kubernetes搭建Harbor无坑及Harbor仓库同步
<h1 id="一helm搭建harbor">一、helm搭建harbor</h1><h2 id="1安装helm">1.安装helm</h2>
<h3 id="11安装helm客户端">1.1.安装helm客户端</h3>
<pre><code>tar -zxvf helm-v2.14.3-linux-amd64.tar.gz
mv linux-amd64/helm /usr/local/bin/
chmod +x /usr/local/bin/helm
helm version
</code></pre>
<h3 id="12安装helm-tillerserver端">1.2.安装helm tiller(server)端</h3>
<h4 id="121为应用程序设置serviceaccount">1.2.1.为应用程序设置serviceaccount</h4>
<pre><code>kubectl create -f helm-rbac-config.yaml
</code></pre>
<pre><code>kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
</code></pre>
<h4 id="122安装tiller">1.2.2.安装tiller</h4>
<pre><code>helm init --upgrade -i registry.cn-hangzhou.aliyuncs.com/google_containers/tiller:v2.14.3 --stable-repo-url (https://kubernetes.oss-cn-hangzhou.aliyuncs.com/charts)
</code></pre>
<h4 id="123卸载helm镜像等k8s资源">1.2.3.卸载Helm镜像等k8s资源</h4>
<pre><code>kubectl get -n kube-system secrets,sa,clusterrolebinding -o name|grep tiller|xargs kubectl -n kube-system delete kubectl get all -n kube-system -l app=helm -o name|xargs kubectl delete -n kube-system
</code></pre>
<h2 id="2-安装harbor">2. 安装Harbor</h2>
<p><strong>下载 harbor-helm</strong></p>
<pre><code>git clone https://github.com/goharbor/harbor-helm.git
cd XXX/harbor-helm
</code></pre>
<h3 id="21设置valueyml">2.1.设置value.yml</h3>
<p>更改挂载卷,为nfs</p>
<pre><code>sed -i 's/storageClass: ""/storageClass: "nfs"/g' values.yaml
</code></pre>
<p>更改挂载卷大小/size</p>
<pre><code>persistence:
enabled: true
# Setting it to "keep" to avoid removing PVCs during a helm delete
# operation. Leaving it empty will delete PVCs after the chart deleted
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
# Use the existing PVC which must be created manually before bound,
# and specify the "subPath" if the PVC is shared with other components
existingClaim: ""
# Specify the "storageClass" used to provision the volume. Or the default
# StorageClass will be used(the default).
# Set it to "-" to disable dynamic provisioning
storageClass: "nfs"
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
chartmuseum:
existingClaim: ""
storageClass: "nfs"
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
</code></pre>
<p>更改Harbor暴露方式和域名</p>
<pre><code>ingress:
hosts:
core: core.harbor.domain
notary: notary.harbor.domain
</code></pre>
<pre><code>externalURL: https://core.harbor.domain
</code></pre>
<p>更改Harbor密码</p>
<pre><code>harborAdminPassword: "Harbor12345"
</code></pre>
<p>若为非存储卷,创建pv</p>
<pre><code>for i in {1..5}; do
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv00${i}
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce #需要注意
persistentVolumeReclaimPolicy: Recycle
nfs:
path: /volume1/harbor/nfs${i}
server: 10.8.4.133
EOF
done
</code></pre>
<h3 id="22安装harbor并将日志写入文件可编辑文件保留yaml编排文件以便以后使用">2.2.安装harbor并将日志写入文件,可编辑文件保留.yaml编排文件,以便以后使用</h3>
<pre><code>helm install . --debug --name hub |sed 'w harbor.yaml'
</code></pre>
<h3 id="23卸载harbor">2.3.卸载Harbor</h3>
<pre><code>helm del hub --purge
kubectl get pod,pv,pvc -o name|grep hub |xargs kubectl delete
</code></pre>
<h3 id="24若pod未启动成功">2.4.若Pod未启动成功</h3>
<h4 id="241查看hub-harbor-database-0日志">2.4.1.查看hub-harbor-database-0 日志</h4>
<pre><code>kubectl logs -f hub-harbor-database-0
</code></pre>
<p>或</p>
<pre><code>kubectl logs hub-harbor-database-0 -p
</code></pre>
<p><img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823102549994-28177689.png" alt="harbor-db日志" loading="lazy"></p>
<p>若Pod启动失败,报找不到以上database的错误,是有db还未启动成功,在Pod探针失败的情况下强制重启了Pod,导致3个Database脚本没有执行完毕,所以加长探针开始扫描时间和超时时间。(这个问题遇到的的确很坑)</p>
<pre><code>kubectl delete statefulset hub-harbor-database
</code></pre>
<p>更改harbor.yaml中图片部分hub-harbor-database的编排文件的initialDelaySeconds、periodSeconds两个属性<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823102917425-1039377054.png" alt="harbor.yaml编配文件" loading="lazy"></p>
