Skip to content

Commit

Permalink
Merge pull request goharbor#5289 from ywk253100/180710_chart
Browse files Browse the repository at this point in the history
Fix misc issues of Harbor charts
  • Loading branch information
reasonerjt authored Jul 13, 2018
2 parents a912a55 + c72a7db commit 799a6b4
Show file tree
Hide file tree
Showing 10 changed files with 93 additions and 142 deletions.
27 changes: 2 additions & 25 deletions contrib/helm/harbor/templates/NOTES.txt
Original file line number Diff line number Diff line change
@@ -1,26 +1,3 @@

Please wait for several minutes for Harbor deployment to complete.
Then follow the steps below to use Harbor.

1. Add the Harbor CA certificate to Docker by executing the following command:

sudo mkdir -p /etc/docker/certs.d/{{ .Values.externalDomain }}
kubectl get secret \
--namespace {{ .Release.Namespace }} {{ template "harbor.fullname" . }}-ingress \
-o jsonpath="{.data.ca\.crt}" | base64 --decode | \
sudo tee /etc/docker/certs.d/{{ .Values.externalDomain }}/ca.crt

2. Get Harbor admin password by executing the following command:

kubectl get secret --namespace {{ .Release.Namespace }} {{ template "harbor.fullname" . }}-adminserver -o jsonpath="{.data.HARBOR_ADMIN_PASSWORD}" | base64 --decode; echo

3. Add DNS resolution entry for Harbor FQDN {{ .Values.externalDomain }} to K8s Ingress Controller IP on DNS Server or in file /etc/hosts.
{{- if .Values.notary.enabled }}
Add DNS resolution entry for Notary FQDN {{ template "harbor.notaryFQDN" . }} to K8s Ingress Controller IP on DNS Server or in file /etc/hosts.
{{- end }}

4. Access Harbor UI via https://{{ .Values.externalDomain }}

5. Login Harbor with Docker CLI:

docker login {{ .Values.externalDomain }}
Then you should be able to visit the UI portal at {{ template "harbor.externalURL" . }}.
For more details, please visit https://github.com/vmware/harbor.
4 changes: 2 additions & 2 deletions contrib/helm/harbor/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,9 @@ app: "{{ template "harbor.name" . }}"

{{- define "harbor.externalURL" -}}
{{- if .Values.externalPort -}}
{{- printf "%s:%s" .Values.externalDomain (toString .Values.externalPort) -}}
{{- printf "%s://%s:%s" .Values.externalProtocol .Values.externalDomain (toString .Values.externalPort) -}}
{{- else -}}
{{- .Values.externalDomain -}}
{{- printf "%s://%s" .Values.externalProtocol .Values.externalDomain -}}
{{- end -}}
{{- end -}}

