From 9c2b5c39eedb437bd9a4ccab2211201b021c2662 Mon Sep 17 00:00:00 2001 From: Erki Aas Date: Thu, 8 Aug 2024 12:45:21 +0300 Subject: [PATCH] fix/update harbor --- harbor/README.md | 4 +++- harbor/application.yml | 16 ++++++++-------- harbor/values.yaml | 5 +---- 3 files changed, 12 insertions(+), 13 deletions(-) diff --git a/harbor/README.md b/harbor/README.md index 4125b0d..516ff11 100644 --- a/harbor/README.md +++ b/harbor/README.md @@ -5,8 +5,10 @@ kubectl create namespace harbor-operator kubectl -n harbor-operator create secret generic harbor-minio-credentials --from-literal REGISTRY_STORAGE_S3_ACCESSKEY=...--from-literal=REGISTRY_STORAGE_S3_SECRETKEY=... kubectl -n harbor-operator create secret generic harbor-postgres-password --from-literal password=... +helm repo add harbor https://helm.goharbor.io + helm template -n harbor-operator --release-name harbor harbor/harbor --include-crds -f harbor/values.yaml > harbor/application.yml -kubectl apply -n harbor -f application.yml -f application-extras.yml +kubectl apply -n harbor-operator -f harbor/application.yml -f harbor/application-extras.yml ``` After deployment login with Harbor admin credentials and configure OIDC: diff --git a/harbor/application.yml b/harbor/application.yml index 394c72a..847139e 100644 --- a/harbor/application.yml +++ b/harbor/application.yml @@ -523,8 +523,8 @@ spec: app.kubernetes.io/component: core annotations: checksum/configmap: 9ea7f1881e4fe5b908355ee28e246b67c8c498d2f719dd74a5536a51ee2d9865 - checksum/secret: ca32f9ad83fe0ed3d8ebb51e01558e15a66ea80eb95dae096d00a19e25f2f239 - checksum/secret-jobservice: e54d9ef76e5cfb44adfcf233be3c39cc3f6d15ed61a36c4370fa5948c3192f38 + checksum/secret: af720060dbb42f2109b7fd0811a83c48c55313f95c3ba2e6e68010be0a2b2cd4 + checksum/secret-jobservice: fdcf96de5337fccbcdac406929acbb799cb61e43c21be4f6affce7b2d7eaef3f spec: securityContext: runAsUser: 10000 @@ -612,7 +612,7 @@ spec: path: app.conf - name: secret-key secret: - secretName: harbor-core-oidc-secret-encryption-key + secretName: harbor-core items: - key: secretKey path: key @@ -761,8 +761,8 @@ spec: annotations: checksum/configmap: 3a35bef831e58536bf86670117b43e2913a4c1a60d0e74d948559d7a7d564684 checksum/configmap-env: 80e8b81abf755707210d6112ad65167a7d53088b209f63c603d308ef68c4cfad - checksum/secret: 8f842279ee68a874f9f099e41130fc9792a74bb594ac52eb5615587636988526 - checksum/secret-core: d210f333cfb703a98116fd88d154fb61ed81a81b4276f042496d53e622702c5c + checksum/secret: 6902f5ee11437ee5149ff54e363487163c43e21ddce1b120ea5528f3def513c6 + checksum/secret-core: ed0bce05c92f40e7b854d7206e08d4c1581aac476956839e42075ab9cdd61e45 spec: securityContext: runAsUser: 10000 @@ -951,9 +951,9 @@ spec: app.kubernetes.io/component: registry annotations: checksum/configmap: b11f146e734a9ac7c3df9f83562e7ac5fea9e2b10b89118f19207c9b95104496 - checksum/secret: a441697613dc9da44a7147c0212aafcfb5e12cc4dfb7130b55851b6a502ceac6 - checksum/secret-jobservice: b316e2054db578411b0078450fe05fc52b227cead30b5981ed20c2c97f8c7d8b - checksum/secret-core: 2f3ad0d88e741a710ff8068d2f687b1873667bebb472ddb85726b87375a9e1c6 + checksum/secret: dca1f41d66de90e85f5979631e3653bd898df32609307e2e794a72004dec22f9 + checksum/secret-jobservice: 1728caf6daf5c1b1770da4133efe152d0a10260cb6e5271b7545696ff3b8a1f4 + checksum/secret-core: 7c8aefdcb5f56e17ceb9dc21105e5b98d5a9294b70e1bea13ef83cc40fb595e2 spec: securityContext: runAsUser: 10000 diff --git a/harbor/values.yaml b/harbor/values.yaml index 1bea01d..5779610 100644 --- a/harbor/values.yaml +++ b/harbor/values.yaml @@ -6,7 +6,7 @@ expose: hosts: core: harbor.k-space.ee annotations: - cert-manager.io/cluster-issuer: default + cert-manager.io/cluster-issuer: default kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" @@ -77,9 +77,6 @@ existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD # debug, info, warning, error or fatal logLevel: debug -# If using existingSecretSecretKey, the key must be secretKey -existingSecretSecretKey: "harbor-core-oidc-secret-encryption-key" - # Run the migration job via helm hook enableMigrateHelmHook: false