首页
视频
资源
登录
原
Harbor介绍与离线安装
6958
人阅读
2021/3/6 12:44
总访问:
2640839
评论:
0
收藏:
0
手机
分类:
Harbor
![](https://img.tnblog.net/arcimg/hb/3e470e0379914631aaf58f1b79e3012d.jpeg) >#Harbor介绍与离线安装 [TOC] Harbor介绍 ------------ <p style=" font-weight: 400; line-height: 1; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 0px 0px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; border-left-color: #5bc0de;"> Harbor是一个开源的可信云本地注册项目,用于存储、签名和扫描内容。Harbor通过添加用户通常需要的功能(如安全性、身份和管理)扩展了开源Docker发行版。使注册表更接近构建和运行环境可以提高图像传输效率。Harbor支持在注册中心之间复制映像,还提供高级安全功能,如用户管理、访问控制和活动审核。 </p> Harbor离线安装 ------------ ###预备准备环境应用 - 请确保在本地安装了 Docker 与 docker-compose 应用 ###下载Harbor包 <p style=" font-weight: 400; line-height: 1; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 0px 0px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; border-left-color: #5bc0de;"> 查看Harbor版本地址: https://github.com/goharbor/harbor/releases 当前这里最新的版本是2.2,然后我们点击进去,复制下图的第一个链接执行相关命令进行下载 </p> ![](https://img.tnblog.net/arcimg/hb/dc7cdff5fe1a4d59ae5651231074b1cf.png) ```bash wget https://github.com/goharbor/harbor/releases/download/v2.2.0/harbor-offline-installer-v2.2.0.tgz # 解压包 tar zvxf harbor-offline-installer-v2.2.0.tgz # 到harbor包根目录下 cd harbor ``` <p style=" font-weight: 400; line-height: 1; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 0px 0px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; border-left-color: #5bc0de;"> 我们可以看到harbor文件夹下面有如下文件。 LICENSE ---- 许可文件 common.sh ---- 安装脚本的工具脚本 harbor.v2.0.0.tar.gz ---- 各个功能组件的镜像文件压缩包 harbor.yml.tmpl ---- 配置文件的模版,在配置好后我们需要将`tmpl`去掉或者生成新的`harbor.yml` install.sh ---- 安装脚本。 prepare ---- 准备脚本,将harbor.yml配置文件的内容注入各主见的配置文件中。 </p> ### 安装Harbor <p style=" font-weight: 400; line-height: 1; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 0px 0px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; border-left-color: #5bc0de;"> 我们先执行`cp harbor.yml.tmpl harbor.yml`,然后我们将配置harbor,注意如果没有一些指定的证书文件请把https给去掉,更多关于如何配置请参考: https://goharbor.io/docs/2.2.0/install-config/configure-yml-file/ 最后我们将启动我们的组件并进行安装。安装时组件参数如下也可以执行`./install.sh -h`进行查看。 </p> | 参数 | 描述 | | ------------ | ------------ | | `--with-notary` | 选择安装镜像的签名组件Notary,其中包括 Notary Server 和 Notary Signer 如果指定安装 Notary,则必须配置 Harbor 的网络协议为 HTTPS | | `--with-trivy` | 选择安装镜像扫描组件Trivy。 | | `--with-chartmuseum` | 选择安装Chart文件管理组件ChartMuseum | <p style=" font-weight: 400; line-height: 1; color: #212529; -webkit-tap-highlight-color: transparent; box-sizing: border-box; padding: 0px 0px 0px 20px; border: 1px solid #e9ecef; border-left-width: .25rem; border-radius: .25rem; border-left-color: #5bc0de;"> 最后执行安装命令 </p> ```bash ./install.sh ``` ### Helm 安装 tn2>下面的`values.yaml`文件。 ```yaml expose: type: nodePort tls: enabled: true certSource: auto auto: commonName: "10.9.2.98:30003" secret: secretName: "" notarySecretName: "" ingress: hosts: core: "core.harbor.domain" annotations: ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0" nodePort: # The name of NodePort service name: harbor ports: http: # The service port Harbor listens on when serving HTTP port: 80 # The node port Harbor listens on when serving HTTP nodePort: 30002 https: # The service port Harbor listens on when serving HTTPS port: 443 # The node port Harbor listens on when serving HTTPS nodePort: 30003 # Only needed when notary.enabled is set to true notary: # The service port Notary listens on port: 4443 # The node port Notary listens on nodePort: 30004 # 注意这里如果你是nodeport模式请设置某个节点的端口 externalURL: https://10.9.2.98:30003 internalTLS: enabled: false # There are three ways to provide tls # 1) "auto" will generate cert automatically # 2) "manual" need provide cert file manually in following value # 3) "secret" internal certificates from secret certSource: "auto" # The content of trust ca, only available when `certSource` is "manual" trustCa: "" # core related cert configuration core: # secret name for core's tls certs secretName: "" # Content of core's TLS cert file, only available when `certSource` is "manual" crt: "" # Content of core's TLS key file, only available when `certSource` is "manual" key: "" # jobservice related cert configuration jobservice: # secret name for jobservice's tls certs secretName: "" # Content of jobservice's TLS key file, only available when `certSource` is "manual" crt: "" # Content of jobservice's TLS key file, only available when `certSource` is "manual" key: "" # registry related cert configuration registry: # secret name for registry's tls certs secretName: "" # Content of registry's TLS key file, only available