--- # Source: harbor/templates/core/core-secret.yaml apiVersion: v1 kind: Secret metadata: name: harbor-core namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" type: Opaque data: secretKey: "bm90LWEtc2VjdXJlLWtleQ==" secret: "dU0wN0trdmV1MTduU3BFOA==" tls.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBeFN6Z252L25kM2Q4ay9LVkNydXRxZmVBTElVcXF0aUlQeCtYVlRFMUNhR3gwcWY5CkpVaVFhOC9oNHZzWDdDRi9PNjNKaHdtdXpwWmxQSGovQzRMeXhDdWJLSHVZdk9EUW5CbWxtbVEwenc2UEdGencKV25lUThtaTNma3ZmYkJpdUVoR2JrYlBsSmQ4dmtIN2lVZ3doOElyZmVYVjRNM2w5bXp3K1pySnNUcWpwUitndQpzMm1qajJHR0ovcWFESHExTGxENEdNMk5mcmRXeTk2RU94YVJ3a3BrU0V4MTJMMEZjcldBRlBDZVZsVHJYdkJWCmJPUkg5dldmUi8zMTJ6MnJmY05YMlE4cCtRQjlWMVNDTlVFbU96Zy9IbzZpM1BRM1AyRm1uNmI3N3lPNGVsUU8KcVNndGJUZWhXT3FXdCtNUVpRUSszVC9ONFRrcVZhZGxNRDdRNHdJREFRQUJBb0lCQURsanBZRkIxSm9tRWdGeAowc1dMK0xFRzA2eWhtZGllSzVITDNSMHp0RTg0Vyt5SGJwdmljZjZmUkF6dnJuZlJEQnBQcTk5OUJ2OGtNUlVYCjFvd0FNaTY4em0xTEJCcTlpSnBXc0tldVVOeVBUVUQzRkJJUXlRUjFUQ3NiWkUwdkpjTW1rdFFtdXlSNXdIdGIKSXY1a2Y2Qm1tMExiMlArS2RlK3Y2aTJ6OHVnMXAvOTV2ZGV0QlRBc1hDbk8rZE5uMUluR09XYW4yNHVuUmVEVwowM041ZkV1b2d1MHY4OWx4b09DT20zVFVxRGxScythUVUxK3VjUW40NXpsU2lSVmZZS0ZMYWprbVVOSkpyQVEyCnVDSlJlSmFmTjF1Vld4NTdVOFJsOGt0ZzRoQ1Y3aSs4R0hXcUttWFY5Z2RuV2UzTklmV1RNdWkzOEZNNDlKVDcKMzdNdHE2a0NnWUVBL0RJWHNDQ3pXZjlHOUhmMmYvZk85VVpWZmkyWTBSSTFpMm1ZczhLVjdpaThyMFhWUlNvdwpHM21oUVJYdVM5STlxSW9VSXRSbThRYU1RM0ZONFl3b0trYnNOZnZJRWtJZDllMFUvYldRNkRUTko2RDZESC9xCnM2TGVQMmRyS1h0bUdNR0E3eStDeUxQVElOQjVJMUlBWWxJcFFqeUgzd1VoaS9qSUlLUmdmTmNDZ1lFQXlDWlAKM2JobU5UTjY2VzROSnYvd3hla1pkS3hDYUxaSWQ2MXJVa0lpMU5hbHJwazhSZFBhaFllbmVKZUlyU0lHMkRhNwovU0NodWhYek5xL2tTenBLQlJxYVF5NHZGVmdneUpabjRlU2FvdDMxSDc4NWxlVllaYzdEWnZvaU9Rd1EyVW15CmpGeFFQUHhHemNxRmlYLzJDUzFtUXF2dFJDKzU4ZGNrWUE3Z1h0VUNnWUEyWnJQWGFXWm0zbnMyMXYzVVl1ZEEKMzNnbnJMeFBOU2RadUdDWlBqdExVWHhLTHIwdm0wY2ZWaUJqd3RCUmlMdUdOS3JkVElZY0xmWnB3Zkl6MmlENwo1YXFraG5pRS84QW93WWlLcGZUcE1pS2pEc1dCbHNKUkY2dnJiMnFkV3lJTjZ3ZmVFSmljcExYQldWY1lPR01lCjBteFYvbXFzd0JXWmRRUHVqcWJGcHdLQmdCbG93N3JpTGhlUzhZZXc4UHFDZzQ2Y2lSN0d2NmVMZktlMDNHc1UKK2xjSzZQM0JkbVZtLzliejRjN3RiZXlNNVZHTm9WQUJWSWJMUXBVdXYwek5tWmdNU0lrKzA3dGg5TWVDVUszYwoxOFRWYU1rZS9iQ0o3Uzcva004QjhsWkxzZGZrQTBiT2NXRk1wYkI2aFhsdlJVems5cGFBUFI3cThEQkRuOXFTCkNPb0JBb0dBQmNOcCtmb21jQWZOZkY4c0ZBT0pqdTh5OEZPd1pjSzV1SzJiN0FFOTBGaHduU05UampyZXJ1Z2oKbFBhWG9MTmZ4MmIxVlJvbzFtTjF1WU1aR1hpVDlZM2FRRkcrS0dMY3NuOG1uK2wxcVBhWkw2NnloYThaVm9VdwpxQWV2eXRzUlRsQWhFcXI1akdYMlVsQzNEbW5MaVJmVFBDVEtTclkzZ0trc29tMjlpdWM9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==" tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURIekNDQWdlZ0F3SUJBZ0lRUWJUbTFCZlRNOHpQRkxHM3ZSZlExREFOQmdrcWhraUc5dzBCQVFzRkFEQWEKTVJnd0ZnWURWUVFERXc5b1lYSmliM0l0ZEc5clpXNHRZMkV3SGhjTk1qVXdOREU0TVRrd05UVTRXaGNOTWpZdwpOREU0TVRrd05UVTRXakFhTVJnd0ZnWURWUVFERXc5b1lYSmliM0l0ZEc5clpXNHRZMkV3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURGTE9DZS8rZDNkM3lUOHBVS3U2MnA5NEFzaFNxcTJJZy8KSDVkVk1UVUpvYkhTcC8wbFNKQnJ6K0hpK3hmc0lYODdyY21IQ2E3T2xtVThlUDhMZ3ZMRUs1c29lNWk4NE5DYwpHYVdhWkRUUERvOFlYUEJhZDVEeWFMZCtTOTlzR0s0U0VadVJzK1VsM3krUWZ1SlNEQ0h3aXQ5NWRYZ3plWDJiClBENW1zbXhPcU9sSDZDNnphYU9QWVlZbitwb01lclV1VVBnWXpZMSt0MWJMM29RN0ZwSENTbVJJVEhYWXZRVnkKdFlBVThKNVdWT3RlOEZWczVFZjI5WjlIL2ZYYlBhdDl3MWZaRHluNUFIMVhWSUkxUVNZN09EOGVqcUxjOURjLwpZV2FmcHZ2dkk3aDZWQTZwS0MxdE42Rlk2cGEzNHhCbEJEN2RQODNoT1NwVnAyVXdQdERqQWdNQkFBR2pZVEJmCk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXcKRHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVZWdSMWFiRzg5L1VRUlFibWwxRXAwZVpGMXVjdwpEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSFpwWVBkQ1AxeWxmUFE3NE5HWTNSMURxaDFITWErYTdwd0c3VCsvCkc4MllLRnM4THRCcnJ6RDVvUSt0NnI4YTRZU2ZkaldTVVQ0WkI2Z0RDZFVQeVRJNWxCTnNvYjk4RnVjc0t6VmwKTHFHYUh1ZGFZL2ZTenArVkhIWmt3ZU1hVzY0TmFON1RVdWFWdCtEcXQ1cUwvenV6aW42b0trb1A1YTQvdjltWgp3c1NkUk5odC92UkFZMllma054bGpXNzR1MlpOaml0OG1tL2xwRjVteWNrVnFST1VweGowMXUvUUJyRmk2YUR6CkJjZ3FRajlkc2ZXVHVQUFk2VlAvdzVWOFFLS1NuaTkzcFN1N3FzU2tGaEJIQ1FJQmpXaGxWTTYwMWVWYkhsQ1QKeE1kM2x2Y3JpNlgrU3J1bjhSUytrTVhoY1orNEZZWHN2MHAvZ0YzZElMSDVMSXM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" HARBOR_ADMIN_PASSWORD: "SGFyYm9yMTIzNDU=" REGISTRY_CREDENTIAL_PASSWORD: "aGFyYm9yX3JlZ2lzdHJ5X3Bhc3N3b3Jk" CSRF_KEY: "V3ZHVTlmaDdSQkJkc0FXVjNiVFVselpCYUJtMUZDUks=" --- # Source: harbor/templates/exporter/exporter-secret.yaml apiVersion: v1 kind: Secret metadata: name: harbor-exporter namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" type: Opaque data: HARBOR_ADMIN_PASSWORD: "SGFyYm9yMTIzNDU=" --- # Source: harbor/templates/jobservice/jobservice-secrets.yaml apiVersion: v1 kind: Secret metadata: name: "harbor-jobservice" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" type: Opaque data: JOBSERVICE_SECRET: "SXZTSjVnVHg3aHY1YUhSWg==" REGISTRY_CREDENTIAL_PASSWORD: "aGFyYm9yX3JlZ2lzdHJ5X3Bhc3N3b3Jk" --- # Source: harbor/templates/registry/registry-secret.yaml apiVersion: v1 kind: Secret metadata: name: "harbor-registry" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" type: Opaque data: REGISTRY_HTTP_SECRET: "QmhvSnJoalMyb0tlTElNYQ==" REGISTRY_REDIS_PASSWORD: "TXZZY3VVMFJhSXUxU1g3ZlkxbTFKcmdMVVNhWkpqZ2U=" --- # Source: harbor/templates/registry/registry-secret.yaml apiVersion: v1 kind: Secret metadata: name: "harbor-registry-htpasswd" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" type: Opaque data: REGISTRY_HTPASSWD: "aGFyYm9yX3JlZ2lzdHJ5X3VzZXI6JDJhJDEwJHcydGVWR21hNEppSHJqOVJaSXZ4NHVQMG1VRmRTWjJvdTdsV2Zyd0NBcXowRkFrR3pGNkV1" --- # Source: harbor/templates/registry/registryctl-secret.yaml apiVersion: v1 kind: Secret metadata: name: "harbor-registryctl" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" type: Opaque data: --- # Source: harbor/templates/core/core-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: harbor-core namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" data: app.conf: |+ appname = Harbor runmode = prod enablegzip = true [prod] httpport = 8080 PORT: "8080" DATABASE_TYPE: "postgresql" POSTGRESQL_HOST: "172.20.43.1" POSTGRESQL_PORT: "5432" POSTGRESQL_USERNAME: "kspace_harbor" POSTGRESQL_DATABASE: "kspace_harbor" POSTGRESQL_SSLMODE: "disable" POSTGRESQL_MAX_IDLE_CONNS: "100" POSTGRESQL_MAX_OPEN_CONNS: "900" EXT_ENDPOINT: "https://harbor.k-space.ee" CORE_URL: "http://harbor-core:80" JOBSERVICE_URL: "http://harbor-jobservice" REGISTRY_URL: "http://harbor-registry:5000" TOKEN_SERVICE_URL: "http://harbor-core:80/service/token" CORE_LOCAL_URL: "http://127.0.0.1:8080" WITH_TRIVY: "false" TRIVY_ADAPTER_URL: "http://harbor-trivy:8080" REGISTRY_STORAGE_PROVIDER_NAME: "s3" LOG_LEVEL: "debug" CONFIG_PATH: "/etc/core/app.conf" CHART_CACHE_DRIVER: "redis" _REDIS_URL_CORE: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/0?idle_timeout_seconds=30" _REDIS_URL_REG: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/2?idle_timeout_seconds=30" PORTAL_URL: "http://harbor-portal" REGISTRY_CONTROLLER_URL: "http://harbor-registry:8080" REGISTRY_CREDENTIAL_USERNAME: "harbor_registry_user" HTTP_PROXY: "" HTTPS_PROXY: "" NO_PROXY: "harbor-core,harbor-jobservice,harbor-database,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal" PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE: "docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry,github-ghcr,jfrog-artifactory" METRIC_ENABLE: "true" METRIC_PATH: "/metrics" METRIC_PORT: "8001" METRIC_NAMESPACE: harbor METRIC_SUBSYSTEM: core QUOTA_UPDATE_PROVIDER: "db" --- # Source: harbor/templates/exporter/exporter-cm-env.