Harbor部署手册(Helm版本)
1. 环境准备
1.1 系统要求
# 验证Kubernetes版本
kubectl version
# 检查节点状态
kubectl get nodes -o wide
1.2 Helm初始化
# 安装Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
# 验证安装
helm version
2. Ingress-Nginx部署(Ingress-nginx 部署手册)
3. Harbor私有仓库部署
3.1 Harbor仓库配置
helm repo add harbor https://helm.goharbor.io
helm repo update
3.2 定制化配置
harbor-values.yaml示例:
# harbor-values.yaml
expose:
type: ingress
tls:
enabled: false
ingress:
hosts:
core: images.XXX.com # 替换成自定义域名
className: "nginx"
externalURL: "http://images.XXX.com" # 替换成自定义域名
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: "nfs-sc" # 替换成已部署的storageClass名称
size: 50Gi
subPath: "harbor/registry"
jobservice:
jobLog:
storageClass: "nfs-sc"
size: 50Gi
subPath: "harbor/jobservice"
database:
storageClass: "nfs-sc"
size: 50Gi
subPath: "harbor/database"
redis:
storageClass: "nfs-sc"
size: 50Gi
subPath: "harbor/redis"
trivy:
storageClass: "nfs-sc"
size: 50Gi
subPath: "harbor/trivy"
3.3 集群部署
helm upgrade --install harbor \
harbor/harbor \
-f harbor-values.yaml \
--namespace harbor \
--create-namespace \
--version 1.17.0
4. 验证与测试
4.1 存储类验证
kubectl get storageclass
kubectl get pv
4.2 Ingress测试
# 创建测试应用
kubectl create deployment test-web --image=nginx
kubectl expose deployment test-web --port=80
# 创建Ingress规则
cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: test-ingress
spec:
ingressClassName: nginx
rules:
- host: test.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: test-web
port:
number: 80
EOF
5. 维护指南
5.1 日常检查
# 检查Pod状态
kubectl get pods -A
# 检查存储使用
kubectl top pods -A
df -h /nfs_share
5.2 常见问题处理
问题1:NFS连接失败
# 在K8s节点测试连接
showmount -e <nfs-server-ip>
# 检查防火墙
sudo firewall-cmd --list-services | grep nfs
问题2:镜像拉取失败
# 临时解决方案
docker pull registry.cn-hangzhou.aliyuncs.com/替代镜像
docker tag 替代镜像 k8s.gcr.io/原镜像
注意事项:
- 生产环境建议启用TLS加密
- 定期备份NFS存储数据
- 建议配置监控告警系统
浙公网安备 33010602011771号