[离线安装] helm部署harbor
HARBOR安装
harbor安装不启用ssl,再外面再套一层nginx做ssl
下载安装包
helm repo add harbor https://helm.goharbor.io
helm fetch harbor/harbor
opt
# 搜索所有版本并下载指定版本
helm search repo harbor --versions
helm pull harbor/harbor --version 1.8.2
安装
tar zxf harbor-1.8.2.tgz
# 创建命名空间
kubectl create ns harbor
# 安装harbor到harbor命名空间
# externalURL: 访问地址,非常重要
# persistence.enabled: 测试使用,关闭持久化
# registry.relativeurls: 前面再放一层代理需要的配置
helm install harbor ./harbor -n harbor --set externalURL=https://harbor.example.com --set expose.type=nodePort --set expose.tls.enabled=false --set persistence.enabled=false --set trivy.enabled=false --set notary.enabled=false --set registry.relativeurls=true
NGINX安装
mkdir /home/docker/nginx/ -p
cd /home/docker/nginx/
cat << EOF > /home/docker/nginx/docker-compose.yml
version: "3"
services:
nginx:
image: nginx:1.23.1-alpine
ports:
- "80:80"
- "443:443"
volumes:
- "./conf:/etc/nginx/conf.d/"
- "./ssl:/home/ssl"
EOF
# 配置文件
mkdir ./conf
cat << EOF > conf/portal.conf
client_max_body_size 10240m;
upstream ingress_http
{
server {{ 集群节点ip }}:30002;
server {{ 集群节点ip2 }}:30002 backup;
}
server {
listen 80;
server_name harbor.example.com;
set $ssl_port_custom 443;
location / {
return 301 https://$host:$ssl_port_custom$request_uri;
}
}
server
{
listen 443 ssl;
ssl_certificate /home/ssl/public.pem;
ssl_certificate_key /home/ssl/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
server_name harbor.example.com;
location / {
proxy_pass http://ingress_http;
proxy_set_header Host $host;
}
}
EOF