2016-11-21 09:07:04 +01:00
## Integration with Kubernetes
2017-09-25 11:25:16 +02:00
This Document decribes how to deploy Harbor on Kubernetes. It has been verified on **Kubernetes v1.6.5** and **Harbor v1.2.0**
2016-11-21 09:07:04 +01:00
### Prerequisite
2017-09-28 10:28:59 +02:00
* You should have domain knowledge about Kubernetes (Replication Controller, Service, Persistent Volume, Persistent Volume Claim, Config Map).
* **Optional**: Load the docker images onto woker nodes. *If you skip this step, worker node will pull images from Docker Hub when starting the pods.*
2017-09-25 11:25:16 +02:00
* Download the offline installer of Harbor v1.2.0 from the [release ](https://github.com/vmware/harbor/releases ) page.
2017-09-28 10:28:59 +02:00
* Uncompress the offline installer and get the images tgz file harbor.*.tgz, transfer it to each of the worker nodes.
2017-01-20 08:24:17 +01:00
* Load the images into docker:
```
docker load -i harbor.*.tgz
```
2016-11-21 09:07:04 +01:00
### Configuration
2017-09-28 10:28:59 +02:00
We provide a python script `make/kubernetes/k8s-prepare` to generate Kubernetes ConfigMap files.
2016-11-21 09:07:04 +01:00
The script is written in python, so you need a version of python in your deployment environment.
Also the script need `openssl` to generate private key and certification, make sure you have a workable `openssl` .
There are some args of the python script:
2017-09-25 11:25:16 +02:00
2016-11-21 09:07:04 +01:00
- -f: Default Value is `../harbor.cfg` . You can specify other config file of Harbor.
- -k: Path to https private key. This arg can overwrite the value of `ssl_cert_key` in `harbor.cfg` .
- -c: Path to https certification. This arg can overwrite the value of `ssl_cert` in `harbor.cfg` .
#### Basic Configuration
These Basic Configuration must be set. Otherwise you can't deploy Harbor on Kubernetes.
2017-09-25 11:25:16 +02:00
2016-11-21 09:07:04 +01:00
- `make/harbor.cfg` : Basic config of Harbor. Please refer to `harbor.cfg` .
```
2017-09-25 11:25:16 +02:00
#Hostname is the endpoint for accessing Harbor,
#To accept access from outside of Kubernetes cluster, it should be set to a worker node.
hostname = 10.192.168.5
2016-11-21 09:07:04 +01:00
```
2017-09-25 11:25:16 +02:00
- `make/kubernetes/**/*.svc.yaml` : Specify the service of pods. In particular, the externalIP should be set in `make/kubernetes/nginx/nginx.svc.yaml` :
2016-11-21 09:07:04 +01:00
2017-09-25 11:25:16 +02:00
```
...
metadata:
name: nginx
spec:
ports:
- name: http
port: 80
selector:
name: nginx-apps
externalIPs:
- 10.192.168.5
```
- `make/kubernetes/**/*.rc.yaml` : Specify configs of containers.
2016-11-21 09:07:04 +01:00
- `make/kubernetes/pv/*.pvc.yaml` : Persistent Volume Claim.
You can set capacity of storage in these files. example:
```
resources:
requests:
# you can set another value to adapt to your needs
storage: 100Gi
```
- `make/kubernetes/pv/*.pv.yaml` : Persistent Volume. Be bound with `*.pvc.yaml` .
PVs and PVCs are one to one correspondence. If you changed capacity of PVC, you need to set capacity of PV together.
example:
```
capacity:
# same value with PVC
storage: 100Gi
```
In PV, you should set another way to store data rather than `hostPath` :
```
# it's default value, you should use others like nfs.
hostPath:
path: /data/registry
```
2017-09-25 11:25:16 +02:00
For more infomation about storage solution, Please check [Kubernetes Document ](http://kubernetes.io/docs/user-guide/persistent-volumes/ )
2016-11-21 09:07:04 +01:00
Then you can generate ConfigMap files by :
2016-04-18 00:26:33 +02:00
```
2017-09-28 10:28:59 +02:00
python make/kubernetes/k8s-prepare
2016-04-18 00:26:33 +02:00
```
2016-11-21 09:07:04 +01:00
These files will be generated:
2017-09-25 11:25:16 +02:00
2016-11-21 09:07:04 +01:00
- make/kubernetes/jobservice/jobservice.cm.yaml
- make/kubernetes/mysql/mysql.cm.yaml
- make/kubernetes/nginx/nginx.cm.yaml
- make/kubernetes/registry/registry.cm.yaml
- make/kubernetes/ui/ui.cm.yaml
2017-09-25 11:25:16 +02:00
- make/kubernetes/adminserver/adminserver.cm.yaml
2016-04-18 00:26:33 +02:00
2016-11-21 09:07:04 +01:00
#### Advanced Configuration
If Basic Configuration was not covering your requirements, you can read this section for more details.
