Skip to content

H
harbor
Commit a78f0494 authored by 舒成's avatar 舒成
Browse files
Options

add files

parents
Pipeline #3 failed with stages
      Hide whitespace changes
      Inline Side-by-side
      Showing with 2250 additions and 0 deletions
      .drone.yml 0 → 100644
      View file @ a78f0494
      clone:
      git:
      image: registry-vpc.cn-qingdao.aliyuncs.com/wod/drone-plugin-git:1.4.0
      pipeline:
      docker:
      image: harbor.wodcloud.com/devops/drone-plugin-docker:1.0
      volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      base: registry-vpc.cn-qingdao.aliyuncs.com/wod-k8s/data:1.0.0
      repo: wod/harbor-chart
      registry: registry-vpc.cn-qingdao.aliyuncs.com
      secrets:
      - source: REGISTRY_USER_ALIYUN
      target: REGISTRY_USER
      - source: REGISTRY_PASSWORD_ALIYUN
      target: REGISTRY_PASSWORD
      branches: [master]
      \ No newline at end of file
      .gitignore 0 → 100644
      View file @ a78f0494
      charts/*
      requirements.lock
      \ No newline at end of file
      CONTRIBUTING.md 0 → 100644
      View file @ a78f0494
      # Contributing to Helm Chart for Harbor
      Please follow [Harbor contributing guide](https://github.com/vmware/harbor/blob/master/CONTRIBUTING.md) to learn how to make code contribution.
      # Contributers
      Thanks very much to all contributers who submitted pull requests to Helm Chart for Harbor.
      - [Paul Czarkowski @paulczar](https://github.com/paulczar)
      - [Luca Innocenti Mirri @lucaim](https://github.com/lucaim)
      - [Steven Arnott @ArcticSnowman](https://github.com/ArcticSnowman)
      - [Alex M @draeron](https://github.com/draeron)
      - [SangJun Yun](https://github.com/YunSangJun)
      Chart.yaml 0 → 100644
      View file @ a78f0494
      name: harbor
      version: 0.2.0
      appVersion: 1.5.0
      description: An Enterprise-class Docker Registry by VMware
      keywords:
      - vmware
      - docker
      - registry
      - harbor
      home: https://github.com/vmware/harbor
      icon: https://raw.githubusercontent.com/vmware/harbor/master/docs/img/harbor_logo.png
      sources:
      - https://github.com/vmware/harbor/tree/master/contrib/helm/harbor
      maintainers:
      - name: Jesse Hu
      email: huh@vmware.com
      - name: paulczar
      email: username.taken@gmail.com
      engine: gotpl
      LICENSE 0 → 100644
      View file @ a78f0494
      Apache License
      Version 2.0, January 2004
      http://www.apache.org/licenses/
      TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
      1. Definitions.
      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.
      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.
      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common
      control with that entity. For the purposes of this definition,
      "control" means (i) the power, direct or indirect, to cause the
      direction or management of such entity, whether by contract or
      otherwise, or (ii) ownership of fifty percent (50%) or more of the
      outstanding shares, or (iii) beneficial ownership of such entity.
      "You" (or "Your") shall mean an individual or Legal Entity
      exercising permissions granted by this License.
      "Source" form shall mean the preferred form for making modifications,
      including but not limited to software source code, documentation
      source, and configuration files.
      "Object" form shall mean any form resulting from mechanical
      transformation or translation of a Source form, including but
      not limited to compiled object code, generated documentation,
      and conversions to other media types.
      "Work" shall mean the work of authorship, whether in Source or
      Object form, made available under the License, as indicated by a
      copyright notice that is included in or attached to the work
      (an example is provided in the Appendix below).
      "Derivative Works" shall mean any work, whether in Source or Object
      form, that is based on (or derived from) the Work and for which the
      editorial revisions, annotations, elaborations, or other modifications
      represent, as a whole, an original work of authorship. For the purposes
      of this License, Derivative Works shall not include works that remain
      separable from, or merely link (or bind by name) to the interfaces of,
      the Work and Derivative Works thereof.
      "Contribution" shall mean any work of authorship, including
      the original version of the Work and any modifications or additions
      to that Work or Derivative Works thereof, that is intentionally
      submitted to Licensor for inclusion in the Work by the copyright owner
      or by an individual or Legal Entity authorized to submit on behalf of
      the copyright owner. For the purposes of this definition, "submitted"
      means any form of electronic, verbal, or written communication sent
      to the Licensor or its representatives, including but not limited to
      communication on electronic mailing lists, source code control systems,
      and issue tracking systems that are managed by, or on behalf of, the
      Licensor for the purpose of discussing and improving the Work, but
      excluding communication that is conspicuously marked or otherwise
      designated in writing by the copyright owner as "Not a Contribution."
      "Contributor" shall mean Licensor and any individual or Legal Entity
      on behalf of whom a Contribution has been received by Licensor and
      subsequently incorporated within the Work.
      2. Grant of Copyright License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      copyright license to reproduce, prepare Derivative Works of,
      publicly display, publicly perform, sublicense, and distribute the
      Work and such Derivative Works in Source or Object form.
      3. Grant of Patent License. Subject to the terms and conditions of
      this License, each Contributor hereby grants to You a perpetual,
      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
      (except as stated in this section) patent license to make, have made,
      use, offer to sell, sell, import, and otherwise transfer the Work,
      where such license applies only to those patent claims licensable
      by such Contributor that are necessarily infringed by their
      Contribution(s) alone or by combination of their Contribution(s)
      with the Work to which such Contribution(s) was submitted. If You
      institute patent litigation against any entity (including a
      cross-claim or counterclaim in a lawsuit) alleging that the Work
      or a Contribution incorporated within the Work constitutes direct
      or contributory patent infringement, then any patent licenses
      granted to You under this License for that Work shall terminate
      as of the date such litigation is filed.
      4. Redistribution. You may reproduce and distribute copies of the
      Work or Derivative Works thereof in any medium, with or without
      modifications, and in Source or Object form, provided that You
      meet the following conditions:
      (a) You must give any other recipients of the Work or
      Derivative Works a copy of this License; and
      (b) You must cause any modified files to carry prominent notices
      stating that You changed the files; and
      (c) You must retain, in the Source form of any Derivative Works
      that You distribute, all copyright, patent, trademark, and
      attribution notices from the Source form of the Work,
      excluding those notices that do not pertain to any part of
      the Derivative Works; and
      (d) If the Work includes a "NOTICE" text file as part of its
      distribution, then any Derivative Works that You distribute must
      include a readable copy of the attribution notices contained
      within such NOTICE file, excluding those notices that do not
      pertain to any part of the Derivative Works, in at least one
      of the following places: within a NOTICE text file distributed
      as part of the Derivative Works; within the Source form or
      documentation, if provided along with the Derivative Works; or,
      within a display generated by the Derivative Works, if and
      wherever such third-party notices normally appear. The contents
      of the NOTICE file are for informational purposes only and
      do not modify the License. You may add Your own attribution
      notices within Derivative Works that You distribute, alongside
      or as an addendum to the NOTICE text from the Work, provided
      that such additional attribution notices cannot be construed
      as modifying the License.
      You may add Your own copyright statement to Your modifications and
      may provide additional or different license terms and conditions
      for use, reproduction, or distribution of Your modifications, or
      for any such Derivative Works as a whole, provided Your use,
      reproduction, and distribution of the Work otherwise complies with
      the conditions stated in this License.
      5. Submission of Contributions. Unless You explicitly state otherwise,
      any Contribution intentionally submitted for inclusion in the Work
      by You to the Licensor shall be under the terms and conditions of
      this License, without any additional terms or conditions.
      Notwithstanding the above, nothing herein shall supersede or modify
      the terms of any separate license agreement you may have executed
      with Licensor regarding such Contributions.
      6. Trademarks. This License does not grant permission to use the trade
      names, trademarks, service marks, or product names of the Licensor,
      except as required for reasonable and customary use in describing the
      origin of the Work and reproducing the content of the NOTICE file.
      7. Disclaimer of Warranty. Unless required by applicable law or
      agreed to in writing, Licensor provides the Work (and each
      Contributor provides its Contributions) on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
      implied, including, without limitation, any warranties or conditions
      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
      PARTICULAR PURPOSE. You are solely responsible for determining the
      appropriateness of using or redistributing the Work and assume any
      risks associated with Your exercise of permissions under this License.
