Harbor简介
Harbor是一个开源的企业级容器注册中心,用于存储和分发Docker镜像,它提供了一个简单易用的Web界面,方便用户管理和操作容器镜像,Kubernetes(简称K8s)是一个开源的容器编排系统,可以自动化地部署、扩展和管理容器化应用程序,Helm是Kubernetes的一个包管理工具,可以帮助用户更方便地安装和管理Kubernetes应用,本文将介绍如何在Kubernetes Helm中安装和使用Harbor。
安装Harbor
1、准备环境
在安装Harbor之前,需要确保已经安装了Kubernetes集群和Helm,还需要配置好kubectl命令行工具,以便与Kubernetes集群进行交互。
2、下载Harbor安装包
从Harbor的GitHub仓库下载最新版本的Harbor安装包:https://github.com/goharbor/harbor/releases
3、解压安装包
将下载的安装包解压到一个目录中,/opt/harbor
tar -zxvf harbor-offline-installer-vx.y.z.tgz -C /opt/harbor
4、修改配置文件
进入解压后的目录,编辑harbor.yml
文件,设置相关参数,主要需要修改以下几个参数:
hostname
:设置Harbor的域名或IP地址;
http
:设置Harbor的HTTP端口;
https
:设置Harbor的HTTPS端口;
data_volume
:设置Harbor的数据持久化存储路径;
expose
:设置Harbor的访问端口。
hostname: your_domain_or_ip http: port: 80 https: port: 443 expose: 80 443 data_volume: /path/to/your/data_volume
5、安装Harbor
运行以下命令开始安装Harbor:
./install.sh --with-notary --with-trivy --with-clair --with-regulatory --with-selfsigned-certs --with-persistence=redis --with-mqtt=disabled --with-syslog --with-insecure-registry=true --with-pachd=false --with-graphql=false --with-replication=none --with-backup=none --with-storagedriver=nullstore --with-dbauth=true --with-ldapauth=true --with-tokenauth=true --with-cosiauth=false --with-jwtauth=false --with-redisauth=false --with-mysqlauth=false --with-postgresauth=false --with-sqlaauth=false --with-approleauth=false --with-keycloakauth=false --with-kubernetesauth=true --with-traefik=false --with-nodeport=true --with-cleanup=false --with-allowadmin="true" --set="global.registry='your_registry_host'" | sudo tee /etc/yum.repos.d/harbor.repo && sudo yum install -y harbor && sudo systemctl enable and start harbor && sudo systemctl status harbor && sudo docker run -d -p 80:80 -p 443:443 --name harbor registry:2 || true && sudo docker login your_registry_host && sudo docker pull your_registry_host/library/harbor && sudo docker tag your_registry_host/library/harbor your_domain_or_ip/harbor && sudo docker push your_domain_or_ip/harbor && sudo docker ps | grep harbor || true && sudo docker logs harbor || true"
根据提示完成输入即可,安装完成后,可以通过浏览器访问http://your_domain_or_ip
进入Harbor的管理界面。
在Kubernetes中部署Harbor
1、创建命名空间
在Kubernetes中,所有的资源都需要在一个命名空间中,可以使用以下命令创建一个名为harbor
的命名空间:
kubectl create namespace harbor
2、编写部署文件
创建一个名为harbor-deployment.yaml
的文件,内容如下:
apiVersion: apps/v1 kind: Deployment metadata: name: harbor spec: replicas: 1 selector: matchLabels: app: harbor template: metadata: labels: app: harbor spec: containers: name: harbor image: harbor:latest ports: containerPort: 8080 envFrom: configMapRef: name: harbor-configmap apiVersion: v1 kind: ServiceAccount metadata: name: harbor-serviceaccount namespace: harbor apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: harbor-adminuserrolebinding subjects: [] roleRef: kind: ClusterRole name: cluster-admin apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: name: harbor-adminuserrolebinding2022011917265596939000236796965697593975967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675938234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234 == harbor@harbor && serviceaccount:default:+ envValue +
= true && serviceaccount_name != harbor && serviceaccount_uid != harbor && path != /* && path != */ + user && path != /* + group && path != */ + privileged + * => *,subjects: [{ kind: ServiceAccountKind, name: "harbor", namespace: "harbor"}],rules=[{ apiGroups: [""], resources: ["events"], verbs: ["create"]},{ apiGroups: [""], resources: ["nodes"], verbs: ["create"]},{ apiGroups: [""], resources: ["pods"], verbs: ["get", "watch", "list", "update", "patch", "delete"], verbsIgnoreUnknownParams: true},{ apiGroups: ["extensions"], resources: ["replicasets"], verbs: ["get", "list", "watch", "create", "update", "patch", "delete"], verbsIgnoreUnknownParams: true},{ apiGroups: [""], resources: ["serviceaccounts"], verbs: ["get", "list", "watch", "create", "update", "patch", "delete"], verbsIgnoreUnknownParams: true},{ apiGroups: [""], resources:
+ envValue +, verbs:
+ envValue +={read=true}
,verbsIgnoreUnknownParams: true}],kinds=[ClusterRole],metadata: {},scope":"Namespaced") > harbor-adminuserrolebinding.yaml && kubectl apply -f harbor-adminuser
原创文章,作者:酷盾叔,如若转载,请注明出处:https://www.kdun.com/ask/114691.html
本网站发布或转载的文章及图片均来自网络,其原创性以及文中表达的观点和判断不代表本网站。如有问题,请联系客服处理。
发表回复