--- apiVersion: codemowers.io/v1alpha1 kind: PostgresDatabase metadata: name: harbor spec: capacity: {{ .Values.storage.postgres.storage }} class: {{ .Values.storage.postgres.class }} --- apiVersion: codemowers.io/v1alpha1 kind: Redis metadata: name: core spec: class: ephemeral capacity: 512Mi --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: harbor-operator spec: selfSigned: {} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: harbor-core spec: secretName: harbor-core-key dnsNames: - harbor-core.harbor-operator.svc issuerRef: name: harbor-operator --- apiVersion: codemowers.io/v1alpha1 kind: Secret metadata: name: harbor-admin-secrets spec: mapping: - key: HARBOR_ADMIN_PASSWORD value: "%(password)s" - key: HARBOR_URI value: "https://admin:%(password)s@{{ .Values.ingress.host }}" --- apiVersion: codemowers.io/v1alpha1 kind: Secret metadata: name: harbor-core-secret spec: mapping: - key: CORE_SECRET value: "%(password)s" --- apiVersion: codemowers.io/v1alpha1 kind: Secret metadata: name: harbor-core-oidc-secret-encryption-key spec: size: 32 mapping: - key: secretKey value: "%(password)s" --- apiVersion: codemowers.io/v1alpha1 kind: Secret metadata: name: harbor-core-csrf-key spec: size: 32 mapping: - key: CSRF_KEY value: "%(password)s" --- apiVersion: v1 kind: ConfigMap metadata: name: harbor-core labels: app: harbor data: app.conf: |+ appname = Harbor runmode = prod enablegzip = true [prod] httpport = 8080 PORT: "8080" POSTGRESQL_MAX_IDLE_CONNS: "100" POSTGRESQL_MAX_OPEN_CONNS: "900" EXT_ENDPOINT: "https://{{ .Values.ingress.host }}" CORE_URL: "http://harbor-core:80" JOBSERVICE_URL: "http://harbor-jobservice" REGISTRY_URL: "http://harbor-registry:5000" TOKEN_SERVICE_URL: "http://harbor-core:80/service/token" CORE_LOCAL_URL: "http://127.0.0.1:8080" REGISTRY_STORAGE_PROVIDER_NAME: "filesystem" LOG_LEVEL: "info" CONFIG_PATH: "/etc/core/app.conf" CHART_CACHE_DRIVER: "redis" PORTAL_URL: "http://harbor-portal" REGISTRY_CONTROLLER_URL: "http://harbor-registry:8080" PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE: "docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry" METRIC_ENABLE: "true" METRIC_PATH: "/metrics" METRIC_PORT: "8001" METRIC_NAMESPACE: harbor METRIC_SUBSYSTEM: core --- apiVersion: v1 kind: Service metadata: name: harbor-core labels: app: harbor spec: ports: - name: http port: 80 targetPort: 8080 selector: app: harbor component: core --- apiVersion: apps/v1 kind: Deployment metadata: name: harbor-core labels: app: harbor component: core spec: replicas: 1 revisionHistoryLimit: 0 selector: matchLabels: &selectorLabels app: harbor component: core template: metadata: labels: *selectorLabels spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/arch operator: In values: - amd64 securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: core image: "{{ .Values.image.repository }}/harbor-core:{{ .Values.image.tag }}" startupProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 360 initialDelaySeconds: 10 periodSeconds: 10 readinessProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 2 periodSeconds: 10 envFrom: - configMapRef: name: harbor-core env: - name: REGISTRY_CREDENTIAL_USERNAME value: harbor_registry_user - name: REGISTRY_CREDENTIAL_PASSWORD valueFrom: secretKeyRef: name: harbor-registry-credentials key: REGISTRY_CREDENTIAL_PASSWORD - name: DATABASE_TYPE value: postgresql - name: POSTGRESQL_SSLMODE value: require - name: CSRF_KEY valueFrom: secretKeyRef: name: harbor-core-csrf-key key: CSRF_KEY - name: HARBOR_ADMIN_PASSWORD valueFrom: secretKeyRef: name: harbor-admin-secrets key: HARBOR_ADMIN_PASSWORD - name: POSTGRESQL_HOST valueFrom: secretKeyRef: name: postgres-database-harbor-owner-secrets key: PGHOST - name: POSTGRESQL_PORT valueFrom: secretKeyRef: name: postgres-database-harbor-owner-secrets key: PGPORT - name: POSTGRESQL_DATABASE valueFrom: secretKeyRef: name: postgres-database-harbor-owner-secrets key: PGDATABASE - name: POSTGRESQL_USERNAME valueFrom: secretKeyRef: name: postgres-database-harbor-owner-secrets key: PGUSER - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: postgres-database-harbor-owner-secrets key: PGPASSWORD - name: _REDIS_URL_CORE valueFrom: secretKeyRef: name: redis-core-owner-secrets key: REDIS_URI - name: _REDIS_URL_REG valueFrom: secretKeyRef: name: redis-registry-owner-secrets key: REDIS_URI - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core-secret key: CORE_SECRET - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: harbor-jobservice key: JOBSERVICE_SECRET ports: - containerPort: 8080 name: http - containerPort: 8001 name: metrics volumeMounts: - name: config mountPath: /etc/core/app.conf subPath: app.conf - name: secret-key mountPath: /etc/core/key subPath: key - name: token-service-private-key mountPath: /etc/core/private_key.pem subPath: tls.key - name: psc mountPath: /etc/core/token volumes: - name: config configMap: name: harbor-core items: - key: app.conf path: app.conf - name: secret-key secret: secretName: harbor-core-oidc-secret-encryption-key items: - key: secretKey path: key - name: token-service-private-key secret: secretName: harbor-core-key - name: psc emptyDir: {}