Skip to content

Instantly share code, notes, and snippets.

@Vertiwell
Created November 22, 2021 00:02
Show Gist options
  • Save Vertiwell/3797f39a522d0a5f2dcb0a63b9c1a3e2 to your computer and use it in GitHub Desktop.
Save Vertiwell/3797f39a522d0a5f2dcb0a63b9c1a3e2 to your computer and use it in GitHub Desktop.
harbor.sh
#!/bin/bash
### Deploying Harbor Registry Cluster on Kubernetes for Debian/Ubuntu based OS
## Baseline Guide: https://goharbor.io/docs/2.4.0/install-config/harbor-ha-helm/
# Type of Deployment: Helm
#
### Minimum Requirements ###
## Three Worker Node Cluster (Tested on K0s, K3s, K8s)
## A Storage Backend (Tested on Ceph, OpenEBS, Longhorn)
## Postgres Cluster - See Script
#
## The following base packages are required:
# Helm, Package Manager
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && \
chmod 700 get_helm.sh && \
./get_helm.sh && \
#
### Installation ###
## Set Variables:
# Set a StorageClass (kubectl get sc)
SC=$(kubectl get sc --output=jsonpath={.items..metadata.name})
PS3='Please select a storage class: '
options=($SC)
select STORAGECLASS in "${options[@]}"
do
echo "Using $STORAGECLASS as the StorageClass"; export STORAGECLASS=$STORAGECLASS; break
done
# Set a domain to use (needs to be real if you want to access this externally from the internet)
echo "Provide a domain to use (i.e: example.com):"
read DOMAIN
# Get Redis password:
RPASS=$(kubectl get secret --namespace default redis -o jsonpath="{.data.redis-password}" | base64 --decode)
# Get Postgres password:
export PPASS=$(cat temp-pass-store | sed -n -e 's/^.*User Postgres: //p') && \
## Create a database in Postgres for Harbor
# Find the nearest Postgres pod
PPOD=$(kubectl get pods --selector=app=postgres --all-namespaces --output=jsonpath={.items[].metadata.name})
# Find the pods namespace
PNAMESPACE=$(kubectl get pods --selector=app=postgres --all-namespaces --output=jsonpath={.items[].metadata.namespace})
# Create a password for the harbor databases (to be saved and this file deleted)
export HPASS=$(pwgen -csn 24 1) && echo "User Harbor: "$HPASS"" >> temp-pass-store && \
# Print an sql file to the postgres pod to create the new databases
kubectl exec -it $PPOD -n $PNAMESPACE -- bash -c "printf '\set AUTOCOMMIT on\nCREATE DATABASE registry;\nCREATE DATABASE notary_server;\nCREATE DATABASE notary_signer;\n' > /tmp/createdb.sql" && \
# Execute this sql on the postgres server
kubectl exec -it $PPOD -n $PNAMESPACE -- psql "user=postgres password="$PPASS"" -f "/tmp/createdb.sql" && \
# Execute command to create user and password with permissions to the databases
kubectl exec -it $PPOD -n $PNAMESPACE -- psql "user=postgres password="$PPASS"" -c "CREATE USER harbor WITH PASSWORD '"$HPASS"'" -c "GRANT ALL PRIVILEGES ON DATABASE registry to harbor" -c "GRANT ALL PRIVILEGES ON DATABASE notary_server to harbor" -c "GRANT ALL PRIVILEGES ON DATABASE notary_signer to harbor" && \
# Install the Helm chart repo
helm repo add harbor https://helm.goharbor.io && helm repo update && \
# Create custom values file
# Helm Chart Values Harbor: https://github.com/goharbor/harbor-helm/blob/master/values.yaml
cat <<EOF >config.yaml
expose:
type: clusterIP
tls:
enabled: false
certSource: none
externalURL: https://harbor.$DOMAIN
persistence:
persistentVolumeClaim:
registry:
storageClass: "$STORAGECLASS"
size: 2Gi
chartmuseum:
storageClass: "$STORAGECLASS"
size: 2Gi
jobservice:
storageClass: "$STORAGECLASS"
size: 1Gi
trivy:
storageClass: "$STORAGECLASS"
size: 2Gi
notary:
enabled: false
registry:
credentials:
username: "harbor"
password: "$HPASS"
database:
type: external
external:
host: "postgres.default.svc.cluster.local"
port: "5432"
username: "harbor"
password: "$HPASS"
EOF
# Deploy the Harbor chart with custom values
helm install harbor harbor/harbor -f ./config.yaml --namespace harbor --create-namespace && \
# Wait until each database pod is running before moving on
ROLLOUT_STATUS_CMD="kubectl rollout status -w --timeout=300s deployment/harbor-core -n harbor"
until $ROLLOUT_STATUS_CMD || [ $n -eq 300 ]; do
$ROLLOUT_STATUS_CMD
n=$((n + 1))
sleep 5
done
# Clean up
rm config.yaml
# Wipe everything
# kubectl delete ns harbor; export PPASS=$(cat temp-pass-store | sed -n -e 's/^.*User Postgres: //p'); kubectl exec -it $(kubectl get pods --selector=app=postgres --all-namespaces --output=jsonpath={.items[].metadata.name}) default -- psql "user=postgres password="$PPASS"" -c "DROP DATABASE registry" -c "DROP DATABASE notary_server" -c "DROP DATABASE notary_signer" -c "DROP USER harbor"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment