0

Helm Chart for Harbor

部署 Harbor 的 helm chart。(The helm chart to deploy Harbor)

Github repo
Main metrics
  • Owner: goharbor/harbor-helm
  • Platform: Kubernetes, Linux, Mac, Windows
  • License:: Apache License 2.0
  • Category::
  • Topic:
  • Like:
    0
      Compare:

Github stars Tracking Chart

Helm Chart for Harbor

注意:master 分支正在大量开发中,请改用其他稳定版本。您可以在此处找到基于 chart 的高可用解决方案。并参考指南升级现有部署。

该存储库(包括问题)重点在于通过 helm 部署 Harbour chart。因此,对于功能性问题或 Harbor 问题,请在 goharbor/harbor 上打开问题。

介绍

该 Helm chart 将 Harbor 安装在 Kubernetes 集群中。欢迎为“Helm Chart for Harbor”做出贡献。

先决条件

  • Kubernetes cluster 1.10+
  • Helm 2.8.0+

安装

添加 Helm 存储库 

helm repo add harbor https://helm.goharbor.io

配置 chart

可以在安装过程中通过 --set 标志设置以下各项,也可以通过直接编辑 values.yaml 进行配置(需要先下载 chart)。

配置如何公开 Harbor 服务的方式

  • Ingress(入口):入口控制器必须安装在 Kubernetes 集群中。注意:如果禁用 TLS,则在拉/推映像时必须在命令中包含端口。有关详细信息,请参阅问题 #5291。
  • ClusterIP:在群集内部 IP 上公开服务。选择此值将使服务仅可从群集内访问。
  • NodePort:在静态端口(NodePort)上公开每个 Node IP 上的服务。您可以通过请求 NodeIP:NodePort 从集群外部联系 NodePort 服务。
  • LoadBalancer:使用云提供商的负载平衡器在外部公开服务。

配置外部URL

Harbor 核心服务的外部 URL 用于:

  • 填充门户网站上显示的 docker/helm 命令
  • 填充返回给 docker/notary 客户端的令牌服务 URL

格式:protocol://domain[:port]。通常:

  • 如果通过 Ingress 公开服务,则该域应为 Exposure.ingress.hosts.core 的值
  • 如果通过 ClusterIP 公开服务,则该域应为暴露 .clusterIP.name 的值
  • 如果通过 NodePort 公开服务,则域应为一个 Kubernetes 节点的 IP 地址
  • 如果通过 LoadBalancer 公开服务,则将域名设置为您自己的域名,并添加 CNAME 记录以将域名映射到您从云提供商处获得的域名

如果将 Harbour 部署在代理后面,请将其设置为代理的 URL。

配置如何持久化数据的方式

  • 禁用:数据无法在 Pod 终止后幸免。
  • 持久卷声明(默认):Kubernetes 集群中需要一个默认 StorageClass 来动态配置卷。在 storageClass 中指定另一个 StorageClass,或者如果已经存在要使用的永久卷,则设置 existingClaim。
  • 外部存储(仅用于映像和 charts):对于映像和 charts,支持外部存储:azure、gcs、s3 swift 和 oss。

配置机密

  • 秘密密钥:秘密密钥用于组件之间的安全通信。填写 core.secret,jobservice.secret 和 Registry.secret 进行配置。
  • 证书:
    • 公证人:用于通信期间的身份验证。填写 notary.secretName 进行配置。公证服务器证书必须以公证服务名称作为使用者替代名称来颁发。
    • 核心:用于令牌加密/解密。填写 core.secretName 进行配置。

必须设置机密和证书,以避免在每次 Helm 升级时进行更改(请参阅:#107)。

配置配置部分中列出的其他项目

安装 chart

使用发布名称 my-release 安装 Harbor helm chart:

helm 2:

helm install --name my-release harbor/harbor

helm 3:

helm install my-release harbor/harbor

解除安装

要卸载/删除我的发布部署:

helm 2:

helm delete --purge my-release

helm 3:

helm uninstall my-release

(The first version translated by vz on 2020.08.01)

