helm3简单部署harbor(NodePort方式暴露)

已于 2024-05-21 20:38:42 修改
阅读量1.2k 收藏 1
点赞数
分类专栏: Kubernetes 存储 文章标签: kubernetes
于 2021-06-24 15:28:03 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_42562106/article/details/118188516
版权
  • 获取harbor安装包
helm repo add harbor https://helm.goharbor.io
helm fetch harbor/harbor --untar
  • 在部署之前要有一块存储
[root@master15 src]# kubectl get pvc -n harbor  | grep harbor-pvc
harbor-pvc               Bound     pvc-62890607-396d-403a-9801-651475fdb018   30Gi       RWX            nfs-test       2d14h
  • 编辑 vim harbor/values.yaml
expose: 
  type: ingress
  tls:
    enabled: false     <<<<关闭ingress
    certSource: secret
    auto:
      commonName: ""
    secret:
      secretName: ""
      notarySecretName: ""
  ingress:
    hosts:
      core: docker.ccmores.cn
      notary: notary.ccmores.cn
    controller: default
    annotations:
      ingress.kubernetes.io/ssl-redirect: "false" <<<<关闭
      ingress.kubernetes.io/proxy-body-size: "0" 
      nginx.ingress.kubernetes.io/ssl-redirect: "false" <<<<关闭
      nginx.ingress.kubernetes.io/proxy-body-size: "0"

