--- # Source: harbor/templates/core/core-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: harbor-core labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" data: app.conf: |+ appname = Harbor runmode = prod enablegzip = true [prod] httpport = 8080 PORT: "8080" DATABASE_TYPE: "postgresql" POSTGRESQL_HOST: "172.20.43.1" POSTGRESQL_PORT: "5432" POSTGRESQL_USERNAME: "kspace_harbor" POSTGRESQL_DATABASE: "kspace_harbor" POSTGRESQL_SSLMODE: "disable" POSTGRESQL_MAX_IDLE_CONNS: "100" POSTGRESQL_MAX_OPEN_CONNS: "900" EXT_ENDPOINT: "https://harbor.k-space.ee" CORE_URL: "http://harbor-core:80" JOBSERVICE_URL: "http://harbor-jobservice" REGISTRY_URL: "http://harbor-registry:5000" TOKEN_SERVICE_URL: "http://harbor-core:80/service/token" CORE_LOCAL_URL: "http://127.0.0.1:8080" WITH_TRIVY: "false" TRIVY_ADAPTER_URL: "http://harbor-trivy:8080" REGISTRY_STORAGE_PROVIDER_NAME: "s3" LOG_LEVEL: "debug" CONFIG_PATH: "/etc/core/app.conf" CHART_CACHE_DRIVER: "redis" _REDIS_URL_CORE: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/0?idle_timeout_seconds=30" _REDIS_URL_REG: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/2?idle_timeout_seconds=30" PORTAL_URL: "http://harbor-portal" REGISTRY_CONTROLLER_URL: "http://harbor-registry:8080" REGISTRY_CREDENTIAL_USERNAME: "harbor_registry_user" HTTP_PROXY: "" HTTPS_PROXY: "" NO_PROXY: "harbor-core,harbor-jobservice,harbor-database,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal" PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE: "docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry,github-ghcr,jfrog-artifactory" METRIC_ENABLE: "true" METRIC_PATH: "/metrics" METRIC_PORT: "8001" METRIC_NAMESPACE: harbor METRIC_SUBSYSTEM: core QUOTA_UPDATE_PROVIDER: "db" --- # Source: harbor/templates/exporter/exporter-cm-env.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-exporter-env" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" data: HTTP_PROXY: "" HTTPS_PROXY: "" NO_PROXY: "harbor-core,harbor-jobservice,harbor-database,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal" LOG_LEVEL: "debug" HARBOR_EXPORTER_PORT: "8001" HARBOR_EXPORTER_METRICS_PATH: "/metrics" HARBOR_EXPORTER_METRICS_ENABLED: "true" HARBOR_EXPORTER_CACHE_TIME: "23" HARBOR_EXPORTER_CACHE_CLEAN_INTERVAL: "14400" HARBOR_METRIC_NAMESPACE: harbor HARBOR_METRIC_SUBSYSTEM: exporter HARBOR_REDIS_URL: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/1" HARBOR_REDIS_NAMESPACE: harbor_job_service_namespace HARBOR_REDIS_TIMEOUT: "3600" HARBOR_SERVICE_SCHEME: "http" HARBOR_SERVICE_HOST: "harbor-core" HARBOR_SERVICE_PORT: "80" HARBOR_DATABASE_HOST: "172.20.43.1" HARBOR_DATABASE_PORT: "5432" HARBOR_DATABASE_USERNAME: "kspace_harbor" HARBOR_DATABASE_DBNAME: "kspace_harbor" HARBOR_DATABASE_SSLMODE: "disable" HARBOR_DATABASE_MAX_IDLE_CONNS: "100" HARBOR_DATABASE_MAX_OPEN_CONNS: "900" --- # Source: harbor/templates/jobservice/jobservice-cm-env.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-jobservice-env" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" data: CORE_URL: "http://harbor-core:80" TOKEN_SERVICE_URL: "http://harbor-core:80/service/token" REGISTRY_URL: "http://harbor-registry:5000" REGISTRY_CONTROLLER_URL: "http://harbor-registry:8080" REGISTRY_CREDENTIAL_USERNAME: "harbor_registry_user" JOBSERVICE_WEBHOOK_JOB_MAX_RETRY: "3" JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "3" HTTP_PROXY: "" HTTPS_PROXY: "" NO_PROXY: "harbor-core,harbor-jobservice,harbor-database,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal" METRIC_NAMESPACE: harbor METRIC_SUBSYSTEM: jobservice --- # Source: harbor/templates/jobservice/jobservice-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-jobservice" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" data: config.yml: |+ #Server listening port protocol: "http" port: 8080 worker_pool: workers: 10 backend: "redis" redis_pool: redis_url: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/1" namespace: "harbor_job_service_namespace" idle_timeout_second: 3600 job_loggers: - name: "FILE" level: DEBUG settings: # Customized settings of logger base_dir: "/var/log/jobs" sweeper: duration: 14 #days settings: # Customized settings of sweeper work_dir: "/var/log/jobs" metric: enabled: true path: /metrics port: 8001 #Loggers for the job service loggers: - name: "STD_OUTPUT" level: DEBUG reaper: # the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24 max_update_hours: 24 # the max time for execution in running state without new task created max_dangling_hours: 168 --- # Source: harbor/templates/portal/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-portal" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" data: nginx.conf: |+ worker_processes auto; pid /tmp/nginx.pid; events { worker_connections 1024; } http { client_body_temp_path /tmp/client_body_temp; proxy_temp_path /tmp/proxy_temp; fastcgi_temp_path /tmp/fastcgi_temp; uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; server { listen 8080; listen [::]:8080; server_name localhost; root /usr/share/nginx/html; index index.html index.htm; include /etc/nginx/mime.types; gzip on; gzip_min_length 1000; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; location /devcenter-api-2.0 { try_files $uri $uri/ /swagger-ui-index.html; } location / { try_files $uri $uri/ /index.html; } location = /index.html { add_header Cache-Control "no-store, no-cache, must-revalidate"; } } } --- # Source: harbor/templates/registry/registry-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-registry" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" data: config.yml: |+ version: 0.1 log: level: debug fields: service: registry storage: s3: region: us-east-1 bucket: harbor-operator-e60e5943-234a-496d-ae74-933f6a67c530 regionendpoint: https://external.minio-clusters.k-space.ee cache: layerinfo: redis maintenance: uploadpurging: enabled: true age: 168h interval: 24h dryrun: false delete: enabled: true redirect: disable: false redis: addr: dragonfly:6379 db: 2 password: MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge readtimeout: 10s writetimeout: 10s dialtimeout: 10s pool: maxidle: 100 maxactive: 500 idletimeout: 60s http: addr: :5000 relativeurls: false # set via environment variable # secret: placeholder debug: addr: :8001 prometheus: enabled: true path: /metrics auth: htpasswd: realm: harbor-registry-basic-realm path: /etc/registry/passwd validation: disabled: true compatibility: schema1: enabled: true ctl-config.yml: |+ --- protocol: "http" port: 8080 log_level: debug registry_config: "/etc/registry/config.yml" --- # Source: harbor/templates/registry/registryctl-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-registryctl" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" data: --- # Source: harbor/templates/jobservice/jobservice-pvc.yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: name: harbor-jobservice annotations: helm.sh/resource-policy: keep labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: jobservice app.kubernetes.io/component: jobservice spec: accessModes: - ReadWriteMany resources: requests: storage: 5Gi storageClassName: longhorn --- # Source: harbor/templates/core/core-svc.yaml apiVersion: v1 kind: Service metadata: name: harbor-core labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" spec: ports: - name: http-web port: 80 targetPort: 8080 - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: core --- # Source: harbor/templates/exporter/exporter-svc.yaml apiVersion: v1 kind: Service metadata: name: "harbor-exporter" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" spec: ports: - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: exporter --- # Source: harbor/templates/jobservice/jobservice-svc.yaml apiVersion: v1 kind: Service metadata: name: "harbor-jobservice" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" spec: ports: - name: http-jobservice port: 80 targetPort: 8080 - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: jobservice --- # Source: harbor/templates/portal/service.yaml apiVersion: v1 kind: Service metadata: name: "harbor-portal" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" spec: ports: - port: 80 targetPort: 8080 selector: release: harbor app: "harbor" component: portal --- # Source: harbor/templates/registry/registry-svc.yaml apiVersion: v1 kind: Service metadata: name: "harbor-registry" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" spec: ports: - name: http-registry port: 5000 - name: http-controller port: 8080 - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: registry --- # Source: harbor/templates/core/core-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: harbor-core labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: core app.kubernetes.io/component: core spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: release: harbor app: "harbor" component: core template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: core app.kubernetes.io/component: core annotations: checksum/configmap: 9ea7f1881e4fe5b908355ee28e246b67c8c498d2f719dd74a5536a51ee2d9865 checksum/secret: ca32f9ad83fe0ed3d8ebb51e01558e15a66ea80eb95dae096d00a19e25f2f239 checksum/secret-jobservice: e54d9ef76e5cfb44adfcf233be3c39cc3f6d15ed61a36c4370fa5948c3192f38 spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: core image: goharbor/harbor-core:v2.11.0 imagePullPolicy: IfNotPresent startupProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 360 initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 2 periodSeconds: 10 readinessProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 2 periodSeconds: 10 envFrom: - configMapRef: name: "harbor-core" - secretRef: name: "harbor-core" env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core key: secret - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: harbor-jobservice key: JOBSERVICE_SECRET - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: harbor-postgres-password key: password securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault ports: - containerPort: 8080 volumeMounts: - name: config mountPath: /etc/core/app.conf subPath: app.conf - name: secret-key mountPath: /etc/core/key subPath: key - name: token-service-private-key mountPath: /etc/core/private_key.pem subPath: tls.key - name: ca-download mountPath: /etc/core/ca - name: psc mountPath: /etc/core/token volumes: - name: config configMap: name: harbor-core items: - key: app.conf path: app.conf - name: secret-key secret: secretName: harbor-core-oidc-secret-encryption-key items: - key: secretKey path: key - name: token-service-private-key secret: secretName: harbor-core - name: ca-download secret: secretName: "harbor-ingress" - name: psc emptyDir: {} --- # Source: harbor/templates/exporter/exporter-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: harbor-exporter labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: exporter app.kubernetes.io/component: exporter spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: release: harbor app: "harbor" component: exporter template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: exporter app.kubernetes.io/component: exporter annotations: checksum/configmap: 79f5dcd087513f8f1d03fca430907faeb9bd7df805dbb251b750fb49ccb0f0b5 checksum/secret: 55bad27b07dca97c644c9977eb8c3da9c08c8b8bbda2854878d2936a8da28508 spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false containers: - name: exporter image: goharbor/harbor-exporter:v2.11.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: / port: 8001 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: / port: 8001 initialDelaySeconds: 30 periodSeconds: 10 args: ["-log-level", "debug"] envFrom: - configMapRef: name: "harbor-exporter-env" - secretRef: name: "harbor-exporter" env: - name: HARBOR_DATABASE_PASSWORD valueFrom: secretKeyRef: name: harbor-postgres-password key: password securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault ports: - containerPort: 8001 volumeMounts: volumes: - name: config secret: secretName: "harbor-exporter" --- # Source: harbor/templates/jobservice/jobservice-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: "harbor-jobservice" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: jobservice app.kubernetes.io/component: jobservice spec: replicas: 1 revisionHistoryLimit: 10 strategy: type: RollingUpdate selector: matchLabels: release: harbor app: "harbor" component: jobservice template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: jobservice app.kubernetes.io/component: jobservice annotations: checksum/configmap: 3a35bef831e58536bf86670117b43e2913a4c1a60d0e74d948559d7a7d564684 checksum/configmap-env: 80e8b81abf755707210d6112ad65167a7d53088b209f63c603d308ef68c4cfad checksum/secret: 8f842279ee68a874f9f099e41130fc9792a74bb594ac52eb5615587636988526 checksum/secret-core: d210f333cfb703a98116fd88d154fb61ed81a81b4276f042496d53e622702c5c spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: jobservice image: goharbor/harbor-jobservice:v2.11.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /api/v1/stats scheme: HTTP port: 8080 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: /api/v1/stats scheme: HTTP port: 8080 initialDelaySeconds: 20 periodSeconds: 10 env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core key: secret securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault envFrom: - configMapRef: name: "harbor-jobservice-env" - secretRef: name: "harbor-jobservice" ports: - containerPort: 8080 volumeMounts: - name: jobservice-config mountPath: /etc/jobservice/config.yml subPath: config.yml - name: job-logs mountPath: /var/log/jobs subPath: volumes: - name: jobservice-config configMap: name: "harbor-jobservice" - name: job-logs persistentVolumeClaim: claimName: harbor-jobservice --- # Source: harbor/templates/portal/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: "harbor-portal" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: portal app.kubernetes.io/component: portal spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: release: harbor app: "harbor" component: portal template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: portal app.kubernetes.io/component: portal annotations: checksum/configmap: d1b4818dc76aa5b382b435491e437f3c5f9795bf1fb019c82b003f75e7bc3d8f spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false containers: - name: portal image: goharbor/harbor-portal:v2.11.0 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault livenessProbe: httpGet: path: / scheme: HTTP port: 8080 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: / scheme: HTTP port: 8080 initialDelaySeconds: 1 periodSeconds: 10 ports: - containerPort: 8080 volumeMounts: - name: portal-config mountPath: /etc/nginx/nginx.conf subPath: nginx.conf volumes: - name: portal-config configMap: name: "harbor-portal" --- # Source: harbor/templates/registry/registry-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: "harbor-registry" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: registry app.kubernetes.io/component: registry spec: replicas: 1 revisionHistoryLimit: 10 strategy: type: RollingUpdate selector: matchLabels: release: harbor app: "harbor" component: registry template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" component: registry app.kubernetes.io/component: registry annotations: checksum/configmap: b11f146e734a9ac7c3df9f83562e7ac5fea9e2b10b89118f19207c9b95104496 checksum/secret: a441697613dc9da44a7147c0212aafcfb5e12cc4dfb7130b55851b6a502ceac6 checksum/secret-jobservice: b316e2054db578411b0078450fe05fc52b227cead30b5981ed20c2c97f8c7d8b checksum/secret-core: 2f3ad0d88e741a710ff8068d2f687b1873667bebb472ddb85726b87375a9e1c6 spec: securityContext: runAsUser: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: registry image: goharbor/registry-photon:v2.11.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: / scheme: HTTP port: 5000 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: / scheme: HTTP port: 5000 initialDelaySeconds: 1 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault args: ["serve", "/etc/registry/config.yml"] envFrom: - secretRef: name: "harbor-registry" - secretRef: name: harbor-minio-credentials env: ports: - containerPort: 5000 - containerPort: 8001 volumeMounts: - name: registry-data mountPath: /storage subPath: - name: registry-htpasswd mountPath: /etc/registry/passwd subPath: passwd - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registryctl image: goharbor/harbor-registryctl:v2.11.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /api/health scheme: HTTP port: 8080 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: /api/health scheme: HTTP port: 8080 initialDelaySeconds: 1 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault envFrom: - configMapRef: name: "harbor-registryctl" - secretRef: name: "harbor-registry" - secretRef: name: "harbor-registryctl" - secretRef: name: harbor-minio-credentials env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core key: secret - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: harbor-jobservice key: JOBSERVICE_SECRET ports: - containerPort: 8080 volumeMounts: - name: registry-data mountPath: /storage subPath: - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registry-config mountPath: /etc/registryctl/config.yml subPath: ctl-config.yml volumes: - name: registry-htpasswd secret: secretName: harbor-registry-htpasswd items: - key: REGISTRY_HTPASSWD path: passwd - name: registry-config configMap: name: "harbor-registry" - name: registry-data emptyDir: {} --- # Source: harbor/templates/ingress/ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: "harbor-ingress" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" annotations: cert-manager.io/cluster-issuer: default external-dns.alpha.kubernetes.io/target: traefik.k-space.ee ingress.kubernetes.io/proxy-body-size: "0" ingress.kubernetes.io/ssl-redirect: "true" kubernetes.io/ingress.class: traefik nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" spec: tls: - secretName: harbor-ingress hosts: - harbor.k-space.ee rules: - http: paths: - path: /api/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /service/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /v2/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /chartrepo/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /c/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: / pathType: Prefix backend: service: name: harbor-portal port: number: 80 host: harbor.k-space.ee --- # Source: harbor/templates/metrics/metrics-svcmon.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: harbor labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.11.0" spec: jobLabel: app.kubernetes.io/name endpoints: - port: http-metrics honorLabels: true selector: matchLabels: release: harbor app: "harbor"