当前位置: 首页 > article >正文

Harbor系列之12:对接外部redis和pg数据库的harbor容器化部署

对接外部redis和pg数据库的harbor容器化部署

harbor部署到docker环境中,安装时除了可以自带pg数据库和redis缓存之外,也可以对接外部的pg数据库和redis,在harbor部署到生产环境中和高可用落地方案中可以作为考虑的方案。

本文部署Harbor v2.11.0版本,采用离线部署安装包。关于harbor与redis、pg数据库的配套没有查到官方的兼容性列表,如下为v2.11.0版本的配套版本:

# pg版本
[root@harbor ~]# docker exec -it harbor-db sh
sh-5.2$ postgres --version
postgres (PostgreSQL) 15.7

# redis版本
[root@harbor ~]# docker exec -it redis sh
sh-5.2$ redis-server --version
Redis server v=7.2.4 sha=00000000:0 malloc=jemalloc-5.3.0 bits=64 build=d9d89acc9c7644cd

实际部署中尽可能满足上述配套版本,本文测试对接使用redis6.0 + pg 13.4。同时测试使用pg 11.6版本时,在部署harbor后数据库初始化时存在问题,可能是pg版本不兼容导致的。

1. 准备工作

  1. 下载 Harbor 离线安装包

从 Harbor GitHub releases 页面下载离线安装包,例如 harbor-offline-installer-v2.11.0.tgz

  1. 安装 Docker 和 Docker Compose

确保目标机器上已经安装了 Docker 和 Docker Compose。

在 Linux 主机上:需要 Docker 20.10.10-ce 及以上版本和 Docker Compose 1.18.0 及以上版本。

  1. 准备外部对接的pg和redis

本文通过云平台下发pg数据库和redis缓存进行对接。

pg数据库选用PostgreSQL 13.4版本,采用高可用部署,部署后创建用户harboradmin,密码:Admin@123,访问地址:192.168.1.49:5432。并在pg上创建harbor使用的数据库:harbor_db

redis选用Redis 6.0版本,采用单机版本,密码:Admin@123,访问地址:192.168.1.44:6379

2. 安装部署

harbor-offline-installer-v2.11.0.tgz 上传到待部署机器并解压:

[root@k8s ~]# tar xf harbor-offline-installer-v2.11.0.tgz
[root@k8s ~]# cd harbor
[root@k8s harbor]# ls
common.sh  harbor.v2.11.0.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare

# 创建harbor数据目录,生产环境中可以配置单独的磁盘进行挂载。
mkdir -p /data

配置 Harbor 部署参数:

[root@k8s harbor]# cp harbor.yml.tmpl harbor.yml
[root@k8s harbor]# vi harbor.yml

编辑 harbor.yml 文件,根据实际需求进行配置:

# 修改配置文件,启用对接外部的redis和pg
[root@i-dUoli4JfO harbor]# vim harbor.yml
[root@i-dUoli4JfO harbor]# grep -v "^\s*#\|^\s*$" harbor.yml
hostname: 192.168.1.20    # 机器域名或者ip
http:
  port: 80		# 配置http协议,注销https协议
harbor_admin_password: Admin@123	# harbor控制台密码
database:				
  password: Admin@123	# db密码
  max_idle_conns: 100
  max_open_conns: 900
  conn_max_lifetime: 5m
  conn_max_idle_time: 0
data_volume: /data	# harbor数据存放目录
trivy:
  ignore_unfixed: false
  skip_update: false
  skip_java_db_update: false
  offline_scan: false
  security_check: vuln
  insecure: false
  timeout: 5m0s
jobservice:
  max_job_workers: 10
  job_loggers:
    - STD_OUTPUT
    - FILE
  logger_sweeper_duration: 1 #days
notification:
  webhook_job_max_retry: 3
  webhook_job_http_client_timeout: 3 #seconds
log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
_version: 2.11.0
external_database:	# 取消该部分注释。配置对接外接数据库,即上面创建的pg
   harbor:
     host: 192.168.1.49    # pg访问的ip和端口
     port: 5432
     db_name: harbor_db		# db,用户名,密码
     username: harboradmin
     password: Admin@123
     ssl_mode: disable
     max_idle_conns: 2
     max_open_conns: 0
external_redis:		# 取消该部分注释。配置对接外部的redis
   host: 192.168.1.44:6379    # redis ip和端口
   password: Admin@123    # redis密码
   registry_db_index: 1
   jobservice_db_index: 2
   trivy_db_index: 5
   idle_timeout_seconds: 30
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - trivy
upload_purging:
  enabled: true
  age: 168h
  interval: 24h
  dryrun: false
cache:
  enabled: false
  expire_hours: 24

加载镜像和启动 Harbor:

[root@i-dUoli4JfO harbor]# sh install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 26.1.4

[Step 1]: checking docker-compose is installed ...

