expose traefik via ingress
This commit is contained in:
parent
52ce6eab0a
commit
15d4d44be7
@ -1,4 +1,3 @@
|
|||||||
---
|
|
||||||
# Source: harbor/templates/core/core-cm.yaml
|
# Source: harbor/templates/core/core-cm.yaml
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
@ -13,7 +12,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
data:
|
data:
|
||||||
app.conf: |+
|
app.conf: |+
|
||||||
appname = Harbor
|
appname = Harbor
|
||||||
@ -73,7 +72,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
data:
|
data:
|
||||||
HTTP_PROXY: ""
|
HTTP_PROXY: ""
|
||||||
HTTPS_PROXY: ""
|
HTTPS_PROXY: ""
|
||||||
@ -114,7 +113,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
data:
|
data:
|
||||||
CORE_URL: "http://harbor-core:80"
|
CORE_URL: "http://harbor-core:80"
|
||||||
TOKEN_SERVICE_URL: "http://harbor-core:80/service/token"
|
TOKEN_SERVICE_URL: "http://harbor-core:80/service/token"
|
||||||
@ -144,7 +143,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
data:
|
data:
|
||||||
config.yml: |+
|
config.yml: |+
|
||||||
#Server listening port
|
#Server listening port
|
||||||
@ -180,180 +179,6 @@ data:
|
|||||||
# the max time for execution in running state without new task created
|
# the max time for execution in running state without new task created
|
||||||
max_dangling_hours: 168
|
max_dangling_hours: 168
|
||||||
---
|
---
|
||||||
# Source: harbor/templates/nginx/configmap-https.yaml
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ConfigMap
|
|
||||||
metadata:
|
|
||||||
name: harbor-nginx
|
|
||||||
labels:
|
|
||||||
heritage: Helm
|
|
||||||
release: harbor
|
|
||||||
chart: harbor
|
|
||||||
app: "harbor"
|
|
||||||
app.kubernetes.io/instance: harbor
|
|
||||||
app.kubernetes.io/name: harbor
|
|
||||||
app.kubernetes.io/managed-by: Helm
|
|
||||||
app.kubernetes.io/part-of: harbor
|
|
||||||
app.kubernetes.io/version: "2.11.0"
|
|
||||||
data:
|
|
||||||
nginx.conf: |+
|
|
||||||
worker_processes auto;
|
|
||||||
pid /tmp/nginx.pid;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 3096;
|
|
||||||
use epoll;
|
|
||||||
multi_accept on;
|
|
||||||
}
|
|
||||||
|
|
||||||
http {
|
|
||||||
client_body_temp_path /tmp/client_body_temp;
|
|
||||||
proxy_temp_path /tmp/proxy_temp;
|
|
||||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
|
||||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
|
||||||
scgi_temp_path /tmp/scgi_temp;
|
|
||||||
tcp_nodelay on;
|
|
||||||
|
|
||||||
# this is necessary for us to be able to disable request buffering in all cases
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
|
|
||||||
upstream core {
|
|
||||||
server "harbor-core:80";
|
|
||||||
}
|
|
||||||
|
|
||||||
upstream portal {
|
|
||||||
server "harbor-portal:80";
|
|
||||||
}
|
|
||||||
|
|
||||||
log_format timed_combined '[$time_local]:$remote_addr - '
|
|
||||||
'"$request" $status $body_bytes_sent '
|
|
||||||
'"$http_referer" "$http_user_agent" '
|
|
||||||
'$request_time $upstream_response_time $pipe';
|
|
||||||
|
|
||||||
access_log /dev/stdout timed_combined;
|
|
||||||
|
|
||||||
map $http_x_forwarded_proto $x_forwarded_proto {
|
|
||||||
default $http_x_forwarded_proto;
|
|
||||||
"" $scheme;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 8443 ssl;
|
|
||||||
listen [::]:8443 ssl;
|
|
||||||
# server_name harbordomain.com;
|
|
||||||
server_tokens off;
|
|
||||||
# SSL
|
|
||||||
ssl_certificate /etc/nginx/cert/tls.crt;
|
|
||||||
ssl_certificate_key /etc/nginx/cert/tls.key;
|
|
||||||
|
|
||||||
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
ssl_session_cache shared:SSL:10m;
|
|
||||||
|
|
||||||
# disable any limits to avoid HTTP 413 for large image uploads
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
