--- # Source: harbor/templates/core/core-secret.yaml apiVersion: v1 kind: Secret metadata: name: harbor-core labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" type: Opaque data: secretKey: "bm90LWEtc2VjdXJlLWtleQ==" secret: "ZW92VFRmU3RSNGR4R2FPYg==" tls.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdm96RWMrWEJ2RVkvbVgxaVlLOXk5MjhoQ2V5VXBiVTRwUWY0VHZQUzE4alFObklqClNUNnJNUS96ejdRR2hvSHpPci90YjNDQnE1ZjY1NjdQd3VscVpjcUxKK1FydzlZZEJyQlhFMnRzWHhwei81UGcKT1pWdG05b2lUVDJJRUw1N0xVYVhlNjRheG5GbkVHTTdmY3JOdlFyZzhGWU1BdGJhV3puMHUyWUNQS0xKWG0wRwpIQlUrWXcxOHM2Q2o2ZG5uRUtITVBSNDF3VTNSU01aTlAxcWovc1dlVDFWMWZGdlV6OFNlOFJLOGZHUE9CQjBsClhHVDd1U0wzZTZUc1N1ZHZMMDV0cmR4QzJhbjNpMTBvM2FtMkh4d1EramRWZUx2cXNrU2daWnBGck9lZUxTc08KdmR4SFJ0azNIRlY4UFlwMVBHZWR3NFlNSDFiU1ZkTDgxZ1JBbFFJREFRQUJBb0lCQVFDb3hjZXZHNTVZSXlScgp6OG1WOTNCdHhrbE9IL1NkUFFENTh6QTB4Zk5HMnYvSWFabmxZeE4vOWpBdUZMYis1aFRJUVh5TkN1cGZVTktUCjZKcnVlWTJhc1NaRjQrdjduaWJCYU9rSE0wdWVoTENmZTV2TGhSVzdTQjYvcVROZUdVakNsbGJQM2lxcS80Q1kKM0R1eU5ERzhNZW1BRmNhM3NSTmdYOW5yTGZQblBZU0s5d3NFbkhSS0N1ZldBeGJBZEw3QTZYemFEM3k2Qy9uUApTSEtzSHprM3hNcXVaeFBRTUIvR3dvSWo1RXRMUmZjcGRBbjYzNE9GdG5KNG1JaVJnM3E4WXNSSThSNFRlbkExCjdmMzBWaHB4djd4cFRhZjJoNGRhKzNnS0RqR0U0aEhyOVVNUWVKYnUzTGJVeno1Q2Rtck1HQUYyczFDdWlKOTQKbUpwRjIxUGhBb0dCQU5ZTkhhRlFSRTFoVHhiMFY3ajc5RStKY1NtajNtMnNKUk9WWWRrMG5DOHJ3QjF0amMycQozTE0rV3hJZlBMcmRuMXU0SzBnUGlLVW1lcnNWQzVaVk80M3IxT2dTVXBUanFteXBJdkNOdHBjQXVTeDA1RkYzClhGVXFxL3JhYWNGcmg3Rzh0cVpWNFRFa3QxQXRvb3ZOQmJTT0Z2UDVicEFwWHRRY2FrM0dXRUo5QW9HQkFPUGsKbUh2LzllVWxRaVQ3eHBhQ3lKMm54OHJEdFpEMCs4WnFDVHlteVd4TnhXWWYwY3hQempsaU93T040c09uY3krdQp6K3ZuSWVUNEV5QW9WTUJ4dG9pdlZtNWwydGM1aDVYKzdzSFpFNDRtcWRvMW8rQTNNcXZDWThKYmxzaGNyMEZtCjYwUit0Q3NZOXhObkcwRDY4WXdXT0lHSjVLVmNOc0pnYVo2UGdQbjVBb0dBZjFOOTlKOFNnaFVJUHRkSjl6ZW8KdEVkRmtVZHc0RHd1TWVBQ1BIb1hEZGd3aDFETHNUT1o1T1dLdHRUdUF4b2gyU1ZNV2FrajExbDBXQ1RFcDhBNwpsTWhiOVZBdzMzQXR5RVUwQzNQQTBVSVU1R1VFQzVHODBzeDNVTmpyWDZyZkpOTGtzejBTbjNEL3VpbnJMczNlClB2RG1wbW9SWXArNVVPTTJPTjFyVXVFQ2dZQXl1d2VLeXY3MUpLY2x6bnAxdE9WdDJ4U3B1WWxvbkhDVHliVUcKc0dZMFd0ZXZsVFBCMUo0bXZndy9EVTNHbWpjVkRVZ3h6b0VJRklWRmFsVDdoaFRKTnFiNTZtaWQ4cXVSSTNBSQo3UWJpWlE3NGlXcFNsbGNNVHppZjRuMmRXcXlVMVpGWDdSQzBhMWxORTIzSXVGUWZDQzlKL3VWTVBrdmVWMUlMCnZ3eEtHUUtCZ0JvcFJCMHhUalJtY0tiN2FGeVFub2tycUNoWE5rd0phNTFaekRUNU10Wm1kUUdYTTZ2WkxwTnkKb3IvUENnVXBoRVRKWjFJVEZEUDNrZkJOUk83TzRlQ3kvWVdtZVROZ3M4VlJvZXpiNUFWVnNURHdyVWdJeUc2SQpGdG9CQmgrOGZvcUdaQXlxN3BLR3JNc201RVd4aXZiOStYVHc0UldhaWFXZWdOK20weUJxCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==" tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lRUFJDbFZlWlV1bTRrWklGOUxNb21HVEFOQmdrcWhraUc5dzBCQVFzRkFEQWEKTVJnd0ZnWURWUVFERXc5b1lYSmliM0l0ZEc5clpXNHRZMkV3SGhjTk1qUXdPVEE0TWpFeE5UUXdXaGNOTWpVdwpPVEE0TWpFeE5UUXdXakFhTVJnd0ZnWURWUVFERXc5b1lYSmliM0l0ZEc5clpXNHRZMkV3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMrak1SejVjRzhSaitaZldKZ3IzTDNieUVKN0pTbHRUaWwKQi9oTzg5TFh5TkEyY2lOSlBxc3hEL1BQdEFhR2dmTTZ2KzF2Y0lHcmwvcm5ycy9DNldwbHlvc241Q3ZEMWgwRwpzRmNUYTJ4ZkduUC9rK0E1bFcyYjJpSk5QWWdRdm5zdFJwZDdyaHJHY1djUVl6dDl5czI5Q3VEd1Znd0MxdHBiCk9mUzdaZ0k4b3NsZWJRWWNGVDVqRFh5em9LUHAyZWNRb2N3OUhqWEJUZEZJeGswL1dxUCt4WjVQVlhWOFc5VFAKeEo3eEVyeDhZODRFSFNWY1pQdTVJdmQ3cE94SzUyOHZUbTJ0M0VMWnFmZUxYU2pkcWJZZkhCRDZOMVY0dStxeQpSS0JsbWtXczU1NHRLdzY5M0VkRzJUY2NWWHc5aW5VOFo1M0RoZ3dmVnRKVjB2eldCRUNWQWdNQkFBR2pZVEJmCk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXcKRHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVOElIQ01yTENBdEtUMHd4ZnZxS21sR1NzZ0UwdwpEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ2NsTXpUYmNreHlRMWEwNWFjRS8xbTlNQm5RV2sxQ2NPVitEeVRuCjR3S1RpZFg2NG5lT1Z5aUUrVzM1REtzZWpEYUpWekZpOFR6aUlsanFSbDYzVk15OWxTMFdPUUdQOWdhRVZ1NWYKR2VJemlqT1NKQXhwZ1RUcmZpQTRtbUllTTFqbVVpTml6bGxTa2s2b0NoNWRsQzNBaU1QTHpSbnNXT200VXlwLwpER0o4d0NmbGhxREd2Z3YrTEV5OUNUNVI2SFBmdVE0RGVlSHJDa1FuenhySlJZankrSTRmR3liSTdtSlYrb3dtCnNObnoxUlRzTmJqY2JldnV5a0RTaUNRdnRvMmtxU0l1MDdIRHpXVGVkbk9KamRvekpLU002UEZ1ZlJneDRhVVIKOEhtT25tckp5V0Zjem8yUlFXdTVHVCt1RFZEL3RVWXJTZzBOdjBDZEtrazBPWFU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" HARBOR_ADMIN_PASSWORD: "SGFyYm9yMTIzNDU=" REGISTRY_CREDENTIAL_PASSWORD: "aGFyYm9yX3JlZ2lzdHJ5X3Bhc3N3b3Jk" CSRF_KEY: "Vlk1MFNhMFp4N3lNUUlOWXlZcVR3c0l4cDBCMUhhdWM=" --- # Source: harbor/templates/exporter/exporter-secret.yaml apiVersion: v1 kind: Secret metadata: name: harbor-exporter labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" type: Opaque data: HARBOR_ADMIN_PASSWORD: "SGFyYm9yMTIzNDU=" --- # Source: harbor/templates/jobservice/jobservice-secrets.yaml apiVersion: v1 kind: Secret metadata: name: "harbor-jobservice" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" type: Opaque data: JOBSERVICE_SECRET: "Sk5JU3VIUHViZDYwTjlOUQ==" REGISTRY_CREDENTIAL_PASSWORD: "aGFyYm9yX3JlZ2lzdHJ5X3Bhc3N3b3Jk" --- # Source: harbor/templates/registry/registry-secret.yaml apiVersion: v1 kind: Secret metadata: name: "harbor-registry" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" type: Opaque data: REGISTRY_HTTP_SECRET: "ODV4RjZ5TkZlYnh0M3hkZA==" REGISTRY_REDIS_PASSWORD: "TXZZY3VVMFJhSXUxU1g3ZlkxbTFKcmdMVVNhWkpqZ2U=" --- # Source: harbor/templates/registry/registry-secret.yaml apiVersion: v1 kind: Secret metadata: name: "harbor-registry-htpasswd" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" type: Opaque data: REGISTRY_HTPASSWD: "aGFyYm9yX3JlZ2lzdHJ5X3VzZXI6JDJhJDEwJDJiSTc1ZjlUeXdmYkZ1bnpNQk50NnVOQUNMVko4UjdDWmtrV2M2UzROUnlIMlZiR2RaNXVT" --- # Source: harbor/templates/registry/registryctl-secret.yaml apiVersion: v1 kind: Secret metadata: name: "harbor-registryctl" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" type: Opaque data: --- # Source: harbor/templates/core/core-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: harbor-core labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" data: app.conf: |+ appname = Harbor runmode = prod enablegzip = true [prod] httpport = 8080 PORT: "8080" DATABASE_TYPE: "postgresql" POSTGRESQL_HOST: "172.20.43.1" POSTGRESQL_PORT: "5432" POSTGRESQL_USERNAME: "kspace_harbor" POSTGRESQL_DATABASE: "kspace_harbor" POSTGRESQL_SSLMODE: "disable" POSTGRESQL_MAX_IDLE_CONNS: "100" POSTGRESQL_MAX_OPEN_CONNS: "900" EXT_ENDPOINT: "https://harbor.k-space.ee" CORE_URL: "http://harbor-core:80" JOBSERVICE_URL: "http://harbor-jobservice" REGISTRY_URL: "http://harbor-registry:5000" TOKEN_SERVICE_URL: "http://harbor-core:80/service/token" CORE_LOCAL_URL: "http://127.0.0.1:8080" WITH_TRIVY: "false" TRIVY_ADAPTER_URL: "http://harbor-trivy:8080" REGISTRY_STORAGE_PROVIDER_NAME: "s3" LOG_LEVEL: "debug" CONFIG_PATH: "/etc/core/app.conf" CHART_CACHE_DRIVER: "redis" _REDIS_URL_CORE: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/0?idle_timeout_seconds=30" _REDIS_URL_REG: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/2?idle_timeout_seconds=30" PORTAL_URL: "http://harbor-portal" REGISTRY_CONTROLLER_URL: "http://harbor-registry:8080" REGISTRY_CREDENTIAL_USERNAME: "harbor_registry_user" HTTP_PROXY: "" HTTPS_PROXY: "" NO_PROXY: "harbor-core,harbor-jobservice,harbor-database,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal" PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE: "docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry,github-ghcr,jfrog-artifactory" METRIC_ENABLE: "true" METRIC_PATH: "/metrics" METRIC_PORT: "8001" METRIC_NAMESPACE: harbor METRIC_SUBSYSTEM: core QUOTA_UPDATE_PROVIDER: "db" --- # Source: harbor/templates/exporter/exporter-cm-env.