Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Requirements

Setting up a cluster

Please setup a Kubernetes cluster (please see the following guide: Kubernetes ).

Once you have got your cluster up and running you can start deploying Harbor HA.

Adding the Harbor Helm repo

Add the Harbor repo to Helm

helm repo add harbor https://helm.goharbor.io

PostSQL Database

Setup a new PSQL database, please see the following guide (https://www.digitalocean.com/community/tutorials/how-to-install-and-use-postgresql-on-ubuntu-20-04 ) and create a new database called registry for Harbor Core (this is where Harbor will store information about itself).

You will then also need to create an account for Harbor to access the database with, so it can create new tables and manage itself.

You may also need to configure the fire wall and security groups for your database and cluster to be able to talk to each other.

Configuring the chart

*Note this configuration reflects the current state of development.

Please configure each section and put these all in a harbor-values.yaml file.

For a full list of configurable variables please see: https://github.com/goharbor/harbor-helm#configuration

A full example Harbor values file can be seen here: https://github.com/goharbor/harbor-helm/blob/main/values.yaml

Exposing Harbor HA service

We want to expose Harbor HA service through our own load balancer so we set the configuration as follows.

You will need to set the TLS as required, at the moment I have set this as disabled.

You also need to assign a floating IP address to loadBalancer.IP to be able to access the service.

expose:
    type: loadBalancer
    tls:
        # For now tls is disabled
        # Enable TLS or not.
        # Delete the "ssl-redirect" annotations in "expose.ingress.annotations" when TLS is disabled and "expose.type" is "ingress"
        # Note: if the "expose.type" is "ingress" and TLS is disabled,
        # the port must be included in the command when pulling/pushing images.
        # Refer to https://github.com/goharbor/harbor/issues/5291 for details.
        enabled: false
        # The source of the tls certificate. Set as "auto", "secret"
        # or "none" and fill the information in the corresponding section
        # 1) auto: generate the tls certificate automatically
        # 2) secret: read the tls certificate from the specified secret.
        # The tls certificate can be generated manually or by cert manager
        # 3) none: configure no tls certificate for the ingress. If the default
        # tls certificate is configured in the ingress controller, choose this option
        certSource: auto
        auto:
          # The common name used to generate the certificate, it's necessary
          # when the type isn't "ingress"
          commonName: ""
        secret:
        # The name of secret which contains keys named:
        # "tls.crt" - the certificate
        # "tls.key" - the private key
        secretName: ""

loadBalancer:
    # You must assign a floating IP
    IP: ""

Setting Harbor HA to use a external database

Please fill out the database connection info for the database you created earlier. And set ssl settings are required.

And set the jobservice.jobLoggers to - database 

database:
    type: external
    external:
        host: ""
        port: "5432"
        username: ""
        password: ""
        coreDatabase: "registry"
        # if using existing secret, the key must be "password"
        #existingSecret: ""
        # "disable" - No SSL
        # "require" - Always SSL (skip verification)
        # "verify-ca" - Always SSL (verify that the certificate presented by the
        # server was signed by a trusted CA)
        # "verify-full" - Always SSL (verify that the certification presented by the
        # server was signed by a trusted CA and the server host name matches the one
        # in the certificate)
        sslmode: "disable"
    # The maximum number of connections in the idle connection pool per pod (core+exporter).
    # If it <=0, no idle connections are retained.
    maxIdleConns: 100
    # The maximum number of open connections to the database per pod (core+exporter).
    # If it <= 0, then there is no limit on the number of open connections.
    # Note: the default number of connections is 1024 for postgre of harbor.
    maxOpenConns: 900
    ## Additional deployment annotations
    podAnnotations: {}
    ## Additional deployment labels
    podLabels: {}
jobservice:
    jobLoggers: 
        - database

Disabling persistence and using Swift for image and chart storage

For development you can leave persistence.enabled as false.

But if setting up to use Swift please change persistence.type from filesystemto swift

# The persistence is enabled by default and a default StorageClass
# is needed in the k8s cluster to provision volumes dynamically.
# Specify another StorageClass in the "storageClass" or set "existingClaim"
# if you already have existing persistent volumes to use
#
# For storing images and charts, you can also use "azure", "gcs", "s3",
# "swift" or "oss". Set it in the "imageChartStorage" section
persistence:
    enabled: false
    resourcePolicy: ""
    imageChartStorage:
    # Specify whether to disable `redirect` for images and chart storage, for
    # backends which not supported it (such as using minio for `s3` storage type), please disable
    # it. To disable redirects, simply set `disableredirect` to `true` instead.
    # Refer to
    # https://github.com/distribution/distribution/blob/main/docs/configuration.md#redirect
    # for the detail.
    disableredirect: false
    # Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
    # The secret must contain keys named "ca.crt" which will be injected into the trust store
    # of registry's containers.
    # caBundleSecretName:

    # Specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift",
    # "oss" and fill the information needed in the corresponding section. The type
    # must be "filesystem" if you want to use persistent volumes for registry
    type: filesystem
    swift:
      authurl: https://storage.myprovider.com/v3/auth
      username: username
      password: password
      container: containername
      #region: fr
      #tenant: tenantname
      #tenantid: tenantid
      #domain: domainname
      #domainid: domainid
      #trustid: trustid
      #insecureskipverify: false
      #chunksize: 5M
      #prefix:
      #secretkey: secretkey
      #accesskey: accesskey
      #authversion: 3
      #endpointtype: public
      #tempurlcontainerkey: false
      #tempurlmethods:

Installing Harbor HA

Once you have saved all the above configuration into a harbor-values.yaml file we can install Harbor HA onto the cluster.

helm install my-harbor-release harbor/harbor -f harbor-values.yaml

It can take a few minutes to deploy.

Check the status of the deployment with 

kubectl get pods

You can continue to update the chart with 

helm upgrade my-harbor-release harbor/harbor -f harbor-values.yaml

You should now be able to connect to Harbor on the browser via the IP address you set in the harbor-values.yaml file.

You should now be able to run kubectl delete storageclass --all and the deployment will be unaffected.

References

https://goharbor.io/docs/2.9.0/install-config/harbor-ha-helm/

  • No labels