# required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
|
|
||||||
chunked_transfer_encoding on;
|
|
||||||
|
|
||||||
# Add extra headers
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
|
|
||||||
add_header X-Frame-Options DENY;
|
|
||||||
add_header Content-Security-Policy "frame-ancestors 'none'";
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://portal/;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
|
||||||
|
|
||||||
proxy_cookie_path / "/; HttpOnly; Secure";
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /api/ {
|
|
||||||
proxy_pass http://core/api/;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
|
||||||
|
|
||||||
proxy_cookie_path / "/; Secure";
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /chartrepo/ {
|
|
||||||
proxy_pass http://core/chartrepo/;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
|
||||||
|
|
||||||
proxy_cookie_path / "/; Secure";
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /c/ {
|
|
||||||
proxy_pass http://core/c/;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
|
||||||
|
|
||||||
proxy_cookie_path / "/; Secure";
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /v1/ {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /v2/ {
|
|
||||||
proxy_pass http://core/v2/;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /service/ {
|
|
||||||
proxy_pass http://core/service/;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
|
||||||
|
|
||||||
proxy_cookie_path / "/; Secure";
|
|
||||||
|
|
||||||
proxy_buffering off;
|
|
||||||
proxy_request_buffering off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /service/notifications {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
server {
|
|
||||||
listen 8080;
|
|
||||||
listen [::]:8080;
|
|
||||||
#server_name harbordomain.com;
|
|
||||||
return 301 https://$host$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
---
|
|
||||||
# Source: harbor/templates/portal/configmap.yaml
|
# Source: harbor/templates/portal/configmap.yaml
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
@ -368,7 +193,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
data:
|
data:
|
||||||
nginx.conf: |+
|
nginx.conf: |+
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
@ -419,7 +244,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
data:
|
data:
|
||||||
config.yml: |+
|
config.yml: |+
|
||||||
version: 0.1
|
version: 0.1
|
||||||
@ -443,7 +268,7 @@ data:
|
|||||||
delete:
|
delete:
|
||||||
enabled: true
|
enabled: true
|
||||||
redirect:
|
redirect:
|
||||||
disable: true
|
disable: false
|
||||||
redis:
|
redis:
|
||||||
addr: dragonfly:6379
|
addr: dragonfly:6379
|
||||||
db: 2
|
db: 2
|
||||||
@ -495,7 +320,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
data:
|
data:
|
||||||
---
|
---
|
||||||
# Source: harbor/templates/jobservice/jobservice-pvc.yaml
|
# Source: harbor/templates/jobservice/jobservice-pvc.yaml
|
||||||
@ -514,7 +339,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: jobservice
|
component: jobservice
|
||||||
app.kubernetes.io/component: jobservice
|
app.kubernetes.io/component: jobservice
|
||||||
spec:
|
spec:
|
||||||
@ -539,7 +364,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: http-web
|
- name: http-web
|
||||||
@ -566,7 +391,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: http-metrics
|
- name: http-metrics
|
||||||
@ -590,7 +415,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: http-jobservice
|
- name: http-jobservice
|
||||||
@ -603,39 +428,6 @@ spec:
|
|||||||
app: "harbor"
|
app: "harbor"
|
||||||
component: jobservice
|
component: jobservice
|
||||||
---
|
---
|
||||||
# Source: harbor/templates/nginx/service.yaml
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Service
