ZBLOG

注册 原创投稿

k3s 搭建harbor配置文件

作者:golang云原生栏目:公开2023-05-12 19:244380

以下是k3s搭建Harbor的配置文件:

  1. 创建harbor.yaml文件
  1. apiVersion: v1
  2. kind: Namespace
  3. metadata:
  4.   name: harbor
  6. ---
  7. apiVersion: v1
  8. kind: ServiceAccount
  9. metadata:
  10.   name: harbor-admin
  11.   namespace: harbor
  13. ---
  14. apiVersion: rbac.authorization.k8s.io/v1beta1
  15. kind: ClusterRoleBinding
  16. metadata:
  17.   name: harbor-admin
  18. roleRef:
  19.   apiGroup: rbac.authorization.k8s.io
  20.   kind: ClusterRole
  21.   name: cluster-admin
  22. subjects:
  23. - kind: ServiceAccount
  24.   name: harbor-admin
  25.   namespace: harbor
  27. ---
  28. # Configuration for Harbor
  29. apiVersion: v1
  30. kind: ConfigMap
  31. metadata:
  32.   name: harbor-config
  33.   namespace: harbor
  34. data:
  35.   harbor.yml: |
  36.     # Configuration file for Harbor
  37.     hostname: <your harbor hostname>
  38.     http:
  39.       port: 80
  40.       tls:
  41.         certificate: /harbor_cert/harbor.crt
  42.         private_key: /harbor_cert/harbor.key
  43.         ca_certificate: /harbor_cert/ca.crt
  44.     https:
  45.       port: 443
  46.       tls:
  47.         certificate: /harbor_cert/harbor.crt
  48.         private_key: /harbor_cert/harbor.key
  49.         ca_certificate: /harbor_cert/ca.crt
  50.     db:
  51.       password: <your db password>
  52.     external_url: https://<your harbor hostname>
  53.     jobservice:
  54.       max_job_workers: 10
  55.     log:
  56.       level: info
  57.       rotate_size: 200M
  58.     persistence:
  59.       enabled: true
  60.       size: 20Gi
  61.     registry:
  62.       url: https://<your harbor hostname>
  63.       storage:
  64.         s3:
  65.           accesskey: <your s3 accesskey>
  66.           secretkey: <your s3 secretkey>
  67.           region: <your s3 region>
  68.           bucket: <your s3 bucket>
  69.     token_service:
  70.       issuer: harbor-token-issuer
  71.     trivy:
  72.       enabled: true
  73.       image_ref: docker.io/aquasec/trivy:0.20.1
  74.       insecure_skip_tls_verify: true
  76. ---
  77. # Harbor deployment
  78. apiVersion: apps/v1
  79. kind: Deployment
  80. metadata:
  81.   name: harbor
  82.   namespace: harbor
  83. spec:
  84.   selector:
  85.     matchLabels:
  86.       app: harbor
  87.   replicas: 1
  88.   template:
  89.     metadata:
  90.       labels:
  91.         app: harbor
  92.     spec:
  93.       serviceAccountName: harbor-admin
  94.       containers:
  95.       - name: harbor
  96.         image: harbor/harbor:v2.1.4
  97.         ports:
  98.         - name: http
  99.           containerPort: 80
  100.         - name: https
  101.           containerPort: 443
  102.         volumeMounts:
  103.         - name: harbor-cert
  104.           mountPath: /harbor_cert
  105.         - name: harbor-config
  106.           mountPath: /etc/core
  107.           readOnly: true
  108.       volumes:
  109.       - name: harbor-cert
  110.         secret:
  111.           secretName: harbor-tls
  112.       - name: harbor-config
  113.         configMap:
  114.           name: harbor-config
  116. ---
  117. # Harbor service
  118. apiVersion: v1
  119. kind: Service
  120. metadata:
  121.   name: harbor
  122.   namespace: harbor
  123. spec:
  124.   selector:
  125.     app: harbor
  126.   ports:
  127.   - name: http
  128.     port: 80
  129.     targetPort: 80
  130.   - name: https
  131.     port: 443
  132.     targetPort: 443
  134. ---
  135. # Ingress for Harbor
  136. apiVersion: networking.k8s.io/v1beta1
  137. kind: Ingress
  138. metadata:
  139.   name: harbor-ingress
  140.   namespace: harbor
  141.   annotations:
  142.     kubernetes.io/ingress.class: nginx
  143.     nginx.ingress.kubernetes.io/proxy-body-size: "0"
  144. spec:
  145.   rules:
  146.   - host: <your harbor hostname>
  147.     http:
  148.       paths:
  149.       - path: /
  150.         backend:
  151.           serviceName: harbor
  152.           servicePort: https
  1. 创建harbor-tls.yaml文件
  1. apiVersion: v1
  2. kind: Secret
  3. metadata:
  4.   name: harbor-tls
  5.   namespace: harbor
  6. type: kubernetes.io/tls
  7. data:
  8.   tls.crt: <base64 encoded TLS certificate>
  9.   tls.key: <base64 encoded TLS private key>
  10.   ca.crt: <base64 encoded CA certificate chain>

其中,<your harbor hostname>需要替换为你的Harbor主机名,<your db password>需要替换为你的数据库密码,<your s3 accesskey><your s3 secretkey><your s3 region>需要替换为你的S3存储的访问密钥、秘钥和区域,<your s3 bucket>需要替换为你的S3存储的桶名。

另外,<base64 encoded TLS certificate><base64 encoded TLS private key><base64 encoded CA certificate chain>需要分别替换为经过base64编码的TLS证书、私钥和CA证书链。

本站部分文章来源于网络,版权归原作者所有,如有侵权请联系站长删除。
转载请注明出处:https://golang.0voice.com/?id=1924

golang云原生 golang云原生 管理员
分享:
扫描分享到社交APP
上一篇
下一篇

相关推荐

发表列表
游客 游客
此处应有掌声~
评论列表

还没有评论,快来说点什么吧~

golang云原生

golang云原生

  • 22661文章
  • 0评论
  • 2粉丝
  • 0被赞
最近发布
热门排行
热评文章
猜您喜欢
热门标签
Copyright ©2022    湖南零声信息科技有限公司    版权所有     湘ICP备18009867号-1          证照中心 

联系我们

在线咨询: 点击这里给我发消息

微信号:3007537140

上班时间: 10:30-22:30

关注我们
x

注册

已经有帐号?
简单注册快人一步