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-exporter-env" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" data: HTTP_PROXY: "" HTTPS_PROXY: "" NO_PROXY: "harbor-core,harbor-jobservice,harbor-database,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal" LOG_LEVEL: "debug" HARBOR_EXPORTER_PORT: "8001" HARBOR_EXPORTER_METRICS_PATH: "/metrics" HARBOR_EXPORTER_METRICS_ENABLED: "true" HARBOR_EXPORTER_CACHE_TIME: "23" HARBOR_EXPORTER_CACHE_CLEAN_INTERVAL: "14400" HARBOR_METRIC_NAMESPACE: harbor HARBOR_METRIC_SUBSYSTEM: exporter HARBOR_REDIS_URL: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/1" HARBOR_REDIS_NAMESPACE: harbor_job_service_namespace HARBOR_REDIS_TIMEOUT: "3600" HARBOR_SERVICE_SCHEME: "http" HARBOR_SERVICE_HOST: "harbor-core" HARBOR_SERVICE_PORT: "80" HARBOR_DATABASE_HOST: "172.20.43.1" HARBOR_DATABASE_PORT: "5432" HARBOR_DATABASE_USERNAME: "kspace_harbor" HARBOR_DATABASE_DBNAME: "kspace_harbor" HARBOR_DATABASE_SSLMODE: "disable" HARBOR_DATABASE_MAX_IDLE_CONNS: "100" HARBOR_DATABASE_MAX_OPEN_CONNS: "900" --- # Source: harbor/templates/jobservice/jobservice-cm-env.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-jobservice-env" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" data: CORE_URL: "http://harbor-core:80" TOKEN_SERVICE_URL: "http://harbor-core:80/service/token" REGISTRY_URL: "http://harbor-registry:5000" REGISTRY_CONTROLLER_URL: "http://harbor-registry:8080" REGISTRY_CREDENTIAL_USERNAME: "harbor_registry_user" JOBSERVICE_WEBHOOK_JOB_MAX_RETRY: "3" JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "3" LOG_LEVEL: "debug" HTTP_PROXY: "" HTTPS_PROXY: "" NO_PROXY: "harbor-core,harbor-jobservice,harbor-database,harbor-registry,harbor-portal,harbor-trivy,harbor-exporter,127.0.0.1,localhost,.local,.internal" METRIC_NAMESPACE: harbor METRIC_SUBSYSTEM: jobservice --- # Source: harbor/templates/jobservice/jobservice-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-jobservice" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" data: config.yml: |+ #Server listening port protocol: "http" port: 8080 worker_pool: workers: 10 backend: "redis" redis_pool: redis_url: "redis://:MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge@dragonfly:6379/1" namespace: "harbor_job_service_namespace" idle_timeout_second: 3600 job_loggers: - name: "FILE" level: DEBUG settings: # Customized settings of logger base_dir: "/var/log/jobs" sweeper: duration: 14 #days settings: # Customized settings of sweeper work_dir: "/var/log/jobs" metric: enabled: true path: /metrics port: 8001 #Loggers for the job service loggers: - name: "STD_OUTPUT" level: DEBUG reaper: # the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24 max_update_hours: 24 # the max time for execution in running state without new task created max_dangling_hours: 168 --- # Source: harbor/templates/portal/configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-portal" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" data: nginx.conf: |+ worker_processes auto; pid /tmp/nginx.pid; events { worker_connections 1024; } http { client_body_temp_path /tmp/client_body_temp; proxy_temp_path /tmp/proxy_temp; fastcgi_temp_path /tmp/fastcgi_temp; uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; server { listen 8080; listen [::]:8080; server_name localhost; root /usr/share/nginx/html; index index.html index.htm; include /etc/nginx/mime.types; gzip on; gzip_min_length 1000; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; location /devcenter-api-2.0 { try_files $uri $uri/ /swagger-ui-index.html; } location / { try_files $uri $uri/ /index.html; } location = /index.html { add_header Cache-Control "no-store, no-cache, must-revalidate"; } } } --- # Source: harbor/templates/registry/registry-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-registry" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" data: config.yml: |+ version: 0.1 log: level: debug fields: service: registry storage: s3: region: us-east-1 bucket: harbor-operator-e60e5943-234a-496d-ae74-933f6a67c530 regionendpoint: https://external.minio-clusters.k-space.ee cache: layerinfo: redis maintenance: uploadpurging: enabled: true age: 168h interval: 24h dryrun: false delete: enabled: true redirect: disable: false redis: addr: dragonfly:6379 db: 2 password: MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge readtimeout: 10s writetimeout: 10s dialtimeout: 10s enableTLS: false pool: maxidle: 100 maxactive: 500 idletimeout: 60s http: addr: :5000 relativeurls: false # set via environment variable # secret: placeholder debug: addr: :8001 prometheus: enabled: true path: /metrics auth: htpasswd: realm: harbor-registry-basic-realm path: /etc/registry/passwd validation: disabled: true compatibility: schema1: enabled: true ctl-config.yml: |+ --- protocol: "http" port: 8080 log_level: debug registry_config: "/etc/registry/config.yml" --- # Source: harbor/templates/registry/registryctl-cm.yaml apiVersion: v1 kind: ConfigMap metadata: name: "harbor-registryctl" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" data: --- # Source: harbor/templates/jobservice/jobservice-pvc.yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: name: harbor-jobservice namespace: "harbor-operator" annotations: helm.sh/resource-policy: keep labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: jobservice app.kubernetes.io/component: jobservice spec: accessModes: - ReadWriteMany resources: requests: storage: 5Gi storageClassName: longhorn --- # Source: harbor/templates/core/core-svc.yaml apiVersion: v1 kind: Service metadata: name: harbor-core namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" spec: ports: - name: http-web port: 80 targetPort: 8080 - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: core --- # Source: harbor/templates/exporter/exporter-svc.yaml apiVersion: v1 kind: Service metadata: name: "harbor-exporter" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" spec: ports: - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: exporter --- # Source: harbor/templates/jobservice/jobservice-svc.yaml apiVersion: v1 kind: Service metadata: name: "harbor-jobservice" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" spec: ports: - name: http-jobservice port: 80 targetPort: 8080 - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: jobservice --- # Source: harbor/templates/portal/service.yaml apiVersion: v1 kind: Service metadata: name: "harbor-portal" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" spec: ports: - port: 80 targetPort: 8080 selector: release: harbor app: "harbor" component: portal --- # Source: harbor/templates/registry/registry-svc.yaml apiVersion: v1 kind: Service metadata: name: "harbor-registry" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" spec: ports: - name: http-registry port: 5000 - name: http-controller port: 8080 - name: http-metrics port: 8001 selector: release: harbor app: "harbor" component: registry --- # Source: harbor/templates/core/core-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: harbor-core namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: core app.kubernetes.io/component: core spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: release: harbor app: "harbor" component: core template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: core app.kubernetes.io/component: core annotations: checksum/configmap: 53edfff371caa1358d16dc55ff64ef5bfe6f5ff19c4066ef0e52fe0d29191437 checksum/secret: 5bce7bc29f9972e5e0c7941ca95359a5a68074e91d327eee63ab2cad9e60a3d6 checksum/secret-jobservice: fc7154159feb53c4accc9273b50a432527101aae6d5aacb1447c0019527883c9 spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: core image: goharbor/harbor-core:v2.13.0 imagePullPolicy: IfNotPresent startupProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 360 initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 2 periodSeconds: 10 readinessProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 2 periodSeconds: 10 envFrom: - configMapRef: name: "harbor-core" - secretRef: name: "harbor-core" env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core key: secret - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: harbor-jobservice key: JOBSERVICE_SECRET - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: harbor-postgres-password key: password securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault ports: - containerPort: 8080 volumeMounts: - name: config mountPath: /etc/core/app.conf subPath: app.conf - name: secret-key mountPath: /etc/core/key subPath: key - name: token-service-private-key mountPath: /etc/core/private_key.pem subPath: tls.key - name: ca-download mountPath: /etc/core/ca - name: psc mountPath: /etc/core/token volumes: - name: config configMap: name: harbor-core items: - key: app.conf path: app.conf - name: secret-key secret: secretName: harbor-core items: - key: secretKey path: key - name: token-service-private-key secret: secretName: harbor-core - name: ca-download secret: - name: psc emptyDir: {} --- # Source: harbor/templates/exporter/exporter-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: harbor-exporter namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: exporter app.kubernetes.io/component: exporter spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: release: harbor app: "harbor" component: exporter template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: exporter app.kubernetes.io/component: exporter annotations: checksum/configmap: d37ae90c0cba9361dd0f112860f5813c4fa7a69929999934c5823acc5872bd57 checksum/secret: f27e8195cce60fceb547a244386e5537de10e4b5a8d446266dda3f08e7d07aa1 spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false containers: - name: exporter image: goharbor/harbor-exporter:v2.13.