2017-09-28 10:28:59 +02:00
`./k8s-prepare` has a specify format of placeholder:
2017-09-25 11:25:16 +02:00
2016-11-21 09:07:04 +01:00
- `{{key}}` : It means we should replace the placeholder with the value in `config.cfg` which name is `key` .
- `{{num key}}` : It's used for multiple lines text. It will add `num` spaces to the leading of every line in text.
You can find all configs of Harbor in `make/kubernetes/templates/` . There are specifications of these files:
2017-09-25 11:25:16 +02:00
2016-11-21 09:07:04 +01:00
- `jobservice.cm.yaml` : ENV and web config of jobservice
- `mysql.cm.yaml` : Root passowrd of MySQL
- `nginx.cm.yaml` : Https certification and nginx config. If you are fimiliar with nginx, you can modify it.
- `registry.cm.yaml` : Token service certification and registry config
Registry use filesystem to store data of images. You can find it like:
```
storage:
filesystem:
rootdirectory: /storage
```
If you want use another storage backend, please see [Docker Doc ](https://docs.docker.com/datacenter/dtr/2.1/guides/configure/configure-storage/ )
2017-09-25 11:25:16 +02:00
- `ui.cm.yaml` : Token service private key, ENV and web config of ui.
- `adminserver.cm.yaml` : Initial values of configuration attributes of Harbor.
2016-11-21 09:07:04 +01:00
2017-09-25 11:25:16 +02:00
`ui` , `jobservice` and `adminserver` are powered by beego. If you are fimiliar with beego, you can modify configs in `ui.cm.yaml` , `jobservice.cm.yaml` and `adminserver.cm.yaml` .
2016-11-21 09:07:04 +01:00
### Running
When you finished your configuring and generated ConfigMap files, you can run Harbor on kubernetes with these commands:
2017-09-25 11:25:16 +02:00
2016-04-18 00:26:33 +02:00
```
2016-11-21 09:07:04 +01:00
# create pv & pvc
kubectl apply -f make/kubernetes/pv/log.pv.yaml
kubectl apply -f make/kubernetes/pv/registry.pv.yaml
kubectl apply -f make/kubernetes/pv/storage.pv.yaml
kubectl apply -f make/kubernetes/pv/log.pvc.yaml
kubectl apply -f make/kubernetes/pv/registry.pvc.yaml
kubectl apply -f make/kubernetes/pv/storage.pvc.yaml
# create config map
kubectl apply -f make/kubernetes/jobservice/jobservice.cm.yaml
kubectl apply -f make/kubernetes/mysql/mysql.cm.yaml
kubectl apply -f make/kubernetes/nginx/nginx.cm.yaml
kubectl apply -f make/kubernetes/registry/registry.cm.yaml
kubectl apply -f make/kubernetes/ui/ui.cm.yaml
2017-09-25 11:25:16 +02:00
kubectl apply -f make/kubernetes/adminserver/adminserver.cm.yaml
2016-04-18 00:26:33 +02:00
2016-11-21 09:07:04 +01:00
# create service
kubectl apply -f make/kubernetes/jobservice/jobservice.svc.yaml
kubectl apply -f make/kubernetes/mysql/mysql.svc.yaml
kubectl apply -f make/kubernetes/nginx/nginx.svc.yaml
kubectl apply -f make/kubernetes/registry/registry.svc.yaml
kubectl apply -f make/kubernetes/ui/ui.svc.yaml
2017-09-25 11:25:16 +02:00
kubectl apply -f make/kubernetes/adminserver/adminserver.svc.yaml
2016-11-21 09:07:04 +01:00
# create k8s rc
kubectl apply -f make/kubernetes/registry/registry.rc.yaml
kubectl apply -f make/kubernetes/mysql/mysql.rc.yaml
kubectl apply -f make/kubernetes/jobservice/jobservice.rc.yaml
kubectl apply -f make/kubernetes/ui/ui.rc.yaml
kubectl apply -f make/kubernetes/nginx/nginx.rc.yaml
2017-09-25 11:25:16 +02:00
kubectl apply -f make/kubernetes/adminserver/adminserver.rc.yaml
2016-11-21 09:07:04 +01:00
```
2017-09-25 11:25:16 +02:00
After the pods are running, you can access Harbor's UI via the configured endpoint `10.192.168.5` or issue docker commands such as `docker login 10.192.168.5` to interact with the registry.
2017-09-28 10:28:59 +02:00
####Limitation
1. Current deployment is http only, to enable https you need to either add another layer of proxy or modify the nginx.cm.yaml to enable https and include a correct certificate
2017-11-02 11:12:28 +01:00
2. Current deployment does not include Clair and Notary, which are supported in docker-compose deployment. They will be supported in near future, stay tuned.
2017-09-28 10:28:59 +02:00