Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-29 16:27:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add Juan suggestions

Browse Source
This commit is contained in:
tompizmor
2019-07-05 16:15:01 +02:00
parent dd95f64096
commit 63e75e50ee
12 changed files with 89 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/harbor/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v1
name: harbor
version: 0.0.3
version: 0.0.4
appVersion: 1.8.1
description: Harbor is an an open source trusted cloud native registry project that stores, signs, and scans content
keywords:

71
bitnami/harbor/README.md
View File

@@ -1,4 +1,4 @@
# Helm Chart for Harbor
# Harbor
This Helm chart has been developed based on [goharbor/harbor-helm](https://github.com/goharbor/harbor-helm) chart but including some features common to the Bitnami chart library.
For example, the following changes have been introduced:
@@ -9,9 +9,16 @@ For example, the following changes have been introduced:
- Uses new Helm chart labels formating.
- Uses Bitnami container images:
- non-root by default
- published for debian-9, ol-7, and eventually centos-7
- published for debian-9 and ol-7
- At this moment, this chart does not support the Harbor optional component Chartmuseum but it does support Clair and Notary integrations.
## TL;DR:
```
helm repo add bitnami https://charts.bitnami.com
helm install bitnami/harbor
```
## Introduction
This [Helm](https://github.com/kubernetes/helm) chart installs [Harbor](https://github.com/goharbor/harbor) in a Kubernetes cluster. Welcome to [contribute](CONTRIBUTING.md) to Helm Chart for Harbor.
@@ -21,9 +28,26 @@ This [Helm](https://github.com/kubernetes/helm) chart installs [Harbor](https://
- Kubernetes cluster 1.10+
- Helm 2.8.0+
## Installation
## Installing the Chart
### Download the chart
Install the Harbor helm chart with a release name `my-release`:
```bash
helm repo add bitnami https://charts.bitnami.com
helm install --name my-release bitnami/harbor
```
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```bash
helm delete --purge my-release
```
Additionaly, if `persistence.resourcePolicy` is set to `keep`, you should manually delete the PVCs.
## Downloading the chart
Download Harbor helm chart
@@ -37,11 +61,9 @@ Change directory to Harbor code
cd charts/bitnami/harbor
```
### Configure the chart
## Configuration
The following items can be configured in `values.yaml` or set via `--set` flag during installation.
#### Configure the way how to expose Harbor service:
### Configure the way how to expose Harbor service:
- **Ingress**: The ingress controller must be installed in the Kubernetes cluster.
**Notes:** if the TLS is disabled, the port must be included in the command when pulling/pushing images. Refer to issue [#5291](https://github.com/goharbor/harbor/issues/5291) for the detail.
@@ -49,7 +71,7 @@ The following items can be configured in `values.yaml` or set via `--set` flag d
- **NodePort**: Exposes the service on each Nodes IP at a static port (the NodePort). Youll be able to contact the NodePort service, from outside the cluster, by requesting `NodeIP:NodePort`.
- **LoadBalancer**: Exposes the service externally using a cloud providers load balancer.
#### Configure the external URL
### Configure the external URL:
The external URL for Harbor core service is used to:
@@ -65,42 +87,22 @@ Format: `protocol://domain[:port]`. Usually:
If Harbor is deployed behind the proxy, set it as the URL of proxy.
#### Configure data persistence:
### Configure data persistence:
- **Disable**: The data does not survive the termination of a pod.
- **Persistent Volume Claim(default)**: A default `StorageClass` is needed in the Kubernetes cluster to dynamically provision the volumes. Specify another StorageClass in the `storageClass` or set `existingClaim` if you have already existing persistent volumes to use.
- **External Storage(only for images and charts)**: For images and charts, the external storages are supported: `azure`, `gcs`, `s3` `swift` and `oss`.
#### Configure the secrets
### Configure the secrets:
- **Secret keys**: Secret keys are used for secure communication between components. Fill `core.secret`, `jobservice.secret` and `registry.secret` to configure.
- **Certificates**: Used for token encryption/decryption. Fill `core.secretName` to configure.
Secrets and certificates must be setup to avoid changes on every Helm upgrade (see: [#107](https://github.com/goharbor/harbor-helm/issues/107)).
#### Configure the other items listed in [configuration](#configuration) section.
### Configure the deployment options:
### Install the chart
Install the Harbor helm chart with a release name `my-release`:
```bash
helm install --name my-release --set service.tls.commonName=your.domain.com .
```
## Uninstallation
To uninstall/delete the `my-release` deployment:
```bash
helm delete --purge my-release
```
Additionaly, if `persistence.resourcePolicy` is set to `keep`, you should manually delete the PVCs.
## Configuration
The following table lists the configurable parameters of the Harbor chart and the default values.
The following table lists the configurable parameters of the Harbor chart and the default values. They can be configured in `values.yaml` or set via `--set` flag during installation.
| Parameter | Description | Default |
| --------------------------------------------------------------------------- | ----------------------------------------------------------------------- | ------------------------------------------------------- |
@@ -255,8 +257,6 @@ The following table lists the configurable parameters of the Harbor chart and th
| `clair.podAnnotations` | Annotations to add to the clair pod | `{}` |
| `clair.livenessProbe` | Liveness probe configuration | `Check values.yaml file` |
| `clair.readinessProbe` | Readiness probe configuration | `Check values.yaml file` |
| **PostgreSQL** |
| `posgresql.enabled` | If external database is used, set it to `false` | `true` |
| `posgresql.postgresqlUsername` | Postgresql username | `postgres` |
@@ -274,7 +274,6 @@ The following table lists the configurable parameters of the Harbor chart and th
| `externalDatabase.notaryServerDatabase` | External database name for notary server | `nil` |
| `externalDatabase.notarySignerDatabase` | External database name for notary signer | `nil` |
| `externalDatabase.sslmode` | External database ssl mode | `nil` |
| **Redis** |
| `redis.enabled` | If external redis is used, set it to `false` | `true` |
| `redis.password` | Redis password | `nil` |