when `certSource` is "manual" crt: "" # Content of registry's TLS key file, only available when `certSource` is "manual" key: "" # portal related cert configuration portal: # secret name for portal's tls certs secretName: "" # Content of portal's TLS key file, only available when `certSource` is "manual" crt: "" # Content of portal's TLS key file, only available when `certSource` is "manual" key: "" # chartmuseum related cert configuration chartmuseum: # secret name for chartmuseum's tls certs secretName: "" # Content of chartmuseum's TLS key file, only available when `certSource` is "manual" crt: "" # Content of chartmuseum's TLS key file, only available when `certSource` is "manual" key: "" # trivy related cert configuration trivy: # secret name for trivy's tls certs secretName: "" # Content of trivy's TLS key file, only available when `certSource` is "manual" crt: "" # Content of trivy's TLS key file, only available when `certSource` is "manual" key: "" ipFamily: # ipv6Enabled set to true if ipv6 is enabled in cluster, currently it affected the nginx related component ipv6: enabled: false # ipv4Enabled set to true if ipv4 is enabled in cluster, currently it affected the nginx related component ipv4: enabled: true # The persistence is enabled by default and a default StorageClass # is needed in the k8s cluster to provision volumes dynamically. # Specify another StorageClass in the "storageClass" or set "existingClaim" # if you already have existing persistent volumes to use # # For storing images and charts, you can also use "azure", "gcs", "s3", # "swift" or "oss". Set it in the "imageChartStorage" section persistence: enabled: true # Setting it to "keep" to avoid removing PVCs during a helm delete # operation. Leaving it empty will delete PVCs after the chart deleted # (this does not apply for PVCs that are created for internal database # and redis components, i.e. they are never deleted automatically) resourcePolicy: "keep" persistentVolumeClaim: registry: # Use the existing PVC which must be created manually before bound, # and specify the "subPath" if the PVC is shared with other components existingClaim: "" # Specify the "storageClass" used to provision the volume. Or the default # StorageClass will be used (the default). # Set it to "-" to disable dynamic provisioning storageClass: "nfs-client" subPath: "" accessMode: ReadWriteOnce size: 5Gi annotations: {} chartmuseum: existingClaim: "" storageClass: "nfs-client" subPath: "" accessMode: ReadWriteOnce size: 5Gi annotations: {} jobservice: existingClaim: "" storageClass: "nfs-client" subPath: "" accessMode: ReadWriteOnce size: 1Gi annotations: {} # If external database is used, the following settings for database will # be ignored database: existingClaim: "" storageClass: "nfs-client" subPath: "" accessMode: ReadWriteOnce size: 1Gi annotations: {} # If external Redis is used, the following settings for Redis will # be ignored redis: existingClaim: "" storageClass: "nfs-client" subPath: "" accessMode: ReadWriteOnce size: 1Gi annotations: {} trivy: existingClaim: "" storageClass: "nfs-client" subPath: "" accessMode: ReadWriteOnce size: 5Gi annotations: {} # Define which storage backend is used for registry and chartmuseum to store # images and charts. Refer to # https://github.com/docker/distribution/blob/master/docs/configuration.md#storage # for the detail. imageChartStorage: # Specify whether to disable `redirect` for images and chart storage, for # backends which not supported it (such as using minio for `s3` storage type), please disable # it. To disable redirects, simply set `disableredirect` to `true` instead. # Refer to # https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect # for the detail. disableredirect: false # Specify the "caBundleSecretName" if the storage service uses a self-signed certificate. # The secret must contain keys named "ca.crt" which will be injected into the trust store # of registry's and chartmuseum's containers. # caBundleSecretName: # Specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift", # "oss" and fill the information needed in the corresponding section. The type # must be "filesystem" if you want to use persistent volumes for registry # and chartmuseum type: filesystem filesystem: rootdirectory: /storage #maxthreads: 100 azure: accountname: accountname accountkey: base64encodedaccountkey container: containername #realm: core.windows.net gcs: bucket: bucketname # The base64 encoded json file which contains the key encodedkey: base64-encoded-json-key-file #rootdirectory: /gcs/object/name/prefix #chunksize: "5242880" s3: # Set an existing secret for S3 accesskey and secretkey # keys in the secret should be AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for chartmuseum # keys in the secret should be REGISTRY_STORAGE_S3_ACCESSKEY and REGISTRY_STORAGE_S3_SECRETKEY for registry #existingSecret: "" region: us-west-1 bucket: bucketname #accesskey: awsaccesskey #secretkey: awssecretkey #regionendpoint: http://myobjects.local #encrypt: false #keyid: mykeyid #secure: true #skipverify: false #v4auth: true #chunksize: "5242880" #rootdirectory: /s3/object/name/prefix #storageclass: STANDARD #multipartcopychunksize: "33554432" #multipartcopymaxconcurrency: 100 #multipartcopythresholdsize: "33554432" swift: authurl: https://storage.myprovider.com/v3/auth username: username password: password container: containername #region: fr #tenant: tenantname #tenantid: tenantid #domain: domainname #domainid: domainid #trustid: trustid #insecureskipverify: false #chunksize: 5M #prefix: #secretkey: secretkey #accesskey: accesskey #authversion: 3 #endpointtype: public #tempurlcontainerkey: false #tempurlmethods: oss: accesskeyid: accesskeyid accesskeysecret: accesskeysecret region: regionname bucket: bucketname #endpoint: endpoint #internal: false #encrypt: false #secure: true #chunksize: 10M #rootdirectory: rootdirectory imagePullPolicy: IfNotPresent # Use this set to assign a list of default pullSecrets imagePullSecrets: # - name: docker-registry-secret # - name: internal-registry-secret # The update strategy for deployments with persistent volumes(jobservice, registry # and chartmuseum): "RollingUpdate" or "Recreate" # Set it as "Recreate" when "RWM" for volumes isn't supported updateStrategy: type: RollingUpdate # debug, info, warning, error or fatal logLevel: info # The initial password of Harbor admin. Change it from portal after launching Harbor harborAdminPassword: "Harbor12345" # The name of the secret which contains key named "ca.crt". Setting this enables the # download link on portal to download the CA certificate when the certificate isn't # generated automatically caSecretName: "" # The secret key used for encryption. Must be a string of 16 chars. secretKey: "not-a-secure-key" # The proxy settings for updating trivy vulnerabilities from the Internet and replicating # artifacts from/to the registries that cannot be reached directly proxy: httpProxy: httpsProxy: noProxy: 127.0.0.1,localhost,.local,.internal components: - core - jobservice - trivy # Run the migration job via helm hook enableMigrateHelmHook: false # The custom ca bundle secret, the secret must contain key named "ca.crt" # which will be injected into the trust store for chartmuseum, core, jobservice, registry, trivy components # caBundleSecretName: "" ## UAA Authentication Options # If you're using UAA for authentication behind a self-signed # certificate you will need to provide the CA Cert. # Set uaaSecretName below to provide a pre-created secret that # contains a base64 encoded CA Certificate named `ca.crt`. # uaaSecretName: # If service exposed via "ingress", the Nginx will not be used nginx: image: repository: goharbor/nginx-photon tag: dev # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false replicas: 1 revisionHistoryLimit: 10 # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} ## Additional deployment annotations podAnnotations: {} ## The priority class to run the pod as priorityClassName: portal: image: repository: goharbor/harbor-portal tag: dev # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false replicas: 1 revisionHistoryLimit: 10 # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} ## Additional deployment annotations podAnnotations: {} ## The priority class to run the pod as priorityClassName: core: image: repository: goharbor/harbor-core tag: dev # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false replicas: 1 revisionHistoryLimit: 10 ## Startup probe values startupProbe: enabled: true initialDelaySeconds: 10 # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} ## Additional deployment annotations podAnnotations: {} # Secret is used when core server communicates with other components. # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. secret: "" # Fill the name of a kubernetes secret if you want to use your own # TLS certificate and private key for token encryption/decryption. # The secret must contain keys named: # "tls.crt" - the certificate # "tls.key" - the private key # The default key pair will be used if it isn't set secretName: "" # The XSRF key. Will be generated automatically if it isn't specified xsrfKey: "" ## The priority class to run the pod as priorityClassName: # The time duration for async update artifact pull_time and repository # pull_count, the unit is second. Will be 10 seconds if it isn't set. # eg. artifactPullAsyncFlushDuration: 10 artifactPullAsyncFlushDuration: jobservice: image: repository: goharbor/harbor-jobservice tag: dev replicas: 1 revisionHistoryLimit: 10 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false maxJobWorkers: 10 # The logger for jobs: "file", "database" or "stdout" jobLoggers: - file # - database # - stdout # The jobLogger sweeper duration (ignored if `jobLogger` is `stdout`) loggerSweeperDuration: 14 #days # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} ## Additional deployment annotations podAnnotations: {} # Secret is used when job service communicates with other components. # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. secret: "" ## The priority class to run the pod as priorityClassName: registry: # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false registry: image: repository: goharbor/registry-photon tag: dev # resources: # requests: # memory: 256Mi # cpu: 100m controller: image: repository: goharbor/harbor-registryctl tag: dev # resources: # requests: # memory: 256Mi # cpu: 100m replicas: 1 revisionHistoryLimit: 10 nodeSelector: {} tolerations: [] affinity: {} ## Additional deployment annotations podAnnotations: {} ## The priority class to run the pod as priorityClassName: # Secret is used to secure the upload state from client # and registry storage backend. # See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. secret: "" # If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. relativeurls: false credentials: username: "harbor_registry_user" password: "harbor_registry_password" # Login and password in htpasswd string format. Excludes `registry.credentials.username` and `registry.credentials.password`. May come in handy when integrating with tools like argocd or flux. This allows the same line to be generated each time the template is rendered, instead of the `htpasswd` function from helm, which generates different lines each time because of the salt. # htpasswdString: $apr1$XLefHzeG$Xl4.s00sMSCCcMyJljSZb0 # example string middleware: enabled: false type: cloudFront cloudFront: baseurl: example.cloudfront.net keypairid: KEYPAIRID duration: 3000s ipfilteredby: none # The secret key that should be present is CLOUDFRONT_KEY_DATA, which should be the encoded private key # that allows access to CloudFront privateKeySecret: "my-secret" # enable purge _upload directories upload_purging: enabled: true # remove files in _upload directories which exist for a period of time, default is one week. age: 168h # the interval of the purge operations interval: 24h dryrun: false chartmuseum: enabled: true # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false # Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true' absoluteUrl: false image: repository: goharbor/chartmuseum-photon tag: dev replicas: 1 revisionHistoryLimit: 10 # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} ## Additional deployment annotations podAnnotations: {} ## The priority class to run the pod as priorityClassName: ## limit the number of parallel indexers indexLimit: 0 trivy: # enabled the flag to enable Trivy scanner enabled: false image: # repository the repository for Trivy adapter image repository: goharbor/trivy-adapter-photon # tag the tag for Trivy adapter image tag: dev # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false # replicas the number of Pod replicas replicas: 1 # debugMode the flag to enable Trivy debug mode with more verbose scanning log debugMode: false # vulnType a comma-separated list of vulnerability types. Possible values are `os` and `library`. vulnType: "os,library" # severity a comma-separated list of severities to be checked severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL" # ignoreUnfixed the flag to display only fixed vulnerabilities ignoreUnfixed: false # insecure the flag to skip verifying registry certificate insecure: false # gitHubToken the GitHub access token to download Trivy DB # # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. # It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached # in the local file system (`/home/scanner/.cache/trivy/db/trivy.db`). In