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-exporter-env" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" data: HTTP_PROXY: "" HTTPS_PROXY: "" NO_PROXY: "harbor-core,harbor-jobservice,harbor-database,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal" LOG_LEVEL: "debug" HARBOR_EXPORTER_PORT: "8001" HARBOR_EXPORTER_METRICS_PATH: "/metrics" HARBOR_EXPORTER_METRICS_ENABLED: "true" HARBOR_EXPORTER_CACHE_TIME: "23" HARBOR_EXPORTER_CACHE_CLEAN_INTERVAL: "14400" HARBOR_METRIC_NAMESPACE: harbor HARBOR_METRIC_SUBSYSTEM: exporter HARBOR_REDIS_URL: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/1" HARBOR_REDIS_NAMESPACE: harbor_job_service_namespace HARBOR_REDIS_TIMEOUT: "3600" HARBOR_SERVICE_SCHEME: "http" HARBOR_SERVICE_HOST: "harbor-core" HARBOR_SERVICE_PORT: "80" HARBOR_DATABASE_HOST: "172.20.43.1" HARBOR_DATABASE_PORT: "5432" HARBOR_DATABASE_USERNAME: "kspace_harbor" HARBOR_DATABASE_DBNAME: "kspace_harbor" HARBOR_DATABASE_SSLMODE: "disable" HARBOR_DATABASE_MAX_IDLE_CONNS: "100" HARBOR_DATABASE_MAX_OPEN_CONNS: "900" --- # Source: harbor/templates/jobservice/jobservice-cm-env.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-jobservice-env" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" data: CORE_URL: "http://harbor-core:80" TOKEN_SERVICE_URL: "http://harbor-core:80/service/token" REGISTRY_URL: "http://harbor-registry:5000" REGISTRY_CONTROLLER_URL: "http://harbor-registry:8080" REGISTRY_CREDENTIAL_USERNAME: "harbor_registry_user" JOBSERVICE_WEBHOOK_JOB_MAX_RETRY: "3" JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "3" HTTP_PROXY: "" HTTPS_PROXY: "" NO_PROXY: "harbor-core,harbor-jobservice,harbor-database,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal" METRIC_NAMESPACE: harbor METRIC_SUBSYSTEM: jobservice --- # Source: harbor/templates/jobservice/jobservice-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-jobservice" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" data: config.yml: |+ #Server listening port protocol: "http" port: 8080 worker_pool: workers: 10 backend: "redis" redis_pool: redis_url: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/1" namespace: "harbor_job_service_namespace" idle_timeout_second: 3600 job_loggers: - name: "FILE" level: DEBUG settings: # Customized settings of logger base_dir: "/var/log/jobs" sweeper: duration: 14 #days settings: # Customized settings of sweeper work_dir: "/var/log/jobs" metric: enabled: true path: /metrics port: 8001 #Loggers for the job service loggers: - name: "STD_OUTPUT" level: DEBUG reaper: # the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24 max_update_hours: 24 # the max time for execution in running state without new task created max_dangling_hours: 168 --- # Source: harbor/templates/portal/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-portal" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" data: nginx.conf: |+ worker_processes auto; pid /tmp/nginx.pid; events { worker_connections 1024; } http { client_body_temp_path /tmp/client_body_temp; proxy_temp_path /tmp/proxy_temp; fastcgi_temp_path /tmp/fastcgi_temp; uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; server { listen 8080; listen [::]:8080; server_name localhost; root /usr/share/nginx/html; index index.html index.htm; include /etc/nginx/mime.types; gzip on; gzip_min_length 1000; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; location /devcenter-api-2.0 { try_files $uri $uri/ /swagger-ui-index.html; } location / { try_files $uri $uri/ /index.html; } location = /index.html { add_header Cache-Control "no-store, no-cache, must-revalidate"; } } } --- # Source: harbor/templates/registry/registry-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-registry" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" data: config.yml: |+ version: 0.1 log: level: debug fields: service: registry storage: s3: region: us-east-1 bucket: harbor-operator-e60e5943-234a-496d-ae74-933f6a67c530 regionendpoint: https://external.minio-clusters.k-space.ee cache: layerinfo: redis maintenance: uploadpurging: enabled: true age: 168h interval: 24h dryrun: false delete: enabled: true redirect: disable: false redis: addr: dragonfly:6379 db: 2 password: MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge readtimeout: 10s writetimeout: 10s dialtimeout: 10s pool: maxidle: 100 maxactive: 500 idletimeout: 60s http: addr: :5000 relativeurls: false # set via environment variable # secret: placeholder debug: addr: :8001 prometheus: enabled: true path: /metrics auth: htpasswd: realm: harbor-registry-basic-realm path: /etc/registry/passwd validation: disabled: true compatibility: schema1: enabled: true ctl-config.yml: |+ --- protocol: "http" port: 8080 log_level: debug registry_config: "/etc/registry/config.yml" --- # Source: harbor/templates/registry/registryctl-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-registryctl" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" data: --- # Source: harbor/templates/jobservice/jobservice-pvc.yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: name: harbor-jobservice annotations: helm.sh/resource-policy: keep labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: jobservice app.kubernetes.io/component: jobservice spec: accessModes: - ReadWriteMany resources: requests: storage: 5Gi storageClassName: longhorn --- # Source: harbor/templates/core/core-svc.yaml apiVersion: v1 kind: Service metadata: name: harbor-core labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" spec: ports: - name: http-web port: 80 targetPort: 8080 - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: core --- # Source: harbor/templates/exporter/exporter-svc.yaml apiVersion: v1 kind: Service metadata: name: "harbor-exporter" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" spec: ports: - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: exporter --- # Source: harbor/templates/jobservice/jobservice-svc.yaml apiVersion: v1 kind: Service metadata: name: "harbor-jobservice" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" spec: ports: - name: http-jobservice port: 80 targetPort: 8080 - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: jobservice --- # Source: harbor/templates/portal/service.yaml apiVersion: v1 kind: Service metadata: name: "harbor-portal" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" spec: ports: - port: 80 targetPort: 8080 selector: release: harbor app: "harbor" component: portal --- # Source: harbor/templates/registry/registry-svc.yaml