继续浏览精彩内容
慕课网APP
程序员的梦工厂
打开
继续
感谢您的支持,我会继续努力的
赞赏金额会直接到老师账户
将二维码发送给自己后长按识别
微信支付
支付宝支付

基于kubernetes1.11安装Harbor私有镜像库(四)

xiaomo
关注TA
已关注
手记 25
粉丝 244
获赞 202

简介

本节主要说明如何安装,配置及运行harbor私有库。

获取Harbor 1.6源

git clone -b release-1.6.0 https://github.com/goharbor/harbor.git

修改harbor.cfg

# cd harbor/make
# vim harbor.cfg
# 主要修改以下几项:
hostname = hub.example.com  # 按实际情况修改
ui_url_protocol = https     # http -> https
ssl_cert = /etc/k8s/ssl/ssl.crt       # 改成ssl文件的实际目录路径
ssl_cert_key = /etc/k8s/ssl/ssl.key
secretkey_path = /opt
harbor_admin_password = xxxxx

给K8s添加gluster的endpoint和service

#cd make/kubernetes
#mkdir glusterfs
# 新建glusterfs/harbor-gluster.yaml, 填入如下内容:
apiVersion: v1
kind: Endpoints
metadata:
  name: ep-glusterfs-harbor-r2
subsets:
- addresses:
  - ip: 192.168.1.xx  # 这里修改为实际的gluster-manager-ip
  ports:
  - port: 49152
    protocol: TCP

---
apiVersion: v1
kind: Service
metadata:
  name: ep-glusterfs-harbor-r2
spec:
  ports:
  - port: 49152
    protocol: TCP
    targetPort: 49152
  sessionAffinity: None
  type: ClusterIP

修改pv/registy.pv.yaml,pv/storage.pv.yaml配置

#cd make/kubernetes/pv
#vim registy.pv.yaml, 修改存储为glusterfs:
apiVersion: v1
kind: PersistentVolume
metadata:
  name: registry-pv
  labels:
    type: registry
spec:
  capacity:
    storage: 100Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  glusterfs:
    endpoints: "ep-glusterfs-harbor-r2"
    path: "harbordata"
    readOnly: false
#vim storage.pv.yaml, 修改存储为glusterfs:
apiVersion: v1
kind: PersistentVolume
metadata:
  name: storage-pv
  labels:
    type: storage
spec:
  capacity:
    storage: 20Gi
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain
  glusterfs:
    endpoints: "ep-glusterfs-harbor-r2"
    path: "harbordata"
    readOnly: false

修改mysql的存储源

#cd make/kubernetes/mysql
#vim mysql.deploy.yaml, 使用共享存储storage-pvc
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: mysql
  labels:
    name: mysql
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: mysql-apps
    spec:
      containers:
      - name: mysql-app
        image: vmware/harbor-db:v1.2.0
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 3306
        env:
          - name: MYSQL_ROOT_PASSWORD
            valueFrom: 
              configMapKeyRef: 
               name: harbor-mysql-config
               key: MYSQL_ROOT_PASSWORD
        volumeMounts:
        - name: mysql-storage
          mountPath: /var/lib/mysql
          subPath: "storage"
      volumes:
      - name: mysql-storage
        persistentVolumeClaim:
          claimName: storage-pvc 

修改registry的存储源

#cd make/kubernetes/registry/
#vim registry.deploy.yaml, 使用共享存储registry-pvc
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: registry
  labels:
    name: registry
spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: registry-apps
    spec:
      initContainers:
      - name: init-registry-app
        image: vmware/registry:2.6.2-photon
        command: ['sh', '-c', "cp -f /etc/registry/tmpconfig/* /tmp/"]
        volumeMounts:
        - name: workdir
          mountPath: /tmp
        - name: config
          mountPath: /etc/registry/tmpconfig
      containers:
      - name: registry-app
        image: vmware/registry:2.6.2-photon
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 5000
        - containerPort: 5001
        volumeMounts:
        - name: workdir
          mountPath: /etc/registry
        - name: storage
          mountPath: /storage
          subPath: "registry"
      volumes:
      - name: config
        configMap:
          name: harbor-registry-config
          items:
          - key: config
            path: config.yml
          - key: cert
            path: root.crt
      - name: workdir
        emptyDir: {}
      - name: storage
        persistentVolumeClaim:
          claimName: registry-pvc

注意这里的configMap的挂载由于readonly的原因,采取了emptyDir曲线救国的方式

生成configmap文件

python make/kubernetes/k8s-prepare

修改默认的ingress.yaml

# 修改后内容如下:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: harbor
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 2048m
    nginx.ingress.kubernetes.io/upstream-hash-by: "$remote_addr"
    ingress.kubernetes.io/ssl-redirect: "false"
spec:
  rules:
  - host: hub.xxx.com
    http:
      paths:
      - path: /
        backend:
          serviceName: ui
          servicePort: 80
      - path: /v2
        backend:
          serviceName: registry
          servicePort: repo
      - path: /service
        backend:
          serviceName: ui
          servicePort: 80

根据官方文档按顺序启动服务

# create pv & pvc
kubectl apply -f make/kubernetes/glusterfs/harbor-gluster.yaml
kubectl apply -f make/kubernetes/pv/log.pv.yaml
kubectl apply -f make/kubernetes/pv/registry.pv.yaml
kubectl apply -f make/kubernetes/pv/storage.pv.yaml
kubectl apply -f make/kubernetes/pv/log.pvc.yaml
kubectl apply -f make/kubernetes/pv/registry.pvc.yaml
kubectl apply -f make/kubernetes/pv/storage.pvc.yaml

> # create config map
kubectl apply -f make/kubernetes/jobservice/jobservice.cm.yaml
kubectl apply -f make/kubernetes/mysql/mysql.cm.yaml
kubectl apply -f make/kubernetes/registry/registry.cm.yaml
kubectl apply -f make/kubernetes/ui/ui.cm.yaml
kubectl apply -f make/kubernetes/adminserver/adminserver.cm.yaml

# create service
kubectl apply -f make/kubernetes/jobservice/jobservice.svc.yaml
kubectl apply -f make/kubernetes/mysql/mysql.svc.yaml
kubectl apply -f make/kubernetes/registry/registry.svc.yaml
kubectl apply -f make/kubernetes/ui/ui.svc.yaml
kubectl apply -f make/kubernetes/adminserver/adminserver.svc.yaml

# create k8s deployment
kubectl apply -f make/kubernetes/registry/registry.deploy.yaml
kubectl apply -f make/kubernetes/mysql/mysql.deploy.yaml
kubectl apply -f make/kubernetes/jobservice/jobservice.deploy.yaml
kubectl apply -f make/kubernetes/ui/ui.deploy.yaml
kubectl apply -f make/kubernetes/adminserver/adminserver.deploy.yaml

# create k8s ingress
kubectl apply -f make/kubernetes/ingress.yaml

traefik ui 查看效果

图片描述

ui登录harbor

图片描述

另外,也可以用命令docker login hub.xxx.com,docker push xxx等方法来验证是否安装成功。

打开App,阅读手记
1人推荐
发表评论
随时随地看视频慕课网APP