Expand Down
36 changes: 18 additions & 18 deletions contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,14 @@ data:
POSTGRESQL_PORT: "{{ template "harbor.database.port" . }}"
POSTGRESQL_USERNAME: "{{ template "harbor.database.username" . }}"
POSTGRESQL_DATABASE: "{{ template "harbor.database.coreDatabase" . }}"
EMAIL_HOST: "{{ .Values.adminserver.emailHost }}"
EMAIL_PORT: "{{ .Values.adminserver.emailPort }}"
EMAIL_USR: "{{ .Values.adminserver.emailUser }}"
EMAIL_SSL: "{{ .Values.adminserver.emailSsl }}"
EMAIL_FROM: "{{ .Values.adminserver.emailFrom }}"
EMAIL_IDENTITY: "{{ .Values.adminserver.emailIdentity }}"
EMAIL_INSECURE: "{{ .Values.adminserver.emailInsecure }}"
EXT_ENDPOINT: "https://{{ .Values.externalDomain }}"
EMAIL_HOST: "{{ .Values.email.host }}"
EMAIL_PORT: "{{ .Values.email.port }}"
EMAIL_USR: "{{ .Values.email.username }}"
EMAIL_SSL: "{{ .Values.email.ssl }}"
EMAIL_FROM: "{{ .Values.email.from }}"
EMAIL_IDENTITY: "{{ .Values.email.identity }}"
EMAIL_INSECURE: "{{ .Values.email.insecure }}"
EXT_ENDPOINT: "{{ template "harbor.externalURL" . }}"
UI_URL: "http://{{ template "harbor.fullname" . }}-ui"
JOBSERVICE_URL: "http://{{ template "harbor.fullname" . }}-jobservice"
REGISTRY_URL: "http://{{ template "harbor.fullname" . }}-registry:5000"
Expand All @@ -26,16 +26,16 @@ data:
NOTARY_URL: "http://{{ template "harbor.notaryServiceName" . }}:4443"
LOG_LEVEL: "info"
IMAGE_STORE_PATH: "/" # This is a temporary hack.
AUTH_MODE: "{{ .Values.adminserver.authenticationMode }}"
SELF_REGISTRATION: "{{ .Values.adminserver.selfRegistration }}"
LDAP_URL: "{{ .Values.adminserver.ldap.url }}"
LDAP_SEARCH_DN: "{{ .Values.adminserver.ldap.searchDN }}"
LDAP_BASE_DN: "{{ .Values.adminserver.ldap.baseDN }}"
LDAP_FILTER: "{{ .Values.adminserver.ldap.filter }}"
LDAP_UID: "{{ .Values.adminserver.ldap.uid }}"
LDAP_SCOPE: "{{ .Values.adminserver.ldap.scope }}"
LDAP_TIMEOUT: "{{ .Values.adminserver.ldap.timeout }}"
LDAP_VERIFY_CERT: "{{ .Values.adminserver.ldap.verifyCert }}"
AUTH_MODE: "{{ .Values.authenticationMode }}"
SELF_REGISTRATION: "{{ .Values.selfRegistration }}"
LDAP_URL: "{{ .Values.ldap.url }}"
LDAP_SEARCH_DN: "{{ .Values.ldap.searchDN }}"
LDAP_BASE_DN: "{{ .Values.ldap.baseDN }}"
LDAP_FILTER: "{{ .Values.ldap.filter }}"
LDAP_UID: "{{ .Values.ldap.uid }}"
LDAP_SCOPE: "{{ .Values.ldap.scope }}"
LDAP_TIMEOUT: "{{ .Values.ldap.timeout }}"
LDAP_VERIFY_CERT: "{{ .Values.ldap.verifyCert }}"
DATABASE_TYPE: "postgresql"
PROJECT_CREATION_RESTRICTION: "everyone"
VERIFY_REMOTE_CERT: "off"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,13 @@ metadata:
type: Opaque
data:
secretKey: {{ .Values.secretKey | b64enc | quote }}
EMAIL_PWD: {{ .Values.adminserver.emailPwd | b64enc | quote }}
HARBOR_ADMIN_PASSWORD: {{ .Values.adminserver.adminPassword | b64enc | quote }}
EMAIL_PWD: {{ .Values.email.password | b64enc | quote }}
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
POSTGRESQL_PASSWORD: {{ template "harbor.database.password" . }}
JOBSERVICE_SECRET: {{ .Values.jobservice.secret | b64enc | quote }}
UI_SECRET: {{ .Values.ui.secret | b64enc | quote }}
{{- if eq .Values.adminserver.authenticationMode "ldap_auth" }}
LDAP_SEARCH_PWD: {{ .Values.adminserver.ldap.searchPwd | b64enc | quote }}
{{- if eq .Values.authenticationMode "ldap_auth" }}
LDAP_SEARCH_PWD: {{ .Values.ldap.searchPwd | b64enc | quote }}
{{- end }}
{{ if .Values.clair.enabled }}
CLAIR_DB_PASSWORD: {{ template "harbor.database.password" . }}
Expand Down
16 changes: 11 additions & 5 deletions contrib/helm/harbor/templates/ingress/ingress.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if .Values.ingress.enabled }}
{{ if .Values.ingress.enabled }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
Expand All @@ -8,12 +8,16 @@ metadata:
annotations:
{{ toYaml .Values.ingress.annotations | indent 4 }}
spec:
{{ if not .Values.insecureRegistry }}
{{ if eq .Values.externalProtocol "https" }}
tls:
- hosts:
- "{{ .Values.externalDomain }}"
- "{{ template "harbor.notaryFQDN" . }}"
{{ if eq .Values.ingress.tls.secretName "" }}
secretName: "{{ template "harbor.fullname" . }}-ingress"
{{ else }}
secretName: {{ .Values.ingress.tls.secretName }}
{{ end }}
{{ end }}
rules:
- host: "{{ .Values.externalDomain }}"
Expand Down Expand Up @@ -43,11 +47,15 @@ metadata:
nginx.ingress.kubernetes.io/rewrite-target: /registryproxy/v2
ingress.kubernetes.io/rewrite-target: /registryproxy/v2
spec:
{{ if not .Values.insecureRegistry }}
{{ if eq .Values.externalProtocol "https" }}
tls:
- hosts:
- "{{ .Values.externalDomain }}"
{{ if eq .Values.ingress.tls.secretName "" }}
secretName: "{{ template "harbor.fullname" . }}-ingress"
{{ else }}
secretName: {{ .Values.ingress.tls.secretName }}
{{ end }}
{{ end }}
rules:
- host: "{{ .Values.externalDomain }}"
Expand All @@ -57,6 +65,4 @@ spec:
backend:
serviceName: {{ template "harbor.fullname" . }}-ui
servicePort: 80


