一、创建PVC
需要先部署NFS
https://blog.51cto.com/yht1990/2630775《storageClass动态挂载对接NFS存储》
kubectl create ns harbor
caIPt &grequests库怎么安装t; harbor-4%bc%9a" target="_blank">时会良pvc.yaml <<'eof'
kind: PersistentVol时会高志须酬umeClaim
apiVersion: v1
metadata:
nameselect的名词: harbor-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
storageClassName: storage-nfs
resources:
reqrequest是什么意思英语uests:
storage: 20Gi
eof
k时会琴客ubectl apply -f harbor-pvc.yaml
二、拉取harbor的chart到本地
[root@k8s-master harbor]# helm repo aiphone12dd harbor https:selector//helm.goharbor.io
[root@k8s-master harbor]# helm repo update
[root@k8s-master harbor]# helm search repo harbor
NAMEselect的名词 CHART VERSION APP VERSION DESCRIPTION
harbor/harbor 1.5.1 2.1.1 An open source tselectionrusiphone6sted cloudiphone6s native registry th...
[root@k8s-master harbrequests库怎么安装or]# helm repo ls
NAME URL
stable http://mirror.azure.cn/kubernetes/charts/
harbor https://helm.goharbor.io
[root@k8s-master harborice是什么意思]# helm pull hip地址查询arbor/haselect是什么意思中文rbor --version 1.5.1
三、Chart参数设置
生产环境size必须调大
[root@k8siphone11-master harb时会高志须酬or]# tar xf harbor-1.5.1select是什么意思中文.tgiptvz
[root@k8s-master harbor]# cd harbor
[root@k8s-master harbor]# cp values.yaml values.yaml.bicey艾希中文免费下载ak
[roice怎么读ot@k8s-master harIPbor]# vim values.yaml
...
36selector core: harbor.od.com
...
101 externalURL: https://harbor.od.com # 设置访问域名
...
108 externalURL: https://harbor.od.com
185icecream 193 persistentVolumeClaim:
194 registry:
195 # Use the existing PVC which时会宝 must be created manually before bound,
196 # and specify the "subPath" if the PVC is shared with othe时会良r components
197 existingClaim: "harbor-select语句的基本用法pvc"
198 # Specify the "storageClass" used to provision the volume.selected Or the default
199 # StorageClass will be used(the def时会理ault).
200 # Set it to "-" to disable dynamic provisioning
201 storageClass: ""
202 subPath: "registry"
203 accessMode: ReaicecreamdWriteOnce
204 size: 5Gi
205 chartmuseum:
206 existinIPgClaim: "harbor-pvc"
207icey storageClass: ""
208 subPath: "chartmuseum"
209icecream accesSelectsMode: ReadWriteOnce
21时会理0 size: 5Gi
211 jobservice:
212 existingClaim: "harbor-pvc"
213 storageClass: ""
21iptv4 su时会理bPath: "jobservice"
215 accessMode: ReadWriteOnce
216 size: 1Gi
217 # If external dataicey艾希中文免费下载base is used, thiphonexre following settings for dataselected是什么档次base will
218 # be ignored
21selected是什么档次9 database:
220 existingClaim: "harbor-piphonevc"
221 storageClass: ""
222 subPath: "database"
223 accessMode:requests库 ReadWriteOnceSelect
224 size: 1Gi
225 # If external Redis is used, the following settiphoneings for Redis will
226 # be ignored
227 redis:
228 existingselected是什么档次Claim: "harbor-pvc"
2时会理29 storageClass: ""
230 subPath: "redis"
231 accessMode: ReadWriselected是什么牌子的男装teOnce
232 size时会琴客: 1Gi
233 trivy:iceberg
234 existingClaim: "harbor-pvc"
235 storageClass: ""
236 subPath: "trivy"
237 accrequest是什么意思英语essMode: ReadWriteOnce
238 size: 5Gi
...
539 clair:
540 enabled: false
...
569 trivy:
570 # enabled the flag to enable Trivy scanner
5时会的近义词71 enabled: false
...
