Helm/Harbor: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
Line 47: Line 47:
cat <<'EXE'| sudo bash
cat <<'EXE'| sudo bash
             mkdir -p /var/minikube/pvc/harbor/data-harbor-0/
             mkdir -p /var/minikube/pvc/harbor/data-harbor-0/
   chown -R 1000:1000 /var/minikube/pvc/harbor/
   chown -R root:root /var/minikube/pvc/harbor/
# chown -R 1000:3000 /var/minikube/pvc/harbor/
# chown -R 1000:1000 /var/minikube/pvc/harbor/
EXE
EXE
</syntaxhighlight>
</syntaxhighlight>

Revision as of 05:57, 12 July 2025

Helm » Repo » Manage 

helm repo add harbor https://helm.goharbor.io
helm repo update && helm repo list

Helm » K8s » Config

Helm » K8s » Config 

export KUBECONFIG=${HOME}/.kube/eks-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gke-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/lke-kubeconfig.yaml

export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml

export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl config view

Helm » K8s » Storage

Helm » K8s » Storage 

cat <<'EXE'| sudo bash
            mkdir -p /var/minikube/pvc/harbor/data-harbor-0/
  chown -R root:root /var/minikube/pvc/harbor/
# chown -R 1000:1000 /var/minikube/pvc/harbor/
EXE

cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: harbor-data-harbor-0
spec:
  capacity:
    storage: 50Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: hostpath
  hostPath:
    path: /var/hostpath_pv/harbor/data-harbor-0
    type: DirectoryOrCreate
YML

Helm » Harbor » Database

Helm » Harbor » Database 

ssh -qt shahed@shahed-ae.local.or.tunnel.ip bash
echo -n 'Password: ';read -s HARBOR_PASSWORD;export HARBOR_PASSWORD;echo
# Password: sadaqah!

cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE shahed_harbor_registry' 
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'shahed_harbor_registry')\gexec
CREATE USER shahed_harbor WITH ENCRYPTED PASSWORD   '${HARBOR_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE shahed_harbor_registry TO shahed_harbor;
ALTER DATABASE shahed_harbor_registry OWNER TO shahed_harbor;
DDL

echo -n 'Password: ';read -s PGBOUNCER_PASSWORD;export PGBOUNCER_PASSWORD;echo
# Password: sadaqah!

cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE bouncer' 
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'bouncer')\gexec
CREATE USER bouncer WITH ENCRYPTED PASSWORD '${PGBOUNCER_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE bouncer TO bouncer;
ALTER DATABASE bouncer OWNER TO bouncer;
DDL

echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!

psql -U shahed_harbor -d shahed_harbor_registry -p 5432 -h 192.168.49.103
psql -U shahed_harbor -d shahed_harbor_registry -p 5432 -h localhost
psql -U bouncer       -d bouncer                -p 5432 -h 192.168.49.103
psql -U bouncer       -d bouncer                -p 5432 -h localhost

Helm » Install

Helm » Install 

helm show values harbor/harbor --version=1.17.0|less
helm show values harbor/harbor --version=1.17.1|less

kubectl create ns   harbor
kubectl get ns|grep harbor

cat <<ENV | kubectl -n harbor create secret generic harbor-admin --from-env-file=/dev/stdin
password=sadaqah!
ENV

cat <<ENV | kubectl -n harbor create secret generic harbor-database --from-env-file=/dev/stdin
password=sadaqah!
ENV

cat <<'YML'| kubectl apply -n harbor -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: data-harbor-0
  namespace: harbor
  labels:
    app.kubernetes.io/name: harbor
    app.kubernetes.io/version: 1.0.0
    app.kubernetes.io/instance: harbor
    app.kubernetes.io/managed-by: kubectl
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
  storageClassName: hostpath
  volumeName: harbor-data-harbor-0
YML

Find More 👉 Storage » Mount

Find More 👉 Storage » Class » Hostpath

Find More 👉 Storage » Persistent Volume 

cat <<YML | helm -n harbor install    harbor harbor/harbor --version=1.17.1 -f -
---
expose:
  type: ingress
  tls:
    enabled: false
  ingress:
    enabled: true
    className: nginx
    hosts:
      core: harbor.shahed.biz
externalURL: https://harbor.shahed.biz
existingSecretAdminPassword: harbor-admin
existingSecretAdminPasswordKey: password
persistence:
  enabled: true
  storageClass: hostpath
  persistentVolumeClaim:
    registry:
      size: 5Gi
      subPath: registry
      accessMode: ReadWriteOnce
      existingClaim: data-harbor-0
    jobservice:
      jobLog:
        size: 1Gi
        subPath: jobservice
        accessMode: ReadWriteOnce
        existingClaim: data-harbor-0
    redis:
      size: 1G
      subPath: redis
      accessMode: ReadWriteOnce
      existingClaim: data-harbor-0
    trivy:
      size: 1G
      subPath: trivy
      accessMode: ReadWriteOnce
      existingClaim: data-harbor-0
database:
  type: external
  external:
    port: 5432
    maxIdleConns: 5
    maxOpenConns: 10
    sslmode: disable
    username: shahed_harbor
    host: pgbouncer.pgbouncer
    existingSecret: harbor-database
    coreDatabase: shahed_harbor_registry
cache:
  enabled: false
  expireHours: 24
YML

Helm » Uninstall

Helm » Uninstall 

helm uninstall        harbor -n harbor
kubectl delete pvc    --all  -n harbor
kubectl delete pv     harbor-data-harbor-0

kubectl delete deploy --all  -n harbor
kubectl delete all    --all  -n harbor
kubectl delete namespace        harbor

Playground

Playground 

helm -n harbor install    harbor harbor/harbor --version=1.17.0
helm -n harbor upgrade -i harbor harbor/harbor --version=1.17.1
helm show values harbor/harbor --version=1.17.1|less

kubectl -n harbor get secret harbor-database -o json|jq -r '.data.password'|base64 -d;echo
kubectl -n harbor get secret harbor-admin    -o json|jq -r '.data.password'|base64 -d;echo

kubectl -n harbor exec -it svc/harbor-jobservice -c harbor-jobservice -- bash
kubectl -n harbor exec -it svc/harbor-trivy      -c harbor-trivy      -- bash
kubectl -n harbor exec -it svc/harbor-core       -c harbor-core       -- bash

kubectl -n harbor logs -f  svc/harbor-jobservice -c harbor-jobservice
kubectl -n harbor logs -f  svc/harbor-trivy      -c harbor-trivy
kubectl -n harbor logs -f  svc/harbor-core       -c harbor-core

kubectl -n harbor exec -it svc/harbor-registry   -- bash
kubectl -n harbor exec -it svc/harbor-portal     -- bash
kubectl -n harbor exec -it svc/harbor-redis      -- bash

kubectl -n harbor delete all --all
kubectl -n harbor delete ing --all
kubectl -n harbor delete sts --all

kubectl    delete  pv harbor-data-harbor-0
kubectl -n harbor delete svc --all
kubectl -n harbor delete pvc --all

kubectl -n harbor rollout history sts harbor-core
kubectl -n harbor rollout restart sts harbor-core
kubectl -n harbor rollout status  sts harbor-core

kubectl -n harbor logs -f svc/harbor-registry
kubectl -n harbor logs -f svc/harbor-portal
kubectl -n harbor logs -f svc/harbor-redis

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Helm/Harbor&oldid=15397"