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: / port: 8001 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: / port: 8001 initialDelaySeconds: 30 periodSeconds: 10 args: ["-log-level", "debug"] envFrom: - configMapRef: name: "harbor-exporter-env" - secretRef: name: "harbor-exporter" env: - name: HARBOR_DATABASE_PASSWORD valueFrom: secretKeyRef: name: harbor-postgres-password key: password securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault ports: - containerPort: 8001 volumeMounts: volumes: - name: config secret: secretName: "harbor-exporter" --- # Source: harbor/templates/jobservice/jobservice-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: "harbor-jobservice" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: jobservice app.kubernetes.io/component: jobservice spec: replicas: 1 revisionHistoryLimit: 10 strategy: type: RollingUpdate selector: matchLabels: release: harbor app: "harbor" component: jobservice template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: jobservice app.kubernetes.io/component: jobservice annotations: checksum/configmap: ab59b1db8f4e515349c53859b33651de8c104235b67af5cd19a83ae46be28446 checksum/configmap-env: 5fa7cae84a3894baf549f9f50e7e1e529b418a9264ad220a047cdbf7845bc08e checksum/secret: efbb9ad12811e43b2ad3a85611cc18e37de6220c059511119f80e704ae40c1c3 checksum/secret-core: a2530b411d3dec989d79c0f8e44a19e5f8a295ab4f9fbccf1bb827b67b130577 spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: jobservice image: goharbor/harbor-jobservice:v2.13.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /api/v1/stats scheme: HTTP port: 8080 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: /api/v1/stats scheme: HTTP port: 8080 initialDelaySeconds: 20 periodSeconds: 10 env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core key: secret securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault envFrom: - configMapRef: name: "harbor-jobservice-env" - secretRef: name: "harbor-jobservice" ports: - containerPort: 8080 volumeMounts: - name: jobservice-config mountPath: /etc/jobservice/config.yml subPath: config.yml - name: job-logs mountPath: /var/log/jobs subPath: volumes: - name: jobservice-config configMap: name: "harbor-jobservice" - name: job-logs persistentVolumeClaim: claimName: harbor-jobservice --- # Source: harbor/templates/portal/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: "harbor-portal" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: portal app.kubernetes.io/component: portal spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: release: harbor app: "harbor" component: portal template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: portal app.kubernetes.io/component: portal annotations: checksum/configmap: 4a8c44b3b4db968155f464771c3ee96c284b82ad21d850701e77748d78c7b1a3 spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false containers: - name: portal image: goharbor/harbor-portal:v2.13.0 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault livenessProbe: httpGet: path: / scheme: HTTP port: 8080 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: / scheme: HTTP port: 8080 initialDelaySeconds: 1 periodSeconds: 10 ports: - containerPort: 8080 volumeMounts: - name: portal-config mountPath: /etc/nginx/nginx.conf subPath: nginx.conf volumes: - name: portal-config configMap: name: "harbor-portal" --- # Source: harbor/templates/registry/registry-dpl.yaml apiVersion: apps/v1 kind: Deployment metadata: name: "harbor-registry" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: registry app.kubernetes.io/component: registry spec: replicas: 1 revisionHistoryLimit: 10 strategy: type: RollingUpdate selector: matchLabels: release: harbor app: "harbor" component: registry template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" component: registry app.kubernetes.io/component: registry annotations: checksum/configmap: b8975994d732c8c31013f961eec0019e4600aa162dcfd611aeec2d4f1da64e36 checksum/secret: 3d5fb955519f6a87cec93aca10887013bff60851b8ead4ce898afd4275d2764f checksum/secret-jobservice: 41630ce132329f2ad93b7e386e4b28b938c80346aa9b4d7971570d25c65f97f4 checksum/secret-core: ee02b34f2fe5f6c6b4f575aee6fa8ae4bda2977c3a5792501e7158ca18975ef1 spec: securityContext: runAsUser: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: registry image: goharbor/registry-photon:v2.13.