部署Harbor v1.8.1 开启helm-charts

1、部署前准备

下载Harborv1.8.1
下载在线包
wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-online-installer-v1.8.1.tgz
由于文件使用的谷歌云,可能要使用特殊的手段才能下载
下面是几个文件内容

2、修改配置文件

主要修改地方
hostname: docker.test.com
开启https
https:
  port: 443
  certificate: /apps/registrs/cert/docker.test.com.crt
  private_key: /apps/registrs/cert/docker.test.com.key
证书存储地址
data_volume: /apps/registrs
修改成自己服务器存储地址
vi harbor.yml
# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: docker.test.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
#   # https port for harbor, default is 443
  port: 443
#   # The path of cert and key files for nginx
  certificate: /apps/registrs/cert/docker.test.com.crt
  private_key: /apps/registrs/cert/docker.test.com.key

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: Harbor12345

# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: root123

# The default data volume
data_volume: /apps/registrs

# Harbor Storage settings by default is using /data dir on local filesystem
# Uncomment storage_service setting If you want to using external storage
# storage_service:
#   # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
#   # of registry's and chart repository's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.
#   ca_bundle:

#   # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
#   # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
#   filesystem:
#     maxthreads: 100
#   # set disable to true when you want to disable registry redirect
#   redirect:
#     disabled: false

# Clair configuration
clair: 
  # The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
  updaters_interval: 12

  # Config http proxy for Clair, e.g. http://my.proxy.com:3128
  # Clair doesn't need to connect to harbor internal components via http proxy.
  http_proxy:
  https_proxy:
  no_proxy: 127.0.0.1,localhost,core,registry

jobservice:
  # Maximum number of job workers in job service  
  max_job_workers: 10

chart:
  # Change the value of absolute_url to enabled can enable absolute url in chart
  absolute_url: disabled

# Log configurations
log:
  # options are debug, info, warning, error, fatal
  level: info
  # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
  rotate_count: 50
  # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. 
  # If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G 
  # are all valid.
  rotate_size: 200M
  # The directory on your host that store log
  location: /var/log/harbor

#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 1.8.0

# Uncomment external_database if using external database.
# external_database:
#   harbor:
#     host: harbor_db_host
#     port: harbor_db_port
#     db_name: harbor_db_name
#     username: harbor_db_username
#     password: harbor_db_password
#     ssl_mode: disable
#   clair:
#     host: clair_db_host
#     port: clair_db_port
#     db_name: clair_db_name
#     username: clair_db_username
#     password: clair_db_password
#     ssl_mode: disable
#   notary_signer:
#     host: notary_signer_db_host
#     port: notary_signer_db_port
#     db_name: notary_signer_db_name
#     username: notary_signer_db_username
#     password: notary_signer_db_password
#     ssl_mode: disable
#   notary_server:
#     host: notary_server_db_host
#     port: notary_server_db_port
#     db_name: notary_server_db_name
#     username: notary_server_db_username
#     password: notary_server_db_password
#     ssl_mode: disable

# Uncomment external_redis if using external Redis server
# external_redis:
#   host: redis
#   port: 6379
#   password:
#   # db_index 0 is for core, it's unchangeable
#   registry_db_index: 1
#   jobservice_db_index: 2
#   chartmuseum_db_index: 3

# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
#   ca_file: /path/to/ca

prepare 文件 不做修改

vi prepare
#!/bin/bash
set +e

# If compling source code this dir is harbor's make dir
# If install harbor via pacakge, this dir is harbor's root dir
if [[ -n "$HARBOR_BUNDLE_DIR" ]]; then
    harbor_prepare_path=$HARBOR_BUNDLE_DIR
else
    harbor_prepare_path="$( cd "$(dirname "$0")" ; pwd -P )"
fi
echo "prepare base dir is set to ${harbor_prepare_path}"
data_path=$(grep '^[^#]*data_volume:' ${harbor_prepare_path}/harbor.yml | awk '{print $NF}')

# If previous secretkeys exist, move it to new location
previous_secretkey_path=/data/secretkey
previous_defaultalias_path=/data/defaultalias

if [ -f $previous_secretkey_path ]; then
    mkdir -p $data_path/secret/keys
    mv $previous_secretkey_path $data_path/secret/keys
fi
if [ -f $previous_defaultalias_path ]; then
    mkdir -p $data_path/secret/keys
    mv $previous_defaultalias_path $data_path/secret/keys
fi

# Clean up input dir
rm -rf ${harbor_prepare_path}/input
# Create a input dirs
mkdir -p ${harbor_prepare_path}/input
input_dir=${harbor_prepare_path}/input

set -e

# Copy harbor.yml to input dir
if [[ ! "$1" =~ ^\-\- ]] && [ -f "$1" ]
then
    cp $1 $input_dir/harbor.yml 
else
    cp ${harbor_prepare_path}/harbor.yml $input_dir/harbor.yml
fi

# Create secret dir
secret_dir=${data_path}/secret
config_dir=$harbor_prepare_path/common/config

# Run prepare script
docker run --rm -v $input_dir:/input \
                    -v $harbor_prepare_path:/compose_location \
                    -v $config_dir:/config \
                    -v $secret_dir:/secret \
                    goharbor/prepare:v1.8.1 $@

echo "Clean up the input dir"
# Clean up input dir
rm -rf ${harbor_prepare_path}/input

install.sh 文件也不做任何修改

vi install.sh
#!/bin/bash

set +e
set -o noglob

#
# Set Colors
#

bold=$(tput bold)
underline=$(tput sgr 0 1)
reset=$(tput sgr0)

red=$(tput setaf 1)
green=$(tput setaf 76)
white=$(tput setaf 7)
tan=$(tput setaf 202)
blue=$(tput setaf 25)

#
# Headers and Logging
#

underline() { printf "${underline}${bold}%s${reset}\n" "$@"
}
h1() { printf "\n${underline}${bold}${blue}%s${reset}\n" "$@"
}
h2() { printf "\n${underline}${bold}${white}%s${reset}\n" "$@"
}
debug() { printf "${white}%s${reset}\n" "$@"
}
info() { printf "${white}➜ %s${reset}\n" "$@"
}
success() { printf "${green}✔ %s${reset}\n" "$@"
}
error() { printf "${red}✖ %s${reset}\n" "$@"
}
warn() { printf "${tan}➜ %s${reset}\n" "$@"
}
bold() { printf "${bold}%s${reset}\n" "$@"
}
note() { printf "\n${underline}${bold}${blue}Note:${reset} ${blue}%s${reset}\n" "$@"
}

set -e
set +o noglob

usage=$'Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https. 
Please set --with-clair if needs enable Clair in Harbor
Please set --with-chartmuseum if needs enable Chartmuseum in Harbor'
item=0

# notary is not enabled by default
with_notary=$false
# clair is not enabled by default
with_clair=$false
# chartmuseum is not enabled by default
with_chartmuseum=$false

while [ $# -gt 0 ]; do
        case $1 in
            --help)
            note "$usage"
            exit 0;;
            --with-notary)
            with_notary=true;;
            --with-clair)
            with_clair=true;;
            --with-chartmuseum)
            with_chartmuseum=true;;
            *)
            note "$usage"
            exit 1;;
        esac
        shift || true
done

workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $workdir

# The hostname in harbor.yml has not been modified
if grep '^[[:blank:]]*hostname: reg.mydomain.com' &> /dev/null harbor.yml
then
    warn "$usage"
    exit 1
fi

function check_docker {
    if ! docker --version &> /dev/null
    then
        error "Need to install docker(17.06.0+) first and run this script again."
        exit 1
    fi

    # docker has been installed and check its version
    if [[ $(docker --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
    then
        docker_version=${BASH_REMATCH[1]}
        docker_version_part1=${BASH_REMATCH[2]}
        docker_version_part2=${BASH_REMATCH[3]}

        # the version of docker does not meet the requirement
        if [ "$docker_version_part1" -lt 17 ] || ([ "$docker_version_part1" -eq 17 ] && [ "$docker_version_part2" -lt 6 ])
        then
            error "Need to upgrade docker package to 17.06.0+."
            exit 1
        else
            note "docker version: $docker_version"
        fi
    else
        error "Failed to parse docker version."
        exit 1
    fi
}

function check_dockercompose {
    if ! docker-compose --version &> /dev/null
    then
        error "Need to install docker-compose(1.18.0+) by yourself first and run this script again."
        exit 1
    fi

    # docker-compose has been installed, check its version
    if [[ $(docker-compose --version) =~ (([0-9]+).([0-9]+).([0-9]+)) ]]
    then
        docker_compose_version=${BASH_REMATCH[1]}
        docker_compose_version_part1=${BASH_REMATCH[2]}
        docker_compose_version_part2=${BASH_REMATCH[3]}

        # the version of docker-compose does not meet the requirement
        if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 18 ])
        then
            error "Need to upgrade docker-compose package to 1.18.0+."
                        exit 1
        else
            note "docker-compose version: $docker_compose_version"
        fi
    else
        error "Failed to parse docker-compose version."
        exit 1
    fi
}

h2 "[Step $item]: checking installation environment ..."; let item+=1
check_docker
check_dockercompose

if [ -f harbor*.tar.gz ]
then
    h2 "[Step $item]: loading Harbor images ..."; let item+=1
    docker load -i ./harbor*.tar.gz
fi
echo ""

h2 "[Step $item]: preparing environment ...";  let item+=1
if [ -n "$host" ]
then
    sed "s/^hostname: .*/hostname: $host/g" -i ./harbor.yml
fi
prepare_para=
if [ $with_notary ] 
then
    prepare_para="${prepare_para} --with-notary"
fi
if [ $with_clair ]
then
    prepare_para="${prepare_para} --with-clair"
fi
if [ $with_chartmuseum ]
then
    prepare_para="${prepare_para} --with-chartmuseum"
fi

./prepare $prepare_para
echo ""

if [ -n "$(docker-compose ps -q)"  ]
then
    note "stopping existing Harbor instance ..." 
    docker-compose down -v
fi
echo ""

h2 "[Step $item]: starting Harbor ..."
docker-compose up -d

protocol=http
hostname=reg.mydomain.com

if [ -n "$(grep '^[^#]*https:' ./harbor.yml)" ]
then
protocol=https
fi

if [[ $(grep '^[[:blank:]]*hostname:' ./harbor.yml) =~ hostname:[[:blank:]]*(.*) ]]
then
hostname=${BASH_REMATCH[1]}
fi
echo ""

success $"----Harbor has been installed and started successfully.----

Now you should be able to visit the admin portal at ${protocol}://${hostname}. 
For more details, please visit https://github.com/goharbor/harbor .
"

3、升级docker 版本 docker 最低版本要求是docker18号版本最好是最新

### 卸载旧docker 
yum remove docker-ce
修改docker 源 阿里云
cat > /etc/yum.repos.d/docker-ce.repo << EOF
[docker-ce-stable]
name=Docker CE Stable - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-stable-debuginfo]
name=Docker CE Stable - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-stable-source]
name=Docker CE Stable - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/stable
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-edge]
name=Docker CE Edge - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-edge-debuginfo]
name=Docker CE Edge - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-edge-source]
name=Docker CE Edge - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/edge
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test]
name=Docker CE Test - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test-debuginfo]
name=Docker CE Test - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-test-source]
name=Docker CE Test - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/test
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-nightly]
name=Docker CE Nightly - \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/\$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-nightly-debuginfo]
name=Docker CE Nightly - Debuginfo \$basearch
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/debug-\$basearch/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

[docker-ce-nightly-source]
name=Docker CE Nightly - Sources
baseurl=https://mirrors.aliyun.com/docker-ce/linux/centos/7/source/nightly
enabled=0
gpgcheck=1
gpgkey=https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
EOF
### 安装新版docker
yum install docker-ce -y

### 修改docker 启动文件
vim /usr/lib/systemd/system/docker.service
添加
/usr/bin/dockerd -H fd:// --graph /apps/docker -H unix:///var/run/docker.sock  --max-concurrent-downloads=20
systemctl daemon-reload
systemctl restart docker 
systemctl enable docker

4、下载docker-compose

curl -L https://github.com/docker/compose/releases/download/1.24.0/docker-compose-`uname -s`-`uname -m` -o /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose

5、安装harbor

给予 install.sh prepare  可 执行权限
chmod +x install.sh prepare 
执行 install.sh 安装harbor
./install.sh --with-notary --with-clair --with-chartmuseum
如果中途拉容器很慢可以结束再次执行直到拉取完毕
记得准备nginx 支持的域名证书

6、验证harbor 的docker 仓库 是否 正常

docker ps 
[root@ceph-2-220 harbor]# docker ps
CONTAINER ID        IMAGE                                               COMMAND                  CREATED             STATUS                  PORTS                                                              NAMES
15e1c335701f        goharbor/nginx-photon:v1.8.1                        "nginx -g 'daemon of…"   16 hours ago        Up 16 hours (healthy)   0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:4443->4443/tcp   nginx
dbc4bc680006        goharbor/harbor-portal:v1.8.1                       "nginx -g 'daemon of…"   16 hours ago        Up 16 hours (healthy)   80/tcp                                                             harbor-portal
f84585de038d        goharbor/harbor-jobservice:v1.8.1                   "/harbor/start.sh"       16 hours ago        Up 16 hours                                                                                harbor-jobservice
f13bb671d1d0        goharbor/notary-server-photon:v0.6.1-v1.8.1         "/bin/server-start.sh"   16 hours ago        Up 16 hours                                                                                notary-server
5563dd968c54        goharbor/chartmuseum-photon:v0.8.1-v1.8.1           "/docker-entrypoint.…"   16 hours ago        Up 16 hours (healthy)   9999/tcp                                                           chartmuseum
08f93f9a8f21        goharbor/harbor-core:v1.8.1                         "/harbor/start.sh"       16 hours ago        Up 16 hours (healthy)                                                                      harbor-core
70d266d7bf26        goharbor/notary-signer-photon:v0.6.1-v1.8.1         "/bin/signer-start.sh"   16 hours ago        Up 16 hours                                                                                notary-signer
32bb83505406        goharbor/clair-photon:v2.0.8-v1.8.1                 "/docker-entrypoint.…"   16 hours ago        Up 16 hours (healthy)   6060-6061/tcp                                                      clair
f549a00846aa        goharbor/harbor-db:v1.8.1                           "/entrypoint.sh post…"   16 hours ago        Up 16 hours (healthy)   5432/tcp                                                           harbor-db
cf3146e0ce9b        goharbor/redis-photon:v1.8.1                        "docker-entrypoint.s…"   16 hours ago        Up 16 hours             6379/tcp                                                           redis
569652aa4da7        goharbor/registry-photon:v2.7.1-patch-2819-v1.8.1   "/entrypoint.sh /etc…"   16 hours ago        Up 16 hours (healthy)   5000/tcp                                                           registry
0be5e4aaa3d3        goharbor/harbor-registryctl:v1.8.1                  "/harbor/start.sh"       16 hours ago        Up 16 hours (healthy)                                                                      registryctl
3bef982a3f39        goharbor/harbor-log:v1.8.1                          "/bin/sh -c /usr/loc…"   16 hours ago        Up 16 hours (healthy)   127.0.0.1:1514->10514/tcp                                          harbor-log
[root@ceph-2-220 harbor]# netstat -tnlp| grep docker-prox
tcp        0      0 127.0.0.1:1514          0.0.0.0:*               LISTEN      2576614/docker-prox 
tcp6       0      0 :::80                   :::*                    LISTEN      2579058/docker-prox 
tcp6       0      0 :::443                  :::*                    LISTEN      2579043/docker-prox 
tcp6       0      0 :::4443                 :::*                    LISTEN      2579017/docker-prox 
https://域名

### 测试 docker 仓库是否正常
[root@ceph-2-220 harbor]# docker images
REPOSITORY                                  TAG                        IMAGE ID            CREATED             SIZE
goharbor/chartmuseum-photon                 v0.8.1-v1.8.1              ef41a1168648        10 days ago         113MB
docker tag goharbor/chartmuseum-photon:v0.8.1-v1.8.1  域名/library/chartmuseum-photon:v0.8.1-v1.8.1
library 项目名称必须有
docker login 域名 
## 输入账号密码
docker push 域名/library/chartmuseum-photon:v0.8.1-v1.8.1

打开web 页面查看是否上传成功

在其它任何服务器
docker login 域名 
docker pull 域名/library/chartmuseum-photon:v0.8.1-v1.8.1
如果正常拉取 docker 私有仓库安装成功

7 验证harbor 的 helm-charts 仓库

添加 harbor  helm-charts 仓库地址
helm repo add --username=admin --password=Harbor12345 myrepo https:/域名/chartrepo
具体的项目地址
helm repo add --username=admin --password=Harbor12345 library https:/域名/chartrepo/library 
更新
helm repo update
安装 helm-push 插件
helm plugin install https://github.com/chartmuseum/helm-push
下载一个其它仓储已经有的项目
helm fetch stable/mysql
[root@jenkins ~]# ll mysql*
-rw-r--r-- 1 root root 5536 6月  28 08:48 mysql-0.3.5.tgz
上传到私有仓库
helm push mysql-0.3.5.tgz myrepo
更新repo
helm repo update
查找刚刚push mysql
helm search  mysql
[root@jenkins ~]# helm search  mysql
NAME                            CHART VERSION   APP VERSION     DESCRIPTION                                       
myrepo/library/mysql            0.3.5                           Fast, reliable, scalable, and easy to use open-...
repo_name1/mysql-broker         0.1.0                           A Helm chart for Kubernetes                       
stable/mysql                    0.3.5                           Fast, reliable, scalable, and easy to us
第一个就是 web 页面查看

k8s 测试helm mysql

配置默认storageclass
mysql 使用到动态后端存储 不然mysql 一直不会进行部署
kubectl get storageclass
kubectl patch storageclass nfs-storage -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
取消默认
kubectl patch storageclass nfs-storage -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
kubectl get storageclass
helm install --name-template mysql myrepo/library/mysql
[root@jenkins ~]# helm list
NAME    NAMESPACE       REVISION        UPDATED                                 STATUS          CHART         
mysql   default         1               2019-06-28 08:54:19.825429471 +0800 CST deployed        mysql-0.3.5   
[root@jenkins ~]# kubectl get service| grep mysql-mysql
mysql-mysql                 ClusterIP   10.64.160.92            3306/TCP    75m
[root@jenkins ~]# kubectl get pod| grep mysql
mysql-mysql-549d644d4-z2ctk               0/1     Running   0          59s
kubectl get secret --namespace default mysql-mysql -o jsonpath="{.data.mysql-root-password}" | base64 --decode; echo
查看mysql 密码 连接mysql
不出问题一切ok
harbor 安装就完成了

你可能感兴趣的:(部署Harbor v1.8.1 开启helm-charts)