Helm/Harbor
|
Helm » Repo » Manage |
|---|
helm repo add harbor https://helm.goharbor.io
helm repo update && helm repo list
|
Helm » K8s » Config
|
Helm » K8s » Config | |
|---|---|
export KUBECONFIG=${HOME}/.kube/eks-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/gke-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/lke-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-aa-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ab-kubeconfig.yaml
export KUBECONFIG=${HOME}/.kube/shahed-ac-kubeconfig.yaml
|
export KUBECONFIG=${HOME}/.kube/shahed-ae-kubeconfig.yaml
kubectl config get-contexts
kubectl config view
| |
Helm » K8s » Storage
|
Helm » K8s » Storage | |
|---|---|
cat <<'EXE'| sudo bash
mkdir -p /var/minikube/pvc/harbor/data-harbor-0/{database,jobservice,redis,registry,trivy}
chown -R 10000:10000 /var/minikube/pvc/harbor/data-harbor-0/{jobservice,registry,trivy}/
chown -R 999:999 /var/minikube/pvc/harbor/data-harbor-0/{database,redis}/
chmod -R 750 /var/minikube/pvc/harbor/
EXE
| |
cat <<'YML'| kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-data-harbor-0
spec:
capacity:
storage: 50Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath
hostPath:
path: /var/hostpath_pv/harbor/data-harbor-0
type: DirectoryOrCreate
YML
|
|
Helm » Harbor » Database
|
Helm » Harbor » Database |
|---|
ssh -qt shahed@shahed-ae.local.or.tunnel.ip bash
echo -n 'Password: ';read -s HARBOR_PASSWORD;export HARBOR_PASSWORD;echo
# Password: sadaqah!
cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE shahed_harbor_registry'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'shahed_harbor_registry')\gexec
CREATE USER shahed_harbor WITH ENCRYPTED PASSWORD '${HARBOR_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE shahed_harbor_registry TO shahed_harbor;
ALTER DATABASE shahed_harbor_registry OWNER TO shahed_harbor;
DDL
|
echo -n 'Password: ';read -s PGBOUNCER_PASSWORD;export PGBOUNCER_PASSWORD;echo
# Password: sadaqah!
cat << DDL | sudo -i -u postgres psql
\! printf '\n'
SELECT 'CREATE DATABASE bouncer'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'bouncer')\gexec
CREATE USER bouncer WITH ENCRYPTED PASSWORD '${PGBOUNCER_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE bouncer TO bouncer;
ALTER DATABASE bouncer OWNER TO bouncer;
DDL
echo -n 'Password: ';read -s PGPASSWORD; export PGPASSWORD; echo
# Password: sadaqah!
psql -U shahed_harbor -d shahed_harbor_registry -p 5432 -h 192.168.49.103
psql -U shahed_harbor -d shahed_harbor_registry -p 5432 -h localhost
psql -U bouncer -d bouncer -p 5432 -h 192.168.49.103
psql -U bouncer -d bouncer -p 5432 -h localhost
|
Helm » Install
|
Helm » Install | |
|---|---|
helm show values harbor/harbor --version=1.17.0|less
helm show values harbor/harbor --version=1.17.1|less
|
kubectl create ns harbor
kubectl get ns|grep harbor
|
cat <<ENV | kubectl -n harbor create secret generic harbor-admin --from-env-file=/dev/stdin
password=sadaqah!
ENV
cat <<ENV | kubectl -n harbor create secret generic harbor-database --from-env-file=/dev/stdin
password=sadaqah!
