initial commit

dev/harbor/README.md

@@ -0,0 +1,73 @@
+#als je niet kunt inloggen omdat redis gecrashed is:
+op de LP ga naar redis directory en dan:
+
+sudo redis-check-aof --fix appendonly.aof.1.incr.aof
+
+#Opmerkingen:
+
+De goharbor-versie is alleen beschikbaar voor AMD-processorarchitectuur.
+Je moet dus de bitnami-versie gebruiken.
+
+#installatie:
+
+kubectl create ns harbor
+helm install harbor bitnami/harbor -n harbor -f values.yaml
+
+De bitnami helm chart maakt zelf een certificaat aan via cert-manager en letsencrypt. 
+De bitnami helm chart maakt zelf een ingress aan en een certificaat aan. 
+Je hoeft dus geen certificaat of ingressroutes te definieren.
+
+#trivy
+
+In eerste instantie is de status "unhealthy" 
+
+#Tekton
+
+In de tekton-pipeline wordt het secret "registry-credentials" gemount om de repositories te kunnen 
+gebruiken. 
+
+#Met Docker naar HARBOR VIA HTTP
+================================
+nano /etc/docker/daemon.json:
+
+{
+    "insecure-registries" : ["localhost:32000","harbor.allarddcs.nl"]
+}
+
+systemctl restart docker
+
+
+
+
+
+
+
+
+
+
+===========================================================
+1. Enable Microk8s to access Harbor-instance:
+
+Create certs directory:
+
+sudo mkdir -p /var/snap/microk8s/current/args/certs.d/harbor.alldcs.nl
+
+copy the certificate from Harbor:
+
+sudo cp ca.crt /var/snap/microk8s/current/args/certs.d/harbor.alldcs.nl
+
+2. Edit /var/snap/microk8s/current/args/containerd-template.toml
+
+  [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.alldcs.nl".tls]
+     insecure_skip_verify = true
+
+
+Password opvragen:
+==================
+
+echo "Password: $(kubectl -n default get secret harbor-core-envvars -n harbor 
+-o jsonpath="{.data.HARBOR_ADMIN_PASSWORD}" | base64 -d)"
+
+
+
+

dev/harbor/catalog-info.yaml

@@ -0,0 +1,19 @@
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: dev-harbor
+  title: Harbor (dev)
+  description: Harbor instance running in Kubernetes
+  annotations:
+    backstage.io/kubernetes-label-selector: "app=harbor"
+  links:
+    - url: https://github.com/AllardKrings/kubernetes/dev/harbor
+      title: harbor-configuration
+  docs:
+    - url: ./README.md
+spec:
+  type: service
+  lifecycle: production
+  owner: group:default/allarddcs
+  subcomponentOf: component:default/DEV-cluster
+

dev/harbor/create-registry-credentials.sh

@@ -0,0 +1,4 @@
+cd ~/
+microk8s kubectl delete secret registry-credentials
+microk8s kubectl create secret generic registry-credentials --from-file=.dockerconfigjson=/home/ubuntu/.docker/config.json --type=kubernetes.io/dockerconfigjson
+

dev/harbor/harbor-pv.yaml

@@ -0,0 +1,95 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: harbor-registry-pv
+spec:
+  storageClassName: ""
+  capacity:
+    storage: 15Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  mountOptions:
+    - hard
+    - nfsvers=4.1
+  nfs:
+    server: 192.168.2.110
+    path: /mnt/nfs_share/harbor/registry
+    readOnly: false
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: harbor-jobsvc-pv
+spec:
+  storageClassName: ""
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  mountOptions:
+    - hard
+    - nfsvers=4.1
+  nfs:
+    server: 192.168.2.110
+    path: /mnt/nfs_share/harbor/jobsvc
+    readOnly: false
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: harbor-jobsvc-scandata-pv
+spec:
+  storageClassName: ""
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  mountOptions:
+    - hard
+    - nfsvers=4.1
+  nfs:
+    server: 192.168.2.110
+    path: /mnt/nfs_share/harbor/scandata
+    readOnly: false
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: harbor-trivy-pv
+spec:
+  storageClassName: ""
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  mountOptions:
+    - hard
+    - nfsvers=4.1
+  nfs:
+    server: 192.168.2.110
+    path: /mnt/nfs_share/harbor/trivy
+    readOnly: false
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: harbor-redis-pv
+spec:
+  storageClassName: ""
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  mountOptions:
+    - hard
+    - nfsvers=4.1
+  nfs:
+    server: 192.168.2.110
+    path: /mnt/nfs_share/harbor/redis
+    readOnly: false
+

dev/harbor/harbor-pvc.yaml

@@ -0,0 +1,74 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: harbor-registry-pvc
+  namespace: harbor
+spec:
+  storageClassName: ""
+  volumeName: harbor-registry-pv
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 15Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: harbor-jobsvc-pvc
+  namespace: harbor
+spec:
+  storageClassName: ""
+  volumeName: harbor-jobsvc-pv
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: harbor-jobsvc-scandata-pvc
+  namespace: harbor
+spec:
+  storageClassName: ""
+  volumeName: harbor-jobsvc-scandata-pv
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: data-harbor-trivy-0
+  namespace: harbor
+spec:
+  storageClassName: ""
+  volumeName: harbor-trivy-pv
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-data-harbor-redis-master-0
+  namespace: harbor
+spec:
+  storageClassName: ""
+  volumeName: harbor-redis-pv
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi