Harbor (feat. helm)

GisangLee·2024년 7월 11일
Harborhelmk8s
0

k8d

목록 보기
30/36

1. 인증서 생성

Private Key

openssl genpkey -algorithm RSA -out tls.key -pkeyopt rsa_keygen_bits:2048

CSR

openssl req -new -key tls.key -out tls.csr -subj "/CN=harbor.yourdomain.com"

인증서

openssl x509 -req -days 365 -in tls.csr -signkey tls.key -out tls.crt

K8s Secret

kubectl create secret tls harbor-ingress-secret --cert=tls.crt --key=tls.key -n harbor

Values

expose:
  type: ingress
  tls:
    enabled: trueoption
    certSource: secret
    auto:
      commonName: ""
    secret:
      secretName: "harbor-ingress-secret"
  ingress:
    hosts:
      core: domain.com
    controller: default
    kubeVersionOverride: ""
    className: "nginx"
    annotations:
      ingress.kubernetes.io/ssl-redirect: "true"
      ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/rewrite-target: "/"
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      
externalURL: https://harbor.com

PV

apiVersion: v1
kind: PersistentVolume
metadata:
  name: harbor-registry-pv
spec:
  capacity:
    storage: 5Gi
  volumeMode: Filesystem
  claimRef:
    name: harbor-registry
    namespace: image-registry
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  hostPath:
    path: /root/documents/persistence/harbor/registry
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: harbor-jobservice-pv
spec:
  capacity:
    storage: 1Gi
  volumeMode: Filesystem
  claimRef:
    name: harbor-jobservice
    namespace: image-registry
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  hostPath:
    path: /root/documents/persistence/harbor/jobservice
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: harbor-db-pv
spec:
  capacity:
    storage: 1Gi
  volumeMode: Filesystem
  claimRef:
    name: database-data-harbor-database-0
    namespace: image-registry
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  hostPath:
    path: /root/documents/persistence/harbor/db
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: harbor-redis-pv
spec:
  capacity:
    storage: 1Gi
  volumeMode: Filesystem
  claimRef:
    name: data-harbor-redis-0
    namespace: image-registry
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  hostPath:
    path: /root/documents/persistence/harbor/redis
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: harbor-trivy-pv
spec:
  capacity:
    storage: 5Gi
  volumeMode: Filesystem
  claimRef:
    name: data-harbor-trivy-0
    namespace: image-registry
  accessModes:
  - ReadWriteOnce
  persistentVolumeReclaimPolicy: Recycle
  hostPath:
    path: /root/documents/persistence/harbor/trivy

PVC Permission

sudo chown -R 10000:10000 <trivy persistence path>
sudo chown -R 999:999 <database persistence path>
sudo chown -R 999:999 <redis persistence path>

Install

helm install -n <name space> harbor harbor/harbor -f values.yaml
profile
GisangLee
포폴 및 이력서 : https://gisanglee.github.io/web-porfolio/
이전 포스트

Jenkins & Argocd & Gitlab & Kustomize & Harbor (feat. 사설 인증서)

다음 포스트

k8s etcd & kube-apiserver 트러블 슈팅

0개의 댓글

관련 채용 정보