k3s 搭建harbor配置文件-Go服务器开发

以下是k3s搭建Harbor的配置文件：

创建harbor.yaml文件

apiVersion: v1
kind: Namespace
metadata:
  name: harbor

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: harbor-admin
  namespace: harbor

---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: harbor-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: harbor-admin
  namespace: harbor

---
# Configuration for Harbor
apiVersion: v1
kind: ConfigMap
metadata:
  name: harbor-config
  namespace: harbor
data:
  harbor.yml: |
    # Configuration file for Harbor
    hostname: <your harbor hostname>
    http:
      port: 80
      tls:
        certificate: /harbor_cert/harbor.crt
        private_key: /harbor_cert/harbor.key
        ca_certificate: /harbor_cert/ca.crt
    https:
      port: 443
      tls:
        certificate: /harbor_cert/harbor.crt
        private_key: /harbor_cert/harbor.key
        ca_certificate: /harbor_cert/ca.crt
    db:
      password: <your db password>
    external_url: https://<your harbor hostname>
    jobservice:
      max_job_workers: 10
    log:
      level: info
      rotate_size: 200M
    persistence:
      enabled: true
      size: 20Gi
    registry:
      url: https://<your harbor hostname>
      storage:
        s3:
          accesskey: <your s3 accesskey>
          secretkey: <your s3 secretkey>
          region: <your s3 region>
          bucket: <your s3 bucket>
    token_service:
      issuer: harbor-token-issuer
    trivy:
      enabled: true
      image_ref: docker.io/aquasec/trivy:0.20.1
      insecure_skip_tls_verify: true

---
# Harbor deployment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: harbor
  namespace: harbor
spec:
  selector:
    matchLabels:
      app: harbor
  replicas: 1
  template:
    metadata:
      labels:
        app: harbor
    spec:
      serviceAccountName: harbor-admin
      containers:
      - name: harbor
        image: harbor/harbor:v2.1.4
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443
        volumeMounts:
        - name: harbor-cert
          mountPath: /harbor_cert
        - name: harbor-config
          mountPath: /etc/core
          readOnly: true
      volumes:
      - name: harbor-cert
        secret:
          secretName: harbor-tls
      - name: harbor-config
        configMap:
          name: harbor-config

---
# Harbor service
apiVersion: v1
kind: Service
metadata:
  name: harbor
  namespace: harbor
spec:
  selector:
    app: harbor
  ports:
  - name: http
    port: 80
    targetPort: 80
  - name: https
    port: 443
    targetPort: 443

---
# Ingress for Harbor
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: harbor-ingress
  namespace: harbor
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
spec:
  rules:
  - host: <your harbor hostname>
    http:
      paths:
      - path: /
        backend:
          serviceName: harbor
          servicePort: https

创建harbor-tls.yaml文件

apiVersion: v1
kind: Secret
metadata:
  name: harbor-tls
  namespace: harbor
type: kubernetes.io/tls
data:
  tls.crt: <base64 encoded TLS certificate>
  tls.key: <base64 encoded TLS private key>
  ca.crt: <base64 encoded CA certificate chain>

其中，<your harbor hostname>需要替换为你的Harbor主机名，<your db password>需要替换为你的数据库密码，<your s3 accesskey>、<your s3 secretkey>和<your s3 region>需要替换为你的S3存储的访问密钥、秘钥和区域，<your s3 bucket>需要替换为你的S3存储的桶名。

另外，<base64 encoded TLS certificate>、<base64 encoded TLS private key>和<base64 encoded CA certificate chain>需要分别替换为经过base64编码的TLS证书、私钥和CA证书链。