parent
c9ec56c3be
commit
7a016a8232
@ -0,0 +1,27 @@ |
||||
# Harbor |
||||
See [Deploying Harbor with High Availability via Helm](https://goharbor.io/docs/2.4.0/install-config/harbor-ha-helm/). |
||||
|
||||
## Database setup |
||||
On coffee, switch to the `postgres` user, run `psql`, and execute the following: |
||||
```sql |
||||
CREATE USER harbor WITH PASSWORD 'REPLACE_ME'; |
||||
CREATE DATABASE harbor_registry OWNER harbor; |
||||
REVOKE ALL ON DATABASE harbor_registry FROM PUBLIC; |
||||
CREATE DATABASE harbor_notary_server OWNER harbor; |
||||
REVOKE ALL ON DATABASE harbor_notary_server FROM PUBLIC; |
||||
CREATE DATABASE harbor_notary_signer OWNER harbor; |
||||
REVOKE ALL ON DATABASE harbor_notary_signer FROM PUBLIC; |
||||
``` |
||||
|
||||
## Redis setup |
||||
See [syscom-redis.yaml](../syscom-redis.yaml). The reason why this is in the |
||||
syscom namespace is because we may decide to re-use this Redis server for |
||||
other apps. |
||||
|
||||
## Install the Helm chart |
||||
Open values.yaml and replace all instances of 'REPLACE_ME' with appropriate username/password values. |
||||
|
||||
Check https://artifacthub.io/packages/helm/harbor/harbor to see what the latest **stable** version is. |
||||
```sh |
||||
helm install -f values.yaml --create-namespace --namespace harbor harbor1 harbor/harbor --version 1.8.1 |
||||
``` |
@ -0,0 +1,50 @@ |
||||
# run `helm show values harbor/harbor` to see defaults |
||||
expose: |
||||
# We are performing TLS termination OUTSIDE of the k8s cluster |
||||
tls: |
||||
enabled: false |
||||
type: ingress |
||||
ingress: |
||||
hosts: |
||||
core: registry.cloud.csclub.uwaterloo.ca |
||||
notary: notary.cloud.csclub.uwaterloo.ca |
||||
annotations: |
||||
ingress.kubernetes.io/ssl-redirect: "false" |
||||
nginx.ingress.kubernetes.io/ssl-redirect: "false" |
||||
externalURL: https://registry.cloud.csclub.uwaterloo.ca |
||||
harborAdminPassword: REPLACE_ME |
||||
# must be a string of 16 chars |
||||
secretKey: REPLACE_ME |
||||
ipFamily: |
||||
ipv6: |
||||
enabled: false |
||||
persistence: |
||||
persistentVolumeClaim: |
||||
registry: |
||||
size: 1Ti |
||||
registry: |
||||
credentials: |
||||
username: REPLACE_ME |
||||
password: REPLACE_ME |
||||
chartmuseum: |
||||
enabled: false |
||||
trivy: |
||||
enabled: false |
||||
database: |
||||
type: external |
||||
external: |
||||
host: coffee.csclub.uwaterloo.ca |
||||
port: "5432" |
||||
username: REPLACE_ME |
||||
password: REPLACE_ME |
||||
coreDatabase: harbor_registry |
||||
notaryServerDatabase: harbor_notary_server |
||||
notarySignerDatabase: harbor_notary_signer |
||||
sslmode: require |
||||
redis: |
||||
type: external |
||||
external: |
||||
addr: redis.syscom:6379 |
||||
coreDatabaseIndex: "0" |
||||
jobserviceDatabaseIndex: "1" |
||||
registryDatabaseIndex: "2" |
@ -0,0 +1,78 @@ |
||||
apiVersion: v1 |
||||
kind: ConfigMap |
||||
metadata: |
||||
namespace: syscom |
||||
name: redis-config |
||||
data: |
||||
# Increase the number of databases if necessary. |
||||
# If you add another app which uses this Redis instance, make sure |
||||
# to also update the NetworkPolicy in this file. |
||||
# |
||||
# Database 0: Harbor core |
||||
# Database 1: Harbor job service |
||||
# database 2: Harbor registry |
||||
redis.conf: | |
||||
databases 16 |
||||
--- |
||||
apiVersion: apps/v1 |
||||
kind: Deployment |
||||
metadata: |
||||
namespace: syscom |
||||
name: redis |
||||
labels: |
||||
app: redis |
||||
spec: |
||||
selector: |
||||
matchLabels: |
||||
app: redis |
||||
template: |
||||
metadata: |
||||
labels: |
||||
app: redis |
||||
spec: |
||||
containers: |
||||
- name: redis |
||||
image: redis:6.2 |
||||
volumeMounts: |
||||
- mountPath: "/usr/local/etc/redis" |
||||
name: redis-conf-vol |
||||
ports: |
||||
- name: redis |
||||
containerPort: 6379 |
||||
volumes: |
||||
- name: redis-conf-vol |
||||
configMap: |
||||
name: redis-config |
||||
--- |
||||
apiVersion: v1 |
||||
kind: Service |
||||
metadata: |
||||
name: redis |
||||
namespace: syscom |
||||
spec: |
||||
selector: |
||||
app: redis |
||||
ports: |
||||
- protocol: TCP |
||||
port: 6379 |
||||
targetPort: 6379 |
||||
--- |
||||
apiVersion: networking.k8s.io/v1 |
||||
kind: NetworkPolicy |
||||
metadata: |
||||
name: redis-network-policy |
||||
namespace: syscom |
||||
spec: |
||||
podSelector: |
||||
matchLabels: |
||||
app: redis |
||||
policyTypes: |
||||
- Ingress |
||||
ingress: |
||||
- from: |
||||
- namespaceSelector: |
||||
matchLabels: |
||||
kubernetes.io/metadata.name: syscom |
||||
- namespaceSelector: |
||||
matchLabels: |
||||
kubernetes.io/metadata.name: harbor |
Loading…
Reference in new issue