helm repo add harbor https://helm.goharbor.io
helm fetch harbor/harbor --untar
[root@master15 src]# kubectl get pvc -n harbor | grep harbor-pvc
harbor-pvc Bound pvc-62890607-396d-403a-9801-651475fdb018 30Gi RWX nfs-test 2d14h
expose:
type: ingress
tls:
enabled: false <<<<关闭ingress
certSource: secret
auto:
commonName: ""
secret:
secretName: ""
notarySecretName: ""
ingress:
hosts:
core: docker.ccmores.cn
notary: notary.ccmores.cn
controller: default
annotations:
ingress.kubernetes.io/ssl-redirect: "false" <<<<关闭
ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "false" <<<<关闭
nginx.ingress.kubernetes.io/proxy-body-size: "0"
externalURL: http://172.16.0.30:30002
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
existingClaim: "harbor-pvc" <-----pvc
storageClass: ""
subPath: "registry"
accessMode: ReadWriteOnce
size: 5Gi
chartmuseum:
existingClaim: "harbor-pvc" <-----pvc
storageClass: ""
subPath: "chartmuseum"
accessMode: ReadWriteOnce
size: 5Gi
jobservice:
existingClaim: "harbor-pvc" <-----pvc
storageClass: ""
subPath: "jobservice"
accessMode: ReadWriteOnce
size: 1Gi
database:
existingClaim: "harbor-pvc" <-----pvc
storageClass: ""
subPath: "database"
accessMode: ReadWriteOnce
size: 1Gi
redis:
existingClaim: "harbor-pvc" <-----pvc
storageClass: ""
subPath: "redis"
accessMode: ReadWriteOnce
size: 1Gi
trivy:
existingClaim: "harbor-pvc" <-----pvc
storageClass: ""
subPath: "trivy"
accessMode: ReadWriteOnce
size: 5Gi
expose:
type: ingress
tls:
enabled: false
certSource: secret
auto:
commonName: "docker.ccmore.cn"
secret:
secretName: "docker-tls"
notarySecretName: "docker-tls"
ingress:
hosts:
core: docker.ccmore.cn
notary: notary.ccmore.cn
controller: default
annotations:
ingress.kubernetes.io/ssl-redirect: "false"
ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
clusterIP:
name: harbor
ports:
httpPort: 80
httpsPort: 443
notaryPort: 4443
nodePort:
name: harbor
ports:
http:
port: 80
nodePort: 30002
https:
port: 443
nodePort: 30003
notary:
port: 4443
nodePort: 30004
loadBalancer:
name: harbor
IP: ""
ports:
httpPort: 80
httpsPort: 443
notaryPort: 4443
annotations: {}
sourceRanges: []
externalURL: http://172.16.0.30:30003
internalTLS:
enabled: false
certSource: "auto"
trustCa: ""
core:
secretName: ""
crt: ""
key: ""
jobservice:
secretName: ""
crt: ""
key: ""
registry:
secretName: ""
crt: ""
key: ""
portal:
secretName: ""
crt: ""
key: ""
chartmuseum:
secretName: ""
crt: ""
key: ""
trivy:
secretName: ""
crt: ""
key: ""
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
existingClaim: "harbor-pvc"
storageClass: ""
subPath: "registry"
accessMode: ReadWriteOnce
size: 5Gi
chartmuseum:
existingClaim: "harbor-pvc"
storageClass: ""
subPath: "chartmuseum"
accessMode: ReadWriteOnce
size: 5Gi
jobservice:
existingClaim: "harbor-pvc"
storageClass: ""
subPath: "jobservice"
accessMode: ReadWriteOnce
size: 1Gi
database:
existingClaim: "harbor-pvc"
storageClass: ""
subPath: "database"
accessMode: ReadWriteOnce
size: 1Gi
redis:
existingClaim: "harbor-pvc"
storageClass: ""
subPath: "redis"
accessMode: ReadWriteOnce
size: 1Gi
trivy:
existingClaim: "harbor-pvc"
storageClass: ""
subPath: "trivy"
accessMode: ReadWriteOnce
size: 5Gi
imageChartStorage:
disableredirect: false
type: filesystem
filesystem:
rootdirectory: /storage
azure:
accountname: accountname
accountkey: base64encodedaccountkey
container: containername
gcs:
bucket: bucketname
encodedkey: base64-encoded-json-key-file
s3:
region: us-west-1
bucket: bucketname
swift:
authurl: https://storage.myprovider.com/v3/auth
username: username
password: password
container: containername
oss:
accesskeyid: accesskeyid
accesskeysecret: accesskeysecret
region: regionname
bucket: bucketname
imagePullPolicy: IfNotPresent
imagePullSecrets:
updateStrategy:
type: RollingUpdate
logLevel: info
harborAdminPassword: "Harbor12345"
caSecretName: ""
secretKey: "not-a-secure-key"
proxy:
httpProxy:
httpsProxy:
noProxy: 127.0.0.1,localhost,.local,.internal
components:
- core
- jobservice
- trivy
nginx:
image:
repository: goharbor/nginx-photon