<pre><code> kubectl applay -f harbor.yaml
</code></pre>
<p>等待Pod全部启动完成如图</p>
<p><img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823102942570-1896238489.png" alt="Pod" loading="lazy"></p>
<h3 id="25harbor访问及使用">2.5.Harbor访问及使用</h3>
<p>查看ingress</p>
<pre><code>kubectl get ingress
</code></pre>
<p>如图配置域名<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103012438-886250616.png" alt="ingress" loading="lazy"><br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103030420-1069396520.png" alt="hosts" loading="lazy"></p>
<p>访问<u>https://core.harbor.agree</u> ,如图所示</p>
<p><img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103050233-435761010.png" alt="Harbor" loading="lazy"></p>
<h2 id="3配置docker访问密匙">3.<strong>配置docker访问密匙</strong></h2>
<pre><code>kubectl get secrets/hub-harbor-ingress -o jsonpath="{.data.ca\.crt}" | base64 --decode
</code></pre>
<p>如图<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103116380-1302919360.png" alt="image.png" loading="lazy"></p>
<pre><code>`mkdir /etc/docker/certs.d/core.harbor.agree -p`
</code></pre>
<pre><code>kubectl get secrets/hub-harbor-ingress -o jsonpath="{.data.ca\.crt}" | base64 --decode|sed 'w /etc/docker/certs.d/core.harbor.agree/ca.crt'
</code></pre>
<pre><code>docker login core.harbor.agree
</code></pre>
<p>初次登陆 用户名为admin 密码默认为Harbor12345<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103222946-1021687893.png" alt="docker login" loading="lazy"></p>
<p>创建项目如图<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103243973-1508399208.png" alt="harbor" loading="lazy"></p>
<pre><code>`docker push core.harbor.agree/dev/busybox:1.27`
</code></pre>
<p>至此Harbor安装完成。</p>
<h2 id="4配置harbor同步管理">4.配置Harbor同步管理</h2>
<p>其他区域服务器同上部署Harbor仓库</p>
<p>仓库管理-新建目标,如图,此时目标URL不可访问,请增加如下配置<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103327643-326966234.png" alt="harbor" loading="lazy"></p>
<p>执行</p>
<pre><code>`kubectl edit cm coredns -n kube-system`
</code></pre>
<p><img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103350680-579535661.png" alt="kubectl edit cm coredns" loading="lazy"></p>
<p>如图增加:</p>
<pre><code>hosts {
10.8.4.131 core.harbor.agree
fallthrough
}
</code></pre>
<p>hosts与/etc/hosts配置的ingress一致。</p>
<p>测试连接,如图,点击确定<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103411743-336640639.png" alt="harbor" loading="lazy"></p>
<p>选择同步管理-新建规则,如图:<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103427180-555821744.png" alt="harbor" loading="lazy"></p>
<p>规则:</p>
<p>1、从目标服务器拉取镜像/推送镜像</p>
<p>2、同步以名称、tag、资源过滤后的镜像</p>
<p>3、选择目标服务器</p>
<p>4、选择目标服务器Harbor的Namespace</p>
<p>5、选择触发模式:</p>
<p>l 手动触发</p>
<p>l 定时:</p>
<pre><code> 从一日开始,每月执行一次:0 0 0 0 1/1 ?
</code></pre>
<p>本月最后一天执行:0 0 0 L ? ?</p>
<p>每周周六凌晨执行:0 0 0 0 0 6 *</p>
<p>定时为Cron表达式,可在<u>http://cron.qqe2.com/</u>线生成</p>
<p>确认后,生产规则</p>
<p>选择规则,点击同步,如图:<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103450542-1686347616.png" alt="harbor" loading="lazy"></p>
<p>如果失败,请进入同步任务,查看具体日志。<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103508813-362328220.png" alt="harbor" loading="lazy"><br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103546931-415927211.png" alt="harbor" loading="lazy"></p>
<h2 id="5harbor镜像删除及gc回收">5.Harbor镜像删除及GC回收</h2>
<h3 id="51-harbor镜像删除">5.1. Harbor镜像删除</h3>
<p>项目-镜像仓库,点击镜像,选择镜像标签,点击删除-确认<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103716559-1769464453.png" alt="harbor" loading="lazy"></p>
<h3 id="52harbor-gc回收">5.2.Harbor GC回收</h3>
<p>** 镜像标签删除后,镜像文件仍然保存在Harbor中,需要通过垃圾回收进行彻底删除镜像。**<br>
操作步骤<br>
任务-垃圾清理<br>
<img src="https://img2018.cnblogs.com/blog/1773975/201908/1773975-20190823103812745-40084769.png" alt="harbor" loading="lazy"><br>
立即清理垃圾,或者定时清理垃圾。</p>
<p><strong>由于完整的k8s搭建Harbor资料很少,作者也入了不少坑,如若本篇文章对大家有所帮助,希望留下您的喜欢</strong></p><br><br>
来源:https://www.cnblogs.com/keep-live/p/11395973.html
頁:
[1]