Skip to content
This repository has been archived by the owner on Jul 2, 2024. It is now read-only.

Latest commit

 

History

History
419 lines (313 loc) · 10.4 KB

README.md

File metadata and controls

419 lines (313 loc) · 10.4 KB

Harbor and Helm charts

YouTube video: https://youtu.be/XSszSd-TTCQ

Upload Helm Chart using Web GUI

Download the compressed Helm Chart of Rook:

wget https://charts.rook.io/release/rook-ceph-v1.0.0.tgz -O rook-ceph-v1.0.0.tgz

Upload manually the rook-ceph-v1.0.0.tgz to Harbor by clicking on

Projects -> library -> Helm Chart -> UPLOAD -> rook-ceph-v1.0.0.tgz

Here is the API call:

curl -s -X POST -u "admin:admin" "https://core2.${MY_DOMAIN}/api/chartrepo/my_project/charts" \
  -H "Content-Type: multipart/form-data" \
  -F "[email protected];type=application/x-yaml" \
| jq "."

Output:

{
  "saved": true
}

Upload Helm Chart using CLI

Add helm repository as unprivileged user:

helm repo add --username aduser05 --password admin my_project_helm_repo https://core2.mylabs.dev/chartrepo/my_project

Output:

"my_project_helm_repo" has been added to your repositories

Check the list of Helm repositories:

helm repo list

Output:

NAME                    URL
stable                  https://kubernetes-charts.storage.googleapis.com
local                   http://127.0.0.1:8879/charts
harbor                  https://helm.goharbor.io
jetstack                https://charts.jetstack.io
appscode                https://charts.appscode.com/stable/
argo                    https://argoproj.github.io/argo-helm
my_project_helm_repo    https://core2.mylabs.dev/chartrepo/my_project

Check the content of the my_project_helm_repo repository:

helm search -l my_project_helm_repo

Output:

NAME                            CHART VERSION   APP VERSION     DESCRIPTION
my_project_helm_repo/rook-ceph  v1.0.0                          File, Block, and Object Storage Services for your Cloud-N...

Clone harbor-helm repository containing Helm chart of Harbor:

git clone https://github.com/goharbor/harbor-helm.git

See the Helm chart content:

ls -l ./harbor-helm/

Output:

total 120
drwxrwxr-x  2 pruzicka pruzicka    36 Jun  5 14:39 cert
-rw-rw-r--  1 pruzicka pruzicka   498 Jun  5 14:39 Chart.yaml
-rw-rw-r--  1 pruzicka pruzicka   577 Jun  5 14:39 CONTRIBUTING.md
drwxrwxr-x  3 pruzicka pruzicka    63 Jun  5 14:39 docs
-rw-rw-r--  1 pruzicka pruzicka 11357 Jun  5 14:39 LICENSE
-rw-rw-r--  1 pruzicka pruzicka 84170 Jun  5 14:39 README.md
drwxrwxr-x 13 pruzicka pruzicka   206 Jun  5 14:39 templates
-rw-rw-r--  1 pruzicka pruzicka 14157 Jun  5 14:39 values.yaml

Push the harbor-helm to the my_project_helm_repo project in Harbor":

helm push --username aduser05 --password admin ./harbor-helm/ my_project_helm_repo

Output:

Pushing harbor-dev.tgz to my_project_helm_repo...
Done.

Harbor Project Helm Charts:

Harbor Project Helm Charts

Upload signed Helm Chart using CLI

GnuPG logo

Create GPG key in .gnupg directory:

export GNUPGHOME=$PWD/.gnupg
mkdir ${GNUPGHOME} && chmod 0700 $PWD/.gnupg

cat > ${GNUPGHOME}/my_gpg_key << EOF
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 2048
Subkey-Type: RSA
Subkey-Length: 2048
Name-Real: Helm User
Name-Comment: User
Name-Email: my_helm_user@${MY_DOMAIN}
Expire-Date: 0
%no-protection
%commit
EOF

gpg2 --verbose --batch --gen-key ${GNUPGHOME}/my_gpg_key

Output:

gpg: keybox '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/pubring.kbx' created
gpg: Generating a basic OpenPGP key
gpg: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg: waiting for the agent to come up ... (5s)
gpg: connection to agent established
gpg: writing self signature
gpg: RSA/SHA256 signature from: "0740C464116DD6F5 [?]"
gpg: writing key binding signature
gpg: RSA/SHA256 signature from: "0740C464116DD6F5 [?]"
gpg: RSA/SHA256 signature from: "532CEA8DFE8A8A38 [?]"
gpg: writing public key to '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/pubring.kbx'
gpg: /home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/trustdb.gpg: trustdb created
gpg: using pgp trust model
gpg: key 0740C464116DD6F5 marked as ultimately trusted
gpg: directory '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/openpgp-revocs.d' created
gpg: writing to '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/openpgp-revocs.d/732BCB9A16D3AF79F1BEABB80740C464116DD6F5.rev'
gpg: RSA/SHA256 signature from: "0740C464116DD6F5 Helm User (User) <[email protected]>"
gpg: revocation certificate stored as '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/openpgp-revocs.d/732BCB9A16D3AF79F1BEABB80740C464116DD6F5.rev'

List the GPG secret key:

gpg2 --list-secret-keys

Output:

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/pubring.kbx
------------------------------------------------------------
sec   rsa2048 2019-06-05 [SCEA]
      732BCB9A16D3AF79F1BEABB80740C464116DD6F5
uid           [ultimate] Helm User (User) <[email protected]>
ssb   rsa2048 2019-06-05 [SEA]

