准备环境
证书
[[Others/OpenSSL生成自签名证书|OpenSSL生成自签名证书]]
[[Kubernetes/K3s证书管理|K3s证书管理]]
默认配置文件
1
| helm show values harbor/harbor > harbor-values.yaml
|
安装
配置清单
harbor-value.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
| expose: type: ingress tls: enabled: true certSource: secret secret: secretName: "example.io" notarySecretName: "example.io" ingress: hosts: core: harbor.example.io notary: notary.example.io controller: default annotations: ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/proxy-body-size: "0" kubernetes.io/ingress.class: "traefik" traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure
externalURL: https://harbor.example.io
harborAdminPassword: "Harbor123456"
logLevel: info
chartmuseum: enabled: true
database: type: external external: host: "postgres.devops.svc.cluster.local" port: "5432" username: "harbor" password: "harbor" redis: type: external external: addr: "redis.devops.svc.cluster.local:6379" password: "passwd"
|
harbor-ingress.yaml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101
| apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: namespace: kube-ops name: harbor-http spec: entryPoints: - websecure tls: secretName: all-xxxx-com routes: - match: Host(`harbor.example.com`) && PathPrefix(`/`) kind: Rule services: - name: harbor-portal port: 80 --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: namespace: kube-ops name: harbor-api spec: entryPoints: - websecure tls: secretName: all-xxxx-com routes: - match: Host(`harbor.example.com`) && PathPrefix(`/api/`) kind: Rule services: - name: harbor-core port: 80 --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: namespace: kube-ops name: harbor-service spec: entryPoints: - websecure tls: secretName: all-xxxx-com routes: - match: Host(`harbor.example.com`) && PathPrefix(`/service/`) kind: Rule services: - name: harbor-core port: 80 --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: namespace: kube-ops name: harbor-v2 spec: entryPoints: - websecure tls: secretName: all-xxxx-com routes: - match: Host(`harbor.example.com`) && PathPrefix(`/v2`) kind: Rule services: - name: harbor-core port: 80 --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: namespace: kube-ops name: harbor-chartrepo spec: entryPoints: - websecure tls: secretName: all-xxxx-com routes: - match: Host(`harbor.example.com`) && PathPrefix(`/chartrepo/`) kind: Rule services: - name: harbor-core port: 80 --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: namespace: kube-ops name: harbor-c spec: entryPoints: - websecure tls: secretName: all-xxxx-com routes: - match: Host(`harbor.example.com`) && PathPrefix(`/c/`) kind: Rule services: - name: harbor-core port: 80
|
安装Harbor
1 2 3 4 5 6 7
| helm repo add harbor https://helm.goharbor.io
helm upgrade harbor harbor/harbor --namespace harbor \ --install --create-namespace \ -f harbor-values.yaml
|
配置
配置library仓库源
1 2 3 4 5 6 7
| kubectl edit configmap harobr-registry -n harbor
# 在auth: 后边添加新节点 proxy: remoteurl: "https://registry-1.docker.io"
|
使用Harbor
配置镜像缓存
参考
Harbor 搭建镜像代理 | Northes
Kubernetes ≥ 1.25 Containerd配置Harbor私有镜像仓库_containerd登录镜像仓库-CSDN博客
结合Cert-Manager完成Harbor的Https证书自动签发 | 风格 | 风起于青萍之末 (lusyoe.github.io)
Containerd容器镜像管理-腾讯云开发者社区-腾讯云 (tencent.com)
通过helm在k8s上搭建Harbor - 简书 (jianshu.com)
Kubernetes 集群仓库 harbor Helm3 部署-腾讯云开发者社区-腾讯云 (tencent.com)
containerd基本使用命令 - 杨梅冲 - 博客园 (cnblogs.com)
Kubernetes1.21搭建harbor-腾讯云开发者社区-腾讯云 (tencent.com)