From 2e3e066d6839fa499d4d02cb5f83d55495ba631e Mon Sep 17 00:00:00 2001 From: djpbessems Date: Tue, 1 Dec 2020 23:04:34 +0100 Subject: [PATCH] Redeployed Harbor as external instance --- README.md | 11 +---- services/Harbor/chart-values.yml | 42 ------------------- services/Harbor/ingressRoute-Harbor.yml | 55 ++++++++++++++++--------- services/Harbor/storageClass-Harbor.yml | 35 ---------------- 4 files changed, 38 insertions(+), 105 deletions(-) delete mode 100644 services/Harbor/chart-values.yml delete mode 100644 services/Harbor/storageClass-Harbor.yml diff --git a/README.md b/README.md index 7270dd2..dd1dfe1 100644 --- a/README.md +++ b/README.md @@ -246,17 +246,10 @@ kubectl exec -i guacamole- --container mysql -- mysql -uguacamole -pguac kubectl rollout restart deployment guacamole ``` ##### 4.7) [Harbor](https://goharbor.io/) (container image registry) -Create `ingressRoute` and `storageClass` +*Running externally; refer to [Ansible.Harbor](https://code.spamasaurus.com/djpbessems/Ansible.Harbor/src/branch/master)-repository for actual setup* +Create `Endpoint`, `service` and `ingressRoute` ``` -kubectl create namespace harbor kubectl apply -f services/Harbor/ingressRoute-Harbor.yml -kubectl apply -f services/Harbor/storageClass-Harbor.yml -``` -Install Helm chart -``` -helm repo add harbor https://helm.goharbor.io -helm repo update -helm install harbor harbor/harbor --namespace harbor --values=services/Harbor/chart-values.yml ``` ##### 4.8) [Lighttpd](https://www.lighttpd.net/) (webserver) diff --git a/services/Harbor/chart-values.yml b/services/Harbor/chart-values.yml deleted file mode 100644 index a6e2769..0000000 --- a/services/Harbor/chart-values.yml +++ /dev/null @@ -1,42 +0,0 @@ -expose: - ingress: - hosts: - core: registry.spamasaurus.com - notary: notary.spamasaurus.com - -externalURL: https://registry.spamasaurus.com - -persistence: - enabled: true - resourcePolicy: "keep" - persistentVolumeClaim: - registry: - storageClass: "harbor" - subPath: registry - accessMode: ReadWriteMany - size: 5Gi - chartmuseum: - storageClass: "harbor" - subPath: chartmuseum - accessMode: ReadWriteMany - size: 5Gi - jobservice: - storageClass: "harbor" - subPath: jobservice - accessMode: ReadWriteMany - size: 1Gi - database: - storageClass: "harbor-db" - subPath: db - accessMode: ReadWriteMany - size: 1Gi - redis: - storageClass: "harbor-db" - subPath: redis - accessMode: ReadWriteMany - size: 1Gi - trivy: - storageClass: "harbor" - subPath: trivy - accessMode: ReadWriteMany - size: 1Gi diff --git a/services/Harbor/ingressRoute-Harbor.yml b/services/Harbor/ingressRoute-Harbor.yml index f41e4a4..9e28ae0 100644 --- a/services/Harbor/ingressRoute-Harbor.yml +++ b/services/Harbor/ingressRoute-Harbor.yml @@ -1,8 +1,27 @@ +apiVersion: v1 +kind: Service +metadata: + name: harbor +spec: + ports: + - protocol: TCP + port: 80 + targetPort: 80 +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: harbor +subsets: + - addresses: + - ip: 192.168.11.249 + ports: + - port: 80 +--- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: harbor - namespace: harbor spec: entryPoints: - websecure @@ -10,24 +29,22 @@ spec: - match: Host(`registry.spamasaurus.com`) kind: Rule services: - - name: harbor-harbor-portal - namespace: harbor + - name: harbor port: 80 middlewares: - name: security-headers@file - - match: Host(`registry.spamasaurus.com`) && PathPrefix(`/api/`, `/service/`, `/v2/`, `/chartrepo/`, `/c/`) - kind: Rule - services: - - name: harbor-harbor-core - namespace: harbor - port: 80 - middlewares: - - name: security-headers@file - - match: Host(`notary.spamasaurus.com`) - kind: Rule - services: - - name: harbor-harbor-notary-server - namespace: harbor - port: 4443 - middlewares: - - name: security-headers@file + - name: compression@file +# - match: Host(`registry.spamasaurus.com`) && PathPrefix(`/api/`, `/service/`, `/v2/`, `/chartrepo/`, `/c/`) +# kind: Rule +# services: +# - name: harbor-harbor-core +# port: 80 +# middlewares: +# - name: security-headers@file +# - match: Host(`notary.spamasaurus.com`) +# kind: Rule +# services: +# - name: harbor-harbor-notary-server +# port: 4443 +# middlewares: +# - name: security-headers@file diff --git a/services/Harbor/storageClass-Harbor.yml b/services/Harbor/storageClass-Harbor.yml deleted file mode 100644 index 6b916cb..0000000 --- a/services/Harbor/storageClass-Harbor.yml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: harbor -provisioner: smb.csi.k8s.io -parameters: - source: "//192.168.11.225/K3s.StorageClass/harbor" - csi.storage.k8s.io/node-stage-secret-name: "smb-credentials" - csi.storage.k8s.io/node-stage-secret-namespace: "default" - createSubDir: "false" # optional: create a sub dir for new volume -reclaimPolicy: Retain # only retain is supported -volumeBindingMode: Immediate -mountOptions: - - dir_mode=0777 - - file_mode=0777 - - uid=10000 - - gid=10000 ---- -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: harbor-db -provisioner: smb.csi.k8s.io -parameters: - source: "//192.168.11.225/K3s.StorageClass/harbor-db" - csi.storage.k8s.io/node-stage-secret-name: "smb-credentials" - csi.storage.k8s.io/node-stage-secret-namespace: "default" - createSubDir: "false" # optional: create a sub dir for new volume -reclaimPolicy: Retain # only retain is supported -volumeBindingMode: Immediate -mountOptions: - - dir_mode=0700 - - file_mode=0700 - - uid=999 - - gid=999