This document describes the configuration methods for credentials required by Harbor instances.
Harbor has the following requirements for Redis deployment:
Standalone
and Sentinel
modes. However, Redis Cluster
mode is not supported.For detailed Redis deployment instructions, please refer to the Harbor Official Documentation.
Create a Secret in the namespace where the Harbor instance is planned to be deployed, select the Opaque type, and add and fill in the following fields in the configuration:
Field | Description | Arch | Example Value |
---|---|---|---|
host | Redis connection address. Ensure that the Harbor service can connect to it. | standalone | 192.168.1.1 |
port | Redis connection port. Ensure that the Harbor service can connect to this port. | standalone | 6379 |
password | Redis instance account password. Required when Redis authentication is enabled. | standalone,sentinel | password111 |
address | Sentinel node connection address. | sentinel | 192.168.1.1:26379,192.168.1.2:26379,192.168.1.3:26379 |
masterName | The name of the instance group monitored by Sentinel in the sentinel.conf. | sentinel | mymaster |
Standalone example:
Sentinel example:
If you want to modify Redis connection information after deploying a Harbor instance, you need to directly update the Harbor instance resource, rather than modifying the credential content. For specific operations, please refer to Configuring Redis Access Credentials.
When providing Redis service through Alauda Cache Service for Redis OSS, consider the following important requirements:
When creating a Redis instance, a Secret containing connection information is automatically generated, which can be used directly to deploy Harbor. This Secret resource can be filtered using the label middleware.instance/type: Redis
.
If the Redis instance and Harbor instance are not in the same namespace, you need to copy the Secret resource to the namespace where the Harbor instance is located.
For more Redis deployment parameters and high availability deployment requirements, please refer to the
Harbor has the following requirements for PostgreSQL versions:
Create a Secret in the namespace where the Harbor instance is planned to be deployed, select the Opaque type, and add and fill in the following fields in the configuration:
Field | Description | Example Value |
---|---|---|
host | Database connection address. Ensure that the Harbor service can connect to this database address. | 192.168.1.1 |
port | Database connection port. Ensure that the Harbor service can connect to this database port. | 5432 |
username | Database account username | postgres |
password | Database account password | password111 |
database | Database name. This database must already exist and be empty. You can use the command create database <database name> to create a database | harbor_db |
sslmode | Whether to enable SSL for database connections. Available options: - require : Require SSL connection- disable : Disable SSL connection - verify-ca : Verify the server's certificate- verify-full : Verify the server's certificate and hostname. more about sslmode | require |
YAML example:
How to Create a Database on a PG Instance
Connect to the PG instance using the psql cli and execute the following command to create a database:
sslmode is a parameter that controls the security of the connection between the Harbor service and the PostgreSQL database. Available options:
require
: Require SSL connectiondisable
: Disable SSL connectionverify-ca
: Verify the server's certificateverify-full
: Verify the server's certificate and hostnameWhen you use Alauda support for PostgreSQL
, the sslmode
should be set to require
.
When you use external PostgreSQL, the sslmode
is depends on your PostgreSQL configuration.
If you want to modify PostgreSQL connection information after deploying a Harbor instance, you need to directly update the Harbor instance resource, rather than modifying the credential content. For specific operations, please refer to Configure PostgreSQL Credentials.
Data Services
supports deploying PostgreSQL instances that can be used for Harbor deployment. When creating a PostgreSQL instance, please consider the following important requirements:
When creating a PostgreSQL instance, a Secret containing connection information is automatically generated. This Secret resource can be filtered using the label middleware.instance/type: PostgreSQL
.
This Secret contains host
, port
, username
, password
information. You need to supplement database
and sslmode
(set to require
) information based on this Secret, and create a new secret in the namespace where the Harbor instance is located.
When creating a Postgres instance, a Secret that starts with postgres and contains connection information is automatically generated. This Secret can be directly utilized for Harbor deployment and can be filtered using the following command:
If the Postgres instance and Harbor instance are not in the same namespace, you need to copy the Secret resource to the namespace where the Harbor instance is located.
For more PostgreSQL deployment parameters and requirements, please refer to
Create a Secret in the namespace where the Harbor instance is planned to be deployed, select the Opaque type, and add and fill in the following fields in the configuration:
Field | Description | Example Value |
---|---|---|
password | Set the password for the default admin account, which must contain letters, numbers, and special characters, be at least 8 characters long) cannot be used | password111@ |
namespace | Set the same namespace as the Harbor instance | tools |
Note that the default username for Harbor is admin.