> # create config map

kubectl apply -f make/kubernetes/jobservice/jobservice.cm.yaml

kubectl apply -f make/kubernetes/mysql/mysql.cm.yaml

kubectl apply -f make/kubernetes/registry/registry.cm.yaml

kubectl apply -f make/kubernetes/ui/ui.cm.yaml

kubectl apply -f make/kubernetes/adminserver/adminserver.cm.yaml

# create service

kubectl apply -f make/kubernetes/jobservice/jobservice.svc.yaml

kubectl apply -f make/kubernetes/mysql/mysql.svc.yaml

kubectl apply -f make/kubernetes/registry/registry.svc.yaml

kubectl apply -f make/kubernetes/ui/ui.svc.yaml

kubectl apply -f make/kubernetes/adminserver/adminserver.svc.yaml

# create k8s deployment

kubectl apply -f make/kubernetes/registry/registry.deploy.yaml

kubectl apply -f make/kubernetes/mysql/mysql.deploy.yaml

kubectl apply -f make/kubernetes/jobservice/jobservice.deploy.yaml

kubectl apply -f make/kubernetes/ui/ui.deploy.yaml

kubectl apply -f make/kubernetes/adminserver/adminserver.deploy.yaml

# create k8s ingress

kubectl apply -f make/kubernetes/ingress.yaml

traefik ui 查看效果

ui登录harbor

另外，也可以用命令docker login hub.xxx.com,docker push xxx等方法来验证是否安装成功。