harbor/contrib/helm/harbor/README.md
2018-02-17 11:29:52 +08:00

7.8 KiB

Project Harbor by VMware

Harbor is an enterprise-class registry server that stores and distributes Docker images. Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. As an enterprise private registry, Harbor offers better performance and security. Having a registry closer to the build and run environment improves the image transfer efficiency. Harbor supports the setup of multiple registries and has images replicated between them. In addition, Harbor offers advanced security features, such as user management, access control and activity auditing.

Introduction

This is an experimental monolithic chart that installs and configures VMWare Harbor and its dependencies. The initial implementation of this includes all of the components required to run Harbor. As upstream harbor becomes more cloud native we will be able to break apart the monolith and utitlize helm dependencies.

Prerequisites

  • Kubernetes 1.7+ with Beta APIs enabled
  • PV provisioner support in the underlying infrastructure

Installing the Chart

To install the chart with the release name my-release:

$ git clone https://github.com/vmware/harbor.git
$ cd harbor/contrib/helm/harbor
$ helm install --name my-release incubator/harbor

The command deploys Harbor on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.

Tip

: List all releases using helm list

Uninstalling the Chart

To uninstall/delete the my-release deployment:

$ helm delete my-release

The command removes all the Kubernetes components associated with the chart and deletes the release.

Configuration

The following tables lists the configurable parameters of the Percona chart and their default values.

Parameter Description Default
Harbor
externalDomain domain harbor will run on (https://harbor.url/) harbor.192.168.99.100.xip.io
tls_crt TLS certificate to use for Harbor's https endpoint see values.yaml
tls_key TLS key to use for Harbor's https endpoint see values.yaml
ca_crt CA Cert for self signed TLS cert see values.yaml
persistence.enabled enable persistent data storage false
Adminserver
adminserver.image.repository Repository for adminserver image vmware/harbor-adminserver
adminserver.image.tag Tag for adminserver image v1.3.0
adminserver.image.pullPolicy Pull Policy for adminserver image IfNotPresent
adminserver.emailHost email server smtp.mydomain.com
adminserver.emailPort email port 25
adminserver.emailUser email username sample_admin@mydomain.com
adminserver.emailSsl email uses SSL? false
adminserver.emailFrom send email from address admin <sample_admin@mydomain.com>
adminserver.emailIdentity ""
adminserver.key adminsever key not-a-secure-key
adminserver.emailPwd password for email not-a-secure-password
adminserver.harborAdminPassword password for admin user Harbor12345
adminserver.resources resources to allocate for container undefined
adminserver.volumes used to create PVCs if persistence is enabled (see instructions in values.yaml) see values.yaml
Jobservice
jobservice.image.repository Repository for jobservice image vmware/harbor-jobservice
jobservice.image.tag Tag for jobservice image v1.3.0
jobservice.image.pullPolicy Pull Policy for jobservice image IfNotPresent
jobservice.key jobservice key not-a-secure-key
jobservice.secret jobservice secret not-a-secure-secret
jobservice.resources resources to allocate for container undefined
UI
ui.image.repository Repository for ui image vmware/harbor-ui
ui.image.tag Tag for ui image v1.3.0
ui.image.pullPolicy Pull Policy for ui image IfNotPresent
ui.key ui key not-a-secure-key
ui.secret ui secret not-a-secure-secret
ui.privateKeyPem ui private key see values.yaml
ui.resources resources to allocate for container undefined
MySQL
mysql.image.repository Repository for mysql image vmware/harbor-mysql
mysql.image.tag Tag for mysql image v1.3.0
mysql.image.pullPolicy Pull Policy for mysql image IfNotPresent
mysql.host MySQL Server ~
mysql.port MySQL Port 3306
mysql.user MySQL Username root
mysql.pass MySQL Password registry
mysql.database MySQL Database registry
mysql.resources resources to allocate for container undefined
mysql.volumes used to create PVCs if persistence is enabled (see instructions in values.yaml) see values.yaml
Registry
registry.image.repository Repository for registry image vmware/harbor-registry
registry.image.tag Tag for registry image v1.3.0
registry.image.pullPolicy Pull Policy for registry image IfNotPresent
registry.rootCrt registry root cert see values.yaml
registry.httpSecret registry secret not-a-secure-secret
registry.resources resources to allocate for container undefined
registry.volumes used to create PVCs if persistence is enabled (see instructions in values.yaml) see values.yaml
Clair
clair.enabled Enable clair? false
clair.postgresPassword password for clair postgres see values.yaml
clair.image.repository Repository for clair image vmware/clair
clair.image.tag Tag for clair image v2.0.1-photon
clair.image.pullPolicy Pull Policy for clair image IfNotPresent
clair.pgImage.repository Repository for clair postgres image postgres
clair.pgImage.tag Tag for clair postgres image 9.6.4
clair.pgImage.pullPolicy Pull Policy for clair postgres image IfNotPresent
clair.resources resources to allocate for container undefined

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example:

$ helm install --name my-release --set mysql.pass=baconeggs .

Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,

$ helm install --name my-release -f /path/to/values.yaml .

Tip

: You can use the default values.yaml

Persistence

VMWare Harbor stores the data and configurations in emptyDir volumes. You can change the values.yaml to enable persistence and use a PersistentVolumeClaim instead.

"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."