以下是使用 k3s 搭建 Harbor 的配置文件示例。请将该文件保存为 harbor.yaml
并使用 kubectl apply -f harbor.yaml
命令应用该配置:
apiVersion: v1
kind: Namespace
metadata:
name: harbor
---
# 创建 MySQL 数据库
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-database-pvc
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: harbor-database
namespace: harbor
spec:
selector:
matchLabels:
app: harbor-database
replicas: 1
template:
metadata:
labels:
app: harbor-database
spec:
containers:
- name: harbor-database
image: mysql:5.7
env:
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: harbor-database-secret
key: password
- name: MYSQL_DATABASE
value: registry
ports:
- containerPort: 3306
name: mysql
volumeMounts:
- name: harbor-database-data
mountPath: /var/lib/mysql
volumes:
- name: harbor-database-data
persistentVolumeClaim:
claimName: harbor-database-pvc
---
# 创建 Redis 缓存
apiVersion: v1
kind: Service
metadata:
name: harbor-cache
namespace: harbor
spec:
ports:
- port: 6379
targetPort: 6379
protocol: TCP
selector:
app: harbor-cache
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: harbor-cache
namespace: harbor
spec:
selector:
matchLabels:
app: harbor-cache
replicas: 1
template:
metadata:
labels:
app: harbor-cache
spec:
containers:
- name: harbor-cache
image: redis:5.0.4-alpine
ports:
- containerPort: 6379
name: redis
---
# 创建 Harbor Core 组件
apiVersion: v1
kind: Service
metadata:
name: harbor-core
namespace: harbor
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
- port: 443
targetPort: 443
protocol: TCP
selector:
app: harbor-core
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: harbor-core
namespace: harbor
spec:
selector:
matchLabels:
app: harbor-core
replicas: 1
template:
metadata:
labels:
app: harbor-core
spec:
containers:
- name: harbor-core
image: harbor/harbor-core:v2.2.3
env:
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: harbor-database-secret
key: password
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: harbor-redis-secret
key: password
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: harbor-admin-secret
key: password
- name: HARBOR_SECRETKEY
valueFrom:
secretKeyRef:
name: harbor-core-secret
key: secretkey
- name: HARBOR_TOKEN_SERVICE_HOST
value: "harbor-core"
- name: HARBOR_TOKEN_SERVICE_PORT_HTTPS
value: "4443"
ports:
- containerPort: 80
name: http
- containerPort: 443
name: https
volumeMounts:
- name: harbor-data
mountPath: /data
volumes:
- name: harbor-data
persistentVolumeClaim:
claimName: harbor-data-pvc
---
# 创建 Harbor Registry 组件
apiVersion: v1
kind: Service
metadata:
name: harbor-registry
namespace: harbor
spec:
ports:
- port: 5000
targetPort: 5000
protocol: TCP
selector:
app: harbor-registry
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: harbor-registry
namespace: harbor
spec:
selector:
matchLabels:
app: harbor-registry
replicas: 1
template:
metadata:
labels:
app: harbor-registry
spec:
containers:
- name: harbor-registry
image: harbor/harbor-registry:v2.2.3
env:
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
- name: REGISTRY_LOG_LEVEL
value: "debug"
- name: REGISTRY_STORAGE
value: filesystem
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: /storage
- name: REGISTRY_HTTP_TLS_CERTIFICATE
valueFrom:
secretKeyRef:
name: harbor-registry-secret
key: tls.crt
- name: REGISTRY_HTTP_TLS_KEY
valueFrom:
secretKeyRef:
name: harbor-registry-secret
key: tls.key
ports:
- containerPort: 5000
name: registry
volumeMounts:
- name: harbor-data
mountPath: /data
volumes:
- name: harbor-data
persistentVolumeClaim:
claimName: harbor-data-pvc
---
# 创建 Harbor UI 组件
apiVersion: v1
kind: Service
metadata:
name: harbor-ui
namespace: harbor
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
selector:
app: harbor-core
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: harbor-ui
namespace: harbor
spec:
selector:
matchLabels:
app: harbor-core
replicas: 1
template:
metadata:
labels:
app: harbor-core
spec:
containers:
- name: harbor-ui
image: harbor/harbor-ui:v2.2.3
env:
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: harbor-admin-secret
key: password
- name: HARBOR_SECRETKEY
valueFrom:
secretKeyRef:
name: harbor-core-secret
key: secretkey
ports:
- containerPort: 80
name: http
volumeMounts:
- name: harbor-data
mountPath: /data
volumes:
- name: harbor-data
persistentVolumeClaim:
claimName: harbor-data-pvc