Compare commits
1 Commits
Author | SHA1 | Date |
---|---|---|
Lauri Võsandi | 81fe2eb69f |
|
@ -15,7 +15,6 @@ mutation_excluded_namespaces = set([
|
||||||
"kube-system", # kube-proxy hosted here
|
"kube-system", # kube-proxy hosted here
|
||||||
"tigera-operator",
|
"tigera-operator",
|
||||||
"calico-system",
|
"calico-system",
|
||||||
"metallb-system",
|
|
||||||
|
|
||||||
# Do not fiddle with CSI stuff
|
# Do not fiddle with CSI stuff
|
||||||
"longhorn-system",
|
"longhorn-system",
|
||||||
|
@ -23,7 +22,6 @@ mutation_excluded_namespaces = set([
|
||||||
# Don't touch Harbor itself
|
# Don't touch Harbor itself
|
||||||
"harbor-operator",
|
"harbor-operator",
|
||||||
])
|
])
|
||||||
|
|
||||||
harbor = Harbor(os.environ["HARBOR_URI"])
|
harbor = Harbor(os.environ["HARBOR_URI"])
|
||||||
cached_registries = set()
|
cached_registries = set()
|
||||||
app = Sanic("admission_control")
|
app = Sanic("admission_control")
|
||||||
|
|
|
@ -1,20 +1,4 @@
|
||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
|
||||||
kind: PostgresDatabase
|
|
||||||
metadata:
|
|
||||||
name: harbor
|
|
||||||
spec:
|
|
||||||
capacity: {{ .Values.storage.postgres.storage }}
|
|
||||||
class: {{ .Values.storage.postgres.class }}
|
|
||||||
---
|
|
||||||
apiVersion: codemowers.io/v1alpha1
|
|
||||||
kind: Redis
|
|
||||||
metadata:
|
|
||||||
name: core
|
|
||||||
spec:
|
|
||||||
class: ephemeral
|
|
||||||
capacity: 512Mi
|
|
||||||
---
|
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
kind: Issuer
|
kind: Issuer
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -34,7 +18,7 @@ spec:
|
||||||
name: harbor-operator
|
name: harbor-operator
|
||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
apiVersion: codemowers.io/v1alpha1
|
||||||
kind: Secret
|
kind: GeneratedSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: harbor-admin-secrets
|
name: harbor-admin-secrets
|
||||||
spec:
|
spec:
|
||||||
|
@ -45,7 +29,7 @@ spec:
|
||||||
value: "https://admin:%(password)s@{{ .Values.ingress.host }}"
|
value: "https://admin:%(password)s@{{ .Values.ingress.host }}"
|
||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
apiVersion: codemowers.io/v1alpha1
|
||||||
kind: Secret
|
kind: GeneratedSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: harbor-core-secret
|
name: harbor-core-secret
|
||||||
spec:
|
spec:
|
||||||
|
@ -54,7 +38,7 @@ spec:
|
||||||
value: "%(password)s"
|
value: "%(password)s"
|
||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
apiVersion: codemowers.io/v1alpha1
|
||||||
kind: Secret
|
kind: GeneratedSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: harbor-core-oidc-secret-encryption-key
|
name: harbor-core-oidc-secret-encryption-key
|
||||||
spec:
|
spec:
|
||||||
|
@ -64,7 +48,7 @@ spec:
|
||||||
value: "%(password)s"
|
value: "%(password)s"
|
||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
apiVersion: codemowers.io/v1alpha1
|
||||||
kind: Secret
|
kind: GeneratedSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: harbor-core-csrf-key
|
name: harbor-core-csrf-key
|
||||||
spec:
|
spec:
|
||||||
|
@ -131,7 +115,7 @@ metadata:
|
||||||
app: harbor
|
app: harbor
|
||||||
component: core
|
component: core
|
||||||
spec:
|
spec:
|
||||||
replicas: 1
|
replicas: 2
|
||||||
revisionHistoryLimit: 0
|
revisionHistoryLimit: 0
|
||||||
selector:
|
selector:
|
||||||
matchLabels: &selectorLabels
|
matchLabels: &selectorLabels
|
||||||
|
@ -201,37 +185,37 @@ spec:
|
||||||
- name: POSTGRESQL_HOST
|
- name: POSTGRESQL_HOST
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: postgres-database-harbor-owner-secrets
|
name: harbor-pguser-harbor
|
||||||
key: PGHOST
|
key: host
|
||||||
- name: POSTGRESQL_PORT
|
- name: POSTGRESQL_PORT
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: postgres-database-harbor-owner-secrets
|
name: harbor-pguser-harbor
|
||||||
key: PGPORT
|
key: port
|
||||||
- name: POSTGRESQL_DATABASE
|
- name: POSTGRESQL_DATABASE
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: postgres-database-harbor-owner-secrets
