Created
October 11, 2020 09:20
-
-
Save RajputVaibhav/93bb3ed9a174c1b2db54b0449637a65c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
AWSTemplateFormatVersion: '2010-09-09' | |
Description: 'An EC2 instance which gets harbor v1.5.2 installed and accessible on its public IP' | |
Parameters: | |
KeyName: | |
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance | |
Type: AWS::EC2::KeyPair::KeyName | |
ConstraintDescription: must be the name of an existing EC2 KeyPair. | |
InstanceType: | |
Description: Harbor EC2 instance type | |
Type: String | |
Default: t2.small | |
AmiId: | |
Description: Harbor EC2 AMI ID | |
Type: String | |
Default: ami-0e306788ff2473ccb | |
SSHLocation: | |
Description: The IP address range that can be used to SSH to the EC2 instances | |
Type: String | |
Default: 0.0.0.0/0 | |
AllowedPattern: "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})" | |
ConstraintDescription: must be a valid IP CIDR range of the form x.x.x.x/x. | |
Resources: | |
HarborUser: | |
Type: AWS::IAM::User | |
Properties: | |
Policies: | |
- PolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Action: | |
- s3:* | |
Resource: "*" | |
PolicyName: s3-storage-access | |
UserName: Harbor | |
HarborAccessToS3: | |
DependsOn: HarborRole | |
Type: AWS::IAM::AccessKey | |
Properties: | |
UserName: Harbor | |
S3Bucket: | |
Type: AWS::S3::Bucket | |
Properties: | |
BucketName: !Sub "harbor-storage-${AWS::Region}" | |
InstanceSecurityGroup: | |
Type: AWS::EC2::SecurityGroup | |
Properties: | |
GroupDescription: Enable SSH access via port 22 | |
SecurityGroupIngress: | |
- IpProtocol: tcp | |
FromPort: '22' | |
ToPort: '22' | |
CidrIp: | |
Ref: SSHLocation | |
- IpProtocol: tcp | |
FromPort: '80' | |
ToPort: '80' | |
CidrIp: 0.0.0.0/0 | |
EC2Instance: | |
DependsOn: | |
- HarborAccessToS3 | |
- S3Bucket | |
Type: AWS::EC2::Instance | |
Properties: | |
InstanceType: | |
Ref: InstanceType | |
SecurityGroups: | |
- Ref: InstanceSecurityGroup | |
KeyName: | |
Ref: KeyName | |
ImageId: | |
Ref: AmiId | |
UserData: | |
Fn::Base64: | |
Fn::Sub: | |
- | | |
#!/bin/bash | |
sudo yum update -y | |
sudo yum -y install wget tar | |
sudo yum install -y docker | |
sudo service docker start | |
sudo usermod -a -G docker ec2-user | |
sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
sudo chmod +x /usr/local/bin/docker-compose | |
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose | |
curl -LO https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.5.2.tgz | |
tar -xvf harbor-online-installer-v1.5.2.tgz | |
cd harbor | |
commonName=`dig +short myip.opendns.com @resolver1.opendns.com` | |
domainReplace="sed -i s/reg\.mydomain\.com/$commonName/g harbor.cfg" | |
eval $domainReplace | |
cat << EOF >> common/templates/registry/config.yml | |
storage: | |
s3: | |
region: ${AWS::Region} | |
bucket: harbor-storage-${AWS::AccountId} | |
accesskey: ${AccessKey} | |
secretkey: ${SecretKey} | |
EOF | |
sudo ./install.sh | |
- AccessKey: !Ref HarborAccessToS3 | |
SecretKey: !GetAtt HarborAccessToS3.SecretAccessKey | |
Outputs: | |
InstanceId: | |
Description: InstanceId of the newly created EC2 instance | |
Value: | |
Ref: EC2Instance | |
PublicDNS: | |
Description: Public DNSName of the newly created EC2 instance | |
Value: | |
Fn::GetAtt: | |
- EC2Instance | |
- PublicDnsName | |
PublicIP: | |
Description: Public IP address of the newly created EC2 instance | |
Value: | |
Fn::GetAtt: | |
- EC2Instance | |
- PublicIp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Shouldn't the following two lines defining / using the S3 Bucket match up? Or else isn't Harbor going to fallback onto a EBS (Elastic Block Store) Storage method.
https://gist.github.com/RajputVaibhav/93bb3ed9a174c1b2db54b0449637a65c#file-harbor-on-ec2-yaml-L45
https://gist.github.com/RajputVaibhav/93bb3ed9a174c1b2db54b0449637a65c#file-harbor-on-ec2-yaml-L102
Meaning either use
harbor-storage-${AWS::Region}
on both lines orharbor-storage-${AWS::AccountId}
, but not both.