michael_dileo/Keybard-Vagabond-Demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6bef6b3b6a7c85676861bc940dd09ea342464f7f
Keybard-Vagabond-Demo/manifests/infrastructure/harbor-registry/README.md

4.4 KiB
Raw Blame History

Harbor Registry with External PostgreSQL and Redis

This configuration sets up Harbor container registry to use your existing PostgreSQL and Redis infrastructure instead of embedded databases.

Architecture

  • PostgreSQL: Uses harborRegistry user and harbor database created during PostgreSQL cluster initialization
  • Redis: Uses existing Redis primary-replica setup (database 0)
  • Storage: Longhorn persistent volumes for Harbor registry data
  • Ingress: NGINX ingress with Let's Encrypt certificates

Database Integration

PostgreSQL Setup

Harbor database and user are created declaratively during PostgreSQL cluster initialization using CloudNativePG's postInitApplicationSQL feature:

  • Database: harbor (owned by shared_user)
  • User: harborRegistry (with full permissions on harbor database)
  • Connection: postgresql-shared-rw.postgresql-system.svc.cluster.local:5432

Redis Setup

Harbor connects to your existing Redis infrastructure:

  • Primary: redis-ha-haproxy.redis-system.svc.cluster.local:6379
  • Database: 0 (default Redis database)
  • Authentication: Uses password from redis-credentials secret

Files Overview

  • harbor-database-credentials.yaml: Harbor's database and Redis passwords (encrypt with SOPS before deployment)
  • harbor-registry.yaml: Main Harbor Helm release with external database configuration
  • manual-ingress.yaml: Ingress configuration for Harbor web UI

Deployment Steps

1. Deploy PostgreSQL Changes

⚠️ WARNING: This will recreate the PostgreSQL cluster to add Harbor database creation.

kubectl apply -k manifests/infrastructure/postgresql/

2. Wait for PostgreSQL

kubectl get cluster -n postgresql-system -w
kubectl get pods -n postgresql-system -w

3. Deploy Harbor

kubectl apply -k manifests/infrastructure/harbor-registry/

4. Monitor Deployment

kubectl get pods,svc,ingress -n harbor-registry -w

Verification

Check Database

# Connect to PostgreSQL
kubectl exec -it postgresql-shared-1 -n postgresql-system -- psql -U postgres

# Check harbor database and user
\l harbor
\du "harborRegistry"
\c harbor
\dt

Check Harbor

# Check Harbor pods
kubectl get pods -n harbor-registry

# Check Harbor logs
kubectl logs -f deployment/harbor-registry-core -n harbor-registry

# Access Harbor UI
open https://<YOUR_REGISTRY_URL>

Configuration Details

External Database Configuration

postgresql:
  enabled: false  # Disable embedded PostgreSQL
externalDatabase:
  host: "postgresql-shared-rw.postgresql-system.svc.cluster.local"
  port: 5432
  user: "harborRegistry"
  database: "harbor"
  existingSecret: "harbor-database-credentials"
  existingSecretPasswordKey: "harbor-db-password"
  sslmode: "disable"  # Internal cluster communication

External Redis Configuration

redis:
  enabled: false  # Disable embedded Redis
externalRedis:
  addr: "redis-ha-haproxy.redis-system.svc.cluster.local:6379"
  db: "0"
  existingSecret: "harbor-database-credentials"
  existingSecretPasswordKey: "redis-password"

Benefits

  1. Resource Efficiency: No duplicate database instances
  2. Consistency: Single source of truth for database configuration
  3. Backup Integration: Harbor data included in existing PostgreSQL backup strategy
  4. Monitoring: Harbor database metrics included in existing PostgreSQL monitoring
  5. Declarative Setup: Database creation handled by PostgreSQL initialization

Troubleshooting

Database Connection Issues

# Test PostgreSQL connectivity
kubectl run test-pg --rm -it --image=postgres:16 -- psql -h postgresql-shared-rw.postgresql-system.svc.cluster.local -U harborRegistry -d harbor

# Check Harbor database credentials
kubectl get secret harbor-database-credentials -n harbor-registry -o yaml

Redis Connection Issues

# Test Redis connectivity
kubectl run test-redis --rm -it --image=redis:7 -- redis-cli -h redis-ha-haproxy.redis-system.svc.cluster.local -a "$(kubectl get secret redis-credentials -n redis-system -o jsonpath='{.data.redis-password}' | base64 -d)"

Harbor Logs

# Core service logs
kubectl logs -f deployment/harbor-registry-core -n harbor-registry

# Registry logs
kubectl logs -f deployment/harbor-registry-registry -n harbor-registry

# Job service logs
kubectl logs -f deployment/harbor-registry-jobservice -n harbor-registry
Reference in New Issue View Git Blame Copy Permalink