Helm/Harbor: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(19 intermediate revisions by the same user not shown)
Line 46: Line 46:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
cat <<'EXE'| sudo bash
cat <<'EXE'| sudo bash
          mkdir -p /var/minikube/pvc/harbor/data-harbor-0/{registry,jobservice,redis,trivy}
  mkdir -p             /var/minikube/pvc/harbor/data-harbor-0/{database,jobservice,redis,registry,trivy}
   chown -R 10000:10000 /var/minikube/pvc/harbor/
   chown -R 10000:10000 /var/minikube/pvc/harbor/data-harbor-0/{jobservice,registry,trivy}/
# chown -R 10000:30000 /var/minikube/pvc/harbor/
  chown -R   999:999  /var/minikube/pvc/harbor/data-harbor-0/{database,redis}/
   chmod -R 750         /var/minikube/pvc/harbor/
   chmod -R   750       /var/minikube/pvc/harbor/
EXE
EXE
</syntaxhighlight>
</syntaxhighlight>
Line 213: Line 213:
existingSecretAdminPassword: harbor-admin
existingSecretAdminPassword: harbor-admin
existingSecretAdminPasswordKey: password
existingSecretAdminPasswordKey: password
persistence:
persistence:
   enabled: true
   enabled: true
Line 218: Line 219:
   persistentVolumeClaim:
   persistentVolumeClaim:
     registry:
     registry:
       size: 5Gi
       size: 7Gi
       subPath: registry
       subPath: registry
       accessMode: ReadWriteOnce
       accessMode: ReadWriteOnce
Line 238: Line 239:
       accessMode: ReadWriteOnce
       accessMode: ReadWriteOnce
       existingClaim: data-harbor-0
       existingClaim: data-harbor-0
database:
database:
   type: external
   type: external
Line 249: Line 251:
     existingSecret: harbor-database
     existingSecret: harbor-database
     coreDatabase: shahed_harbor_registry
     coreDatabase: shahed_harbor_registry
core:
  resources:
    limits:
      cpu: 300m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi
registry:
  controller:
    resources:
      limits:
        cpu: 500m
        memory: 1Gi
      requests:
        cpu: 100m
        memory: 256Mi
  registry:
    resources:
      limits:
        cpu: 500m
        memory: 1Gi
      requests:
        cpu: 100m
        memory: 256Mi
  upload_purging:
    enabled: true
    interval: 24h
    dryrun: false
    age: 168h
jobservice:
  resources:
    limits:
      cpu: 300m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 128Mi
redis:
  internal:
    resources:
      limits:
        cpu: 150m
        memory: 256Mi
      requests:
        cpu: 50m
        memory: 128Mi
trivy:
  resources:
    limits:
      cpu: 300m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi
  skipJavaDBUpdate: false
  ignoreUnfixed: false
  securityCheck: vuln
  offlineScan: false
  skipUpdate: false
  insecure: false
  enabled: true
portal:
  resources:
    limits:
      cpu: 100m
      memory: 128Mi
    requests:
      cpu: 50m
      memory: 64Mi
cache:
cache:
   enabled: false
   enabled: false
   expireHours: 24
   expireHours: 24
YML
YML
</syntaxhighlight>
|}
==Helm » K8s » Verify==
{|class='wikitable mw-collapsible'
!scope='col' colspan='2' style='width:1000px'|
K8s » Verify
|-
|valign='top' colspan='2'|
<syntaxhighlight lang="bash">
xdg-open https://www.cdn77.com/tls-test/result?domain=harbor.shahed.biz
xdg-open https://harbor.shahed.biz
</syntaxhighlight>
|-
|valign='top' style='width:490px'|
<syntaxhighlight lang="bash">
kubectl -n harbor logs -f  svc/harbor-jobservice
kubectl -n harbor logs -f  svc/harbor-registry
kubectl -n harbor logs -f  svc/harbor-trivy
kubectl -n harbor logs -f  svc/harbor-core
</syntaxhighlight>
|valign='top' style='width:490px'|
<syntaxhighlight lang="yaml">
---
Page: https://harbor.shahed.biz
user: tool.tech@shahed.biz
pass: sadaqah!
</syntaxhighlight>
|-
|valign='top' colspan='2'|
<syntaxhighlight lang="bash">
cat ~/.docker/config.json|jq -r '.auths."harbor.shahed.biz".auth'|base64 --decode && echo
docker login harbor.shahed.biz -u admin
docker login harbor.shahed.biz
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
docker tag nginx:1.27-alpine-slim \
            harbor.shahed.biz/library/nginx:1.27-alpine-slim
docker push  harbor.shahed.biz/library/nginx:1.27-alpine-slim
docker tag nginx:alpine \
            harbor.shahed.biz/library/nginx:alpine
docker push  harbor.shahed.biz/library/nginx:alpine
docker tag nginx:1.27 \
            harbor.shahed.biz/library/nginx:1.27
docker push  harbor.shahed.biz/library/nginx:1.27
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
cat ~/.docker/config.json|yq -P
cat ~/.docker/config.json|yq -P 'del(.auths["harbor.shahed.biz"])'
cat ~/.docker/config.json|jq -r 'del(.auths["harbor.shahed.biz"])'|sponge ~/.docker/config.json
</syntaxhighlight>
</syntaxhighlight>
|}
|}
Line 292: Line 426:
kubectl -n harbor get secret harbor-admin    -o json|jq -r '.data.password'|base64 -d;echo
kubectl -n harbor get secret harbor-admin    -o json|jq -r '.data.password'|base64 -d;echo


