📝 (chore): Improve Helm Documentation

Add reference to example AWS IAM policy. Clean up configuration section of the documentation. Update prerequisites to highlight redis support re redis cluster and TLS.
goharbor · Jan 8, 2025 · 19509fa · 19509fa
1 parent a15e83d
commit 19509fa
Showing 1 changed file with 27 additions and 22 deletions.
diff --git a/docs/install-config/harbor-ha-helm.md b/docs/install-config/harbor-ha-helm.md
@@ -12,7 +12,9 @@ You can deploy Harbor on Kubernetes via helm to make it highly available. In thi
 - Highly available ingress controller (Harbor does not manage the external endpoint)
 - Highly available PostgreSQL 9.6+ (Harbor does not handle the deployment of HA of database)
 - Highly available Redis (Harbor does not handle the deployment of HA of Redis)
+  - Please note that Harbor presently doesnt support Redis Clusters or TLS based connections. Although work is currently underway to enable TLS based authentication.
 - PVC that can be shared across nodes or external object storage
+  - See [Architecture](#architecture), but to allow harbor to scale, each function/component needs to be able to read/write to a shared persistent volume.
 
 ## Architecture
 
@@ -33,35 +35,38 @@ helm fetch harbor/harbor --untar
 
 ## Configuration
 
-Configure the followings items in `values.yaml`, you can also set them as parameters via `--set` flag during running `helm install`:
+Configure the followings items in `values.yaml`, alternatively they can be set via `--set` flag during running `helm install`:
 
-- **Ingress rule**
-   Configure the `expose.ingress.hosts.core`.
+- **Ingress Rule**
+  - Configure the ingress url`expose.ingress.hosts.core`.
 - **External URL**
-   Configure the `externalURL`.
+  - Configure the url `externalURL`, this is used to populate the docker/helm commands shown on portal as well as the token service URL returned to docker clients.
 - **External PostgreSQL**
-   Set the `database.type` to `external` and fill the information in `database.external` section.
-
-   An empty databases should be created manually for `Harbor core` and configured in the section. Harbor will create tables automatically when starting up.
+  - Set `database.type` to `external` and fill the information in `database.external` section.
+  - An empty database needs to be created, by default the database is set to `registry`, this however can be changed by setting `coreDatabase`.
 - **External Redis**
-   Set the `redis.type` to `external` and fill the information in `redis.external` section.
-
-   Harbor introduced redis `Sentinel` mode support in 2.1.0. You can enable this by setting `sentinel_master_set` and `host` to `<host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>`.
-
-   You can also refer to this [guide](https://community.pivotal.io/s/article/How-to-setup-HAProxy-and-Redis-Sentinel-for-automatic-failover-between-Redis-Master-and-Slave-servers) to setup a HAProxy before the Redis to expose a single entry point.
+  - Set the `redis.type` to `external` and fill the information in `redis.external` section.
+  - Harbor introduced redis `Sentinel` mode support in 2.1.0. To enable set `sentinelMasterSet` and `host` using the following pattern `<host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>`. You can also refer to this [guide](https://community.pivotal.io/s/article/How-to-setup-HAProxy-and-Redis-Sentinel-for-automatic-failover-between-Redis-Master-and-Slave-servers) to setup a HAProxy before Redis to expose a single entry point.
+  - As noted in the prerequisites Harbor doesn't currently support TLS or Redis Clustering.
 - **Storage**
-   By default, a default `StorageClass` is needed in the K8S cluster to provision volumes to store images, charts and job logs.
-
-   If you want to specify the `StorageClass`, set `persistence.persistentVolumeClaim.registry.storageClass`, `persistence.persistentVolumeClaim.chartmuseum.storageClass` and `persistence.persistentVolumeClaim.jobservice.storageClass`.
-
-   If you use `StorageClass`, for both default or specified one, set `persistence.persistentVolumeClaim.registry.accessMode`, `persistence.persistentVolumeClaim.chartmuseum.accessMode` and `persistence.persistentVolumeClaim.jobservice.accessMode` as `ReadWriteMany`, and make sure that the persistent volumes must can be shared cross different nodes.
-
-   You can also use the existing PVCs to store data, set `persistence.persistentVolumeClaim.registry.existingClaim`, `persistence.persistentVolumeClaim.chartmuseum.existingClaim` and `persistence.persistentVolumeClaim.jobservice.existingClaim`.
-
-   If you have no PVCs that can be shared across nodes, you can use external object storage to store images and charts and store the job logs in database. Set the `persistence.imageChartStorage.type` to the value you want to use and fill the corresponding section and set `jobservice.jobLogger` to `database`.
+  - It's recommended that a `StorageClass` that supports sharing across nodes in a `ReadWriteMany` manner to provision volumes to store images, charts and job logs is used, this allows for scaling of components to meet demand. If such a volume type isn't your default storageClass, this will need to be set in the following locations:
+    - `persistence.persistentVolumeClaim.registry.storageClass`
+    - `persistence.persistentVolumeClaim.chartmuseum.storageClass`
+    - `persistence.persistentVolumeClaim.jobservice.storageClass`.
+  - If such a `StorageClass` is used, the associated accessMode needs to be set `ReadWriteMany` for the following fields: 
+    - `persistence.persistentVolumeClaim.registry.accessMode`
+    - `persistence.persistentVolumeClaim.chartmuseum.accessMode`
+    - `persistence.persistentVolumeClaim.jobservice.accessMode`
+  - Alternatively, use existing PVCs to store data by setting:
+    - `persistence.persistentVolumeClaim.registry.existingClaim`
+    - `persistence.persistentVolumeClaim.chartmuseum.existingClaim`
+    - `persistence.persistentVolumeClaim.jobservice.existingClaim`
+  - Finally, if you have no StorageClass that supports `ReadWriteMany` or don't wish to, external object storage can be used instead to store images and charts and store the job logs in database. To enable external object storage set the `persistence.imageChartStorage.type` to the value you want to use and fill the corresponding section and set `jobservice.jobLogger` to `database`.
+    - Note: For those whom wish to use S3, IRSA support is in progress upstream.
+    - An example AWS IAM policy is available [upstream](https://distribution.github.io/distribution/storage-drivers/s3/)
 
 - **Replica**
-   Set `portal.replicas`, `core.replicas`, `jobservice.replicas`, `registry.replicas`, `chartmuseum.replicas`, to `n`(`n`>=2).
+  - Set `portal.replicas`, `core.replicas`, `jobservice.replicas`, `registry.replicas`, `chartmuseum.replicas`, to `n`(`n`>=2).
 
 ## Installation