Open Bpazy opened 6 months ago
helm repo add harbor https://helm.goharbor.io helm install my-harbor harbor/harbor
cat << EOF values.yaml expose: type: ingress # NGINX Ingress confiugration ingress: hosts: core: "harbor-ks.example.com" annotations: ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" # choose letsencrypt-staging or letsencrypt-prod cert-manager.io/cluster-issuer: "letsencrypt-prod" # To be used for the nginx ingress on AKS: #kubernetes.io/ingress.class: nginx className: nginx tls: enabled: true certSource: secret secret: secretName: "tls-harbor" # The external URL for Harbor core service. externalURL: "https://harbor-ks.example.com" EOF helm upgrade my-harbor harbor/harbor -f values.yaml
我这里有逻辑,将 *-ks.example.com 的请求转发到 k8s 的 32154 端口,其中 32154 是 nginx-ingress 监听的 SSL 端口:
*-ks.example.com
server { listen 443 ssl; server_name ~^.+-ks\.example\.com$; ssl_certificate /etc/nginx/ssl/fullchain.cer; ssl_certificate_key /etc/nginx/ssl/example.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass https://localhost:32154; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } }
用户名: admin 密码: Harbor12345
1. 通过 helm 安装 harbor
2. 配置 harbor
3. 配置 NGINX:
我这里有逻辑,将
*-ks.example.com的请求转发到 k8s 的 32154 端口,其中 32154 是 nginx-ingress 监听的 SSL 端口:4. 检验成果
5. 使用默认用户名密码登录并修改默认密码
用户名: admin 密码: Harbor12345