externalURL: http://172.16.0.30:30002
persistence:
  enabled: true
  resourcePolicy: "keep"
  persistentVolumeClaim:
    registry:
      existingClaim: "harbor-pvc"  <-----pvc
      storageClass: ""
      subPath: "registry"
      accessMode: ReadWriteOnce
      size: 5Gi
    chartmuseum:
      existingClaim: "harbor-pvc" <-----pvc
      storageClass: ""
      subPath: "chartmuseum"
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      existingClaim: "harbor-pvc" <-----pvc
      storageClass: ""
      subPath: "jobservice"
      accessMode: ReadWriteOnce
      size: 1Gi
    database:
      existingClaim: "harbor-pvc" <-----pvc
      storageClass: ""
      subPath: "database"
      accessMode: ReadWriteOnce
      size: 1Gi
    redis:
      existingClaim: "harbor-pvc" <-----pvc
      storageClass: ""
      subPath: "redis"
      accessMode: ReadWriteOnce
      size: 1Gi
    trivy:
      existingClaim: "harbor-pvc" <-----pvc
      storageClass: ""
      subPath: "trivy"
      accessMode: ReadWriteOnce
      size: 5Gi
  • 以下完整实例
expose: 
  type: ingress
  tls:
    enabled: false
    certSource: secret
    auto:
      commonName: "docker.ccmore.cn"
    secret:
      secretName: "docker-tls"
      notarySecretName: "docker-tls"
  ingress:
    hosts:
      core: docker.ccmore.cn
      notary: notary.ccmore.cn
    controller: default
    annotations:
      ingress.kubernetes.io/ssl-redirect: "false"
      ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/ssl-redirect: "false"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
  clusterIP:
    name: harbor
    ports:
      httpPort: 80
      httpsPort: 443
      notaryPort: 4443
  nodePort:
    name: harbor
    ports:
      http:
        port: 80
        nodePort: 30002
      https:
        port: 443
        nodePort: 30003
      notary:
        port: 4443
        nodePort: 30004
  loadBalancer:
    name: harbor
    IP: ""
    ports:
      httpPort: 80
      httpsPort: 443
      notaryPort: 4443
    annotations: {}
    sourceRanges: []
externalURL: http://172.16.0.30:30003
internalTLS:
  enabled: false
  certSource: "auto"
  trustCa: ""
  core:
    secretName: ""
    crt: ""
    key: ""
  jobservice:
    secretName: ""
    crt: ""
    key: ""
  registry:
    secretName: ""
    crt: ""
    key: ""
  portal:
    secretName: ""
    crt: ""
    key: ""
  chartmuseum:
    secretName: ""
    crt: ""
    key: ""
  trivy:
    secretName: ""
    crt: ""
    key: ""
persistence:
  enabled: true
  resourcePolicy: "keep"
  persistentVolumeClaim:
    registry:
      existingClaim: "harbor-pvc"
      storageClass: ""
      subPath: "registry"
      accessMode: ReadWriteOnce
      size: 5Gi
    chartmuseum:
      existingClaim: "harbor-pvc"
      storageClass: ""
      subPath: "chartmuseum"
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      existingClaim: "harbor-pvc"
      storageClass: ""
      subPath: "jobservice"
      accessMode: ReadWriteOnce
      size: 1Gi
    database:
      existingClaim: "harbor-pvc"
      storageClass: ""
      subPath: "database"
      accessMode: ReadWriteOnce
      size: 1Gi
    redis:
      existingClaim: "harbor-pvc"
      storageClass: ""
      subPath: "redis"
      accessMode: ReadWriteOnce
      size: 1Gi
    trivy:
      existingClaim: "harbor-pvc"
      storageClass: ""
      subPath: "trivy"
      accessMode: ReadWriteOnce
      size: 5Gi
  imageChartStorage:
    disableredirect: false
    type: filesystem
    filesystem:
      rootdirectory: /storage
    azure:
      accountname: accountname
      accountkey: base64encodedaccountkey
      container: containername
    gcs:
      bucket: bucketname
      encodedkey: base64-encoded-json-key-file
    s3:
      region: us-west-1
      bucket: bucketname
    swift:
      authurl: https://storage.myprovider.com/v3/auth
      username: username
      password: password
      container: containername
    oss:
      accesskeyid: accesskeyid
      accesskeysecret: accesskeysecret
      region: regionname
      bucket: bucketname
imagePullPolicy: IfNotPresent
imagePullSecrets:
updateStrategy:
  type: RollingUpdate
logLevel: info
harborAdminPassword: "Harbor12345"
caSecretName: ""
secretKey: "not-a-secure-key"
proxy:
  httpProxy:
  httpsProxy:
