文章目录
- Harbor Deployment (Helm)
- 前期准备
- 创建stl证书
- Harbor 部署
- 推送镜像
Harbor Deployment (Helm)
Helm 部署 Harbor需要使用共享存储,docker-compose 部署使用单台宿主机存储。
前期准备
创建stl证书
# 模拟域名,公司可以申请内部域名
# VIP bigdata.harbor.com
# 10.83.195.250 bigdata.harbor.com
# 一般使用公司证书,模拟使用mkdir -p /data/harbor_helm/stl && cd /data/harbor_helm/stl
# 生成 CA 证书私钥
openssl genrsa -out ca.key 4096
# 生成 CA 证书
openssl req -x509 -new -nodes -sha512 -days 36500 \-subj "/C=CN/ST=Guangdong/L=Shenzhen/O=harbor/OU=harbor/CN=bigdata.harbor.com" \-key ca.key \-out ca.crt
# 创建域名证书,生成私钥
openssl genrsa -out harbor.key 4096
# 生成证书签名请求 CSR
openssl req -sha512 -new \-subj "/C=CN/ST=Guangdong/L=Shenzhen/O=harbor/OU=harbor/CN=bigdata.harbor.com" \-key harbor.key \-out harbor.csr
# 生成 x509 v3 扩展
cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1=bigdata.harbor.com
DNS.2=*..bigdata.harbor.com
DNS.3=hostname
EOF
#创建 Harbor 访问证书
openssl x509 -req -sha512 -days 3650 \-extfile v3.ext \-CA ca.crt -CAkey ca.key -CAcreateserial \-in harbor.csr \-out harbor.crt
基于证书创建 secret
kubectl create ns harbor-uat
kubectl create secret tls k8s-harbor-secret --key harbor.key --cert harbor.crt -n harbor-uat
kubectl get secret k8s-harbor-secret -n harbor-uat
Harbor 部署
下载
helm repo add harbor https://helm.goharbor.io
helm pull harbor/harbor --version 1.14.2
tar -zxvf harbor-1.14.2.tgz
cd harbor
安装
# 和 Chart.yaml 同级目录下执行
# 需要使用共享存储 ceph
helm install harbor-uat -n harbor-uat ./harbor \--set expose.ingress.hosts.core=bigdata.harbor.com \--set-string expose.ingress.annotations.'nginx\.org/client-max-body-size'="1024m" \--set expose.tls.secretName=k8s-harbor-secret \--set persistence.persistentVolumeClaim.registry.storageClass=harbor-ceph-storage \--set persistence.persistentVolumeClaim.jobservice.storageClass=harbor-ceph-storage \--set persistence.persistentVolumeClaim.database.storageClass=harbor-ceph-storage \--set persistence.persistentVolumeClaim.redis.storageClass=harbor-ceph-storage \--set persistence.persistentVolumeClaim.trivy.storageClass=harbor-ceph-storage \--set persistence.persistentVolumeClaim.chartmuseum.storageClass=harbor-ceph-storage \--set persistence.enabled=true \--set externalURL=https://bigdata.harbor.com/ \--set harborAdminPasswords=admin@123# --set persistence.enabled=false 使用pod内部存储,仅限测试
helm install harbor-uat -n harbor-uat ./harbor \--set expose.ingress.hosts.core=bigdata.harbor.com \--set-string expose.ingress.annotations.'nginx\.org/client-max-body-size'="1024m" \--set expose.tls.secretName=k8s-harbor-secret \--set persistence.enabled=false \--set externalURL=https://bigdata.harbor.com/ \--set harborAdminPasswords=admin@123# NAME: harbor-uat
# LAST DEPLOYED: Fri Apr 12 14:36:24 2024
# NAMESPACE: harbor
# STATUS: deployed
# REVISION: 1
# TEST SUITE: None
# NOTES:
# Please wait for several minutes for Harbor deployment to complete.
# Then you should be able to visit the Harbor portal at https://bigdata.harbor.com/
# For more details, please visit https://github.com/goharbor/harbor# 查看
kubectl get ingress,svc,pvc,pv,pods -owide -n harbor-uat # 卸载
helm uninstall harbor-uat -n harbor-uat
推送镜像
vim /etc/docker/daemon.json
# insecure-registries harbor地址
{"registry-mirrors": ["https://ogeydad1.mirror.aliyuncs.com"],"insecure-registries": ["https://bigdata.harbor.com"],"exec-opts": ["native.cgroupdriver=systemd"]
}# 重启 docker
systemctl reload docker && systemctl restart docker
docker-compose restart# 拉取镜像
docker pull nginx:1.16
# 打标签
docker image tag nginx:1.16 bigdata.harbor.com/bigdata/nginx:1.16
# 登录仓库
docker login https://bigdata.harbor.com
# admin/admin@123
# Login Succeeded# 推镜像到仓库
docker push bigdata.harbor.com/bigdata/nginx:1.16docker pull centos:centos7
docker image tag centos:centos7 bigdata.harbor.com/bigdata/centos:centos7
docker push bigdata.harbor.com/bigdata/centos:centos7
-redis环境部署)
的校园二手交易系统设计与实现(完整程序+开题报告+论文))
---基本命令(1))
)
)