mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-23 09:08:26 +01:00
Merge pull request #97 from perhapszzy/master
Deploy harbor on kubernetes
This commit is contained in:
commit
f01059e022
3
Deploy/kubernetes/dockerfiles/proxy-dockerfile
Normal file
3
Deploy/kubernetes/dockerfiles/proxy-dockerfile
Normal file
@ -0,0 +1,3 @@
|
||||
FROM library/nginx:1.9
|
||||
|
||||
ADD ./config/nginx /etc/nginx
|
33
Deploy/kubernetes/dockerfiles/registry-config.yml
Normal file
33
Deploy/kubernetes/dockerfiles/registry-config.yml
Normal file
@ -0,0 +1,33 @@
|
||||
version: 0.1
|
||||
log:
|
||||
level: debug
|
||||
fields:
|
||||
service: registry
|
||||
storage:
|
||||
cache:
|
||||
layerinfo: inmemory
|
||||
filesystem:
|
||||
rootdirectory: /storage
|
||||
maintenance:
|
||||
uploadpurging:
|
||||
enabled: false
|
||||
http:
|
||||
addr: :5000
|
||||
secret: placeholder
|
||||
debug:
|
||||
addr: localhost:5001
|
||||
auth:
|
||||
token:
|
||||
issuer: registry-token-issuer
|
||||
realm: http://harbor.caicloud.io/service/token
|
||||
rootcertbundle: /etc/registry/root.crt
|
||||
service: token-service
|
||||
|
||||
notifications:
|
||||
endpoints:
|
||||
- name: harbor
|
||||
disabled: false
|
||||
url: http://harbor.caicloud.io/service/notifications
|
||||
timeout: 500
|
||||
threshold: 5
|
||||
backoff: 1000
|
6
Deploy/kubernetes/dockerfiles/registry-dockerfile
Normal file
6
Deploy/kubernetes/dockerfiles/registry-dockerfile
Normal file
@ -0,0 +1,6 @@
|
||||
FROM library/registry:2.3.0
|
||||
|
||||
ADD ./config/registry/ /etc/registry/
|
||||
ADD ./kubernetes/dockerfiles/registry-config.yml /etc/registry/config.yml
|
||||
|
||||
CMD ["/etc/registry/config.yml"]
|
4
Deploy/kubernetes/dockerfiles/ui-dockerfile
Normal file
4
Deploy/kubernetes/dockerfiles/ui-dockerfile
Normal file
@ -0,0 +1,4 @@
|
||||
FROM deploy_ui
|
||||
|
||||
ADD ./config/ui/app.conf /etc/ui/app.conf
|
||||
ADD ./config/ui/private_key.pem /etc/ui/private_key.pem
|
30
Deploy/kubernetes/mysql-rc.yaml
Normal file
30
Deploy/kubernetes/mysql-rc.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
apiVersion: v1
|
||||
kind: ReplicationController
|
||||
metadata:
|
||||
name: mysql
|
||||
labels:
|
||||
name: mysql
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
name: mysql
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: mysql
|
||||
spec:
|
||||
containers:
|
||||
- name: mysql
|
||||
image: caicloud/harbor_deploy_mysql:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 3306
|
||||
env:
|
||||
- name: MYSQL_ROOT_PASSWORD
|
||||
value: root123
|
||||
volumeMounts:
|
||||
- name: mysql-storage
|
||||
mountPath: /var/lib/mysql
|
||||
volumes:
|
||||
- name: mysql-storage
|
||||
emptyDir: {}
|
11
Deploy/kubernetes/mysql-svc.yaml
Normal file
11
Deploy/kubernetes/mysql-svc.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: mysql
|
||||
labels:
|
||||
name: mysql
|
||||
spec:
|
||||
ports:
|
||||
- port: 3306
|
||||
selector:
|
||||
name: mysql
|
22
Deploy/kubernetes/proxy-rc.yaml
Normal file
22
Deploy/kubernetes/proxy-rc.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
apiVersion: v1
|
||||
kind: ReplicationController
|
||||
metadata:
|
||||
name: proxy
|
||||
labels:
|
||||
name: proxy
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
name: proxy
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: proxy
|
||||
spec:
|
||||
containers:
|
||||
- name: proxy
|
||||
image: caicloud/harbor_proxy:latest
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 80
|
||||
- containerPort: 443
|
15
Deploy/kubernetes/proxy-svc.yaml
Normal file
15
Deploy/kubernetes/proxy-svc.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: proxy
|
||||
labels:
|
||||
name: proxy
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
- name: https
|
||||
port: 443
|
||||
selector:
|
||||
name: proxy
|
28
Deploy/kubernetes/registry-rc.yaml
Normal file
28
Deploy/kubernetes/registry-rc.yaml
Normal file
@ -0,0 +1,28 @@
|
||||
apiVersion: v1
|
||||
kind: ReplicationController
|
||||
metadata:
|
||||
name: registry
|
||||
labels:
|
||||
name: registry
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
name: registry
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: registry
|
||||
spec:
|
||||
containers:
|
||||
- name: registry
|
||||
image: caicloud/harbor_registry:2.3.0
|
||||
imagePullPolicy: Always
|
||||
ports:
|
||||
- containerPort: 5000
|
||||
- containerPort: 5001
|
||||
volumeMounts:
|
||||
- name: storage
|
||||
mountPath: /storage
|
||||
volumes:
|
||||
- name: storage
|
||||
emptyDir: {}
|
14
Deploy/kubernetes/registry-svc.yaml
Normal file
14
Deploy/kubernetes/registry-svc.yaml
Normal file
@ -0,0 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: registry
|
||||
labels:
|
||||
name: registry
|
||||
spec:
|
||||
ports:
|
||||
- name: internal
|
||||
port: 5000
|
||||
- name: external
|
||||
port: 5001
|
||||
selector:
|
||||
name: registry
|
49
Deploy/kubernetes/ui-rc.yaml
Normal file
49
Deploy/kubernetes/ui-rc.yaml
Normal file
@ -0,0 +1,49 @@
|
||||
apiVersion: v1
|
||||
kind: ReplicationController
|
||||
metadata:
|
||||
name: ui
|
||||
labels:
|
||||
name: ui
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
name: ui
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: ui
|
||||
spec:
|
||||
containers:
|
||||
- name: ui
|
||||
image: caicloud/harbor_deploy_ui:latest
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: MYSQL_HOST
|
||||
value: mysql
|
||||
- name: MYSQL_PORT
|
||||
value: "3306"
|
||||
- name: MYSQL_USR
|
||||
value: root
|
||||
- name: MYSQL_PWD
|
||||
value: root123
|
||||
- name: REGISTRY_URL
|
||||
value: http://registry:5000
|
||||
- name: CONFIG_PATH
|
||||
value: /etc/ui/app.conf
|
||||
- name: HARBOR_REG_URL
|
||||
value: localhost
|
||||
- name: HARBOR_ADMIN_PASSWORD
|
||||
value: Harbor12345
|
||||
- name: HARBOR_URL
|
||||
value: http://localhost
|
||||
- name: AUTH_MODE
|
||||
value: db_auth
|
||||
- name: LDAP_URL
|
||||
value: ldaps://ldap.mydomain.com
|
||||
- name: LDAP_BASE_DN
|
||||
value: uid=%s,ou=people,dc=mydomain,dc=com
|
||||
- name: LOG_LEVEL
|
||||
value: debug
|
||||
ports:
|
||||
- containerPort: 80
|
||||
|
11
Deploy/kubernetes/ui-svc.yaml
Normal file
11
Deploy/kubernetes/ui-svc.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: ui
|
||||
labels:
|
||||
name: ui
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
selector:
|
||||
name: ui
|
@ -57,6 +57,9 @@ To simplify the installation process, a pre-built installation package of Harbor
|
||||
|
||||
For information on how to use Harbor, please see [User Guide](docs/user_guide.md) .
|
||||
|
||||
### Deploy harbor on Kubernetes
|
||||
Detailed instruction about deploying harbor on Kubernetes is described [here](https://github.com/vmware/harbor/blob/master/kubernetes_deployment.md).
|
||||
|
||||
### Contribution
|
||||
We welcome contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a pull request. For any questions about the CLA process, please refer to our [FAQ](https://cla.vmware.com/faq).
|
||||
|
||||
|
65
kubernetes_deployment.md
Normal file
65
kubernetes_deployment.md
Normal file
@ -0,0 +1,65 @@
|
||||
## Deploy harbor on kubernetes.
|
||||
For now, it's a little tricky to start harbor on kubernetes because
|
||||
1. Registry uses https, so we need cert or workaround to avoid errors like this:
|
||||
```
|
||||
Error response from daemon: invalid registry endpoint https://{HOST}/v0/: unable to ping registry endpoint https://{HOST}/v0/
|
||||
v2 ping attempt failed with error: Get https://{HOST}/v2/: EOF
|
||||
v1 ping attempt failed with error: Get https://{HOST}/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry {HOST}` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/{HOST}/ca.crt
|
||||
```
|
||||
There is a workaround if you don't have a cert. The workaround is to add the host into the list of insecure registry by editting the ```/etc/default/docker``` file:
|
||||
```
|
||||
sudo vi /etc/default/docker
|
||||
```
|
||||
add the line at the end of file:
|
||||
```
|
||||
DOCKER_OPTS="$DOCKER_OPTS --insecure-registry={HOST}"
|
||||
```
|
||||
restart docker service
|
||||
```
|
||||
sudo service docker restart
|
||||
```
|
||||
|
||||
2. The registry config file need to know the IP (or DNS name) of the registry, but on kubernetes, you won't know the IP before the service is created. There are several workarounds to solve this problem for now:
|
||||
- Use DNS name and link th DNS name with the IP after the service is created.