Overview

Name With Ownergoharbor/harbor-helm
Primary LanguageMustache
Program languageGo (Language Count: 3)
PlatformKubernetes, Linux, Mac, Windows
License:Apache License 2.0
Release Count104
Last Release Namev1.14.2 (Posted on )
First Release Namev1.0.0 (Posted on )
Created At2018-08-20 11:59:35
Pushed At2024-04-19 07:43:38
Last Commit At
Stargazers Count1.1k
Watchers Count23
Fork Count735
Commits Count762
Has Issues Enabled
Issues Count800
Issue Open Count39
Pull Requests Count663
Pull Requests Open Count24
Pull Requests Close Count229
Has Wiki Enabled
Is Archived
Is Fork
Is Locked
Is Mirror
Is Private

Helm Chart for Harbor

Notes: The master branch is in heavy development, please use the other stable versions instead. A high available solution for Harbor based on chart can be find here. And refer to the guide to upgrade the existing deployment.

This repository, including the issues, focus on deploying Harbor chart via helm. So for the functionality issues or questions of Harbor, please open issues on goharbor/harbor

Introduction

This Helm chart installs Harbor in a Kubernetes cluster. Welcome to contribute to Helm Chart for Harbor.

Prerequisites

  • Kubernetes cluster 1.10+
  • Helm 2.8.0+

Installation

Add Helm repository

helm repo add harbor https://helm.goharbor.io

Configure the chart

The following items can be set via --set flag during installation or configured by editing the values.yaml directly(need to download the chart first).

Configure the way how to expose Harbor service

  • Ingress: The ingress controller must be installed in the Kubernetes cluster.
    Notes: if the TLS is disabled, the port must be included in the command when pulling/pushing images. Refer to issue #5291 for the detail.
  • ClusterIP: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster.
  • NodePort: Exposes the service on each Node’s IP at a static port (the NodePort). You’ll be able to contact the NodePort service, from outside the cluster, by requesting NodeIP:NodePort.
  • LoadBalancer: Exposes the service externally using a cloud provider’s load balancer.

Configure the external URL

The external URL for Harbor core service is used to:

  1. populate the docker/helm commands showed on portal
  2. populate the token service URL returned to docker/notary client

Format: protocol://domain[:port]. Usually:

  • if expose the service via Ingress, the domain should be the value of expose.ingress.hosts.core
  • if expose the service via ClusterIP, the domain should be the value of expose.clusterIP.name
  • if expose the service via NodePort, the domain should be the IP address of one Kubernetes node
  • if expose the service via LoadBalancer, set the domain as your own domain name and add a CNAME record to map the domain name to the one you got from the cloud provider

If Harbor is deployed behind the proxy, set it as the URL of proxy.

Configure the way how to persistent data

  • Disable: The data does not survive the termination of a pod.
  • Persistent Volume Claim(default): A default StorageClass is needed in the Kubernetes cluster to dynamic provision the volumes. Specify another StorageClass in the storageClass or set existingClaim if you have already existing persistent volumes to use.
  • External Storage(only for images and charts): For images and charts, the external storages are supported: azure, gcs, s3 swift and oss.

Configure the secrets

  • Secret keys: Secret keys are used for secure communication between components. Fill core.secret, jobservice.secret and registry.secret to configure.
  • Certificates:
    • notary: Used for authentication during communications. Fill notary.secretName to configure. Notary server certificate must be issued with notary service name as subject alternative name.
    • core: Used for token encryption/decryption. Fill core.secretName to configure.

Secrets and certificates must be setup to avoid changes on every Helm upgrade (see: #107).

Configure the other items listed in configuration section

Install the chart

Install the Harbor helm chart with a release name my-release:

helm 2:

helm install --name my-release harbor/harbor

helm 3:

helm install my-release harbor/harbor

Uninstallation

To uninstall/delete the my-release deployment:

helm 2:

helm delete --purge my-release

helm 3:

helm uninstall my-release

Configuration

The following table lists the configurable parameters of the Harbor chart and the default values.

To the top