|
name: harbor-pguser-harbor
|
||||||
key: PGDATABASE
|
key: dbname
|
||||||
- name: POSTGRESQL_USERNAME
|
- name: POSTGRESQL_USERNAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: postgres-database-harbor-owner-secrets
|
name: harbor-pguser-harbor
|
||||||
key: PGUSER
|
key: user
|
||||||
- name: POSTGRESQL_PASSWORD
|
- name: POSTGRESQL_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: postgres-database-harbor-owner-secrets
|
name: harbor-pguser-harbor
|
||||||
key: PGPASSWORD
|
key: password
|
||||||
- name: _REDIS_URL_CORE
|
- name: _REDIS_URL_CORE
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-core-owner-secrets
|
name: harbor-core-redis-secrets
|
||||||
key: REDIS_URI
|
key: REDIS_URI
|
||||||
- name: _REDIS_URL_REG
|
- name: _REDIS_URL_REG
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-registry-owner-secrets
|
name: harbor-registry-redis-secrets
|
||||||
key: REDIS_URI
|
key: REDIS_URI
|
||||||
- name: CORE_SECRET
|
- name: CORE_SECRET
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|
|
@ -1,14 +1,6 @@
|
||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
apiVersion: codemowers.io/v1alpha1
|
||||||
kind: Redis
|
kind: GeneratedSecret
|
||||||
metadata:
|
|
||||||
name: jobservice
|
|
||||||
spec:
|
|
||||||
class: ephemeral
|
|
||||||
capacity: 512Mi
|
|
||||||
---
|
|
||||||
apiVersion: codemowers.io/v1alpha1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
metadata:
|
||||||
name: harbor-jobservice
|
name: harbor-jobservice
|
||||||
spec:
|
spec:
|
||||||
|
@ -44,6 +36,7 @@ data:
|
||||||
workers: 1
|
workers: 1
|
||||||
backend: "redis"
|
backend: "redis"
|
||||||
redis_pool:
|
redis_pool:
|
||||||
|
redis_url: "redis://harbor-jobservice-redis:6379/0"
|
||||||
namespace: "harbor_job_service_namespace"
|
namespace: "harbor_job_service_namespace"
|
||||||
idle_timeout_second: 3600
|
idle_timeout_second: 3600
|
||||||
job_loggers:
|
job_loggers:
|
||||||
|
@ -128,7 +121,7 @@ spec:
|
||||||
- name: JOB_SERVICE_POOL_REDIS_URL
|
- name: JOB_SERVICE_POOL_REDIS_URL
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-jobservice-owner-secrets
|
name: harbor-jobservice-redis-secrets
|
||||||
key: REDIS_URI
|
key: REDIS_URI
|
||||||
- name: CORE_SECRET
|
- name: CORE_SECRET
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
@ -138,7 +131,7 @@ spec:
|
||||||
- name: _REDIS_URL_CORE
|
- name: _REDIS_URL_CORE
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-core-owner-secrets
|
name: harbor-core-redis-secrets
|
||||||
key: REDIS_URI
|
key: REDIS_URI
|
||||||
envFrom:
|
envFrom:
|
||||||
- configMapRef:
|
- configMapRef:
|
||||||
|
|
|
@ -1,22 +1,6 @@
|
||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
apiVersion: codemowers.io/v1alpha1
|
||||||
kind: Bucket
|
kind: GeneratedSecret
|
||||||
metadata:
|
|
||||||
name: registry
|
|
||||||
spec:
|
|
||||||
capacity: {{ .Values.storage.registry.storage }}
|
|
||||||
class: {{ .Values.storage.registry.class }}
|
|
||||||
---
|
|
||||||
apiVersion: codemowers.io/v1alpha1
|
|
||||||
kind: Redis
|
|
||||||
metadata:
|
|
||||||
name: registry
|
|
||||||
spec:
|
|
||||||
class: ephemeral
|
|
||||||
capacity: 512Mi
|
|
||||||
---
|
|
||||||
apiVersion: codemowers.io/v1alpha1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
metadata:
|
||||||
name: harbor-registry-credentials
|
name: harbor-registry-credentials
|
||||||
spec:
|
spec:
|
||||||
|
@ -27,7 +11,7 @@ spec:
|
||||||
value: "harbor_registry_user:%(bcrypt)s"
|
value: "harbor_registry_user:%(bcrypt)s"
|
||||||
---
|
---
|
||||||
apiVersion: codemowers.io/v1alpha1
|
apiVersion: codemowers.io/v1alpha1
|
||||||
kind: Secret
|
kind: GeneratedSecret
|
||||||
metadata:
|
metadata:
|
||||||
name: harbor-registry
|
name: harbor-registry
|
||||||
spec:
|
spec:
|
||||||
|
@ -49,6 +33,8 @@ data:
|
||||||
fields:
|
fields:
|
||||||
service: registry
|
service: registry
|
||||||
storage:
|
storage:
|
||||||
|
filesystem:
|
||||||
|
rootdirectory: /storage
|
||||||
cache:
|
cache:
|
||||||
layerinfo: redis
|
