Created
November 22, 2021 00:02
-
-
Save Vertiwell/3797f39a522d0a5f2dcb0a63b9c1a3e2 to your computer and use it in GitHub Desktop.
harbor.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### Deploying Harbor Registry Cluster on Kubernetes for Debian/Ubuntu based OS | |
## Baseline Guide: https://goharbor.io/docs/2.4.0/install-config/harbor-ha-helm/ | |
# Type of Deployment: Helm | |
# | |
### Minimum Requirements ### | |
## Three Worker Node Cluster (Tested on K0s, K3s, K8s) | |
## A Storage Backend (Tested on Ceph, OpenEBS, Longhorn) | |
## Postgres Cluster - See Script | |
# | |
## The following base packages are required: | |
# Helm, Package Manager | |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && \ | |
chmod 700 get_helm.sh && \ | |
./get_helm.sh && \ | |
# | |
### Installation ### | |
## Set Variables: | |
# Set a StorageClass (kubectl get sc) | |
SC=$(kubectl get sc --output=jsonpath={.items..metadata.name}) | |
PS3='Please select a storage class: ' | |
options=($SC) | |
select STORAGECLASS in "${options[@]}" | |
do | |
echo "Using $STORAGECLASS as the StorageClass"; export STORAGECLASS=$STORAGECLASS; break | |
done | |
# Set a domain to use (needs to be real if you want to access this externally from the internet) | |
echo "Provide a domain to use (i.e: example.com):" | |
read DOMAIN | |
# Get Redis password: | |
RPASS=$(kubectl get secret --namespace default redis -o jsonpath="{.data.redis-password}" | base64 --decode) | |
# Get Postgres password: | |
export PPASS=$(cat temp-pass-store | sed -n -e 's/^.*User Postgres: //p') && \ | |
## Create a database in Postgres for Harbor | |
# Find the nearest Postgres pod | |
PPOD=$(kubectl get pods --selector=app=postgres --all-namespaces --output=jsonpath={.items[].metadata.name}) | |
# Find the pods namespace | |
PNAMESPACE=$(kubectl get pods --selector=app=postgres --all-namespaces --output=jsonpath={.items[].metadata.namespace}) | |
# Create a password for the harbor databases (to be saved and this file deleted) | |
export HPASS=$(pwgen -csn 24 1) && echo "User Harbor: "$HPASS"" >> temp-pass-store && \ | |
# Print an sql file to the postgres pod to create the new databases | |
kubectl exec -it $PPOD -n $PNAMESPACE -- bash -c "printf '\set AUTOCOMMIT on\nCREATE DATABASE registry;\nCREATE DATABASE notary_server;\nCREATE DATABASE notary_signer;\n' > /tmp/createdb.sql" && \ | |
# Execute this sql on the postgres server | |
kubectl exec -it $PPOD -n $PNAMESPACE -- psql "user=postgres password="$PPASS"" -f "/tmp/createdb.sql" && \ | |
# Execute command to create user and password with permissions to the databases | |
kubectl exec -it $PPOD -n $PNAMESPACE -- psql "user=postgres password="$PPASS"" -c "CREATE USER harbor WITH PASSWORD '"$HPASS"'" -c "GRANT ALL PRIVILEGES ON DATABASE registry to harbor" -c "GRANT ALL PRIVILEGES ON DATABASE notary_server to harbor" -c "GRANT ALL PRIVILEGES ON DATABASE notary_signer to harbor" && \ | |
# Install the Helm chart repo | |
helm repo add harbor https://helm.goharbor.io && helm repo update && \ | |
# Create custom values file | |
# Helm Chart Values Harbor: https://github.com/goharbor/harbor-helm/blob/master/values.yaml | |
cat <<EOF >config.yaml | |
expose: | |
type: clusterIP | |
tls: | |
enabled: false | |
certSource: none | |
externalURL: https://harbor.$DOMAIN | |
persistence: | |
persistentVolumeClaim: | |
registry: | |
storageClass: "$STORAGECLASS" | |
size: 2Gi | |
chartmuseum: | |
storageClass: "$STORAGECLASS" | |
size: 2Gi | |
jobservice: | |
storageClass: "$STORAGECLASS" | |
size: 1Gi | |
trivy: | |
storageClass: "$STORAGECLASS" | |
size: 2Gi | |
notary: | |
enabled: false | |
registry: | |
credentials: | |
username: "harbor" | |
password: "$HPASS" | |
database: | |
type: external | |
external: | |
host: "postgres.default.svc.cluster.local" | |
port: "5432" | |
username: "harbor" | |
password: "$HPASS" | |
EOF | |
# Deploy the Harbor chart with custom values | |
helm install harbor harbor/harbor -f ./config.yaml --namespace harbor --create-namespace && \ | |
# Wait until each database pod is running before moving on | |
ROLLOUT_STATUS_CMD="kubectl rollout status -w --timeout=300s deployment/harbor-core -n harbor" | |
until $ROLLOUT_STATUS_CMD || [ $n -eq 300 ]; do | |
$ROLLOUT_STATUS_CMD | |
n=$((n + 1)) | |
sleep 5 | |
done | |
# Clean up | |
rm config.yaml | |
# Wipe everything | |
# kubectl delete ns harbor; export PPASS=$(cat temp-pass-store | sed -n -e 's/^.*User Postgres: //p'); kubectl exec -it $(kubectl get pods --selector=app=postgres --all-namespaces --output=jsonpath={.items[].metadata.name}) default -- psql "user=postgres password="$PPASS"" -c "DROP DATABASE registry" -c "DROP DATABASE notary_server" -c "DROP DATABASE notary_signer" -c "DROP USER harbor" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment