Chart包托管至Harbor方案

1 集群外harbor服务器准备

1.1 docker-ce安装

wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -O /etc/yum.repos.d/docker-ce.repo

[root@nfsserver harbor]# yum -y install docker-ce

[root@nfsserver harbor]# systemctl enable --now docker

1.2 docker-compose安装

[root@nfsserver ~]# wget https://github.com/docker/compose/releases/download/1.25.0/docker-compose-Linux-x86_64

[root@nfsserver ~]# mv docker-compose-Linux-x86_64 /usr/bin/docker-compose
[root@nfsserver ~]# chmod +x /usr/bin/docker-compose

[root@nfsserver ~]# docker-compose version
docker-compose version 1.25.0, build 0a186604
docker-py version: 4.1.0
CPython version: 3.7.4
OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019

1.3 harbor服务器安装

[root@nfsserver ~]# wget https://github.com/goharbor/harbor/releases/download/v2.5.3/harbor-offline-installer-v2.5.3.tgz

[root@nfsserver harbor]# ls
6864844_kubemsb.com.key  6864844_kubemsb.com.pem  common.sh  harbor.v2.5.3.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare

[root@nfsserver harbor]# mv harbor.yml.tmpl harbor.yml

# vim harbor.yaml

# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: www.kubemsb.com

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 80

# https related config
https:
  # https port for harbor, default is 443
  port: 443
  # The path of cert and key files for nginx
  certificate: /home/harbor/6864844_kubemsb.com.pem
  private_key: /home/harbor/6864844_kubemsb.com.key

# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
#   # set enabled to true means internal tls is enabled
#   enabled: true
#   # put your cert and key files on dir
#   dir: /etc/harbor/tls/internal

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
harbor_admin_password: 12345

# Harbor DB configuration

[root@nfsserver harbor]# ./prepare

[root@nfsserver harbor]# ./install.sh -h

Note: Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https.
Please set --with-trivy if needs enable Trivy in Harbor
Please set --with-chartmuseum if needs enable Chartmuseum in Harbor

[root@nfsserver harbor]# ./install.sh --with-chartmuseum

[root@nfsserver harbor]# docker ps

在主机上解决域名 192.168.10.146 www.kubemsb.com

[root@k8s-master01 ~]# helm repo add harborhelm https://www.kubemsb.com/chartrepo/nginx --username admin --password 12345
"harborhelm" has been added to your repositories

[root@k8s-master01 ~]# helm repo list
NAME                    URL
micosoft                http://mirror.azure.cn/kubernetes/charts/
prometheus-community    https://prometheus-community.github.io/helm-charts
harborhelm              https://www.kubemsb.com/chartrepo/nginx

[root@k8s-master01 ~]# helm search repo helm-nginx
NAME                    CHART VERSION   APP VERSION     DESCRIPTION
harborhelm/helm-nginx   1.0.0

[root@k8s-master01 ~]# helm install helm-nginx-test harborhelm/helm-nginx
NAME: helm-nginx-test
LAST DEPLOYED: Sat Jul 30 20:32:05 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None

[root@k8s-master01 ~]# helm ls
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART                   APP VERSION
helm-nginx-test default         1               2022-07-30 20:32:05.138180077 +0800 CST deployed        helm-nginx-1.0.0

[root@k8s-master01 ~]# kubectl get pods
NAME                                     READY   STATUS    RESTARTS      AGE
helm-nginx-65f57fb758-2hkl6              1/1     Running   0             8s
helm-nginx-65f57fb758-v427b              1/1     Running   0             8s

2 安装helmpush插件

需要安装helmpush插件才能上传

• 在线直接安装

[root@k8s-master01 nginx]# helm plugin install https://github.com/chartmuseum/helm-push
Downloading and installing helm-push v0.10.3 ...
https://github.com/chartmuseum/helm-push/releases/download/v0.10.3/helm-push_0.10.3_linux_amd64.tar.gz
Installed plugin: cm-push
​

[root@k8s-master01 nginx]# ls /root/.local/share/helm/plugins/helm-push/bin/
.  ..  helm-cm-push

3 将打包应用push到harbor

[root@k8s-master01 nginx]# ls
Chart.yaml  templates  values.yaml
​
[root@k8s-master01 nginx]# vim Chart.yaml
name: helm-nginx
version: 1.1.0
​
[root@k8s-master01 nginx]# helm package .
​
Successfully packaged chart and saved it to: /helm/nginx/helm-nginx-1.1.0.tgz
[root@k8s-master01 nginx]# ls
Chart.yaml  helm-nginx-1.1.0.tgz  templates  values.yaml

[root@k8s-master01 nginx]# helm -h
The Kubernetes package manager
...
Available Commands:
  cm-push     Please see https://github.com/chartmuseum/helm-push for usage

[root@k8s-master01 nginx]# helm cm-push --username admin --password 12345 helm-nginx-1.1.0.tgz harborhelm
Pushing helm-nginx-1.1.0.tgz to harborhelm...
Done.