From 4532eccd6d2765b6ace78177700227915438f8c0 Mon Sep 17 00:00:00 2001 From: Erki Aas Date: Sat, 24 Aug 2024 19:36:10 +0300 Subject: [PATCH] proxy image artefacts through harbor --- harbor/application.yml | 139 +++-------------------------------------- harbor/values.yaml | 2 +- 2 files changed, 10 insertions(+), 131 deletions(-) diff --git a/harbor/application.yml b/harbor/application.yml index 1aaf158..54fa82f 100644 --- a/harbor/application.yml +++ b/harbor/application.yml @@ -1,125 +1,4 @@ --- -# Source: harbor/templates/core/core-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: harbor-core - labels: - heritage: Helm - release: harbor - chart: harbor - app: "harbor" - app.kubernetes.io/instance: harbor - app.kubernetes.io/name: harbor - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "2.11.0" -type: Opaque -data: - secretKey: "bm90LWEtc2VjdXJlLWtleQ==" - secret: "SmhSWFBRek5wQ2NqdWxUbA==" - tls.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBbk5zRWc2SE95OUtFODNjbFpHS1ZhRG1ST3hHM3UwcDRydGptVHd0Z3p4VDB0UlV0CjVvVEI1Uk5ER0QrTE9MQnBSM3VOaFlheDVIQW5WbEpYTnJsa21vQWpuelVMUHRldTNmWWdpbWlqK0ZCS1RnVTkKakdwbmV6TGRKMDh4R0doR2cvMFVJVjZEU2NRT2t5VTlOR2xGK1laRS90SjhjRzR6MFFxbFZWL0NpZVZWK0N2egpnbWc1MEt6MHJOTjJaSUNFL3M0d2ZGODNXVVV6MFZTRmZ2YnFCTnpKUkNJSyt0ektGWmFVcUx0amp3V2lwZTRMCjZGbUJlLzlDODkrNmF6a1ZlQ3QyMDdaanM5ck9NVVFpZ0dkRlNhczhRM0ZGVTVTaExxQUhnbVkyaE1ETlRBYnQKQVdtTzRwRlJFTXZlQ1BXazBINHU2QW1iejFKZ0tZRGdjUm01Y3dJREFRQUJBb0lCQURqamNtS3ZWOG95b3dlTwpLZUNicEtaMVlvZnk2QmtrYkZxMXplblRMWnhOZEdjTXRHWUx0aXIzN25pbjZ6MTNOZWU0RnQ3YnVEOHFzZ21yCnVYZmVpMjlCbENuVTJpeERtMmRqTWZBZy9YODgxNFl1Zm1FajRqNGJkM3dmUzZZWGc2T3hNUkRkTDI2Y2pkQ3UKUytGcllQYWJ6UUJDcE9FK0Jzc0ZPbXVaWEh3WVFOTERPbTZzWnlqR3VQZEZCZUlLa1ROSjJjWUZqQXBMd1dWdgp2NUwybnhWaHdwNXdqWWFPZmdVZUs1K2YwT3VXNFgva1dveGhHeVZLczJ2WUNwOTM1ZTk0KytwN05OOXVOQmExCmNKejhRY3FYQ0ZZRG0rbkswdVVacmlSR2E3elBKbmdjd0g2c3pMbHlpZ3YzeHZKbzBqZ2tnUjltNVF5TkV2cUwKNWdLY3Rra0NnWUVBeFJuOXBtdDlab3Y1RC92S3RPaDBKakNmVDQ4NzNRYkZmdUVydm95RVUyMit6MTZVL3hBbgpiTXVHSEU5dnJQWjFxWHlkdUNuYXRUY3RBTHRyQ1RicFhCTTRYQlV1d2phQzRnS3l6NVNNM1cvdFdsZ0xNeDIrCnBmZS9rTVE4N1VIMm5Ncnl2d1RGMG5VS2hDSG9VOGZsUGdhRUc5dzhlVC9uT1ByV3llZS9QVThDZ1lFQXk3cEMKNFpJRFgyWXpJRU1ueUpJY3BFYU5RaVFGTHppWk1WVllVVGc4dkcvczhGZGI5S3hiMjFQekR5SzZnSFc3dUs2TwpISjBacUtzcHBEYkNpUDVDb2tiM1JMWVM0eXZIWnBPdlF4QVRQanhURUNxMUVvSHVXNkdWUTBXYVY1ckFseEUzClBjV0dUcVNvTkd0NG5QWFFjNGZabVZlbFVyQWpNNWdDcFg4VTRKMENnWUFuUzdsQVZxblhxZ3hyM1YxYW1BV2cKSDQyRGhTRUFQZnRlQW5LQU9PK2cybjV5Ulg4Ykl4TlpJM0tIYm1icmF1K21iTXZkRGFzbStlc2svRGlveTZQVwowWllvOWFndTNFTlg0QVhhVU5tTXhHWGozeTNNY1Irell5TjBMMHVlV2NwYkZETTFWalJDYzBjM2RMTW5FUEZwClhrODBac0kvd2pmTkttVnNONkh2RFFLQmdCT0FDNkROdWhicWtHQTVMVmlzYTZOcHdXR2dVd0szRnlxNnNZNXMKcEp1ZzF2d1dVSTMxNVlEejR5TUN2dmxHeTZZY3h5dUQrZzNEL0dOa2ZuQmdiZjVjYnBTY0hPaXpxdzF0ZTJ3ZQo0TWluTzRnam5sdGNKbldNM04yb2p1SnR4SnR4SVdsL082RFJiK3c4a1RuczZYdjFkK1dPbHh0NEVwYUFxVmd2CjlzNmRBb0dBV3A2VUVtRXpXUThCSVNYWUl0a1NBMjc1N3BEUmw1YnoxNkg4L2htanFRWVFOeWg2WnVSRjV1TUwKRndldytHeHN4OHJWazdEUktuN2tRcHFSU0ZYOTJkOUREVkc4WW9uemRDSFZpemtqR0FwSUZNNUFmWG04TTZ2UQpOUjB5MU5Yd2ZMZ0FsNU1TK0thcVQwaGJjU3FkYjI0OUtFZ1pLcmEyZGpVSk1nNmhXTU09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==" - tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJRENDQWdpZ0F3SUJBZ0lSQUtoRDl2ZlVWOE1IVGRHRXdadDViUDR3RFFZSktvWklodmNOQVFFTEJRQXcKR2pFWU1CWUdBMVVFQXhNUGFHRnlZbTl5TFhSdmEyVnVMV05oTUI0WERUSTBNRGd5TXpFNE1qZ3dNbG9YRFRJMQpNRGd5TXpFNE1qZ3dNbG93R2pFWU1CWUdBMVVFQXhNUGFHRnlZbTl5TFhSdmEyVnVMV05oTUlJQklqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBbk5zRWc2SE95OUtFODNjbFpHS1ZhRG1ST3hHM3UwcDQKcnRqbVR3dGd6eFQwdFJVdDVvVEI1Uk5ER0QrTE9MQnBSM3VOaFlheDVIQW5WbEpYTnJsa21vQWpuelVMUHRldQozZllnaW1paitGQktUZ1U5akdwbmV6TGRKMDh4R0doR2cvMFVJVjZEU2NRT2t5VTlOR2xGK1laRS90SjhjRzR6CjBRcWxWVi9DaWVWVitDdnpnbWc1MEt6MHJOTjJaSUNFL3M0d2ZGODNXVVV6MFZTRmZ2YnFCTnpKUkNJSyt0eksKRlphVXFMdGpqd1dpcGU0TDZGbUJlLzlDODkrNmF6a1ZlQ3QyMDdaanM5ck9NVVFpZ0dkRlNhczhRM0ZGVTVTaApMcUFIZ21ZMmhNRE5UQWJ0QVdtTzRwRlJFTXZlQ1BXazBINHU2QW1iejFKZ0tZRGdjUm01Y3dJREFRQUJvMkV3Clh6QU9CZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUMKTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRk9xalpvcGlBOTZqTmZKVTRuNGNnQUlaWG1DaApNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNDNVdTSG4rcXVZZzJGRkoyYU9FajNWRk9ISENkaU9qNE1xUlE3Cjh4dTVyL2s5QnZvUit6QUpqSHNqRUpCcGNpNjYwV2FBbkw3NWNpc1N2MnB5S3YwNmFzS1MwNEdENFRIVE1sa1QKRXc0Y3JwMWIrWVg1akRMenBtSEJBN2ZaUmNFdEhkT01PdENBaVV0UkVSMmZZeThyZXFxMFpEa1FlNkk3OElEQwpERHRnbC85bDFQZ0xMeDYxeWdEZ1p2aG1od0hiVkFIdU5nb2kwdkhjeldoelhFK1RTTzJ0VVVxMmxhYTV2Y0Z1CmxnK3g0YzVGRUhrdmc1S0FLellDczM4RHhDYmZpWXhyanYwYkZVcnNzRzRZWmRDYTJNOGg0NDJ5L3AveXpKZU0KN0UvTjdyeUpla3FTUFVMQ1JuVHhXL2FEV3VSQ1Fac21ZamV2UmxCTXJhNkdtckh6Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" - HARBOR_ADMIN_PASSWORD: "SGFyYm9yMTIzNDU=" - REGISTRY_CREDENTIAL_PASSWORD: "aGFyYm9yX3JlZ2lzdHJ5X3Bhc3N3b3Jk" - CSRF_KEY: "dmFZRUtVQ0MySGxCRnRyeVdMcXF3U0dhMUNWOHVzUE8=" ---- -# Source: harbor/templates/exporter/exporter-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: harbor-exporter - labels: - heritage: Helm - release: harbor - chart: harbor - app: "harbor" - app.kubernetes.io/instance: harbor - app.kubernetes.io/name: harbor - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "2.11.0" -type: Opaque -data: - HARBOR_ADMIN_PASSWORD: "SGFyYm9yMTIzNDU=" ---- -# Source: harbor/templates/jobservice/jobservice-secrets.yaml -apiVersion: v1 -kind: Secret -metadata: - name: "harbor-jobservice" - labels: - heritage: Helm - release: harbor - chart: harbor - app: "harbor" - app.kubernetes.io/instance: harbor - app.kubernetes.io/name: harbor - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "2.11.0" -type: Opaque -data: - JOBSERVICE_SECRET: "ZU1oS0lBajVQUVcyRjI1Vg==" - REGISTRY_CREDENTIAL_PASSWORD: "aGFyYm9yX3JlZ2lzdHJ5X3Bhc3N3b3Jk" ---- -# Source: harbor/templates/registry/registry-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: "harbor-registry" - labels: - heritage: Helm - release: harbor - chart: harbor - app: "harbor" - app.kubernetes.io/instance: harbor - app.kubernetes.io/name: harbor - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "2.11.0" -type: Opaque -data: - REGISTRY_HTTP_SECRET: "VWxMS0YwYkpZQVRnU0dSUg==" - REGISTRY_REDIS_PASSWORD: "TXZZY3VVMFJhSXUxU1g3ZlkxbTFKcmdMVVNhWkpqZ2U=" ---- -# Source: harbor/templates/registry/registry-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: "harbor-registry-htpasswd" - labels: - heritage: Helm - release: harbor - chart: harbor - app: "harbor" - app.kubernetes.io/instance: harbor - app.kubernetes.io/name: harbor - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "2.11.0" -type: Opaque -data: - REGISTRY_HTPASSWD: "aGFyYm9yX3JlZ2lzdHJ5X3VzZXI6JDJhJDEwJDJzNFJMemFkMjNXYnUwNC5RZ1JrSi5JMWFLODhjWmFYdVRHOUh4Y1NGR2tsWjh1UmI5SUdx" ---- -# Source: harbor/templates/registry/registryctl-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: "harbor-registryctl" - labels: - heritage: Helm - release: harbor - chart: harbor - app: "harbor" - app.kubernetes.io/instance: harbor - app.kubernetes.io/name: harbor - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/part-of: harbor - app.kubernetes.io/version: "2.11.0" -type: Opaque -data: ---- # Source: harbor/templates/core/core-cm.yaml apiVersion: v1 kind: ConfigMap @@ -564,7 +443,7 @@ data: delete: enabled: true redirect: - disable: false + disable: true