Harbor - setup

junkyu lee·2025년 2월 19일
HarborImage Registryhelmkubernetes
0

Harbor

헬름을 통한 setup 진행

1. 저장소 사전 생성

  • helm을 통해 배포 시 pv가 자동 생성 되어 csi를 통해 프로비저닝 하기위해 pvc와 pv를 미리 생성한다.
pv-pvc.yaml 
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-registry-pv
finalizers:
  - kubernetes.io/pv-protection
spec:
accessModes:
  - ReadWriteMany
capacity:
  storage: 1500Gi
csi:
  driver: nfs.csi.k8s.io
  volumeAttributes:
    server: {nas_host}
    share: /harbor/registry
  volumeHandle: harbor-registry-pv
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-csi
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-registry-pvc
namespace: harbor
annotations:
  pv.kubernetes.io/bind-completed: 'yes'
spec:
accessModes:
  - ReadWriteMany
resources:
  requests:
    storage: 1500Gi
storageClassName: nfs-csi
volumeMode: Filesystem
volumeName: harbor-registry-pv
---

apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-chartmuseum-pv
finalizers:
  - kubernetes.io/pv-protection
spec:
accessModes:
  - ReadWriteMany
capacity:
  storage: 1Gi
csi:
  driver: nfs.csi.k8s.io
  volumeAttributes:
    server: {nas_host}
    share: /harbor/chartmuseum
  volumeHandle: harbor-chartmuseum-pv
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-csi
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-chartmuseum-pvc
namespace: harbor
spec:
accessModes:
  - ReadWriteMany
resources:
  requests:
    storage: 1Gi
storageClassName: nfs-csi
volumeMode: Filesystem
volumeName: harbor-chartmuseum-pv
---
# data-harbor-redis
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-redis-pv
spec:
accessModes:
  - ReadWriteMany
capacity:
  storage: 1Gi
csi:
  driver: nfs.csi.k8s.io
  volumeAttributes:
    server: {nas_host}
    share: /harbor/redis
  volumeHandle: harbor-redis-pv
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-csi
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-redis-pvc
namespace: harbor
spec:
accessModes:
  - ReadWriteMany
resources:
  requests:
    storage: 1Gi
storageClassName: nfs-csi
volumeMode: Filesystem
volumeName: harbor-redis-pv
---
# data-harbor-trivy
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-trivy-pv
spec:
accessModes:
  - ReadWriteMany
capacity:
  storage: 5Gi
csi:
  driver: nfs.csi.k8s.io
  volumeAttributes:
    server: {nas_host}
    share: /harbor/trivy
  volumeHandle: harbor-trivy-pv
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-csi
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-trivy-pvc
namespace: harbor
spec:
accessModes:
  - ReadWriteMany
resources:
  requests:
    storage: 5Gi
storageClassName: nfs-csi
volumeMode: Filesystem
volumeName: harbor-trivy-pv
---
# database-data-harbor-database
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-database-pv
spec:
accessModes:
  - ReadWriteOnce
capacity:
  storage: 10Gi
csi:
  driver: nfs.csi.k8s.io
  volumeAttributes:
    server: {nas_host}
    share: /harbor/database
  volumeHandle: harbor-database-pv
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-csi
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-database-pvc
namespace: harbor
spec:
accessModes:
  - ReadWriteOnce # ReadWriteOnce
resources:
  requests:
    storage: 10Gi
storageClassName: nfs-csi
volumeMode: Filesystem
volumeName: harbor-database-pv
---
# harbor-jobservice
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-jobservice-pv
spec:
accessModes:
  - ReadWriteOnce
capacity:
  storage: 5Gi
csi:
  driver: nfs.csi.k8s.io
  volumeAttributes:
    server: {nas_host}
    share: /harbor/jobservice
  volumeHandle: harbor-jobservice-pv
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-csi
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-jobservice
namespace: harbor
labels:
  app.kubernetes.io/managed-by: Helm
annotations:
  meta.helm.sh/release-name: harbor
  meta.helm.sh/release-namespace: harbor
spec:
accessModes:
  - ReadWriteOnce
resources:
  requests:
    storage: 1Gi
storageClassName: nfs-csi
volumeMode: Filesystem
volumeName: harbor-jobservice-pv
  • NAS 프로비저닝 버전, hostpath로 할 경우 커스텀 필요

2. values.yaml 설정

# 사전에 생성한 pvc를 사용하도록 설정
persistence:
  persistentVolumeClaim:
    registry:
      existingClaim: harbor-registry-pvc
    jobservice:
      existingClaim: harbor-jobservice
    database:
      existingClaim: harbor-database-pvc
    redis:
      existingClaim: harbor-redis-pvc
    trivy:
      existingClaim: harbor-trivy-pvc
    log:
      existingClaim: harbor-log-pvc
    chartmuseum:
      existingClaim: harbor-chartmuseum-pvc

# 외부 접근 도메인 설정 - ingress 설정 시 필요
externalURL: https://harbor.com

# ingress 설정
expose:
  ingress:
    enabled: true
    hosts:
      core: harbor.com
    controller: default  # Ingress Controller

3. 설치

helm upgrade --install harbor harbor/harbor \
  --namespace harbor \
  --create-namespace \
  --values values.yaml

삭제 시

helm delete harbor --namespace harbor

4. 인증서 발급

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: harbor-ingress
  namespace: harbor
spec:
  secretName: harbor-ingress
  issuerRef:
    name: lets-encrypt-issuer
    kind: ClusterIssuer
    group: cert-manager.io
  commonName: harbor.com
  dnsNames:
    - "harbor.com"
  • 생성된 certificate 삭제 후 letsencrypt issuer를 사용하는 certificate 생성
  • 생성된 pod 확인
profile
junkyu lee
가끔 기록하는 velog
이전 포스트

Layerd Architecture

다음 포스트

harbor - 로봇 계정으로 kubernetes imagePullSecrts 만들기

0개의 댓글