回复
生产环境搭建高可用Harbor(包括恢复演练实操)(一)
icegoblin
发布于 2022-7-4 17:01
浏览
0收藏
前言
因资源成本问题,本Harbor高可用架构为最小开销方案,如果资源充足,可以将PG、Redis全部使用使用云厂商集群模式。
同时为了配置简单,并没有使用keepalived与heartbeat等高可用开源组件。
harbor-arch
准备工作
操作系统为Ubuntu18.04,在2台ECS上搭建主从PG,如果不想用阿里云redis,也可以使用ECS搭建Redis。
安装Harbor,用于导出基础harbor数据,恢复到PG集群中.
1.安装docker-compose
curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo add-apt-repository "deb [arch=amd64] http://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"
# 添加国内阿里云
curl -fsSL http://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -
#更新
sudo apt-get update
[[查看docker]]版本
apt-cache madison docker-ce
#安装最新版
sudo apt-get install -y docker-ce
[[安装5]]:19.03.6~3-0~ubuntu-bionic版
sudo apt-get install -y docker-ce=5:19.03.6~3-0~ubuntu-bionic
2.Docker配置镜像加速与国内docker-cn源
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://8sab4djv.mirror.aliyuncs.com"],
"registry-mirrors": ["https://registry.docker-cn.com"],
"insecure-registries": ["https://harbor.unixsre.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker
镜像加速
3.安装Harbor2.3
# 下载Harbor
wget -P /usr/local wget https://github.com/goharbor/harbor/releases/download/v2.3.2/harbor-online-installer-v2.3.2.tgz
tar zxf /usr/local/harbor-online-installer-v2.3.2.tgz -C /data/harbor
# 修改配置文件,根据自己的需求进行修改
cd /data/harbor
cp harbor.yml.tmpl harbor.yml
# harbor.yml中按需修改或添加如下内容
# Configuration file of Harbor
# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: harbor.unixsre.com
# http related config
http:
# port for http, default is 80. If https enabled, this port will redirect to https port
port: 80
# https related config
https:
# https port for harbor, default is 443
port: 443
# The path of cert and key files for nginx
certificate: /data/harbor/ssl/unixsre.com.cer
private_key: /data/harbor/ssl/unixsre.com.key
# # Uncomment following will enable tls communication between all harbor components
# internal_tls:
# # set enabled to true means internal tls is enabled
# enabled: true
# # put your cert and key files on dir
# dir: /etc/harbor/tls/internal
# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433
# The initial password of Harbor admin
# It only works in first time to install harbor
# Remember Change the admin password from UI after launching Harbor.
# 初始密码,可以修改成自己需要的,然后后续在WEBUI上自行修改。
harbor_admin_password: 1234567
## 添加禁止用户自注册
self_registration: off
## 设置只有管理员可以创建项目
project_creation_restriction: adminonly
# The default data volume
data_volume: /data/harbor
# 执行安装命令
bash /data/harbor/install.sh
# 如果对配置文件harbor.yml,需要使用./prepare脚本重新生成
./prepare
# 重启
docker-compose restart
4.常用命令示例
# 登录
docker login https://harbor.unixsre.com
# 拉取
docker pull busybox
# 打包
docker build -t busybox:v1 .
docker build -t busybox:v1 -f Dockerfile .
# 打TAG
docker tag busybox:latest harbor.unixsre.com/ops/busybox:latest
# 上传
docker push harbor.unixsre.com/library/busybox:latest
# k3s pull
k3s crictl pull harbor.unixsre.com/library/busybox
5.备份Harbor使用到的数据库,并且导出用于恢复.
# 进入容器备份
docker container exec -it harbor-db /bin/bash
# 执行pg备份
pg_dump -U postgres registry > /tmp/registry.sql
pg_dump -U postgres notarysigner > /tmp/notarysigner.sql
pg_dump -U postgres notaryserver > /tmp/notaryserver.sql
# 复制到本地宿主机
docker container cp harbor-db:/tmp/registry.sql /data/harbor/backup_sql/
docker container cp harbor-db:/tmp/notarysigner.sql /data/harbor/backup_sql/
docker container cp harbor-db:/tmp/notaryserver.sql /data/harbor/backup_sql/
欢迎大家关注我的公众号ID:k8stech
文章转自公众号:Kubernetes技术栈
标签
已于2022-7-4 17:01:04修改
赞
收藏
回复
相关推荐