k8s 部署harbor25
- 安装Docker和Kubernetes
在部署Harbor之前,需要先安装Docker和Kubernetes。可以参考官方文档进行安装。
- 创建Harbor的命名空间
在Kubernetes中,每个应用程序都在自己的命名空间中运行。因此,需要创建一个Harbor的命名空间。可以使用以下命令创建:
kubectl create namespace harbor
- 创建Harbor的配置文件
需要创建一个Harbor的配置文件,并在其中指定Harbor的配置参数。可以使用以下命令创建一个名为“harbor-values.yaml”的文件:
touch harbor-values.yaml
然后将以下内容复制到文件中:
# Harbor configuration
harbor:
# Harbor admin password
password: "Harbor12345"
# Harbor hostname
hostname: "harbor.example.com"
# Harbor HTTP port
http_port: 80
# Harbor HTTPS port
https_port: 443
# Harbor data volume
data_volume: "/data/harbor"
# Harbor database volume
database_volume: "/data/harbor/database"
# Harbor Redis volume
redis_volume: "/data/harbor/redis"
# Harbor log volume
log_volume: "/data/harbor/log"
# Harbor secret key
secret_key: "HarborSecretKey"
# Harbor database password
database_password: "HarborDatabasePassword"
# Harbor Redis password
redis_password: "HarborRedisPassword"
# Harbor registry storage
registry_storage: filesystem
# Harbor registry storage filesystem
registry_storage_filesystem:
# Harbor registry storage filesystem path
path: "/data/registry"
# Harbor external URL
external_url: "https://harbor.example.com"
# Harbor persistence
persistence:
# Harbor persistence enabled
enabled: true
# Harbor persistence storageClass
storageClass: "standard"
# Harbor persistence accessMode
accessMode: "ReadWriteOnce"
# Harbor persistence size
size: "10Gi"
# Harbor database
database:
# Harbor database type
type: "postgresql"
# Harbor database host
host: "harbor-postgresql"
# Harbor database port
port: 5432
# Harbor database name
name: "harbor"
# Harbor database username
username: "harbor"
# Harbor Redis
redis:
# Harbor Redis host
host: "harbor-redis"
# Harbor Redis port
port: 6379
# Harbor Redis password
password: "HarborRedisPassword"
# Harbor LDAP
ldap:
# Harbor LDAP enabled
enabled: false
# Harbor LDAP URL
url: ""
# Harbor LDAP baseDN
baseDN: ""
# Harbor LDAP username
username: ""
# Harbor LDAP password
password: ""
# Harbor LDAP filter
filter: ""
# Harbor LDAP UID
uid: ""
# Harbor LDAP scope
scope: ""
# Harbor LDAP searchDN
searchDN: ""
# Harbor LDAP searchPassword
searchPassword: ""
# Harbor LDAP searchField
searchField: ""
# Harbor LDAP groupSearchBase
groupSearchBase: ""
# Harbor LDAP groupSearchFilter
groupSearchFilter: ""
# Harbor LDAP groupSearchScope
groupSearchScope: ""
# Harbor LDAP groupMembershipAttribute
groupMembershipAttribute: ""
# Harbor LDAP groupMembershipFormat
groupMembershipFormat: ""
# Harbor LDAP groupMembershipNested
groupMembershipNested: false
# Harbor SMTP
smtp:
# Harbor SMTP enabled
enabled: false
# Harbor SMTP host
host: ""
# Harbor SMTP port
port: 25
# Harbor SMTP username
username: ""
# Harbor SMTP password
password: ""
# Harbor SMTP from
from: ""
# Harbor SMTP SSL
ssl: false
# Harbor SMTP insecure
insecure: false
# Harbor OIDC
oidc:
# Harbor OIDC enabled
enabled: false
# Harbor OIDC name
name: ""
# Harbor OIDC issuer
issuer: ""
# Harbor OIDC clientID
clientID: ""
# Harbor OIDC clientSecret
clientSecret: ""
# Harbor OIDC scope
scope: ""
# Harbor OIDC redirectURI
redirectURI: ""
# Harbor OIDC groupsClaim
groupsClaim: ""
# Harbor OIDC groupsPrefix
groupsPrefix: ""
# Harbor Clair
clair:
# Harbor Clair enabled
enabled: false
# Harbor Clair URL
url: ""
# Harbor Clair priority
priority: ""
# Harbor Trivy
trivy:
# Harbor Trivy enabled
enabled: false
# Harbor Trivy image
image: ""
# Harbor Trivy mode
mode: ""
# Harbor Trivy severity
severity: ""
# Harbor ChartMuseum
chartmuseum:
# Harbor ChartMuseum enabled
enabled: false
# Harbor ChartMuseum URL
url: ""
# Harbor ChartMuseum storage
storage: ""
# Harbor ChartMuseum storageConfig
storageConfig: ""
# Harbor Notary
notary:
# Harbor Notary enabled
enabled: false
# Harbor Notary URL
url: ""
# Harbor Notary serverName
serverName: ""
# Harbor Notary trustDir
trustDir: ""
# Harbor Notary remoteURL
remoteURL: ""
# Harbor Notary username
username: ""
# Harbor Notary password
password: ""
在此配置文件中,可以指定Harbor的密码、主机名、端口、数据卷、数据库、Redis、LDAP、SMTP、OIDC、Clair、Trivy、ChartMuseum和Notary等参数。
- 添加Harbor的Helm仓库
需要将Harbor的Helm仓库添加到Kubernetes中。可以使用以下命令添加:
helm repo add harbor https://helm.goharbor.io
helm repo update
- 安装Harbor
可以使用以下命令安装Harbor:
helm install harbor harbor/harbor -n harbor -f harbor-values.yaml
其中,“harbor”是Harbor的名称,“harbor/harbor”是Harbor的Helm Chart,“harbor-values.yaml”是Harbor的配置文件。
- 验证Harbor的安装
可以使用以下命令验证Harbor的安装:
kubectl get pods -n harbor
如果所有的Harbor的Pod都处于“Running”状态,则表示Harbor已经成功安装。
- 访问Harbor的Web界面
可以使用以下命令获取Harbor的Web界面的URL:
kubectl get svc -n harbor
然后可以在Web浏览器中访问该URL,以访问Harbor的Web界面。
- 部署应用程序到Harbor
可以使用以下命令将应用程序部署到Harbor:
docker build -t harbor.example.com/myapp:latest .
docker push harbor.example.com/myapp:latest
其中,“harbor.example.com”是Harbor的主机名,“myapp”是应用程序的名称,“latest”是应用程序的版本号。
- 在Kubernetes中使用Harbor
可以使用以下命令在Kubernetes中使用Harbor:
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
spec:
replicas: 1
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: harbor.example.com/myapp:latest
ports:
- containerPort: 8080
其中,“myapp”是应用程序的名称,“harbor.example.com”是Harbor的主机名,“latest”是应用程序的版本号。
- 总结
通过以上步骤,可以在Kubernetes中部署Harbor,并将应用程序部署到Harbor中。Harbor提供了一个安全、可靠、高效的容器镜像仓库,可以帮助企业更好地管理和部署容器镜像
原文地址: https://www.cveoy.top/t/topic/cQId 著作权归作者所有。请勿转载和采集!