k-space
/
harbor-operator
9
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Activity
harbor-operator/templates/harbor-core.yaml

281 lines
7.3 KiB
YAML
Raw Blame History

---
apiVersion: codemowers.io/v1alpha1
kind: PostgresDatabase
metadata:
name: harbor
spec:
capacity: {{ .Values.storage.postgres.storage }}
class: {{ .Values.storage.postgres.class }}
---
apiVersion: codemowers.io/v1alpha1
kind: Redis
metadata:
name: core
spec:
class: ephemeral
capacity: 512Mi
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: harbor-operator
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: harbor-core
spec:
secretName: harbor-core-key
dnsNames:
- harbor-core.harbor-operator.svc
issuerRef:
name: harbor-operator
---
apiVersion: codemowers.io/v1alpha1
kind: Secret
metadata:
name: harbor-admin-secrets
spec:
mapping:
- key: HARBOR_ADMIN_PASSWORD
value: "%(password)s"
- key: HARBOR_URI
value: "https://admin:%(password)s@{{ .Values.ingress.host }}"
---
apiVersion: codemowers.io/v1alpha1
kind: Secret
metadata:
name: harbor-core-secret
spec:
mapping:
- key: CORE_SECRET
value: "%(password)s"
---
apiVersion: codemowers.io/v1alpha1
kind: Secret
metadata:
name: harbor-core-oidc-secret-encryption-key
spec:
size: 32
mapping:
- key: secretKey
value: "%(password)s"
---
apiVersion: codemowers.io/v1alpha1
kind: Secret
metadata:
name: harbor-core-csrf-key
spec:
size: 32
mapping:
- key: CSRF_KEY
value: "%(password)s"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: harbor-core
labels:
app: harbor
data:
app.conf: |+
appname = Harbor
runmode = prod
enablegzip = true
[prod]
httpport = 8080
PORT: "8080"
POSTGRESQL_MAX_IDLE_CONNS: "100"
POSTGRESQL_MAX_OPEN_CONNS: "900"
EXT_ENDPOINT: "https://{{ .Values.ingress.host }}"
CORE_URL: "http://harbor-core:80"
JOBSERVICE_URL: "http://harbor-jobservice"
REGISTRY_URL: "http://harbor-registry:5000"
TOKEN_SERVICE_URL: "http://harbor-core:80/service/token"
CORE_LOCAL_URL: "http://127.0.0.1:8080"
REGISTRY_STORAGE_PROVIDER_NAME: "filesystem"
LOG_LEVEL: "info"
CONFIG_PATH: "/etc/core/app.conf"
CHART_CACHE_DRIVER: "redis"
PORTAL_URL: "http://harbor-portal"
REGISTRY_CONTROLLER_URL: "http://harbor-registry:8080"
PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE: "docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry"
METRIC_ENABLE: "true"
METRIC_PATH: "/metrics"
METRIC_PORT: "8001"
METRIC_NAMESPACE: harbor
METRIC_SUBSYSTEM: core
---
apiVersion: v1
kind: Service
metadata:
name: harbor-core
labels:
app: harbor
spec:
ports:
- name: http
port: 80
targetPort: 8080
selector:
app: harbor
component: core
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: harbor-core
labels:
app: harbor
component: core
spec:
replicas: 1
revisionHistoryLimit: 0
selector:
matchLabels: &selectorLabels
app: harbor
component: core
template:
metadata:
labels: *selectorLabels
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
securityContext:
runAsUser: 10000
fsGroup: 10000
automountServiceAccountToken: false
terminationGracePeriodSeconds: 120
containers:
- name: core
image: "{{ .Values.image.repository }}/harbor-core:{{ .Values.image.tag }}"
startupProbe:
httpGet:
path: /api/v2.0/ping
scheme: HTTP
port: 8080
failureThreshold: 360
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
httpGet:
path: /api/v2.0/ping
scheme: HTTP
port: 8080
failureThreshold: 2
periodSeconds: 10
envFrom:
- configMapRef:
name: harbor-core
env:
- name: REGISTRY_CREDENTIAL_USERNAME
value: harbor_registry_user
- name: REGISTRY_CREDENTIAL_PASSWORD
valueFrom:
secretKeyRef:
name: harbor-registry-credentials
key: REGISTRY_CREDENTIAL_PASSWORD
- name: DATABASE_TYPE
value: postgresql
- name: POSTGRESQL_SSLMODE
value: require
- name: CSRF_KEY
valueFrom:
secretKeyRef:
name: harbor-core-csrf-key
key: CSRF_KEY
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: harbor-admin-secrets
key: HARBOR_ADMIN_PASSWORD
- name: POSTGRESQL_HOST
valueFrom:
secretKeyRef:
name: postgres-database-harbor-owner-secrets
key: PGHOST
- name: POSTGRESQL_PORT
valueFrom:
secretKeyRef:
name: postgres-database-harbor-owner-secrets
key: PGPORT
- name: POSTGRESQL_DATABASE
valueFrom:
secretKeyRef:
name: postgres-database-harbor-owner-secrets
key: PGDATABASE
- name: POSTGRESQL_USERNAME
valueFrom:
secretKeyRef:
name: postgres-database-harbor-owner-secrets
key: PGUSER
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: postgres-database-harbor-owner-secrets
key: PGPASSWORD
- name: _REDIS_URL_CORE
valueFrom:
secretKeyRef:
name: redis-core-owner-secrets
key: REDIS_URI
- name: _REDIS_URL_REG
valueFrom:
secretKeyRef:
name: redis-registry-owner-secrets
key: REDIS_URI
- name: CORE_SECRET
valueFrom:
secretKeyRef:
name: harbor-core-secret
key: CORE_SECRET
- name: JOBSERVICE_SECRET
valueFrom:
secretKeyRef:
name: harbor-jobservice
key: JOBSERVICE_SECRET
ports:
- containerPort: 8080
name: http
- containerPort: 8001
name: metrics
volumeMounts:
- name: config
mountPath: /etc/core/app.conf
subPath: app.conf
- name: secret-key
mountPath: /etc/core/key
subPath: key
- name: token-service-private-key
mountPath: /etc/core/private_key.pem
subPath: tls.key
- name: psc
mountPath: /etc/core/token
volumes:
- name: config
configMap:
name: harbor-core
items:
- key: app.conf
path: app.conf
- name: secret-key
secret:
secretName: harbor-core-oidc-secret-encryption-key
items:
- key: secretKey
path: key
- name: token-service-private-key
secret:
secretName: harbor-core-key
- name: psc
emptyDir: {}
Reference in New Issue View Git Blame Copy Permalink