A Terraform module to provision a highly available Harbor Container Registry on a DigitalOcean Kubernetes cluster (DOKS). (Part of the DigitalOcean Kubernetes Challange 2021)
- Deploy a highly available Harbor Container Registry on a DigitalOcean Kubernetes Cluster (DOKS).
- DigitalOcean managed PostgreSQL (v13) & Redis (v6) Clusters auto-provisioned and configured.
- Spaces (S3 API compatible) bucket provisioned for image, chart, and job log storage.
- Option to use existing Postgres & Redis clusters.
- Harbor exposed by
ClusterIP(default). - Expose Harbor by Ingress configured for use with Traefik.
- Enable custom chart values via file in root path (default name;
values.yaml). - Post deployment status via
outputs.tf - Deploy
redis-proxyDaemonSet pods only on nodes that require them. - Expose Harbor via NodePort.
- Expose Harbor via LoadBalancer.
- Option to deploy PostgreSQL & Redis on the cluster instead of provisioning managed clusters (maintains HA).
- Requires Terraform 0.15 or higher.
- A DigitalOcean account and personal access token for accessing the DigitalOcean API - Use this referral link for $100 free credit
- Spaces access ID & secret key
- A Pre-provisioned DigitalOcean Kubernetes Cluster (DOKS) [version ≥ 1.10].
Deploy a Harbor Container Registry with High Availability on DigitalOcean via Terraform
Configure Traefik to Proxy Harbor Registry on DigitalOcean Kubernetes via Terraform Modules
The default deployment of this module provisions the below resources on an existing DigitalOcean Kubernetes Cluster (1) (which itself can be provisioned by a Terraform module).
1. DigitalOcean Kubernetes Cluster (DOKS)
2. Spaces bucket (for image, chart & job log storage)
3. Managed PostgreSQL Database Cluster (single node)
4. Managed Redis Database Cluster (single node)
5. Harbor Service (ClusterIP)
6. Cluster nodes on which Harbor & supporting pods are deployed
The module can also be configured to expose Harbor via Ingress with Traefik as the ingress controller, a valid TLS certificate via cert-manager and a DigitalOcean Cloud Load Balancer (see this example TBA):
5. Ingress Controller (e.g. Traefik)
6. DigitalOcean Cloud Load Balancer
Basic usage of this module is as follows:
module "harbor" {
source = "colinwilson/doks-harbor/digitalocean"
doks_cluster_name = var.doks_cluster_name
spaces_access_id = var.spaces_access_id
spaces_secret_key = var.spaces_secret_key
}
See the examples directory for details & additional deployment scenarios
Example output:
TBA
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| do_token | DigitalOcean Personal Access Token | string | N/A | yes |
| spaces_access_id | DigitalOcean Spaces Access ID | string | N/A | yes |
| spaces_secret_key | DigitalOcean Spaces Secret Key | string | N/A | yes |
| doks_cluster_name | Name of your DigitalOcean Kubernetes Cluster | string | N/A | yes |
| postgres_cluster_name | Name of existing DO Managed Postgres Cluster | string | empty | no |
| redis_cluster_name | Name of existing DO Managed Redis Cluster | string | empty | no |
| harbor_namespace | Name of the namespace into which Harbor should be deployed | string | harbor |
no |
| harbor_chart_version | Harbor chart version to deploy | string | 1.8.1 |
no |
| harbor_chart_timeout_seconds | Harbor chart deployment timeout (secs) | number | 800 |
no |
| values_file | Name of the custom chart values file to use (path.root) |
string | values.yaml |
no |
| harbor_expose_type | Expose Harbor deployment via ClusterIP or Ingress (traefik option supports Traefik) |
string | clusterip |
no |
| harbor_cert_cn | Common name for the automatically generated Harbor TLS cert when using harbor_expose_type: clusterip |
string | local |
no |
| harbor_tls_secret_name | Name of the TLS secret when using harbor_expose_type: traefik |
string | empty | no |
| harbor_tls_notary_secret_name | Name of the Notary TLS secret when using harbor_expose_type: traefik |
string | empty | no |
| harbor_ext_url | Set Harbor's external URL | string | local |
no |
| harbor_admin_password | Initial password of the default Harbor user admin |
string | Harbor12345 |
no |
| firewall_databases | Firewall both Postgres and Redis databases. Connections permitted from the specified DOKS cluster only | bool | true |
no |
| database_user_pg | Postgres database user name | string | harbor |
no |
| database_size_pg | Database Droplet size associated with the provisioned Postgres cluster (ex. db-s-1vcpu-1gb) |
string | db-s-1vcpu-1gb |
no |
| database_node_count_pg | Number of nodes ot provision for the Postgres database cluster | number | 1 |
no |
| database_size_redis | Database Droplet size associated with the provisioned Redis cluster (ex. db-s-1vcpu-1gb) |
string | db-s-1vcpu-1gb |
no |
| database_node_count_redis | Number of nodes ot provision for the Redis database cluster | number | 1 |
no |
TBA