      8. Limitation of Liability. In no event and under no legal theory,
      whether in tort (including negligence), contract, or otherwise,
      unless required by applicable law (such as deliberate and grossly
      negligent acts) or agreed to in writing, shall any Contributor be
      liable to You for damages, including any direct, indirect, special,
      incidental, or consequential damages of any character arising as a
      result of this License or out of the use or inability to use the
      Work (including but not limited to damages for loss of goodwill,
      work stoppage, computer failure or malfunction, or any and all
      other commercial damages or losses), even if such Contributor
      has been advised of the possibility of such damages.
      9. Accepting Warranty or Additional Liability. While redistributing
      the Work or Derivative Works thereof, You may choose to offer,
      and charge a fee for, acceptance of support, warranty, indemnity,
      or other liability obligations and/or rights consistent with this
      License. However, in accepting such obligations, You may act only
      on Your own behalf and on Your sole responsibility, not on behalf
      of any other Contributor, and only if You agree to indemnify,
      defend, and hold each Contributor harmless for any liability
      incurred by, or claims asserted against, such Contributor by reason
      of your accepting any such warranty or additional liability.
      END OF TERMS AND CONDITIONS
      APPENDIX: How to apply the Apache License to your work.
      To apply the Apache License to your work, attach the following
      boilerplate notice, with the fields enclosed by brackets "[]"
      replaced with your own identifying information. (Don't include
      the brackets!) The text should be enclosed in the appropriate
      comment syntax for the file format. We also recommend that a
      file or class name and description of purpose be included on the
      same "printed page" as the copyright notice for easier
      identification within third-party archives.
      Copyright [yyyy] [name of copyright owner]
      Licensed under the Apache License, Version 2.0 (the "License");
      you may not use this file except in compliance with the License.
      You may obtain a copy of the License at
      http://www.apache.org/licenses/LICENSE-2.0
      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.
      build/dockerfile 0 → 100644
      View file @ a78f0494
      FROM {{ BASEIMAGE }}
      MAINTAINER mengkzhaoyun <mengkzhaoyun@gmail.com>
      ADD . /data/input
      \ No newline at end of file
      package.json 0 → 100644
      View file @ a78f0494
      {
      "name": "harbor-chart",
      "version": "v1.6.0"
      }
      \ No newline at end of file
      readme.md 0 → 100644
      View file @ a78f0494
      # images
      ```bash
      docker pull goharbor/harbor-ui:dev && \
      docker tag goharbor/harbor-ui:dev registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui:dev && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui:dev
      docker pull goharbor/harbor-adminserver:dev && \
      docker tag goharbor/harbor-adminserver:dev registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver:dev && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver:dev
      docker pull goharbor/harbor-jobservice:dev && \
      docker tag goharbor/harbor-jobservice:dev registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:dev && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:dev
      docker pull goharbor/harbor-db:dev && \
      docker tag goharbor/harbor-db:dev registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db:dev && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db:dev
      docker pull goharbor/registry-photon:dev && \
      docker tag goharbor/registry-photon:dev registry-vpc.cn-qingdao.aliyuncs.com/wod/registry-photon:dev && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/registry-photon:dev
      docker pull goharbor/chartmuseum-photon:dev && \
      docker tag goharbor/chartmuseum-photon:dev registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum-photon:dev && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum-photon:dev
      docker pull goharbor/clair-photon:dev && \
      docker tag goharbor/clair-photon:dev registry-vpc.cn-qingdao.aliyuncs.com/wod/clair-photon:dev && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/clair-photon:dev
      docker pull goharbor/notary-server-photon:dev && \
      docker tag goharbor/notary-server-photon:dev registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server-photon:dev && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server-photon:dev
      docker pull registry:2.6.2 && \
      docker tag registry:2.6.2 registry-vpc.cn-qingdao.aliyuncs.com/wod/registry:2.6.2 && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/registry:2.6.2
      docker pull nginx:1.15.2-alpine && \
      docker tag nginx:1.15.2-alpine registry-vpc.cn-qingdao.aliyuncs.com/wod/nginx:1.15.2-alpine && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/nginx:1.15.2-alpine
      docker pull redis:4.0.1-alpine && \
      docker tag redis:4.0.1-alpine registry-vpc.cn-qingdao.aliyuncs.com/wod/redis:4.0.1-alpine && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/redis:4.0.1-alpine
      ```
      # setup
      ```powershell
      # 1.template
      cd /etc/kubernetes/helm/harbor && helm template . --name harbor --namespace devops > ./dist/harbor.yaml
      # 2.helm install
      helm install /etc/kubernetes/helm/harbor \
      --name harbor \
      --namespace devops \
      --set harborAdminPassword=spaceIN511 \
      --set nodeSelector.kubernetes\.io/hostname=172.31.14.41 \
      --set externalDomain=harbor.wodcloud.com
      ```
      # images
      ```bash
      docker pull goharbor/harbor-ui:v1.6.0 && \
      docker tag goharbor/harbor-ui:v1.6.0 registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui:v1.6.0 && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui:v1.6.0
      docker pull goharbor/harbor-adminserver:v1.6.0 && \
      docker tag goharbor/harbor-adminserver:v1.6.0 registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver:v1.6.0 && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver:v1.6.0
      docker pull goharbor/harbor-jobservice:v1.6.0 && \
      docker tag goharbor/harbor-jobservice:v1.6.0 registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v1.6.0 && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v1.6.0
      docker pull goharbor/harbor-db:v1.6.0 && \
      docker tag goharbor/harbor-db:v1.6.0 registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db:v1.6.0 && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db:v1.6.0
      docker pull chartmuseum/chartmuseum:v0.7.1 && \
      docker tag chartmuseum/chartmuseum:v0.7.1 registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum:v0.7.1 && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum:v0.7.1
      docker pull quay.io/coreos/clair:v2.0.6 && \
      docker tag quay.io/coreos/clair:v2.0.6 registry-vpc.cn-qingdao.aliyuncs.com/wod/clair:v2.0.6 && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/clair:v2.0.6
      docker pull notary:server-0.5.0 && \
      docker tag notary:server-0.5.0 registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server:0.5.0 && \
      docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server:0.5.0
      ```
      \ No newline at end of file
      templates/NOTES.txt 0 → 100644
      View file @ a78f0494
      Please wait for several minutes for Harbor deployment to complete.
      Then you should be able to visit the UI portal at {{ template "harbor.externalURL" . }}.
      For more details, please visit https://github.com/vmware/harbor.
      \ No newline at end of file
      templates/_helpers.tpl 0 → 100644
      View file @ a78f0494
      {{/* vim: set filetype=mustache: */}}
      {{/*
      Expand the name of the chart.
      We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
      */}}
      {{- define "harbor.name" -}}
      {{- default "harbor" .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
      {{- end -}}
      {{/*
      Create a default fully qualified app name.
      We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
      */}}
      {{- define "harbor.fullname" -}}
      {{- $name := default "harbor" .Values.nameOverride -}}
      {{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}}
      {{- end -}}
      {{/* Helm required labels */}}
      {{- define "harbor.labels" -}}
      heritage: {{ .Release.Service }}
      release: {{ .Release.Name }}
      chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
      app: "{{ template "harbor.name" . }}"
      {{- end -}}
      {{/* matchLabels */}}
      {{- define "harbor.matchLabels" -}}
      release: {{ .Release.Name }}
      app: "{{ template "harbor.name" . }}"
      {{- end -}}
      {{- define "harbor.externalURL" -}}
      {{- if .Values.externalPort -}}
      {{- printf "%s://%s:%s" .Values.externalProtocol .Values.externalDomain (toString .Values.externalPort) -}}
      {{- else -}}
      {{- printf "%s://%s" .Values.externalProtocol .Values.externalDomain -}}
      {{- end -}}
      {{- end -}}
      {{/*
      Use *.domain.com as the Common Name in the certificate,
      so it can match Harbor service FQDN and Notary service FQDN.
      */}}
      {{- define "harbor.certCommonName" -}}
      {{- $list := splitList "." .Values.externalDomain -}}
      {{- $list := prepend (rest $list) "*" -}}
      {{- $cn := join "." $list -}}
      {{- printf "%s" $cn -}}
      {{- end -}}
      {{/* The external FQDN of Notary server. */}}
      {{- define "harbor.notaryFQDN" -}}
      {{- printf "notary-%s" .Values.externalDomain -}}
      {{- end -}}
      {{- define "harbor.notaryServiceName" -}}
      {{- printf "%s-notary-server" (include "harbor.fullname" .) -}}
      {{- end -}}
      {{- define "harbor.database.host" -}}
      {{- if eq .Values.database.type "internal" -}}
      {{- template "harbor.fullname" . }}-database
      {{- else -}}
      {{- .Values.database.external.host -}}
      {{- end -}}
      {{- end -}}
      {{- define "harbor.database.port" -}}
      {{- if eq .Values.database.type "internal" -}}
      {{- printf "%s" "5432" -}}
      {{- else -}}
      {{- .Values.database.external.port -}}
      {{- end -}}
      {{- end -}}
      {{- define "harbor.database.username" -}}
      {{- if eq .Values.database.type "internal" -}}
      {{- printf "%s" "postgres" -}}
      {{- else -}}
      {{- .Values.database.external.username -}}
      {{- end -}}
      {{- end -}}
      {{- define "harbor.database.password" -}}
      {{- if eq .Values.database.type "internal" -}}
      {{- .Values.database.internal.password | b64enc | quote -}}
      {{- else -}}
      {{- .Values.database.external.password | b64enc | quote -}}
      {{- end -}}
      {{- end -}}
      {{- define "harbor.database.rawPassword" -}}
      {{- if eq .Values.database.type "internal" -}}
      {{- .Values.database.internal.password -}}
      {{- else -}}
      {{- .Values.database.external.password -}}
      {{- end -}}
      {{- end -}}
      {{- define "harbor.database.coreDatabase" -}}
      {{- if eq .Values.database.type "internal" -}}
      {{- printf "%s" "registry" -}}
      {{- else -}}
      {{- .Values.database.external.coreDatabase -}}
      {{- end -}}
      {{- end -}}
      {{- define "harbor.database.clairDatabase" -}}
      {{- if eq .Values.database.type "internal" -}}
      {{- printf "%s" "postgres" -}}
      {{- else -}}
      {{- .Values.database.external.clairDatabase -}}
      {{- end -}}
      {{- end -}}
      {{- define "harbor.database.notaryServerDatabase" -}}
      {{- if eq .Values.database.type "internal" -}}
      {{- printf "%s" "notaryserver" -}}
      {{- else -}}
      {{- .Values.database.external.notaryServerDatabase -}}
      {{- end -}}
      {{- end -}}
      {{- define "harbor.database.notarySignerDatabase" -}}
      {{- if eq .Values.database.type "internal" -}}
      {{- printf "%s" "notarysigner" -}}
      {{- else -}}
      {{- .Values.database.external.notarySignerDatabase -}}
      {{- end -}}
      {{- end -}}
      {{- define "harbor.database.clair" -}}
      postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.clairDatabase" . }}?sslmode=disable
      {{- end -}}
      {{- define "harbor.database.notaryServer" -}}
      postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notaryServerDatabase" . }}?sslmode=disable
      {{- end -}}
      {{- define "harbor.database.notarySigner" -}}
      postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notarySignerDatabase" . }}?sslmode=disable
      {{- end -}}
      {{- define "harbor.redis.host" -}}
      {{- if .Values.redis.external.enabled -}}
      {{- .Values.redis.external.host -}}
      {{- else -}}
      {{- .Release.Name }}-redis
      {{- end -}}
      {{- end -}}
      {{- define "harbor.redis.port" -}}
      {{- if .Values.redis.external.enabled -}}
      {{- .Values.redis.external.port -}}
      {{- else -}}
      6379
      {{- end -}}
      {{- end -}}
      {{- define "harbor.redis.databaseIndex" -}}
      {{- if .Values.redis.external.enabled -}}
      {{- .Values.redis.external.databaseIndex -}}
      {{- else -}}
      {{- printf "%s" "0" }}
      {{- end -}}
      {{- end -}}
      {{- define "harbor.redis.password" -}}
      {{- if and .Values.redis.external.enabled .Values.redis.external.usePassword -}}
      {{- .Values.redis.external.password -}}
      {{- else if and (not .Values.redis.external.enabled) .Values.redis.usePassword -}}
      {{- .Values.redis.password -}}
      {{- end -}}
      {{- end -}}
      {{/*the username redis is used for a placeholder as no username needed in redis*/}}
      {{- define "harbor.redisForJobservice" -}}
      {{- if and .Values.redis.external.enabled .Values.redis.external.usePassword -}}
      redis:{{ template "harbor.redis.password" . }}@{{ template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}/{{ template "harbor.redis.databaseIndex" }}
      {{- else if and (not .Values.redis.external.enabled) .Values.redis.usePassword -}}
      redis:{{ template "harbor.redis.password" . }}@{{ template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}/{{ template "harbor.redis.databaseIndex" }}
      {{- else }}
      {{- template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}/{{ template "harbor.redis.databaseIndex" }}
      {{- end -}}
      {{- end -}}
      {{/*
      host:port,pool_size,password
      100 is the default value of pool size
      */}}
      {{- define "harbor.redisForUI" -}}
      {{- template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }},100,{{ template "harbor.redis.password" . }}
      {{- end -}}
      templates/adminserver/adminserver-cm.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: ConfigMap
      metadata:
      name: "{{ template "harbor.fullname" . }}-adminserver"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: adminserver
      data:
      POSTGRESQL_HOST: "{{ template "harbor.database.host" . }}"
      POSTGRESQL_PORT: "{{ template "harbor.database.port" . }}"
      POSTGRESQL_USERNAME: "{{ template "harbor.database.username" . }}"
      POSTGRESQL_DATABASE: "{{ template "harbor.database.coreDatabase" . }}"
      EMAIL_HOST: "{{ .Values.email.host }}"
      EMAIL_PORT: "{{ .Values.email.port }}"
      EMAIL_USR: "{{ .Values.email.username }}"
      EMAIL_SSL: "{{ .Values.email.ssl }}"
      EMAIL_FROM: "{{ .Values.email.from }}"
      EMAIL_IDENTITY: "{{ .Values.email.identity }}"
      EMAIL_INSECURE: "{{ .Values.email.insecure }}"
      EXT_ENDPOINT: "{{ template "harbor.externalURL" . }}"
      UI_URL: "http://{{ template "harbor.fullname" . }}-ui"
      JOBSERVICE_URL: "http://{{ template "harbor.fullname" . }}-jobservice"
      REGISTRY_URL: "http://{{ template "harbor.fullname" . }}-registry:5000"
      TOKEN_SERVICE_URL: "http://{{ template "harbor.fullname" . }}-ui/service/token"
      WITH_NOTARY: "{{ .Values.notary.enabled }}"
      NOTARY_URL: "http://{{ template "harbor.notaryServiceName" . }}:4443"
      LOG_LEVEL: "info"
      IMAGE_STORE_PATH: "/" # This is a temporary hack.