{{ end }}
6 changes: 4 additions & 2 deletions contrib/helm/harbor/templates/ingress/secret.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{{ if not .Values.insecureRegistry }}
{{ if .Values.generateCertificates }}
{{ if eq .Values.externalProtocol "https" }}
{{ if .Values.ingress.enabled }}
{{ if eq .Values.ingress.tls.secretName "" }}
{{ $ca := genCA "harbor-ca" 3650 }}
{{ $cert := genSignedCert (include "harbor.certCommonName" .) nil nil 3650 $ca }}
apiVersion: v1
Expand All @@ -14,4 +15,5 @@ data:
tls.key: {{ .Values.tlsKey | default $cert.Key | b64enc | quote }}
ca.crt: {{ .Values.caCrt | default $ca.Cert | b64enc | quote }}
{{ end }}
{{ end }}
{{ end }}
2 changes: 1 addition & 1 deletion contrib/helm/harbor/templates/notary/notary-cm.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ data:
"auth": {
"type": "token",
"options": {
"realm": "https://{{ template "harbor.externalURL" . }}/service/token",
"realm": "{{ template "harbor.externalURL" . }}/service/token",
"service": "harbor-notary",
"issuer": "harbor-token-issuer",
"rootcertbundle": "/root.crt"
Expand Down
2 changes: 1 addition & 1 deletion contrib/helm/harbor/templates/registry/registry-cm.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ data:
auth:
token:
issuer: harbor-token-issuer
realm: "https://{{ template "harbor.externalURL" . }}/service/token"
realm: "{{ template "harbor.externalURL" . }}/service/token"
rootcertbundle: /etc/registry/root.crt
service: harbor-registry

Expand Down
12 changes: 10 additions & 2 deletions contrib/helm/harbor/templates/ui/ui-dpl.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,11 +50,15 @@ spec:
- name: ui-secrets-private-key
mountPath: /etc/ui/private_key.pem
subPath: private_key.pem
{{- if and (not .Values.insecureRegistry) .Values.ingress.enabled }}
{{- if eq .Values.externalProtocol "https" }}
{{- if .Values.ingress.enabled }}
{{- if eq .Values.ingress.tls.secretName "" }}
- name: ca-download
mountPath: /etc/ui/ca/ca.crt
subPath: ca.crt
{{- end }}
{{- end }}
{{- end }}
- name: psc
mountPath: /etc/ui/token
volumes:
Expand All @@ -73,14 +77,18 @@ spec:
items:
- key: private_key.pem
path: private_key.pem
{{- if and (not .Values.insecureRegistry) .Values.ingress.enabled }}
{{- if eq .Values.externalProtocol "https" }}
{{- if .Values.ingress.enabled }}
{{- if eq .Values.ingress.tls.secretName "" }}
- name: ca-download
secret:
secretName: "{{ template "harbor.fullname" . }}-ingress"
items:
- key: ca.crt
path: ca.crt
{{- end }}
{{- end }}
{{- end }}
- name: psc
emptyDir: {}
{{- with .Values.ui.nodeSelector }}
Expand Down
Loading

0 comments on commit 799a6b4

Please sign in to comment.