layerinfo: redis
|
||||||
maintenance:
|
maintenance:
|
||||||
|
@ -59,7 +45,10 @@ data:
|
||||||
dryrun: false
|
dryrun: false
|
||||||
delete:
|
delete:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
redirect:
|
||||||
|
disable: false
|
||||||
redis:
|
redis:
|
||||||
|
addr: harbor-registry-redis:6379
|
||||||
db: 0
|
db: 0
|
||||||
readtimeout: 10s
|
readtimeout: 10s
|
||||||
writetimeout: 10s
|
writetimeout: 10s
|
||||||
|
@ -92,6 +81,21 @@ data:
|
||||||
log_level: info
|
log_level: info
|
||||||
registry_config: "/etc/registry/config.yml"
|
registry_config: "/etc/registry/config.yml"
|
||||||
---
|
---
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
apiVersion: v1
|
||||||
|
metadata:
|
||||||
|
name: harbor-registry
|
||||||
|
labels:
|
||||||
|
app: harbor
|
||||||
|
component: registry
|
||||||
|
spec:
|
||||||
|
storageClassName: {{ .Values.storage.registry.storageClass }}
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: {{ .Values.storage.registry.storage }}
|
||||||
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -150,52 +154,20 @@ spec:
|
||||||
- serve
|
- serve
|
||||||
- /etc/registry/config.yml
|
- /etc/registry/config.yml
|
||||||
env:
|
env:
|
||||||
- name: REGISTRY_HTTP_SECRET
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: harbor-registry
|
|
||||||
key: REGISTRY_HTTP_SECRET
|
|
||||||
- name: REGISTRY_REDIS_ADDR
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: redis-registry-owner-secrets
|
|
||||||
key: REDIS_HOST_PORT
|
|
||||||
- name: REGISTRY_REDIS_PASSWORD
|
- name: REGISTRY_REDIS_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: redis-registry-owner-secrets
|
name: harbor-registry-redis-secrets
|
||||||
key: REDIS_PASSWORD
|
key: REDIS_PASSWORD
|
||||||
- name: REGISTRY_STORAGE_S3_ACCESSKEY
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: bucket-registry-owner-secrets
|
|
||||||
key: AWS_ACCESS_KEY_ID
|
|
||||||
- name: REGISTRY_STORAGE_S3_SECRETKEY
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: bucket-registry-owner-secrets
|
|
||||||
key: AWS_SECRET_ACCESS_KEY
|
|
||||||
- name: REGISTRY_STORAGE_S3_REGION
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: bucket-registry-owner-secrets
|
|
||||||
key: AWS_DEFAULT_REGION
|
|
||||||
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: bucket-registry-owner-secrets
|
|
||||||
key: AWS_S3_ENDPOINT_URL
|
|
||||||
- name: REGISTRY_STORAGE_S3_BUCKET
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: bucket-registry-owner-secrets
|
|
||||||
key: BUCKET_NAME
|
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 5000
|
- containerPort: 5000
|
||||||
name: http
|
name: http
|
||||||
- containerPort: 5001
|
- containerPort: 5001
|
||||||
name: metrics
|
name: metrics
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: registry-data
|
||||||
|
mountPath: /storage
|
||||||
|
subPath:
|
||||||
- name: registry-htpasswd
|
- name: registry-htpasswd
|
||||||
mountPath: /etc/registry/passwd
|
mountPath: /etc/registry/passwd
|
||||||
subPath: passwd
|
subPath: passwd
|
||||||
|
@ -227,45 +199,13 @@ spec:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: harbor-registry
|
name: harbor-registry
|
||||||
key: REGISTRY_HTTP_SECRET
|
key: REGISTRY_HTTP_SECRET
|
||||||
- name: REGISTRY_REDIS_ADDR
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: redis-registry-owner-secrets
|
|
||||||
key: REDIS_HOST_PORT
|
|
||||||
- name: REGISTRY_REDIS_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: redis-registry-owner-secrets
|
|
||||||
key: REDIS_PASSWORD
|
|
||||||
- name: REGISTRY_STORAGE_S3_ACCESSKEY
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: bucket-registry-owner-secrets
|
|
||||||
key: AWS_ACCESS_KEY_ID
|
|
||||||
- name: REGISTRY_STORAGE_S3_SECRETKEY
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: bucket-registry-owner-secrets
|
|
||||||
key: AWS_SECRET_ACCESS_KEY
|
|
||||||
- name: REGISTRY_STORAGE_S3_REGION
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: bucket-registry-owner-secrets
|
|
||||||
