k8s使用helm部署Harbor镜像仓库并启用SSL

1、部署nfs存储工具

参照:https://zhaoll.blog.csdn.net/article/details/128155767

2、部署helm

有多种安装方式,根据自己的k8s版本选择合适的helm版本
参考:https://blog.csdn.net/qq_30614345/article/details/131669319

3、部署Harbor

我们这里使用helm安装harbor,项目地址:https://github.com/goharbor/harbor-helm
(1)拉取项目文件

helm repo add harbor https://helm.goharbor.io
helm repo update
helm pull harbor/harbor

(2)解压并修改配置
tar -zxf v1.12.2.tar.gz && cd harbor-helm
要修改的地方如下:
1)values.yaml:

expose:
  type: nodePort
  tls:
    enabled: true
    certSource: auto
    auto:
      commonName: "harbor.service.com"
    secret:
      secretName: "harbor.service.com"
      notarySecretName: ""
  ingress:
    hosts:
      core: harbor.service.com
      notary: harbor.service.com

externalURL: https://myharbor.com

2)将values.yaml文件内所有的storageClass: " "改为storageClass: “master-nfs-storage”.

修改完成后部署:

helm install harbor . -f values.yaml -n harbor

注意自己的服务器内存和CPU资源是否充足,不然起不来。

[root@master01 harbor]# kubectl get pod,pvc,svc -n harbor
NAME                                        READY   STATUS    RESTARTS        AGE
pod/harbor-core-5dd768f6fb-nfjpj            1/1     Running   0               7m46s
pod/harbor-database-0                       1/1     Running   0               7m46s
pod/harbor-jobservice-74dbdbf858-k79cd      1/1     Running   3 (7m20s ago)   7m46s
pod/harbor-nginx-69dc9c79b5-c86tq           1/1     Running   0               7m46s
pod/harbor-notary-server-5d7878fbf-bkpfm    1/1     Running   0               7m46s
pod/harbor-notary-signer-85d7c867dd-6smzt   1/1     Running   0               7m46s
pod/harbor-portal-8f85bbc8f-mzmpb           1/1     Running   0               7m46s
pod/harbor-redis-0                          1/1     Running   0               7m46s
pod/harbor-registry-7546f96ff-9s7qb         2/2     Running   0               7m46s
pod/harbor-trivy-0                          1/1     Running   0               7m46s

NAME                                                    STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS         AGE
persistentvolumeclaim/data-harbor-redis-0               Bound    pvc-35403a12-088f-4428-9b76-9b5ce65f9093   1Gi        RWO            master-nfs-storage   41m
persistentvolumeclaim/data-harbor-trivy-0               Bound    pvc-7a1101b7-7b75-4f7d-9597-685ed6b9522a   1Gi        RWO            master-nfs-storage   41m
persistentvolumeclaim/database-data-harbor-database-0   Bound    pvc-4f9ed9f6-4d2f-40a2-93e8-04e8d41840e8   1Gi        RWO            master-nfs-storage   41m
persistentvolumeclaim/harbor-jobservice                 Bound    pvc-97e92430-60e2-4cee-9b35-62e32b3695c4   1Gi        RWO            master-nfs-storage   41m
persistentvolumeclaim/harbor-registry                   Bound    pvc-c6c393bd-9c24-4553-b315-662e26b76816   1Gi        RWO            master-nfs-storage   41m

NAME                           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                                     AGE
service/harbor                 NodePort    10.104.21.19             80:31002/TCP,443:31003/TCP,4443:31004/TCP   7m47s
service/harbor-core            ClusterIP   10.107.252.158           80/TCP                                      7m47s
service/harbor-database        ClusterIP   10.104.63.223            5432/TCP                                    7m47s
service/harbor-jobservice      ClusterIP   10.107.132.71            80/TCP                                      7m47s
service/harbor-notary-server   ClusterIP   10.101.112.227           4443/TCP                                    7m47s
service/harbor-notary-signer   ClusterIP   10.106.252.215           7899/TCP                                    7m47s
service/harbor-portal          ClusterIP   10.105.233.89            80/TCP                                      7m47s
service/harbor-redis           ClusterIP   10.102.76.99             6379/TCP                                    7m47s
service/harbor-registry        ClusterIP   10.99.69.186             5000/TCP,8080/TCP                           7m47s
service/harbor-trivy           ClusterIP   10.106.20.0              8080/TCP                                    7m46s

可以看到https的443端口对应的是主机的31003端口

4、修改客户机的hosts文件,添加一行

11.0.1.7   harbor.service.com

打开浏览器访问测试:
地址https://harbor.service.com:31003/,用户名admin,密码Harbor12345

k8s使用helm部署Harbor镜像仓库并启用SSL_第1张图片

4、containerd连接harbor仓库

未完 待续。。。

你可能感兴趣的:(运维)