aws ec2部署harbor
官网下载部署文件
shell
复制代码
wget https://github.com/goharbor/harbor/releases/download/v2.13.1/harbor-online-installer-v2.13.1.tgz
创建名为harbor的IAM用户,给harbor用户或用户组授予S3 Bucket的权限策略。给harbor用户创建访问密钥,用于harbor.yml配置中
json
复制代码
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::test-harbor"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload"
],
"Resource": "arn:aws:s3:::test-harbor/*"
}
]
}
配置harbor.yml文件
yaml
复制代码
hostname: hub.test.com
http:
port: 80
# 配置证书,也可以只监听80端口,用ALB暴露服务
https:
port: 443
certificate: /home/ec2-user/test.com.pem
private_key: /home/ec2-user/test.com.key
harbor_admin_password: qweasd
database:
password: 123456
data_volume: /data
storage_service:
s3:
accesskey: xxxxxxxxxxx
secretkey: xxxxxxxxxxxxxxxxxxxxx
region: ap-southeast-1
bucket: test-harbor
regionendpoint: https://s3.ap-southeast-1.amazonaws.com
secure: true
v4auth: true
jobservice:
max_job_workers: 4
max_job_duration_hours: 24
job_loggers:
- STD_OUTPUT
- FILE
logger_sweeper_duration: 1
notification:
webhook_job_max_retry: 3
webhook_job_http_client_timeout: 3
log:
level: info
local:
rotate_count: 20
rotate_size: 200M
location: /var/log/harbor
shell
复制代码
sudo ./install.sh