zoukankan      html  css  js  c++  java

  • Harbor

    nodeport模式

    k8s部署harbor,官方推荐使用helm安装

    安装helm

    见k8s学习记录

    部署harbor

    [root@k8s1 helm]# helm search harbor
NAME             CHART VERSION    APP VERSION    DESCRIPTION                                                 
harbor/harbor    1.2.1            1.9.1          An open source trusted cloud native registry that stores,...
#helm install harbor/harbor,即可安装,但需要修改一些配置。install时将文件下载在,压缩包形式
    #[root@k8s1 archive]# pwd
    #/root/.helm/cache/archive
    #[root@k8s1 archive]# ls
    #harbor-1.2.1.tgz  mysql-1.4.0.tgz
    先删除刚刚创建的
    helm  list
    helm delete releaseName
    -----------------------------------------------------------------------------------------------------------------------
    values.yaml文件
    解压,修改配置文件,values.yaml,values.yaml文件解析

     本实验采用       type: nodePort

    commonName: "core.harbor.domain"      #要填写你访问域名,要不docker  login的时候会报错:你的证书跟网站不匹配

    externalURL: https://core.harbor.domain:30003 #很重要,默认是externalURL: https://core.harbor.domain,因为默认是ingress,docker login的时候访问的是core.harbor.domain,而nodeport访问的是core.harbor.domain:30003

        

          需要证书

        

          获取证书

        

          部署证书位置

          

          如果是externalURL: https://core.harbor.domain 就会报这个这个错误

                    如果是在集群内部,将域名指向127.0.0.1,就不需要配置证书,也能docker login成功

    修改persistentVolumeClaim的  storageClass: "nfs"

    其他默认

    -----------------------------------------------------------------------------------------------------------------------

    database-ss.yaml文件

    helm install时,通过kubectl logs pioneering-billygoat-harbor-database-0 得知,PostgreSQL不能是root用户启动,k8s部署会以root用户启动,

    通过docker 直接启动可知,PostgreSQL启动的用户的uid是999,修改配置文件,修改启动用户

    database-ss.yaml

     

     -----------------------------------------------------------------------------------------------------

     nfs服务器

    创建目录,修改权限 777,

    [root@test01 core.harbor.domain:30003]# vim /etc/exports

/registry         *(rw,sync,no_root_squash,no_all_squash)
/chartmuseum      *(rw,sync,no_root_squash,no_all_squash)
/jobservice       *(rw,sync,no_root_squash,no_all_squash)
/database         *(rw,sync,no_root_squash,no_all_squash)
/redis            *(rw,sync,no_root_squash,no_all_squash)
    k8s集群node节点都要安装nfs-utils
    systemctl start nfs

     pv

    cat   pv.yaml

    apiVersion: v1
kind: PersistentVolume
metadata:
  name: mypv1
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs
  nfs:
    path: /registry
    server: 192.168.0.154
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mypv2
spec:
  capacity:
    storage: 5Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs
  nfs:
    path: /chartmuseum
    server: 192.168.0.154
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mypv3
spec:
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs
  nfs:
    path: /jobservice
    server: 192.168.0.154
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mypv4
spec:
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs
  nfs:
    path: /database
    server: 192.168.0.154
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: mypv5
spec:
  capacity:
    storage: 1Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  storageClassName: nfs
  nfs:
    path: /redis
    server: 192.168.0.154
    kubectl  create -f pv.yml

     安装harbor

    helm install .helm/cache/archive/harbor

    有可能会出现registry的pod错误日志database “registry” does not exist,需要进入database pod 手动创建数据库

    # 1. 进入数据库 Pod
$ kubectl exec -it harbor-harbor-database-0 -n kube-ops /bin/bash
# 2. 连接数据库
root [ / ]# psql --username postgres
psql (9.6.10)
Type "help" for help.
# 3. 创建 registry 数据库
postgres=# CREATE DATABASE registry ENCODING 'UTF8';
CREATE DATABASE
postgres=# c registry;
You are now connected to database "registry" as user "postgres".
registry=# CREATE TABLE schema_migrations(version bigint not null primary key, dirty boolean not null);
CREATE TABLE
registry-# quit

     网页访问,https://core.harbor.domain:30003, 账号密码在values.yaml里设置

    docker login -u admin -p Harbor12345 core.harbor.domain:30003

     harbor使用解析

     

     

     

     在tag保留规则里,保留一个最新的pus镜像,实际会保留这3个,因为他们的hash是一样的,所以系统就会认为是一个

    在页面上删除镜像时,镜像会进入垃圾桶,需要点击垃圾清理,也会释放存储空间

    ingress模式

    安装ingress控制器(本文采用nginx-ingress)

    使用helm安装

    要修改values文件,将controller的hostNetwork改为host模式(这样集群外才能访问),hostNetwork: true,实际配置中要制定ingress controller的pod在指定的node上。或使用daemonset部署

    helm install stable/nginx-ingress --values=/root/.helm/cache/archive/nginx-ingress/values.yaml -n nginx-ingress

    nginx-ingress实际上会安装两个pod一个是控制器一个是 提供404页面,将错误的请求都发给404页面

    安装harbor

    修改values文件 

    commonName: "core.harbor.domain"

    externalURL: https://core.harbor.domain

    storageClass: "nfs"

    然后安装nodeport方法部署即可

    验证访问

    将core.harbor.domain 指向ingress控制器的node ip,这个弄得才会监听80端口,

    浏览器防伪core.harbor.domain即可,

    docker登录,从网页上下载ca证书,部署到真机上即可

     
  • 相关阅读:
    SQL获取分组第一条记录
    Highcharts中Legend动态显示点值
    Json序列化
    Xml 序列化
    Json 用法整理
    Oracle如何复制表的sql语句
    spring.net 如何让xml智能提示
    C# 属性和字段的区别
    EasyUI中Grid标题居中方法(jquery实现方法)
    Asp.net Web.Config
  • 原文地址:https://www.cnblogs.com/fanever/p/11724949.html
Copyright © 2011-2022 走看看