djpbessems/Kubernetes.K3s.installLog
djpbessems
/
Kubernetes.K3s.installLog
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Redeployed Harbor as external instance

This commit is contained in:
Danny Bessems 2020-12-01 23:04:34 +01:00
parent 37e819d73e
commit 2e3e066d68
4 changed files with 38 additions and 105 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -246,17 +246,10 @@ kubectl exec -i guacamole-<pod-id> --container mysql -- mysql -uguacamole -pguac
kubectl rollout restart deployment guacamole kubectl rollout restart deployment guacamole
``` ```
##### 4.7) [Harbor](https://goharbor.io/) <small>(container image registry)</small> ##### 4.7) [Harbor](https://goharbor.io/) <small>(container image registry)</small>
Create `ingressRoute` and `storageClass` *Running externally; refer to [Ansible.Harbor](https://code.spamasaurus.com/djpbessems/Ansible.Harbor/src/branch/master)-repository for actual setup*
Create `Endpoint`, `service` and `ingressRoute`
``` ```
kubectl create namespace harbor
kubectl apply -f services/Harbor/ingressRoute-Harbor.yml kubectl apply -f services/Harbor/ingressRoute-Harbor.yml
kubectl apply -f services/Harbor/storageClass-Harbor.yml
```
Install Helm chart
```
helm repo add harbor https://helm.goharbor.io
helm repo update
helm install harbor harbor/harbor --namespace harbor --values=services/Harbor/chart-values.yml
``` ```
##### 4.8) [Lighttpd](https://www.lighttpd.net/) <small>(webserver)</small> ##### 4.8) [Lighttpd](https://www.lighttpd.net/) <small>(webserver)</small>

42
services/Harbor/chart-values.yml
View File

@ -1,42 +0,0 @@
expose:
ingress:
hosts:
core: registry.spamasaurus.com
notary: notary.spamasaurus.com
externalURL: https://registry.spamasaurus.com
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: "harbor"
subPath: registry
accessMode: ReadWriteMany
size: 5Gi
chartmuseum:
storageClass: "harbor"
subPath: chartmuseum
accessMode: ReadWriteMany
size: 5Gi
jobservice:
storageClass: "harbor"
subPath: jobservice
accessMode: ReadWriteMany
size: 1Gi
database:
storageClass: "harbor-db"
subPath: db
accessMode: ReadWriteMany
size: 1Gi
redis:
storageClass: "harbor-db"
subPath: redis
accessMode: ReadWriteMany
size: 1Gi
trivy:
storageClass: "harbor"
subPath: trivy
accessMode: ReadWriteMany
size: 1Gi

55
services/Harbor/ingressRoute-Harbor.yml
View File

@ -1,8 +1,27 @@
apiVersion: v1
kind: Service
metadata:
name: harbor
spec:
ports:
- protocol: TCP
port: 80
targetPort: 80
---
apiVersion: v1
kind: Endpoints
metadata:
name: harbor
subsets:
- addresses:
- ip: 192.168.11.249
ports:
- port: 80
---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute kind: IngressRoute
metadata: metadata:
name: harbor name: harbor
namespace: harbor
spec: spec:
entryPoints: entryPoints:
- websecure - websecure
@ -10,24 +29,22 @@ spec:
- match: Host(`registry.spamasaurus.com`) - match: Host(`registry.spamasaurus.com`)
kind: Rule kind: Rule
services: services:
- name: harbor-harbor-portal - name: harbor
namespace: harbor
port: 80 port: 80
middlewares: middlewares:
- name: security-headers@file - name: security-headers@file
- match: Host(`registry.spamasaurus.com`) && PathPrefix(`/api/`, `/service/`, `/v2/`, `/chartrepo/`, `/c/`) - name: compression@file
kind: Rule # - match: Host(`registry.spamasaurus.com`) && PathPrefix(`/api/`, `/service/`, `/v2/`, `/chartrepo/`, `/c/`)
services: # kind: Rule
- name: harbor-harbor-core # services:
namespace: harbor # - name: harbor-harbor-core
port: 80 # port: 80
middlewares: # middlewares:
- name: security-headers@file # - name: security-headers@file
- match: Host(`notary.spamasaurus.com`) # - match: Host(`notary.spamasaurus.com`)
kind: Rule # kind: Rule
services: # services:
- name: harbor-harbor-notary-server # - name: harbor-harbor-notary-server
namespace: harbor # port: 4443
port: 4443 # middlewares:
middlewares: # - name: security-headers@file
- name: security-headers@file

35
services/Harbor/storageClass-Harbor.yml
View File

@ -1,35 +0,0 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: harbor
provisioner: smb.csi.k8s.io
parameters:
source: "//192.168.11.225/K3s.StorageClass/harbor"
csi.storage.k8s.io/node-stage-secret-name: "smb-credentials"
csi.storage.k8s.io/node-stage-secret-namespace: "default"
createSubDir: "false" # optional: create a sub dir for new volume
reclaimPolicy: Retain # only retain is supported
volumeBindingMode: Immediate
mountOptions:
- dir_mode=0777
- file_mode=0777
- uid=10000
- gid=10000
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: harbor-db
provisioner: smb.csi.k8s.io
parameters:
source: "//192.168.11.225/K3s.StorageClass/harbor-db"
csi.storage.k8s.io/node-stage-secret-name: "smb-credentials"
csi.storage.k8s.io/node-stage-secret-namespace: "default"
createSubDir: "false" # optional: create a sub dir for new volume
reclaimPolicy: Retain # only retain is supported
volumeBindingMode: Immediate
mountOptions:
- dir_mode=0700
- file_mode=0700
- uid=999
- gid=999