无缝迁移：Harbor镜像仓库对接MinIO，提升容器管理效率

Tip：设置Harbor只读状态，需要Harbor 2.1及以上版本才支持。

$ curl -X PUT -k -u admin https://172.139.20.100/api/v2.0/configurations \
-H "Host: core.jiaxzeng.com" \
-H "Content-Type: application/json" \
-d '{"read_only": true}'
Enter host password for user 'admin':

1、下载rclone服务

$ wget https://downloads.rclone.org/v1.68.2/rclone-v1.68.2-linux-amd64.zip
--2024-12-23 09:31:34--  https://downloads.rclone.org/v1.68.2/rclone-v1.68.2-linux-amd64.zip
Resolving downloads.rclone.org (downloads.rclone.org)... 95.217.6.16, 2a01:4f9:c012:7154::1
Connecting to downloads.rclone.org (downloads.rclone.org)|95.217.6.16|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 22492286 (21M) [application/zip]
Saving to: ‘rclone-v1.68.2-linux-amd64.zip’

100%[===============================================================================================================================>] 22,492,286  5.15MB/s   in 4.2s   

2024-12-23 09:31:40 (5.15 MB/s) - ‘rclone-v1.68.2-linux-amd64.zip’ saved [22492286/22492286]

$ unzip rclone-v1.68.2-linux-amd64.zip    
Archive:  rclone-v1.68.2-linux-amd64.zip
   creating: rclone-v1.68.2-linux-amd64/
  inflating: rclone-v1.68.2-linux-amd64/README.html  
  inflating: rclone-v1.68.2-linux-amd64/rclone.1  
  inflating: rclone-v1.68.2-linux-amd64/rclone  
  inflating: rclone-v1.68.2-linux-amd64/README.txt  
  inflating: rclone-v1.68.2-linux-amd64/git-log.txt  

2、配置rclone连接minio

$ cat ~/.config/rclone/rclone.conf 
[minio]
type = s3
provider = Minio
access_key_id = 4oMdyyLC88OkxfMtIJ2S
secret_access_key = y0f7toxKPoAV6LanDawXGcQwkoiA8yvyI56mUQXw
endpoint = https://s3.jiaxzeng.com
acl = private
upload_cutoff = 5Gi

3、验证连接

$ ./rclone tree minio:/test --no-check-certificate
/

0 directories, 0 files

4、同步数据

$ ./rclone sync data/harbor minio:/test --no-check-certificate
Transferred:        4.552 GiB  5.031 GiB, 90%, 0 B/s, ETA -
Checks:               685  685, 100%
Transferred:         1310  1311, 100%
Server Side Copies:  1310 @ 4.552 GiB
Elapsed time:       8m0.0s
Transferring:
 * docker/registry/v2/blo…1f625c3eba5d6ef8f/data:  0% 491.157Mi, 0/s, -

2024/12/23 14:51:54 INFO  : docker/registry/v2/blobs/sha256/aa/aa0d936fc7016fdab5ca4fcbc688b774c10731c66a456971f625c3eba5d6ef8f/data: Copied (server-side copy)
2024/12/23 14:51:54 INFO  : 
Transferred:        5.031 GiB  5.031 GiB, 100%, 0 B/s, ETA -
Checks:               685  685, 100%
Transferred:         1311  1311, 100%
Server Side Copies:  1311 @ 5.031 GiB
Elapsed time:       8m5.7s

Tip：/data/harbor是Harbor仓库数据目录；minio:/test是rclone配置名称:/buetcks名称

1、harbor对接Minio配置

$ cat etc/kubernetes/addons/harbor-value.yml
persistence:
  imageChartStorage:
    type: s3
    disableredirect: true
    s3:
      bucket: harbor
      accesskey: ahnGo5qpakYnMXIq5zjf
      secretkey: LulZqwHbtFS7UIF55F77w9R1lwetaYK5HnXT6gIC
      regionendpoint: http://minio.kube-system.svc:9000

2、更新harbor仓库

$ helm -n harbor upgrade harbor -f etc/kubernetes/addons/harbor-value.yml etc/kubernetes/addons/harbor
Release "harbor" has been upgraded. Happy Helming!
NAME: harbor
LAST DEPLOYED: Mon Dec 23 14:54:31 2024
NAMESPACE: harbor
STATUS: deployed
REVISION: 15
TEST SUITE: None
NOTES:
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at https://core.jiaxzeng.com
For more details, please visit https://github.com/goharbor/harbor

$ curl -X PUT -k -u admin https://172.139.20.100/api/v2.0/configurations \
-H "Host: core.jiaxzeng.com" \
-H "Content-Type: application/json" \
-d '{"read_only": false}'
Enter host password for user 'admin':

$ sudo docker push core.jiaxzeng.com/library/tools:v1.1
The push refers to repository [core.jiaxzeng.com/library/tools]
6d6e25fcbe73: Layer already exists 
83c89c42636d: Layer already exists 
v1.1: digest: sha256:fde527bff0c89d6cefbf8fac19e7c6e8266766641f4a8610e4f7c2154ca86252 size: 741

Tip：验证一定要使用push功能