对接外部redis和pg数据库的harbor容器化部署

harbor部署到docker环境中,安装时除了可以自带pg数据库和redis缓存之外,也可以对接外部的pg数据库和redis,在harbor部署到生产环境中和高可用落地方案中可以作为考虑的方案。

本文部署Harbor v2.11.0版本,采用离线部署安装包。关于harbor与redis、pg数据库的配套没有查到官方的兼容性列表,如下为v2.11.0版本的配套版本:

# pg版本
[root@harbor ~]# docker exec -it harbor-db sh
sh-5.2$ postgres --version
postgres (PostgreSQL) 15.7

# redis版本
[root@harbor ~]# docker exec -it redis sh
sh-5.2$ redis-server --version
Redis server v=7.2.4 sha=00000000:0 malloc=jemalloc-5.3.0 bits=64 build=d9d89acc9c7644cd

实际部署中尽可能满足上述配套版本,本文测试对接使用redis6.0 + pg 13.4。同时测试使用pg 11.6版本时,在部署harbor后数据库初始化时存在问题,可能是pg版本不兼容导致的。

1. 准备工作

  1. 下载 Harbor 离线安装包

Harbor GitHub releases 页面下载离线安装包,例如 harbor-offline-installer-v2.11.0.tgz

  1. 安装 Docker 和 Docker Compose

确保目标机器上已经安装了 Docker 和 Docker Compose。

在 Linux 主机上:需要 Docker 20.10.10-ce 及以上版本和 Docker Compose 1.18.0 及以上版本。

  1. 准备外部对接的pg和redis

本文通过云平台下发pg数据库和redis缓存进行对接。

pg数据库选用PostgreSQL 13.4版本,采用高可用部署,部署后创建用户harboradmin,密码:Admin@123,访问地址:192.168.1.49:5432。并在pg上创建harbor使用的数据库:harbor_db

redis选用Redis 6.0版本,采用单机版本,密码:Admin@123,访问地址:192.168.1.44:6379

2. 安装部署

harbor-offline-installer-v2.11.0.tgz 上传到待部署机器并解压:

[root@k8s ~]# tar xf harbor-offline-installer-v2.11.0.tgz
[root@k8s ~]# cd harbor
[root@k8s harbor]# ls
common.sh  harbor.v2.11.0.tar.gz  harbor.yml.tmpl  install.sh  LICENSE  prepare

# 创建harbor数据目录,生产环境中可以配置单独的磁盘进行挂载。
mkdir -p /data

配置 Harbor 部署参数:

[root@k8s harbor]# cp harbor.yml.tmpl harbor.yml
[root@k8s harbor]# vi harbor.yml

编辑 harbor.yml 文件,根据实际需求进行配置:

# 修改配置文件,启用对接外部的redis和pg
[root@i-dUoli4JfO harbor]# vim harbor.yml
[root@i-dUoli4JfO harbor]# grep -v "^\s*#\|^\s*$" harbor.yml
hostname: 192.168.1.20    # 机器域名或者ip
http:
  port: 80		# 配置http协议,注销https协议
harbor_admin_password: Admin@123	# harbor控制台密码
database:				
  password: Admin@123	# db密码
  max_idle_conns: 100
  max_open_conns: 900
  conn_max_lifetime: 5m
  conn_max_idle_time: 0
data_volume: /data	# harbor数据存放目录
trivy:
  ignore_unfixed: false
  skip_update: false
  skip_java_db_update: false
  offline_scan: false
  security_check: vuln
  insecure: false
  timeout: 5m0s
jobservice:
  max_job_workers: 10
  job_loggers:
    - STD_OUTPUT
    - FILE
  logger_sweeper_duration: 1 #days
notification:
  webhook_job_max_retry: 3
  webhook_job_http_client_timeout: 3 #seconds
log:
  level: info
  local:
    rotate_count: 50
    rotate_size: 200M
    location: /var/log/harbor
_version: 2.11.0
external_database:	# 取消该部分注释。配置对接外接数据库,即上面创建的pg
   harbor:
     host: 192.168.1.49    # pg访问的ip和端口
     port: 5432
     db_name: harbor_db		# db,用户名,密码
     username: harboradmin
     password: Admin@123
     ssl_mode: disable
     max_idle_conns: 2
     max_open_conns: 0
external_redis:		# 取消该部分注释。配置对接外部的redis
   host: 192.168.1.44:6379    # redis ip和端口
   password: Admin@123    # redis密码
   registry_db_index: 1
   jobservice_db_index: 2
   trivy_db_index: 5
   idle_timeout_seconds: 30
proxy:
  http_proxy:
  https_proxy:
  no_proxy:
  components:
    - core
    - jobservice
    - trivy
upload_purging:
  enabled: true
  age: 168h
  interval: 24h
  dryrun: false
cache:
  enabled: false
  expire_hours: 24

加载镜像和启动 Harbor:

[root@i-dUoli4JfO harbor]# sh install.sh 

[Step 0]: checking if docker is installed ...

Note: docker version: 26.1.4

[Step 1]: checking docker-compose is installed ...

