Harbor系列之12:对接外部redis和pg数据库的harbor容器化部署
对接外部redis和pg数据库的harbor容器化部署
harbor部署到docker环境中,安装时除了可以自带pg数据库和redis缓存之外,也可以对接外部的pg数据库和redis,在harbor部署到生产环境中和高可用落地方案中可以作为考虑的方案。
本文部署Harbor v2.11.0版本,采用离线部署安装包。关于harbor与redis、pg数据库的配套没有查到官方的兼容性列表,如下为v2.11.0版本的配套版本:
# pg版本
[root@harbor ~]# docker exec -it harbor-db sh
sh-5.2$ postgres --version
postgres (PostgreSQL) 15.7
# redis版本
[root@harbor ~]# docker exec -it redis sh
sh-5.2$ redis-server --version
Redis server v=7.2.4 sha=00000000:0 malloc=jemalloc-5.3.0 bits=64 build=d9d89acc9c7644cd
实际部署中尽可能满足上述配套版本,本文测试对接使用redis6.0 + pg 13.4。同时测试使用pg 11.6版本时,在部署harbor后数据库初始化时存在问题,可能是pg版本不兼容导致的。
1. 准备工作
- 下载 Harbor 离线安装包
从 Harbor GitHub releases 页面下载离线安装包,例如 harbor-offline-installer-v2.11.0.tgz
。
- 安装 Docker 和 Docker Compose
确保目标机器上已经安装了 Docker 和 Docker Compose。
在 Linux 主机上:需要 Docker 20.10.10-ce 及以上版本和 Docker Compose 1.18.0 及以上版本。
- 准备外部对接的pg和redis
本文通过云平台下发pg数据库和redis缓存进行对接。
pg数据库选用PostgreSQL 13.4版本,采用高可用部署,部署后创建用户harboradmin
,密码:Admin@123
,访问地址:192.168.1.49:5432
。并在pg上创建harbor使用的数据库:harbor_db
。
redis选用Redis 6.0版本,采用单机版本,密码:Admin@123
,访问地址:192.168.1.44:6379
。
2. 安装部署
将 harbor-offline-installer-v2.11.0.tgz
上传到待部署机器并解压:
[root@k8s ~]# tar xf harbor-offline-installer-v2.11.0.tgz
[root@k8s ~]# cd harbor
[root@k8s harbor]# ls
common.sh harbor.v2.11.0.tar.gz harbor.yml.tmpl install.sh LICENSE prepare
# 创建harbor数据目录,生产环境中可以配置单独的磁盘进行挂载。
mkdir -p /data
配置 Harbor 部署参数:
[root@k8s harbor]# cp harbor.yml.tmpl harbor.yml
[root@k8s harbor]# vi harbor.yml
编辑 harbor.yml
文件,根据实际需求进行配置:
# 修改配置文件,启用对接外部的redis和pg
[root@i-dUoli4JfO harbor]# vim harbor.yml
[root@i-dUoli4JfO harbor]# grep -v "^\s*#\|^\s*$" harbor.yml
hostname: 192.168.1.20 # 机器域名或者ip
http:
port: 80 # 配置http协议,注销https协议
harbor_admin_password: Admin@123 # harbor控制台密码
database:
password: Admin@123 # db密码
max_idle_conns: 100
max_open_conns: 900
conn_max_lifetime: 5m
conn_max_idle_time: 0
data_volume: /data # harbor数据存放目录
trivy:
ignore_unfixed: false
skip_update: false
skip_java_db_update: false
offline_scan: false
security_check: vuln
insecure: false
timeout: 5m0s
jobservice:
max_job_workers: 10
job_loggers:
- STD_OUTPUT
- FILE
logger_sweeper_duration: 1 #days
notification:
webhook_job_max_retry: 3
webhook_job_http_client_timeout: 3 #seconds
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: 2.11.0
external_database: # 取消该部分注释。配置对接外接数据库,即上面创建的pg
harbor:
host: 192.168.1.49 # pg访问的ip和端口
port: 5432
db_name: harbor_db # db,用户名,密码
username: harboradmin
password: Admin@123
ssl_mode: disable
max_idle_conns: 2
max_open_conns: 0
external_redis: # 取消该部分注释。配置对接外部的redis
host: 192.168.1.44:6379 # redis ip和端口
password: Admin@123 # redis密码
registry_db_index: 1
jobservice_db_index: 2
trivy_db_index: 5
idle_timeout_seconds: 30
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
upload_purging:
enabled: true
age: 168h
interval: 24h
dryrun: false
cache:
enabled: false
expire_hours: 24
加载镜像和启动 Harbor:
[root@i-dUoli4JfO harbor]# sh install.sh
[Step 0]: checking if docker is installed ...