addition, the database contains the update # timestamp so Trivy can detect whether it should download a newer version from the Internet or use the cached one. # Currently, the database is updated every 12 hours and published as a new release to GitHub. # # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult # https://developer.github.com/v3/#rate-limiting # # You can create a GitHub token by following the instructions in # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line gitHubToken: "" # skipUpdate the flag to disable Trivy DB downloads from GitHub # # You might want to set the value of this flag to `true` in test or CI/CD environments to avoid GitHub rate limiting issues. # If the value is set to `true` you have to manually download the `trivy.db` file and mount it in the # `/home/scanner/.cache/trivy/db/trivy.db` path. skipUpdate: false # The offlineScan option prevents Trivy from sending API requests to identify dependencies. # # Scanning JAR files and pom.xml may require Internet access for better detection, but this option tries to avoid it. # For example, the offline mode will not try to resolve transitive dependencies in pom.xml when the dependency doesn't # exist in the local repositories. It means a number of detected vulnerabilities might be fewer in offline mode. # It would work if all the dependencies are in local. # This option doesn’t affect DB download. You need to specify skipUpdate as well as offlineScan in an air-gapped environment. offlineScan: false # The duration to wait for scan completion timeout: 5m0s resources: requests: cpu: 200m memory: 512Mi limits: cpu: 1 memory: 1Gi nodeSelector: {} tolerations: [] affinity: {} ## Additional deployment annotations podAnnotations: {} ## The priority class to run the pod as priorityClassName: notary: enabled: false server: # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false image: repository: goharbor/notary-server-photon tag: dev replicas: 1 # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} ## Additional deployment annotations podAnnotations: {} ## The priority class to run the pod as priorityClassName: signer: # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false image: repository: goharbor/notary-signer-photon tag: dev replicas: 1 # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} ## Additional deployment annotations podAnnotations: {} ## The priority class to run the pod as priorityClassName: # Fill the name of a kubernetes secret if you want to use your own # TLS certificate authority, certificate and private key for notary # communications. # The secret must contain keys named ca.crt, tls.crt and tls.key that # contain the CA, certificate and private key. # They will be generated if not set. secretName: "" database: # if external database is used, set "type" to "external" # and fill the connection informations in "external" section type: internal internal: # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false image: repository: goharbor/harbor-db tag: dev # The initial superuser password for internal database password: "changeit" # The size limit for Shared memory, pgSQL use it for shared_buffer # More details see: # https://github.com/goharbor/harbor/issues/15034 shmSizeLimit: 512Mi # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} ## The priority class to run the pod as priorityClassName: initContainer: migrator: {} # resources: # requests: # memory: 128Mi # cpu: 100m permissions: {} # resources: # requests: # memory: 128Mi # cpu: 100m external: host: "192.168.0.1" port: "5432" username: "user" password: "password" coreDatabase: "registry" notaryServerDatabase: "notary_server" notarySignerDatabase: "notary_signer" # "disable" - No SSL # "require" - Always SSL (skip verification) # "verify-ca" - Always SSL (verify that the certificate presented by the # server was signed by a trusted CA) # "verify-full" - Always SSL (verify that the certification presented by the # server was signed by a trusted CA and the server host name matches the one # in the certificate) sslmode: "disable" # The maximum number of connections in the idle connection pool per pod (core+exporter). # If it <=0, no idle connections are retained. maxIdleConns: 100 # The maximum number of open connections to the database per pod (core+exporter). # If it <= 0, then there is no limit on the number of open connections. # Note: the default number of connections is 1024 for postgre of harbor. maxOpenConns: 900 ## Additional deployment annotations podAnnotations: {} redis: # if external Redis is used, set "type" to "external" # and fill the connection informations in "external" section type: internal internal: # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false image: repository: goharbor/redis-photon tag: dev # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} ## The priority class to run the pod as priorityClassName: external: # support redis, redis+sentinel # addr for redis: <host_redis>:<port_redis> # addr for redis+sentinel: <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3> addr: "192.168.0.2:6379" # The name of the set of Redis instances to monitor, it must be set to support redis+sentinel sentinelMasterSet: "" # The "coreDatabaseIndex" must be "0" as the library Harbor # used doesn't support configuring it coreDatabaseIndex: "0" jobserviceDatabaseIndex: "1" registryDatabaseIndex: "2" chartmuseumDatabaseIndex: "3" trivyAdapterIndex: "5" password: "" ## Additional deployment annotations podAnnotations: {} exporter: replicas: 1 revisionHistoryLimit: 10 # resources: # requests: # memory: 256Mi # cpu: 100m podAnnotations: {} serviceAccountName: "" # mount the service account token automountServiceAccountToken: false image: repository: goharbor/harbor-exporter tag: dev nodeSelector: {} tolerations: [] affinity: {} cacheDuration: 23 cacheCleanInterval: 14400 ## The priority class to run the pod as priorityClassName: metrics: enabled: false core: path: /metrics port: 8001 registry: path: /metrics port: 8001 jobservice: path: /metrics port: 8001 exporter: path: /metrics port: 8001 ## Create prometheus serviceMonitor to scrape harbor metrics. ## This requires the monitoring.coreos.com/v1 CRD. Please see ## https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md ## serviceMonitor: enabled: false additionalLabels: {} # Scrape interval. If not set, the Prometheus default scrape interval is used. interval: "" # Metric relabel configs to apply to samples before ingestion. metricRelabelings: [] # - action: keep # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' # sourceLabels: [__name__] # Relabel configs to apply to samples before ingestion. relabelings: [] # - sourceLabels: [__meta_kubernetes_pod_node_name] # separator: ; # regex: ^(.*)$ # targetLabel: nodename # replacement: $1 # action: replace trace: enabled: false # trace provider: jaeger or otel # jaeger should be 1.26+ provider: jaeger # set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth sample_rate: 1 # namespace used to differentiate different harbor services # namespace: # attributes is a key value dict contains user defined attributes used to initialize trace provider # attributes: # application: harbor jaeger: # jaeger supports two modes: # collector mode(uncomment endpoint and uncomment username, password if needed) # agent mode(uncomment agent_host and agent_port) endpoint: http://hostname:14268/api/traces # username: # password: # agent_host: hostname # export trace data by jaeger.thrift in compact mode # agent_port: 6831 otel: endpoint: hostname:4318 url_path: /v1/traces compression: false insecure: true timeout: 10s ``` tn2>通过下列命令Helm进行安装 ```bash helm repo add harbor https://helm.goharbor.io helm install my-harbor harbor/harbor -f values.yaml --create-namespace -n harbor ``` tn2>其他: https://blog.csdn.net/longlong6682/article/details/106923179 <br/> https://chaiyingchao.blog.csdn.net/article/details/112985559?spm=1001.2101.3001.6650.1&utm_medium=distribute.pc_relevant.none-task-blog-2%7Edefault%7ECTRLIST%7Edefault-1-112985559-blog-106923179.pc_relevant_default&depth_1-utm_source=distribute.pc_relevant.none-task-blog-2%7Edefault%7ECTRLIST%7Edefault-1-112985559-blog-106923179.pc_relevant_default&utm_relevant_index=2
欢迎加群讨论技术,1群:677373950(满了,可以加,但通过不了),2群:656732739
👈{{preArticle.title}}
👉{{nextArticle.title}}
评价
{{titleitem}}
{{titleitem}}
{{item.content}}
{{titleitem}}
{{titleitem}}
{{item.content}}
尘叶心繁
这一世以无限游戏为使命!
博主信息
排名
6
文章
6
粉丝
16
评论
8
文章类别
.net后台框架
171篇
linux
17篇
linux中cve
1篇
windows中cve
0篇
资源分享
10篇
Win32
3篇
前端
28篇
传说中的c
4篇
Xamarin
9篇
docker
15篇
容器编排
101篇
grpc
4篇
Go
15篇
yaml模板
1篇
理论
2篇
更多
Sqlserver
4篇
云产品
39篇
git
3篇
Unity
1篇
考证
2篇
RabbitMq
23篇
Harbor
1篇
Ansible
8篇
Jenkins
17篇
Vue
1篇
Ids4
18篇
istio
1篇
架构
2篇
网络
7篇
windbg
4篇
AI
18篇
threejs
2篇
人物
1篇
嵌入式
3篇
python
13篇
HuggingFace
8篇
pytorch
9篇
opencv
6篇
Halcon
3篇
最新文章
最新评价
{{item.articleTitle}}
{{item.blogName}}
:
{{item.content}}
关于我们
ICP备案 :
渝ICP备18016597号-1
网站信息:
2018-2024
TNBLOG.NET
技术交流:
群号656732739
联系我们:
contact@tnblog.net
欢迎加群
欢迎加群交流技术