helm kubernetes部署

Harbor简介

Harbor是一个开源的企业级容器注册中心,用于存储和分发Docker镜像,它提供了一个简单易用的Web界面,方便用户管理和操作容器镜像,Kubernetes(简称K8s)是一个开源的容器编排系统,可以自动化地部署、扩展和管理容器化应用程序,Helm是Kubernetes的一个包管理工具,可以帮助用户更方便地安装和管理Kubernetes应用,本文将介绍如何在Kubernetes Helm中安装和使用Harbor。

安装Harbor

1、准备环境

helm kubernetes部署

在安装Harbor之前,需要确保已经安装了Kubernetes集群和Helm,还需要配置好kubectl命令行工具,以便与Kubernetes集群进行交互。

2、下载Harbor安装包

从Harbor的GitHub仓库下载最新版本的Harbor安装包:https://github.com/goharbor/harbor/releases

3、解压安装包

将下载的安装包解压到一个目录中,/opt/harbor

tar -zxvf harbor-offline-installer-vx.y.z.tgz -C /opt/harbor

4、修改配置文件

进入解压后的目录,编辑harbor.yml文件,设置相关参数,主要需要修改以下几个参数:

helm kubernetes部署

hostname:设置Harbor的域名或IP地址;

http:设置Harbor的HTTP端口;

https:设置Harbor的HTTPS端口;

data_volume:设置Harbor的数据持久化存储路径;

expose:设置Harbor的访问端口。

hostname: your_domain_or_ip
http:
  port: 80
https:
  port: 443
expose: 80 443
data_volume: /path/to/your/data_volume

5、安装Harbor

运行以下命令开始安装Harbor:

helm kubernetes部署

./install.sh --with-notary --with-trivy --with-clair --with-regulatory --with-selfsigned-certs --with-persistence=redis --with-mqtt=disabled --with-syslog --with-insecure-registry=true --with-pachd=false --with-graphql=false --with-replication=none --with-backup=none --with-storagedriver=nullstore --with-dbauth=true --with-ldapauth=true --with-tokenauth=true --with-cosiauth=false --with-jwtauth=false --with-redisauth=false --with-mysqlauth=false --with-postgresauth=false --with-sqlaauth=false --with-approleauth=false --with-keycloakauth=false --with-kubernetesauth=true --with-traefik=false --with-nodeport=true --with-cleanup=false --with-allowadmin="true" --set="global.registry='your_registry_host'" | sudo tee /etc/yum.repos.d/harbor.repo && sudo yum install -y harbor && sudo systemctl enable and start harbor && sudo systemctl status harbor && sudo docker run -d -p 80:80 -p 443:443 --name harbor registry:2 || true && sudo docker login your_registry_host && sudo docker pull your_registry_host/library/harbor && sudo docker tag your_registry_host/library/harbor your_domain_or_ip/harbor && sudo docker push your_domain_or_ip/harbor && sudo docker ps | grep harbor || true && sudo docker logs harbor || true"

根据提示完成输入即可,安装完成后,可以通过浏览器访问http://your_domain_or_ip进入Harbor的管理界面。

在Kubernetes中部署Harbor

1、创建命名空间

在Kubernetes中,所有的资源都需要在一个命名空间中,可以使用以下命令创建一个名为harbor的命名空间:

kubectl create namespace harbor

2、编写部署文件

创建一个名为harbor-deployment.yaml的文件,内容如下:


apiVersion: apps/v1
kind: Deployment
metadata:
  name: harbor
spec:
  replicas: 1
  selector:
    matchLabels:
      app: harbor
  template:
    metadata:
      labels:
        app: harbor
    spec:
      containers:
      name: harbor
        image: harbor:latest
        ports:
        containerPort: 8080
        envFrom:
        configMapRef:
            name: harbor-configmap

apiVersion: v1
kind: ServiceAccount
metadata:
  name: harbor-serviceaccount
namespace: harbor

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: harbor-adminuserrolebinding
subjects: []
roleRef:
  kind: ClusterRole
  name: cluster-admin
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: harbor-adminuserrolebinding2022011917265596939000236796965697593975967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675938234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234 == harbor@harbor && serviceaccount:default: + envValue +  = true && serviceaccount_name != harbor && serviceaccount_uid != harbor && path != /* && path != */ + user && path != /* + group && path != */ + privileged + * => *,subjects: [{ kind: ServiceAccountKind, name: "harbor", namespace: "harbor"}],rules=[{ apiGroups: [""], resources: ["events"], verbs: ["create"]},{ apiGroups: [""], resources: ["nodes"], verbs: ["create"]},{ apiGroups: [""], resources: ["pods"], verbs: ["get", "watch", "list", "update", "patch", "delete"], verbsIgnoreUnknownParams: true},{ apiGroups: ["extensions"], resources: ["replicasets"], verbs: ["get", "list", "watch", "create", "update", "patch", "delete"], verbsIgnoreUnknownParams: true},{ apiGroups: [""], resources: ["serviceaccounts"], verbs: ["get", "list", "watch", "create", "update", "patch", "delete"], verbsIgnoreUnknownParams: true},{ apiGroups: [""], resources: + envValue + , verbs: + envValue + ={read=true},verbsIgnoreUnknownParams: true}],kinds=[ClusterRole],metadata: {},scope":"Namespaced") > harbor-adminuserrolebinding.yaml && kubectl apply -f harbor-adminuser

原创文章,作者:酷盾叔,如若转载,请注明出处:https://www.kdun.com/ask/114691.html

本网站发布或转载的文章及图片均来自网络,其原创性以及文中表达的观点和判断不代表本网站。如有问题,请联系客服处理。

(0)
酷盾叔订阅
上一篇 2023-12-25 10:09
下一篇 2023-12-25 10:12

相关推荐

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注

产品购买 QQ咨询 微信咨询 SEO优化
分享本页
返回顶部
云产品限时秒杀。精选云产品高防服务器,20M大带宽限量抢购 >>点击进入