  noProxy: 127.0.0.1,localhost,.local,.internal
  components:
    - core
    - jobservice
    - trivy
nginx:
  image:
    repository: goharbor/nginx-photon
    tag: v2.2.2
  serviceAccountName: ""
  replicas: 1
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podAnnotations: {}
portal:
  image:
    repository: goharbor/harbor-portal
    tag: v2.2.2
  serviceAccountName: ""
  replicas: 1
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podAnnotations: {}
core:
  image:
    repository: goharbor/harbor-core
    tag: v2.2.2
  serviceAccountName: ""
  replicas: 1
  startupProbe:
    enabled: true
    initialDelaySeconds: 10
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podAnnotations: {}
  secret: ""
  secretName: ""
  xsrfKey: ""
jobservice:
  image:
    repository: goharbor/harbor-jobservice
    tag: v2.2.2
  replicas: 1
  serviceAccountName: ""
  maxJobWorkers: 10
  jobLoggers:
    - file
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podAnnotations: {}
  secret: ""
registry:
  serviceAccountName: ""
  registry:
    image:
      repository: goharbor/registry-photon
      tag: v2.2.2
  controller:
    image:
      repository: goharbor/harbor-registryctl
      tag: v2.2.2
  replicas: 1
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podAnnotations: {}
  secret: ""
  relativeurls: false
  credentials:
    username: "harbor_registry_user"
    password: "harbor_registry_password"
    htpasswd: "harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m"
  middleware:
    enabled: false
    type: cloudFront
    cloudFront:
      baseurl: example.cloudfront.net
      keypairid: KEYPAIRID
      duration: 3000s
      ipfilteredby: none
      privateKeySecret: "my-secret"
chartmuseum:
  enabled: true
  serviceAccountName: ""
  absoluteUrl: false
  image:
    repository: goharbor/chartmuseum-photon
    tag: v2.2.2
  replicas: 1
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podAnnotations: {}
trivy:
  enabled: true
  image:
    repository: goharbor/trivy-adapter-photon
    tag: v2.2.2
  serviceAccountName: ""
  replicas: 1
  debugMode: false
  vulnType: "os,library"
  severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
  ignoreUnfixed: false
  insecure: false
  gitHubToken: ""
  skipUpdate: false
  resources:
    requests:
      cpu: 200m
      memory: 512Mi
    limits:
      cpu: 1
      memory: 1Gi
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podAnnotations: {}
notary:
  enabled: true
  server:
    serviceAccountName: ""
    image:
      repository: goharbor/notary-server-photon
      tag: v2.2.2
    replicas: 1
    nodeSelector: {}
    tolerations: []
    affinity: {}
    podAnnotations: {}
  signer:
    serviceAccountName: ""
    image:
      repository: goharbor/notary-signer-photon
      tag: v2.2.2
    replicas: 1
    nodeSelector: {}
    tolerations: []
    affinity: {}
    podAnnotations: {}
  secretName: ""
database:
  type: internal
  internal:
    serviceAccountName: ""
    image:
      repository: goharbor/harbor-db
      tag: v2.2.2
    password: "changeit"
    nodeSelector: {}
    tolerations: []
    affinity: {}
  external:
    host: "192.168.0.1"
    port: "5432"
    username: "user"
    password: "password"
    coreDatabase: "registry"
    notaryServerDatabase: "notary_server"
    notarySignerDatabase: "notary_signer"
    sslmode: "disable"
  maxIdleConns: 50
  maxOpenConns: 1000
  podAnnotations: {}
redis:
  type: internal
  internal:
    serviceAccountName: ""
    image:
      repository: goharbor/redis-photon
      tag: v2.2.2
    nodeSelector: {}
    tolerations: []
    affinity: {}
  external:
    addr: "192.168.0.2:6379"
    sentinelMasterSet: ""
    coreDatabaseIndex: "0"
    jobserviceDatabaseIndex: "1"
    registryDatabaseIndex: "2"
    chartmuseumDatabaseIndex: "3"
    trivyAdapterIndex: "5"
    password: ""
  podAnnotations: {}
exporter:
    replicas: 1
    podAnnotations: {}
    serviceAccountName: ""
    image:
      repository: goharbor/harbor-exporter
      tag: v2.2.2
    nodeSelector: {}
    tolerations: []
    affinity: {}
    cacheDuration: 30
    cacheCleanInterval: 14400
metrics:
  enabled: false
  core:
    path: /metrics
    port: 8001
  registry:
    path: /metrics
    port: 8001
  exporter:
    path: /metrics
    port: 8001

