Changing the database password has impact on service availability. Perform the following steps to change the password for the Harbor internal database service.

Procedure

  1. Shutdown all the Harbor services that use the database to eliminate the risk of incomplete or failed transactions. 
    kubectl -n <namespace> scale deployment -l component=core --replicas=0
  2. SSH to workload cluster VIM using TCA Embedded SSH Client.
  3. Change the password for the database server by accessing the database pod using kubectl exec command and running a psql command. For example: 
    HARBOR_DB_POD=$(kubectl get pods -n harborcnf | grep database | awk '{print $1}')
HARBOR_NS=<<harbor-cnf-namespace>>
kubectl -n $HARBOR_NS exec -ti $HARBOR_DB_POD -- psql
psql (12.4)
Type "help"for help.
postgres=# \password

Enter new password: <new-password-value>
Enter it again: <new-password-value>
postgres=# \q
  4. Update the values.yaml configuration with the new password and trigger TCA CNF reconfigure with values.yaml to apply the password change and to the services that were stopped at the first step. 
    database:
internal:
...
# use thisfield forthe internal database
password: "<new password value>"