helm3安装harbor【搭建NFS,用NFS创建PVC/PV供Harbor持久化,Harbor使用 nodePort 暴露方式提供访问】
2024-06-04 21:43:09
一、安装nfs-server
k8s-master01信息【提供nfs存储的机器】
公网IP:120.55.76.34
私网IP:172.30.125.99
未来的样子
nfs:
server: 172.30.125.99
path: /data/harbor
1.1 在提供 NFS 存储主机上执行,这里默认master节点
yum install -y nfs-utilsecho "/data/harbor *(insecure,rw,sync,no_root_squash)" > /etc/exports# 执行以下命令,启动 nfs 服务;创建共享目录
mkdir -p /data/harbor/{chartmuseum,jobservice,registry,database,redis,trivy}# 在master执行
chmod -R 777 /data/harbor# 使配置生效
exportfs -r#检查配置是否生效
exportfssystemctl enable rpcbind && systemctl start rpcbindsystemctl enable nfs && systemctl start nfs1.2 配置nfs-client(选做)
- 在每个node上配置nfs-client,172.30.125.99为master的私网 ip 地址
showmount -e 172.30.125.99mkdir -p /data/harbormount -t nfs 172.30.125.99:/data/harbor /data/harbor二、添加 helm repo 仓库
安装 helm 工具
官网:https://github.com/helm/helm/releases
wget https://get.helm.sh/helm-v3.7.2-linux-amd64.tar.gz
tar -zxvf helm-v3.7.2-linux-amd64.tar.gz
#解压得到文件包 linux-amd64
cd linux-amd64
cp helm /usr/local/bin/
helm version
以上,helm工具安装成功了,接下来开始添加 harbor的helm repo,并下载 chart 包
官网:https://github.com/goharbor/harbor-helm/releases
helm repo add harbor https://helm.goharbor.io
helm pull harbor/harbor --version 1.6.0
# 拉取下的chart包名 harbor-1.6.0.tgztar zxvf harbor-1.6.0.tgz #解压出文件名 harbor修改 /harbor/values.yaml,下图中的字段要对照修改
k8s-master01信息【提供nfs存储的机器】
公网IP:120.55.76.34
私网IP:172.30.125.99
该node安装nfs后:
server: 172.30.125.99
path: /data/harbor
**注意:此处是集群内网的IP地址 externalURL: http://172.30.125.99:30002 *
#这里我只给出修改的参数,未修改的按照应用默认参数即可expose:type: nodePort tls:# 这里使用http,修改为falseenabled: falseexternalURL: http://172.30.125.99:30002 #这个切记修改为自己集群ip,否则会出现无法登陆情况
persistence:enabled: trueresourcePolicy: "keep"persistentVolumeClaim: #每个子系统存储,这里我提前创建好了pvc,如果使用动态的pvc,existingClaim空着即可,下面给出创建pv和pvc的yamlregistry:# Use the existing PVC which must be created manually before bound,# and specify the "subPath" if the PVC is shared with other componentsexistingClaim: "harbor-registry"# Specify the "storageClass" used to provision the volume. Or the default# StorageClass will be used(the default).# Set it to "-" to disable dynamic provisioningstorageClass: "harbor-registry"subPath: ""accessMode: ReadWriteOncesize: 5Gichartmuseum:existingClaim: "harbor-chartmuseum"storageClass: "harbor-chartmuseum"subPath: ""accessMode: ReadWriteOncesize: 5Gijobservice:existingClaim: "harbor-jobservice"storageClass: "harbor-jobservice"subPath: ""accessMode: ReadWriteOncesize: 1Gi# If external database is used, the following settings for database will# be ignoreddatabase:existingClaim: "harbor-database"storageClass: "harbor-database"subPath: ""accessMode: ReadWriteOncesize: 1Gi# If external Redis is used, the following settings for Redis will# be ignoredredis:existingClaim: "harbor-redis"storageClass: "harbor-redis"subPath: ""accessMode: ReadWriteOncesize: 1Gitrivy:existingClaim: "harbor-trivy"storageClass: "harbor-trivy"subPath: ""accessMode: ReadWriteOncesize: 5GiharborAdminPassword: "Harbor12345" #修改默认的登录密码创建 harbor-pv.yaml
vim harbor-pv.yaml #拷贝如下内容,记得替换spec.nfs.server的IP地址
apiVersion: v1
kind: PersistentVolume
metadata:name: harbor-chartmuseumlabels:app: harborcomponent: chartmuseum
spec:capacity:storage: 5GiaccessModes:- ReadWriteOncestorageClassName: harbor-chartmuseumpersistentVolumeReclaimPolicy: Recyclenfs:server: 172.30.125.99path: /data/harbor/chartmuseum---
apiVersion: v1
kind: PersistentVolume
metadata:name: harbor-jobservicelabels:app: harborcomponent: jobservice
spec:capacity:storage: 1GiaccessModes: - ReadWriteOncestorageClassName: harbor-jobservicepersistentVolumeReclaimPolicy: Recyclenfs:server: 172.30.125.99path: /data/harbor/jobservice---
apiVersion: v1
kind: PersistentVolume
metadata:name: harbor-registrylabels:app: harborcomponent: registry
spec:capacity:storage: 5GiaccessModes: - ReadWriteOncestorageClassName: harbor-registrypersistentVolumeReclaimPolicy: Recyclenfs:server: 172.30.125.99path: /data/harbor/registry---
apiVersion: v1
kind: PersistentVolume
metadata:name: harbor-databaselabels:app: harborcomponent: database
spec:capacity:storage: 1GiaccessModes: - ReadWriteOncestorageClassName: harbor-databasepersistentVolumeReclaimPolicy: Recyclenfs:server: 172.30.125.99path: /data/harbor/database---
apiVersion: v1
kind: PersistentVolume
metadata:name: harbor-redislabels:app: harborcomponent: redis
spec:capacity:storage: 1GiaccessModes: - ReadWriteOncestorageClassName: harbor-redispersistentVolumeReclaimPolicy: Recyclenfs:server: 172.30.125.99path: /data/harbor/redis---
apiVersion: v1
kind: PersistentVolume
metadata:name: harbor-trivylabels:app: harborcomponent: trivy
spec:capacity:storage: 5GiaccessModes: - ReadWriteOncestorageClassName: harbor-trivypersistentVolumeReclaimPolicy: Recyclenfs:server: 172.30.125.99path: /data/harbor/trivy
kubectl apply -f harbor-pv.yaml
创建harbor-pvc.yaml
vim harbor-pvc.yaml #拷贝如下内容
kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: harbor-chartmuseum
spec:accessModes:- ReadWriteOnceresources:requests:storage: 5GistorageClassName: harbor-chartmuseumselector:matchLabels:app: "harbor"component: "chartmuseum"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: harbor-jobservice
spec:accessModes:- ReadWriteOnceresources:requests:storage: 1GistorageClassName: harbor-jobserviceselector:matchLabels:app: "harbor"component: "jobservice"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: harbor-registry
spec:accessModes:- ReadWriteOnceresources:requests:storage: 5GistorageClassName: harbor-registryselector:matchLabels:app: "harbor"component: "registry"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: harbor-database
spec:accessModes:- ReadWriteOnceresources:requests:storage: 1GistorageClassName: harbor-databaseselector:matchLabels:app: "harbor"component: "database"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: harbor-redis
spec:accessModes:- ReadWriteOnceresources:requests:storage: 1GistorageClassName: harbor-redisselector:matchLabels:app: "harbor"component: "redis"
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:name: harbor-trivy
spec:accessModes:- ReadWriteOnceresources:requests:storage: 5GistorageClassName: harbor-trivyselector:matchLabels:app: "harbor"component: "trivy"kubectl apply -f harbor-pvc.yaml
三、部署chart
[root@master01 ~]# helm install my-harbor ./harbor/ # 可添加后缀 --namespace harbor
[root@master01 ~]# kubectl get po
NAME READY STATUS RESTARTS AGE
my-harbor-harbor-chartmuseum-648ddc6cc7-f6jf7 1/1 Running 3 (38m ago) 57m
my-harbor-harbor-core-787997f69-wwm8m 1/1 Running 4 (35m ago) 57m
my-harbor-harbor-database-0 1/1 Running 3 (38m ago) 5h36m
my-harbor-harbor-jobservice-b6c898d8b-ktb9c 1/1 Running 4 (36m ago) 57m
my-harbor-harbor-nginx-5c7999cd9f-fxqwr 1/1 Running 3 (38m ago) 150m
my-harbor-harbor-notary-server-78bd56d784-vkdzd 1/1 Running 4 (38m ago) 57m
my-harbor-harbor-notary-signer-69bbf5b848-8f45n 1/1 Running 4 (38m ago) 57m
my-harbor-harbor-portal-7f965b49cd-hmhwc 1/1 Running 3 (38m ago) 5h36m
my-harbor-harbor-redis-0 1/1 Running 3 (38m ago) 5h36m
my-harbor-harbor-registry-f566858b6-9q7df 2/2 Running 6 (38m ago) 57m
my-harbor-harbor-trivy-0 1/1 Running 4 (35m ago) 5h36m
nfs-client-provisioner-659758485d-brdw7 1/1 Running 18 (38m ago) 9h[root@master01 ~]# helm upgrade my-harbor ./harbor/ #更新
[root@master01 ~]# helm list -A #查看chart
[root@master01 ~]# helm repo list #查看repo
五、 屏蔽 https 访问异常
注意 http://172.30.125.99:30002,此处的 ip 请替换搭建 harbor的服务器 IP
cat > /etc/docker/daemon.json << EOF
{"exec-opts":["native.cgroupdriver=systemd"],"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn"],"insecure-registries": ["http://172.30.125.99:30002"]
}
EOF
systemctl daemon-reload
systemctl restart docker
六、 内部访问harbor
【私网IP:172.30.125.99】
cat ./harbor/values.yaml |grep -i externalURL
docker login -u admin -p Harbor12345 http://172.30.125.99:30002
[root@master01 ~]# cat ./harbor/values.yaml |grep -i externalURL
externalURL: http://172.30.125.99:30002[root@master01 ~]# docker login -u admin -p Harbor12345 http://172.30.125.99:30002
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-storeLogin Succeeded
七、浏览器访问
【公网IP:120.55.76.34】
http://120.55.76.34:30002
helm3安装harbor【搭建NFS,用NFS创建PVC/PV供Harbor持久化,Harbor使用 nodePort 暴露方式提供访问】相关推荐
- k8s存储+storageclass自动创建pv+StatefulSet自动创建pvc
k8s存储 k8s存储 storageclass自动创建pv StatefulSet k8s存储 docker存储----k8s存储 docker的容器层可以提供存储:存储在可写层(CopyOnWri ...