部署

helm upgrade pass  ./harbor -n harbor

在这里插入图片描述

  • 为了更好的使用harbor官网的建议是启用ssl

#我的阿里云购买的正规证书,也可以自己生成
kubectl create secret tls docker-tls --key 5835910.key --cert 5835910.pem

在这里插入图片描述

  • 生成命令如下
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com/O=foo.bar.com"
kubectl create secret tls tls-test-ingress --key tls.key --cert tls.crt

新建一个配置使用nodeport方式暴露端口

expose:
  type: nodePort
  tls:
    enabled: true
    certSource: secret
    secret:
      secretName: "docker-tls"   
  nodePort:
    ports:
      http:
        port: 80
        nodePort: 30002
      https:
        port: 443
        nodePort: 30003

externalURL: https://docker.ccmore.cn:30003
#harborAdminPassword: "admin"
#externalURL: http://172.16.0.30:30002
persistence:
  enabled: fals

再更新

helm upgrade pass  ./harbor -f ./conf.yaml -n harbor

登录admin/Harbor12345
在这里插入图片描述
所有功能具备了
在这里插入图片描述
在这里插入图片描述

野猪佩挤
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
helm部署harbor
变成习惯
10-05 4584
helm部署harbor。chart 最新版本:1.5.0 namespace: public-service-ns.yaml apiVersion: v1 kind: Namespace metadata: name: public-service kubectl apply -f public-service-ns.yaml nfs存储: yum install -y nfs-utils rpcbind mkdir -p /data/harbor/{chartmuseum,jobse
helm简单部署harbor(ingress方式暴露)
最新发布
weixin_42562106的博客
05-21 157
【代码】helm简单部署harbor(ingress方式暴露)
Helm部署Harbor
风向决定发型丶的博客
12-28 4466
文章中用到的harbor存储是hostpath,根据harbor官网提示,需要提前创建pv和pvc,既然选择了hostpath,那么就需要将pod固定到某一个node上面,本文所有的资源副本都是1,harbor的所有pod放在同一个namespace,并且需要将namespace固定到某个node上,具体步骤见正文。
Helm Harbor 部署
qq_43164571的博客
05-12 1270
1、导入 Harbor需要的源 helm repo add harbor https://helm.goharbor.io 2、下载 Harbor Helm目录 helm pull harbor/harbor --version 1.7.4 查找自己Kubernetes对应的Harbor版本 3、压缩 tgz包 tar zxf harbor-1.7.4.tgz 4、创建 Harbor所需要的存储类 cd harbor/ cat <<EOF > harbor-pv-pvc.yaml
使用helm部署harbor
被程圣母坑懵逼的归零者
04-09 1083
helm 部署harbor,使用nfs-csi动态制备存储卷
k8s上部署harbor暴露访问
03-14
使用cfssl工具配置证书并在kubernetes部署harbor暴露访问。
harbor_Harbor_helm部署穿参数_helm安装harbor_helm部署harbor_下载flannel的脚本_源
10-02
harbor的helm安装包,请修改参数后进行部署
openshift 4.3中安装helm3并通过helm方式部署应用
01-07
openshift 4.3中安装helm3并通过helm方式部署应用 简介 Helm是一个命令行界面(CLI)工具,可简化将应用程序和服务部署到OpenShift Container Platform集群的过程。 Helm使用一种称为chart的包格式。 Helm chart 是...
helm-wrapper:Helm Go SDK的Helm3 HTTP Server包装器,可帮助您使用HTTP RESTFul API管理Helm图表
05-09
helm-wrapper是带有的helm3 HTTP包装器。 使用helm-wrapper,您可以使用HTTP RESTFul API做类似helm commondline的操作(安装/卸载/升级/获取/列表/回滚...)。 支持API 如果某些API需要支持多个集群,则可以使用...
harbor-helm:部署海港的掌舵图
05-12
港口舵图注意: master分支正在大量​​开发中,请改用其他稳定...配置如何公开Harbor服务的方式入口:入口控制器必须安装在Kubernetes集群中。 注意:如果禁用了TLS,则在拉/推图像时必须在命令中包含端口。 有关详
helm3 快速部署 Harbor 镜像仓库
因上努力,果上随缘。但行好事,莫问前程。
07-01 2237