|
|
||||||
metadata:
|
|
||||||
name: harbor
|
|
||||||
labels:
|
|
||||||
heritage: Helm
|
|
||||||
release: harbor
|
|
||||||
chart: harbor
|
|
||||||
app: "harbor"
|
|
||||||
app.kubernetes.io/instance: harbor
|
|
||||||
app.kubernetes.io/name: harbor
|
|
||||||
app.kubernetes.io/managed-by: Helm
|
|
||||||
app.kubernetes.io/part-of: harbor
|
|
||||||
app.kubernetes.io/version: "2.11.0"
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: default
|
|
||||||
external-dns.alpha.kubernetes.io/hostname: harbor.k-space.ee
|
|
||||||
metallb.universe.tf/address-pool: elisa
|
|
||||||
spec:
|
|
||||||
type: LoadBalancer
|
|
||||||
ports:
|
|
||||||
- name: http
|
|
||||||
port: 80
|
|
||||||
targetPort: 8080
|
|
||||||
- name: https
|
|
||||||
port: 443
|
|
||||||
targetPort: 8443
|
|
||||||
selector:
|
|
||||||
release: harbor
|
|
||||||
app: "harbor"
|
|
||||||
component: nginx
|
|
||||||
---
|
|
||||||
# Source: harbor/templates/portal/service.yaml
|
# Source: harbor/templates/portal/service.yaml
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
@ -650,7 +442,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- port: 80
|
- port: 80
|
||||||
@ -674,7 +466,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: http-registry
|
- name: http-registry
|
||||||
@ -703,7 +495,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: core
|
component: core
|
||||||
app.kubernetes.io/component: core
|
app.kubernetes.io/component: core
|
||||||
spec:
|
spec:
|
||||||
@ -725,13 +517,13 @@ spec:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: core
|
component: core
|
||||||
app.kubernetes.io/component: core
|
app.kubernetes.io/component: core
|
||||||
annotations:
|
annotations:
|
||||||
checksum/configmap: 9ea7f1881e4fe5b908355ee28e246b67c8c498d2f719dd74a5536a51ee2d9865
|
checksum/configmap: 459defa5f990e3b5029d62cfdb86ca9a4191544419bdac39dac6eabc20a1d07c
|
||||||
checksum/secret: 0d2219f91d2afe8594c0136b9b35ea5048724958d8c76a501028f770b34398df
|
checksum/secret: d5281f549a139365b09eb4bc8e2376155c5a67d037b5a2e1fcb1d51a2d321615
|
||||||
checksum/secret-jobservice: 555460412a789ff6b5f107e7a44d6deb7ce9d069b97350b3e9e088e4e5d15330
|
checksum/secret-jobservice: 86e7ec26365fbc33f4c2ecf695d2934a23308e08c76a71be7d190763914a8e1b
|
||||||
spec:
|
spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 10000
|
runAsUser: 10000
|
||||||
@ -740,7 +532,7 @@ spec:
|
|||||||
terminationGracePeriodSeconds: 120
|
terminationGracePeriodSeconds: 120
|
||||||
containers:
|
containers:
|
||||||
- name: core
|
- name: core
|
||||||
image: goharbor/harbor-core:v2.11.0
|
image: goharbor/harbor-core:v2.11.1
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
startupProbe:
|
startupProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
@ -828,6 +620,7 @@ spec:
|
|||||||
secretName: harbor-core
|
secretName: harbor-core
|
||||||
- name: ca-download
|
- name: ca-download
|
||||||
secret:
|
secret:
|
||||||
|
secretName: "harbor-ingress"
|
||||||
- name: psc
|
- name: psc
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
---
|
---
|
||||||
@ -845,7 +638,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: exporter
|
component: exporter
|
||||||
app.kubernetes.io/component: exporter
|
app.kubernetes.io/component: exporter
|
||||||
spec:
|
spec:
|
||||||
@ -867,12 +660,12 @@ spec:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: exporter
|
component: exporter
|
||||||
app.kubernetes.io/component: exporter
|
app.kubernetes.io/component: exporter
|
||||||
annotations:
|
annotations:
|
||||||
checksum/configmap: 79f5dcd087513f8f1d03fca430907faeb9bd7df805dbb251b750fb49ccb0f0b5
|
checksum/configmap: 7175588df9aea5ad07381b9e28514d0f3506380b511be090b7d2ddc40beb5ab0
