k8s helm3安装使用、安装harbor

一、安装

（1）查看：https://github.com/helm/helm/releases

（2）下载：wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz （蓝奏云：https://wws.lanzous.com/iK386mqjfif）

（3）解压并复制可执行文件到系统目录

tar -zxvf helm-v3.5.2-linux-amd64.tar.gz

cp linux-amd64/helm /usr/local/bin/

 

二、使用

1.仓库

（1）查看：helm repo list

（2）添加：helm repo add 简称 仓库路径

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add harbor https://helm.goharbor.io
helm repo add stable https://charts.helm.sh/stable

2.应用

-- 以harbor为例（所需资源：https://download.csdn.net/download/u013595395/15767709）

（1）查找：helm search repo harbor

扫描二维码关注公众号，回复： 12829205 查看本文章

（2）使用：

1.下载配置文件

helm show values harbor/harbor > all-conf.yml

2.下载软件包

helm pull harbor/harbor

3.安装

helm install harbor harbor/harbor
或 helm install harbor ./harbor-1.6.0.tgz
或 tar -zxvf harbor-1.6.0.tgz 再 helm install harbor ./harbor

helm install harbor ./harbor-1.6.0.tgz -f ./conf-1.yml -n a-env

-f：指定使用的配置文件

-n：指定安装的 Namespace

# conf-1.yml

expose:
  type: nodePort
  tls:
    enabled: false
  nodePort:
    ports:
      http:
        port: 80
        nodePort: 30002

harborAdminPassword: "admin"

externalURL: http://192.168.15.135:30002

persistence:
  enabled: false

-- 访问地址：http://192.168.102.129:30002  admin/admin

4.查看当前状态

helm status redis -n a1-service

5.用新配置升级应用

helm upgrade harbor ./harbor-1.6.0.tgz -f ./conf-2.yml -n a-env

6.查找release并卸载

helm list -n a-env  或  helm list -A

helm uninstall harbor -n a-env

7.查看历史版本并回滚

helm history harbor -n a-env

helm rollback harbor 1 -n a-env

3.其他文档

http://www.mydlq.club/article/51

http://docs.minio.org.cn/docs/master/deploy-minio-on-kubernetes

其他harbor配置：

1.使用nfs存储卷

（1）创建pv和pvc

vi pv-pvc.yml

---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: a-soft-harbor-data
  labels:
    name: a-soft-harbor-data
spec:
  # storageClassName: 
  accessModes:
    - ReadWriteOnce
    - ReadWriteMany
  capacity:
    storage: 20Gi
  persistentVolumeReclaimPolicy: Retain   #其他：Recycle、Delete
  nfs:
    server: 192.168.15.135
    path: /a_soft/harbor/data
    
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: a-soft-harbor-data
  namespace: a-env
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 20Gi
  selector:
    matchLabels:
      name: a-soft-harbor-data

kubectl apply -f pv-pvc.yml

（2）需注意nfs中文件夹的权限

chmod -R 777 /a_soft/harbor/data

（3）修改harbor配置文件

vi conf-2.yml

expose:
  type: nodePort
  tls:
    enabled: false
  nodePort:
    name: harbor
    ports:
      http:
        port: 80
        nodePort: 30002

externalURL: http://192.168.102.129:30002

harborAdminPassword: "admin"

persistence:
  enabled: true
  resourcePolicy: "keep"
  persistentVolumeClaim:
    registry:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "registry"
      accessMode: ReadWriteMany
      size: 5Gi
    chartmuseum:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "chartmuseum"
      accessMode: ReadWriteMany
      size: 5Gi
    jobservice:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "jobservice"
      accessMode: ReadWriteMany
      size: 1Gi
    database:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "database"
      accessMode: ReadWriteMany
      size: 1Gi
    redis:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "redis"
      accessMode: ReadWriteMany
      size: 1Gi
    trivy:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "trivy"
      accessMode: ReadWriteMany
      size: 5Gi

helm upgrade harbor ./harbor-1.6.0.tgz -f ./conf-2.yml -n a-env

2.添加证书启用tls

（1）创建证书

https://blog.csdn.net/u013595395/article/details/114279877

（2）通过证书生成secret

kubectl create secret generic tls -n a-env --from-file=tls.crt=./server.crt --from-file=tls.key=./server.key --from-file=ca.crt=./ca.crt --from-file=ca.key=./ca.key

（3）修改harbor配置

expose:
  type: nodePort
  tls:
    enabled: true
    certSource: secret
    secret:
      secretName: "tls"
  nodePort:
    name: harbor
    ports:
      http:
        port: 80
        nodePort: 30002
      https:
        port: 443
        nodePort: 30003

externalURL: https://192.168.15.135:30003

harborAdminPassword: "admin"

persistence:
  enabled: true
  resourcePolicy: "keep"
  persistentVolumeClaim:
    registry:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "registry"
      accessMode: ReadWriteMany
      size: 5Gi
    chartmuseum:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "chartmuseum"
      accessMode: ReadWriteMany
      size: 5Gi
    jobservice:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "jobservice"
      accessMode: ReadWriteMany
      size: 1Gi
    database:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "database"
      accessMode: ReadWriteMany
      size: 1Gi
    redis:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "redis"
      accessMode: ReadWriteMany
      size: 1Gi
    trivy:
      existingClaim: "a-soft-harbor-data"
      storageClass: "-"
      subPath: "trivy"
      accessMode: ReadWriteMany
      size: 5Gi

helm upgrade harbor ./harbor-1.6.0.tgz -f ./conf-3.yml -n a-env

（4）测试

docker login -u admin -p admin 192.168.15.135:30003

docker tag busybox 192.168.15.135:30003/library/busybox:1.0

docker push 192.168.15.135:30003/library/busybox:1.0

-- 注：要把ca证书放到以下目录，不用重启docker

mkdir -p /etc/docker/certs.d/192.168.15.135\:30003

目录：https://blog.csdn.net/u013595395/article/details/114527658