一、创建CCE集群
登录华为云进入CCE控制台,创建CCE集群
集群配置自定义,由于要拉取第三方镜像要有弹性ip
使用ingress对外暴露访问,安装nginx-ingress插件
等待安装成功
创建PV、PVC,记住PVC的名称后面会用到
创建完成后,点击模板市场上传harbor模板
上传完成后点击安装,修改配置文件
设置持久卷
persistentVolumeClaim:
chartmuseum:
accessMode: ReadWriteOnce
existingClaim: 'cce-evs-harbor' ##PVC的名称
size: 5Gi
storageClass: ''
subPath: 'chartmuseum' ## 子文件目录
database:
accessMode: ReadWriteOnce
existingClaim: 'cce-evs-harbor'
size: 1Gi
storageClass: ''
subPath: 'database'
jobservice:
accessMode: ReadWriteOnce
existingClaim: 'cce-evs-harbor'
size: 1Gi
storageClass: ''
subPath: 'jobservice'
redis:
accessMode: ReadWriteOnce
existingClaim: 'cce-evs-harbor'
size: 1Gi
storageClass: ''
subPath: 'redis'
registry:
accessMode: ReadWriteOnce
existingClaim: 'cce-evs-harbor'
size: 5Gi
storageClass: ''
subPath: 'registry'
trivy:
accessMode: ReadWriteOnce
existingClaim: 'cce-evs-harbor'
size: 5Gi
storageClass: ''
subPath: 'trivy'
查看运行状态,此处可能拉取镜像较慢。
设置私网地址解析
创建内网解析,
在集群控制面板网络>ingress也可以看到该域名
添加解析记录集
使用node的弹性ip使用ssh工具连接
下载kubectl配置文件
用节点docker login 登录harbor仓库,用户admin 密码Harbor12345访问出现错误访问不了报X509的错误
[root@kcloud-79820 ~]# mkdir .kube
[root@kcloud-79820 ~]# vi .kube/config
[root@kcloud-79820 ~]# docker login https://core.harbor.domain.com
Username: admin
Password:
Error response from daemon: Get https://core.harbor.domain.com/v2/: x509: certificate is valid for ingress.local, not core.harbor.domain.com
解决方法
[root@kcloud-79820 ~]# mkdir -p /etc/docker/certs.d/core.harbor.domain
[root@kcloud-79820 ~]# kubectl get secrets
NAME TYPE DATA AGE
default-secret kubernetes.io/dockerconfigjson 1 125m
default-token-52frd kubernetes.io/service-account-token 3 126m
harbor-chartmuseum Opaque 1 89m
harbor-core Opaque 8 89m
harbor-database Opaque 1 89m
**harbor-ingress kubernetes.io/tls 3 89m**
harbor-jobservice Opaque 2 89m
harbor-notary-server Opaque 5 89m
harbor-registry Opaque 2 89m
harbor-registry-htpasswd Opaque 1 89m
harbor-trivy Opaque 2 89m
paas.elb cfe/secure-opaque 3 125m
[root@kcloud-79820 ~]# kubectl get secrets/harbor-ingress -o jsonpath="{.data.ca\.crt}" | base64 --decode > /etc/docker/certs.d/core.harbor.domain/ca.crt
登录成功
[root@kcloud-79820 ~]# docker login core.harbor.domain
Username: admin
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
本地登录harbor
C:\Windows\System32\drivers\etc\hosts
后面添加一条
使用本地浏览器https://core.harbor.domain/ 进行访问,登录成功