Harbor 是一个CNCF基金会托管的开源的可信的云原生docker registry项目,可以用于存储、签名、扫描镜像内容,Harbor 通过添加一些常用的功能如安全性、身份权限管理等来扩展 docker registry 项目,此外还支持在 registry 之间复制镜像,还提供更加高级的安全功能,如用户管理、访问控制和活动审计等,在新版本中还添加了Helm仓库托管的支持。Harbor最核心的功能就是给 docker registry 添加上一层权限保护的功能,要实现这个功能,就需要我们在使用 doc
helm3安装harbor【搭建NFS,用NFS创建storageclass,为Harbor动态创建PVC/PV,Harbor使用 ingress 暴露方式提供https访问】
zhiboqingyun的博客
02-24 1854
一、安装nfs-server k8s-master01信息【提供nfs存储的机器】 公网IP:47.96.252.251 私网IP:172.30.125.104 未来的样子 nfs: server: 172.30.125.104 path: /data/harbor 1.1 在提供 NFS 存储主机上执行,这里默认master节点 yum install -y nfs-utils echo "/data/harbor *(insecure,rw,sync,no_root_squash)" >
helm 搭建harbor
m0_60696725的博客
01-07 1397
一、helm语法 helm常用命令解析_u014389734的博客-CSDN博客_helm常用命令Helm 帮助您管理 Kubernetes 应用——Helm 图表,即使是最复杂的 Kubernetes 应用程序,都可以帮助您定义,安装和升级。helm管理命令查看版本#helm version增加repo#helm repo add stable https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts#helm repo add --username
helm3安装harbor【搭建NFS,用NFS创建PVC/PV供Harbor持久化,Harbor使用 nodePort 暴露方式提供访问】
zhiboqingyun的博客
02-21 2130
1 安装nfs-server # 在每个机器 yum install -y nfs-utils # 在master 执行以下命令 echo "/data/harbor/chartmuseum *(insecure,rw,sync,no_root_squash)" > /etc/exports echo "/data/harbor/jobservice *(insecure,rw,sync,no_root_squash)" > /etc/exports echo "/data/harbor/r
Kubernetes部署(十二):helm部署harbor企业级镜像仓库
weixin_34337265的博客
01-22 1906
相关内容: Kubernetes部署(一):架构及功能说明Kubernetes部署(二):系统环境初始化Kubernetes部署(三):CA证书制作Kubernetes部署(四):ETCD集群部署Kubernetes部署(五):Haproxy、Keppalived部署Kubernetes部署(六):Master节点部署Kubernetes部署(七):Node节点部署Kubernetes部署(八):...
在K8s上部署Redis 集群
热门推荐
朱溪江的博客
06-04 4万+
一、前言 架构原理:每个Master都可以拥有多个Slave。当Master下线后,Redis集群会从多个Slave中选举出一个新的Master作为替代,而旧Master重新上线后变成新Master的Slave。 二、准备操作 本次部署主要基于该项目: https://github.com/zuxqoj/kubernetes-redis-cluster 其包含了两种部署Redis集群的方式: S...
Kubernetes 基于 helm 安装 harbor
IT
08-12 5451
所以可以简单的增加 Pod 的副本,确保组件分布到多个 Worker 节点,并利用 K8S 的 Service 机制来保证 Pod 之间的连通性。部署harbor仓库,ingress-nginx使用nodeport方式暴露自身,需要在externalURL中配置其 NodePort 端口号。浏览器访问harbor,使用节点IP+nodePort方式访问,使用默认用户名密码。复制ca.crt到docker客户端所在机器。复制ca.crt到docker客户端所在机器。推送镜像到harbor仓库。...
helm harbor
08-06
使用Helm部署Harbor仓库的步骤如下: 1. 首先导入Harbor所需的源,使用命令:helm repo add harbor https://helm.goharbor.io [1。 2. 下载Harbor Helm目录,使用命令:helm pull harbor/harbor --version 1.7.4 [1。 3. 使用nodePort方式暴露服务,并部署Harbor仓库,无需部署ingress-nginx控制器。使用以下命令:export node_ip=192.168.72.50 helm upgrade --install harbor harbor/harbor --namespace harbor --create-namespace --set expose.type=nodePort --set expose.tls.auto.commonName=$node_ip --set externalURL='https://$node_ip:30003' [2。 4. 如果你想修改Harbor的默认用户密码,可以使用命令:vim values.yaml harborAdminPassword="" [3。 5. 最后,你可以验证部署是否成功,首先在Harbor上创建一个test项目来进行测试 [3。 希望这些信息能对你有所帮助!

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值