apiVersion: v1 kind: Service metadata: name: "harbor-registry" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" spec: ports: - name: http-registry port: 5000 - name: http-controller port: 8080 - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: registry --- # Source: harbor/templates/core/core-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: harbor-core labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: core app.kubernetes.io/component: core spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: release: harbor app: "harbor" component: core template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: core app.kubernetes.io/component: core annotations: checksum/configmap: 459defa5f990e3b5029d62cfdb86ca9a4191544419bdac39dac6eabc20a1d07c checksum/secret: cb3c7b9ca5ab79bbe000a4fc96165503da4a59cb40edc0e0b75b3f154910e171 checksum/secret-jobservice: abd218ca34d4473a7f8e1f6ed12b0b5e85e4f0b1ce1f6127afdfc59c9853fe7d spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: core image: goharbor/harbor-core:v2.11.1 imagePullPolicy: IfNotPresent startupProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 360 initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 2 periodSeconds: 10 readinessProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 2 periodSeconds: 10 envFrom: - configMapRef: name: "harbor-core" - secretRef: name: "harbor-core" env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core key: secret - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: harbor-jobservice key: JOBSERVICE_SECRET - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: harbor-postgres-password key: password securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault ports: - containerPort: 8080 volumeMounts: - name: config mountPath: /etc/core/app.conf subPath: app.conf - name: secret-key mountPath: /etc/core/key subPath: key - name: token-service-private-key mountPath: /etc/core/private_key.pem subPath: tls.key - name: ca-download mountPath: /etc/core/ca - name: psc mountPath: /etc/core/token volumes: - name: config configMap: name: harbor-core items: - key: app.conf path: app.conf - name: secret-key secret: secretName: harbor-core items: - key: secretKey path: key - name: token-service-private-key secret: secretName: harbor-core - name: ca-download secret: - name: psc emptyDir: {} --- # Source: harbor/templates/exporter/exporter-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: harbor-exporter labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: exporter app.kubernetes.io/component: exporter spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: release: harbor app: "harbor" component: exporter template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: exporter app.kubernetes.io/component: exporter annotations: checksum/configmap: 7175588df9aea5ad07381b9e28514d0f3506380b511be090b7d2ddc40beb5ab0 checksum/secret: be1b09e9e24f666fd357cca51bb49abd966708df0bd2e97078bf88db7ffddf85 spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false containers: - name: exporter image: goharbor/harbor-exporter:v2.11.