From a765f0305b4edb5ee6b657bcdc80399e41eb7ee8 Mon Sep 17 00:00:00 2001 From: mengkzhaoyun Date: Thu, 10 Jan 2019 19:05:26 +0800 Subject: [PATCH] update --- dist.yaml | 1293 ----------------------------------------------------- 1 file changed, 1293 deletions(-) delete mode 100644 dist.yaml diff --git a/dist.yaml b/dist.yaml deleted file mode 100644 index 9bc67f2..0000000 --- a/dist.yaml +++ /dev/null @@ -1,1293 +0,0 @@ ---- -# Source: harbor/templates/adminserver/adminserver-secrets.yaml -apiVersion: v1 -kind: Secret -metadata: - name: "harbor-adminserver" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-adminserver -type: Opaque -data: - secretKey: "blFJbUJuNVNWQ0hMN2VocQ==" - EMAIL_PWD: "cGFzc3dvcmQ=" - HARBOR_ADMIN_PASSWORD: "NTg3NzIwMTU=" - POSTGRESQL_PASSWORD: "c3BhY2VJTjUxMQ==" - JOBSERVICE_SECRET: "QkJSUXd5U2tzaUhacUpVaA==" - UI_SECRET: "QkJSUXd5U2tzaUhacUpVaA==" - - CLAIR_DB_PASSWORD: "c3BhY2VJTjUxMQ==" - - ---- -# Source: harbor/templates/chartmuseum/chartmuseum-secret.yaml - -apiVersion: v1 -kind: Secret -metadata: - name: "harbor-chartmuseum" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -type: Opaque -data: - CACHE_REDIS_PASSWORD: "" - BASIC_AUTH_PASS: "QkJSUXd5U2tzaUhacUpVaA==" ---- -# Source: harbor/templates/database/database-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: "harbor-database" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -type: Opaque -data: - POSTGRES_PASSWORD: "c3BhY2VJTjUxMQ==" ---- -# Source: harbor/templates/jobservice/jobservice-secrets.yaml -apiVersion: v1 -kind: Secret -metadata: - name: "harbor-jobservice" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -type: Opaque -data: - secretKey: "blFJbUJuNVNWQ0hMN2VocQ==" - JOBSERVICE_SECRET: "QkJSUXd5U2tzaUhacUpVaA==" - UI_SECRET: "QkJSUXd5U2tzaUhacUpVaA==" ---- -# Source: harbor/templates/registry/registry-secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: "harbor-registry" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -type: Opaque -data: - httpSecret: "QkJSUXd5U2tzaUhacUpVaA==" ---- -# Source: harbor/templates/ui/ui-secrets.yaml - -apiVersion: v1 -kind: Secret -metadata: - name: "harbor-ui" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -type: Opaque -data: - secretKey: "blFJbUJuNVNWQ0hMN2VocQ==" - secret: "QkJSUXd5U2tzaUhacUpVaA==" - jobserviceSecret: "QkJSUXd5U2tzaUhacUpVaA==" - tokenServiceRootCertBundle: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2ekNDQWRPZ0F3SUJBZ0lRTGh6a0EyN2Nhd1JKczl6d1hNeUxhREFOQmdrcWhraUc5dzBCQVFzRkFEQVIKTVE4d0RRWURWUVFERXdab1lYSmliM0l3SGhjTk1UZ3hNREU0TVRFd01EQTFXaGNOTVRreE1ERTRNVEV3TURBMQpXakFSTVE4d0RRWURWUVFERXdab1lYSmliM0l3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUM4ckV5TW80eTN0TVNhemRQWGZrOXlUczBydHRnQkgraTFLS2l5b3F1SGtFN2hiUmJZbXJGbzYzSmMKYmF3bk1mZnBUT1pEajVmb0hFaXR4TmlvVEdNR2tEMng0Uy9vd2hDSEs5cHplNFJtOTF3SjZrK2d1VWhnOXRHdwpDbFM1YmxYUVRrVXh3WUprSG9lbnkvZGFmNUU5ZzlSYkJtQ0hNSTFxS0V1T1UrSkhTZ3lYMmE3cHViNkgzQ1hICkJZSlEyVzJHTjJ5RmhudHlEcXhFRGpEVTd3QXBEcGdUeXh6dllkemlFdjdMYUE3Y2ZxQzJqUURMZmsrK2w1d2YKeGVONHk4NFlNV2ZEb0pkblpQNjQ3bVpZaGJ0aHVjWlRPMWI3RUprTEsyTkNJK0xCMnVHS3BiMGxVTnczMzlvdQpCWUlEaXdRRDg0V2lhdHZoZTd4TVZUY2wvUHI5QWdNQkFBR2pQekE5TUE0R0ExVWREd0VCL3dRRUF3SUZvREFkCkJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFPUVM0cEpsZHhscGFObnFiL2tUQ1lBaStLdi80cko3TjN1dFFCQit4UEJCMwpiTnQ1ZlpQemhkbEhyRHRTVWhCRGRHNzVpWitWcE1NVGtNanAwM0txYXhPcnZ1eXdpY2o1Q2hEOERFYURDM3JCClBsaE5UZE5HUzVtVURUUmloUkZYRklHdDBrQjh2cjNXUTRDY2VsT0NOdG1NSzNqN2l5R3o1MmxZR0tKMUFnZkwKVWFVVXZnSVVZTnFDR1ZwZG1FWDF0YTRUN2w2T3cvbmNJdkpSZEtHbDhNUTRSV0pvcWNpbEcrQk9udFB5MEo3SQpkOXZyUWxHSVowOGlyaTVyaERWbFBMYmR1YmpzTVJzWERhSGhxWWpiMjFZOHpiWWJWNnd1ZHlzRUVJSHJaNER4CnJ3NlY2UnZPYkpnUC9JK2dad01NanhmRTFNSGRrSVNkTXVBZ1RtVU5WUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" - tokenServicePrivateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdkt4TWpLT010N1RFbXMzVDEzNVBjazdOSzdiWUFSL290U2lvc3FLcmg1Qk80VzBXCjJKcXhhT3R5WEcyc0p6SDM2VXptUTQrWDZCeElyY1RZcUV4akJwQTlzZUV2Nk1JUWh5dmFjM3VFWnZkY0NlcFAKb0xsSVlQYlJzQXBVdVc1VjBFNUZNY0dDWkI2SHA4djNXbitSUFlQVVd3WmdoekNOYWloTGpsUGlSMG9NbDltdQo2Ym0raDl3bHh3V0NVTmx0aGpkc2hZWjdjZzZzUkE0dzFPOEFLUTZZRThzYzcySGM0aEwreTJnTzNINmd0bzBBCnkzNVB2cGVjSDhYamVNdk9HREZudzZDWFoyVCt1TzVtV0lXN1libkdVenRXK3hDWkN5dGpRaVBpd2RyaGlxVzkKSlZEY045L2FMZ1dDQTRzRUEvT0ZvbXJiNFh1OFRGVTNKZno2L1FJREFRQUJBb0lCQUdMNFZ1ZG5XNGQ2TWErcQp6TGM3c04wYmJSRERSeWUvMzBnNFhkWG04dWVYMFdqNjJvTWhFbk1oSHNwUlZYN3gvVVBLYlBkL3VZV3VZSW1XCnVyZjk2ZXdsZWRkM2NyUThLSU5mZzZZVVl1M0lUK1Y3bmUySGcrb3BUdkZ6V2VJemVKeGVrbmw1TXJibU5PN1cKVlppSlZselliR3FiTzhOdXVwKzNKM3N2a1lFbTlSOUVFRXJWczFNZU9LeFp2azRtSVdyT05BdHVMTlM5VDFlKwpEbHdhWjhHQ1dMdUxwTkhMMnRjWGdPa0NocUpPQmV4RHkrdmsxc3RTd3VtRk1PanRSNHhBV1BiSms2QUVFVzhiCndhYjlKaW9PR0U4MFNYZHowVGVDV1lIZCt6Q2g0M2JlSXRSMUEzZXd1RG40ZlI0VEdyTTAwZ0M5L29XelM0RUwKQUFBVXNrRUNnWUVBeHVLYWxiQXRhN3JINXBpNjYyWDJjRmNTUnlOUjA3UmNTSlRzWXl5dWQ0ZUJFaE1WaU5RUQphcXlzTmdIR1ljdlN1bGVSYVdpYVVOT2tlRDNUdTk4aGhCRkdGU1ZpandZZXAzUW02RnFYOG52d1BDVklOTkttClVTNnZ1b0FPUjBySTA5bkJ4aktwZHZRRUJuVHE4THV4MHY1MWRIWEVrM0pHUVRxanhidFQ1bFVDZ1lFQTh0cnUKdFVVQVIvUGs3cmtuSTRLMGhucGZxNDlCa05RUXdKd3hPMk8xS2V6eEVXOGowTTBFOHg0VGZJUDNFNWxUdHh6VQpQZlJrVnpRblE4Z21hWEZDSnUxWktvL09oaUJ1am9kYnJKMzdCL24zTnZKRW45QnFrdGJBbTN5VTJPajdIZjVTCnpXdkw5WVFNRk85NVEvc0RNeGJjamtRYlByMitDdmNUUFR6UVdna0NnWUFMQi9pUkF1T1NEUnNYVkROUjZTYmgKRmtOQ1JOZytDTXZ4anFrSjJ5bVdJYUxzRUxqcURQRVlLWm1ucVRPS3F4WjJGWE5RU0dmK3dhNW1xTzg4aFdURApnWDNFb0gwMTk1M3RwY2llckordTZHYnJ2eG1oTEduaktOYkFYbWZzVmw2TE9aSEEzNEI4dzQ0Um1aeUtXNjdDClNERFZrODZpYXYwd2t3TVFiWko2dlFLQmdIM1YzelpoNklGZjZOR2hjcHc5ejVpV3RCZkxCT2dzV2ZuVGROY1gKRlBvQ1llN3NyWncxZjBrUjNucjRUZ0FEeEpMdkJ6S0svYXNKeFFha0lQTWwwbWNsT0x5TEF6SVFmL2l1UGx3MQpCNnZjWTdJKzJqd00zQXYxNXBzcWRGM29hcVhoNzdtdEQyUEo1aEM2L1JTeWJiZjlNbzhzendrMWU5Rm1zTHRjClZZRXhBb0dCQUo1ZjRlaGZQbDBhUTJ3ZzVoY25INCtDeTNwZjFDWDJQUkZmNGU5Q2cvVXFGMmNRQnA1TFNKdzQKZ0kyQ3hWMmRpdU1NMTdSbnZtMWl2ZGRvd0E1MnM2aTNad1JOSStxWDU0d2tzSUtucyt5VG90ek9pUEFoemUrNgpKU0lOVXc4ZUFzNTBmOVdTc21UbDl0RWNVN0t4TVRQbkltZTF5Rjl4TlJuQktQc01JZm1OCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==" - ---- -# Source: harbor/templates/adminserver/adminserver-cm.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: "harbor-adminserver" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-adminserver -data: - POSTGRESQL_HOST: "harbor-database" - POSTGRESQL_PORT: "5432" - POSTGRESQL_USERNAME: "postgres" - POSTGRESQL_DATABASE: "registry" - EMAIL_HOST: "smtp.mydomain.com" - EMAIL_PORT: "25" - EMAIL_USR: "sample_admin@mydomain.com" - EMAIL_SSL: "false" - EMAIL_FROM: "admin " - EMAIL_IDENTITY: "" - EMAIL_INSECURE: "false" - EXT_ENDPOINT: "https://harbor.wodcloud.com" - UI_URL: "http://harbor-ui" - JOBSERVICE_URL: "http://harbor-jobservice" - REGISTRY_URL: "http://harbor-registry:5000" - TOKEN_SERVICE_URL: "http://harbor-ui/service/token" - WITH_NOTARY: "true" - NOTARY_URL: "http://harbor-notary-server:4443" - LOG_LEVEL: "info" - IMAGE_STORE_PATH: "/" # This is a temporary hack. - AUTH_MODE: "db_auth" - SELF_REGISTRATION: "on" - LDAP_URL: "ldaps://ldapserver" - LDAP_SEARCH_DN: "" - LDAP_BASE_DN: "" - LDAP_FILTER: "(objectClass=person)" - LDAP_UID: "uid" - LDAP_SCOPE: "2" - LDAP_TIMEOUT: "5" - LDAP_VERIFY_CERT: "True" - DATABASE_TYPE: "postgresql" - PROJECT_CREATION_RESTRICTION: "everyone" - VERIFY_REMOTE_CERT: "off" - MAX_JOB_WORKERS: "3" - TOKEN_EXPIRATION: "30" - CFG_EXPIRATION: "5" - GODEBUG: "netdns=cgo" - ADMIRAL_URL: "NA" - RESET: "false" - WITH_CLAIR: "true" - CLAIR_DB_HOST: "harbor-database" - CLAIR_DB_PORT: "5432" - CLAIR_DB_USERNAME: "postgres" - CLAIR_DB: "postgres" - CLAIR_URL: "http://harbor-clair:6060" - UAA_ENDPOINT: "" - UAA_CLIENTID: "" - UAA_CLIENTSECRET: "" - UAA_VERIFY_CERT: "True" - REGISTRY_STORAGE_PROVIDER_NAME: "filesystem" - WITH_CHARTMUSEUM: "true" - CHART_REPOSITORY_URL: "http://harbor-chartmuseum" ---- -# Source: harbor/templates/chartmuseum/chartmuseum-cm.yaml - -apiVersion: v1 -kind: ConfigMap -metadata: - name: "harbor-chartmuseum" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -data: - PORT: "9999" - CACHE: "redis" - CACHE_REDIS_ADDR: "harbor-redis:6379" - CACHE_REDIS_DB: "0" - BASIC_AUTH_USER: "chart_controller" - DEPTH: "1" - STORAGE: "local" - STORAGE_LOCAL_ROOTDIR: "/chart_storage" - DEBUG: "false" - LOG_JSON: "true" - DISABLE_METRICS: "false" - DISABLE_API: "false" - DISABLE_STATEFILES: "false" - ALLOW_OVERWRITE: "true" - CHART_URL: "" - AUTH_ANONYMOUS_GET: "false" - TLS_CERT: "" - TLS_KEY: "" - CONTEXT_PATH: "" - INDEX_LIMIT: "0" - MAX_STORAGE_OBJECTS: "0" - MAX_UPLOAD_SIZE: "20971520" - CHART_POST_FORM_FIELD_NAME: "chart" - PROV_POST_FORM_FIELD_NAME: "prov" ---- -# Source: harbor/templates/clair/clair-cm.yaml - -apiVersion: v1 -kind: ConfigMap -metadata: - name: harbor-clair - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-clair -data: - config.yaml: | - clair: - database: - type: pgsql - options: - source: "postgres://postgres:spaceIN511@harbor-database:5432/postgres?sslmode=disable" - # Number of elements kept in the cache - # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database. - cachesize: 16384 - - api: - # API server port - port: 6060 - healthport: 6061 - - # Deadline before an API request will respond with a 503 - timeout: 300s - updater: - interval: 12h - - notifier: - attempts: 3 - renotifyinterval: 2h - http: - endpoint: "http://harbor-ui/service/notifications/clair" - - ---- -# Source: harbor/templates/jobservice/jobservice-cm.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: "harbor-jobservice" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -data: - config.yml: |+ - protocol: "http" - port: 8080 - worker_pool: - workers: 50 - backend: "redis" - redis_pool: - redis_url: "harbor-redis:6379/0" - namespace: "harbor_job_service_namespace" - logger: - path: "/var/log/jobs" - level: "INFO" - archive_period: 14 #days - admin_server: "http://harbor-adminserver" - ---- -# Source: harbor/templates/notary/notary-cm.yaml - -apiVersion: v1 -kind: ConfigMap -metadata: - name: harbor-notary - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-notary -data: - - - notary-signer-ca.crt: | - -----BEGIN CERTIFICATE----- - MIIDAzCCAeugAwIBAgIRAJezuy9IauATwFDRanYM33owDQYJKoZIhvcNAQELBQAw - GzEZMBcGA1UEAxMQaGFyYm9yLW5vdGFyeS1jYTAeFw0xODEwMTgxMTAwMDVaFw0y - ODEwMTUxMTAwMDVaMBsxGTAXBgNVBAMTEGhhcmJvci1ub3RhcnktY2EwggEiMA0G - CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLUeEUgREsFZ+r5x0OiWieMWrvjQJy - +SwJQ9e4OFa6dHaHVC70Mf9mlcYE0Kgj9MXTCDTI48JCq2fFzHApCM1Sr7s0Xm7g - IaYdx0BGU2ybzW72WXhVp4/r2JPZzt19zEhBjqtrZZDYLx+p7seJHd4YPruv4R2w - k0/SMY7kJuTRqwzQtQ8x9Qa8Dxc2ZGjR19t+yvJzI4/Nk7iBKZ5ulspqF+02avnw - ZVtg8xFgWct4IrOyxWO3sv0tAXppdEqU4SFxwPwuZJWKFg6CNADDZzDn1ajIdSYu - rzteVCH7qhSZO1xM+VJyU3WJphvQh4pZ5Q7comIGBu2yBdVTU3jpqudRAgMBAAGj - QjBAMA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH - AwIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAcCG0K7/Zulet - 4qnHq1X6VfGhchSBsxyLzNPEY1Y6OM1WyiThGlV1zJTCOKU4jS49/24eT/6re20m - XwdAVtoGXisK6RsR6iR6Y+THHMFSqNdwdnyuYlwmeYK+QbWEOOb0FzVNe8PzJB2w - Tg7b+HpxrNSTvf0U4I6BxQbe2Qjdyj4JIYcCCPqiR3yeY1BZkS3WG+vTnqPwgd0a - Hld2+GkB+bFEsl9rn4x3shP5QtS0ZtvXFiJh56Bp0608ibhoQVCCGf1K/MxE0gCE - 4mQeaZPLamHVEuR0rSZ7gaklT78LSHDtkWR91Ai8ulHH7QwX7MgiEd1SMiJY7zg2 - Qnka6VHgYA== - -----END CERTIFICATE----- - - notary-signer.crt: | - -----BEGIN CERTIFICATE----- - MIIDBDCCAeygAwIBAgIRAOAVbcc/AWPNSiDvJ4vV4DEwDQYJKoZIhvcNAQELBQAw - GzEZMBcGA1UEAxMQaGFyYm9yLW5vdGFyeS1jYTAeFw0xODEwMTgxMTAwMDZaFw0y - ODEwMTUxMTAwMDZaMB8xHTAbBgNVBAMTFGhhcmJvci1ub3Rhcnktc2lnbmVyMIIB - IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyacGm7wIAAf70W6F3BqHVc9 - nKtgn3jXu8muBNJYDBmotNMKN64Qi6ZCJLryWWkMlYBJkD3col9dpZl5nzS16x7u - 1PsW6xChAZEaYOpHHDnPxgpHCjnauDh6zlT5LWaM7f2p+HVb0/eCCYbSlH8jQ2uD - y8zUnE2Ff0uEUsYT6PTFsFWF9k8A6EwvIA7TfeGQks9RyZmtYGTX1rRnjimxnbf6 - ghCzqJCsNJMNK1jcKSQ2isPnWPi3aCpRXURc6uipGdbBhFpCBdL9f2oQm8m6I6O8 - 7DRwR6UsH+Dr1b1KOmGnZ4sh4+ek0joPvDwd8b4oymlynCINwMjC+ONUXHAScQID - AQABoz8wPTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG - AQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAHCgamM9Ou3L - zIY3ZIAOgB4PL+9MA4qi8tmJmVUN2i2ZEQsoz3Jby5kb31lZsXX4IZzTo8LUSPrQ - XikiHqwfSIgasmnQMd3ZtIzvW2rH7jsExHnLE0yYpQaFUFoqHpsiPlgHsQFqVy91 - ffGWgEWRBzf5zUVocGhr7IGT9E2a0ckD80/nijLyvRVXNAcvOd3qlu2S8J/HKkeW - YS2LMfidjKIkDt/8HyVQwV6Ebt8o2558Rv7qS6WxwqYS5Xaau8YLzH+UCAfdpS+S - tlhRQMtfViUboW4UY6s/oUFvB+f1Fk1HUU+zBg/anWWQAwO6+X3zY2wuDIfrgBwf - 0+eB5olU6UI= - -----END CERTIFICATE----- - - notary-signer.key: | - -----BEGIN RSA PRIVATE KEY----- - MIIEpAIBAAKCAQEAqyacGm7wIAAf70W6F3BqHVc9nKtgn3jXu8muBNJYDBmotNMK - N64Qi6ZCJLryWWkMlYBJkD3col9dpZl5nzS16x7u1PsW6xChAZEaYOpHHDnPxgpH - CjnauDh6zlT5LWaM7f2p+HVb0/eCCYbSlH8jQ2uDy8zUnE2Ff0uEUsYT6PTFsFWF - 9k8A6EwvIA7TfeGQks9RyZmtYGTX1rRnjimxnbf6ghCzqJCsNJMNK1jcKSQ2isPn - WPi3aCpRXURc6uipGdbBhFpCBdL9f2oQm8m6I6O87DRwR6UsH+Dr1b1KOmGnZ4sh - 4+ek0joPvDwd8b4oymlynCINwMjC+ONUXHAScQIDAQABAoIBAQCcF8OJTCKOXO7D - L6mwFOOCzP0xNRATgYfoCeE/HoQUzRYTjOIltAf9BW4Px7yeFPPYKb9t4S2nnShw - js/ghpdfz79s2W+mhW0CW89eEm02bfd0HA18YxV6rHA8XD1BzeS8bXwmUQqmAHdF - rwPBUU7c/2Kdbbt+rikR1tLhFywzagRF+LzTaQZ4R2II9JqbuHTeQhGNFapApPUR - WC9WytBJKQNJ9Ep+o8YZkuuANAeGYRKxAJC8lGsN8/582lh3sekSvGjHjSqGh+dq - adpr+7/V3NcBoss1CXwVKiouHeotlovOSjQdbcveAD5awXSkzrjoMRuqaTp9iZw0 - 37p6BhU9AoGBAM6ThTHXLZLqNuBt2drUI7gfCp3e+/uKYaObj+xZr5lvxFb3zyd5 - GLg2anRe3ciGQq3cP+3Fjji0wKTH+PACy7X4Q3iNm1q6E/6x5O0py5d2Y49Wrgzq - g29Kdxe3H3nKGBJnLaqkpUAaS080cZFNFDBIb2ehQwme+SppISe1Hay7AoGBANQZ - Vf9/R9ToYb/RT8w3glFTCbCrVnvdSdhSD1Djj8QjaPHBsEhyEXqUqvnLro4vMtIo - DsrzSUto/9+OVMc0jgA4t/rLdAgkw7g/U8BxskrpvbfQ+Vp8X5engLGyIJhCrcXb - xEce1lpn5la1xBFGMAsKapV+o3YVKJFtotEl6IDDAoGAGqAa98yTPC9h+VVPUgwr - umyN0sFN2yL/6LWBPGZm4rDsLoVsNts922hwGiWsEk9zwrLzrnLbHOX3OoXnyQ+j - MAYatCwUTQJU12wYZJURf6krternLhT/8dU4Ol9I+EqbBaw0z5y/C98Xu9K3nJHB - u2NqsIGxgUjzNossUdDfTUcCgYEAvm6JEj9bZUPIEAuElBz6ur3No3wSyF+lH759 - 1eibekU4wmdfOYyBOQgmguVnsm2aOaqRrZLGKhj6M+R9JeZ/4J8MQPdPFMi9mb3y - GoV6yVwYZOQSHjYxNd7E48bFETA9CbsJ/bkoSD+lRhEpG0FjfWY60ELFzQ2uQPSp - DRP2LzUCgYAU/qXXqxP8TsYo7qDXBQywILxQXOT0H6IsuTNx8h9xX3/C1WBpRBmW - pGMx9QLr2l3wxyPprmJmOKis11zQF3U8pCTKnhy1J9KTSaQXddhye3oweb/MWdGs - bbv5Ecd4bMS/chn2H0BOzHQsJNJ9fpnBPxhotI/uJ7P/ZpiFrJIkug== - -----END RSA PRIVATE KEY----- - - server-config.postgres.json: | - { - "server": { - "http_addr": ":4443" - }, - "trust_service": { - "type": "remote", - "hostname": "harbor-notary-signer", - "port": "7899", - "tls_ca_file": "./notary-signer-ca.crt", - "key_algorithm": "ecdsa" - }, - "logging": { - "level": "debug" - }, - "storage": { - "backend": "postgres", - "db_url": "postgres://postgres:spaceIN511@harbor-database:5432/notaryserver?sslmode=disable" - }, - "auth": { - "type": "token", - "options": { - "realm": "https://harbor.wodcloud.com/service/token", - "service": "harbor-notary", - "issuer": "harbor-token-issuer", - "rootcertbundle": "/root.crt" - } - } - } - signer-config.postgres.json: | - { - "server": { - "grpc_addr": ":7899", - "tls_cert_file": "./notary-signer.crt", - "tls_key_file": "./notary-signer.key" - }, - "logging": { - "level": "debug" - }, - "storage": { - "backend": "postgres", - "db_url": "postgres://postgres:spaceIN511@harbor-database:5432/notarysigner?sslmode=disable", - "default_alias": "defaultalias" - } - } - - ---- -# Source: harbor/templates/registry/registry-cm.