626 notary:
627 enabled: false
...
四、踩坑一
redis持久化数据目录权限导request是什么意思英语致无法登录
redis数据requests库怎么安装目录,/var/iphone6slib/redis,需要设置redis的用户及用户组权限
/root/harbor/templates/redis/statefulset.yaml
initContainersice怎么读:
- name: "change-ip地址permission-of-directory"
securIPityContext:
runAsUser: 0
image: {{ .Values.databaip地址siceberge.internal.image.repository }}:{{ .Values.database.internicecreamal.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}时会香炉
command: ["/bin/sh"]
args: ["-c", "chown -R 999:999 /var/lib/redis"]
volumeMounts:
- name: data
mountPath: /var/lib/redis
subPath: {{ $redis时会.subPath }}
五、踩坑二
registry组件的ice镜icey下载像存储目录权限导致镜像推送失败
registry的镜像存储request什么意思中文目录,需要设置registry用户的用户及用户组时会达,不然镜像推送失败
/root/harbor/templates/registry/registry-dpl.yaml
ini时会高志须酬tContainers:
- nameiphone12: "change-permission-of-directory"
securityContext:
runAsUser: 0
image: {{ .Values.database.internal.imagrequest是什么意思中文翻译e.repository }}:{{ .Values.databasIPe.internal.image.tag }}
imagePullicelandPselectiveolicy: {{ .Values.imagePullPolicy时会的近义词 }}
commanrequests库d: ["/biniphone6s/sh"]
args: ["-c", "chown -R 10000:10000 {{ .Values.persistence.imageCice是什么意思hartStorage.filesystem.rootdirectory }}"]
volumeMountsiceberg:
- name: registry-data
mountPath: {{ .Values.p时会琴客ersistencicelande.imageChartStorage.filesystipadem.rootdirectory }}
subPath: {{ .Values.persistence.persistentVolumeClaim.registry.subPath }}
六、踩坑三
chartmuseum存储目录权限时会的近义词,导致chart推送失败
/root/harbor/templselectorates/chartmuseum/chartmuseum-dpl.yaml
initContainers:
- name: "change-permission-requests怎么读of-directory"
securityContext:
runAsUser: 0
image: {{ .Values.databaserequest是什么意思英语.internal.image.repository时会达 }}:{{ .Values.database.internal.image.tice是什么意思英语ag }}
imagePullPolicy: {{ .Values.imagePullPoli时会的近义词cy }}
commaselectornd: ["/bin/sh"]
args: ["-c", "chown -R 10000:10000 /chart_storage"]
vorequests库lumeMounts:
- name: chartmuseum-data
mountPath: /chart_storage
subPath: {{ .Values.perequests库怎么安装rsistence.persistentVol时会达umeClaim.chartmuseum.subPath }}
七、安装harbor
cd
helm install harbor ./harbor -n harbor
helm -n harborice ls
kuselect是什么意思中文bectl -n harbor get po
八、配置访问推送
8.1、域名配置
dns服务器或者hosts里配置
ip harboricey下载.select什么意思odselected.com
8.2、配置docker daemIPon
cat /etc/dockerselect语句的基本用法/daemon.json
"insecure-registries": [
"harbor.od.comselect的名词"
],
systemctl restart dockerselect的名词
8.3 推送char时会理t
使用账户密码登录admin/Harbo时会水r12345
docker login harbor.od.com
hselectedelm plugin install https://github.com/chartmuseum/helm-push
helm plugin ls
kubectl get secret harbor-harbor-ingress -n harbor -o jsonpath="{.data.ca.crt}" | base64 -d >harbor.ca.crt
cp harbor.ca.crt /etc/pki/ca-trust/source/anchors
update-ca-trust enable; update-ca-trust extract
helm repo add myharborIP https://harbor.od.com/chartreselect语句的基本用法po/library --ca-filerequest什么意思=harbor.ca.crt
hip地址查询elm repo ls
helm push harbor myharbor -selective-ca-file=harbor.ca.crt -u admin -p Harbor12345
发表评论