|
||||||
checksum/secret: 55bad27b07dca97c644c9977eb8c3da9c08c8b8bbda2854878d2936a8da28508
|
checksum/secret: be1b09e9e24f666fd357cca51bb49abd966708df0bd2e97078bf88db7ffddf85
|
||||||
spec:
|
spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 10000
|
runAsUser: 10000
|
||||||
@ -880,7 +673,7 @@ spec:
|
|||||||
automountServiceAccountToken: false
|
automountServiceAccountToken: false
|
||||||
containers:
|
containers:
|
||||||
- name: exporter
|
- name: exporter
|
||||||
image: goharbor/harbor-exporter:v2.11.0
|
image: goharbor/harbor-exporter:v2.11.1
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
@ -937,7 +730,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: jobservice
|
component: jobservice
|
||||||
app.kubernetes.io/component: jobservice
|
app.kubernetes.io/component: jobservice
|
||||||
spec:
|
spec:
|
||||||
@ -961,14 +754,14 @@ spec:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: jobservice
|
component: jobservice
|
||||||
app.kubernetes.io/component: jobservice
|
app.kubernetes.io/component: jobservice
|
||||||
annotations:
|
annotations:
|
||||||
checksum/configmap: 3a35bef831e58536bf86670117b43e2913a4c1a60d0e74d948559d7a7d564684
|
checksum/configmap: 5af691ab7fd728ad91fbd355f03ea709d69f58a32e405436cec9056617490bb3
|
||||||
checksum/configmap-env: 80e8b81abf755707210d6112ad65167a7d53088b209f63c603d308ef68c4cfad
|
checksum/configmap-env: f86af5d5cdbf21c00a2721265d7db84c8cda8ef1b2ac4da29aff32dbdf0a875d
|
||||||
checksum/secret: 66cf8ec37ca1e006ea224e0913c9deb407300393d221fe0564dee44e6b0174cd
|
checksum/secret: 5c1da09046fad8a9360c25063c6f994ff2b3ef91838f4d82f319994cfde74bfe
|
||||||
checksum/secret-core: a4bf7ecaeb201e06638a18b9e941a4b0e66668e484d6084fd1844d2c25a6492c
|
checksum/secret-core: b5644ea6869f9d895c16fe1ec9f6f7d83311c61aee4468b501d3f227e3e2de7e
|
||||||
spec:
|
spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 10000
|
runAsUser: 10000
|
||||||
@ -977,7 +770,7 @@ spec:
|
|||||||
terminationGracePeriodSeconds: 120
|
terminationGracePeriodSeconds: 120
|
||||||
containers:
|
containers:
|
||||||
- name: jobservice
|
- name: jobservice
|
||||||
image: goharbor/harbor-jobservice:v2.11.0
|
image: goharbor/harbor-jobservice:v2.11.1
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
@ -1030,96 +823,6 @@ spec:
|
|||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: harbor-jobservice
|
claimName: harbor-jobservice
|
||||||
---
|
---
|
||||||
# Source: harbor/templates/nginx/deployment.yaml
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: harbor-nginx
|
|
||||||
labels:
|
|
||||||
heritage: Helm
|
|
||||||
release: harbor
|
|
||||||
chart: harbor
|
|
||||||
app: "harbor"
|
|
||||||
app.kubernetes.io/instance: harbor
|
|
||||||
app.kubernetes.io/name: harbor
|
|
||||||
app.kubernetes.io/managed-by: Helm
|
|
||||||
app.kubernetes.io/part-of: harbor
|
|
||||||
app.kubernetes.io/version: "2.11.0"
|
|
||||||
component: nginx
|
|
||||||
app.kubernetes.io/component: nginx
|
|
||||||
spec:
|
|
||||||
replicas: 1
|
|
||||||
revisionHistoryLimit: 10
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
release: harbor
|
|
||||||
app: "harbor"
|
|
||||||
component: nginx
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
heritage: Helm
|
|
||||||
release: harbor
|
|
||||||
chart: harbor
|
|
||||||
app: "harbor"
|
|
||||||
app.kubernetes.io/instance: harbor
|
|
||||||
app.kubernetes.io/name: harbor
|
|
||||||
app.kubernetes.io/managed-by: Helm
|
|
||||||
app.kubernetes.io/part-of: harbor
|
|
||||||
app.kubernetes.io/version: "2.11.0"
|
|
||||||
component: nginx
|
|
||||||
app.kubernetes.io/component: nginx
|
|
||||||
annotations:
|
|
||||||
checksum/configmap: 7114a5d89af834358c44d0e87c66e2c69da2e3dd545c02472a416c8a7857b983
|
|
||||||
spec:
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 10000
|
|
||||||
fsGroup: 10000
|
|
||||||
automountServiceAccountToken: false
|
|
||||||
containers:
|
|
||||||
- name: nginx
|
|
||||||
image: "goharbor/nginx-photon:v2.11.0"
|
|
||||||
imagePullPolicy: "IfNotPresent"
|
|
||||||
livenessProbe:
|
|
||||||
httpGet:
|
|
||||||
scheme: HTTPS
|
|
||||||
path: /
|
|
||||||
port: 8443
|
|
||||||
initialDelaySeconds: 300
|
|
||||||
periodSeconds: 10
|
|
||||||
readinessProbe:
|
|
||||||
httpGet:
|
|
||||||
scheme: HTTPS
|
|
||||||
path: /
|
|
||||||
port: 8443
|
|
||||||
initialDelaySeconds: 1
|
|
||||||
periodSeconds: 10
|
|
||||||
securityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
capabilities:
|
|
||||||
drop:
|
|
||||||
- ALL
|
|
||||||
privileged: false
|
|
||||||
runAsNonRoot: true
|
|
||||||
seccompProfile:
|
|
||||||
type: RuntimeDefault
|
|
||||||
ports:
|
|
||||||
- containerPort: 8080
|
|
||||||
- containerPort: 8443
|
|
||||||
volumeMounts:
|
|
||||||
- name: config
|
|
||||||
mountPath: /etc/nginx/nginx.conf
|
|
||||||
subPath: nginx.conf
|
|
||||||
- name: certificate
|
|
||||||
mountPath: /etc/nginx/cert
|
|
||||||
volumes:
|
|
||||||
- name: config
|
|
||||||
configMap:
|
|
||||||
name: harbor-nginx
|
|
||||||
- name: certificate
|
|
||||||
secret:
|
|
||||||
secretName: harbor-ingress
|
|
||||||
---
|
|
||||||
# Source: harbor/templates/portal/deployment.yaml
|
# Source: harbor/templates/portal/deployment.yaml
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
@ -1134,7 +837,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: portal
|
component: portal
|
||||||
app.kubernetes.io/component: portal
|
app.kubernetes.io/component: portal
|
||||||
spec:
|
spec:
|
||||||
@ -1156,11 +859,11 @@ spec:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: portal
|
component: portal
|
||||||
app.kubernetes.io/component: portal
|
app.kubernetes.io/component: portal
|
||||||
annotations:
|
annotations:
|
||||||
checksum/configmap: d1b4818dc76aa5b382b435491e437f3c5f9795bf1fb019c82b003f75e7bc3d8f
|
checksum/configmap: 24d858ac32ea0ba10f15274a5dc08a307a5bb9f3577cab5a58d086976c36aee5
|
||||||
spec:
|
spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 10000
|
runAsUser: 10000
|
||||||
@ -1168,7 +871,7 @@ spec:
|
|||||||
automountServiceAccountToken: false
|
automountServiceAccountToken: false
|
||||||
containers:
|
containers:
|
||||||
- name: portal
|
- name: portal
|
||||||
image: goharbor/harbor-portal:v2.11.0
|
image: goharbor/harbor-portal:v2.11.1
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
@ -1218,7 +921,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: registry
|
component: registry
|
||||||
app.kubernetes.io/component: registry
|
app.kubernetes.io/component: registry
|
||||||
spec:
|
spec:
|
||||||
@ -1242,14 +945,14 @@ spec:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
component: registry
|
component: registry
|
||||||
app.kubernetes.io/component: registry
|
app.kubernetes.io/component: registry
|
||||||
annotations:
|
annotations:
|
||||||
checksum/configmap: b6973055b0a56022c00f9460283665c292d00f4ec15c0b36ae334781fd72ff93
|
checksum/configmap: 275b555209ecc9f8ff34a171d588f4030db27ae049e605ccf3cfa3c75d1acb6d
|
||||||
checksum/secret: fbad596b28ac7eacc5280d30c332e45f389746bc7bd4fe312d81d20d787aa608
|
checksum/secret: ac3e3bb685db5fdc3d29fe7b464139e5bf5acbd831d0278960f1b05e1addf1ca
|
||||||
checksum/secret-jobservice: 50e965ac72128c882e5371663c8a24d54936984ec4596ee0beb3f5a35708571e
|
checksum/secret-jobservice: 45de3984a60f56d5ba07d509d8e1023ae3eb9991a15d42aaf973d7d2f7801ce9
|
||||||
checksum/secret-core: f16bee9ef108e28e08e2d059c96c79edefb3daeb36709e49be6d0a9971247651
