285 lines
7.8 KiB
YAML
285 lines
7.8 KiB
YAML
---
|
|
apiVersion: codemowers.io/v1alpha1
|
|
kind: Bucket
|
|
metadata:
|
|
name: registry
|
|
spec:
|
|
capacity: {{ .Values.storage.registry.storage }}
|
|
class: {{ .Values.storage.registry.class }}
|
|
---
|
|
apiVersion: codemowers.io/v1alpha1
|
|
kind: Redis
|
|
metadata:
|
|
name: registry
|
|
spec:
|
|
class: ephemeral
|
|
capacity: 512Mi
|
|
---
|
|
apiVersion: codemowers.io/v1alpha1
|
|
kind: Secret
|
|
metadata:
|
|
name: harbor-registry-credentials
|
|
spec:
|
|
mapping:
|
|
- key: REGISTRY_CREDENTIAL_PASSWORD
|
|
value: "%(password)s"
|
|
- key: REGISTRY_HTPASSWD
|
|
value: "harbor_registry_user:%(bcrypt)s"
|
|
---
|
|
apiVersion: codemowers.io/v1alpha1
|
|
kind: Secret
|
|
metadata:
|
|
name: harbor-registry
|
|
spec:
|
|
mapping:
|
|
- key: REGISTRY_HTTP_SECRET
|
|
value: "%(password)s"
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: harbor-registry
|
|
labels:
|
|
app: harbor
|
|
data:
|
|
config.yml: |+
|
|
version: 0.1
|
|
log:
|
|
level: info
|
|
fields:
|
|
service: registry
|
|
storage:
|
|
cache:
|
|
layerinfo: redis
|
|
maintenance:
|
|
uploadpurging:
|
|
enabled: true
|
|
age: 168h
|
|
interval: 24h
|
|
dryrun: false
|
|
delete:
|
|
enabled: true
|
|
redis:
|
|
db: 0
|
|
readtimeout: 10s
|
|
writetimeout: 10s
|
|
dialtimeout: 10s
|
|
pool:
|
|
maxidle: 100
|
|
maxactive: 500
|
|
idletimeout: 60s
|
|
http:
|
|
addr: :5000
|
|
relativeurls: false
|
|
debug:
|
|
addr: :5001
|
|
prometheus:
|
|
enabled: true
|
|
path: /metrics
|
|
auth:
|
|
htpasswd:
|
|
realm: harbor-registry-basic-realm
|
|
path: /etc/registry/passwd
|
|
validation:
|
|
disabled: true
|
|
compatibility:
|
|
schema1:
|
|
enabled: true
|
|
ctl-config.yml: |+
|
|
---
|
|
protocol: "http"
|
|
port: 8080
|
|
log_level: info
|
|
registry_config: "/etc/registry/config.yml"
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: harbor-registry
|
|
spec:
|
|
ports:
|
|
- name: http-registry
|
|
port: 5000
|
|
- name: http-controller
|
|
port: 8080
|
|
selector:
|
|
app: harbor
|
|
component: registry
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: harbor-registry
|
|
spec:
|
|
replicas: 1
|
|
revisionHistoryLimit: 0
|
|
selector:
|
|
matchLabels: &selectorLabels
|
|
app: harbor
|
|
component: registry
|
|
template:
|
|
metadata:
|
|
labels: *selectorLabels
|
|
spec:
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/arch
|
|
operator: In
|
|
values:
|
|
- amd64
|
|
securityContext:
|
|
runAsUser: 10000
|
|
fsGroup: 10000
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
automountServiceAccountToken: false
|
|
terminationGracePeriodSeconds: 120
|
|
containers:
|
|
- name: registry
|
|
image: "{{ .Values.image.repository }}/registry-photon:{{ .Values.image.tag }}"
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
scheme: HTTP
|
|
port: 5000
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 10
|
|
args:
|
|
- serve
|
|
- /etc/registry/config.yml
|
|
env:
|
|
- name: REGISTRY_HTTP_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-registry
|
|
key: REGISTRY_HTTP_SECRET
|
|
- name: REGISTRY_REDIS_ADDR
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-registry-owner-secrets
|
|
key: REDIS_HOST_PORT
|
|
- name: REGISTRY_REDIS_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-registry-owner-secrets
|
|
key: REDIS_PASSWORD
|
|
- name: REGISTRY_STORAGE_S3_ACCESSKEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bucket-registry-owner-secrets
|
|
key: AWS_ACCESS_KEY_ID
|
|
- name: REGISTRY_STORAGE_S3_SECRETKEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bucket-registry-owner-secrets
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
- name: REGISTRY_STORAGE_S3_REGION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bucket-registry-owner-secrets
|
|
key: AWS_DEFAULT_REGION
|
|
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bucket-registry-owner-secrets
|
|
key: AWS_S3_ENDPOINT_URL
|
|
- name: REGISTRY_STORAGE_S3_BUCKET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bucket-registry-owner-secrets
|
|
key: BUCKET_NAME
|
|
ports:
|
|
- containerPort: 5000
|
|
name: http
|
|
- containerPort: 5001
|
|
name: metrics
|
|
volumeMounts:
|
|
- name: registry-htpasswd
|
|
mountPath: /etc/registry/passwd
|
|
subPath: passwd
|
|
- name: registry-config
|
|
mountPath: /etc/registry/config.yml
|
|
subPath: config.yml
|
|
- name: registryctl
|
|
image: "{{ .Values.image.repository }}/harbor-registryctl:{{ .Values.image.tag }}"
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /api/health
|
|
scheme: HTTP
|
|
port: 8080
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 10
|
|
env:
|
|
- name: CORE_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-core-secret
|
|
key: CORE_SECRET
|
|
- name: JOBSERVICE_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-jobservice
|
|
key: JOBSERVICE_SECRET
|
|
- name: REGISTRY_HTTP_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-registry
|
|
key: REGISTRY_HTTP_SECRET
|
|
- name: REGISTRY_REDIS_ADDR
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-registry-owner-secrets
|
|
key: REDIS_HOST_PORT
|
|
- name: REGISTRY_REDIS_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-registry-owner-secrets
|
|
key: REDIS_PASSWORD
|
|
- name: REGISTRY_STORAGE_S3_ACCESSKEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bucket-registry-owner-secrets
|
|
key: AWS_ACCESS_KEY_ID
|
|
- name: REGISTRY_STORAGE_S3_SECRETKEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bucket-registry-owner-secrets
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
- name: REGISTRY_STORAGE_S3_REGION
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bucket-registry-owner-secrets
|
|
key: AWS_DEFAULT_REGION
|
|
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bucket-registry-owner-secrets
|
|
key: AWS_S3_ENDPOINT_URL
|
|
- name: REGISTRY_STORAGE_S3_BUCKET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: bucket-registry-owner-secrets
|
|
key: BUCKET_NAME
|
|
ports:
|
|
- containerPort: 8080
|
|
name: http
|
|
volumeMounts:
|
|
- name: registry-config
|
|
mountPath: /etc/registry/config.yml
|
|
subPath: config.yml
|
|
- name: registry-config
|
|
mountPath: /etc/registryctl/config.yml
|
|
subPath: ctl-config.yml
|
|
volumes:
|
|
- name: registry-htpasswd
|
|
secret:
|
|
secretName: harbor-registry-credentials
|
|
items:
|
|
- key: REGISTRY_HTPASSWD
|
|
path: passwd
|
|
- name: registry-config
|
|
configMap:
|
|
name: harbor-registry
|