7
bitnami/harbor/templates/clair/clair-cm.yaml
View File

@@ -1,10 +1,9 @@
{{ if .Values.clair.enabled }}
{{- if .Values.clair.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.clair" . }}"
labels:
{{ include "harbor.labels" . | nindent 4 }}
labels: {{ include "harbor.labels" . | nindent 4 }}
app.kubernetes.io/component: clair
data:
config.yaml: |
@@ -32,4 +31,4 @@ data:
renotifyinterval: 2h
http:
endpoint: "http://{{ template "harbor.core" . }}/service/notifications/clair"
{{ end }}
{{- end }}

27
bitnami/harbor/templates/clair/clair-dpl.yaml
View File

@@ -1,10 +1,9 @@
{{ if .Values.clair.enabled }}
{{- if .Values.clair.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ template "harbor.clair" . }}"
labels:
{{ include "harbor.labels" . | nindent 4 }}
labels: {{ include "harbor.labels" . | nindent 4 }}
app.kubernetes.io/component: clair
spec:
replicas: {{ .Values.clair.replicas }}
@@ -36,16 +35,22 @@ spec:
httpGet:
path: /health
port: 6061
initialDelaySeconds: 30
periodSeconds: 10
initialDelaySeconds: {{ .Values.clair.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.clair.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.clair.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.clair.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.clair.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.clair.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /health
port: 6061
initialDelaySeconds: 30
periodSeconds: 10
initialDelaySeconds: {{ .Values.clair.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.clair.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.clair.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.clair.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.clair.readinessProbe.failureThreshold }}
{{- end }}
env:
- name: BITNAMI_DEBUG
@@ -59,7 +64,7 @@ spec:
value: {{ .Values.clair.httpsProxy }}
{{- end }}
- name: NO_PROXY
value: "{{ template "harbor.registry" . }},{{ template "harbor.core" . }}"
value: "{{ template "harbor.registry" . }},{{ template "harbor.clair" . }}"
{{- if .Values.clair.resources }}
resources:
{{ toYaml .Values.clair.resources | nindent 10 }}
@@ -75,8 +80,8 @@ spec:
configMap:
name: "{{ template "harbor.clair" . }}"
items:
- key: config.yaml
path: config.yaml
- key: config.yaml
path: config.yaml
{{- with .Values.clair.nodeSelector }}
nodeSelector: {{ toYaml . | nindent 8 }}
{{- end }}
@@ -86,4 +91,4 @@ spec:
{{- with .Values.clair.tolerations }}
tolerations: {{ tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{ end }}
{{- end }}

7
bitnami/harbor/templates/clair/clair-svc.yaml
View File

@@ -1,10 +1,9 @@
{{ if .Values.clair.enabled }}
{{- if .Values.clair.enabled }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.clair" . }}"
labels:
{{ include "harbor.labels" . | nindent 4 }}
labels: {{ include "harbor.labels" . | nindent 4 }}
app.kubernetes.io/component: clair
spec:
ports:
@@ -15,4 +14,4 @@ spec:
selector:
{{ include "harbor.matchLabels" . | nindent 4 }}
app.kubernetes.io/component: clair
{{ end }}
{{- end }}

8
bitnami/harbor/templates/core/core-secret.yaml
View File

@@ -8,16 +8,16 @@ data:
{{- if .Values.secretKey }}
secretKey: {{ .Values.secretKey | b64enc | quote }}
{{- else if (not .Values.forcePassword) }}
secretKey: "{{ randAlphaNum 16 | b64enc }}"
{{ else }}
secretKey: {{ randAlphaNum 16 | b64enc | quote }}
{{- else }}
secretKey: {{ required "A secret key is required!" .Values.secretKey }}
{{- end }}
{{- if .Values.core.secret }}
secret: {{ .Values.core.secret | b64enc | quote }}
{{- else if (not .Values.forcePassword) }}
secret: "{{ randAlphaNum 16 | b64enc }}"
{{ else }}
secret: {{ randAlphaNum 16 | b64enc | quote }}
{{- else }}
secret: {{ required "A secret is required!" .Values.core.secret }}
{{- end }}