|
checksum/secret-core: 8960ab140ede9fdba5036954428d37ab14d2398379516989d3acd370472c9b1a
|
||||||
spec:
|
spec:
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 10000
|
runAsUser: 10000
|
||||||
@ -1259,7 +962,7 @@ spec:
|
|||||||
terminationGracePeriodSeconds: 120
|
terminationGracePeriodSeconds: 120
|
||||||
containers:
|
containers:
|
||||||
- name: registry
|
- name: registry
|
||||||
image: goharbor/registry-photon:v2.11.0
|
image: goharbor/registry-photon:v2.11.1
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
@ -1305,7 +1008,7 @@ spec:
|
|||||||
mountPath: /etc/registry/config.yml
|
mountPath: /etc/registry/config.yml
|
||||||
subPath: config.yml
|
subPath: config.yml
|
||||||
- name: registryctl
|
- name: registryctl
|
||||||
image: goharbor/harbor-registryctl:v2.11.0
|
image: goharbor/harbor-registryctl:v2.11.1
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
@ -1376,6 +1079,83 @@ spec:
|
|||||||
- name: registry-data
|
- name: registry-data
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
---
|
---
|
||||||
|
# Source: harbor/templates/ingress/ingress.yaml
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: "harbor-ingress"
|
||||||
|
labels:
|
||||||
|
heritage: Helm
|
||||||
|
release: harbor
|
||||||
|
chart: harbor
|
||||||
|
app: "harbor"
|
||||||
|
app.kubernetes.io/instance: harbor
|
||||||
|
app.kubernetes.io/name: harbor
|
||||||
|
app.kubernetes.io/managed-by: Helm
|
||||||
|
app.kubernetes.io/part-of: harbor
|
||||||
|
app.kubernetes.io/version: "2.11.1"
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: default
|
||||||
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||||||
|
ingress.kubernetes.io/proxy-body-size: "0"
|
||||||
|
ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
|
kubernetes.io/ingress.class: traefik
|
||||||
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||||
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||||
|
spec:
|
||||||
|
tls:
|
||||||
|
- secretName: harbor-ingress
|
||||||
|
hosts:
|
||||||
|
- harbor.k-space.ee
|
||||||
|
rules:
|
||||||
|
- http:
|
||||||
|
paths:
|
||||||
|
- path: /api/
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: harbor-core
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
- path: /service/
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: harbor-core
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
- path: /v2/
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: harbor-core
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
- path: /chartrepo/
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: harbor-core
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
- path: /c/
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: harbor-core
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: harbor-portal
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
host: harbor.k-space.ee
|
||||||
|
---
|
||||||
# Source: harbor/templates/metrics/metrics-svcmon.yaml
|
# Source: harbor/templates/metrics/metrics-svcmon.yaml
|
||||||
apiVersion: monitoring.coreos.com/v1
|
apiVersion: monitoring.coreos.com/v1
|
||||||
kind: ServiceMonitor
|
kind: ServiceMonitor
|
||||||
@ -1390,7 +1170,7 @@ metadata:
|
|||||||
app.kubernetes.io/name: harbor
|
app.kubernetes.io/name: harbor
|
||||||
app.kubernetes.io/managed-by: Helm
|
app.kubernetes.io/managed-by: Helm
|
||||||
app.kubernetes.io/part-of: harbor
|
app.kubernetes.io/part-of: harbor
|
||||||
app.kubernetes.io/version: "2.11.0"
|
app.kubernetes.io/version: "2.11.1"
|
||||||
spec:
|
spec:
|
||||||
jobLabel: app.kubernetes.io/name
|
jobLabel: app.kubernetes.io/name
|
||||||
endpoints:
|
endpoints:
|
||||||
|
Loading…
Reference in New Issue
Block a user