部署镜像仓库harbor

官方文档中写得很清楚,这里简单概括一下:

# 克隆git项目
$ git clone https://github.com/vmware/harbor
$ cd harbor/contrib/helm/harbor

# Download external dependent charts
$ helm dependency update

# 编辑部分配置项
$ vim values.yml
......
externalDomain: harbor.local
......
    # 因为我本机的traefik ingress未开启TLS的endpoint,这里设置不自动跳转至https
    ingress.kubernetes.io/ssl-redirect: "false"
......

# 使用helm安装
$ helm install . --debug --name harbor-release -f values.yaml

过一会儿使用命令helm status harbor-release查看下部署的状态:

$ helm status harbor-release
......
==> v1/Pod(related)
NAME                                                  READY  STATUS   RESTARTS  AGE
harbor-release-postgresql-66f5477d9c-4wncj            1/1    Running  0         8m
harbor-release-harbor-clair-55f6d7899d-hm8cx          1/1    Running  1         8m
harbor-release-harbor-jobservice-878896998-glbvw      1/1    Running  4         8m
harbor-release-harbor-notary-server-6ccddbcd98-knk2n  1/1    Running  0         8m
harbor-release-harbor-notary-signer-5f4df97cd5-2vbb8  1/1    Running  0         8m
harbor-release-harbor-ui-5bbf974497-skpnr             1/1    Running  3         8m
harbor-release-redis-master-0                         1/1    Running  0         8m
harbor-release-harbor-adminserver-0                   1/1    Running  1         8m
harbor-release-harbor-mysql-0                         1/1    Running  0         8m
harbor-release-harbor-notary-db-0                     1/1    Running  0         8m
harbor-release-harbor-registry-0                      1/1    Running  0         8m
......
NOTES:

Please wait for several minutes for Harbor deployment to complete.
Then follow the steps below to use Harbor.

1. Add the Harbor CA certificate to Docker by executing the following command:

  sudo mkdir -p /etc/docker/certs.d/harbor.local
  kubectl get secret \
    --namespace default harbor-release-harbor-ingress \
    -o jsonpath="{.data.ca\.crt}" | base64 --decode | \
    sudo tee /etc/docker/certs.d/harbor.local/ca.crt

2. Get Harbor admin password by executing the following command:

  kubectl get secret --namespace default harbor-release-harbor-adminserver -o jsonpath="{.data.HARBOR_ADMIN_PASSWORD}" | base64 --decode; echo

3. Add DNS resolution entry for Harbor FQDN harbor.local to K8s Ingress Controller IP on DNS Server or in file /etc/hosts.
   Add DNS resolution entry for Notary FQDN notary-harbor.local to K8s Ingress Controller IP on DNS Server or in file /etc/hosts.

4. Access Harbor UI via https://harbor.local

5. Login Harbor with Docker CLI:

  docker login harbor.local

这里有几个提示:

  1. harbor-release-harbor-ingress 中导出data.ca.crt,并导入到docker的证书目录中,这样docker就会信任该镜像仓库
  2. 通过kubectl get secret --namespace default harbor-release-harbor-adminserver -o jsonpath="{.data.HARBOR_ADMIN_PASSWORD}" | base64 --decode; echo 命令可以得到harbor的管理员密码
  3. 要添加两个域名映射harbor.localnotary-harbor.local,本机开发的话,把这两个域名指向127.0.0.1就可以了

/etc/hosts文件中配上两个域名的映射,然后在浏览器中直接访问http://harbor.local,页面很快显示出来了,管理员登录凭证为admin/Harbor12345

OVER

参考

  1. https://github.com/vmware/harbor/tree/master/contrib/helm/harbor