Steps and Configuration for Deploying Harbor on Kubernetes
Preparation Steps
This example will deploy Harbor using Helm, with PostgreSql and Redis as the database and cache respectively. The dashboard will be proxied using Traefik for reverse proxying, therefore Helm, PostgreSql, Redis, and Traefik need to be installed beforehand.
If not installed yet, please refer to the following links for installation:
Installing HELM on Debian OS
Configuring PostgreSql Database in Kubernetes
Configuring Redis Database in Kubernetes
Steps and Configuration for Deploying Traefik on Kubernetes
# Add Harbor Helm Chart repository.
helm repo add harbor https://helm.goharbor.io
# Download Harbor Helm Chart.
helm fetch harbor/harbor --untar
# Create the harbor namespace.
kubectl create namespace harbor
After creating tables harbor_core and registry in PostgreSql, navigate to the harbor directory and create relevant configuration files.
# storage.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: harbor
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Retain
# volume.yaml
# <path> is the path where the data is stored.
# Example: path: "/mnt/disks/data/harbor"
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor
labels:
app: k8s-cluster-harbor
spec:
storageClassName: harbor
capacity:
storage: 100Gi
accessModes:
- ReadWriteMany
hostPath:
path: <path>
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor
namespace: harbor
labels:
app: harbor
spec:
storageClassName: harbor
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi
kubectl apply -f storage.yaml
kubectl apply -f volume.yaml
# Creating folders.
# <path> is the path where the data is stored.
# 例如:/mnt/disks/data/harbor
mkdir -p <path>/trivy/trivy <path>/trivy/reports
# Modify folder permissions.
# <path> is the path where the data is stored.
# 例如:/mnt/disks/data/harbor
sudo chmod 777 <path> <path>/trivy/trivy <path>/trivy/reports
Deploy Harbor
# Modify values.yaml.
vim values.yaml
Below will list the modifications for this example, for other modifications, please refer to the Harbor official documentation.
# <domain> is the domain name.
# <password> Default login password for the dashboard.
# <postgres_host> PostgreSql host address, if using GCP node, it will be the node's internal IP.
# <postgres_password> PostgreSql password.
# <redis_host> Redis host address, if using GCP node, it will be the node's internal IP.
expose:
type: ingress
tls:
enabled: true
certSource: none
...
ingress:
hosts:
core: <domain>
controller: default
kubeVersionOverride: ""
className: ""
annotations:
# ingress.kubernetes.io/ssl-redirect: "true"
# ingress.kubernetes.io/proxy-body-size: "0"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/proxy-body-size: "0"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: myresolver
...
externalURL: https://<domain>
...
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
existingClaim: "harbor"
storageClass: "harbor"
subPath: "registry"
accessMode: ReadWriteMany
size: 50Gi
annotations: {}
jobservice:
jobLog:
existingClaim: "harbor"
storageClass: "harbor"
subPath: "jobLog"
accessMode: ReadWriteMany
size: 1Gi
annotations: {}
...
trivy:
existingClaim: "harbor"
storageClass: "harbor"
subPath: "trivy"
accessMode: ReadWriteMany
size: 5Gi
annotations: {}
...
harborAdminPassword: <password>
...
portal:
...
nodeSelector: {
worker: cluster
}
...
core:
...
nodeSelector: {
worker: cluster
}
...
jobservice:
...
nodeSelector: {
worker: cluster
}
...
registry:
...
nodeSelector: {
worker: cluster
}
...
trivy:
...
nodeSelector: {
worker: cluster
}
...
database:
type: external
...
external:
host: "<postgres_host>"
port: "5432"
username: "postgres"
password: "<postgres_password>"
...
redis:
type: external
...
external:
addr: "<redis_host>:6379"
...
exporter:
...
nodeSelector: {
worker: cluster
}
...
# Deploy Harbor.
helm install harbor harbor/harbor -f values.yaml -n harbor