kubectl -n harbor exec -it svc/harbor-jobservice -- bash
kubectl -n harbor exec -it svc/harbor-jobservice -- id
kubectl -n harbor exec -it svc/harbor-registry  -- bash
kubectl -n harbor exec -it svc/harbor-registry  -- id
kubectl -n harbor exec -it svc/harbor-portal    -- bash
kubectl -n harbor exec -it svc/harbor-portal    -- id
kubectl -n harbor exec -it svc/harbor-trivy      -- bash
kubectl -n harbor exec -it svc/harbor-trivy      -- id
kubectl -n harbor exec -it svc/harbor-core      -- bash
kubectl -n harbor exec -it svc/harbor-core      -- id
kubectl -n harbor exec -it svc/harbor-redis      -- bash
kubectl -n harbor exec -it svc/harbor-redis      -- id


kubectl -n harbor logs -f  svc/harbor-jobservice
kubectl -n harbor logs -f  svc/harbor-jobservice
Line 335: Line 469:


==References==
==References==
{|class='wikitable mw-collapsible mw-collapsed'
{|class='wikitable mw-collapsible mw-collapsed' style='width:100%'
!scope='col' colspan='3' style='width:1000px'|
!scope='col' colspan='3'|
References
References
|-
|-
|valign='top'|
|valign='top' style='width:34%'|
* [[Helm/Prometheus Stack|Helm » Prometheus Stack]]
* [[Helm/Prometheus Stack|Helm » Prometheus Stack]]
* [[Helm/PostgreSQL/PV|Helm » PostgreSQL » PV]]
* [[Helm/PostgreSQL/PV|Helm » PostgreSQL » PV]]
Line 345: Line 479:
* [[Helm/PgAdmin4|Helm » PgAdmin4]]
* [[Helm/PgAdmin4|Helm » PgAdmin4]]
* [https://artifacthub.io/packages/helm/harbor/harbor/ Helm » Harbor]
* [https://artifacthub.io/packages/helm/harbor/harbor/ Helm » Harbor]
* [[Helm/Pi-Hole|Helm » Pi-Hole]]
* [[Helm]]
* [[Helm]]


| valign="top" |
|valign='top' style='width:33%'|
* [[Security/Container/Cosign|Security » Container » Cosign]]
* [[Security/Container/Trivy|Security » Container » Trivy]]
* [[Security/Container/Snyk|Security » Container » Snyk]]
* [[Security/Certificate/TLS|Security » Certificate » TLS]]
* [[Helm/Sign|Security » Helm » Sign]]
* [[Security/Certificate|Security » Certificate]]


| valign="top" |
|valign='top' style='width:33%'|


|-
|-
Line 370: Line 511:
* [[Minikube MetalLB|Minikube » MetalLB]]
* [[Minikube MetalLB|Minikube » MetalLB]]
* [[Minikube Tunnel|Minikube » Tunnel]]
* [[Minikube Tunnel|Minikube » Tunnel]]
* [[Localtunnel]]
* [[Kubectl]]
* [[Kubectl]]
* [[Ansible]]
* [[CIDR]]
* [[CIDR]]
* [[Helm]]
* [[Helm]]

