Kubernetes学习指南：保姆级实操手册09——harbor镜像仓库安装

精选原创

fq3758 2024-09-10 15:43:08 博主文章分类：kubernetes ©著作权

文章标签 docker nginx harbor 文章分类 运维 yyds干货盘点

©著作权归作者所有：来自51CTO博客作者fq3758的原创作品，请联系作者获取转载授权，否则将追究法律责任

九、Kubernetes学习指南：保姆级实操手册09——harbor镜像仓库安装

一、NFS安装

参考第八章：持久化存储-NFS安装 [[8、持久化存储部署]]

二、Harbor

1、介绍 Harbor是一个开源注册中心，它通过策略和基于角色的访问控制来保护工件，确保图像经过扫描且没有漏洞，并将图像签名为受信任。Harbor是CNCF Graduated项目，可提供合规性、性能和互操作性，帮助您跨Kubernetes和Docker等云原生计算平台一致、安全地管理构件。

2、helm 安装 harbor

2.1、添加Helm仓库

helm repo add harbor https://helm.goharbor.io  

更新   
helm repo update

2.2、搜所显示版本

[root@k8s-master01 harbor]# helm search repo harbor -l |grep harbor/harbor |head -4  
harbor/harbor   1.14.2          2.10.2          An open source trusted

2.3、拉取镜像

helm pull harbor/harbor --version 1.14.2

2.4、解压到当前目录

tar -zvxf harbor-1.14.2.tgz

2.5、修改Values.yaml文件

修改 values.yaml，与harbor相关的所有配置项都在 values.yaml 中  


- 修改 values.yaml  
    1.修改 hostname,自己定义的域名  
    2.修改 expose.type:nodePort,   关闭 tls



expose:  
  # Set how to expose the service. Set the type as "ingress", "clusterIP", "nodePort" or "loadBalancer"  
  # and fill the information in the corresponding section  
  type: nodePort  
  tls:  
    enabled: false  


3.持久卷修改storageClass ，修改前面定义nfs-storage  
VIM编辑模式下：:s/storageClass: ""/  
storageClass: "nfs-storage-1"/g  
提示有5处修改项  

 persistentVolumeClaim:  
    registry:  
      existingClaim: ""  
      storageClass: "nfs-storage-1"  
  jobservice:  
      jobLog:  
        existingClaim: ""  
        storageClass: "nfs-storage-1"  
database:  
      existingClaim: ""  
      storageClass: "nfs-storage-1"  
redis:  
      existingClaim: ""  
      storageClass: "nfs-storage-1"  
trivy:  
      existingClaim: ""  
      storageClass: "nfs-storage-1"


  修改 className: "nginx"  


4.修改指定harbor 的“adminPassword”  

grep -n 'adminPassword' values.yaml  

72:## @param adminPassword The initial password of Harbor admin. Change it from portal after launching Harbor  
74:adminPassword: "Harbor12345"  



5.如有必要修改拉取镜像（helm 拉取的镜像包，可以不用修改）  

image:  
  repository: goharbor/harbor-core  
  tag: v2.9.0  
  pullPolicy: IfNotPresent  
#修改成  
image:  
  repository: registry.cn-hangzhou.aliyuncs.com/goharbor/harbor-core  
  tag: v2.9.0  
  pullPolicy: IfNotPresent

2.6创建空间名harbor,并安装到集群

kubectl create ns harbor  
[root@k8s-master01 harbor]# helm install harbor harbor/harbor -f values.yaml -n harbor  
NAME: harbor  
LAST DEPLOYED: Wed Jun  5 16:20:04 2024  
NAMESPACE: harbor  
STATUS: deployed  
REVISION: 1  
TEST SUITE: None  
NOTES:  
Please wait for several minutes for Harbor deployment to complete.  
Then you should be able to visit the Harbor portal at https://harbor.fq.com  
For more details, please visit https://github.com/goharbor/harbor

3、harbor使用

3.1、添加记录到/etc/hosts文件

echo "10.255.209.40  harbor.fq.com" >> /etc/hosts

3.2、访问Harbor的https UI

kubectl get secret harbor-ingress -n harbor -o json | jq -r '.data."ca.crt"' | base64 -d > harbor-ca.crt  

curl https://harbor.fq.com --cacert harbor-ca.crt

3.3、客户端主机登录到harbor

- Copy the certificate and paste it at the end of /etc/ssl/certs/ca-certificates.crt

kubectl get secret harbor-ingress -n harbor -o json | jq -r '.data."ca.crt"' | base64 -d > harbor-ca.crt  

mkdir -p /etc/docker/certs.d/harbor.fq.com  

cp harbor-ca.crt /etc/docker/certs.d/harbor.fq.com/ca.crt  

systemctl restart docker  

docker login harbor.fq.com

3.4、使用docker从harbor上传，下载镜像

#创建文件夹  
mkdir -p /etc/docker/certs.d/harbor.fq.com  
#拷贝证书  
 cp /etc/ssl/certs/harbor-ca.crt /etc/docker/certs.d/harbor.fq.com/  
#修改/etc/hosts文件 ，追加A记录  
 echo "10.255.209.40 harbor.fq.com" >>/etc/hosts  
#登录 harbor  
docker login -u admin -p Harbor12345 [http://harbor.fq.com](http://harbor.fq.com)  

#打标签  
docker tag bitnami/nginx:1.26.0-debian-12-r1  [harbor.fq.com/public/nginx:1.26.0](http://harbor.fq.com/public/nginx:1.26.0)  

#列出  
docker image ls |grep harbor  

#上传镜像  
docker push [harbor.fq.com/public/nginx:1.26.0](http://harbor.fq.com/public/nginx:1.26.0)  

#下载拉取镜像  
docker pull harbor.fq.com/public/nginx:1.26.0

4、从UI登录提示harbor 密码错误问题解决

: 使用默认账号（admin）密码（Harbor123456）登录，提示账号密码错误：  
1、查看pod名称  
[root@k8s-master01 harbor]# kubectl get pod -n harbor |grep harbor-core  
harbor-core-5c879d58cb-mhzb6         1/1     Running   2 (2d23h ago)   2d23h  

2、登进pod，  
[root@k8s-master01 core]# kubectl exec -it pod/harbor-core-5c879d58cb-mhzb6 -n harbor /bin/bash  

3、查看环境，过滤出密码  
I have no name!@harbor-core-5c879d58cb-mhzb6:/opt/bitnami/harbor-core$ printenv |grep -i "password"  
HARBOR_ADMIN_PASSWORD=Py9uALDVuu  
POSTGRESQL_PASSWORD=not-secure-database-password  
REGISTRY_CREDENTIAL_PASSWORD=harbor_registry_password  

# HARBOR_ADMIN_PASSWORD=Py9uALDVuu 为admin的登录密码