前提准备,(1)已经安装 Helm ,参考 Helm 安装 ,(2)集群有默认的动态存储可用,参数 使用StorageClass提供PV动态存储
1. 使用 Helm 安装 Ingress
Ingress 由 Ingress 和 Ingress Controller 两部分组成。在 Kubernetes 中,Ingress 对象描述路由规则;Ingress Controller 通过与 Apiserver 交互,将 Ingress 规则写入 Nginx Pod 中。Helm 2 使用:
1
|
helm install --name nginx-ingress --set "rbac.create=true,controller.service.externalIPs[0]=192.168.10.2" stable/nginx-ingress
|
Helm 3 使用:
1
|
helm install nginx-ingress --set "rbac.create=true,controller.service.externalIPs[0]=192.168.10.2" stable/nginx-ingress
|
查看服务:
1
2
3
4
|
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ingress-controller LoadBalancer 10.109.17.54 192.168.10.2 80:31006/TCP,443:31184/TCP 30m
nginx-ingress-default-backend ClusterIP 10.106.94.214 <none> 80/TCP 30m
|
这里采用 externalIP 方式对外暴露服务,nginx-ingress-controller 会在 192.168.10.2 节点(可以配置多个节点)上暴露 80/443 端口。
2. 使用 Helm 安装 Harbor
1
2
|
git clone https://github.com/goharbor/harbor-helm.git
git checkout 1.1.0
|
kubectl create namespace harbor
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
git diff
--- a/values.yaml
+++ b/values.yaml
@@ -25,8 +25,8 @@ expose:
commonName: ""
ingress:
hosts:
- core: core.harbor.domain
- notary: notary.harbor.domain
+ core: core.harbor.chenshaowen.com
+ notary: notary.harbor.chenshaowen.com
# set to the type of ingress controller if it has specific requirements.
# leave as `default` for most ingress controllers.
# set to `gce` if using the GCE ingress controller
@@ -95,7 +95,7 @@ expose:
# the IP address of k8s node
#
# If Harbor is deployed behind the proxy, set it as the URL of proxy
-externalURL: https://core.harbor.domain
+externalURL: https://core.harbor.chenshaowen.com
|
也可以不修改,配置 hosts 进行访问。
helm install --name harbor -f values.yaml . --namespace harbor
通过执行 kubectl get pod -n harbor
命令,等待所有 Pod 正常启动。
1
2
3
|
kubectl get ingress -n harbor
NAME HOSTS ADDRESS PORTS AGE
harbor-harbor-ingress core.harbor.domain,notary.harbor.domain 80, 443 7m15s
|
需要将域名的 DNS 指向服务器地址。打开页面 https://core.harbor.chenshaowen.com ,输入默认的账号密码 admin : Harbor12345 ,就可以正常使用了。
3. 推送镜像
1
2
3
4
|
docker login core.harbor.chenshaowen.com
Username: admin
Password:
Error response from daemon: Get https://core.harbor.chenshaowen.com/v2/: x509: certificate signed by unknown authority
|
提示证书问题,有两种解决办法:
在 Docker 中添加受信任的证书
执行命令,获取证书,并将证书内容拷贝到配置目录:
1
|
kubectl get secrets/harbor-harbor-ingress -n harbor -o jsonpath="{.data.ca.crt}" | base64 --decode
|
添加 –insecure-registry 仓库地址
以 OS X 为例,在 [Preferences] - [Daemon] 中添加不安全的仓库 core.harbor.chenshaowen.com
即可。
1
2
3
4
5
6
|
docker tag sonarqube:7.1 core.harbor.chenshaowen.com/library/snoarque:7.1
docker push core.harbor.chenshaowen.com/library/snoarque:7.1
The push refers to repository [core.harbor.chenshaowen.com/library/snoarque]
195b3d541b37: Pushed
8fb1d730c37c: Pushing [=============> ] 48.57MB/177.1MB
1e09c232b1a9: Pushed
|