k8s笔记19（Harbor Upgrades ）

• goharbor/harbor: An open source trusted cloud native registry project that stores, signs, and scans content. (github.com)
• Harbor docs | Upgrade Harbor and Migrate Data (goharbor.io)
• goharbor/harbor-helm: The helm chart to deploy Harbor (github.com)
• https://demo.goharbor.io/
• Harbor docs | Deploying Harbor with High Availability via Helm (goharbor.io)
• ！！！harbor-helm/docs/High Availability.md at main · goharbor/harbor-helm (github.com)
• helm/helm: The Kubernetes Package Manager (github.com)
• Architecture Overview of Harbor · goharbor/harbor Wiki (github.com)（process of docker  login/push）

如果要在 Kubernetes上部署Harbor，使用Harbor chart.

Prerequisites

• Kubernetes cluster 1.20+
• Helm v3.2.0+

helm repo add harbor https://helm.goharbor.io
helm search repo <REPOSITORY_NAME>
helm fetch harbor/harbor --untar  从指定的源（harbor/harbor）获取 Helm Chart 包，并在获取后进行解压缩（--untar 选项的作用）。
helm install my-release harbor/harbor
helm uninstall my-release

• Harbor 不支持helm rollback

常用命令：（Multi-Attach error for volume "pvc-3391f2d3-6221-44c2-bc53-66c493978a4e" Volume is already exclusively attached to one node and can't be attached to another这个报错重启对应节点后OK）

#kubectl -n harbor get pv pvc-3391f2d3-6221-44c2-bc53-66c493978a4e -o go-template='{{.spec.csi.volumeAttributes.imageName}}'
csi-vol-08dfbcd6-50f8-11ed-8c46-022c029f8d1f			   
bash-4.4$ rbd status  replicapool/csi-vol-08dfbcd6-50f8-11ed-8c46-022c029f8d1f
Watchers: none						   
#kubectl describe pv pvc-e692d188-a8d9-4416-946a-aa3a8dfe34be
name=data-atc-harbor-trivy-0
#k -n harbor get pvc
data-atc-harbor-trivy-0                       Bound    pvc-e692d188-a8d9-4416-946a-aa3a8dfe34be 
#k -n harbor get pv |grep pvc-e692d188-a8d9-4416-946a-aa3a8dfe34be
pvc-e692d188-a8d9-4416-946a-aa3a8dfe34be   5Gi        RWO            Delete           Bound    harbor/data-atc-harbor-trivy-0 
# kubectl get pv pvc-3391f2d3-6221-44c2-bc53-66c493978a4e -o json | jq '.spec.claimRef'
{
  "apiVersion": "v1",
  "kind": "PersistentVolumeClaim",
  "name": "atc-harbor-registry",
  "namespace": "harbor",
  "resourceVersion": "18518103",
  "uid": "3391f2d3-6221-44c2-bc53-66c493978a4e"
}
# kubectl describe pv  pvc-3391f2d3-6221-44c2-bc53-66c493978a4e
    VolumeAttributes:      clusterID=rook-ceph
                           imageName=csi-vol-08dfbcd6-50f8-11ed-8c46-022c029f8d1f	

1、目前使用版本：Harbor v2.3.3，最新v2.11.0

1.1、如果启用了TLS，并且证书是由图表自动生成的，升级过程中将生成一个新证书并覆盖旧证书，如果您分发了证书，这可能会导致一些问题。

kubectl get secret <secret-name-from-step-1> -o yaml > secret.yaml
***Rename the secret by setting metadata.name in secret.yaml
kubectl create -f secret.yaml
***Configure the chart to use the new secret by setting expose.tls.secretName as the value

1.2、备份Harbor使用的数据库，以防升级过程失败。

1.3、Download new chart 

1.4、Upgrade

helm upgrade release-name --force .

• The --force is necessary if upgrade from version 0.3.0 due to issue #30.
• covers migration from v2.3.0 and later to the current v2.5.0 version