aws ec2部署harbor，使用s3存储

aws ec2部署harbor

官网下载部署文件

wget https://github.com/goharbor/harbor/releases/download/v2.13.1/harbor-online-installer-v2.13.1.tgz

创建名为harbor的IAM用户，给harbor用户或用户组授予S3 Bucket的权限策略。给harbor用户创建访问密钥，用于harbor.yml配置中

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": "arn:aws:s3:::test-harbor"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListMultipartUploadParts",
        "s3:AbortMultipartUpload"
      ],
      "Resource": "arn:aws:s3:::test-harbor/*"
    }
  ]
}

配置harbor.yml文件

hostname: hub.test.com

http:
  port: 80

# 配置证书，也可以只监听80端口，用ALB暴露服务
https:
  port: 443
  certificate: /home/ec2-user/test.com.pem
  private_key: /home/ec2-user/test.com.key

harbor_admin_password: qweasd

database:
  password: 123456

data_volume: /data

storage_service:
  s3:
    accesskey: xxxxxxxxxxx
    secretkey: xxxxxxxxxxxxxxxxxxxxx
    region: ap-southeast-1
    bucket: test-harbor
    regionendpoint: https://s3.ap-southeast-1.amazonaws.com
    secure: true
    v4auth: true

jobservice:
  max_job_workers: 4
  max_job_duration_hours: 24
  job_loggers:
    - STD_OUTPUT
    - FILE
  logger_sweeper_duration: 1

notification:
  webhook_job_max_retry: 3
  webhook_job_http_client_timeout: 3

log:
  level: info
  local:
    rotate_count: 20
    rotate_size: 200M
    location: /var/log/harbor

部署，执行官网部署文件中的install.sh，会根据配置生成docker-compose文件并启动。

sudo ./install.sh