1 安装

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
var_base=/root/helm
var_app=$var_base/harbor
var_version=1.12.1

mkdir -p $var_app
cd $var_app

helm repo add harbor https://helm.goharbor.io
helm repo update
helm pull harbor/harbor --version $var_version
tar xf harbor-$var_version.tgz

helm upgrade --install --dry-run --debug \
  --namespace harbor \
  --create-namespace \
  --set expose.type=ingress \
  --set expose.tls.enabled=true \
  --set expose.tls.certSource=secret \
  --set expose.tls.secret.secretName='harbor-example-com-tls' \
  --set expose.tls.secret.notarySecretName='notary-example-com-tls' \
  --set expose.ingress.hosts.core="harbor.example.com" \
  --set expose.ingress.hosts.notary="notary.example.com" \
  --set expose.ingress.className=nginx \
  --set-string expose.ingress.annotations."kubernetes\.io/tls-acme"=true \
  --set-string expose.ingress.annotations."ingress\.kubernetes\.io/ssl-redirect"=true \
  --set-string expose.ingress.annotations."ingress\.kubernetes\.io/proxy-body-size"=1024m \
  --set-string expose.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"=true \
  --set-string expose.ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-body-size"=1024m \
  --set-string expose.ingress.annotations."nginx\.org/client-max-body-size"=1024m \
  --set-string expose.ingress.annotations."cert-manager\.io/cluster-issuer"='letsencrypt-prod' \
  --set externalURL="https://harbor.example.com" \
  --set harborAdminPassword='Password' \
  --set persistence.enabled=true \
  --set persistence.resourcePolicy=keep \
  --set persistence.persistentVolumeClaim.registry.storageClass=rook-cephfs \
  --set persistence.persistentVolumeClaim.registry.size=100Gi \
  --set persistence.persistentVolumeClaim.registry.accessMode=ReadWriteMany \
  --set persistence.persistentVolumeClaim.jobservice.jobLog.storageClass=rook-cephfs \
  --set persistence.persistentVolumeClaim.jobservice.jobLog.size=10Gi \
  --set persistence.persistentVolumeClaim.jobservice.jobLog.accessMode=ReadWriteMany \
  --set persistence.persistentVolumeClaim.database.storageClass=rook-cephfs \
  --set persistence.persistentVolumeClaim.database.size=10Gi \
  --set persistence.persistentVolumeClaim.database.accessMode=ReadWriteOnce \
  --set persistence.persistentVolumeClaim.redis.storageClass=rook-cephfs \
  --set persistence.persistentVolumeClaim.redis.size=10Gi \
  --set persistence.persistentVolumeClaim.redis.accessMode=ReadWriteOnce \
  --set persistence.persistentVolumeClaim.trivy.storageClass=rook-cephfs \
  --set persistence.persistentVolumeClaim.trivy.size=10Gi \
  --set persistence.persistentVolumeClaim.trivy.accessMode=ReadWriteOnce \
  --set database.internal.password='TestPassword' \
  --set metrics.enabled=true \
  harbor ./harbor

helm upgrade --install \
  --namespace harbor \
  --create-namespace \
  --set expose.type=ingress \
  --set expose.tls.enabled=true \
  --set expose.tls.certSource=secret \
  --set expose.tls.secret.secretName='harbor-example-com-tls' \
  --set expose.tls.secret.notarySecretName='notary-example-com-tls' \
  --set expose.ingress.hosts.core="harbor.example.com" \
  --set expose.ingress.hosts.notary="notary.example.com" \
  --set expose.ingress.className=nginx \
  --set-string expose.ingress.annotations."kubernetes\.io/tls-acme"=true \
  --set-string expose.ingress.annotations."ingress\.kubernetes\.io/ssl-redirect"=true \
  --set-string expose.ingress.annotations."ingress\.kubernetes\.io/proxy-body-size"=1024m \
  --set-string expose.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"=true \
  --set-string expose.ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-body-size"=1024m \
  --set-string expose.ingress.annotations."nginx\.org/client-max-body-size"=1024m \
  --set-string expose.ingress.annotations."cert-manager\.io/cluster-issuer"='letsencrypt-prod' \
  --set externalURL="https://harbor.example.com" \
  --set harborAdminPassword='Password' \
  --set persistence.enabled=true \
  --set persistence.resourcePolicy=keep \
  --set persistence.persistentVolumeClaim.registry.storageClass=rook-cephfs \
  --set persistence.persistentVolumeClaim.registry.size=100Gi \
  --set persistence.persistentVolumeClaim.registry.accessMode=ReadWriteMany \
  --set persistence.persistentVolumeClaim.jobservice.jobLog.storageClass=rook-cephfs \
  --set persistence.persistentVolumeClaim.jobservice.jobLog.size=10Gi \
  --set persistence.persistentVolumeClaim.jobservice.jobLog.accessMode=ReadWriteMany \
  --set persistence.persistentVolumeClaim.database.storageClass=rook-cephfs \
  --set persistence.persistentVolumeClaim.database.size=10Gi \
  --set persistence.persistentVolumeClaim.database.accessMode=ReadWriteOnce \
  --set persistence.persistentVolumeClaim.redis.storageClass=rook-cephfs \
  --set persistence.persistentVolumeClaim.redis.size=10Gi \
  --set persistence.persistentVolumeClaim.redis.accessMode=ReadWriteOnce \
  --set persistence.persistentVolumeClaim.trivy.storageClass=rook-cephfs \
  --set persistence.persistentVolumeClaim.trivy.size=10Gi \
  --set persistence.persistentVolumeClaim.trivy.accessMode=ReadWriteOnce \
  --set database.internal.password='TestPassword' \
  --set metrics.enabled=true \
  harbor ./harbor

helm list --namespace harbor

# helm uninstall harbor --namespace harbor

2 测试

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
# /etc/containerd/config.toml添加
    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.example.com".tls]

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.example.com"]
          endpoint = ["https://harbor.example.com"]

systemctl daemon-reload
systemctl restart containerd
ctr image pull --all-platforms docker.io/library/redis:alpine
ctr image tag docker.io/library/redis:alpine harbor.example.com/library/redis:alpine
ctr images push --user admin:Password harbor.example.com/library/redis:alpine

docker login -u admin -pPassword harbor.example.com

3 创建用户和项目