[Harbor] Install harbor(private docker hub) On k8s through helm and repo goharbor

Posted on By nim No Comments on [Harbor] Install harbor(private docker hub) On k8s through helm and repo goharbor

https://artifacthub.io/packages/helm/harbor/harbor

Có lần mình tưởng 1.7.2 là version app
helm repo add harbor https://helm.goharbor.io

#helm 3:
helm uninstall my-release

value nếu bạn muốn chỉ định các workload có persistent volume, sẽ cái bên các node được chỉ định
harborAdminPassword: –> set password admin

Phần quan trọng: nếu bạn public harbor ra internet với 1 domain cần cấu hình như sau:
nếu bạn ko cấu hình thì login dù password đúng thì vẫn bị báo sai và response status 405

externalURL: https://docker.nimtechnology.com
expose:
  ingress:
    hosts:
      core: docker.nimtechnology.com
harborAdminPassword: "Password696969"
externalURL: https://docker.nimtechnology.com
expose:
  ingress:
    hosts:
      core: docker.nimtechnology.com
registry:
  tolerations:
    - key: "node"
      operator: "Equal"
      value: "storage-ssd"
      effect: "NoSchedule"
  nodeSelector:
    node: "storage-ssd"
jobservice:
  tolerations:
    - key: "node"
      operator: "Equal"
      value: "storage-ssd"
      effect: "NoSchedule"
  nodeSelector:
    node: "storage-ssd"
chartmuseum:
  tolerations:
    - key: "node"
      operator: "Equal"
      value: "storage-ssd"
      effect: "NoSchedule"
  nodeSelector:
    node: "storage-ssd"
trivy:
  tolerations:
    - key: "node"
      operator: "Equal"
      value: "storage-ssd"
      effect: "NoSchedule"
  nodeSelector:
    node: "storage-ssd"
database:
  type: internal
  internal:
    nodeSelector:
      node: "storage-ssd"
    tolerations:
      - key: "node"
        operator: "Equal"
        value: "storage-ssd"
        effect: "NoSchedule"
redis:
  type: internal
  internal:
    nodeSelector:
      node: "storage-ssd"
    tolerations:
      - key: "node"
        operator: "Equal"
        value: "storage-ssd"
        effect: "NoSchedule"

Upadte heml value. Mon 8 Nov
>>>>>>>

harborAdminPassword: "xxxxxx"
externalURL: https://docker.nimtechnology.com
expose:
  ingress:
    hosts:
      core: docker.nimtechnology.com
registry:
  tolerations:
    - key: "node"
      operator: "Equal"
      value: "storage-ssd"
      effect: "NoSchedule"
  nodeSelector:
    node: "storage-ssd"
jobservice:
  nodeSelector:
    node: "storage-hdd"
chartmuseum:
  nodeSelector:
    node: "storage-hdd"
trivy:
  tolerations:
    - key: "node"
      operator: "Equal"
      value: "storage-ssd"
      effect: "NoSchedule"
  nodeSelector:
    node: "storage-ssd"
database:
  type: internal
  internal:
    nodeSelector:
      node: "storage-ssd"
    tolerations:
      - key: "node"
        operator: "Equal"
        value: "storage-ssd"
        effect: "NoSchedule"
redis:
  type: internal
  internal:
    nodeSelector:
      node: "storage-hdd"
persistence:
  enabled: true
  persistentVolumeClaim:
    registry:
      storageClass: "longhorn-fast"
      accessMode: ReadWriteOnce
      size: 5Gi
    chartmuseum:
      storageClass: "longhorn-normal"
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      storageClass: "longhorn-normal"
      accessMode: ReadWriteOnce
      size: 1Gi
    database:
      storageClass: "longhorn-fast"
      accessMode: ReadWriteOnce
      size: 1Gi
    trivy:
      storageClass: "longhorn-fast"
      accessMode: ReadWriteOnce
      size: 5Gi

Bạn có thể tham khảo thêm values.yaml ở đây:
https://waspro.tistory.com/632

Helm harbor tạo sẵn cho chúng ta ingress:

Trên rancher
Trên argocd

Giờ bạn cấu hình cho user đi qua Kong -> rồi mới vào ingress của k8s -> và vào harbor

Nếu bạn gặp lối 404

Vào Kong add thêm plugin cho service

truy cập kiểm tra

Bạn nhớ xoá mấy repo public nhé. để không ai đẩy image vào.

Bạn disable việc để user bên ngoài đăng ký user

làm như sau

Harbor, Kubernetes & Container

More Related Articles

[Docker] Temporary failure in name resolution Docker
[KUBECONFIG] Tìm hiểu về –kubeconfig và –context trong kubeconfig để quan lý nhiều cluster k8s Kubernetes
[kiali] Config authentication on Kiali. Isito-EnvoyFilter
[Istio/multi cluster] Install multi-cluster Istio with mode “Primary-Remote” for Kubernetes on Google Cloud Platform. Isito-EnvoyFilter
[kiali/istio] Fix issue Configured: configmaps “istio” not found Isito-EnvoyFilter
[issue/alpine] docker 20.10.2 -> golang:1-alpine3.14 error: make: go: Operation not permitted Docker

Leave a Reply

Your email address will not be published. Required fields are marked *