Helm部署Harbor

ItTalk 2019-10-08

2141

Harbor简介

Harbor是一个开源的云原生仓库，提供类似https://hub.docker.com的功能，它扩展了开源Docker Distribution，适合公司内部做为容器镜像管理。详细可参考：https://github.com/goharbor/harbor

为何选择部署私服仓库？

选择自己部署私服的原因主要有二，其一为生产环境的镜像很大（200-300M），为了提高CI/CD的速度，部署私库可提升效率。其二为保护自制镜像的安全。

Helm部署harbor

我们选择bitnami的Charts，它是基于官方的harbor-helm(https://github.com/goharbor/harbor-helm) ，并做了一些增强，这里不做赘述。

#添加helm仓库
helm repo add bitnami https://charts.bitnami.com
#fetch charts，并解压
helm fetch --untar bitnami/harbor
#修改配置文件values-production.yaml
1）修改全局storgeClass，我这里使用的是nfs，具体的sc为nfs-client，具体配置时请根据实际情况做调整
global:
  storageClass: nfs-client
2）修改service的类型，请根据实际情况调整
service:
  type: NodePort
3）关闭tls功能，具体请根据情况做调整
service:
  tls:
    enabled: false
4）定义NodePort端口
service:
  nodePort:
    ports:
      http:
        nodePort: 31080
5）调整仓库卷的大小，请根据情况做调整
persistence:
  persistentVolumeClaim:
    registry:
      size: 200G
6）设置externalURL
externalURL: xxx.example.org
#安装部署
helm install bitnami/harbor -f values-production.yaml  --name sre-harbor  --namespace sre

#结果显示
NAME:   sre-harbor
LAST DEPLOYED: Thu Sep 19 17:34:27 2019
NAMESPACE: sre
STATUS: DEPLOYED

RESOURCES:
==> v1/Secret
NAME                           TYPE    DATA  AGE
sre-harbor-postgresql          Opaque  1     1s
sre-harbor-chartmuseum-secret  Opaque  1     1s
sre-harbor-core-envvars        Opaque  3     1s
sre-harbor-core                Opaque  4     1s
sre-harbor-jobservice          Opaque  1     1s
sre-harbor-registry            Opaque  2     1s

==> v1/ConfigMap
NAME                                DATA  AGE
sre-harbor-postgresql-init-scripts  3     1s
sre-harbor-redis                    3     1s
sre-harbor-redis-health             6     1s
sre-harbor-chartmuseum-envvars      15    1s
sre-harbor-clair                    1     1s
sre-harbor-core-envvars             34    1s
sre-harbor-core                     1     1s
sre-harbor-jobservice               1     1s
sre-harbor-nginx                    1     1s
sre-harbor-notary-server            5     1s
sre-harbor-registry                 2     1s

==> v1/PersistentVolumeClaim
NAME                    STATUS  VOLUME                                    CAPACITY  ACCESS MODES  STORAGECLASS  AGE
sre-harbor-chartmuseum  Bound   pvc-ada5239a-dac0-11e9-b579-00163e064a2f  5Gi       RWO           nfs-client    1s
sre-harbor-jobservice   Bound   pvc-ada5bc62-dac0-11e9-b579-00163e064a2f  1Gi       RWO           nfs-client    1s
sre-harbor-registry     Bound   pvc-ada67232-dac0-11e9-b579-00163e064a2f  200Gi     RWO           nfs-client    1s

==> v1/Service
NAME                            TYPE       CLUSTER-IP       EXTERNAL-IP  PORT(S)                      AGE
sre-harbor-postgresql-headless  ClusterIP  None             <none>       5432/TCP                     1s
sre-harbor-postgresql           ClusterIP  192.168.230.120  <none>       5432/TCP                     1s
sre-harbor-redis-headless       ClusterIP  None             <none>       6379/TCP                     1s
sre-harbor-redis-master         ClusterIP  192.168.155.133  <none>       6379/TCP                     1s
sre-harbor-chartmuseum          ClusterIP  192.168.254.236  <none>       80/TCP                       1s
sre-harbor-clair                ClusterIP  192.168.108.2    <none>       6060/TCP,6061/TCP            1s
sre-harbor-core                 ClusterIP  192.168.171.198  <none>       80/TCP                       1s
sre-harbor-jobservice           ClusterIP  192.168.19.27    <none>       80/TCP                       1s
sre-harbor                      NodePort   192.168.225.35   <none>       80:31080/TCP,4443:30004/TCP  1s
sre-harbor-notary-server        ClusterIP  192.168.92.252   <none>       4443/TCP                     1s
sre-harbor-notary-signer        ClusterIP  192.168.72.54    <none>       7899/TCP                     1s
sre-harbor-portal               ClusterIP  192.168.90.132   <none>       80/TCP                       1s
sre-harbor-registry             ClusterIP  192.168.43.96    <none>       5000/TCP,8080/TCP            1s

==> v1/Deployment
NAME                      DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
sre-harbor-chartmuseum    1        1        1           0          1s
sre-harbor-clair          1        1        1           0          1s
sre-harbor-core           1        1        1           0          1s
sre-harbor-jobservice     1        1        1           0          1s
sre-harbor-notary-server  1        0        0           0          1s
sre-harbor-notary-signer  1        0        0           0          1s
sre-harbor-portal         1        0        0           0          0s
sre-harbor-registry       1        0        0           0          0s

==> v1beta1/Deployment
NAME              DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
sre-harbor-nginx  1        1        1           0          1s

==> v1beta2/StatefulSet
NAME                     DESIRED  CURRENT  AGE
sre-harbor-postgresql    1        1        0s
sre-harbor-redis-master  1        1        0s

==> v1/Pod(related)
NAME                                       READY  STATUS             RESTARTS  AGE
sre-harbor-chartmuseum-5f9d96f89f-bndxc    0/1    ContainerCreating  0         1s
sre-harbor-clair-79d997654c-bns26          0/1    ContainerCreating  0         1s
sre-harbor-core-56ddbb48f7-qrvsv           0/1    ContainerCreating  0         1s
sre-harbor-jobservice-5c8fbfbb-mrp5z       0/1    ContainerCreating  0         1s
sre-harbor-nginx-8fd6fc5b7-m7kwf           0/1    ContainerCreating  0         1s
sre-harbor-notary-server-86dc474cf6-p2nq2  0/1    ContainerCreating  0         0s
sre-harbor-notary-signer-67ff9f56b6-fskdt  0/1    Pending            0         0s
sre-harbor-portal-85ccdcd75-fdvx6          0/1    Pending            0         0s
sre-harbor-registry-66f4b897ff-945dk       0/2    Pending            0         0s
sre-harbor-postgresql-0                    0/1    Pending            0         0s
sre-harbor-redis-master-0                  0/1    Pending            0         0s


NOTES:
** Please be patient while the chart is being deployed **

1. Get the Harbor URL:

  export NODE_PORT=$(kubectl get --namespace sre -o jsonpath="{.spec.ports[0].nodePort}" services sre-harbor)
  export NODE_IP=$(kubectl get nodes --namespace sre -o jsonpath="{.items[0].status.addresses[0].address}")
  echo "Harbor URL: http://$NODE_IP:$NODE_PORT/"

2. Login with the following credentials to see your Harbor application

  echo Username: "admin"
  echo Password: $(kubectl get secret --namespace sre sre-harbor-core-envvars -o jsonpath="{.data.HARBOR_ADMIN_PASSWORD}" | base64 --decode)

nginx配置

通过外部nginx反向代理到k8s NodePort即可，有两个地方要注意：

解析到nginx的域名需要和externalURL一致
反向代理设置时，proxysetheader Host $host不能配置

数据库

文章转载自ItTalk，如果涉嫌侵权，请发送邮件至：contact@modb.pro进行举报，并提供相关证据，一经查实，墨天轮将立刻删除相关内容。

Helm部署Harbor

Harbor简介

为何选择部署私服仓库？

Helm部署harbor

nginx配置

评论