tag: v2.2.2
serviceAccountName: ""
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
portal:
image:
repository: goharbor/harbor-portal
tag: v2.2.2
serviceAccountName: ""
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
core:
image:
repository: goharbor/harbor-core
tag: v2.2.2
serviceAccountName: ""
replicas: 1
startupProbe:
enabled: true
initialDelaySeconds: 10
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: ""
secretName: ""
xsrfKey: ""
jobservice:
image:
repository: goharbor/harbor-jobservice
tag: v2.2.2
replicas: 1
serviceAccountName: ""
maxJobWorkers: 10
jobLoggers:
- file
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: ""
registry:
serviceAccountName: ""
registry:
image:
repository: goharbor/registry-photon
tag: v2.2.2
controller:
image:
repository: goharbor/harbor-registryctl
tag: v2.2.2
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: ""
relativeurls: false
credentials:
username: "harbor_registry_user"
password: "harbor_registry_password"
htpasswd: "harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m"
middleware:
enabled: false
type: cloudFront
cloudFront:
baseurl: example.cloudfront.net
keypairid: KEYPAIRID
duration: 3000s
ipfilteredby: none
privateKeySecret: "my-secret"
chartmuseum:
enabled: true
serviceAccountName: ""
absoluteUrl: false
image:
repository: goharbor/chartmuseum-photon
tag: v2.2.2
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
trivy:
enabled: true
image:
repository: goharbor/trivy-adapter-photon
tag: v2.2.2
serviceAccountName: ""
replicas: 1
debugMode: false
vulnType: "os,library"
severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
ignoreUnfixed: false
insecure: false
gitHubToken: ""
skipUpdate: false
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1
memory: 1Gi
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
notary:
enabled: true
server:
serviceAccountName: ""
image:
repository: goharbor/notary-server-photon
tag: v2.2.2
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
signer:
serviceAccountName: ""
image:
repository: goharbor/notary-signer-photon
tag: v2.2.2
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secretName: ""
database:
type: internal
internal:
serviceAccountName: ""
image:
repository: goharbor/harbor-db
tag: v2.2.2
password: "changeit"
nodeSelector: {}
tolerations: []
affinity: {}
external:
host: "192.168.0.1"
port: "5432"
username: "user"
password: "password"
coreDatabase: "registry"
notaryServerDatabase: "notary_server"
notarySignerDatabase: "notary_signer"
sslmode: "disable"
maxIdleConns: 50
maxOpenConns: 1000
podAnnotations: {}
redis:
type: internal
internal:
serviceAccountName: ""
image:
repository: goharbor/redis-photon
tag: v2.2.2
nodeSelector: {}
tolerations: []
affinity: {}
external:
addr: "192.168.0.2:6379"
sentinelMasterSet: ""
coreDatabaseIndex: "0"
jobserviceDatabaseIndex: "1"
registryDatabaseIndex: "2"
chartmuseumDatabaseIndex: "3"
trivyAdapterIndex: "5"
password: ""
podAnnotations: {}
exporter:
replicas: 1
podAnnotations: {}
serviceAccountName: ""
image:
repository: goharbor/harbor-exporter
tag: v2.2.2
nodeSelector: {}
tolerations: []
affinity: {}
cacheDuration: 30
cacheCleanInterval: 14400
metrics:
enabled: false
core:
path: /metrics
port: 8001
registry:
path: /metrics
port: 8001
exporter:
path: /metrics
port: 8001
部署
helm upgrade pass ./harbor -n harbor
#我的阿里云购买的正规证书,也可以自己生成
kubectl create secret tls docker-tls --key 5835910.key --cert 5835910.pem
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=foo.bar.com/O=foo.bar.com"
kubectl create secret tls tls-test-ingress --key tls.key --cert tls.crt
新建一个配置使用nodeport方式暴露端口
expose:
type: nodePort
tls:
enabled: true
certSource: secret
secret:
secretName: "docker-tls"
nodePort:
ports:
http:
port: 80
nodePort: 30002
https:
port: 443
nodePort: 30003
externalURL: https://docker.ccmore.cn:30003
#harborAdminPassword: "admin"
#externalURL: http://172.16.0.30:30002
persistence:
enabled: fals
再更新
helm upgrade pass ./harbor -f ./conf.yaml -n harbor
登录admin/Harbor12345
所有功能具备了