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: / port: 8001 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: / port: 8001 initialDelaySeconds: 30 periodSeconds: 10 args: ["-log-level", "debug"] envFrom: - configMapRef: name: "harbor-exporter-env" - secretRef: name: "harbor-exporter" env: - name: HARBOR_DATABASE_PASSWORD valueFrom: secretKeyRef: name: harbor-postgres-password key: password securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault ports: - containerPort: 8001 volumeMounts: volumes: - name: config secret: secretName: "harbor-exporter" --- # Source: harbor/templates/jobservice/jobservice-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: "harbor-jobservice" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: jobservice app.kubernetes.io/component: jobservice spec: replicas: 1 revisionHistoryLimit: 10 strategy: type: RollingUpdate selector: matchLabels: release: harbor app: "harbor" component: jobservice template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: jobservice app.kubernetes.io/component: jobservice annotations: checksum/configmap: 5af691ab7fd728ad91fbd355f03ea709d69f58a32e405436cec9056617490bb3 checksum/configmap-env: f86af5d5cdbf21c00a2721265d7db84c8cda8ef1b2ac4da29aff32dbdf0a875d checksum/secret: 28c5439858d9583576afb9f6fa5ec06f8cd0ddd5883de3d0bf500e043b1e9f37 checksum/secret-core: 0fd20ee0eab72090f437861dd69bda563072baddf2c1be9c8ea9adae7cd4450a spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: jobservice image: goharbor/harbor-jobservice:v2.11.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /api/v1/stats scheme: HTTP port: 8080 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: /api/v1/stats scheme: HTTP port: 8080 initialDelaySeconds: 20 periodSeconds: 10 env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core key: secret securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault envFrom: - configMapRef: name: "harbor-jobservice-env" - secretRef: name: "harbor-jobservice" ports: - containerPort: 8080 volumeMounts: - name: jobservice-config mountPath: /etc/jobservice/config.yml subPath: config.yml - name: job-logs mountPath: /var/log/jobs subPath: volumes: - name: jobservice-config configMap: name: "harbor-jobservice" - name: job-logs persistentVolumeClaim: claimName: harbor-jobservice --- # Source: harbor/templates/portal/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: "harbor-portal" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: portal app.kubernetes.io/component: portal spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: release: harbor app: "harbor" component: portal template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: portal app.kubernetes.io/component: portal annotations: checksum/configmap: 24d858ac32ea0ba10f15274a5dc08a307a5bb9f3577cab5a58d086976c36aee5 spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false containers: - name: portal image: goharbor/harbor-portal:v2.11.1 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault livenessProbe: httpGet: path: / scheme: HTTP port: 8080 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: / scheme: HTTP port: 8080 initialDelaySeconds: 1 periodSeconds: 10 ports: - containerPort: 8080 volumeMounts: - name: portal-config mountPath: /etc/nginx/nginx.conf subPath: nginx.conf volumes: - name: portal-config configMap: name: "harbor-portal" --- # Source: harbor/templates/registry/registry-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: "harbor-registry" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: registry app.kubernetes.io/component: registry spec: replicas: 1 revisionHistoryLimit: 10 strategy: type: RollingUpdate selector: matchLabels: release: harbor app: "harbor" component: registry template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" component: registry app.kubernetes.io/component: registry annotations: checksum/configmap: 275b555209ecc9f8ff34a171d588f4030db27ae049e605ccf3cfa3c75d1acb6d checksum/secret: 2e37b86bd1c3d83b57d2ed1d80dcbe1fc39a5e241fa8cb776dac29cbccf64448 checksum/secret-jobservice: b153867cbce5e1d1b9ca0d2f4757c175d79e0f7d439cd472f35f28d764497d0b checksum/secret-core: 12550e5628a5bb979f1820737ebd09608aee707cfea2596b65edbeedc75d2558 spec: securityContext: runAsUser: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: registry image: goharbor/registry-photon:v2.11.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: / scheme: HTTP port: 5000 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: / scheme: HTTP port: 5000 initialDelaySeconds: 1 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault args: ["serve", "/etc/registry/config.yml"] envFrom: - secretRef: name: "harbor-registry" - secretRef: name: harbor-minio-credentials env: ports: - containerPort: 5000 - containerPort: 8001 volumeMounts: - name: registry-data mountPath: /storage subPath: - name: registry-htpasswd mountPath: /etc/registry/passwd subPath: passwd - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registryctl image: goharbor/harbor-registryctl:v2.11.1 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /api/health scheme: HTTP port: 8080 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: /api/health scheme: HTTP port: 8080 initialDelaySeconds: 1 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault envFrom: - configMapRef: name: "harbor-registryctl" - secretRef: name: "harbor-registry" - secretRef: name: "harbor-registryctl" - secretRef: name: harbor-minio-credentials env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core key: secret - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: harbor-jobservice key: JOBSERVICE_SECRET ports: - containerPort: 8080 volumeMounts: - name: registry-data mountPath: /storage subPath: - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registry-config mountPath: /etc/registryctl/config.yml subPath: ctl-config.yml volumes: - name: registry-htpasswd secret: secretName: harbor-registry-htpasswd items: - key: REGISTRY_HTPASSWD path: passwd - name: registry-config configMap: name: "harbor-registry" - name: registry-data emptyDir: {} --- # Source: harbor/templates/ingress/ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: "harbor-ingress" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" annotations: cert-manager.io/cluster-issuer: default external-dns.alpha.kubernetes.io/target: traefik.k-space.ee ingress.kubernetes.io/proxy-body-size: "0" ingress.kubernetes.io/ssl-redirect: "true" kubernetes.io/ingress.class: traefik nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" spec: tls: - hosts: - "*.k-space.ee" rules: - http: paths: - path: /api/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /service/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /v2/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /chartrepo/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /c/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: / pathType: Prefix backend: service: name: harbor-portal port: number: 80 host: harbor.k-space.ee --- # Source: harbor/templates/metrics/metrics-svcmon.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: harbor labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.1" spec: jobLabel: app.kubernetes.io/name endpoints: - port: http-metrics honorLabels: true selector: matchLabels: release: harbor app: "harbor"