add Harbor
This commit is contained in:
parent
c9ec56c3be
commit
7a016a8232
|
@ -0,0 +1,27 @@
|
|||
# Harbor
|
||||
See [Deploying Harbor with High Availability via Helm](https://goharbor.io/docs/2.4.0/install-config/harbor-ha-helm/).
|
||||
|
||||
## Database setup
|
||||
On coffee, switch to the `postgres` user, run `psql`, and execute the following:
|
||||
```sql
|
||||
CREATE USER harbor WITH PASSWORD 'REPLACE_ME';
|
||||
CREATE DATABASE harbor_registry OWNER harbor;
|
||||
REVOKE ALL ON DATABASE harbor_registry FROM PUBLIC;
|
||||
CREATE DATABASE harbor_notary_server OWNER harbor;
|
||||
REVOKE ALL ON DATABASE harbor_notary_server FROM PUBLIC;
|
||||
CREATE DATABASE harbor_notary_signer OWNER harbor;
|
||||
REVOKE ALL ON DATABASE harbor_notary_signer FROM PUBLIC;
|
||||
```
|
||||
|
||||
## Redis setup
|
||||
See [syscom-redis.yaml](../syscom-redis.yaml). The reason why this is in the
|
||||
syscom namespace is because we may decide to re-use this Redis server for
|
||||
other apps.
|
||||
|
||||
## Install the Helm chart
|
||||
Open values.yaml and replace all instances of 'REPLACE_ME' with appropriate username/password values.
|
||||
|
||||
Check https://artifacthub.io/packages/helm/harbor/harbor to see what the latest **stable** version is.
|
||||
```sh
|
||||
helm install -f values.yaml --create-namespace --namespace harbor harbor1 harbor/harbor --version 1.8.1
|
||||
```
|
|
@ -0,0 +1,50 @@
|
|||
# run `helm show values harbor/harbor` to see defaults
|
||||
expose:
|
||||
# We are performing TLS termination OUTSIDE of the k8s cluster
|
||||
tls:
|
||||
enabled: false
|
||||
type: ingress
|
||||
ingress:
|
||||
hosts:
|
||||
core: registry.cloud.csclub.uwaterloo.ca
|
||||
notary: notary.cloud.csclub.uwaterloo.ca
|
||||
annotations:
|
||||
ingress.kubernetes.io/ssl-redirect: "false"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
||||
externalURL: https://registry.cloud.csclub.uwaterloo.ca
|
||||
harborAdminPassword: REPLACE_ME
|
||||
# must be a string of 16 chars
|
||||
secretKey: REPLACE_ME
|
||||
ipFamily:
|
||||
ipv6:
|
||||
enabled: false
|
||||
persistence:
|
||||
persistentVolumeClaim:
|
||||
registry:
|
||||
size: 1Ti
|
||||
registry:
|
||||
credentials:
|
||||
username: REPLACE_ME
|
||||
password: REPLACE_ME
|
||||
chartmuseum:
|
||||
enabled: false
|
||||
trivy:
|
||||
enabled: false
|
||||
database:
|
||||
type: external
|
||||
external:
|
||||
host: coffee.csclub.uwaterloo.ca
|
||||
port: "5432"
|
||||
username: REPLACE_ME
|
||||
password: REPLACE_ME
|
||||
coreDatabase: harbor_registry
|
||||
notaryServerDatabase: harbor_notary_server
|
||||
notarySignerDatabase: harbor_notary_signer
|
||||
sslmode: require
|
||||
redis:
|
||||
type: external
|
||||
external:
|
||||
addr: redis.syscom:6379
|
||||
coreDatabaseIndex: "0"
|
||||
jobserviceDatabaseIndex: "1"
|
||||
registryDatabaseIndex: "2"
|
|
@ -0,0 +1,78 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
namespace: syscom
|
||||
name: redis-config
|
||||
data:
|
||||
# Increase the number of databases if necessary.
|
||||
# If you add another app which uses this Redis instance, make sure
|
||||
# to also update the NetworkPolicy in this file.
|
||||
#
|
||||
# Database 0: Harbor core
|
||||
# Database 1: Harbor job service
|
||||
# database 2: Harbor registry
|
||||
redis.conf: |
|
||||
databases 16
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
namespace: syscom
|
||||
name: redis
|
||||
labels:
|
||||
app: redis
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: redis
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: redis
|
||||
spec:
|
||||
containers:
|
||||
- name: redis
|
||||
image: redis:6.2
|
||||
volumeMounts:
|
||||
- mountPath: "/usr/local/etc/redis"
|
||||
name: redis-conf-vol
|
||||
ports:
|
||||
- name: redis
|
||||
containerPort: 6379
|
||||
volumes:
|
||||
- name: redis-conf-vol
|
||||
configMap:
|
||||
name: redis-config
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: redis
|
||||
namespace: syscom
|
||||
spec:
|
||||
selector:
|
||||
app: redis
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 6379
|
||||
targetPort: 6379
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: redis-network-policy
|
||||
namespace: syscom
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
app: redis
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: syscom
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
kubernetes.io/metadata.name: harbor
|
Loading…
Reference in New Issue