redis: addr: dragonfly:6379 db: 2 @@ -851,8 +730,8 @@ spec: app.kubernetes.io/component: core annotations: checksum/configmap: 9ea7f1881e4fe5b908355ee28e246b67c8c498d2f719dd74a5536a51ee2d9865 - checksum/secret: ad9c2189410b47755f168b9cbb79d326a13d16176d96a521e287abbafc419df5 - checksum/secret-jobservice: d1b516e308114f8734b8eddf9260861e6c3d00e587c60491ad2c4e5f8c3e8b6f + checksum/secret: 7827f00e118d39ccc4caad6df2df2125a0cef6b6ad9583cb30a6b17e62e1b934 + checksum/secret-jobservice: f6fcc2a7c9a0224eefa0b4ed2deed3fb22335c417d5645067efdc1341de26bc7 spec: securityContext: runAsUser: 10000 @@ -1095,8 +974,8 @@ spec: annotations: checksum/configmap: 3a35bef831e58536bf86670117b43e2913a4c1a60d0e74d948559d7a7d564684 checksum/configmap-env: 80e8b81abf755707210d6112ad65167a7d53088b209f63c603d308ef68c4cfad - checksum/secret: 611e10e564e1a519738a970fde36e25bcc66253e31b90c0bb456cc55d42cd5a7 - checksum/secret-core: bd3ce629c3ae3006f760f0552687212b8661ef62a9b8aea7cb476655be546e21 + checksum/secret: 35297960a512675e6dcdff9d387587916f748c2c2ca2b5b8e5cbe5853488971b + checksum/secret-core: 72ed9c9917dd47ba68b05273e113792198afa5e09a696689e1063fbaffc80034 spec: securityContext: runAsUser: 10000 @@ -1395,10 +1274,10 @@ spec: component: registry app.kubernetes.io/component: registry annotations: - checksum/configmap: b11f146e734a9ac7c3df9f83562e7ac5fea9e2b10b89118f19207c9b95104496 - checksum/secret: 0f5e88685eab94c5cbd47af720313509083331fcdbd9cae66b398fcda5db4d0f - checksum/secret-jobservice: 7a0f120fa4eeb574f5aa57abcc015d73eee4412bb4548488f26d13f3837416ee - checksum/secret-core: e354eacb10ba71353349bcbd04502278c8bcb0522adc2a26f213000305ab1327 + checksum/configmap: b6973055b0a56022c00f9460283665c292d00f4ec15c0b36ae334781fd72ff93 + checksum/secret: b246f895959725e4164cb10bc8c1c5d4d50618736c48129c8ee233b126164339 + checksum/secret-jobservice: 37d8a246aaaed2ca66ea98c8e6b0fd875de5cb0cf2660abd7bda98fa6d630ccb + checksum/secret-core: a3deaec6a79903eb0619162ab91a87581ae2da37bc3f894792a2f48912a2b7c8 spec: securityContext: runAsUser: 10000 diff --git a/harbor/values.yaml b/harbor/values.yaml index c49707b..8a54709 100644 --- a/harbor/values.yaml +++ b/harbor/values.yaml @@ -48,7 +48,7 @@ persistence: # Refer to # https://github.com/distribution/distribution/blob/main/docs/configuration.md#redirect # for the detail. - disableredirect: false + disableredirect: true type: s3 s3: # Set an existing secret for S3 accesskey and secretkey