k-space
/
harbor-operator
9
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Activity
harbor-operator/templates/harbor-registry.yaml

285 lines
7.8 KiB
YAML
Raw Blame History

---
apiVersion: codemowers.io/v1alpha1
kind: Bucket
metadata:
name: registry
spec:
capacity: {{ .Values.storage.registry.storage }}
class: {{ .Values.storage.registry.class }}
---
apiVersion: codemowers.io/v1alpha1
kind: Redis
metadata:
name: registry
spec:
class: ephemeral
capacity: 512Mi
---
apiVersion: codemowers.io/v1alpha1
kind: Secret
metadata:
name: harbor-registry-credentials
spec:
mapping:
- key: REGISTRY_CREDENTIAL_PASSWORD
value: "%(password)s"
- key: REGISTRY_HTPASSWD
value: "harbor_registry_user:%(bcrypt)s"
---
apiVersion: codemowers.io/v1alpha1
kind: Secret
metadata:
name: harbor-registry
spec:
mapping:
- key: REGISTRY_HTTP_SECRET
value: "%(password)s"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: harbor-registry
labels:
app: harbor
data:
config.yml: |+
version: 0.1
log:
level: info
fields:
service: registry
storage:
cache:
layerinfo: redis
maintenance:
uploadpurging:
enabled: true
age: 168h
interval: 24h
dryrun: false
delete:
enabled: true
redis:
db: 0
readtimeout: 10s
writetimeout: 10s
dialtimeout: 10s
pool:
maxidle: 100
maxactive: 500
idletimeout: 60s
http:
addr: :5000
relativeurls: false
debug:
addr: :5001
prometheus:
enabled: true
path: /metrics
auth:
htpasswd:
realm: harbor-registry-basic-realm
path: /etc/registry/passwd
validation:
disabled: true
compatibility:
schema1:
enabled: true
ctl-config.yml: |+
---
protocol: "http"
port: 8080
log_level: info
registry_config: "/etc/registry/config.yml"
---
apiVersion: v1
kind: Service
metadata:
name: harbor-registry
spec:
ports:
- name: http-registry
port: 5000
- name: http-controller
port: 8080
selector:
app: harbor
component: registry
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: harbor-registry
spec:
replicas: 1
revisionHistoryLimit: 0
selector:
matchLabels: &selectorLabels
app: harbor
component: registry
template:
metadata:
labels: *selectorLabels
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
securityContext:
runAsUser: 10000
fsGroup: 10000
fsGroupChangePolicy: OnRootMismatch
automountServiceAccountToken: false
terminationGracePeriodSeconds: 120
containers:
- name: registry
image: "{{ .Values.image.repository }}/registry-photon:{{ .Values.image.tag }}"
readinessProbe:
httpGet:
path: /
scheme: HTTP
port: 5000
initialDelaySeconds: 1
periodSeconds: 10
args:
- serve
- /etc/registry/config.yml
env:
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: harbor-registry
key: REGISTRY_HTTP_SECRET
- name: REGISTRY_REDIS_ADDR
valueFrom:
secretKeyRef:
name: redis-registry-owner-secrets
key: REDIS_HOST_PORT
- name: REGISTRY_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-registry-owner-secrets
key: REDIS_PASSWORD
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_ACCESS_KEY_ID
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_SECRET_ACCESS_KEY
- name: REGISTRY_STORAGE_S3_REGION
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_DEFAULT_REGION
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_S3_ENDPOINT_URL
- name: REGISTRY_STORAGE_S3_BUCKET
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: BUCKET_NAME
ports:
- containerPort: 5000
name: http
- containerPort: 5001
name: metrics
volumeMounts:
- name: registry-htpasswd
mountPath: /etc/registry/passwd
subPath: passwd
- name: registry-config
mountPath: /etc/registry/config.yml
subPath: config.yml
- name: registryctl
image: "{{ .Values.image.repository }}/harbor-registryctl:{{ .Values.image.tag }}"
readinessProbe:
httpGet:
path: /api/health
scheme: HTTP
port: 8080
initialDelaySeconds: 1
periodSeconds: 10
env:
- name: CORE_SECRET
valueFrom:
secretKeyRef:
name: harbor-core-secret
key: CORE_SECRET
- name: JOBSERVICE_SECRET
valueFrom:
secretKeyRef:
name: harbor-jobservice
key: JOBSERVICE_SECRET
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: harbor-registry
key: REGISTRY_HTTP_SECRET
- name: REGISTRY_REDIS_ADDR
valueFrom:
secretKeyRef:
name: redis-registry-owner-secrets
key: REDIS_HOST_PORT
- name: REGISTRY_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-registry-owner-secrets
key: REDIS_PASSWORD
- name: REGISTRY_STORAGE_S3_ACCESSKEY
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_ACCESS_KEY_ID
- name: REGISTRY_STORAGE_S3_SECRETKEY
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_SECRET_ACCESS_KEY
- name: REGISTRY_STORAGE_S3_REGION
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_DEFAULT_REGION
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: AWS_S3_ENDPOINT_URL
- name: REGISTRY_STORAGE_S3_BUCKET
valueFrom:
secretKeyRef:
name: bucket-registry-owner-secrets
key: BUCKET_NAME
ports:
- containerPort: 8080
name: http
volumeMounts:
- name: registry-config
mountPath: /etc/registry/config.yml
subPath: config.yml
- name: registry-config
mountPath: /etc/registryctl/config.yml
subPath: ctl-config.yml
volumes:
- name: registry-htpasswd
secret:
secretName: harbor-registry-credentials
items:
- key: REGISTRY_HTPASSWD
path: passwd
- name: registry-config
configMap:
name: harbor-registry
Reference in New Issue View Git Blame Copy Permalink