[离线安装] helm部署harbor

HARBOR安装

harbor安装不启用ssl，再外面再套一层nginx做ssl

下载安装包

helm repo add harbor https://helm.goharbor.io
helm fetch harbor/harbor

opt

# 搜索所有版本并下载指定版本
helm search repo harbor --versions
helm pull harbor/harbor --version 1.8.2

安装

tar zxf harbor-1.8.2.tgz
# 创建命名空间
kubectl create ns harbor
# 安装harbor到harbor命名空间
# externalURL: 访问地址，非常重要
# persistence.enabled: 测试使用，关闭持久化
# registry.relativeurls: 前面再放一层代理需要的配置

helm install harbor ./harbor -n harbor  --set externalURL=https://harbor.example.com --set expose.type=nodePort --set expose.tls.enabled=false --set persistence.enabled=false --set trivy.enabled=false --set notary.enabled=false --set registry.relativeurls=true 

NGINX安装

mkdir /home/docker/nginx/ -p
cd /home/docker/nginx/
cat << EOF > /home/docker/nginx/docker-compose.yml
version: "3"

services:
  nginx:
    image: nginx:1.23.1-alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./conf:/etc/nginx/conf.d/"
      - "./ssl:/home/ssl"
EOF

# 配置文件
mkdir ./conf
cat << EOF > conf/portal.conf 
client_max_body_size 10240m;

upstream ingress_http
{
        server {{ 集群节点ip }}:30002;
        server {{ 集群节点ip2 }}:30002 backup;
}

server {
    listen 80;
    server_name harbor.example.com;

    set $ssl_port_custom 443;
    location / {
        return 301 https://$host:$ssl_port_custom$request_uri;
    }
}


server
{
    listen 443 ssl;
    ssl_certificate       /home/ssl/public.pem;
    ssl_certificate_key   /home/ssl/private.key;
    ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
    server_name  harbor.example.com;
    location / {
        proxy_pass  http://ingress_http;
        proxy_set_header   Host             $host;

    }
}
EOF