key: AWS_DEFAULT_REGION
|
|
||||||
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: bucket-registry-owner-secrets
|
|
||||||
key: AWS_S3_ENDPOINT_URL
|
|
||||||
- name: REGISTRY_STORAGE_S3_BUCKET
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: bucket-registry-owner-secrets
|
|
||||||
key: BUCKET_NAME
|
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8080
|
- containerPort: 8080
|
||||||
name: http
|
name: http
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: registry-data
|
||||||
|
mountPath: /storage
|
||||||
|
subPath:
|
||||||
- name: registry-config
|
- name: registry-config
|
||||||
mountPath: /etc/registry/config.yml
|
mountPath: /etc/registry/config.yml
|
||||||
subPath: config.yml
|
subPath: config.yml
|
||||||
|
@ -282,3 +222,6 @@ spec:
|
||||||
- name: registry-config
|
- name: registry-config
|
||||||
configMap:
|
configMap:
|
||||||
name: harbor-registry
|
name: harbor-registry
|
||||||
|
- name: registry-data
|
||||||
|
persistentVolumeClaim:
|
||||||
|
claimName: harbor-registry
|
||||||
|
|
|
@ -0,0 +1,68 @@
|
||||||
|
apiVersion: postgres-operator.crunchydata.com/v1beta1
|
||||||
|
kind: PostgresCluster
|
||||||
|
metadata:
|
||||||
|
name: harbor
|
||||||
|
spec:
|
||||||
|
postgresVersion: 14
|
||||||
|
instances:
|
||||||
|
- name: postgres
|
||||||
|
replicas: 3
|
||||||
|
dataVolumeClaimSpec:
|
||||||
|
storageClassName: {{ .Values.storage.postgres.storageClass }}
|
||||||
|
accessModes:
|
||||||
|
- "ReadWriteOnce"
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: {{ .Values.storage.postgres.storage }}
|
||||||
|
affinity:
|
||||||
|
nodeAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
nodeSelectorTerms:
|
||||||
|
- matchExpressions:
|
||||||
|
- key: kubernetes.io/arch
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- amd64
|
||||||
|
podAntiAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
- topologyKey: {{ .Values.topologyKey }}
|
||||||
|
labelSelector:
|
||||||
|
matchLabels:
|
||||||
|
postgres-operator.crunchydata.com/cluster: harbor
|
||||||
|
postgres-operator.crunchydata.com/instance-set: postgres
|
||||||
|
backups:
|
||||||
|
pgbackrest:
|
||||||
|
global:
|
||||||
|
repo1-retention-full: "1"
|
||||||
|
repo1-retention-full-type: time
|
||||||
|
repoHost:
|
||||||
|
affinity:
|
||||||
|
nodeAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
nodeSelectorTerms:
|
||||||
|
- matchExpressions:
|
||||||
|
- key: kubernetes.io/arch
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- amd64
|
||||||
|
jobs:
|
||||||
|
affinity:
|
||||||
|
nodeAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
nodeSelectorTerms:
|
||||||
|
- matchExpressions:
|
||||||
|
- key: kubernetes.io/arch
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- amd64
|
||||||
|
repos:
|
||||||
|
- name: repo1
|
||||||
|
schedules:
|
||||||
|
full: "0 5 31 2 *"
|
||||||
|
volume:
|
||||||
|
volumeClaimSpec:
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 100Mi
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
apiVersion: codemowers.io/v1alpha1
|
||||||
|
kind: KeyDBCluster
|
||||||
|
metadata:
|
||||||
|
name: harbor-core-redis
|
||||||
|
spec:
|
||||||
|
replicas: 3
|
||||||
|
---
|
||||||
|
apiVersion: codemowers.io/v1alpha1
|
||||||
|
kind: KeyDBCluster
|
||||||
|
metadata:
|
||||||
|
name: harbor-jobservice-redis
|
||||||
|
spec:
|
||||||
|
replicas: 3
|
||||||
|
---
|
||||||
|
apiVersion: codemowers.io/v1alpha1
|
||||||
|
kind: KeyDBCluster
|
||||||
|
metadata:
|
||||||
|
name: harbor-registry-redis
|
||||||
|
spec:
|
||||||
|
replicas: 3
|
|
@ -26,10 +26,10 @@ image:
|
||||||
# Storage options
|
# Storage options
|
||||||
storage:
|
storage:
|
||||||
postgres:
|
postgres:
|
||||||
class: shared
|
storageClass: postgres
|
||||||
storage: 5Gi
|
storage: 5Gi
|
||||||
registry:
|
registry:
|
||||||
class: shared
|
storageClass: longhorn
|
||||||
storage: 30Gi
|
storage: 30Gi
|
||||||
|
|
||||||
# Harbor projects to initialize
|
# Harbor projects to initialize
|
||||||
|
|
Loading…
Reference in New Issue