Skip to content

colinwilson/terraform-digitalocean-doks-harbor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits

.github

.github

 
 

custom_chart_values

custom_chart_values

 
 

examples

examples

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

data.tf

data.tf

 
 

harbor_chart.tf

harbor_chart.tf

 
 

locals.tf

locals.tf

 
 

outputs.tf

outputs.tf

 
 

postgres_managed.tf

postgres_managed.tf

 
 

redis_chart.tf

redis_chart.tf

 
 

redis_managed.tf

redis_managed.tf

 
 

redis_proxy_chart.tf

redis_proxy_chart.tf

 
 

spaces_bucket.tf

spaces_bucket.tf

 
 

variables.tf

variables.tf

 
 

versions.tf

versions.tf

 
 

Repository files navigation

Terraform Module - High Availability Harbor on DOKS (DigitalOcean Kubernetes)

A Terraform module to provision a highly available Harbor Container Registry on a DigitalOcean Kubernetes cluster (DOKS). (Part of the DigitalOcean Kubernetes Challange 2021)

Features

  • Deploy a highly available Harbor Container Registry on a DigitalOcean Kubernetes Cluster (DOKS).
  • DigitalOcean managed PostgreSQL (v13) & Redis (v6) Clusters auto-provisioned and configured.
  • Spaces (S3 API compatible) bucket provisioned for image, chart, and job log storage.
  • Option to use existing Postgres & Redis clusters.
  • Harbor exposed by ClusterIP (default).
  • Expose Harbor by Ingress configured for use with Traefik.
  • Enable custom chart values via file in root path (default name; values.yaml).
  • Post deployment status via outputs.tf
  • Deploy redis-proxy DaemonSet pods only on nodes that require them.
  • Expose Harbor via NodePort.
  • Expose Harbor via LoadBalancer.
  • Option to deploy PostgreSQL & Redis on the cluster instead of provisioning managed clusters (maintains HA).

Compatibility/Requirements

Tutorial

Deploy a Harbor Container Registry with High Availability on DigitalOcean via Terraform

Configure Traefik to Proxy Harbor Registry on DigitalOcean Kubernetes via Terraform Modules

Architecture

The default deployment of this module provisions the below resources on an existing DigitalOcean Kubernetes Cluster (1) (which itself can be provisioned by a Terraform module).

High Availability Harbor on DigitalOcean Kubernetes

1. DigitalOcean Kubernetes Cluster (DOKS)
2. Spaces bucket (for image, chart & job log storage)
3. Managed PostgreSQL Database Cluster (single node)
4. Managed Redis Database Cluster (single node)
5. Harbor Service (ClusterIP)
6. Cluster nodes on which Harbor & supporting pods are deployed

The module can also be configured to expose Harbor via Ingress with Traefik as the ingress controller, a valid TLS certificate via cert-manager and a DigitalOcean Cloud Load Balancer (see this example TBA):

High Availability Harbor on DigitalOcean Kubernetes with Traefik Ingress Controller

5. Ingress Controller (e.g. Traefik)
6. DigitalOcean Cloud Load Balancer

Usage

Basic usage of this module is as follows:

module "harbor" {
  source = "colinwilson/doks-harbor/digitalocean"

  doks_cluster_name = var.doks_cluster_name

  spaces_access_id  = var.spaces_access_id
  spaces_secret_key = var.spaces_secret_key
}

See the examples directory for details & additional deployment scenarios

Example output:

TBA

Inputs

Name Description Type Default Required
do_token DigitalOcean Personal Access Token string N/A yes
spaces_access_id DigitalOcean Spaces Access ID string N/A yes
spaces_secret_key DigitalOcean Spaces Secret Key string N/A yes
doks_cluster_name Name of your DigitalOcean Kubernetes Cluster string N/A yes
 
postgres_cluster_name Name of existing DO Managed Postgres Cluster string empty no
redis_cluster_name Name of existing DO Managed Redis Cluster string empty no
harbor_namespace Name of the namespace into which Harbor should be deployed string harbor no
harbor_chart_version Harbor chart version to deploy string 1.8.1 no
harbor_chart_timeout_seconds Harbor chart deployment timeout (secs) number 800 no
values_file Name of the custom chart values file to use (path.root) string values.yaml no
harbor_expose_type Expose Harbor deployment via ClusterIP or Ingress (traefik option supports Traefik) string clusterip no
harbor_cert_cn Common name for the automatically generated Harbor TLS cert when using harbor_expose_type: clusterip string local no
harbor_tls_secret_name Name of the TLS secret when using harbor_expose_type: traefik string empty no
harbor_tls_notary_secret_name Name of the Notary TLS secret when using harbor_expose_type: traefik string empty no
harbor_ext_url Set Harbor's external URL string local no
harbor_admin_password Initial password of the default Harbor user admin string Harbor12345 no
firewall_databases Firewall both Postgres and Redis databases. Connections permitted from the specified DOKS cluster only bool true no
database_user_pg Postgres database user name string harbor no
database_size_pg Database Droplet size associated with the provisioned Postgres cluster (ex. db-s-1vcpu-1gb) string db-s-1vcpu-1gb no
database_node_count_pg Number of nodes ot provision for the Postgres database cluster number 1 no
database_size_redis Database Droplet size associated with the provisioned Redis cluster (ex. db-s-1vcpu-1gb) string db-s-1vcpu-1gb no
database_node_count_redis Number of nodes ot provision for the Redis database cluster number 1 no

Outputs

TBA

About

High Availability Harbor on DOKS (Kubernetes on DigitalOcean) via Terraform [WIP]

registry.terraform.io/modules/colinwilson/doks-harbor/digitalocean/latest

Topics

kubernetes digitalocean terraform helm traefik harbor terraform-module traefik-ingress doks harbor-registry

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases 4

0.1.3 Latest
Jan 26, 2022
+ 3 releases

Languages