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: "harbor-registry" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -data: - config.yml: |+ - version: 0.1 - log: - level: info - fields: - service: registry - storage: - filesystem: - rootdirectory: /var/lib/registry - cache: - layerinfo: redis - maintenance: - uploadpurging: - enabled: false - delete: - enabled: true - redis: - addr: "harbor-redis:6379" - password: - db: 0 - http: - addr: :5000 - # set via environment variable - # secret: placeholder - debug: - addr: localhost:5001 - auth: - token: - issuer: harbor-token-issuer - realm: "https://harbor.wodcloud.com/service/token" - rootcertbundle: /etc/registry/root.crt - service: harbor-registry - notifications: - endpoints: - - name: harbor - disabled: false - url: http://harbor-ui/service/notifications - timeout: 3000ms - threshold: 5 - backoff: 1s - ---- -# Source: harbor/templates/ui/ui-cm.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: "harbor-ui" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -data: - app.conf: |+ - appname = Harbor - runmode = prod - enablegzip = true - - [prod] - httpport = 8080 - ---- -# Source: harbor/templates/adminserver/adminserver-svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: "harbor-adminserver" -spec: - ports: - - port: 80 - targetPort: 8080 - selector: - release: harbor - app: harbor-adminserver ---- -# Source: harbor/templates/chartmuseum/chartmuseum-svc.yaml - -apiVersion: v1 -kind: Service -metadata: - name: "harbor-chartmuseum" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -spec: - ports: - - port: 80 - targetPort: 9999 - selector: - release: harbor - app: harbor-chartmuseum ---- -# Source: harbor/templates/clair/clair-svc.yaml - -# clair host isn't configurable yet. this creates a service -# to get it working for now. -# see https://github.com/vmware/harbor/issues/3250 -apiVersion: v1 -kind: Service -metadata: - name: "harbor-clair" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -spec: - ports: - - port: 6060 - selector: - release: harbor - app: harbor-clair - - ---- -# Source: harbor/templates/database/database-svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: "harbor-database" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -spec: - ports: - - port: 5432 - selector: - release: harbor - app: harbor-database ---- -# Source: harbor/templates/jobservice/jobservice-svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: "harbor-jobservice" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -spec: - ports: - - port: 80 - targetPort: 8080 - selector: - release: harbor - app: harbor-jobservice - ---- -# Source: harbor/templates/notary/notary-svc.yaml - -apiVersion: v1 -kind: Service -metadata: - name: harbor-notary-server - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -spec: - ports: - - port: 4443 - selector: - release: harbor - app: harbor-notary-server - ---- -apiVersion: v1 -kind: Service -metadata: - name: harbor-notary-signer - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -spec: - ports: - - port: 7899 - selector: - release: harbor - app: harbor-notary-signer - ---- -# Source: harbor/templates/redis/redis.svc.yml ---- -apiVersion: v1 -kind: Service -metadata: - name: harbor-redis - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-redis -spec: - selector: - release: harbor - app: harbor-redis - ports: - - name: redis - port: 6379 ---- -# Source: harbor/templates/registry/registry-svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: "harbor-registry" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -spec: - ports: - - port: 5000 - selector: - release: harbor - app: harbor-registry ---- -# Source: harbor/templates/ui/ui-svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: "harbor-ui" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 -spec: - ports: - - port: 80 - targetPort: 8080 - selector: - release: harbor - app: harbor-ui - ---- -# Source: harbor/templates/clair/clair-dpl.yaml - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: harbor-clair - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-clair - version: v2.0.6 -spec: - replicas: 1 - template: - metadata: - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-clair - version: v2.0.6 - spec: - containers: - - name: clair - image: registry-vpc.cn-qingdao.aliyuncs.com/wod/clair:v2.0.6 - imagePullPolicy: IfNotPresent - args: ["-insecure-tls", "-config", "/etc/clair/config.yaml"] - resources: - null - - ports: - - containerPort: 6060 - volumeMounts: - - name: clair-config - mountPath: /etc/clair/config.yaml - subPath: config.yaml - volumes: - - name: clair-config - configMap: - name: "harbor-clair" - items: - - key: config.yaml - path: config.yaml - - ---- -# Source: harbor/templates/jobservice/jobservice-dpl.yaml -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: "harbor-jobservice" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-jobservice -spec: - replicas: 1 - selector: - matchLabels: - release: harbor - app: harbor-jobservice - template: - metadata: - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-jobservice - spec: - containers: - - name: jobservice - image: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v1.6.0 - imagePullPolicy: IfNotPresent - resources: - null - - envFrom: - - secretRef: - name: "harbor-jobservice" - env: - - name: LOG_LEVEL - value: debug - - name: GODEBUG - value: netdns=cgo - ports: - - containerPort: 8080 - volumeMounts: - - name: jobservice-config - mountPath: /etc/jobservice/config.yml - subPath: config.yml - - name: job-logs - mountPath: /var/log/jobs - volumes: - - name: jobservice-config - configMap: - name: "harbor-jobservice" - - name: job-logs - emptyDir: {} - ---- -# Source: harbor/templates/notary/notary-server.yaml - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: harbor-notary-server - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-notary-server - version: dev -spec: - replicas: 1 - template: - metadata: - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-notary-server - version: dev - spec: - containers: - - name: notary-server - image: registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server-photon:dev - imagePullPolicy: IfNotPresent - resources: - null - - env: - - name: MIGRATIONS_PATH - value: migrations/server/postgresql - - name: DB_URL - value: postgres://postgres:spaceIN511@harbor-database:5432/notaryserver?sslmode=disable - volumeMounts: - - name: notary-config - mountPath: /etc/notary - - name: root-certificate - mountPath: /root.crt - subPath: tokenServiceRootCertBundle - volumes: - - name: notary-config - configMap: - name: "harbor-notary" - - name: root-certificate - secret: - secretName: "harbor-ui" - - ---- -# Source: harbor/templates/notary/notary-signer.yaml - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: harbor-notary-signer - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-notary-signer - version: dev -spec: - replicas: 1 - template: - metadata: - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-notary-signer - version: dev - spec: - containers: - - name: notary-signer - image: registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-signer-photon:dev - imagePullPolicy: IfNotPresent - resources: - null - - env: - - name: MIGRATIONS_PATH - value: migrations/signer/postgresql - - name: DB_URL - value: postgres://postgres:spaceIN511@harbor-database:5432/notarysigner?sslmode=disable - - name: NOTARY_SIGNER_DEFAULTALIAS - value: defaultalias - volumeMounts: - - name: notary-config - mountPath: /etc/notary - volumes: - - name: notary-config - configMap: - name: "harbor-notary" - - ---- -# Source: harbor/templates/redis/redis.dp.yml ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: harbor-redis - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-redis - version: 4.0.1-alpine -spec: - replicas: 1 - template: - metadata: - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-redis - version: 4.0.1-alpine - spec: - containers: - - name: redis - image: registry-vpc.cn-qingdao.aliyuncs.com/wod/redis:4.0.1-alpine - imagePullPolicy: IfNotPresent - args: ["--save","''","--appendonly","no"] - ports: - - name: redis - containerPort: 6379 ---- -# Source: harbor/templates/ui/ui-dpl.yaml -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: "harbor-ui" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-ui - version: v1.6.0 -spec: - replicas: 1 - template: - metadata: - labels: - release: harbor - app: harbor-ui - version: v1.6.0 - spec: - containers: - - name: ui - image: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui:v1.6.0 - imagePullPolicy: IfNotPresent - env: - - name: UI_SECRET - valueFrom: - secretKeyRef: - name: "harbor-ui" - key: secret - - name: JOBSERVICE_SECRET - valueFrom: - secretKeyRef: - name: "harbor-ui" - key: jobserviceSecret - - name: _REDIS_URL - value: harbor-redis:6379,100, - - name: GODEBUG - value: netdns=cgo - - name: LOG_LEVEL - value: debug - - name: CONFIG_PATH - value: /etc/ui/app.conf - - name: ENABLE_HARBOR_SCAN_ON_PUSH - value: "1" - - name: ADMINSERVER_URL - value: "http://harbor-adminserver" - - name: CHART_CACHE_DRIVER - value: "redis" - ports: - - containerPort: 8080 - volumeMounts: - - name: ui-config - mountPath: /etc/ui/app.conf - subPath: app.conf - - name: ui-secrets-key - mountPath: /etc/ui/key - subPath: key - - name: ui-secrets-private-key - mountPath: /etc/ui/private_key.pem - subPath: tokenServicePrivateKey - - name: psc - mountPath: /etc/ui/token - volumes: - - name: ui-config - configMap: - name: "harbor-ui" - - name: ui-secrets-key - secret: - secretName: "harbor-ui" - items: - - key: secretKey - path: key - - name: ui-secrets-private-key - secret: - secretName: "harbor-ui" - - name: psc - emptyDir: {} - ---- -# Source: harbor/templates/adminserver/adminserver-ss.yaml -apiVersion: apps/v1beta2 -kind: StatefulSet -metadata: - name: "harbor-adminserver" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-adminserver - version: v1.6.0 -spec: - replicas: 1 - serviceName: "harbor-adminserver" - selector: - matchLabels: - release: harbor - app: harbor-adminserver - template: - metadata: - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-adminserver - version: v1.6.0 - spec: - containers: - - name: adminserver - image: "registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver:v1.6.0" - imagePullPolicy: "IfNotPresent" - resources: - null - - envFrom: - - configMapRef: - name: "harbor-adminserver" - - secretRef: - name: "harbor-adminserver" - env: - - name: PORT - value: "8080" - - name: JSON_CFG_STORE_PATH - value: /etc/adminserver/config/config.json - - name: KEY_PATH - value: /etc/adminserver/key - ports: - - containerPort: 8080 - volumeMounts: - - name: data - mountPath: /etc/adminserver/config - - name: adminserver-key - mountPath: /etc/adminserver/key - subPath: key - volumes: - - name: adminserver-key - secret: - secretName: "harbor-adminserver" - items: - - key: secretKey - path: key - volumeClaimTemplates: - - metadata: - name: data - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: "storageos" - resources: - requests: - storage: "1Gi" ---- -# Source: harbor/templates/chartmuseum/chartmuseum-ss.yaml - -apiVersion: apps/v1beta2 -kind: StatefulSet -metadata: - name: "harbor-chartmuseum" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-chartmuseum - version: v0.7.1 -spec: - replicas: 1 - serviceName: "harbor-chartmuseum" - selector: - matchLabels: - release: harbor - app: harbor-chartmuseum - template: - metadata: - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-chartmuseum - version: v0.7.1 - spec: - containers: - - name: chartmuseum - image: registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum:v0.7.1 - imagePullPolicy: IfNotPresent - resources: - null - - envFrom: - - configMapRef: - name: "harbor-chartmuseum" - - secretRef: - name: "harbor-chartmuseum" - ports: - - containerPort: 9999 - # TODO: update it after moving the storage out of registry scope - volumeMounts: - - name: data - mountPath: /chart_storage - volumeClaimTemplates: - - metadata: - name: data - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: "storageos" - resources: - requests: - storage: "5Gi" ---- -# Source: harbor/templates/database/database-ss.yaml -apiVersion: apps/v1beta2 -kind: StatefulSet -metadata: - name: "harbor-database" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-database - version: 1.29 -spec: - replicas: 1 - serviceName: "harbor-database" - selector: - matchLabels: - release: harbor - app: harbor-database - template: - metadata: - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-database - version: 1.29 - spec: - initContainers: - - name: "remove-lost-found" - image: "registry-vpc.cn-qingdao.aliyuncs.com/wod/busybox:1.29" - command: ["rm", "-Rf", "/var/lib/postgresql/data/lost+found"] - volumeMounts: - - name: data - mountPath: /var/lib/postgresql/data - containers: - - name: database - image: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db:v1.6.0 - imagePullPolicy: IfNotPresent - resources: - null - - envFrom: - - secretRef: - name: "harbor-database" - volumeMounts: - - name: data - mountPath: /var/lib/postgresql/data - volumeClaimTemplates: - - metadata: - name: "data" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - spec: - accessModes: ["ReadWriteOnce"] - storageClassName: "storageos" - resources: - requests: - storage: "1Gi" ---- -# Source: harbor/templates/registry/registry-ss.yaml -apiVersion: apps/v1beta2 -kind: StatefulSet -metadata: - name: "harbor-registry" - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-registry - version: 2.6.2 -spec: - replicas: 1 - serviceName: "harbor-registry" - selector: - matchLabels: - release: harbor - app: harbor-registry - template: - metadata: - labels: - heritage: Tiller - release: harbor - chart: harbor-0.2.0 - app: harbor-registry - version: 2.6.2 - spec: - containers: - - name: registry - image: registry-vpc.cn-qingdao.aliyuncs.com/wod/registry:2.6.2 - imagePullPolicy: IfNotPresent - resources: - null - - args: ["serve", "/etc/registry/config.yml"] - env: - - name: REGISTRY_HTTP_SECRET - valueFrom: - secretKeyRef: - name: "harbor-registry" - key: httpSecret - ports: - - containerPort: 5000 - - containerPort: 5001 - volumeMounts: - - name: registry-data - mountPath: /var/lib/registry - - name: registry-root-certificate - mountPath: /etc/registry/root.crt - subPath: tokenServiceRootCertBundle - - name: registry-config - mountPath: /etc/registry/config.yml - subPath: config.yml - volumes: - - name: registry-root-certificate - secret: - secretName: "harbor-ui" - - name: registry-config - configMap: - name: "harbor-registry" - - name: registry-data - hostPath: - path: /etc/kubernetes/data/registry - nodeSelector: - harbor-registry: enabled - kubernetes.io/hostname: 172.31.14.41 - - ---- -# Source: harbor/templates/istio/notary.gateway.yaml - -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: harbor-notary -spec: - selector: - istio: ingressgateway # use istio default controller - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "notary-harbor.wodcloud.com" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: harbor-notary -spec: - hosts: - - "notary-harbor.wodcloud.com" - gateways: - - harbor-notary - http: - - route: - - destination: - host: harbor-notary-server - port: - number: 4443 - - ---- -# Source: harbor/templates/istio/ui.gateway.yaml - -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: harbor-ui -spec: - selector: - istio: ingressgateway # use istio default controller - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "harbor.wodcloud.com" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: harbor-ui -spec: - hosts: - - "harbor.wodcloud.com" - gateways: - - harbor-ui - http: - - route: - - destination: - host: harbor-ui - port: - number: 80 - - ---- -# Source: harbor/templates/ingress/ingress.yaml - ---- -# Source: harbor/templates/ingress/secret.yaml - - - -- 2.26.0