ENV
| |
cat <<'YML'| kubectl apply -n harbor -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-harbor-0
namespace: harbor
labels:
app.kubernetes.io/name: harbor
app.kubernetes.io/version: 1.0.0
app.kubernetes.io/instance: harbor
app.kubernetes.io/managed-by: kubectl
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: hostpath
volumeName: harbor-data-harbor-0
YML
|
Find More 👉 Storage » Class » Hostpath Find More 👉 Storage » Persistent Volume |
cat <<YML | helm -n harbor install harbor harbor/harbor --version=1.17.1 -f -
---
expose:
type: ingress
tls:
enabled: false
ingress:
enabled: true
className: nginx
hosts:
core: harbor.shahed.biz
externalURL: https://harbor.shahed.biz
existingSecretAdminPassword: harbor-admin
existingSecretAdminPasswordKey: password
persistence:
enabled: true
storageClass: hostpath
persistentVolumeClaim:
registry:
size: 7Gi
subPath: registry
accessMode: ReadWriteOnce
existingClaim: data-harbor-0
jobservice:
jobLog:
size: 1Gi
subPath: jobservice
accessMode: ReadWriteOnce
existingClaim: data-harbor-0
redis:
size: 1G
subPath: redis
accessMode: ReadWriteOnce
existingClaim: data-harbor-0
trivy:
size: 1G
subPath: trivy
accessMode: ReadWriteOnce
existingClaim: data-harbor-0
database:
type: external
external:
port: 5432
maxIdleConns: 5
maxOpenConns: 10
sslmode: disable
username: shahed_harbor
host: pgbouncer.pgbouncer
existingSecret: harbor-database
coreDatabase: shahed_harbor_registry
core:
resources:
limits:
cpu: 300m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
registry:
controller:
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 100m
memory: 256Mi
registry:
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 100m
memory: 256Mi
upload_purging:
enabled: true
interval: 24h
dryrun: false
age: 168h
jobservice:
resources:
limits:
cpu: 300m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
redis:
internal:
resources:
limits:
cpu: 150m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
trivy:
resources:
limits:
cpu: 300m
memory: 512Mi
requests:
cpu: 100m
memory: 256Mi
skipJavaDBUpdate: false
ignoreUnfixed: false
securityCheck: vuln
offlineScan: false
skipUpdate: false
insecure: false
enabled: true
portal:
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
cache:
enabled: false
expireHours: 24
YML
| |
Helm » K8s » Verify
|
K8s » Verify | |
|---|---|
xdg-open https://www.cdn77.com/tls-test/result?domain=harbor.shahed.biz
xdg-open https://harbor.shahed.biz
| |
kubectl -n harbor logs -f svc/harbor-jobservice
kubectl -n harbor logs -f svc/harbor-registry
kubectl -n harbor logs -f svc/harbor-trivy
kubectl -n harbor logs -f svc/harbor-core
|
---
Page: https://harbor.shahed.biz
user: tool.tech@shahed.biz
pass: sadaqah!
|
jq -r '.auths."harbor.shahed.biz".auth' ~/.docker/config.json|base64 --decode && echo
docker login harbor.shahed.biz -u admin
docker login harbor.shahed.biz
docker tag nginx:1.27-alpine-slim harbor.shahed.biz/library/nginx:1.27-alpine-slim
docker push harbor.shahed.biz/library/nginx:1.27-alpine-slim
docker tag nginx:alpine harbor.shahed.biz/library/nginx:alpine
docker push harbor.shahed.biz/library/nginx:alpine
docker tag nginx:1.27 harbor.shahed.biz/library/nginx:1.27
docker push harbor.shahed.biz/library/nginx:1.27
| |
Helm » Uninstall
|
Helm » Uninstall | |
|---|---|
helm uninstall harbor -n harbor
kubectl delete pvc --all -n harbor
kubectl delete pv harbor-data-harbor-0
|
kubectl delete deploy --all -n harbor
kubectl delete all --all -n harbor
kubectl delete namespace harbor
|
Playground
|
Playground | |
|---|---|
helm -n harbor install harbor harbor/harbor --version=1.17.0
helm -n harbor upgrade -i harbor harbor/harbor --version=1.17.1
helm show values harbor/harbor --version=1.17.1|less
kubectl -n harbor get secret harbor-database -o json|jq -r '.data.password'|base64 -d;echo
kubectl -n harbor get secret harbor-admin -o json|jq -r '.data.password'|base64 -d;echo
kubectl -n harbor exec -it svc/harbor-jobservice -- id
kubectl -n harbor exec -it svc/harbor-registry -- id
kubectl -n harbor exec -it svc/harbor-portal -- id
kubectl -n harbor exec -it svc/harbor-trivy -- id
kubectl -n harbor exec -it svc/harbor-core -- id
kubectl -n harbor exec -it svc/harbor-redis -- id
kubectl -n harbor logs -f svc/harbor-jobservice
kubectl -n harbor logs -f svc/harbor-trivy
kubectl -n harbor logs -f svc/harbor-core
| |
kubectl -n harbor delete all --all
kubectl -n harbor delete ing --all
kubectl -n harbor delete sts --all
|
kubectl delete pv harbor-data-harbor-0
kubectl -n harbor delete svc --all
kubectl -n harbor delete pvc --all
|
kubectl -n harbor rollout history sts harbor-core
kubectl -n harbor rollout restart sts harbor-core
kubectl -n harbor rollout status sts harbor-core
|
kubectl -n harbor logs -f svc/harbor-registry
kubectl -n harbor logs -f svc/harbor-portal
kubectl -n harbor logs -f svc/harbor-redis
|
References
|
References | ||
|---|---|---|