Note: Docker Compose version v2.27.1

[Step 2]: loading Harbor images ...
Loaded image: goharbor/harbor-core:v2.11.0
Loaded image: goharbor/harbor-db:v2.11.0
Loaded image: goharbor/nginx-photon:v2.11.0
Loaded image: goharbor/trivy-adapter-photon:v2.11.0
Loaded image: goharbor/redis-photon:v2.11.0
Loaded image: goharbor/registry-photon:v2.11.0
Loaded image: goharbor/prepare:v2.11.0
Loaded image: goharbor/harbor-portal:v2.11.0
Loaded image: goharbor/harbor-log:v2.11.0
Loaded image: goharbor/harbor-jobservice:v2.11.0
Loaded image: goharbor/harbor-registryctl:v2.11.0
Loaded image: goharbor/harbor-exporter:v2.11.0


[Step 3]: preparing environment ...

[Step 4]: preparing harbor configs ...
prepare base dir is set to /root/harbor
WARNING:root:WARNING: HTTP protocol is insecure. Harbor will deprecate http protocol in the future. Please make sure to upgrade to https
Clearing the configuration file: /config/portal/nginx.conf
Clearing the configuration file: /config/log/logrotate.conf
Clearing the configuration file: /config/log/rsyslog_docker.conf
Clearing the configuration file: /config/nginx/nginx.conf
Clearing the configuration file: /config/core/env
Clearing the configuration file: /config/core/app.conf
Clearing the configuration file: /config/registry/passwd
Clearing the configuration file: /config/registry/config.yml
Clearing the configuration file: /config/registry/root.crt
Clearing the configuration file: /config/registryctl/env
Clearing the configuration file: /config/registryctl/config.yml
Clearing the configuration file: /config/db/env
Clearing the configuration file: /config/jobservice/env
Clearing the configuration file: /config/jobservice/config.yml
Generated configuration file: /config/portal/nginx.conf
Generated configuration file: /config/log/logrotate.conf
Generated configuration file: /config/log/rsyslog_docker.conf
Generated configuration file: /config/nginx/nginx.conf
Generated configuration file: /config/core/env
Generated configuration file: /config/core/app.conf
Generated configuration file: /config/registry/config.yml
Generated configuration file: /config/registryctl/env
Generated configuration file: /config/registryctl/config.yml
Generated configuration file: /config/db/env
Generated configuration file: /config/jobservice/env
Generated configuration file: /config/jobservice/config.yml
loaded secret from file: /data/secret/keys/secretkey
Generated configuration file: /compose_location/docker-compose.yml
Clean up the input dir


Note: stopping existing Harbor instance ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete 


[Step 5]: starting Harbor ...
WARN[0000] /root/harbor/docker-compose.yml: `version` is obsolete 
[+] Running 8/8
 ✔ Network harbor_harbor        Created                                                                                         
 ✔ Container harbor-log         Started                                                                                         
 ✔ Container registry           Started                                                                                         
 ✔ Container harbor-portal      Started                                                                                         
 ✔ Container registryctl        Started                                                                                         
 ✔ Container harbor-core        Started                                                                                         
 ✔ Container harbor-jobservice  Started                                                                                         
 ✔ Container nginx              Started                                                                                         
✔ ----Harbor has been installed and started successfully.----

说明:

  1. 采用外接pg和redis的情况下,部署后只有8个容器,相比于ALL-IN-ONE的环境,少了pg和redis的容器。
  2. 当前机器如果存在同名的容器,也会导致harbor部署失败,例如nginx等。部署之前停止可能冲突的容器。
  3. 部署前确保相关端口未被占用(80,443,1514), 当然端口可以在配置文件中自定义。
  4. 安装trivy扫描工具: ./install.sh --with-trivy

3. 检查部署情况

  1. 查看 Harbor 服务状态
[root@i-dUoli4JfO ~]# docker ps
CONTAINER ID   IMAGE                                 COMMAND                  CREATED          STATUS                    PORTS                                   NAMES
8fed9f4c60ec   goharbor/harbor-jobservice:v2.11.0    "/harbor/entrypoint.…"   13 minutes ago   Up 13 minutes (healthy)                                           harbor-jobservice
a9fb69ea4407   goharbor/nginx-photon:v2.11.0         "nginx -g 'daemon of…"   13 minutes ago   Up 13 minutes (healthy)   0.0.0.0:80->8080/tcp, :::80->8080/tcp   nginx
772cc46b96c9   goharbor/harbor-core:v2.11.0          "/harbor/entrypoint.…"   13 minutes ago   Up 13 minutes (healthy)                                           harbor-core
50cc5a44c494   goharbor/harbor-portal:v2.11.0        "nginx -g 'daemon of…"   13 minutes ago   Up 13 minutes (healthy)                                           harbor-portal
041c393da369   goharbor/registry-photon:v2.11.0      "/home/harbor/entryp…"   13 minutes ago   Up 13 minutes (healthy)                                           registry
57ca3585c154   goharbor/harbor-registryctl:v2.11.0   "/home/harbor/start.…"   13 minutes ago   Up 13 minutes (healthy)                                           registryctl
1cfe8e1a07b5   goharbor/harbor-log:v2.11.0           "/bin/sh -c /usr/loc…"   13 minutes ago   Up 13 minutes (healthy)   127.0.0.1:1514->10514/tcp               harbor-log
  1. 访问 Harbor Web 界面

打开浏览器,访问 http://192.168.1.20,使用配置文件中设置的管理员用户名和密码登录。

Logo

开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!

更多推荐