Note: docker version: 26.1.4
[Step 1]: checking docker-compose is installed ...
Note: Docker Compose version v2.27.1
[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v2.11.0
Loaded image: goharbor/harbor-db:v2.11.0
Loaded image: goharbor/nginx-photon:v2.11.0
Loaded image: goharbor/trivy-adapter-photon:v2.11.0
Loaded image: goharbor/redis-photon:v2.11.0
Loaded image: goharbor/registry-photon:v2.11.0
Loaded image: goharbor/prepare:v2.11.0
Loaded image: goharbor/harbor-portal:v2.11.0
Loaded image: goharbor/harbor-log:v2.11.0
Loaded image: goharbor/harbor-jobservice:v2.11.0
Loaded image: goharbor/harbor-registryctl:v2.11.0
Loaded image: goharbor/harbor-exporter:v2.11.0
[Step 3]: preparing environment ...
[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir
Note: stopping existing Harbor instance ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete
[Step 5]: starting Harbor ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete
[+] Running 8/8
✔ Network harbor_harbor Created
✔ Container harbor-log Started
✔ Container registry Started
✔ Container harbor-portal Started
✔ Container registryctl Started
✔ Container harbor-core Started
✔ Container harbor-jobservice Started
✔ Container nginx Started
✔ ----Harbor has been installed and started successfully.----
说明:
- 采用外接pg和redis的情况下,部署后只有8个容器,相比于ALL-IN-ONE的环境,少了pg和redis的容器。
- 当前机器如果存在同名的容器,也会导致harbor部署失败,例如
nginx
等。部署之前停止可能冲突的容器。- 部署前确保相关端口未被占用(80,443,1514), 当然端口可以在配置文件中自定义。
- 安装trivy扫描工具:
./install.sh --with-trivy
。
3. 检查部署情况
- 查看 Harbor 服务状态
[root@i-dUoli4JfO ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8fed9f4c60ec goharbor/harbor-jobservice:v2.11.0 "/harbor/entrypoint.…" 13 minutes ago Up 13 minutes (healthy) harbor-jobservice
a9fb69ea4407 goharbor/nginx-photon:v2.11.0 "nginx -g 'daemon of…" 13 minutes ago Up 13 minutes (healthy) 0.0.0.0:80->8080/tcp, :::80->8080/tcp nginx
772cc46b96c9 goharbor/harbor-core:v2.11.0 "/harbor/entrypoint.…" 13 minutes ago Up 13 minutes (healthy) harbor-core
50cc5a44c494 goharbor/harbor-portal:v2.11.0 "nginx -g 'daemon of…" 13 minutes ago Up 13 minutes (healthy) harbor-portal
041c393da369 goharbor/registry-photon:v2.11.0 "/home/harbor/entryp…" 13 minutes ago Up 13 minutes (healthy) registry
57ca3585c154 goharbor/harbor-registryctl:v2.11.0 "/home/harbor/start.…" 13 minutes ago Up 13 minutes (healthy) registryctl
1cfe8e1a07b5 goharbor/harbor-log:v2.11.0 "/bin/sh -c /usr/loc…" 13 minutes ago Up 13 minutes (healthy) 127.0.0.1:1514->10514/tcp harbor-log
- 访问 Harbor Web 界面
打开浏览器,访问 http://192.168.1.20
,使用配置文件中设置的管理员用户名和密码登录。