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: / scheme: HTTP port: 5000 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: / scheme: HTTP port: 5000 initialDelaySeconds: 1 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault envFrom: - secretRef: name: "harbor-registry" - secretRef: name: harbor-minio-credentials env: ports: - containerPort: 5000 - containerPort: 8001 volumeMounts: - name: registry-data mountPath: /storage subPath: - name: registry-htpasswd mountPath: /etc/registry/passwd subPath: passwd - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registryctl image: goharbor/harbor-registryctl:v2.13.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /api/health scheme: HTTP port: 8080 initialDelaySeconds: 300 periodSeconds: 10 readinessProbe: httpGet: path: /api/health scheme: HTTP port: 8080 initialDelaySeconds: 1 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault envFrom: - configMapRef: name: "harbor-registryctl" - secretRef: name: "harbor-registry" - secretRef: name: "harbor-registryctl" - secretRef: name: harbor-minio-credentials env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core key: secret - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: harbor-jobservice key: JOBSERVICE_SECRET ports: - containerPort: 8080 volumeMounts: - name: registry-data mountPath: /storage subPath: - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registry-config mountPath: /etc/registryctl/config.yml subPath: ctl-config.yml volumes: - name: registry-htpasswd secret: secretName: harbor-registry-htpasswd items: - key: REGISTRY_HTPASSWD path: passwd - name: registry-config configMap: name: "harbor-registry" - name: registry-data emptyDir: {} --- # Source: harbor/templates/ingress/ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: "harbor-ingress" namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" annotations: cert-manager.io/cluster-issuer: default external-dns.alpha.kubernetes.io/target: traefik.k-space.ee ingress.kubernetes.io/proxy-body-size: "0" ingress.kubernetes.io/ssl-redirect: "true" kubernetes.io/ingress.class: traefik nginx.ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" traefik.ingress.kubernetes.io/router.entrypoints: websecure spec: tls: - secretName: wildcard-tls hosts: - harbor.k-space.ee rules: - http: paths: - path: /api/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /service/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /v2/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: /c/ pathType: Prefix backend: service: name: harbor-core port: number: 80 - path: / pathType: Prefix backend: service: name: harbor-portal port: number: 80 host: harbor.k-space.ee --- # Source: harbor/templates/metrics/metrics-svcmon.yaml apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: harbor namespace: "harbor-operator" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.13.0" spec: jobLabel: app.kubernetes.io/name endpoints: - port: http-metrics honorLabels: true selector: matchLabels: release: harbor app: "harbor"