Note: Docker Compose version v2.27.1

[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v2.11.0
Loaded image: goharbor/harbor-db:v2.11.0
Loaded image: goharbor/nginx-photon:v2.11.0
Loaded image: goharbor/trivy-adapter-photon:v2.11.0
Loaded image: goharbor/redis-photon:v2.11.0
Loaded image: goharbor/registry-photon:v2.11.0
Loaded image: goharbor/prepare:v2.11.0
Loaded image: goharbor/harbor-portal:v2.11.0
Loaded image: goharbor/harbor-log:v2.11.0
Loaded image: goharbor/harbor-jobservice:v2.11.0
Loaded image: goharbor/harbor-registryctl:v2.11.0
Loaded image: goharbor/harbor-exporter:v2.11.0


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Note: stopping existing Harbor instance ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete 


[Step 5]: starting Harbor ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete 
[+] Running 8/8
 ✔ Network harbor_harbor        Created                                                                                         
 ✔ Container harbor-log         Started                                                                                         
 ✔ Container registry           Started                                                                                         
 ✔ Container harbor-portal      Started                                                                                         
 ✔ Container registryctl        Started                                                                                         
 ✔ Container harbor-core        Started                                                                                         
 ✔ Container harbor-jobservice  Started                                                                                         
 ✔ Container nginx              Started                                                                                         
✔ ----Harbor has been installed and started successfully.----

说明:

  1. 采用外接pg和redis的情况下,部署后只有8个容器,相比于ALL-IN-ONE的环境,少了pg和redis的容器。
  2. 当前机器如果存在同名的容器,也会导致harbor部署失败,例如nginx等。部署之前停止可能冲突的容器。
  3. 部署前确保相关端口未被占用(80,443,1514), 当然端口可以在配置文件中自定义。
  4. 安装trivy扫描工具: ./install.sh --with-trivy

3. 检查部署情况

  1. 查看 Harbor 服务状态
[root@i-dUoli4JfO ~]# docker ps
CONTAINER ID   IMAGE                                 COMMAND                  CREATED          STATUS                    PORTS                                   NAMES
8fed9f4c60ec   goharbor/harbor-jobservice:v2.11.0    "/harbor/entrypoint.…"   13 minutes ago   Up 13 minutes (healthy)                                           harbor-jobservice
a9fb69ea4407   goharbor/nginx-photon:v2.11.0         "nginx -g 'daemon of…"   13 minutes ago   Up 13 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
772cc46b96c9   goharbor/harbor-core:v2.11.0          "/harbor/entrypoint.…"   13 minutes ago   Up 13 minutes (healthy)                                           harbor-core
50cc5a44c494   goharbor/harbor-portal:v2.11.0        "nginx -g 'daemon of…"   13 minutes ago   Up 13 minutes (healthy)                                           harbor-portal
041c393da369   goharbor/registry-photon:v2.11.0      "/home/harbor/entryp…"   13 minutes ago   Up 13 minutes (healthy)                                           registry
57ca3585c154   goharbor/harbor-registryctl:v2.11.0   "/home/harbor/start.…"   13 minutes ago   Up 13 minutes (healthy)                                           registryctl
1cfe8e1a07b5   goharbor/harbor-log:v2.11.0           "/bin/sh -c /usr/loc…"   13 minutes ago   Up 13 minutes (healthy)   127.0.0.1:1514->10514/tcp               harbor-log
  1. 访问 Harbor Web 界面

打开浏览器,访问 http://192.168.1.20,使用配置文件中设置的管理员用户名和密码登录。


http://www.kler.cn/a/329772.html

相关文章:

  • NLP自然语言处理分词模块HanLP
  • 4.Spring AI Prompt:与大模型进行有效沟通
  • Nmap之企业漏洞扫描(Enterprise Vulnerability Scanning for Nmap)
  • 【Vim Masterclass 笔记16】S07L32 + L33:同步练习09 —— 掌握 Vim 宏操作的六个典型案例(含点评课内容)
  • 【Go】Go数据类型详解—指针
  • PyTorch使用教程(6)一文讲清楚torch.nn和torch.nn.functional的区别
  • C++:采用模板封装顺序表,栈,队列
  • 秋招内推2025--招联金融
  • 【MySQL】聚合函数、group by子句
  • Vue 常用的指令用法
  • “大数据+高职”:VR虚拟仿真实训室的发展前景
  • 2、Objects类(为什么重写 equals方法必须重写 hashCode方法)、无序性+随机性+不可重复性的区别
  • Android Studio 占满C盘快速解决方法
  • Matlab|考虑阶梯式碳交易与供需灵活双响应的综合能源系统优化调度
  • 《向量数据库指南》——非结构化数据挑战升级:如何高效导入向量数据库?
  • Android 开发每日定时任务
  • Elasticsearch 使用误区之六——富文本内容写入前不清洗
  • Host文件及switchhosts for mac下载
  • vue3打包疯狂报错
  • 域内用户名枚举 实验
  • 计算机网络的整体认识---网络协议,网络传输过程
  • 媒体专访 | 探寻国家级农业产业化重点龙头企业九三食品的数字化转型破局之路
  • 如何让虚拟机与本地电脑使用同一个ip
  • 基于安卓开发大型体育场管理系统的设计与实现(源码+定制+讲解)
  • 服务器虚拟化软件介绍
  • 【C++掌中宝】从std的角度来进一步了解命名空间