Open
Description
1. 通过 helm 安装 harbor
helm repo add harbor https://helm.goharbor.io
helm install my-harbor harbor/harbor2. 配置 harbor
cat << EOF values.yaml
expose:
type: ingress
# NGINX Ingress confiugration
ingress:
hosts:
core: "harbor-ks.example.com"
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
# choose letsencrypt-staging or letsencrypt-prod
cert-manager.io/cluster-issuer: "letsencrypt-prod"
# To be used for the nginx ingress on AKS:
#kubernetes.io/ingress.class: nginx
className: nginx
tls:
enabled: true
certSource: secret
secret:
secretName: "tls-harbor"
# The external URL for Harbor core service.
externalURL: "https://harbor-ks.example.com"
EOF
helm upgrade my-harbor harbor/harbor -f values.yaml
3. 配置 NGINX:
我这里有逻辑,将 *-ks.example.com 的请求转发到 k8s 的 32154 端口,其中 32154 是 nginx-ingress 监听的 SSL 端口:
server {
listen 443 ssl;
server_name ~^.+-ks\.example\.com$;
ssl_certificate /etc/nginx/ssl/fullchain.cer;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass https://localhost:32154;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
4. 检验成果
5. 使用默认用户名密码登录并修改默认密码
用户名: admin
密码: Harbor12345
Metadata
Metadata
Assignees
Labels
No labels
Activity