From 0b6fd3c02fe2404b52956456cb7b9e94d7f68b14 Mon Sep 17 00:00:00 2001 From: Vadim Bauer Date: Fri, 22 Oct 2021 00:20:22 +0200 Subject: [PATCH] Add option to not expose Harbor. Signed-off-by: Vadim Bauer --- README.md | 5 ++++- templates/ingress/ingress.yaml | 3 +++ values.yaml | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 299e0eeee..98011be81 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ The following items can be set via `--set` flag during installation or configure - **NodePort**: Exposes the service on each Node’s IP at a static port (the NodePort). You’ll be able to contact the NodePort service, from outside the cluster, by requesting `NodeIP:NodePort`. - **LoadBalancer**: Exposes the service externally using a cloud provider’s load balancer. +If your desired option to expose Harbor (e.g. Istio Gateway, AWS ALB) is not present you can set `expose.enabled` to false and expose Harbor manually with Kubernetes Manifests. + #### Configure the external URL The external URL for Harbor core service is used to: @@ -78,6 +80,7 @@ The following table lists the configurable parameters of the Harbor chart and th | Parameter | Description | Default | | --------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | | **Expose** | | | +| `expose.enabled` | Set to false if no `ingress`, `clusterIP`, `nodePort` or `loadBalancer` should be created or you you plan to expose Harbor in a way not offered by this chart | `true` | | `expose.type` | The way how to expose the service: `ingress`, `clusterIP`, `nodePort` or `loadBalancer`, other values will be ignored and the creation of service will be skipped. | `ingress` | | `expose.tls.enabled` | Enable the tls or not. Delete the `ssl-redirect` annotations in `expose.ingress.annotations` when TLS is disabled and `expose.type` is `ingress`. Note: if the `expose.type` is `ingress` and the tls is disabled, the port must be included in the command when pull/push images. Refer to https://github.com/goharbor/harbor/issues/5291 for the detail. | `true` | | `expose.tls.certSource` | The source of the tls certificate. Set it as `auto`, `secret` or `none` and fill the information in the corresponding section: 1) auto: generate the tls certificate automatically 2) secret: read the tls certificate from the specified secret. The tls certificate can be generated manually or by cert manager 3) none: configure no tls certificate for the ingress. If the default tls certificate is configured in the ingress controller, choose this option | `auto` | @@ -87,7 +90,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `expose.ingress.hosts.core` | The host of Harbor core service in ingress rule | `core.harbor.domain` | | `expose.ingress.hosts.notary` | The host of Harbor Notary service in ingress rule | `notary.harbor.domain` | | `expose.ingress.controller` | The ingress controller type. Currently supports `default`, `gce` and `ncp` | `default` | -| `expose.ingress.kubeVersionOverride` | Allows the ability to override the kubernetes version used while templating the ingress | | +| `expose.ingress.kubeVersionOverride` | Allows the ability to override the kubernetes version used while templating the ingress | | | `expose.ingress.annotations` | The annotations used commonly for ingresses | | | `expose.ingress.harbor.annotations` | The annotations specific to harbor ingress | {} | | `expose.ingress.notary.annotations` | The annotations specific to notary ingress | {} | diff --git a/templates/ingress/ingress.yaml b/templates/ingress/ingress.yaml index d46ce728c..c494e9938 100644 --- a/templates/ingress/ingress.yaml +++ b/templates/ingress/ingress.yaml @@ -1,3 +1,4 @@ +{{- if .Values.expose.enabled }} {{- if eq .Values.expose.type "ingress" }} {{- $ingress := .Values.expose.ingress -}} {{- $tls := .Values.expose.tls -}} @@ -201,3 +202,5 @@ spec: {{- end }} {{- end }} + +{{- end }} diff --git a/values.yaml b/values.yaml index e048cb4c8..f6eb2a48f 100644 --- a/values.yaml +++ b/values.yaml @@ -1,4 +1,5 @@ expose: + enabled: true # Set the way how to expose the service. Set the type as "ingress", # "clusterIP", "nodePort" or "loadBalancer" and fill the information # in the corresponding section