Helm部署Harbor 2.3.0

环境信息

  1. Kubernetes:v1.20.6
  2. StorageClass:csi-udisk-rssd
  3. Helm:v3.5.2
  4. nginx-ingress: 0.47.0

Harbor 2.3.0 版本安装前检查工作

  1. 推荐至少预留 8vCPU 和 30GB Mem的资源
  2. 依赖 ingress
  3. 依赖 Redis 5.0 或者更高版本
  4. 依赖 PostgreSQL 12.x 或者更高版本

Harbor 2.3.0 版本安装前准备工作

1. 申请通证书,

可以使用 https://keymanager.org/ 来申请 Let’s Encrypt 提供的免费泛域名证书

2. 创建域名证书 secret

kubectl create ns harbor
kubectl create secret tls harbor-secret \
    --cert=harbor.crt \
    --key=harbor.key \
    -n harbor

3. 准备一个 Redis 实例

K8S集群内部署参考链接 Helm部署Redis

4. 准备一个 PostgreSQL 实例

K8S集群内署参考链接 Helm部署postgresql ,数据部署完毕后,需要创建好harbor组件需要的database,参考命令:

export POSTGRES_PASSWORD=$(kubectl get secret --namespace harbor harbor-db-postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode)

kubectl run harbor-db-postgresql-client --rm --tty -i --restart='Never' --namespace harbor --image uhub.service.ucloud.cn/ucloud_pts/postgresql:13.3.0-debian-10-r55 --env="PGPASSWORD=$POSTGRES_PASSWORD" --command -- psql --host harbor-db-postgresql -U postgres -d postgres -p 5432

CREATE DATABASE harbor_core;
CREATE DATABASE harbor_clair;
CREATE DATABASE harbor_notary_server;
CREATE DATABASE harbor_notary_signer;

5. 同步海外源镜像

在国内环境部署应用,经常因为获取国外源站容器镜像超时,导致部署失败,可以提前将容器镜像同步到本地镜像仓库中,以自有镜像仓库uhub.service.ucloud.cn/ucloud_pts 为例,login仓库,执行命令: docker login uhub.service.ucloud.cn/ucloud_pts
需要同步镜像列表如下:

docker.io/bitnami/chartmuseum:0.13.1-debian-10-r98
docker.io/bitnami/harbor-core:2.3.0-debian-10-r0
docker.io/bitnami/harbor-portal:2.3.0-debian-10-r0
docker.io/bitnami/harbor-registry:2.3.0-debian-10-r7
docker.io/bitnami/harbor-registryctl:2.3.0-debian-10-r7
docker.io/bitnami/harbor-jobservice:2.3.0-debian-10-r7
docker.io/bitnami/harbor-adapter-trivy:2.3.0-debian-10-r5
docker.io/bitnami/harbor-notary-server:2.3.0-debian-10-r7
docker.io/bitnami/harbor-notary-signer:2.3.0-debian-10-r7

关于docker pull tag push 操作可以参考:

  • https://docs.docker.com/engine/reference/commandline/pull/
  • https://docs.docker.com/engine/reference/commandline/tag/
  • https://docs.docker.com/engine/reference/commandline/push/

6. 创建 imagePullSecrets

创建容器集群访问仓库地址 uhub.service.ucloud.cn/ucloud_pts,拉取镜像需要的 secret

kubectl create namespace harbor
kubectl create secret docker-registry registry-secret-name \
        --namespace=harbor \
        --docker-server=uhub.service.ucloud.cn/ucloud_pts \
        --docker-username='xxxxxx' \
        --docker-password='xxxxxx'

7. 添加 Helm仓库

这里选用BitNami提供的chart仓库

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

8. 定义gitlab 配置,完成gitlab部署

cat > harbor-config.yaml << EOF
global:
  imageRegistry: uhub.service.ucloud.cn/ucloud_pts
  secretName:
    - "tls-harbor-core"
  imagePullSecrets:
    - "registry-secret-name"
  storageClass: "csi-udisk-rssd"
internalTLS:
  enabled: false
core:
  secretName: "tls-harbor-core"
service:
  type: LoadBalancer
  tls:
    enabled: true
    existingSecret: 'tls-harbor-core'
    notaryExistingSecret: 'tls-harbor-core'
ingress:
  enabled: true
  pathType: ImplementationSpecific
  apiVersion:
  certManager: false
  hosts:
    core: harbor.onwalk.net
    notary: harbor-notary.onwalk.net
  controller: nginx
  annotations:
    kubernetes.io/ingress.class: nginx
    ingress.kubernetes.io/ssl-redirect: 'true'
    ingress.kubernetes.io/proxy-body-size: '0'
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
externalURL: https://harbor.onwalk.net

postgresql:
  enabled: false
redis:
  enabled: false

externalDatabase:
  host: harbor-db-postgresql
  user: postgres
  port: 5432
  password: "passwdxxxx"
  sslmode: disable
  coreDatabase: harbor_core
  clairDatabase: harbor_clair
  clairUsername: "postgres"
  clairPassword: "passwdxxxx"
  notaryServerDatabase: harbor_notary_server
  notaryServerUsername: "postgres"
  notaryServerPassword: "passwdxxxx"
  notarySignerDatabase: harbor_notary_signer
  notarySignerUsername: "postgres"
  notarySignerPassword: "passwdxxxx"
externalRedis:
  host: harbor-cache-redis-master
  port: 6379
  password: "redispwxxxxx"
EOF

helm delete harbor -n harbor
helm upgrade --install harbor bitnami/harbor -f harbor-config.yaml -n harbor

参考文档:

  • https://github.com/goharbor/harbor-helm
  • https://github.com/goharbor/harbor-helm/blob/master/docs/High%20Availability.md
  • https://docs.docker.com/engine/security/certificates/
  • https://goharbor.io/docs/2.0.0/working-with-projects/working-with-images/managing-helm-charts/

你可能感兴趣的:(Helm部署Harbor 2.3.0)