Migrate to operator-bundle

This commit is contained in:
Lauri Võsandi 2023-01-08 22:41:31 +02:00
parent 713910086f
commit 7f9d653d49
6 changed files with 135 additions and 144 deletions

View File

@ -1,4 +1,20 @@
--- ---
apiVersion: codemowers.io/v1alpha1
kind: PostgresDatabase
metadata:
name: harbor
spec:
capacity: {{ .Values.storage.postgres.storage }}
class: {{ .Values.storage.postgres.class }}
---
apiVersion: codemowers.io/v1alpha1
kind: Redis
metadata:
name: core
spec:
class: ephemeral
capacity: 512Mi
---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Issuer kind: Issuer
metadata: metadata:
@ -18,7 +34,7 @@ spec:
name: harbor-operator name: harbor-operator
--- ---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: GeneratedSecret kind: Secret
metadata: metadata:
name: harbor-admin-secrets name: harbor-admin-secrets
spec: spec:
@ -29,7 +45,7 @@ spec:
value: "https://admin:%(password)s@{{ .Values.ingress.host }}" value: "https://admin:%(password)s@{{ .Values.ingress.host }}"
--- ---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: GeneratedSecret kind: Secret
metadata: metadata:
name: harbor-core-secret name: harbor-core-secret
spec: spec:
@ -38,7 +54,7 @@ spec:
value: "%(password)s" value: "%(password)s"
--- ---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: GeneratedSecret kind: Secret
metadata: metadata:
name: harbor-core-oidc-secret-encryption-key name: harbor-core-oidc-secret-encryption-key
spec: spec:
@ -48,7 +64,7 @@ spec:
value: "%(password)s" value: "%(password)s"
--- ---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: GeneratedSecret kind: Secret
metadata: metadata:
name: harbor-core-csrf-key name: harbor-core-csrf-key
spec: spec:
@ -115,7 +131,7 @@ metadata:
app: harbor app: harbor
component: core component: core
spec: spec:
replicas: 2 replicas: 1
revisionHistoryLimit: 0 revisionHistoryLimit: 0
selector: selector:
matchLabels: &selectorLabels matchLabels: &selectorLabels
@ -185,37 +201,37 @@ spec:
- name: POSTGRESQL_HOST - name: POSTGRESQL_HOST
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: harbor-pguser-harbor name: postgres-database-harbor-owner-secrets
key: host key: PGHOST
- name: POSTGRESQL_PORT - name: POSTGRESQL_PORT
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: harbor-pguser-harbor name: postgres-database-harbor-owner-secrets
key: port key: PGPORT
- name: POSTGRESQL_DATABASE - name: POSTGRESQL_DATABASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: harbor-pguser-harbor name: postgres-database-harbor-owner-secrets
key: dbname key: PGDATABASE
- name: POSTGRESQL_USERNAME - name: POSTGRESQL_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: harbor-pguser-harbor name: postgres-database-harbor-owner-secrets
key: user key: PGUSER
- name: POSTGRESQL_PASSWORD - name: POSTGRESQL_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: harbor-pguser-harbor name: postgres-database-harbor-owner-secrets
key: password key: PGPASSWORD
- name: _REDIS_URL_CORE - name: _REDIS_URL_CORE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: harbor-core-redis-secrets name: redis-core-owner-secrets
key: REDIS_URI key: REDIS_URI
- name: _REDIS_URL_REG - name: _REDIS_URL_REG
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: harbor-registry-redis-secrets name: redis-registry-owner-secrets
key: REDIS_URI key: REDIS_URI
- name: CORE_SECRET - name: CORE_SECRET
valueFrom: valueFrom:

View File

@ -1,6 +1,14 @@
--- ---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: GeneratedSecret kind: Redis
metadata:
name: jobservice
spec:
class: ephemeral
capacity: 512Mi
---
apiVersion: codemowers.io/v1alpha1
kind: Secret
metadata: metadata:
name: harbor-jobservice name: harbor-jobservice
spec: spec:
@ -36,7 +44,6 @@ data:
workers: 1 workers: 1
backend: "redis" backend: "redis"
redis_pool: redis_pool:
redis_url: "redis://harbor-jobservice-redis:6379/0"
namespace: "harbor_job_service_namespace" namespace: "harbor_job_service_namespace"
idle_timeout_second: 3600 idle_timeout_second: 3600
job_loggers: job_loggers:
@ -121,7 +128,7 @@ spec:
- name: JOB_SERVICE_POOL_REDIS_URL - name: JOB_SERVICE_POOL_REDIS_URL
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: harbor-jobservice-redis-secrets name: redis-jobservice-owner-secrets
key: REDIS_URI key: REDIS_URI
- name: CORE_SECRET - name: CORE_SECRET
valueFrom: valueFrom:
@ -131,7 +138,7 @@ spec:
- name: _REDIS_URL_CORE - name: _REDIS_URL_CORE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: harbor-core-redis-secrets name: redis-core-owner-secrets
key: REDIS_URI key: REDIS_URI
envFrom: envFrom:
- configMapRef: - configMapRef:

View File

@ -1,6 +1,22 @@
--- ---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: GeneratedSecret kind: Bucket
metadata:
name: registry
spec:
capacity: {{ .Values.storage.registry.storage }}
class: {{ .Values.storage.registry.class }}
---
apiVersion: codemowers.io/v1alpha1
kind: Redis
metadata:
name: registry
spec:
class: ephemeral
capacity: 512Mi
---
apiVersion: codemowers.io/v1alpha1
kind: Secret
metadata: metadata:
name: harbor-registry-credentials name: harbor-registry-credentials
spec: spec:
@ -11,7 +27,7 @@ spec:
value: "harbor_registry_user:%(bcrypt)s" value: "harbor_registry_user:%(bcrypt)s"
--- ---
apiVersion: codemowers.io/v1alpha1 apiVersion: codemowers.io/v1alpha1
kind: GeneratedSecret kind: Secret
metadata: metadata:
name: harbor-registry name: harbor-registry
spec: spec:
@ -33,8 +49,6 @@ data:
fields: fields:
service: registry service: registry
storage: storage:
filesystem:
rootdirectory: /storage
cache: cache:
layerinfo: redis layerinfo: redis
maintenance: maintenance:
@ -45,10 +59,7 @@ data:
dryrun: false dryrun: false
delete: delete:
enabled: true enabled: true
redirect:
disable: false
redis: redis:
addr: harbor-registry-redis:6379
db: 0 db: 0
readtimeout: 10s readtimeout: 10s
writetimeout: 10s writetimeout: 10s
@ -81,21 +92,6 @@ data:
log_level: info log_level: info
registry_config: "/etc/registry/config.yml" registry_config: "/etc/registry/config.yml"
--- ---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: harbor-registry
labels:
app: harbor
component: registry
spec:
storageClassName: {{ .Values.storage.registry.storageClass }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.storage.registry.storage }}
---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
@ -154,20 +150,52 @@ spec:
- serve - serve
- /etc/registry/config.yml - /etc/registry/config.yml
env: env:
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: harbor-registry
key: REGISTRY_HTTP_SECRET
- name: REGISTRY_REDIS_ADDR
valueFrom:
secretKeyRef:
name: redis-registry-owner-secrets
key: REDIS_HOST_PORT
- name: REGISTRY_REDIS_PASSWORD - name: REGISTRY_REDIS_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: harbor-registry-redis-secrets name: redis-registry-owner-secrets
key: REDIS_PASSWORD key: REDIS_PASSWORD
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_ACCESS_KEY_ID
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_SECRET_ACCESS_KEY
- name: REGISTRY_STORAGE_S3_REGION
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_DEFAULT_REGION
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_S3_ENDPOINT_URL
- name: REGISTRY_STORAGE_S3_BUCKET
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: BUCKET_NAME
ports: ports:
- containerPort: 5000 - containerPort: 5000
name: http name: http
- containerPort: 5001 - containerPort: 5001
name: metrics name: metrics
volumeMounts: volumeMounts:
- name: registry-data
mountPath: /storage
subPath:
- name: registry-htpasswd - name: registry-htpasswd
mountPath: /etc/registry/passwd mountPath: /etc/registry/passwd
subPath: passwd subPath: passwd
@ -199,13 +227,45 @@ spec:
secretKeyRef: secretKeyRef:
name: harbor-registry name: harbor-registry
key: REGISTRY_HTTP_SECRET key: REGISTRY_HTTP_SECRET
- name: REGISTRY_REDIS_ADDR
valueFrom:
secretKeyRef:
name: redis-registry-owner-secrets
key: REDIS_HOST_PORT
- name: REGISTRY_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-registry-owner-secrets
key: REDIS_PASSWORD
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_ACCESS_KEY_ID
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_SECRET_ACCESS_KEY
- name: REGISTRY_STORAGE_S3_REGION
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_DEFAULT_REGION
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_S3_ENDPOINT_URL
- name: REGISTRY_STORAGE_S3_BUCKET
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: BUCKET_NAME
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: http name: http
volumeMounts: volumeMounts:
- name: registry-data
mountPath: /storage
subPath:
- name: registry-config - name: registry-config
mountPath: /etc/registry/config.yml mountPath: /etc/registry/config.yml
subPath: config.yml subPath: config.yml
@ -222,6 +282,3 @@ spec:
- name: registry-config - name: registry-config
configMap: configMap:
name: harbor-registry name: harbor-registry
- name: registry-data
persistentVolumeClaim:
claimName: harbor-registry

View File

@ -1,68 +0,0 @@
apiVersion: postgres-operator.crunchydata.com/v1beta1
kind: PostgresCluster
metadata:
name: harbor
spec:
postgresVersion: 14
instances:
- name: postgres
replicas: 3
dataVolumeClaimSpec:
storageClassName: {{ .Values.storage.postgres.storageClass }}
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: {{ .Values.storage.postgres.storage }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: {{ .Values.topologyKey }}
labelSelector:
matchLabels:
postgres-operator.crunchydata.com/cluster: harbor
postgres-operator.crunchydata.com/instance-set: postgres
backups:
pgbackrest:
global:
repo1-retention-full: "1"
repo1-retention-full-type: time
repoHost:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
jobs:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
repos:
- name: repo1
schedules:
full: "0 5 31 2 *"
volume:
volumeClaimSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Mi

View File

@ -1,21 +0,0 @@
---
apiVersion: codemowers.io/v1alpha1
kind: KeyDBCluster
metadata:
name: harbor-core-redis
spec:
replicas: 3
---
apiVersion: codemowers.io/v1alpha1
kind: KeyDBCluster
metadata:
name: harbor-jobservice-redis
spec:
replicas: 3
---
apiVersion: codemowers.io/v1alpha1
kind: KeyDBCluster
metadata:
name: harbor-registry-redis
spec:
replicas: 3

View File

@ -26,10 +26,10 @@ image:
# Storage options # Storage options
storage: storage:
postgres: postgres:
storageClass: postgres class: shared
storage: 5Gi storage: 5Gi
registry: registry:
storageClass: longhorn class: shared
storage: 30Gi storage: 30Gi
# Harbor projects to initialize # Harbor projects to initialize