fix and update harbor install
This commit is contained in:
parent
0c38d2369b
commit
249ad2e9ed
@ -1,8 +1,12 @@
|
||||
Deploy with:
|
||||
|
||||
```
|
||||
kubectl create namespace harbor
|
||||
kubectl apply -n harbor -f application.yml -f application-secrets.yml
|
||||
kubectl create namespace harbor-operator
|
||||
kubectl -n harbor-operator create secret generic harbor-minio-credentials --from-literal REGISTRY_STORAGE_S3_ACCESSKEY=...--from-literal=REGISTRY_STORAGE_S3_SECRETKEY=...
|
||||
kubectl -n harbor-operator create secret generic harbor-postgres-password --from-literal password=...
|
||||
|
||||
helm template -n harbor-operator --release-name harbor harbor/harbor --include-crds -f harbor/values.yaml > harbor/application.yml
|
||||
kubectl apply -n harbor -f application.yml -f application-extras.yml
|
||||
```
|
||||
|
||||
After deployment login with Harbor admin credentials and configure OIDC:
|
||||
|
@ -20,4 +20,38 @@ spec:
|
||||
- openid
|
||||
- profile
|
||||
pkce: false
|
||||
|
||||
---
|
||||
apiVersion: codemowers.cloud/v1beta1
|
||||
kind: MinioBucketClaim
|
||||
metadata:
|
||||
name: harbor
|
||||
namespace: harbor-operator
|
||||
spec:
|
||||
capacity: 1Ti
|
||||
class: external
|
||||
---
|
||||
apiVersion: codemowers.cloud/v1beta1
|
||||
kind: SecretClaim
|
||||
metadata:
|
||||
name: dragonfly-auth
|
||||
spec:
|
||||
size: 32
|
||||
mapping:
|
||||
- key: REDIS_PASSWORD
|
||||
value: "%(plaintext)s"
|
||||
- key: REDIS_URI
|
||||
value: "redis://:%(plaintext)s@dragonfly"
|
||||
---
|
||||
apiVersion: dragonflydb.io/v1alpha1
|
||||
kind: Dragonfly
|
||||
metadata:
|
||||
name: dragonfly
|
||||
spec:
|
||||
authentication:
|
||||
passwordFromSecret:
|
||||
key: REDIS_PASSWORD
|
||||
name: dragonfly-auth
|
||||
replicas: 3
|
||||
resources:
|
||||
limits:
|
||||
memory: 5Gi
|
File diff suppressed because it is too large
Load Diff
144
harbor/values.yaml
Normal file
144
harbor/values.yaml
Normal file
@ -0,0 +1,144 @@
|
||||
expose:
|
||||
type: ingress
|
||||
tls:
|
||||
enabled: true
|
||||
ingress:
|
||||
hosts:
|
||||
core: harbor.k-space.ee
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: default
|
||||
kubernetes.io/ingress.class: traefik
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||
labels: {}
|
||||
|
||||
externalURL: https://harbor.k-space.ee
|
||||
|
||||
# The persistence is enabled by default and a default StorageClass
|
||||
# is needed in the k8s cluster to provision volumes dynamically.
|
||||
# Specify another StorageClass in the "storageClass" or set "existingClaim"
|
||||
# if you already have existing persistent volumes to use
|
||||
#
|
||||
# For storing images and charts, you can also use "azure", "gcs", "s3",
|
||||
# "swift" or "oss". Set it in the "imageChartStorage" section
|
||||
persistence:
|
||||
enabled: true
|
||||
# Define which storage backend is used for registry to store
|
||||
# images and charts. Refer to
|
||||
# https://github.com/distribution/distribution/blob/main/docs/content/about/configuration.md#storage
|
||||
# for the detail.
|
||||
persistentVolumeClaim:
|
||||
jobservice:
|
||||
jobLog:
|
||||
existingClaim: ""
|
||||
storageClass: "longhorn"
|
||||
subPath: ""
|
||||
accessMode: ReadWriteMany
|
||||
size: 5Gi
|
||||
annotations: {}
|
||||
imageChartStorage:
|
||||
# Specify whether to disable `redirect` for images and chart storage, for
|
||||
# backends which not supported it (such as using minio for `s3` storage type), please disable
|
||||
# it. To disable redirects, simply set `disableredirect` to `true` instead.
|
||||
# Refer to
|
||||
# https://github.com/distribution/distribution/blob/main/docs/configuration.md#redirect
|
||||
# for the detail.
|
||||
disableredirect: false
|
||||
type: s3
|
||||
s3:
|
||||
# Set an existing secret for S3 accesskey and secretkey
|
||||
# keys in the secret should be REGISTRY_STORAGE_S3_ACCESSKEY and REGISTRY_STORAGE_S3_SECRETKEY for registry
|
||||
existingSecret: "harbor-minio-credentials"
|
||||
region: us-east-1
|
||||
bucket: harbor-operator-e60e5943-234a-496d-ae74-933f6a67c530
|
||||
#accesskey: awsaccesskey
|
||||
#secretkey: awssecretkey
|
||||
regionendpoint: https://external.minio-clusters.k-space.ee
|
||||
#encrypt: false
|
||||
#keyid: mykeyid
|
||||
#secure: true
|
||||
#skipverify: false
|
||||
#v4auth: true
|
||||
#chunksize: "5242880"
|
||||
#rootdirectory: /s3/object/name/prefix
|
||||
#storageclass: STANDARD
|
||||
#multipartcopychunksize: "33554432"
|
||||
#multipartcopymaxconcurrency: 100
|
||||
#multipartcopythresholdsize: "33554432"
|
||||
|
||||
|
||||
# The initial password of Harbor admin. Change it from portal after launching Harbor
|
||||
# or give an existing secret for it
|
||||
# key in secret is given via (default to HARBOR_ADMIN_PASSWORD)
|
||||
# existingSecretAdminPassword:
|
||||
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
|
||||
|
||||
# debug, info, warning, error or fatal
|
||||
logLevel: debug
|
||||
|
||||
# If using existingSecretSecretKey, the key must be secretKey
|
||||
existingSecretSecretKey: "harbor-core-oidc-secret-encryption-key"
|
||||
|
||||
# Run the migration job via helm hook
|
||||
enableMigrateHelmHook: false
|
||||
|
||||
metrics:
|
||||
enabled: true
|
||||
core:
|
||||
path: /metrics
|
||||
port: 8001
|
||||
registry:
|
||||
path: /metrics
|
||||
port: 8001
|
||||
jobservice:
|
||||
path: /metrics
|
||||
port: 8001
|
||||
exporter:
|
||||
path: /metrics
|
||||
port: 8001
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
additionalLabels: {}
|
||||
# Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||||
interval: ""
|
||||
# Metric relabel configs to apply to samples before ingestion.
|
||||
metricRelabelings:
|
||||
[]
|
||||
# - action: keep
|
||||
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
|
||||
# sourceLabels: [__name__]
|
||||
# Relabel configs to apply to samples before ingestion.
|
||||
relabelings:
|
||||
[]
|
||||
# - sourceLabels: [__meta_kubernetes_pod_node_name]
|
||||
# separator: ;
|
||||
# regex: ^(.*)$
|
||||
# targetLabel: nodename
|
||||
# replacement: $1
|
||||
# action: replace
|
||||
|
||||
|
||||
trivy:
|
||||
enabled: false
|
||||
|
||||
database:
|
||||
type: "external"
|
||||
|
||||
external:
|
||||
host: "172.20.43.1"
|
||||
port: "5432"
|
||||
username: "kspace_harbor"
|
||||
coreDatabase: "kspace_harbor"
|
||||
existingSecret: "harbor-postgres-password"
|
||||
sslmode: "disable"
|
||||
|
||||
redis:
|
||||
type: external
|
||||
external:
|
||||
# support redis, redis+sentinel
|
||||
# addr for redis: <host_redis>:<port_redis>
|
||||
# addr for redis+sentinel: <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
|
||||
addr: "dragonfly:6379"
|
||||
username: ""
|
||||
password: "MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge"
|
Loading…
Reference in New Issue
Block a user