Redeployed Harbor as external instance
This commit is contained in:
parent
37e819d73e
commit
2e3e066d68
11
README.md
11
README.md
|
|
@ -246,17 +246,10 @@ kubectl exec -i guacamole-<pod-id> --container mysql -- mysql -uguacamole -pguac
|
|||
kubectl rollout restart deployment guacamole
|
||||
```
|
||||
##### 4.7) [Harbor](https://goharbor.io/) <small>(container image registry)</small>
|
||||
Create `ingressRoute` and `storageClass`
|
||||
*Running externally; refer to [Ansible.Harbor](https://code.spamasaurus.com/djpbessems/Ansible.Harbor/src/branch/master)-repository for actual setup*
|
||||
Create `Endpoint`, `service` and `ingressRoute`
|
||||
```
|
||||
kubectl create namespace harbor
|
||||
kubectl apply -f services/Harbor/ingressRoute-Harbor.yml
|
||||
kubectl apply -f services/Harbor/storageClass-Harbor.yml
|
||||
```
|
||||
Install Helm chart
|
||||
```
|
||||
helm repo add harbor https://helm.goharbor.io
|
||||
helm repo update
|
||||
helm install harbor harbor/harbor --namespace harbor --values=services/Harbor/chart-values.yml
|
||||
```
|
||||
|
||||
##### 4.8) [Lighttpd](https://www.lighttpd.net/) <small>(webserver)</small>
|
||||
|
|
|
|||
|
|
@ -1,42 +0,0 @@
|
|||
expose:
|
||||
ingress:
|
||||
hosts:
|
||||
core: registry.spamasaurus.com
|
||||
notary: notary.spamasaurus.com
|
||||
|
||||
externalURL: https://registry.spamasaurus.com
|
||||
|
||||
persistence:
|
||||
enabled: true
|
||||
resourcePolicy: "keep"
|
||||
persistentVolumeClaim:
|
||||
registry:
|
||||
storageClass: "harbor"
|
||||
subPath: registry
|
||||
accessMode: ReadWriteMany
|
||||
size: 5Gi
|
||||
chartmuseum:
|
||||
storageClass: "harbor"
|
||||
subPath: chartmuseum
|
||||
accessMode: ReadWriteMany
|
||||
size: 5Gi
|
||||
jobservice:
|
||||
storageClass: "harbor"
|
||||
subPath: jobservice
|
||||
accessMode: ReadWriteMany
|
||||
size: 1Gi
|
||||
database:
|
||||
storageClass: "harbor-db"
|
||||
subPath: db
|
||||
accessMode: ReadWriteMany
|
||||
size: 1Gi
|
||||
redis:
|
||||
storageClass: "harbor-db"
|
||||
subPath: redis
|
||||
accessMode: ReadWriteMany
|
||||
size: 1Gi
|
||||
trivy:
|
||||
storageClass: "harbor"
|
||||
subPath: trivy
|
||||
accessMode: ReadWriteMany
|
||||
size: 1Gi
|
||||
|
|
@ -1,8 +1,27 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: harbor
|
||||
spec:
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Endpoints
|
||||
metadata:
|
||||
name: harbor
|
||||
subsets:
|
||||
- addresses:
|
||||
- ip: 192.168.11.249
|
||||
ports:
|
||||
- port: 80
|
||||
---
|
||||
apiVersion: traefik.containo.us/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: harbor
|
||||
namespace: harbor
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
|
|
@ -10,24 +29,22 @@ spec:
|
|||
- match: Host(`registry.spamasaurus.com`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: harbor-harbor-portal
|
||||
namespace: harbor
|
||||
- name: harbor
|
||||
port: 80
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- match: Host(`registry.spamasaurus.com`) && PathPrefix(`/api/`, `/service/`, `/v2/`, `/chartrepo/`, `/c/`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: harbor-harbor-core
|
||||
namespace: harbor
|
||||
port: 80
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- match: Host(`notary.spamasaurus.com`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: harbor-harbor-notary-server
|
||||
namespace: harbor
|
||||
port: 4443
|
||||
middlewares:
|
||||
- name: security-headers@file
|
||||
- name: compression@file
|
||||
# - match: Host(`registry.spamasaurus.com`) && PathPrefix(`/api/`, `/service/`, `/v2/`, `/chartrepo/`, `/c/`)
|
||||
# kind: Rule
|
||||
# services:
|
||||
# - name: harbor-harbor-core
|
||||
# port: 80
|
||||
# middlewares:
|
||||
# - name: security-headers@file
|
||||
# - match: Host(`notary.spamasaurus.com`)
|
||||
# kind: Rule
|
||||
# services:
|
||||
# - name: harbor-harbor-notary-server
|
||||
# port: 4443
|
||||
# middlewares:
|
||||
# - name: security-headers@file
|
||||
|
|
|
|||
|
|
@ -1,35 +0,0 @@
|
|||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: harbor
|
||||
provisioner: smb.csi.k8s.io
|
||||
parameters:
|
||||
source: "//192.168.11.225/K3s.StorageClass/harbor"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "smb-credentials"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "default"
|
||||
createSubDir: "false" # optional: create a sub dir for new volume
|
||||
reclaimPolicy: Retain # only retain is supported
|
||||
volumeBindingMode: Immediate
|
||||
mountOptions:
|
||||
- dir_mode=0777
|
||||
- file_mode=0777
|
||||
- uid=10000
|
||||
- gid=10000
|
||||
---
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: StorageClass
|
||||
metadata:
|
||||
name: harbor-db
|
||||
provisioner: smb.csi.k8s.io
|
||||
parameters:
|
||||
source: "//192.168.11.225/K3s.StorageClass/harbor-db"
|
||||
csi.storage.k8s.io/node-stage-secret-name: "smb-credentials"
|
||||
csi.storage.k8s.io/node-stage-secret-namespace: "default"
|
||||
createSubDir: "false" # optional: create a sub dir for new volume
|
||||
reclaimPolicy: Retain # only retain is supported
|
||||
volumeBindingMode: Immediate
|
||||
mountOptions:
|
||||
- dir_mode=0700
|
||||
- file_mode=0700
|
||||
- uid=999
|
||||
- gid=999
|
||||
Loading…
Reference in New Issue