michael_dileo/Keybard-Vagabond-Demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Keybard-Vagabond-Demo/manifests/infrastructure/harbor-registry/README.md
Michael DiLeo 7327d77dcd redaction (#1) 
Add the redacted source file for demo purposes

Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1
Co-authored-by: Michael DiLeo <michael_dileo@proton.me>
Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
2025-12-24 13:40:47 +00:00

147 lines
4.4 KiB
Markdown
Raw Permalink Blame History

# Harbor Registry with External PostgreSQL and Redis
This configuration sets up Harbor container registry to use your existing PostgreSQL and Redis infrastructure instead of embedded databases.
## Architecture
- **PostgreSQL**: Uses `harborRegistry` user and `harbor` database created during PostgreSQL cluster initialization
- **Redis**: Uses existing Redis primary-replica setup (database 0)
- **Storage**: Longhorn persistent volumes for Harbor registry data
- **Ingress**: NGINX ingress with Let's Encrypt certificates
## Database Integration
### PostgreSQL Setup
Harbor database and user are created declaratively during PostgreSQL cluster initialization using CloudNativePG's `postInitApplicationSQL` feature:
- **Database**: `harbor` (owned by `shared_user`)
- **User**: `harborRegistry` (with full permissions on harbor database)
- **Connection**: `postgresql-shared-rw.postgresql-system.svc.cluster.local:5432`
### Redis Setup
Harbor connects to your existing Redis infrastructure:
- **Primary**: `redis-ha-haproxy.redis-system.svc.cluster.local:6379`
- **Database**: `0` (default Redis database)
- **Authentication**: Uses password from `redis-credentials` secret
## Files Overview
- `harbor-database-credentials.yaml`: Harbor's database and Redis passwords (encrypt with SOPS before deployment)
- `harbor-registry.yaml`: Main Harbor Helm release with external database configuration
- `manual-ingress.yaml`: Ingress configuration for Harbor web UI
## Deployment Steps
### 1. Deploy PostgreSQL Changes
⚠️ **WARNING**: This will recreate the PostgreSQL cluster to add Harbor database creation.
```bash
kubectl apply -k manifests/infrastructure/postgresql/
```
### 2. Wait for PostgreSQL
```bash
kubectl get cluster -n postgresql-system -w
kubectl get pods -n postgresql-system -w
```
### 3. Deploy Harbor
```bash
kubectl apply -k manifests/infrastructure/harbor-registry/
```
### 4. Monitor Deployment
```bash
kubectl get pods,svc,ingress -n harbor-registry -w
```
## Verification
### Check Database
```bash
# Connect to PostgreSQL
kubectl exec -it postgresql-shared-1 -n postgresql-system -- psql -U postgres
# Check harbor database and user
\l harbor
\du "harborRegistry"
\c harbor
\dt
```
### Check Harbor
```bash
# Check Harbor pods
kubectl get pods -n harbor-registry
# Check Harbor logs
kubectl logs -f deployment/harbor-registry-core -n harbor-registry
# Access Harbor UI
open https://<YOUR_REGISTRY_URL>
```
## Configuration Details
### External Database Configuration
```yaml
postgresql:
enabled: false # Disable embedded PostgreSQL
externalDatabase:
host: "postgresql-shared-rw.postgresql-system.svc.cluster.local"
port: 5432
user: "harborRegistry"
database: "harbor"
existingSecret: "harbor-database-credentials"
existingSecretPasswordKey: "harbor-db-password"
sslmode: "disable" # Internal cluster communication
```
### External Redis Configuration
```yaml
redis:
enabled: false # Disable embedded Redis
externalRedis:
addr: "redis-ha-haproxy.redis-system.svc.cluster.local:6379"
db: "0"
existingSecret: "harbor-database-credentials"
existingSecretPasswordKey: "redis-password"
```
## Benefits
1. **Resource Efficiency**: No duplicate database instances
2. **Consistency**: Single source of truth for database configuration
3. **Backup Integration**: Harbor data included in existing PostgreSQL backup strategy
4. **Monitoring**: Harbor database metrics included in existing PostgreSQL monitoring
5. **Declarative Setup**: Database creation handled by PostgreSQL initialization
## Troubleshooting
### Database Connection Issues
```bash
# Test PostgreSQL connectivity
kubectl run test-pg --rm -it --image=postgres:16 -- psql -h postgresql-shared-rw.postgresql-system.svc.cluster.local -U harborRegistry -d harbor
# Check Harbor database credentials
kubectl get secret harbor-database-credentials -n harbor-registry -o yaml
```
### Redis Connection Issues
```bash
# Test Redis connectivity
kubectl run test-redis --rm -it --image=redis:7 -- redis-cli -h redis-ha-haproxy.redis-system.svc.cluster.local -a "$(kubectl get secret redis-credentials -n redis-system -o jsonpath='{.data.redis-password}' | base64 -d)"
```
### Harbor Logs
```bash
# Core service logs
kubectl logs -f deployment/harbor-registry-core -n harbor-registry
# Registry logs
kubectl logs -f deployment/harbor-registry-registry -n harbor-registry
# Job service logs
kubectl logs -f deployment/harbor-registry-jobservice -n harbor-registry
```
Reference in New Issue View Git Blame Copy Permalink