helm kubernetes部署

Harbor简介

Harbor是一个开源的企业级容器注册中心，用于存储和分发Docker镜像，它提供了一个简单易用的Web界面，方便用户管理和操作容器镜像，Kubernetes(简称K8s)是一个开源的容器编排系统，可以自动化地部署、扩展和管理容器化应用程序，Helm是Kubernetes的一个包管理工具，可以帮助用户更方便地安装和管理Kubernetes应用，本文将介绍如何在Kubernetes Helm中安装和使用Harbor。

安装Harbor

1、准备环境

在安装Harbor之前，需要确保已经安装了Kubernetes集群和Helm，还需要配置好kubectl命令行工具，以便与Kubernetes集群进行交互。

2、下载Harbor安装包

从Harbor的GitHub仓库下载最新版本的Harbor安装包：https://github.com/goharbor/harbor/releases

3、解压安装包

将下载的安装包解压到一个目录中，/opt/harbor

tar -zxvf harbor-offline-installer-vx.y.z.tgz -C /opt/harbor

4、修改配置文件

进入解压后的目录，编辑harbor.yml文件，设置相关参数，主要需要修改以下几个参数：

hostname:设置Harbor的域名或IP地址；

http:设置Harbor的HTTP端口；

https:设置Harbor的HTTPS端口；

data_volume:设置Harbor的数据持久化存储路径；

expose:设置Harbor的访问端口。

hostname: your_domain_or_ip
http:
  port: 80
https:
  port: 443
expose: 80 443
data_volume: /path/to/your/data_volume

5、安装Harbor

运行以下命令开始安装Harbor:

./install.sh --with-notary --with-trivy --with-clair --with-regulatory --with-selfsigned-certs --with-persistence=redis --with-mqtt=disabled --with-syslog --with-insecure-registry=true --with-pachd=false --with-graphql=false --with-replication=none --with-backup=none --with-storagedriver=nullstore --with-dbauth=true --with-ldapauth=true --with-tokenauth=true --with-cosiauth=false --with-jwtauth=false --with-redisauth=false --with-mysqlauth=false --with-postgresauth=false --with-sqlaauth=false --with-approleauth=false --with-keycloakauth=false --with-kubernetesauth=true --with-traefik=false --with-nodeport=true --with-cleanup=false --with-allowadmin="true" --set="global.registry='your_registry_host'" | sudo tee /etc/yum.repos.d/harbor.repo && sudo yum install -y harbor && sudo systemctl enable and start harbor && sudo systemctl status harbor && sudo docker run -d -p 80:80 -p 443:443 --name harbor registry:2 || true && sudo docker login your_registry_host && sudo docker pull your_registry_host/library/harbor && sudo docker tag your_registry_host/library/harbor your_domain_or_ip/harbor && sudo docker push your_domain_or_ip/harbor && sudo docker ps | grep harbor || true && sudo docker logs harbor || true"

根据提示完成输入即可，安装完成后，可以通过浏览器访问http://your_domain_or_ip进入Harbor的管理界面。

在Kubernetes中部署Harbor

1、创建命名空间

在Kubernetes中，所有的资源都需要在一个命名空间中，可以使用以下命令创建一个名为harbor的命名空间：

kubectl create namespace harbor

2、编写部署文件

创建一个名为harbor-deployment.yaml的文件，内容如下：

apiVersion: apps/v1
kind: Deployment
metadata:
  name: harbor
spec:
  replicas: 1
  selector:
    matchLabels:
      app: harbor
  template:
    metadata:
      labels:
        app: harbor
    spec:
      containers:
      name: harbor
        image: harbor:latest
        ports:
        containerPort: 8080
        envFrom:
        configMapRef:
            name: harbor-configmap

apiVersion: v1
kind: ServiceAccount
metadata:
  name: harbor-serviceaccount
namespace: harbor

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: harbor-adminuserrolebinding
subjects: []
roleRef:
  kind: ClusterRole
  name: cluster-admin
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: harbor-adminuserrolebinding2022011917265596939000236796965697593975967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675967596759675938234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234234 == harbor@harbor && serviceaccount:default: + envValue +  = true && serviceaccount_name != harbor && serviceaccount_uid != harbor && path != /* && path != */ + user && path != /* + group && path != */ + privileged + * => *,subjects: [{ kind: ServiceAccountKind, name: "harbor", namespace: "harbor"}],rules=[{ apiGroups: [""], resources: ["events"], verbs: ["create"]},{ apiGroups: [""], resources: ["nodes"], verbs: ["create"]},{ apiGroups: [""], resources: ["pods"], verbs: ["get", "watch", "list", "update", "patch", "delete"], verbsIgnoreUnknownParams: true},{ apiGroups: ["extensions"], resources: ["replicasets"], verbs: ["get", "list", "watch", "create", "update", "patch", "delete"], verbsIgnoreUnknownParams: true},{ apiGroups: [""], resources: ["serviceaccounts"], verbs: ["get", "list", "watch", "create", "update", "patch", "delete"], verbsIgnoreUnknownParams: true},{ apiGroups: [""], resources: + envValue + , verbs: + envValue + ={read=true},verbsIgnoreUnknownParams: true}],kinds=[ClusterRole],metadata: {},scope":"Namespaced") > harbor-adminuserrolebinding.yaml && kubectl apply -f harbor-adminuser