526互联

kubernetes 安装harbor

发布时间 2023-12-02 20:23:07作者: ikubernetesi

一、kubernetes 安装harbor

安装Cert-manager

安装Cert-manager 会自动签发免费的Let’s Encrypt HTTPS 证书,并在过期前自动续期。

首先,运行helm repo add 命令添加官方helm仓库

# helm repo add jetstack https://charts.jetstack.io
"jetstack" has been added to your repositories

然后更新本地缓存

# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "aliyun" chart repository
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "bitnami" chart repository
...Successfully got an update from the "ingress-nginx" chart repository
Update Complete. ⎈Happy Helming!⎈

 

1、helm 添加chart仓库

#helm repo add bitnami https://charts.bitnami.com/bitnami
# helm repo ls
NAME         	URL                                                   
bitnami      	https://charts.bitnami.com/bitnami

2、从helm 仓库下载chart包

# helm  pull bitnami/harbor
#tar  zxvf harbor-19.2.1.tgz

 3、修改values.yaml配置

cd harbor
sed -i 's/storageClass: ""/storageClass: "nfs-storageclass"/g' values.yaml

 

4、安装Harbor

[root@master-1-230 harbor]# helm  uninstall harbor01
These resources were kept due to the resource policy:
[PersistentVolumeClaim] harbor01-jobservice
[PersistentVolumeClaim] harbor01-registry

release "harbor01" uninstalled
[root@master-1-230 harbor]# helm  install harbor02  ./harbor
NAME: harbor02
LAST DEPLOYED: Sat Dec  2 20:17:32 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
CHART NAME: harbor
CHART VERSION: 19.2.1
APP VERSION: 2.9.1

** Please be patient while the chart is being deployed **

1. Get the Harbor URL:

  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
        Watch the status with: 'kubectl get svc --namespace default -w harbor02'
    export SERVICE_IP=$(kubectl get svc --namespace default harbor02 --template "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}")
    echo "Harbor URL: http://$SERVICE_IP/"

2. Login with the following credentials to see your Harbor application

  echo Username: "admin"
  echo Password: $(kubectl get secret --namespace default harbor02-core-envvars -o jsonpath="{.data.HARBOR_ADMIN_PASSWORD}" | base64 -d)
[root@master-1-230 harbor]# export SERVICE_IP=$(kubectl get svc --namespace default harbor02 --template "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}")
[root@master-1-230 harbor]#     echo "Harbor URL: http://$SERVICE_IP/"
Harbor URL: http://192.168.1.201/
[root@master-1-230 harbor]#  echo Username: "admin"
Username: admin
[root@master-1-230 harbor]#   echo Password: $(kubectl get secret --namespace default harbor02-core-envvars -o jsonpath="{.data.HARBOR_ADMIN_PASSWORD}" | base64 -d)
Password: 39WETqLeeS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

问题原因
HSTS:HSTS 是 HTTP 严格传输安全(HTTP Strict Transport Security) 的缩写。 这是一种网站用来声明他们只能使用安全连接(HTTPS)访问的方法。 如果一个网站声明了 HSTS 策略,浏览器必须拒绝所有的 HTTP 连接并阻止用户接受不安全的 SSL 证书。 目前大多数主流浏览器都支持 HSTS (只有一些移动浏览器无法使用它)。

参考资料:什么是HSTS,为什么要使用它?

实际上简单理解就是如果浏览器接收到使用 HTTP 加载资源的请求,则必须尝试使用 HTTPS 请求替代。 如果 HTTPS 不可用,则必须直接终止连接。

如何解决
调整键盘为英文输入状态,点击页面内的刷新按钮,刷新一下页面,然后用鼠标点击一下当前页面任意位置,紧接着在当前页面使用键盘直接输入:thisisunsafe 即可(不是在地址栏输入,就直接敲键盘就行了)。按完上面的按键,页面会自动刷新,然后就可以正常访问了。

 

 

参考:https://zhuanlan.zhihu.com/p/662935033