Skip to content

Commit

Permalink
Add option to not expose Harbor.
Browse files Browse the repository at this point in the history 
Signed-off-by: Vadim Bauer <[email protected]>
  • Loading branch information
@Vad1mo
Vad1mo committed Feb 9, 2022
1 parent ad922a6 commit 0b6fd3c
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 1 deletion.
5 changes: 4 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ The following items can be set via `--set` flag during installation or configure
- **NodePort**: Exposes the service on each Node’s IP at a static port (the NodePort). You’ll be able to contact the NodePort service, from outside the cluster, by requesting `NodeIP:NodePort`.
- **LoadBalancer**: Exposes the service externally using a cloud provider’s load balancer.

If your desired option to expose Harbor (e.g. Istio Gateway, AWS ALB) is not present you can set `expose.enabled` to false and expose Harbor manually with Kubernetes Manifests.

#### Configure the external URL

The external URL for Harbor core service is used to:
Expand Down Expand Up @@ -78,6 +80,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| Parameter | Description | Default |
| --------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
| **Expose** | | |
| `expose.enabled` | Set to false if no `ingress`, `clusterIP`, `nodePort` or `loadBalancer` should be created or you you plan to expose Harbor in a way not offered by this chart | `true` |
| `expose.type` | The way how to expose the service: `ingress`, `clusterIP`, `nodePort` or `loadBalancer`, other values will be ignored and the creation of service will be skipped. | `ingress` |
| `expose.tls.enabled` | Enable the tls or not. Delete the `ssl-redirect` annotations in `expose.ingress.annotations` when TLS is disabled and `expose.type` is `ingress`. Note: if the `expose.type` is `ingress` and the tls is disabled, the port must be included in the command when pull/push images. Refer to https://github.com/goharbor/harbor/issues/5291 for the detail. | `true` |
| `expose.tls.certSource` | The source of the tls certificate. Set it as `auto`, `secret` or `none` and fill the information in the corresponding section: 1) auto: generate the tls certificate automatically 2) secret: read the tls certificate from the specified secret. The tls certificate can be generated manually or by cert manager 3) none: configure no tls certificate for the ingress. If the default tls certificate is configured in the ingress controller, choose this option | `auto` |
Expand All @@ -87,7 +90,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `expose.ingress.hosts.core` | The host of Harbor core service in ingress rule | `core.harbor.domain` |
| `expose.ingress.hosts.notary` | The host of Harbor Notary service in ingress rule | `notary.harbor.domain` |
| `expose.ingress.controller` | The ingress controller type. Currently supports `default`, `gce` and `ncp` | `default` |
| `expose.ingress.kubeVersionOverride` | Allows the ability to override the kubernetes version used while templating the ingress | |
| `expose.ingress.kubeVersionOverride` | Allows the ability to override the kubernetes version used while templating the ingress | |
| `expose.ingress.annotations` | The annotations used commonly for ingresses | |
| `expose.ingress.harbor.annotations` | The annotations specific to harbor ingress | {} |
| `expose.ingress.notary.annotations` | The annotations specific to notary ingress | {} |
Expand Down
3 changes: 3 additions & 0 deletions templates/ingress/ingress.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.expose.enabled }}
{{- if eq .Values.expose.type "ingress" }}
{{- $ingress := .Values.expose.ingress -}}
{{- $tls := .Values.expose.tls -}}
Expand Down Expand Up @@ -201,3 +202,5 @@ spec:
{{- end }}

{{- end }}

{{- end }}
1 change: 1 addition & 0 deletions values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
expose:
enabled: true
# Set the way how to expose the service. Set the type as "ingress",
# "clusterIP", "nodePort" or "loadBalancer" and fill the information
# in the corresponding section
Expand Down

0 comments on commit 0b6fd3c

Please sign in to comment.