Merge pull request goharbor#1066 from ywk253100/210930_htpasswd

Drop the support for helm v2 and use "htpasswd" to generate the registry credential

.github/workflows/integration.yaml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        k8s_version: [v1.20.0, v1.19.4, v1.18.8]
+        k8s_version: [v1.22.0, v1.21.1, v1.20.7]
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -31,7 +31,7 @@ jobs:
 
       - name: Install Nginx ingress controller
         run: |
-          kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/ingress-nginx-2.3.0/deploy/static/provider/kind/deploy.yaml
+          kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.0.3/deploy/static/provider/kind/deploy.yaml
           kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=120s
 
       - name: Set up Go 1.13

.github/workflows/lint.yaml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        helm_version: [3.2.3, 2.16.12]
+        helm_version: [3.2.3]
     steps:
       - name: Checkout
         uses: actions/checkout@v2

README.md

@@ -10,8 +10,8 @@ This [Helm](https://github.com/kubernetes/helm) chart installs [Harbor](https://
 
 ## Prerequisites
 
-- Kubernetes cluster 1.18+
-- Helm 2.10.0+
+- Kubernetes cluster 1.20+
+- Helm v3
 
 ## Installation
 
@@ -60,31 +60,13 @@ If Harbor is deployed behind the proxy, set it as the URL of proxy.
 ### Install the chart
 
 Install the Harbor helm chart with a release name `my-release`:
-
-helm 2:
-
-```bash
-helm install --name my-release harbor/harbor
-```
-
-helm 3:
-
 ```bash
 helm install my-release harbor/harbor
 ```
 
 ## Uninstallation
 
 To uninstall/delete the `my-release` deployment:
-
-helm 2:
-
-```bash
-helm delete --purge my-release
-```
-
-helm 3:
-
 ```
 helm uninstall my-release
 ```
@@ -272,7 +254,6 @@ The following table lists the configurable parameters of the Harbor chart and th
 | `registry.secret`                                                           | Secret is used to secure the upload state from client and registry storage backend. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#http). If a secret key is not specified, Helm will generate one. Must be a string of 16 chars.                                                                                                                                                                                                                |                                                                                     |
 | `registry.credentials.username`                                             | The username for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd).                                                                                                                                                                                                                                                                                  | `harbor_registry_user`                                                              |
 | `registry.credentials.password`                                             | The password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). It is suggested you update this value before installation.                                                                                                                                                                                                                       | `harbor_registry_password`                                                          |
-| `registry.credentials.htpasswd`                                             | The content of htpasswd file based on the value of `registry.credentials.username` `registry.credentials.password`. Currently `helm` does not support bcrypt in the template script, if the credential is updated you need to manually generated by calling [htpasswd](https://httpd.apache.org/docs/2.4/programs/htpasswd.html): `htpasswd -nbBC10 $username $password`. More details see [official_docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). | `harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m` |
 | `registry.relativeurls`                                                     | If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. Needed if harbor is behind a reverse proxy                                                                                                                                                                                                                                                                                                                           | `false`                                                                             |
 | **Chartmuseum**                                                             |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |                                                                                     |
 | `chartmuseum.enabled`                                                       | Enable chartmusuem to store chart                                                                                                                                                                                                                                                                                                                                                                                                                                                              | `true`                                                                              |

docs/High Availability.md

@@ -8,8 +8,8 @@ Deploy Harbor on K8S via helm to make it highly available, that is, if one of no
 
 ## Prerequisites
 
-- Kubernetes cluster 1.16+
-- Helm 2.10.0+
+- Kubernetes cluster 1.20+
+- Helm v3
 - High available ingress controller (Harbor does not manage the external endpoint)
 - High available PostgreSQL database (Harbor does not handle the deployment of HA of database)
 - High available Redis (Harbor does not handle the deployment of HA of Redis)
@@ -67,12 +67,6 @@ Configure the followings items in `values.yaml`, you can also set them as parame
 ### Installation
 
 Install the Harbor helm chart with a release name `my-release`:  
-
-helm 2:
-```bash
-helm install --name my-release .
-```
-helm 3:
 ```
 helm install my-release .
 ```

templates/registry/registry-secret.yaml

@@ -41,4 +41,4 @@ metadata:
 {{ include "harbor.labels" . | indent 4 }}
 type: Opaque
 data:
-  REGISTRY_HTPASSWD: {{ .Values.registry.credentials.htpasswd | b64enc | quote }}
+  REGISTRY_HTPASSWD: {{ htpasswd .Values.registry.credentials.username .Values.registry.credentials.password | b64enc | quote }}

test/go.mod

@@ -3,7 +3,7 @@ module github.com/goharbor/harbor-helm
 go 1.13
 
 require (
-	github.com/gruntwork-io/terratest v0.28.2
-	github.com/stretchr/testify v1.6.0
-	k8s.io/api v0.18.3
+	github.com/gruntwork-io/terratest v0.38.1
+	github.com/stretchr/testify v1.7.0
+	k8s.io/api v0.20.6
 )