Harbor Chart
helm repo add harbor https://helm.goharbor.io
helm fetch harbor/harbor
tar xvf harbor-1.3.2.tgz
cd harbor
创建secretName
kubectl -n test create secret tls tls-hub-test-cn --cert=hub.test.com.pem --key=hub.test.com.key
kubectl -n test get secret
kubectl -n test describe secret tls-hub-test-cn
创建redis 略
编辑values.yaml
参考说明
expose:
type: ingress
tls:
enabled: true
secretName: "tls-hub-test-cn"
ingress:
hosts:
core: hub.test.com
controller: nginx
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
externalURL: https://hub.test.com
harborAdminPassword: "Harbor12345"
secretKey: "not-a-secure-key"
imagePullPolicy: IfNotPresent
updateStrategy:
type: RollingUpdate
logLevel: info
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: "nfs"
subPath: ""
accessMode: ReadWriteOnce
size: 1500Gi
chartmuseum:
existingClaim: ""
storageClass: "nfs"
subPath: ""
accessMode: ReadWriteOnce
size: 1500Gi
jobservice:
existingClaim: ""
storageClass: "nfs"
subPath: ""
accessMode: ReadWriteOnce
size: 1500Gi
database:
existingClaim: ""
storageClass: "nfs"
subPath: ""
accessMode: ReadWriteOnce
size: 1500Gi
imageChartStorage:
disableredirect: false
type: filesystem
filesystem:
rootdirectory: /storage
#maxthreads: 100
proxy:
httpProxy:
httpsProxy:
noProxy: 127.0.0.1,localhost,.local,.internal
components:
- core
- jobservice
- clair
portal:
image:
repository: goharbor/harbor-portal
tag: v1.10.2
replicas: 3
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
core:
image:
repository: goharbor/harbor-core
tag: v1.10.2
replicas: 3
livenessProbe:
initialDelaySeconds: 300
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: "not-a-secure-key"
secretName: ""
xsrfKey: ""
jobservice:
image:
repository: goharbor/harbor-jobservice
tag: v1.10.2
replicas: 3
maxJobWorkers: 10
jobLogger: stdout
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: "not-a-secure-key"
registry:
registry:
image:
repository: goharbor/registry-photon
tag: v1.10.2
controller:
image:
repository: goharbor/harbor-registryctl
tag: v1.10.2
replicas: 3
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: "not-a-secure-key"
relativeurls: false
middleware:
enabled: false
chartmuseum:
enabled: true
absoluteUrl: false
image:
repository: goharbor/chartmuseum-photon
tag: v1.10.2
replicas: 3
nodeSelector: {}
tolerations: []
affinity: {}
## Additional deployment annotations
podAnnotations: {}
clair:
enabled: true
clair:
image:
repository: goharbor/clair-photon
tag: v1.10.2
adapter:
image:
repository: goharbor/clair-adapter-photon
tag: v1.10.2
replicas: 3
updatersInterval: 12
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
notary:
enabled: false
database:
type: internal
internal:
image:
repository: goharbor/harbor-db
tag: v1.10.2
initContainerImage:
repository: busybox
tag: latest
password: "fu_baqeGcfgef6u"
coreDatabase: "registry"
clairDatabase: "clair"
nodeSelector: {}
tolerations: []
affinity: {}
maxIdleConns: 50
maxOpenConns: 100
podAnnotations: {}
redis:
type: external
external:
host: "harbor-redis"
port: "6379"
coreDatabaseIndex: "0"
jobserviceDatabaseIndex: "1"
registryDatabaseIndex: "2"
chartmuseumDatabaseIndex: "3"
clairAdapterIndex: "4"
password: "fh_baqeGcfgEto4"
podAnnotations: {}
helm检查 部署
helm install --name harbor-ha . --debug --dry-run
kubectl create ns test
helm install --name harbor-ha . --namespace test
需要手动在数据库创建registry
库