...
Please configure each section and put these all in a of the harbor-values.yaml file from cloud-deployed-apps https://github.com/stfc/cloud-deployed-apps/blob/main/prod-values/harbor-values.yaml
For a full list of configurable variables please see: https://github.com/goharbor/harbor-helm#configuration
A full example Harbor values file can be seen here: https://github.com/goharbor/harbor-helm/blob/main/values.yaml
Exposing Harbor HA service
We want to expose Harbor HA service through our own load balancer so we set the configuration as follows.
You will need to set the TLS as required, at the moment I have set this as disabled.
You also need to assign a floating IP address to loadBalancer.IP to be able to access the service.
| Code Block | ||
|---|---|---|
| ||
expose:
type: loadBalancer
tls:
# For now tls is disabled
# Enable TLS or not.
# Delete the "ssl-redirect" annotations in "expose.ingress.annotations" when TLS is disabled and "expose.type" is "ingress"
# Note: if the "expose.type" is "ingress" and TLS is disabled,
# the port must be included in the command when pulling/pushing images.
# Refer to https://github.com/goharbor/harbor/issues/5291 for details.
enabled: false
# The source of the tls certificate. Set as "auto", "secret"
# or "none" and fill the information in the corresponding section
# 1) auto: generate the tls certificate automatically
# 2) secret: read the tls certificate from the specified secret.
# The tls certificate can be generated manually or by cert manager
# 3) none: configure no tls certificate for the ingress. If the default
# tls certificate is configured in the ingress controller, choose this option
certSource: auto
auto:
# The common name used to generate the certificate, it's necessary
# when the type isn't "ingress"
commonName: ""
secret:
# The name of secret which contains keys named:
# "tls.crt" - the certificate
# "tls.key" - the private key
secretName: ""
loadBalancer:
# You must assign a floating IP
IP: ""
|
Setting Harbor HA to use a external database
Please fill out the database connection info for the database you created earlier. And set ssl settings are required.
And set the jobservice.jobLoggers to - database
| Code Block | ||
|---|---|---|
| ||
database:
type: external
external:
host: ""
port: "5432"
username: ""
password: ""
coreDatabase: "registry"
# if using existing secret, the key must be "password"
#existingSecret: ""
# "disable" - No SSL
# "require" - Always SSL (skip verification)
# "verify-ca" - Always SSL (verify that the certificate presented by the
# server was signed by a trusted CA)
# "verify-full" - Always SSL (verify that the certification presented by the
# server was signed by a trusted CA and the server host name matches the one
# in the certificate)
sslmode: "disable"
# The maximum number of connections in the idle connection pool per pod (core+exporter).
# If it <=0, no idle connections are retained.
maxIdleConns: 100
# The maximum number of open connections to the database per pod (core+exporter).
# If it <= 0, then there is no limit on the number of open connections.
# Note: the default number of connections is 1024 for postgre of harbor.
maxOpenConns: 900
## Additional deployment annotations
podAnnotations: {}
## Additional deployment labels
podLabels: {}
jobservice:
jobLoggers:
- database |
Disabling persistence and using Swift for image and chart storage
For development you can leave persistence.enabled as false.
But if setting up to use Swift please change persistence.type from filesystemto swift
...
Installing Harbor HA
Once you have saved all the above configuration into a harbor-values.yaml file we can install Harbor HA onto the cluster.
...