helm安装使用
Harbor是由VMware公司开源的企业级的Docker Registry管理项目,它包括权限管理(RBAC)、LDAP、日志审核、管理界面、自我注册、镜像复制和中文支持等功能,具有web管理功能,有了它之后能够很方便的管理容器镜像,搭配Jenkins使用很是方便。......
helm国内源
helm更换源的文章很多,很多都写的是阿里云的源,但是阿里云的源根本就没有更新。azure的源亲测可用。
stable: http://mirror.azure.cn/kubernetes/charts/
incubator: http://mirror.azure.cn/kubernetes/charts-incubator/
添加命令如下:
helm repo remove stable
helm repo add stable http://mirror.azure.cn/kubernetes/charts/
helm repo add incubator http://mirror.azure.cn/kubernetes/charts-incubator/
helm repo update
测试repo
helm install --name=mysql --namespace=mysql stable/mysql
————————————————
版权声明:本文为CSDN博主「一直学下去」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/lwlfox/article/details/104880227
Error: couldn't load repositories file (/root/.helm/repository/repositories.yaml).
helm repo list
报错如下:
Error: couldn't load repositories file (/root/.helm/repository/repositories.yaml).
You might need to run `helm init`
执行helm init报错信息:
Error: https://kubernetes-charts.storage.googleapis.com is not a valid chart repository or cannot be reached: failed to fetch https://kubernetes-charts.storage.googleapis.com/index.yaml : 403 Forbidden
因访问权限原因导致
解决措施:创建丢失文件,再次执行helm init 即可
echo "" > /root/.helm/repository/repositories.yaml
————————————————
版权声明:本文为CSDN博主「不忘初心fight」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/weixin_41831919/article/details/118036122
Helm Harbor 部署
1、导入 Harbor需要的源
helm repo add harbor https://helm.goharbor.io
2、下载 Harbor Helm目录
helm pull harbor/harbor --version 1.7.4
3、压缩 tgz包
tar zxf harbor-1.7.4.tgz
4、创建 Harbor所需要的存储类
cd harbor/
cat <<EOF > harbor-pv-pvc.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-chartmuseum
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce # 只允许一个容器可以使用
persistentVolumeReclaimPolicy: Retain # 手动回收
storageClassName: harbor-chartmuseum
nfs:
path: /data/shareNFS/harbor/harbor-chartmuseum
server: 10.52.16.31
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-jobservice
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce # 只允许一个容器可以使用
persistentVolumeReclaimPolicy: Retain # 手动回收
storageClassName: harbor-jobservice
nfs:
path: /data/shareNFS/harbor/harbor-jobservice
server: 10.52.16.31
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-registry
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce # 只允许一个容器可以使用
persistentVolumeReclaimPolicy: Retain # 手动回收
storageClassName: harbor-registry
nfs:
path: /data/shareNFS/harbor/harbor-registry
server: 10.52.16.31
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-database
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce # 只允许一个容器可以使用
persistentVolumeReclaimPolicy: Retain # 手动回收
storageClassName: harbor-database
nfs:
path: /data/shareNFS/harbor/harbor-database
server: 10.52.16.31
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-redis
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce # 只允许一个容器可以使用
persistentVolumeReclaimPolicy: Retain # 手动回收
storageClassName: harbor-redis
nfs:
path: /data/shareNFS/harbor/harbor-redis
server: 10.52.16.31
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-trivy
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce # 只允许一个容器可以使用
persistentVolumeReclaimPolicy: Retain # 手动回收
storageClassName: harbor-trivy
nfs:
path: /data/shareNFS/harbor/harbor-trivy
server: 10.52.16.31
EOF
kubectl apply -f harbor-pv-pvc.yaml
5、在 NFS 上创建pv所需要的目录
mkdir /data/shareNFS/harbor
cd /data/shareNFS/harbor
mkdir harbor-chartmuseum harbor-database harbor-jobservice harbor-redis harbor-registry harbor-trivy
chown 999.999 harbor-database/ -R
chown 999.999 harbor-redis/ -R
chown 10000.10000 harbor-trivy -R
chown 10000.10000 harbor-chartmuseum -R
chown 10000.10000 harbor-jobservice -R
6、修改 Harbor Values文件
vim values.yaml
expose.type="nodePort" // 用NodePort访问、如果想用域名就改成Ingress
expose.tls.enabled="false" // 关闭证书
externalURL="http://10.52.16.21:30002" // 写Node地址,如果是Ingress类型那这里就得写域名
persistence.persistentVolumeClaim.registry.storageClass="harbor-registry"
persistence.persistentVolumeClaim.chartmuseum.storageClass="harbor-chartmuseum"
persistence.persistentVolumeClaim.jobservice.storageClass="harbor-jobservice"
persistence.persistentVolumeClaim.database.storageClass="harbor-database"
persistence.persistentVolumeClaim.redis.storageClass="harbor-redis"
persistence.persistentVolumeClaim.trivy.storageClass="harbor-trivy"
7、部署 Harbor
helm install -n harbor --create-namespace harbor .
// 启动完你会看到有一些容器没起来、或者说有报错,不过都没有关系全都可以忽略掉,这是因为我们关闭了ssl访问他全都是一些提示找不到相关的证书。
8、访问 Harbor
http://10.52.16.21:30002
10、验证
10.1、首先在Harbor上创建一个test项目
10.2、修改daemon.json
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://c2rmvhy3.mirror.aliyuncs.com"], // 镜像加速器,下载dockerhub镜像更快
"insecure-registries": ["10.52.16.21:30002"] // 信任Docker仓库
}
systemctl daemon-reload
systemctl restart docker
10.3、登录Harbor、并push镜像验证
docker pull alpine:3.10
docker login 10.52.16.21:30002 --username admin --password Harbor12345
docker tag alpine:3.10 10.52.16.21:30002/test/alpine:3.10
docker push 10.52.16.21:30002/test/alpine:3.10
The push refers to repository [10.52.16.21:30002/test/alpine]
9fb3aa2f8b80: Layer already exists
3.10: digest: sha256:e515aad2ed234a5072c4d2ef86a1cb77d5bfe4b11aa865d9214875734c4eeb3c size: 528
10.4、登录Harbor页面验证是否成功
到此为止实验结束
————————————————
版权声明:本文为CSDN博主「运维生涯记录」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/qq_43164571/article/details/124725428
更多推荐
所有评论(0)