Portus icon indicating copy to clipboard operation
Portus copied to clipboard

Published 20 hours ago verified publisher icon SUSE

Stable Helm Chart

Open mssola opened this issue 6 years ago • 13 comments

Description

Previous efforts have been made to get a proper Helm chart, and now the community is also pushing for a new one. This issue is a reminder to help as much as possible on this effort.

mssola avatar Sep 28 '18 14:09 mssola

Any updates on this?

I'm looking into deploying portus in our environment. I've quickly hacked together https://github.com/kubic-project/caasp-services/tree/master/contrib/helm-charts/portus with support for automatic cert-manager self-signing keypair generation (for authentication tokens) running behind nginx-ingress-controller (with cert-manager set up for Let's Encrypt as well), and it seems to kinda work. I can drop a very messy patch if you want.

Update: darn, docker-registry doesn't seem to like self-signed https:// notification URLs... I'll try to play with it later this week.

Informatic avatar Dec 10 '18 20:12 Informatic

@Informatic I'm currently working on it, but if you have something that works, I'd appreciate a patch, so we can merge ideas :smile:

mssola avatar Dec 11 '18 10:12 mssola

https://git.io/fp58s (+ required ClusterIssuer/Issuer object: https://git.io/fp58W)

As you can see, it is very dirty, and, as stated above, does not really work yet. But IMO employing cert-manager to do certificate management on intialization would be a great feature. (even as an option)

Informatic avatar Dec 12 '18 07:12 Informatic

I'm not 100% sure how TLS certificates are used when communicating between all components in Portus, but if any component needed to sign some certificates, there's an option for that in Cert-Manager Certificate spec: http://docs.cert-manager.io/en/latest/reference/api-docs/index.html#certificate-v1alpha1 → isCA

Running Kubernetes/Portus in our environment is not very high on our todo lists yet, but I'll try to help with development & testing in my free time later.

Informatic avatar Dec 12 '18 08:12 Informatic

Hey, out of curiosity: do we have any updates on that?

In the end I only had a couple of hours to hack on this, and, sadly, didn't go any further. (ie. didn't get it to run successfuly... :/)

Ah. Last time, I ended up having problems with getting Portus to communicate with registry running with self-signed TLS certificates. I'll try to play with it further tonight.

Informatic avatar Jan 20 '19 20:01 Informatic

Hey @Informatic,

did you have time to fiddle with it again? I'm also at the point where I struggle to secure communication with the registry and self-signed TLS certificates. For the sake of simplicity I created the certificate manually (see #1730) but it looks like no one wants to talk with a self signed certificate. I would happy if you could show off your final helm chart. ;-)

Take care,

Simon

simon-scherzinger avatar Feb 21 '19 13:02 simon-scherzinger

I'm also interested if anyone has got this working; I manage to deploy the helm chart, and with the patches @Informatic proposed. All the services come up OK, I can log into the Portus interface and I can push to the registry using the credentials I created. The point I'm getting stuck is getting the registry added to Portus - no matter what I try I get SSL errors. It seems like Portus isn't picking up the /certificates/portus.crt certificate as trusted?

insertjokehere avatar Feb 22 '19 00:02 insertjokehere

Hey @insertjokehere,

try it adding isCA: true under spec in the certificate.yaml file. With this I can add the registry to Portus. Pushing and pulling images works as well, but the registry still does not talk back to Portus. This leaves the repositories unknown to Portus (UI).

simon-scherzinger avatar Mar 08 '19 15:03 simon-scherzinger

I think I made progress today. It was not the registry which could not talk to Portus, it was the Portus background process. Simply because the self signed certificate was not mounted into the background container. After adding the certificate stuff from portus container to portus-background in portus-deployment.yaml it worked.

I will add my final helm chart after I added some small things I'm missing – like saving images to S3 instead of a volume.

simon-scherzinger avatar Mar 18 '19 15:03 simon-scherzinger

Any update on this?

Kubernetes is now in very widespread use.

Not having a proper, stable Helm chart is a pretty big disadvantage IMHO.

asoltesz avatar Jul 28 '20 14:07 asoltesz

To back up @asoltesz - I ended up deploying goharbor/harbor rather than Portus because having a helm chart makes it a load simpler

insertjokehere avatar Jul 28 '20 20:07 insertjokehere

The instructions for the "incubator/portus" chart do not work anymore. There is no portus chart in incubator.

asoltesz avatar Aug 02 '20 10:08 asoltesz

You might want to remove this quote from the installation instructions considering it doesn't work:

Moreover, to maintain Kubernetes applications the community has developed Helm. Because of this, we have been working on proper Helm charts to deploy Portus in your Kubernetes cluster. We are working on pushing these charts into the main repository, but for now you can use the charts from this repository.

I understand if this isn't a high priority issue for you but maybe replace that with a link to this issue asking for a :+1: if it is a wanted feature? That way you can gauge interest.

SerialVelocity avatar Oct 31 '20 22:10 SerialVelocity