Latest revision as of 06:51, 22 October 2025

Helm » Repo » Manage 

helm repo add harbor https://helm.goharbor.io
helm repo update && helm repo list

Helm » K8s » Config

Helm » K8s » Config 

export KUBECONFIG=${HOME}/.kube/eks-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gke-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/lke-kubeconfig.yaml

export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml

export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl config view

Helm » K8s » Storage

Helm » K8s » Storage 

cat <<'EXE'| sudo bash
  mkdir -p             /var/minikube/pvc/harbor/data-harbor-0/{database,jobservice,redis,registry,trivy}
  chown -R 10000:10000 /var/minikube/pvc/harbor/data-harbor-0/{jobservice,registry,trivy}/
  chown -R   999:999   /var/minikube/pvc/harbor/data-harbor-0/{database,redis}/
  chmod -R   750       /var/minikube/pvc/harbor/
EXE

cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: harbor-data-harbor-0
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: hostpath
  hostPath:
    path: /var/hostpath_pv/harbor/data-harbor-0
    type: DirectoryOrCreate
YML

Helm » Harbor » Database

Helm » Harbor » Database 

ssh -qt shahed@shahed-ae.local.or.tunnel.ip bash
echo -n 'Password: ';read -s HARBOR_PASSWORD;export HARBOR_PASSWORD;echo
# Password: sadaqah!

cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE shahed_harbor_registry' 
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'shahed_harbor_registry')\gexec
CREATE USER shahed_harbor WITH ENCRYPTED PASSWORD   '${HARBOR_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE shahed_harbor_registry TO shahed_harbor;
ALTER DATABASE shahed_harbor_registry OWNER TO shahed_harbor;
DDL

echo -n 'Password: ';read -s PGBOUNCER_PASSWORD;export PGBOUNCER_PASSWORD;echo
# Password: sadaqah!

cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE bouncer' 
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'bouncer')\gexec
CREATE USER bouncer WITH ENCRYPTED PASSWORD '${PGBOUNCER_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE bouncer TO bouncer;
ALTER DATABASE bouncer OWNER TO bouncer;
DDL

echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!

psql -U shahed_harbor -d shahed_harbor_registry -p 5432 -h 192.168.49.103
psql -U shahed_harbor -d shahed_harbor_registry -p 5432 -h localhost
psql -U bouncer       -d bouncer                -p 5432 -h 192.168.49.103
psql -U bouncer       -d bouncer                -p 5432 -h localhost

Helm » Install

Helm » Install 

helm show values harbor/harbor --version=1.17.0|less
helm show values harbor/harbor --version=1.17.1|less

kubectl create ns   harbor
kubectl get ns|grep harbor

cat <<ENV | kubectl -n harbor create secret generic harbor-admin --from-env-file=/dev/stdin
password=sadaqah!
ENV

cat <<ENV | kubectl -n harbor create secret generic harbor-database --from-env-file=/dev/stdin
password=sadaqah!
ENV

cat <<'YML'| kubectl apply -n harbor -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: data-harbor-0
  namespace: harbor
  labels:
    app.kubernetes.io/name: harbor
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: harbor
    app.kubernetes.io/managed-by: kubectl
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
  storageClassName: hostpath
  volumeName: harbor-data-harbor-0
YML

Find More 👉 Storage » Mount

Find More 👉 Storage » Class » Hostpath

Find More 👉 Storage » Persistent Volume 

cat <<YML | helm -n harbor install    harbor harbor/harbor --version=1.17.1 -f -
---
expose:
  type: ingress
  tls:
    enabled: false
  ingress:
    enabled: true
    className: nginx
    hosts:
      core: harbor.shahed.biz
externalURL: https://harbor.shahed.biz
existingSecretAdminPassword: harbor-admin
existingSecretAdminPasswordKey: password

persistence:
  enabled: true
  storageClass: hostpath
  persistentVolumeClaim:
    registry:
      size: 7Gi
      subPath: registry
      accessMode: ReadWriteOnce
      existingClaim: data-harbor-0
    jobservice:
      jobLog:
        size: 1Gi
        subPath: jobservice
        accessMode: ReadWriteOnce
        existingClaim: data-harbor-0
    redis:
      size: 1G
      subPath: redis
      accessMode: ReadWriteOnce
      existingClaim: data-harbor-0
    trivy:
      size: 1G
      subPath: trivy
      accessMode: ReadWriteOnce
      existingClaim: data-harbor-0

database:
  type: external
  external:
    port: 5432
    maxIdleConns: 5
    maxOpenConns: 10
    sslmode: disable
    username: shahed_harbor
    host: pgbouncer.pgbouncer
    existingSecret: harbor-database
    coreDatabase: shahed_harbor_registry

core:
  resources:
    limits:
      cpu: 300m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi

registry:
  controller:
    resources:
      limits:
        cpu: 500m
        memory: 1Gi
      requests:
        cpu: 100m
        memory: 256Mi
  registry:
    resources:
      limits:
        cpu: 500m
        memory: 1Gi
      requests:
        cpu: 100m
        memory: 256Mi
  upload_purging:
    enabled: true
    interval: 24h
    dryrun: false
    age: 168h

jobservice:
  resources:
    limits:
      cpu: 300m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 128Mi

redis:
  internal:
    resources:
      limits:
        cpu: 150m
        memory: 256Mi
      requests:
        cpu: 50m
        memory: 128Mi

trivy:
  resources:
    limits:
      cpu: 300m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi
  skipJavaDBUpdate: false
  ignoreUnfixed: false
  securityCheck: vuln
  offlineScan: false
  skipUpdate: false
  insecure: false
  enabled: true

portal:
  resources:
    limits:
      cpu: 100m
      memory: 128Mi
    requests:
      cpu: 50m
      memory: 64Mi

cache:
  enabled: false
  expireHours: 24
YML

Helm » K8s » Verify

K8s » Verify 

xdg-open https://www.cdn77.com/tls-test/result?domain=harbor.shahed.biz
xdg-open https://harbor.shahed.biz

kubectl -n harbor logs -f  svc/harbor-jobservice
kubectl -n harbor logs -f  svc/harbor-registry
kubectl -n harbor logs -f  svc/harbor-trivy
kubectl -n harbor logs -f  svc/harbor-core

---
Page: https://harbor.shahed.biz
user: tool.tech@shahed.biz
pass: sadaqah!

cat ~/.docker/config.json|jq -r '.auths."harbor.shahed.biz".auth'|base64 --decode && echo
docker login harbor.shahed.biz -u admin
docker login harbor.shahed.biz

docker tag nginx:1.27-alpine-slim \
             harbor.shahed.biz/library/nginx:1.27-alpine-slim
docker push  harbor.shahed.biz/library/nginx:1.27-alpine-slim

docker tag nginx:alpine \
             harbor.shahed.biz/library/nginx:alpine
docker push  harbor.shahed.biz/library/nginx:alpine

docker tag nginx:1.27 \
             harbor.shahed.biz/library/nginx:1.27
docker push  harbor.shahed.biz/library/nginx:1.27

cat ~/.docker/config.json|yq -P
cat ~/.docker/config.json|yq -P 'del(.auths["harbor.shahed.biz"])'
cat ~/.docker/config.json|jq -r 'del(.auths["harbor.shahed.biz"])'|sponge ~/.docker/config.json

Helm » Uninstall

Helm » Uninstall 

helm uninstall        harbor -n harbor
kubectl delete pvc    --all  -n harbor
kubectl delete pv     harbor-data-harbor-0

kubectl delete deploy --all  -n harbor
kubectl delete all    --all  -n harbor
kubectl delete namespace        harbor

Playground

Playground 

helm -n harbor install    harbor harbor/harbor --version=1.17.0
helm -n harbor upgrade -i harbor harbor/harbor --version=1.17.1
helm show values harbor/harbor --version=1.17.1|less

kubectl -n harbor get secret harbor-database -o json|jq -r '.data.password'|base64 -d;echo
kubectl -n harbor get secret harbor-admin    -o json|jq -r '.data.password'|base64 -d;echo

kubectl -n harbor exec -it svc/harbor-jobservice -- id
kubectl -n harbor exec -it svc/harbor-registry   -- id
kubectl -n harbor exec -it svc/harbor-portal     -- id
kubectl -n harbor exec -it svc/harbor-trivy      -- id
kubectl -n harbor exec -it svc/harbor-core       -- id
kubectl -n harbor exec -it svc/harbor-redis      -- id

kubectl -n harbor logs -f  svc/harbor-jobservice
kubectl -n harbor logs -f  svc/harbor-trivy
kubectl -n harbor logs -f  svc/harbor-core

kubectl -n harbor delete all --all
kubectl -n harbor delete ing --all
kubectl -n harbor delete sts --all

kubectl    delete  pv harbor-data-harbor-0
kubectl -n harbor delete svc --all
kubectl -n harbor delete pvc --all

kubectl -n harbor rollout history sts harbor-core
kubectl -n harbor rollout restart sts harbor-core
kubectl -n harbor rollout status  sts harbor-core

kubectl -n harbor logs -f svc/harbor-registry
kubectl -n harbor logs -f svc/harbor-portal
kubectl -n harbor logs -f svc/harbor-redis

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Helm/Harbor&oldid=15736"