- CentOS7搭建keepalived+DRBD+NFS高可用共享存储
CentOS7搭建keepalived+DRBD+NFS高可用共享存储 一.服务器信息 IP地址 类型 主机名 操作系统 内存 磁盘 172.25.10.100 主服务器 node1 centos7 ...
- Ubuntu16.04搭建ftp/tftp/nfs/ssh服务器
目前的方向是嵌入式方向,和板子打交道时必备的.这时候就需要烧写各种镜像.经常使用tftp和nfs服务,最近对ssh服务比较好奇,后续会继续补充. 目录 目录 FTP服务 FTP服务介绍 FTP服务器 ...
- 华山服务器安装linux系统,RHEL7/Centos7下使用QEMU搭建u-boot+Linux+NFS嵌入式开发环境(2018...
目录 1交叉编译环境搭建 交叉编译器下载链接: 1.1交叉编译器下载 将其下载到/usr目录下并解压. 解压命令: tar -xvf gcc-linaro-7.2.1-2017.11-i686_arm ...
- 【Linux】【Services】【nfs】nfs安装与配置
1. 概念 1.1. NFS:Network File System,传统意义上,文件系统在内核中实现. 1.2. RPC:Remote Procedure Call protocol,远程过程调用, ...
- 网络启动安装linux客户机nfs设置,NFS服务端和客户端安装配置
一 NFS介绍 NFS用的比较多,但是更新没有想象的那么快,Nginx一年要迭代很多个版本,而NFS最新版本4.1是2010年更新的,到目前为止还没有更新过,但这并不影响NFS使用的广泛性 RPC协 ...
- Centos 7搭建nginx+Haproxy+nfs
实验环境: 准备四台centos7虚拟机一台haproxy,二台nginx,一台nfs 主机ip 部署 服务器 192.168.216.159 nginx centos 7 192.168.216 ...
- 【三】K8s安装-Harbor搭建
一.硬件要求 硬件资源 最低配置 推荐配置 处理器 2 4 CPU 4 8 硬件 40 160 二.软件要求 软件 版本 描述 Docker-engine v17.06.1-ce 或更高版本 有关安装 ...
- 【K8S】基于Docker+K8S+GitLab/SVN+Jenkins+Harbor搭建持续集成交付环境(环境搭建篇)
写在前面 最近在 K8S 1.18.2 版本的集群上搭建DevOps环境,期间遇到了各种坑.目前,搭建环境的过程中出现的各种坑均已被填平,特此记录,并分享给大家! 服务器规划 IP 主机名 节点 操作 ...
最新文章
- 中介者模式 调停者 Mediator 行为型 设计模式(二十一)
- 中国大唐集团公司的发展战略
- Java 常见异常种类
- IPv6系列(一)—快速入门
- 周其对话农民丰收节交易会 乡村振兴不能单单从乡村着眼
- MySQL官方提供的测试数据库脚本和数据文件下载
- Qt 调用 Windows 接口实现窗口置顶
- 使用jenkins实现监控嵌入式设备稳定性之二----脚本部分
- linux中kafka主题修改分区,kafka_2.11-2.0.0的部署与配置修改
- 达梦工作笔记-使用达梦客户端创建用户并授予权限
- Normalize.css和Reset CSS有什么区别?
- 参数估计:文本分析的参数估计方法
- python 虚拟环境 windows_Python虚拟环境(Windows版)
- ae效果英文版翻译对照表_AE菜单中英文对照表 (超全)
- SQL笔面试题:如何求取中位数?
- JavaScript+css+html鼠标指针经过某些元素时背景变色
- linux 命令详解 大于号_Linux 命令出现号(大于号)如何退出[组图]
- fastboot实战
- 粉丝测试题的软件,套路得粉丝的答题类H5推荐
- android usb挂载分析---MountService启动