28
bitnami/harbor/templates/ingress/ingress.yaml
View File

@@ -41,27 +41,27 @@ spec:
- path: /*
backend:
serviceName: "{{ template "harbor.portal" . }}"
servicePort: 80
servicePort: http
- path: /api/*
backend:
serviceName: "{{ template "harbor.core" . }}"
servicePort: 80
servicePort: http
- path: /service/*
backend:
serviceName: "{{ template "harbor.core" . }}"
servicePort: 80
servicePort: http
- path: /v2/*
backend:
serviceName: "{{ template "harbor.core" . }}"
servicePort: 80
servicePort: http
- path: /chartrepo/*
backend:
serviceName: "{{ template "harbor.core" . }}"
servicePort: 80
servicePort: http
- path: /c/*
backend:
serviceName: "{{ template "harbor.core" . }}"
servicePort: 80
servicePort: http
{{- if $ingress.hosts.core }}
host: {{ $ingress.hosts.core }}
{{- end }}
@@ -71,7 +71,7 @@ spec:
- path: /
backend:
serviceName: "{{ template "harbor.notary-server" . }}"
servicePort: 4443
servicePort: notary-server
{{- if $ingress.hosts.notary }}
host: {{ $ingress.hosts.notary }}
{{- end }}
@@ -83,27 +83,27 @@ spec:
- path: /
backend:
serviceName: "{{ template "harbor.portal" . }}"
servicePort: 80
servicePort: http
- path: /api/
backend:
serviceName: "{{ template "harbor.core" . }}"
servicePort: 80
servicePort: http
- path: /service/
backend:
serviceName: "{{ template "harbor.core" . }}"
servicePort: 80
servicePort: http
- path: /v2/
backend:
serviceName: "{{ template "harbor.core" . }}"
servicePort: 80
servicePort: http
- path: /chartrepo/
backend:
serviceName: "{{ template "harbor.core" . }}"
servicePort: 80
servicePort: http
- path: /c/
backend:
serviceName: "{{ template "harbor.core" . }}"
servicePort: 80
servicePort: http
{{- if $ingress.hosts.core }}
host: {{ $ingress.hosts.core }}
{{- end }}
@@ -113,7 +113,7 @@ spec:
- path: /
backend:
serviceName: "{{ template "harbor.notary-server" . }}"
servicePort: 4443
servicePort: notary-server
{{- if $ingress.hosts.notary }}
host: {{ $ingress.hosts.notary }}
{{- end }}

6
bitnami/harbor/templates/nginx/service.yaml
View File

@@ -25,8 +25,7 @@ spec:
{{- else if eq .Values.service.type "NodePort" }}
{{- $nodePort := .Values.service.nodePort }}
name: {{ $nodePort.name }}
labels:
{{ include "harbor.labels" . | nindent 4 }}
labels: {{ include "harbor.labels" . | nindent 4 }}
spec:
type: NodePort
ports:
@@ -55,8 +54,7 @@ spec:
{{- else if eq .Values.service.type "LoadBalancer" }}
{{- $loadBalancer := .Values.service.loadBalancer }}
name: {{ $loadBalancer.name }}
labels:
{{ include "harbor.labels" . | nindent 4 }}
labels: {{ include "harbor.labels" . | nindent 4 }}
spec:
type: LoadBalancer
ports:

4
bitnami/harbor/templates/notary/notary-cm.yaml
View File

@@ -1,4 +1,4 @@
{{ if .Values.notary.enabled }}
{{- if .Values.notary.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
@@ -70,4 +70,4 @@ data:
"default_alias": "defaultalias"
}
}
{{ end }}
{{- end }}

7
bitnami/harbor/templates/notary/notary-server.yaml
View File

@@ -1,4 +1,4 @@
{{ if .Values.notary.enabled }}
{{- if .Values.notary.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -51,6 +51,9 @@ spec:
mountPath: /etc/ssl/notary/cert/notary-signer-ca.crt
subPath: ca
{{- end }}
ports:
- containerPort: 4443
name: notary-server
volumes:
- name: notary-config
configMap:
@@ -76,4 +79,4 @@ spec:
{{- with .Values.notary.tolerations }}
tolerations: {{ toYaml . | nindent 8 }}
{{- end }}
{{ end }}
{{- end }}

4
bitnami/harbor/templates/notary/notary-signer.yaml
View File

@@ -1,4 +1,4 @@
{{ if .Values.notary.enabled }}
{{- if .Values.notary.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -74,4 +74,4 @@ spec:
tolerations:
{{ toYaml . | nindent 8 }}
{{- end }}
{{ end }}
{{- end }}

4
bitnami/harbor/templates/notary/notary-svc.yaml
View File

@@ -1,4 +1,4 @@
{{ if .Values.notary.enabled }}
{{- if .Values.notary.enabled }}
apiVersion: v1
kind: Service
metadata:
@@ -26,4 +26,4 @@ spec:
selector:
{{ include "harbor.matchLabels" . | nindent 4 }}
component: notary-signer
{{ end }}
{{- end }}