      AUTH_MODE: "{{ .Values.authenticationMode }}"
      SELF_REGISTRATION: "{{ .Values.selfRegistration }}"
      LDAP_URL: "{{ .Values.ldap.url }}"
      LDAP_SEARCH_DN: "{{ .Values.ldap.searchDN }}"
      LDAP_BASE_DN: "{{ .Values.ldap.baseDN }}"
      LDAP_FILTER: "{{ .Values.ldap.filter }}"
      LDAP_UID: "{{ .Values.ldap.uid }}"
      LDAP_SCOPE: "{{ .Values.ldap.scope }}"
      LDAP_TIMEOUT: "{{ .Values.ldap.timeout }}"
      LDAP_VERIFY_CERT: "{{ .Values.ldap.verifyCert }}"
      DATABASE_TYPE: "postgresql"
      PROJECT_CREATION_RESTRICTION: "everyone"
      VERIFY_REMOTE_CERT: "off"
      MAX_JOB_WORKERS: "3"
      TOKEN_EXPIRATION: "30"
      CFG_EXPIRATION: "5"
      GODEBUG: "netdns=cgo"
      ADMIRAL_URL: "NA"
      RESET: "false"
      WITH_CLAIR: "{{ .Values.clair.enabled }}"
      CLAIR_DB_HOST: "{{ template "harbor.database.host" . }}"
      CLAIR_DB_PORT: "{{ template "harbor.database.port" . }}"
      CLAIR_DB_USERNAME: "{{ template "harbor.database.username" . }}"
      CLAIR_DB: "{{ template "harbor.database.clairDatabase" . }}"
      CLAIR_URL: "http://{{ template "harbor.fullname" . }}-clair:6060"
      UAA_ENDPOINT: ""
      UAA_CLIENTID: ""
      UAA_CLIENTSECRET: ""
      UAA_VERIFY_CERT: "True"
      REGISTRY_STORAGE_PROVIDER_NAME: "{{ .Values.registry.storage.type }}"
      WITH_CHARTMUSEUM: "{{ .Values.chartmuseum.enabled }}"
      CHART_REPOSITORY_URL: "http://{{ template "harbor.fullname" . }}-chartmuseum"
      \ No newline at end of file
      templates/adminserver/adminserver-secrets.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: Secret
      metadata:
      name: "{{ template "harbor.fullname" . }}-adminserver"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: adminserver
      type: Opaque
      data:
      secretKey: {{ .Values.secretKey | b64enc | quote }}
      EMAIL_PWD: {{ .Values.email.password | b64enc | quote }}
      HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
      POSTGRESQL_PASSWORD: {{ template "harbor.database.password" . }}
      JOBSERVICE_SECRET: {{ .Values.jobservice.secret | b64enc | quote }}
      UI_SECRET: {{ .Values.ui.secret | b64enc | quote }}
      {{- if eq .Values.authenticationMode "ldap_auth" }}
      LDAP_SEARCH_PWD: {{ .Values.ldap.searchPassword | b64enc | quote }}
      {{- end }}
      {{ if .Values.clair.enabled }}
      CLAIR_DB_PASSWORD: {{ template "harbor.database.password" . }}
      {{ end }}
      templates/adminserver/adminserver-ss.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: apps/v1beta2
      kind: StatefulSet
      metadata:
      name: "{{ template "harbor.fullname" . }}-adminserver"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: adminserver
      spec:
      replicas: 1
      serviceName: "{{ template "harbor.fullname" . }}-adminserver"
      selector:
      matchLabels:
      {{ include "harbor.matchLabels" . | indent 6 }}
      component: adminserver
      template:
      metadata:
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      component: adminserver
      spec:
      containers:
      - name: adminserver
      image: "{{ .Values.adminserver.image.repository }}:{{ .Values.adminserver.image.tag }}"
      imagePullPolicy: "{{ .Values.adminserver.image.pullPolicy }}"
      resources:
      {{ toYaml .Values.adminserver.resources | indent 10 }}
      envFrom:
      - configMapRef:
      name: "{{ template "harbor.fullname" . }}-adminserver"
      - secretRef:
      name: "{{ template "harbor.fullname" . }}-adminserver"
      env:
      - name: PORT
      value: "8080"
      - name: JSON_CFG_STORE_PATH
      value: /etc/adminserver/config/config.json
      - name: KEY_PATH
      value: /etc/adminserver/key
      ports:
      - containerPort: 8080
      volumeMounts:
      - name: data
      mountPath: /etc/adminserver/config
      - name: adminserver-key
      mountPath: /etc/adminserver/key
      subPath: key
      volumes:
      {{- if not .Values.persistence.enabled }}
      - name: data
      emptyDir: {}
      {{- end }}
      - name: adminserver-key
      secret:
      secretName: "{{ template "harbor.fullname" . }}-adminserver"
      items:
      - key: secretKey
      path: key
      {{- with .Values.adminserver.nodeSelector }}
      nodeSelector:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.adminserver.affinity }}
      affinity:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.adminserver.tolerations }}
      tolerations:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- if .Values.persistence.enabled }}
      volumeClaimTemplates:
      - metadata:
      name: data
      spec:
      accessModes: [{{ .Values.adminserver.volumes.config.accessMode | quote }}]
      {{- if .Values.adminserver.volumes.config.storageClass }}
      {{- if (eq "-" .Values.adminserver.volumes.config.storageClass) }}
      storageClassName: ""
      {{- else }}
      storageClassName: "{{ .Values.adminserver.volumes.config.storageClass }}"
      {{- end }}
      {{- end }}
      resources:
      requests:
      storage: {{ .Values.adminserver.volumes.config.size | quote }}
      {{- end -}}
      templates/adminserver/adminserver-svc.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: Service
      metadata:
      name: "{{ template "harbor.fullname" . }}-adminserver"
      spec:
      ports:
      - port: 80
      targetPort: 8080
      selector:
      {{ include "harbor.matchLabels" . | indent 4 }}
      component: adminserver
      \ No newline at end of file
      templates/chartmuseum/chartmuseum-cm.yaml 0 → 100644
      View file @ a78f0494
      {{- if .Values.chartmuseum.enabled }}
      apiVersion: v1
      kind: ConfigMap
      metadata:
      name: "{{ template "harbor.fullname" . }}-chartmuseum"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      data:
      PORT: "9999"
      CACHE: "redis"
      CACHE_REDIS_ADDR: "{{ template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}"
      CACHE_REDIS_DB: "{{ template "harbor.redis.databaseIndex" }}"
      BASIC_AUTH_USER: "chart_controller"
      DEPTH: "1"
      STORAGE: "local"
      STORAGE_LOCAL_ROOTDIR: "/chart_storage"
      DEBUG: "false"
      LOG_JSON: "true"
      DISABLE_METRICS: "false"
      DISABLE_API: "false"
      DISABLE_STATEFILES: "false"
      ALLOW_OVERWRITE: "true"
      CHART_URL: ""
      AUTH_ANONYMOUS_GET: "false"
      TLS_CERT: ""
      TLS_KEY: ""
      CONTEXT_PATH: ""
      INDEX_LIMIT: "0"
      MAX_STORAGE_OBJECTS: "0"
      MAX_UPLOAD_SIZE: "20971520"
      CHART_POST_FORM_FIELD_NAME: "chart"
      PROV_POST_FORM_FIELD_NAME: "prov"
      {{- end }}
      \ No newline at end of file
      templates/chartmuseum/chartmuseum-secret.yaml 0 → 100644
      View file @ a78f0494
      {{- if .Values.chartmuseum.enabled }}
      apiVersion: v1
      kind: Secret
      metadata:
      name: "{{ template "harbor.fullname" . }}-chartmuseum"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      type: Opaque
      data:
      CACHE_REDIS_PASSWORD: "{{ template "harbor.redis.password" }}"
      BASIC_AUTH_PASS: {{ .Values.ui.secret | b64enc | quote }}
      {{- end }}
      \ No newline at end of file
      templates/chartmuseum/chartmuseum-ss.yaml 0 → 100644
      View file @ a78f0494
      {{- if .Values.chartmuseum.enabled }}
      apiVersion: apps/v1beta2
      kind: StatefulSet
      metadata:
      name: "{{ template "harbor.fullname" . }}-chartmuseum"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: chartmuseum
      spec:
      replicas: 1
      serviceName: "{{ template "harbor.fullname" . }}-chartmuseum"
      selector:
      matchLabels:
      {{ include "harbor.matchLabels" . | indent 6 }}
      component: chartmuseum
      template:
      metadata:
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      component: chartmuseum
      spec:
      containers:
      - name: chartmuseum
      image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
      imagePullPolicy: {{ .Values.chartmuseum.image.pullPolicy }}
      resources:
      {{ toYaml .Values.chartmuseum.resources | indent 10 }}
      envFrom:
      - configMapRef:
      name: "{{ template "harbor.fullname" . }}-chartmuseum"
      - secretRef:
      name: "{{ template "harbor.fullname" . }}-chartmuseum"
      ports:
      - containerPort: 9999
      # TODO: update it after moving the storage out of registry scope
      {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }}
      volumeMounts:
      - name: data
      mountPath: /chart_storage
      {{- end }}
      {{- with .Values.chartmuseum.nodeSelector }}
      nodeSelector:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.chartmuseum.affinity }}
      affinity:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.chartmuseum.tolerations }}
      tolerations:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }}
      volumeClaimTemplates:
      - metadata:
      name: data
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      spec:
      accessModes: [{{ .Values.chartmuseum.volumes.data.accessMode | quote }}]
      {{- if .Values.chartmuseum.volumes.data.storageClass }}
      {{- if (eq "-" .Values.chartmuseum.volumes.data.storageClass) }}
      storageClassName: ""
      {{- else }}
      storageClassName: "{{ .Values.chartmuseum.volumes.data.storageClass }}"
      {{- end }}
      {{- end }}
      resources:
      requests:
      storage: {{ .Values.chartmuseum.volumes.data.size | quote }}
      {{- end -}}
      {{- end }}
      \ No newline at end of file
      templates/chartmuseum/chartmuseum-svc.yaml 0 → 100644
      View file @ a78f0494
      {{- if .Values.chartmuseum.enabled }}
      apiVersion: v1
      kind: Service
      metadata:
      name: "{{ template "harbor.fullname" . }}-chartmuseum"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      spec:
      ports:
      - port: 80
      targetPort: 9999
      selector:
      {{ include "harbor.matchLabels" . | indent 4 }}
      component: chartmuseum
      {{- end }}
      \ No newline at end of file
      templates/clair/clair-cm.yaml 0 → 100644
      View file @ a78f0494
      {{ if .Values.clair.enabled }}
      apiVersion: v1
      kind: ConfigMap
      metadata:
      name: {{ template "harbor.fullname" . }}-clair
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: clair
      data:
      config.yaml: |
      clair:
      database:
      type: pgsql
      options:
      source: "{{ template "harbor.database.clair" . }}"
      # Number of elements kept in the cache
      # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
      cachesize: 16384
      api:
      # API server port
      port: 6060
      healthport: 6061
      # Deadline before an API request will respond with a 503
      timeout: 300s
      updater:
      interval: 12h
      notifier:
      attempts: 3
      renotifyinterval: 2h
      http:
      endpoint: "http://{{ template "harbor.fullname" . }}-ui/service/notifications/clair"
      {{ end }}
      templates/clair/clair-dpl.yaml 0 → 100644
      View file @ a78f0494
      {{ if .Values.clair.enabled }}
      apiVersion: extensions/v1beta1
      kind: Deployment
      metadata:
      name: {{ template "harbor.fullname" . }}-clair
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: clair
      spec:
      replicas: 1
      selector:
      matchLabels:
      {{ include "harbor.matchLabels" . | indent 6 }}
      component: clair
      template:
      metadata:
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      component: clair
      spec:
      containers:
      - name: clair
      image: {{ .Values.clair.image.repository }}:{{ .Values.clair.image.tag }}
      imagePullPolicy: {{ .Values.clair.image.pullPolicy }}
      args: ["-insecure-tls", "-config", "/etc/clair/config.yaml"]
      resources:
      {{ toYaml .Values.clair.resources | indent 10 }}
      ports:
      - containerPort: 6060
      volumeMounts:
      - name: clair-config
      mountPath: /etc/clair/config.yaml
      subPath: config.yaml
      volumes:
      - name: clair-config
      configMap:
      name: "{{ template "harbor.fullname" . }}-clair"
      items:
      - key: config.yaml
      path: config.yaml
      {{- with .Values.clair.nodeSelector }}
      nodeSelector:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.clair.affinity }}
      affinity:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.clair.tolerations }}
      tolerations:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{ end }}
      templates/clair/clair-svc.yaml 0 → 100644
      View file @ a78f0494
      {{ if .Values.clair.enabled }}
      # clair host isn't configurable yet. this creates a service
      # to get it working for now.
      # see https://github.com/vmware/harbor/issues/3250
      apiVersion: v1
      kind: Service
      metadata:
      name: "{{ template "harbor.fullname" . }}-clair"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      spec:
      ports:
      - port: 6060
      selector:
      {{ include "harbor.matchLabels" . | indent 4 }}
      component: clair
      {{ end }}
      templates/database/database-secret.yaml 0 → 100644
      View file @ a78f0494
      {{- if eq .Values.database.type "internal" -}}
      apiVersion: v1
      kind: Secret
      metadata:
      name: "{{ template "harbor.fullname" . }}-database"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      type: Opaque
      data:
      POSTGRES_PASSWORD: {{ template "harbor.database.password" . }}
      {{- end -}}
      templates/database/database-ss.yaml 0 → 100644
      View file @ a78f0494
      {{- if eq .Values.database.type "internal" -}}
      apiVersion: apps/v1beta2
      kind: StatefulSet
      metadata:
      name: "{{ template "harbor.fullname" . }}-database"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: database
      spec:
      replicas: 1
      serviceName: "{{ template "harbor.fullname" . }}-database"
      selector:
      matchLabels:
      {{ include "harbor.matchLabels" . | indent 6 }}
      component: database
      template:
      metadata:
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      component: database
      spec:
      initContainers:
      - name: "remove-lost-found"
      image: "{{ .Values.busybox.image.repository }}:{{ .Values.busybox.image.tag }}"
      command: ["rm", "-Rf", "/var/lib/postgresql/data/lost+found"]
      volumeMounts:
      - name: data
      mountPath: /var/lib/postgresql/data
      containers:
      - name: database
      image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
      imagePullPolicy: {{ .Values.database.internal.image.pullPolicy }}
      resources:
      {{ toYaml .Values.database.internal.resources | indent 10 }}
      envFrom:
      - secretRef:
      name: "{{ template "harbor.fullname" . }}-database"
      volumeMounts:
      - name: data
      mountPath: /var/lib/postgresql/data
      {{- if not .Values.persistence.enabled }}
      volumes:
      - name: "data"
      emptyDir: {}
      {{- end -}}
      {{- with .Values.database.internal.nodeSelector }}
      nodeSelector:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.database.internal.affinity }}
      affinity:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.database.internal.tolerations }}
      tolerations:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- if .Values.persistence.enabled }}
      volumeClaimTemplates:
      - metadata:
      name: "data"
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      spec:
      accessModes: [{{ .Values.database.internal.volumes.data.accessMode | quote }}]
      {{- if .Values.database.internal.volumes.data.storageClass }}
      {{- if (eq "-" .Values.database.internal.volumes.data.storageClass) }}
      storageClassName: ""
      {{- else }}
      storageClassName: "{{ .Values.database.internal.volumes.data.storageClass }}"
      {{- end }}
      {{- end }}
      resources:
      requests:
      storage: {{ .Values.database.internal.volumes.data.size | quote }}
      {{- end -}}
      {{- end -}}
      templates/database/database-svc.yaml 0 → 100644
      View file @ a78f0494
      {{- if eq .Values.database.type "internal" -}}
      apiVersion: v1
      kind: Service
      metadata:
      name: "{{ template "harbor.fullname" . }}-database"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      spec:
      ports:
      - port: 5432
      selector:
      {{ include "harbor.matchLabels" . | indent 4 }}
      component: database
      {{- end -}}
      \ No newline at end of file
      templates/ingress/ingress.yaml 0 → 100644
      View file @ a78f0494
      {{ if .Values.ingress.enabled }}
      apiVersion: extensions/v1beta1
      kind: Ingress
      metadata:
      name: "{{ template "harbor.fullname" . }}-ingress"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      annotations:
      {{ toYaml .Values.ingress.annotations | indent 4 }}
      spec:
      # {{ if eq .Values.externalProtocol "https" }}
      # tls:
      # - hosts:
      # - "{{ .Values.externalDomain }}"
      # - "{{ template "harbor.notaryFQDN" . }}"
      # {{ if eq .Values.ingress.tls.secretName "" }}
      # secretName: "{{ template "harbor.fullname" . }}-ingress"
      # {{ else }}
      # secretName: {{ .Values.ingress.tls.secretName }}
      # {{ end }}
      # {{ end }}
      rules:
      - host: "{{ .Values.externalDomain }}"
      http:
      paths:
      - path: /
      backend:
      serviceName: {{ template "harbor.fullname" . }}-ui
      servicePort: 80
      - host: "{{ template "harbor.notaryFQDN" . }}"
      http:
      paths:
      - path: /
      backend:
      serviceName: {{ template "harbor.notaryServiceName" . }}
      servicePort: 4443
      {{ end }}
      \ No newline at end of file
      templates/ingress/secret.yaml 0 → 100644
      View file @ a78f0494
      {{ if eq .Values.externalProtocol "https" }}
      {{ if .Values.ingress.enabled }}
      {{ if eq .Values.ingress.tls.secretName "" }}
      {{ $ca := genCA "harbor-ca" 3650 }}
      {{ $cert := genSignedCert (include "harbor.certCommonName" .) nil nil 3650 $ca }}
      apiVersion: v1
      kind: Secret
      metadata:
      name: "{{ template "harbor.fullname" . }}-ingress"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      type: kubernetes.io/tls
      data:
      tls.crt: {{ .Values.tlsCrt | default $cert.Cert | b64enc | quote }}
      tls.key: {{ .Values.tlsKey | default $cert.Key | b64enc | quote }}
      ca.crt: {{ .Values.caCrt | default $ca.Cert | b64enc | quote }}
      {{ end }}
      {{ end }}
      {{ end }}
      \ No newline at end of file
      templates/jobservice/jobservice-cm.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: ConfigMap
      metadata:
      name: "{{ template "harbor.fullname" . }}-jobservice"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      data:
      config.yml: |+
      protocol: "http"
      port: 8080
      worker_pool:
      workers: {{ .Values.jobservice.maxWorkers }}
      backend: "redis"
      redis_pool:
      redis_url: "{{ template "harbor.redisForJobservice" . }}"
      namespace: "harbor_job_service_namespace"
      logger:
      path: "/var/log/jobs"
      level: "INFO"
      archive_period: 14 #days
      admin_server: "http://{{ template "harbor.fullname" . }}-adminserver"
      templates/jobservice/jobservice-dpl.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: extensions/v1beta1
      kind: Deployment
      metadata:
      name: "{{ template "harbor.fullname" . }}-jobservice"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: jobservice
      spec:
      replicas: 1
      selector:
      matchLabels:
      {{ include "harbor.matchLabels" . | indent 6 }}
      component: jobservice
      template:
      metadata:
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      component: jobservice
      spec:
      containers:
      - name: jobservice
      image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }}
      imagePullPolicy: {{ .Values.jobservice.image.pullPolicy }}
      resources:
      {{ toYaml .Values.jobservice.resources | indent 10 }}
      envFrom:
      - secretRef:
      name: "{{ template "harbor.fullname" . }}-jobservice"
      env:
      - name: LOG_LEVEL
      value: debug
      - name: GODEBUG
      value: netdns=cgo
      ports:
      - containerPort: 8080
      volumeMounts:
      - name: jobservice-config
      mountPath: /etc/jobservice/config.yml
      subPath: config.yml
      - name: job-logs
      mountPath: /var/log/jobs
      volumes:
      - name: jobservice-config
      configMap:
      name: "{{ template "harbor.fullname" . }}-jobservice"
      - name: job-logs
      emptyDir: {}
      {{- with .Values.jobservice.nodeSelector }}
      nodeSelector:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.jobservice.affinity }}
      affinity:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.jobservice.tolerations }}
      tolerations:
      {{ toYaml . | indent 8 }}
      {{- end }}
      templates/jobservice/jobservice-secrets.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: Secret
      metadata:
      name: "{{ template "harbor.fullname" . }}-jobservice"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      type: Opaque
      data:
      secretKey: {{ .Values.secretKey | b64enc | quote }}
      JOBSERVICE_SECRET: {{ .Values.jobservice.secret | b64enc | quote }}
      UI_SECRET: {{ .Values.ui.secret | b64enc | quote }}
      \ No newline at end of file
      templates/jobservice/jobservice-svc.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: Service
      metadata:
      name: "{{ template "harbor.fullname" . }}-jobservice"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      spec:
      ports:
      - port: 80
      targetPort: 8080
      selector:
      {{ include "harbor.matchLabels" . | indent 4 }}
      component: jobservice
      templates/notary/notary-cm.yaml 0 → 100644
      View file @ a78f0494
      {{ if .Values.notary.enabled }}
      apiVersion: v1
      kind: ConfigMap
      metadata:
      name: {{ template "harbor.fullname" . }}-notary
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: notary
      data:
      {{ $ca := genCA "harbor-notary-ca" 3650 }}
      {{ $cert := genSignedCert (printf "%s-notary-signer" (include "harbor.fullname" .)) nil nil 3650 $ca }}
      notary-signer-ca.crt: |
      {{ .Values.notary.signer.caCrt | default $ca.Cert | indent 4 }}
      notary-signer.crt: |
      {{ .Values.notary.signer.tlsCrt | default $cert.Cert | indent 4 }}
      notary-signer.key: |
      {{ .Values.notary.signer.tlsKey | default $cert.Key | indent 4 }}
      server-config.postgres.json: |
      {
      "server": {
      "http_addr": ":4443"
      },
      "trust_service": {
      "type": "remote",
      "hostname": "{{ template "harbor.fullname" . }}-notary-signer",
      "port": "7899",
      "tls_ca_file": "./notary-signer-ca.crt",
      "key_algorithm": "ecdsa"
      },
      "logging": {
      "level": "debug"
      },
      "storage": {
      "backend": "postgres",
      "db_url": "{{ template "harbor.database.notaryServer" . }}"
      },
      "auth": {
      "type": "token",
      "options": {
      "realm": "{{ template "harbor.externalURL" . }}/service/token",
      "service": "harbor-notary",
      "issuer": "harbor-token-issuer",
      "rootcertbundle": "/root.crt"
      }
      }
      }
      signer-config.postgres.json: |
      {
      "server": {
      "grpc_addr": ":7899",
      "tls_cert_file": "./notary-signer.crt",
      "tls_key_file": "./notary-signer.key"
      },
      "logging": {
      "level": "debug"
      },
      "storage": {
      "backend": "postgres",
      "db_url": "{{ template "harbor.database.notarySigner" . }}",
      "default_alias": "defaultalias"
      }
      }
      {{ end }}
      templates/notary/notary-server.yaml 0 → 100644
      View file @ a78f0494
      {{ if .Values.notary.enabled }}
      apiVersion: extensions/v1beta1
      kind: Deployment
      metadata:
      name: {{ template "harbor.fullname" . }}-notary-server
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: notary-server
      spec:
      replicas: 1
      selector:
      matchLabels:
      {{ include "harbor.matchLabels" . | indent 6 }}
      component: notary-server
      template:
      metadata:
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      component: notary-server
      spec:
      containers:
      - name: notary-server
      image: {{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }}
      imagePullPolicy: {{ .Values.notary.server.image.pullPolicy }}
      resources:
      {{ toYaml .Values.notary.server.resources | indent 10 }}
      env:
      - name: MIGRATIONS_PATH
      value: migrations/server/postgresql
      - name: DB_URL
      value: {{ template "harbor.database.notaryServer" . }}
      volumeMounts:
      - name: notary-config
      mountPath: /etc/notary
      - name: root-certificate
      mountPath: /root.crt
      subPath: tokenServiceRootCertBundle
      volumes:
      - name: notary-config
      configMap:
      name: "{{ template "harbor.fullname" . }}-notary"
      - name: root-certificate
      secret:
      secretName: "{{ template "harbor.fullname" . }}-ui"
      {{- with .Values.notary.nodeSelector }}
      nodeSelector:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.notary.affinity }}
      affinity:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.notary.tolerations }}
      tolerations:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{ end }}
      templates/notary/notary-signer.yaml 0 → 100644
      View file @ a78f0494
      {{ if .Values.notary.enabled }}
      apiVersion: extensions/v1beta1
      kind: Deployment
      metadata:
      name: {{ template "harbor.fullname" . }}-notary-signer
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: notary-signer
      spec:
      replicas: 1
      selector:
      matchLabels:
      {{ include "harbor.matchLabels" . | indent 6 }}
      component: notary-signer
      template:
      metadata:
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      component: notary-signer
      spec:
      containers:
      - name: notary-signer
      image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }}
      imagePullPolicy: {{ .Values.notary.signer.image.pullPolicy }}
      resources:
      {{ toYaml .Values.notary.signer.resources | indent 10 }}
      env:
      - name: MIGRATIONS_PATH
      value: migrations/signer/postgresql
      - name: DB_URL
      value: {{ template "harbor.database.notarySigner" . }}
      - name: NOTARY_SIGNER_DEFAULTALIAS
      value: {{ .Values.notary.signer.env.NOTARY_SIGNER_DEFAULTALIAS }}
      volumeMounts:
      - name: notary-config
      mountPath: /etc/notary
      volumes:
      - name: notary-config
      configMap:
      name: "{{ template "harbor.fullname" . }}-notary"
      {{ end }}
      templates/notary/notary-svc.yaml 0 → 100644
      View file @ a78f0494
      {{ if .Values.notary.enabled }}
      apiVersion: v1
      kind: Service
      metadata:
      name: {{ template "harbor.notaryServiceName" . }}
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      spec:
      ports:
      - port: 4443
      selector:
      {{ include "harbor.matchLabels" . | indent 4 }}
      component: notary-server
      ---
      apiVersion: v1
      kind: Service
      metadata:
      name: {{ template "harbor.fullname" . }}-notary-signer
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      spec:
      ports:
      - port: 7899
      selector:
      {{ include "harbor.matchLabels" . | indent 4 }}
      component: notary-signer
      {{ end }}
      \ No newline at end of file
      templates/redis/redis.dp.yml 0 → 100644
      View file @ a78f0494
      ---
      apiVersion: extensions/v1beta1
      kind: Deployment
      metadata:
      name: {{ template "harbor.fullname" . }}-redis
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: redis
      spec:
      replicas: 1
      template:
      metadata:
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      component: redis
      spec:
      containers:
      - name: redis
      image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
      imagePullPolicy: {{ .Values.redis.image.pullPolicy }}
      args: ["--save","''","--appendonly","no"]
      ports:
      - name: redis
      containerPort: 6379
      \ No newline at end of file
      templates/redis/redis.svc.yml 0 → 100644
      View file @ a78f0494
      ---
      apiVersion: v1
      kind: Service
      metadata:
      name: {{ template "harbor.fullname" . }}-redis
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: redis
      spec:
      selector:
      {{ include "harbor.matchLabels" . | indent 4 }}
      component: redis
      ports:
      - name: redis
      port: 6379
      \ No newline at end of file
      templates/registry/registry-cm.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: ConfigMap
      metadata:
      name: "{{ template "harbor.fullname" . }}-registry"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      data:
      config.yml: |+
      version: 0.1
      log:
      level: {{ .Values.registry.logLevel }}
      fields:
      service: registry
      storage:
      {{- $storage := .Values.registry.storage }}
      {{- $type := $storage.type }}
      {{- if eq $type "filesystem" }}
      filesystem:
      rootdirectory: {{ $storage.filesystem.rootdirectory }}
      {{- if $storage.filesystem.maxthreads }}
      maxthreads: {{ $storage.filesystem.maxthreads }}
      {{- end }}
      {{- else if eq $type "azure" }}
      azure:
      accountname: {{ $storage.azure.accountname }}
      container: {{ $storage.azure.container }}
      {{- if $storage.azure.realm }}
      realm: {{ $storage.azure.realm }}
      {{- end }}
      {{- else if eq $type "gcs" }}
      gcs:
      bucket: {{ $storage.gcs.bucket }}
      {{- if $storage.gcs.rootdirectory }}
      rootdirectory: {{ $storage.gcs.rootdirectory }}
      {{- end }}
      {{- if $storage.gcs.chunksize }}
      chunksize: {{ $storage.gcs.chunksize }}
      {{- end }}
      {{- else if eq $type "s3" }}
      s3:
      region: {{ $storage.s3.region }}
      bucket: {{ $storage.s3.bucket }}
      {{- if $storage.s3.regionendpoint }}
      regionendpoint: {{ $storage.s3.regionendpoint }}
      {{- end }}
      {{- if $storage.s3.encrypt }}
      encrypt: {{ $storage.s3.encrypt }}
      {{- end }}
      {{- if $storage.s3.secure }}
      secure: {{ $storage.s3.secure }}
      {{- end }}
      {{- if $storage.s3.v4auth }}
      v4auth: {{ $storage.s3.v4auth }}
      {{- end }}
      {{- if $storage.s3.chunksize }}
      chunksize: {{ $storage.s3.chunksize }}
      {{- end }}
      {{- if $storage.s3.rootdirectory }}
      rootdirectory: {{ $storage.s3.rootdirectory }}
      {{- end }}
      {{- if $storage.s3.storageclass }}
      storageclass: {{ $storage.s3.storageclass }}
      {{- end }}
      {{- else if eq $type "swift" }}
      swift:
      authurl: {{ $storage.swift.authurl }}
      username: {{ $storage.swift.username }}
      container: {{ $storage.swift.container }}
      {{- if $storage.swift.region }}
      region: {{ $storage.swift.region }}
      {{- end }}
      {{- if $storage.swift.tenant }}
      tenant: {{ $storage.swift.tenant }}
      {{- end }}
      {{- if $storage.swift.tenantid }}
      tenantid: {{ $storage.swift.tenantid }}
      {{- end }}
      {{- if $storage.swift.domain }}
      domain: {{ $storage.swift.domain }}
      {{- end }}
      {{- if $storage.swift.domainid }}
      domainid: {{ $storage.swift.domainid }}
      {{- end }}
      {{- if $storage.swift.trustid }}
      trustid: {{ $storage.swift.trustid }}
      {{- end }}
      {{- if $storage.swift.insecureskipverify }}
      insecureskipverify: {{ $storage.swift.insecureskipverify }}
      {{- end }}
      {{- if $storage.swift.chunksize }}
      chunksize: {{ $storage.swift.chunksize }}
      {{- end }}
      {{- if $storage.swift.prefix }}
      prefix: {{ $storage.swift.prefix }}
      {{- end }}
      {{- if $storage.swift.authversion }}
      authversion: {{ $storage.swift.authversion }}
      {{- end }}
      {{- if $storage.swift.endpointtype }}
      endpointtype: {{ $storage.swift.endpointtype }}
      {{- end }}
      {{- if $storage.swift.tempurlcontainerkey }}
      tempurlcontainerkey: {{ $storage.swift.tempurlcontainerkey }}
      {{- end }}
      {{- if $storage.swift.tempurlmethods }}
      tempurlmethods: {{ $storage.swift.tempurlmethods }}
      {{- end }}
      {{- else if eq $type "oss" }}
      oss:
      accesskeyid: {{ $storage.oss.accesskeyid }}
      region: {{ $storage.oss.region }}
      bucket: {{ $storage.oss.bucket }}
      {{- if $storage.oss.endpoint }}
      endpoint: {{ $storage.oss.endpoint }}
      {{- end }}
      {{- if $storage.oss.internal }}
      internal: {{ $storage.oss.internal }}
      {{- end }}
      {{- if $storage.oss.encrypt }}
      encrypt: {{ $storage.oss.encrypt }}
      {{- end }}
      {{- if $storage.oss.secure }}
      secure: {{ $storage.oss.secure }}
      {{- end }}
      {{- if $storage.oss.chunksize }}
      chunksize: {{ $storage.oss.chunksize }}
      {{- end }}
      {{- if $storage.oss.rootdirectory }}
      rootdirectory: {{ $storage.oss.rootdirectory }}
      {{- end }}
      {{- end }}
      cache:
      layerinfo: redis
      maintenance:
      uploadpurging:
      enabled: false
      delete:
      enabled: true
      redis:
      addr: "{{ template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}"
      password: {{ template "harbor.redis.password" . }}
      db: {{ template "harbor.redis.databaseIndex" . }}
      http:
      addr: :5000
      # set via environment variable
      # secret: placeholder
      debug:
      addr: localhost:5001
      auth:
      token:
      issuer: harbor-token-issuer
      realm: "{{ template "harbor.externalURL" . }}/service/token"
      rootcertbundle: /etc/registry/root.crt
      service: harbor-registry
      notifications:
      endpoints:
      - name: harbor
      disabled: false
      url: http://{{ template "harbor.fullname" . }}-ui/service/notifications
      timeout: 3000ms
      threshold: 5
      backoff: 1s
      templates/registry/registry-secret.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: Secret
      metadata:
      name: "{{ template "harbor.fullname" . }}-registry"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      type: Opaque
      data:
      httpSecret: {{ .Values.registry.httpSecret | b64enc | quote }}
      {{- $storage := .Values.registry.storage }}
      {{- $type := $storage.type }}
      {{- if eq $type "azure" }}
      accountkey: {{ $storage.azure.accountkey | b64enc | quote }}
      {{- else if eq $type "s3" }}
      {{- if $storage.s3.accesskey }}
      accesskey: {{ $storage.s3.accesskey | b64enc | quote }}
      {{- end }}
      {{- if $storage.s3.secretkey }}
      secretkey: {{ $storage.s3.secretkey | b64enc | quote }}
      {{- end }}
