# Harbor Registry with External PostgreSQL and Redis This configuration sets up Harbor container registry to use your existing PostgreSQL and Redis infrastructure instead of embedded databases. ## Architecture - **PostgreSQL**: Uses `harborRegistry` user and `harbor` database created during PostgreSQL cluster initialization - **Redis**: Uses existing Redis primary-replica setup (database 0) - **Storage**: Longhorn persistent volumes for Harbor registry data - **Ingress**: NGINX ingress with Let's Encrypt certificates ## Database Integration ### PostgreSQL Setup Harbor database and user are created declaratively during PostgreSQL cluster initialization using CloudNativePG's `postInitApplicationSQL` feature: - **Database**: `harbor` (owned by `shared_user`) - **User**: `harborRegistry` (with full permissions on harbor database) - **Connection**: `postgresql-shared-rw.postgresql-system.svc.cluster.local:5432` ### Redis Setup Harbor connects to your existing Redis infrastructure: - **Primary**: `redis-ha-haproxy.redis-system.svc.cluster.local:6379` - **Database**: `0` (default Redis database) - **Authentication**: Uses password from `redis-credentials` secret ## Files Overview - `harbor-database-credentials.yaml`: Harbor's database and Redis passwords (encrypt with SOPS before deployment) - `harbor-registry.yaml`: Main Harbor Helm release with external database configuration - `manual-ingress.yaml`: Ingress configuration for Harbor web UI ## Deployment Steps ### 1. Deploy PostgreSQL Changes ⚠️ **WARNING**: This will recreate the PostgreSQL cluster to add Harbor database creation. ```bash kubectl apply -k manifests/infrastructure/postgresql/ ``` ### 2. Wait for PostgreSQL ```bash kubectl get cluster -n postgresql-system -w kubectl get pods -n postgresql-system -w ``` ### 3. Deploy Harbor ```bash kubectl apply -k manifests/infrastructure/harbor-registry/ ``` ### 4. Monitor Deployment ```bash kubectl get pods,svc,ingress -n harbor-registry -w ``` ## Verification ### Check Database ```bash # Connect to PostgreSQL kubectl exec -it postgresql-shared-1 -n postgresql-system -- psql -U postgres # Check harbor database and user \l harbor \du "harborRegistry" \c harbor \dt ``` ### Check Harbor ```bash # Check Harbor pods kubectl get pods -n harbor-registry # Check Harbor logs kubectl logs -f deployment/harbor-registry-core -n harbor-registry # Access Harbor UI open https:// ``` ## Configuration Details ### External Database Configuration ```yaml postgresql: enabled: false # Disable embedded PostgreSQL externalDatabase: host: "postgresql-shared-rw.postgresql-system.svc.cluster.local" port: 5432 user: "harborRegistry" database: "harbor" existingSecret: "harbor-database-credentials" existingSecretPasswordKey: "harbor-db-password" sslmode: "disable" # Internal cluster communication ``` ### External Redis Configuration ```yaml redis: enabled: false # Disable embedded Redis externalRedis: addr: "redis-ha-haproxy.redis-system.svc.cluster.local:6379" db: "0" existingSecret: "harbor-database-credentials" existingSecretPasswordKey: "redis-password" ``` ## Benefits 1. **Resource Efficiency**: No duplicate database instances 2. **Consistency**: Single source of truth for database configuration 3. **Backup Integration**: Harbor data included in existing PostgreSQL backup strategy 4. **Monitoring**: Harbor database metrics included in existing PostgreSQL monitoring 5. **Declarative Setup**: Database creation handled by PostgreSQL initialization ## Troubleshooting ### Database Connection Issues ```bash # Test PostgreSQL connectivity kubectl run test-pg --rm -it --image=postgres:16 -- psql -h postgresql-shared-rw.postgresql-system.svc.cluster.local -U harborRegistry -d harbor # Check Harbor database credentials kubectl get secret harbor-database-credentials -n harbor-registry -o yaml ``` ### Redis Connection Issues ```bash # Test Redis connectivity kubectl run test-redis --rm -it --image=redis:7 -- redis-cli -h redis-ha-haproxy.redis-system.svc.cluster.local -a "$(kubectl get secret redis-credentials -n redis-system -o jsonpath='{.data.redis-password}' | base64 -d)" ``` ### Harbor Logs ```bash # Core service logs kubectl logs -f deployment/harbor-registry-core -n harbor-registry # Registry logs kubectl logs -f deployment/harbor-registry-registry -n harbor-registry # Job service logs kubectl logs -f deployment/harbor-registry-jobservice -n harbor-registry ```