--- apiVersion: codemowers.io/v1alpha1 kind: Bucket metadata: name: registry spec: capacity: {{ .Values.storage.registry.storage }} class: {{ .Values.storage.registry.class }} --- apiVersion: codemowers.io/v1alpha1 kind: Redis metadata: name: registry spec: class: ephemeral capacity: 512Mi --- apiVersion: codemowers.io/v1alpha1 kind: Secret metadata: name: harbor-registry-credentials spec: mapping: - key: REGISTRY_CREDENTIAL_PASSWORD value: "%(password)s" - key: REGISTRY_HTPASSWD value: "harbor_registry_user:%(bcrypt)s" --- apiVersion: codemowers.io/v1alpha1 kind: Secret metadata: name: harbor-registry spec: mapping: - key: REGISTRY_HTTP_SECRET value: "%(password)s" --- apiVersion: v1 kind: ConfigMap metadata: name: harbor-registry labels: app: harbor data: config.yml: |+ version: 0.1 log: level: info fields: service: registry storage: cache: layerinfo: redis maintenance: uploadpurging: enabled: true age: 168h interval: 24h dryrun: false delete: enabled: true redis: db: 0 readtimeout: 10s writetimeout: 10s dialtimeout: 10s pool: maxidle: 100 maxactive: 500 idletimeout: 60s http: addr: :5000 relativeurls: false debug: addr: :5001 prometheus: enabled: true path: /metrics auth: htpasswd: realm: harbor-registry-basic-realm path: /etc/registry/passwd validation: disabled: true compatibility: schema1: enabled: true ctl-config.yml: |+ --- protocol: "http" port: 8080 log_level: info registry_config: "/etc/registry/config.yml" --- apiVersion: v1 kind: Service metadata: name: harbor-registry spec: ports: - name: http-registry port: 5000 - name: http-controller port: 8080 selector: app: harbor component: registry --- apiVersion: apps/v1 kind: Deployment metadata: name: harbor-registry spec: replicas: 1 revisionHistoryLimit: 0 selector: matchLabels: &selectorLabels app: harbor component: registry template: metadata: labels: *selectorLabels spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubernetes.io/arch operator: In values: - amd64 securityContext: runAsUser: 10000 fsGroup: 10000 fsGroupChangePolicy: OnRootMismatch automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: registry image: "{{ .Values.image.repository }}/registry-photon:{{ .Values.image.tag }}" readinessProbe: httpGet: path: / scheme: HTTP port: 5000 initialDelaySeconds: 1 periodSeconds: 10 args: - serve - /etc/registry/config.yml env: - name: REGISTRY_HTTP_SECRET valueFrom: secretKeyRef: name: harbor-registry key: REGISTRY_HTTP_SECRET - name: REGISTRY_REDIS_ADDR valueFrom: secretKeyRef: name: redis-registry-owner-secrets key: REDIS_HOST_PORT - name: REGISTRY_REDIS_PASSWORD valueFrom: secretKeyRef: name: redis-registry-owner-secrets key: REDIS_PASSWORD - name: REGISTRY_STORAGE_S3_ACCESSKEY valueFrom: secretKeyRef: name: bucket-registry-owner-secrets key: AWS_ACCESS_KEY_ID - name: REGISTRY_STORAGE_S3_SECRETKEY valueFrom: secretKeyRef: name: bucket-registry-owner-secrets key: AWS_SECRET_ACCESS_KEY - name: REGISTRY_STORAGE_S3_REGION valueFrom: secretKeyRef: name: bucket-registry-owner-secrets key: AWS_DEFAULT_REGION - name: REGISTRY_STORAGE_S3_REGIONENDPOINT valueFrom: secretKeyRef: name: bucket-registry-owner-secrets key: AWS_S3_ENDPOINT_URL - name: REGISTRY_STORAGE_S3_BUCKET valueFrom: secretKeyRef: name: bucket-registry-owner-secrets key: BUCKET_NAME ports: - containerPort: 5000 name: http - containerPort: 5001 name: metrics volumeMounts: - name: registry-htpasswd mountPath: /etc/registry/passwd subPath: passwd - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registryctl image: "{{ .Values.image.repository }}/harbor-registryctl:{{ .Values.image.tag }}" readinessProbe: httpGet: path: /api/health scheme: HTTP port: 8080 initialDelaySeconds: 1 periodSeconds: 10 env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-core-secret key: CORE_SECRET - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: harbor-jobservice key: JOBSERVICE_SECRET - name: REGISTRY_HTTP_SECRET valueFrom: secretKeyRef: name: harbor-registry key: REGISTRY_HTTP_SECRET - name: REGISTRY_REDIS_ADDR valueFrom: secretKeyRef: name: redis-registry-owner-secrets key: REDIS_HOST_PORT - name: REGISTRY_REDIS_PASSWORD valueFrom: secretKeyRef: name: redis-registry-owner-secrets key: REDIS_PASSWORD - name: REGISTRY_STORAGE_S3_ACCESSKEY valueFrom: secretKeyRef: name: bucket-registry-owner-secrets key: AWS_ACCESS_KEY_ID - name: REGISTRY_STORAGE_S3_SECRETKEY valueFrom: secretKeyRef: name: bucket-registry-owner-secrets key: AWS_SECRET_ACCESS_KEY - name: REGISTRY_STORAGE_S3_REGION valueFrom: secretKeyRef: name: bucket-registry-owner-secrets key: AWS_DEFAULT_REGION - name: REGISTRY_STORAGE_S3_REGIONENDPOINT valueFrom: secretKeyRef: name: bucket-registry-owner-secrets key: AWS_S3_ENDPOINT_URL - name: REGISTRY_STORAGE_S3_BUCKET valueFrom: secretKeyRef: name: bucket-registry-owner-secrets key: BUCKET_NAME ports: - containerPort: 8080 name: http volumeMounts: - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml - name: registry-config mountPath: /etc/registryctl/config.yml subPath: ctl-config.yml volumes: - name: registry-htpasswd secret: secretName: harbor-registry-credentials items: - key: REGISTRY_HTPASSWD path: passwd - name: registry-config configMap: name: harbor-registry