Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

安装 Harbor 作为镜像仓库 #323

Open
Bpazy opened this issue Apr 2, 2024 · 0 comments
Open

安装 Harbor 作为镜像仓库 #323

Bpazy opened this issue Apr 2, 2024 · 0 comments

Comments

@Bpazy
Copy link
Owner

Bpazy commented Apr 2, 2024
edited
Loading

1. 通过 helm 安装 harbor

helm repo add harbor https://helm.goharbor.io
helm install my-harbor harbor/harbor

2. 配置 harbor

cat << EOF values.yaml
expose:
  type: ingress
  # NGINX Ingress confiugration
  ingress:
    hosts:
      core: "harbor-ks.example.com"
    annotations:
      ingress.kubernetes.io/ssl-redirect: "true"
      ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      # choose letsencrypt-staging or letsencrypt-prod
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      # To be used for the nginx ingress on AKS:
      #kubernetes.io/ingress.class: nginx
    className: nginx
  tls:
    enabled: true
    certSource: secret
    secret:
      secretName: "tls-harbor"

# The external URL for Harbor core service.
externalURL: "https://harbor-ks.example.com"
EOF

helm upgrade my-harbor harbor/harbor -f values.yaml

3. 配置 NGINX:

我这里有逻辑,将 *-ks.example.com 的请求转发到 k8s 的 32154 端口,其中 32154 是 nginx-ingress 监听的 SSL 端口:

server {
    listen 443 ssl;

    server_name ~^.+-ks\.example\.com$;

    ssl_certificate     /etc/nginx/ssl/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;


    location / {
        proxy_pass https://localhost:32154;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

4. 检验成果

image

5. 使用默认用户名密码登录并修改默认密码

用户名: admin
密码: Harbor12345
image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Bpazy