|
||||
- Rebuild the registry image with the service IP after the service is created and use ```kubectl rolling-update``` to update to the new image.
|
||||
|
||||
|
||||
To start harbor on kubernetes, you first need to build the docker images. The docker images for deploying Harbor on Kubernetes depends on the docker images to deploy Harbor with docker-compose. So the first step is to build docker images with docker-compose. Before actually building the images, you need to first adjust the [configuration](https://github.com/vmware/harbor/blob/master/Deploy/harbor.cfg):
|
||||
- Change the [hostname](https://github.com/vmware/harbor/blob/master/Deploy/harbor.cfg#L5) to ```localhost```
|
||||
- Adjust the [email settings](https://github.com/vmware/harbor/blob/master/Deploy/harbor.cfg#L11) according to your needs.
|
||||
|
||||
Then you can run the following commends to build docker images:
|
||||
```
|
||||
cd Deploy
|
||||
./prepare
|
||||
docker-compose build
|
||||
docker build -f kubernetes/dockerfiles/proxy-dockerfile -t {your_account}/proxy .
|
||||
docker build -f kubernetes/dockerfiles/registry-dockerfile -t {your_account}/registry .
|
||||
docker build -f kubernetes/dockerfiles/ui-dockerfile -t {your_account}/deploy_ui .
|
||||
docker tag deploy_mysql {your_account}/deploy_mysql
|
||||
docker push {your_account}/proxy
|
||||
docker push {your_account}/registry
|
||||
docker push {your_account}/deploy_ui
|
||||
docker push {your_account}/deploy_mysql
|
||||
```
|
||||
|
||||
where "your_account" is your own registry. Then you need to update the "image" field in the ```*-rc.yaml``` files at:
|
||||
```
|
||||
Deploy/kubernetes/mysql-rc.yaml
|
||||
Deploy/kubernetes/proxy-rc.yaml
|
||||
Deploy/kubernetes/registry-rc.yaml
|
||||
Deploy/kubernetes/ui-rc.yaml
|
||||
```
|
||||
|
||||
Further more, the following configuration could be changed according to your need:
|
||||
- **harbor_admin_password**: The password for the administrator of Harbor, by default the password is Harbor12345. You can changed it [here](https://github.com/vmware/harbor/blob/master/Deploy/kubernetes/ui-rc.yaml#L36).
|
||||
- **auth_mode**: The authentication mode of Harbor. By default it is *db_auth*, i.e. the credentials are stored in a database. Please set it to *ldap_auth* if you want to verify user's credentials against an LDAP server. You can change the configuration [here](https://github.com/vmware/harbor/blob/master/Deploy/kubernetes/ui-rc.yaml#L40).
|
||||
- **ldap_url**: The URL for LDAP endpoint, for example ldaps://ldap.mydomain.com. It is only used when **auth_mode** is set to *ldap_auth*. It could be changed [here](https://github.com/vmware/harbor/blob/master/Deploy/kubernetes/ui-rc.yaml#L42).
|
||||
- **ldap_basedn**: The basedn template for verifying the user's credentials against LDAP, for example uid=%s,ou=people,dc=mydomain,dc=com. It is only used when **auth_mode** is set to *ldap_auth*. It could be changed [here](https://github.com/vmware/harbor/blob/master/Deploy/kubernetes/ui-rc.yaml#L44).
|
||||
- **db_password**: The password of root user of mySQL database. Change this password for any production use. You need to change both [here](https://github.com/vmware/harbor/blob/master/Deploy/kubernetes/ui-rc.yaml#L28) and [here](https://github.com/vmware/harbor/blob/master/Deploy/harbor.cfg#L32) to make the change. Please note, you need to change the ```harbor.cfg``` before building the docker images.
|
||||
|
||||
Finally you can start the jobs by running:
|
||||
```
|
||||
kubectl create -f Deploy/kubernetes
|
||||
```
|
||||
|
Loading…
Reference in New Issue
Block a user