diff --git a/templates/harbor-core.yaml b/templates/harbor-core.yaml index d7a146a..b4571a8 100644 --- a/templates/harbor-core.yaml +++ b/templates/harbor-core.yaml @@ -1,4 +1,20 @@ --- +apiVersion: codemowers.io/v1alpha1 +kind: PostgresDatabase +metadata: + name: harbor +spec: + capacity: {{ .Values.storage.postgres.storage }} + class: {{ .Values.storage.postgres.class }} +--- +apiVersion: codemowers.io/v1alpha1 +kind: Redis +metadata: + name: core +spec: + class: ephemeral + capacity: 512Mi +--- apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -18,7 +34,7 @@ spec: name: harbor-operator --- apiVersion: codemowers.io/v1alpha1 -kind: GeneratedSecret +kind: Secret metadata: name: harbor-admin-secrets spec: @@ -29,7 +45,7 @@ spec: value: "https://admin:%(password)s@{{ .Values.ingress.host }}" --- apiVersion: codemowers.io/v1alpha1 -kind: GeneratedSecret +kind: Secret metadata: name: harbor-core-secret spec: @@ -38,7 +54,7 @@ spec: value: "%(password)s" --- apiVersion: codemowers.io/v1alpha1 -kind: GeneratedSecret +kind: Secret metadata: name: harbor-core-oidc-secret-encryption-key spec: @@ -48,7 +64,7 @@ spec: value: "%(password)s" --- apiVersion: codemowers.io/v1alpha1 -kind: GeneratedSecret +kind: Secret metadata: name: harbor-core-csrf-key spec: @@ -115,7 +131,7 @@ metadata: app: harbor component: core spec: - replicas: 2 + replicas: 1 revisionHistoryLimit: 0 selector: matchLabels: &selectorLabels @@ -185,37 +201,37 @@ spec: - name: POSTGRESQL_HOST valueFrom: secretKeyRef: - name: harbor-pguser-harbor - key: host + name: postgres-database-harbor-owner-secrets + key: PGHOST - name: POSTGRESQL_PORT valueFrom: secretKeyRef: - name: harbor-pguser-harbor - key: port + name: postgres-database-harbor-owner-secrets + key: PGPORT - name: POSTGRESQL_DATABASE valueFrom: secretKeyRef: - name: harbor-pguser-harbor - key: dbname + name: postgres-database-harbor-owner-secrets + key: PGDATABASE - name: POSTGRESQL_USERNAME valueFrom: secretKeyRef: - name: harbor-pguser-harbor - key: user + name: postgres-database-harbor-owner-secrets + key: PGUSER - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: - name: harbor-pguser-harbor - key: password + name: postgres-database-harbor-owner-secrets + key: PGPASSWORD - name: _REDIS_URL_CORE valueFrom: secretKeyRef: - name: harbor-core-redis-secrets + name: redis-core-owner-secrets key: REDIS_URI - name: _REDIS_URL_REG valueFrom: secretKeyRef: - name: harbor-registry-redis-secrets + name: redis-registry-owner-secrets key: REDIS_URI - name: CORE_SECRET valueFrom: diff --git a/templates/harbor-jobservice.yaml b/templates/harbor-jobservice.yaml index ce033e3..94f3573 100644 --- a/templates/harbor-jobservice.yaml +++ b/templates/harbor-jobservice.yaml @@ -1,6 +1,14 @@ --- apiVersion: codemowers.io/v1alpha1 -kind: GeneratedSecret +kind: Redis +metadata: + name: jobservice +spec: + class: ephemeral + capacity: 512Mi +--- +apiVersion: codemowers.io/v1alpha1 +kind: Secret metadata: name: harbor-jobservice spec: @@ -36,7 +44,6 @@ data: workers: 1 backend: "redis" redis_pool: - redis_url: "redis://harbor-jobservice-redis:6379/0" namespace: "harbor_job_service_namespace" idle_timeout_second: 3600 job_loggers: @@ -121,7 +128,7 @@ spec: - name: JOB_SERVICE_POOL_REDIS_URL valueFrom: secretKeyRef: - name: harbor-jobservice-redis-secrets + name: redis-jobservice-owner-secrets key: REDIS_URI - name: CORE_SECRET valueFrom: @@ -131,7 +138,7 @@ spec: - name: _REDIS_URL_CORE valueFrom: secretKeyRef: - name: harbor-core-redis-secrets + name: redis-core-owner-secrets key: REDIS_URI envFrom: - configMapRef: diff --git a/templates/harbor-registry.yaml b/templates/harbor-registry.yaml index 7aafe40..16f46aa 100644 --- a/templates/harbor-registry.yaml +++ b/templates/harbor-registry.yaml @@ -1,6 +1,22 @@ --- apiVersion: codemowers.io/v1alpha1 -kind: GeneratedSecret +kind: Bucket +metadata: + name: registry +spec: + capacity: {{ .Values.storage.registry.storage }} + class: {{ .Values.storage.registry.class }} +--- +apiVersion: codemowers.io/v1alpha1 +kind: Redis +metadata: + name: registry +spec: + class: ephemeral + capacity: 512Mi +--- +apiVersion: codemowers.io/v1alpha1 +kind: Secret metadata: name: harbor-registry-credentials spec: @@ -11,7 +27,7 @@ spec: value: "harbor_registry_user:%(bcrypt)s" --- apiVersion: codemowers.io/v1alpha1 -kind: GeneratedSecret +kind: Secret metadata: name: harbor-registry spec: @@ -33,8 +49,6 @@ data: fields: service: registry storage: - filesystem: - rootdirectory: /storage cache: layerinfo: redis maintenance: @@ -45,10 +59,7 @@ data: dryrun: false delete: enabled: true - redirect: - disable: false redis: - addr: harbor-registry-redis:6379 db: 0 readtimeout: 10s writetimeout: 10s @@ -81,21 +92,6 @@ data: log_level: info registry_config: "/etc/registry/config.yml" --- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: harbor-registry - labels: - app: harbor - component: registry -spec: - storageClassName: {{ .Values.storage.registry.storageClass }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.storage.registry.storage }} ---- apiVersion: v1 kind: Service metadata: @@ -154,20 +150,52 @@ spec: - serve - /etc/registry/config.yml env: + - name: REGISTRY_HTTP_SECRET + valueFrom: + secretKeyRef: + name: harbor-registry + key: REGISTRY_HTTP_SECRET + - name: REGISTRY_REDIS_ADDR + valueFrom: + secretKeyRef: + name: redis-registry-owner-secrets + key: REDIS_HOST_PORT - name: REGISTRY_REDIS_PASSWORD valueFrom: secretKeyRef: - name: harbor-registry-redis-secrets + name: redis-registry-owner-secrets key: REDIS_PASSWORD + - name: REGISTRY_STORAGE_S3_ACCESSKEY + valueFrom: + secretKeyRef: + name: bucket-registry-owner-secrets + key: AWS_ACCESS_KEY_ID + - name: REGISTRY_STORAGE_S3_SECRETKEY + valueFrom: + secretKeyRef: + name: bucket-registry-owner-secrets + key: AWS_SECRET_ACCESS_KEY + - name: REGISTRY_STORAGE_S3_REGION + valueFrom: + secretKeyRef: + name: bucket-registry-owner-secrets + key: AWS_DEFAULT_REGION + - name: REGISTRY_STORAGE_S3_REGIONENDPOINT + valueFrom: + secretKeyRef: + name: bucket-registry-owner-secrets + key: AWS_S3_ENDPOINT_URL + - name: REGISTRY_STORAGE_S3_BUCKET + valueFrom: + secretKeyRef: + name: bucket-registry-owner-secrets + key: BUCKET_NAME ports: - containerPort: 5000 name: http - containerPort: 5001 name: metrics volumeMounts: - - name: registry-data - mountPath: /storage - subPath: - name: registry-htpasswd mountPath: /etc/registry/passwd subPath: passwd @@ -199,13 +227,45 @@ spec: secretKeyRef: name: harbor-registry key: REGISTRY_HTTP_SECRET + - name: REGISTRY_REDIS_ADDR + valueFrom: + secretKeyRef: + name: redis-registry-owner-secrets + key: REDIS_HOST_PORT + - name: REGISTRY_REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: redis-registry-owner-secrets + key: REDIS_PASSWORD + - name: REGISTRY_STORAGE_S3_ACCESSKEY + valueFrom: + secretKeyRef: + name: bucket-registry-owner-secrets + key: AWS_ACCESS_KEY_ID + - name: REGISTRY_STORAGE_S3_SECRETKEY + valueFrom: + secretKeyRef: + name: bucket-registry-owner-secrets + key: AWS_SECRET_ACCESS_KEY + - name: REGISTRY_STORAGE_S3_REGION + valueFrom: + secretKeyRef: + name: bucket-registry-owner-secrets + key: AWS_DEFAULT_REGION + - name: REGISTRY_STORAGE_S3_REGIONENDPOINT + valueFrom: + secretKeyRef: + name: bucket-registry-owner-secrets + key: AWS_S3_ENDPOINT_URL + - name: REGISTRY_STORAGE_S3_BUCKET + valueFrom: + secretKeyRef: + name: bucket-registry-owner-secrets + key: BUCKET_NAME ports: - containerPort: 8080 name: http volumeMounts: - - name: registry-data - mountPath: /storage - subPath: - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml @@ -222,6 +282,3 @@ spec: - name: registry-config configMap: name: harbor-registry - - name: registry-data - persistentVolumeClaim: - claimName: harbor-registry diff --git a/templates/postgres.yaml b/templates/postgres.yaml deleted file mode 100644 index e216498..0000000 --- a/templates/postgres.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: postgres-operator.crunchydata.com/v1beta1 -kind: PostgresCluster -metadata: - name: harbor -spec: - postgresVersion: 14 - instances: - - name: postgres - replicas: 3 - dataVolumeClaimSpec: - storageClassName: {{ .Values.storage.postgres.storageClass }} - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: {{ .Values.storage.postgres.storage }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.topologyKey }} - labelSelector: - matchLabels: - postgres-operator.crunchydata.com/cluster: harbor - postgres-operator.crunchydata.com/instance-set: postgres - backups: - pgbackrest: - global: - repo1-retention-full: "1" - repo1-retention-full-type: time - repoHost: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - jobs: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - repos: - - name: repo1 - schedules: - full: "0 5 31 2 *" - volume: - volumeClaimSpec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Mi diff --git a/templates/redis.yaml b/templates/redis.yaml deleted file mode 100644 index 869bc60..0000000 --- a/templates/redis.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: codemowers.io/v1alpha1 -kind: KeyDBCluster -metadata: - name: harbor-core-redis -spec: - replicas: 3 ---- -apiVersion: codemowers.io/v1alpha1 -kind: KeyDBCluster -metadata: - name: harbor-jobservice-redis -spec: - replicas: 3 ---- -apiVersion: codemowers.io/v1alpha1 -kind: KeyDBCluster -metadata: - name: harbor-registry-redis -spec: - replicas: 3 diff --git a/values.yaml b/values.yaml index 5baef20..b1c449b 100644 --- a/values.yaml +++ b/values.yaml @@ -26,10 +26,10 @@ image: # Storage options storage: postgres: - storageClass: postgres + class: shared storage: 5Gi registry: - storageClass: longhorn + class: shared storage: 30Gi # Harbor projects to initialize