Export private GPG key into .gnupg/secring.gpg, because Helm doesn't support GnuPG 2.1:

gpg2 --export-secret-keys > ${GNUPGHOME}/secring.gpg

Output:

gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/home/pruzicka/data/github/k8s-harbor/tmp/.gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded

Download and unpack Gitea Helm chart:

git clone --quiet https://github.com/jfelten/gitea-helm-chart gitea
git -C ./gitea/ checkout --quiet 8c9adad

Create signed Helm package:

helm package --sign --key "my_helm_user@${MY_DOMAIN}" --keyring ${GNUPGHOME}/secring.gpg --destination . ./gitea/

Output:

Successfully packaged chart and saved it to: /home/pruzicka/data/github/k8s-harbor/tmp/gitea-1.6.1.tgz

There should be 2 files in current directory - the archive with the Helm Chart and provenance file:

ls -la gitea*tgz*

Output:

-rw-rw-r-- 1 pruzicka pruzicka 20390 Jun  5 14:39 gitea-1.6.1.tgz
-rwxr-xr-x 1 pruzicka pruzicka   966 Jun  5 14:39 gitea-1.6.1.tgz.prov

See the provenance file:

cat gitea-1.6.1.tgz.prov && echo

Output:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

appVersion: 1.6.1
description: Git with a cup of tea
icon: https://docs.gitea.io/images/gitea.png
keywords:
- - git
- - issue tracker
- - code review
- - wiki
- - gitea
- - gogs
maintainers:
- - email: [email protected]
  name: John Felten
name: gitea
sources:
- - https://github.com/go-gitea/gitea
- - https://hub.docker.com/r/gitea/gitea/
version: 1.6.1

...
files:
  gitea-1.6.1.tgz: sha256:e0f722c03b94bb35c8b9e1e4e42d0d0579f93027452ce8122f5548b0c96d15af
-----BEGIN PGP SIGNATURE-----
...
-----END PGP SIGNATURE-----

Upload the signed Helm package to Harbor public project library:

Upload manually Gitea Helm Chart to Harbor by clicking on:

Projects -> library -> Helm Chart -> UPLOAD -> gitea-1.6.1.tgz + gitea-1.6.1.tgz.prov

You can also do the same using the Harbor API:

curl -s -u "aduser06:admin" -X POST "https://core2.${MY_DOMAIN}/api/chartrepo/library/charts" \
  -H "Content-Type: multipart/form-data" \
  -F "[email protected];type=application/x-compressed-tar" \
  -F "[email protected]" \
| jq "."

Output:

{
  "saved": true
}

Use Harbor Helm Chart repository

ChartMuseum logo

Add the public "library" Helm Chart repository:

helm repo add library https://core2.mylabs.dev/chartrepo/library

Output:

"library" has been added to your repositories

Refresh the Helm repositories:

helm repo update

Output:

Hang tight while we grab the latest from your chart repositories...
...Skip local chart repository
...Successfully got an update from the "library" chart repository
...Successfully got an update from the "argo" chart repository
...Successfully got an update from the "my_project_helm_repo" chart repository
...Successfully got an update from the "appscode" chart repository
...Successfully got an update from the "harbor" chart repository
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "stable" chart repository
Update Complete. ⎈ Happy Helming!⎈

Check the Helm Repository list:

helm repo list | grep library

Output:

library                 https://core2.mylabs.dev/chartrepo/library

Install Gitea using Helm Chart stored in Harbor:

helm install --wait --name gitea --namespace gitea-system library/gitea \
  --set ingress.enabled=true \
  --set ingress.tls[0].secretName=ingress-cert-${LETSENCRYPT_ENVIRONMENT} \
  --set ingress.tls[0].hosts[0]=gitea.${MY_DOMAIN} \
  --set service.http.externalHost=gitea.${MY_DOMAIN} \
  --set config.disableInstaller=true

Output:

NAME:   gitea
LAST DEPLOYED: Wed Jun  5 14:39:34 2019
NAMESPACE: gitea-system
STATUS: DEPLOYED

RESOURCES:
==> v1/ConfigMap
NAME         DATA  AGE
gitea-gitea  1     2s

==> v1/Pod(related)
NAME                         READY  STATUS    RESTARTS  AGE
gitea-gitea-f9fd8cb4b-gxhhp  0/3    Init:0/1  0         2s

==> v1/Secret
NAME      TYPE    DATA  AGE
gitea-db  Opaque  1     2s

==> v1/Service
NAME              TYPE       CLUSTER-IP      EXTERNAL-IP  PORT(S)   AGE
gitea-gitea-http  ClusterIP  10.100.43.237   <none>       3000/TCP  2s
gitea-gitea-ssh   ClusterIP  10.100.172.101  <none>       22/TCP    2s

==> v1beta1/Deployment
NAME         READY  UP-TO-DATE  AVAILABLE  AGE
gitea-gitea  0/1    1           0          2s

==> v1beta1/Ingress
NAME                HOSTS             ADDRESS  PORTS  AGE
gitea-giteaingress  gitea.mylabs.dev  80, 443  2s


NOTES:
1. Connect to your Gitea web URL by running:


  Ingress is enabled for this chart deployment.  Please access the web UI at gitea.mylabs.dev

2. Connect to your Gitea ssh port:

  export POD_NAME=$(kubectl get pods --namespace gitea-system -l "app=gitea-gitea" -o jsonpath="{.items[0].metadata.name}")
  echo http://127.0.0.1:8080/
  kubectl port-forward $POD_NAME 8022:22

If you open the https://gitea.mylabs.dev you should see the initial Gitea page:

Gitea main page