title | weight |
---|---|
Deploying Harbor with High Availability via Helm |
40 |
You can deploy Harbor on Kubernetes via helm to make it highly available. In this way, if one of the nodes on which Harbor is running becomes unavailable, users do not experience interruptions of service.
- Kubernetes cluster 1.10+
- Helm 2.8.0+
- Highly available ingress controller (Harbor does not manage the external endpoint)
- Highly available PostgreSQL 9.6+ (Harbor does not handle the deployment of HA of database)
- Highly available Redis (Harbor does not handle the deployment of HA of Redis)
- Please note that Harbor presently doesnt support Redis Clusters or TLS based connections. Although work is currently underway to enable TLS based authentication.
- PVC that can be shared across nodes or external object storage
- See Architecture, but to allow harbor to scale, each function/component needs to be able to read/write to a shared persistent volume.
Most of Harbor's components are stateless now. So we can simply increase the replica of the pods to make sure the components are distributed to multiple worker nodes, and leverage the "Service" mechanism of K8S to ensure the connectivity across pods.
As for the storage layer, it is expected that the user provides a highly available PostgreSQL and Redis cluster for application data, as well as PVCs or object storage for storing images and charts.
Download Harbor helm chart:
helm repo add harbor https://helm.goharbor.io
helm fetch harbor/harbor --untar
Configure the followings items in values.yaml
, alternatively they can be set via --set
flag during running helm install
:
-
Ingress Rule
- Configure the ingress url
expose.ingress.hosts.core
.
- Configure the ingress url
-
External URL
- Configure the url
externalURL
, this is used to populate the docker/helm commands shown on portal as well as the token service URL returned to docker clients.
- Configure the url
-
External PostgreSQL
- Set
database.type
toexternal
and fill the information indatabase.external
section. - An empty database needs to be created, by default the database is set to
registry
, this however can be changed by settingcoreDatabase
.
- Set
-
External Redis
- Set the
redis.type
toexternal
and fill the information inredis.external
section. - Harbor introduced redis
Sentinel
mode support in 2.1.0. To enable setsentinelMasterSet
andhost
using the following pattern<host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
. You can also refer to this guide to setup a HAProxy before Redis to expose a single entry point. - As noted in the prerequisites Harbor doesn't currently support TLS or Redis Clustering.
- Set the
-
Storage
- It's recommended that a
StorageClass
that supports sharing across nodes in aReadWriteMany
manner to provision volumes to store images, charts and job logs is used, this allows for scaling of components to meet demand. If such a volume type isn't your default storageClass, this will need to be set in the following locations:persistence.persistentVolumeClaim.registry.storageClass
persistence.persistentVolumeClaim.chartmuseum.storageClass
persistence.persistentVolumeClaim.jobservice.storageClass
.
- If such a
StorageClass
is used, the associated accessMode needs to be setReadWriteMany
for the following fields:persistence.persistentVolumeClaim.registry.accessMode
persistence.persistentVolumeClaim.chartmuseum.accessMode
persistence.persistentVolumeClaim.jobservice.accessMode
- Alternatively, use existing PVCs to store data by setting:
persistence.persistentVolumeClaim.registry.existingClaim
persistence.persistentVolumeClaim.chartmuseum.existingClaim
persistence.persistentVolumeClaim.jobservice.existingClaim
- Finally, if you have no StorageClass that supports
ReadWriteMany
or don't wish to, external object storage can be used instead to store images and charts and store the job logs in database. To enable external object storage set thepersistence.imageChartStorage.type
to the value you want to use and fill the corresponding section and setjobservice.jobLogger
todatabase
.- Note: For those whom wish to use S3, IRSA support is in progress upstream.
- An example AWS IAM policy is available upstream
- It's recommended that a
-
Replica
- Set
portal.replicas
,core.replicas
,jobservice.replicas
,registry.replicas
,chartmuseum.replicas
, ton
(n
>=2).
- Set
Install the Harbor helm chart with a release name my-release
:
Helm 2:
helm install --name my-release harbor/
Helm 3:
helm install my-release harbor/