      {{- else if eq $type "swift" }}
      password: {{ $storage.swift.password }}
      {{- if $storage.swift.secretkey }}
      secretkey: {{ $storage.swift.secretkey }}
      {{- end }}
      {{- if $storage.swift.accesskey }}
      accesskey: {{ $storage.swift.accesskey }}
      {{- end }}
      {{- else if eq $type "oss" }}
      accesskeysecret: {{ $storage.oss.accesskeysecret }}
      {{- end }}
      \ No newline at end of file
      templates/registry/registry-ss.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: apps/v1beta2
      kind: StatefulSet
      metadata:
      name: "{{ template "harbor.fullname" . }}-registry"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: registry
      spec:
      replicas: 1
      serviceName: "{{ template "harbor.fullname" . }}-registry"
      selector:
      matchLabels:
      {{ include "harbor.matchLabels" . | indent 6 }}
      component: registry
      template:
      metadata:
      labels:
      {{ include "harbor.labels" . | indent 8 }}
      component: registry
      spec:
      containers:
      - name: registry
      image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }}
      imagePullPolicy: {{ .Values.registry.image.pullPolicy }}
      resources:
      {{ toYaml .Values.registry.resources | indent 10 }}
      args: ["serve", "/etc/registry/config.yml"]
      env:
      - name: REGISTRY_HTTP_SECRET
      valueFrom:
      secretKeyRef:
      name: "{{ template "harbor.fullname" . }}-registry"
      key: httpSecret
      {{- $storage := .Values.registry.storage }}
      {{- $type := $storage.type }}
      {{- if eq $type "azure" }}
      - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
      valueFrom:
      secretKeyRef:
      name: "{{ template "harbor.fullname" . }}-registry"
      key: accountkey
      {{- else if eq $type "s3" }}
      {{- if $storage.s3.accesskey }}
      - name: REGISTRY_STORAGE_S3_ACCESSKEY
      valueFrom:
      secretKeyRef:
      name: "{{ template "harbor.fullname" . }}-registry"
      key: accesskey
      {{- end }}
      {{- if $storage.s3.secretkey }}
      - name: REGISTRY_STORAGE_S3_SECRETKEY
      valueFrom:
      secretKeyRef:
      name: "{{ template "harbor.fullname" . }}-registry"
      key: secretkey
      {{- end }}
      {{- else if eq $type "swift" }}
      - name: REGISTRY_STORAGE_SWIFT_PASSWORD
      valueFrom:
      secretKeyRef:
      name: "{{ template "harbor.fullname" . }}-registry"
      key: password
      {{- if $storage.swift.secretkey }}
      - name: REGISTRY_STORAGE_SWIFT_SECRETKEY
      valueFrom:
      secretKeyRef:
      name: "{{ template "harbor.fullname" . }}-registry"
      key: secretkey
      {{- end }}
      {{- if $storage.swift.accesskey }}
      - name: REGISTRY_STORAGE_SWIFT_ACCESSKEY
      valueFrom:
      secretKeyRef:
      name: "{{ template "harbor.fullname" . }}-registry"
      key: accesskey
      {{- end }}
      {{- else if eq $type "oss" }}
      - name: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
      valueFrom:
      secretKeyRef:
      name: "{{ template "harbor.fullname" . }}-registry"
      key: accesskeysecret
      {{- end }}
      ports:
      - containerPort: 5000
      - containerPort: 5001
      volumeMounts:
      {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }}
      - name: registry-data
      mountPath: {{ .Values.registry.storage.filesystem.rootdirectory }}
      {{- end }}
      - name: registry-root-certificate
      mountPath: /etc/registry/root.crt
      subPath: tokenServiceRootCertBundle
      - name: registry-config
      mountPath: /etc/registry/config.yml
      subPath: config.yml
      volumes:
      - name: registry-root-certificate
      secret:
      secretName: "{{ template "harbor.fullname" . }}-ui"
      - name: registry-config
      configMap:
      name: "{{ template "harbor.fullname" . }}-registry"
      - name: registry-data
      hostPath:
      path: /etc/kubernetes/data/registry
      {{- with .Values.registry.nodeSelector }}
      nodeSelector:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.registry.affinity }}
      affinity:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.registry.tolerations }}
      tolerations:
      {{ toYaml . | indent 8 }}
      {{- end }}
      templates/registry/registry-svc.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: Service
      metadata:
      name: "{{ template "harbor.fullname" . }}-registry"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      spec:
      ports:
      - port: 5000
      selector:
      {{ include "harbor.matchLabels" . | indent 4 }}
      component: registry
      \ No newline at end of file
      templates/ui/ui-cm.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: ConfigMap
      metadata:
      name: "{{ template "harbor.fullname" . }}-ui"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      data:
      app.conf: |+
      appname = Harbor
      runmode = prod
      enablegzip = true
      [prod]
      httpport = 8080
      templates/ui/ui-dpl.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: extensions/v1beta1
      kind: Deployment
      metadata:
      name: "{{ template "harbor.fullname" . }}-ui"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      component: ui
      spec:
      replicas: 1
      template:
      metadata:
      labels:
      {{ include "harbor.matchLabels" . | indent 8 }}
      component: ui
      spec:
      containers:
      - name: ui
      image: {{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}
      imagePullPolicy: {{ .Values.ui.image.pullPolicy }}
      env:
      - name: UI_SECRET
      valueFrom:
      secretKeyRef:
      name: "{{ template "harbor.fullname" . }}-ui"
      key: secret
      - name: JOBSERVICE_SECRET
      valueFrom:
      secretKeyRef:
      name: "{{ template "harbor.fullname" . }}-ui"
      key: jobserviceSecret
      - name: _REDIS_URL
      value: {{ template "harbor.redisForUI" . }}
      - name: GODEBUG
      value: netdns=cgo
      - name: LOG_LEVEL
      value: debug
      - name: CONFIG_PATH
      value: /etc/ui/app.conf
      - name: ENABLE_HARBOR_SCAN_ON_PUSH
      value: "1"
      - name: ADMINSERVER_URL
      value: "http://{{ template "harbor.fullname" . }}-adminserver"
      - name: CHART_CACHE_DRIVER
      value: "redis"
      ports:
      - containerPort: 8080
      volumeMounts:
      - name: ui-config
      mountPath: /etc/ui/app.conf
      subPath: app.conf
      - name: ui-secrets-key
      mountPath: /etc/ui/key
      subPath: key
      - name: ui-secrets-private-key
      mountPath: /etc/ui/private_key.pem
      subPath: tokenServicePrivateKey
      {{- if eq .Values.externalProtocol "https" }}
      {{- if .Values.ingress.enabled }}
      {{- if eq .Values.ingress.tls.secretName "" }}
      - name: ca-download
      mountPath: /etc/ui/ca/ca.crt
      subPath: ca.crt
      {{- end }}
      {{- end }}
      {{- end }}
      - name: psc
      mountPath: /etc/ui/token
      volumes:
      - name: ui-config
      configMap:
      name: "{{ template "harbor.fullname" . }}-ui"
      - name: ui-secrets-key
      secret:
      secretName: "{{ template "harbor.fullname" . }}-ui"
      items:
      - key: secretKey
      path: key
      - name: ui-secrets-private-key
      secret:
      secretName: "{{ template "harbor.fullname" . }}-ui"
      {{- if eq .Values.externalProtocol "https" }}
      {{- if .Values.ingress.enabled }}
      {{- if eq .Values.ingress.tls.secretName "" }}
      - name: ca-download
      secret:
      secretName: "{{ template "harbor.fullname" . }}-ingress"
      items:
      - key: ca.crt
      path: ca.crt
      {{- end }}
      {{- end }}
      {{- end }}
      - name: psc
      emptyDir: {}
      {{- with .Values.ui.nodeSelector }}
      nodeSelector:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.ui.affinity }}
      affinity:
      {{ toYaml . | indent 8 }}
      {{- end }}
      {{- with .Values.ui.tolerations }}
      tolerations:
      {{ toYaml . | indent 8 }}
      {{- end }}
      templates/ui/ui-secrets.yaml 0 → 100644
      View file @ a78f0494
      {{- $cert := genSelfSignedCert "harbor" nil nil 365 }}
      apiVersion: v1
      kind: Secret
      metadata:
      name: "{{ template "harbor.fullname" . }}-ui"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      type: Opaque
      data:
      secretKey: {{ .Values.secretKey | b64enc | quote }}
      secret: {{ .Values.ui.secret | b64enc | quote }}
      jobserviceSecret: {{ .Values.jobservice.secret | b64enc | quote }}
      tokenServiceRootCertBundle: {{ $cert.Cert | b64enc | quote }}
      tokenServicePrivateKey: {{ $cert.Key | b64enc | quote }}
      \ No newline at end of file
      templates/ui/ui-svc.yaml 0 → 100644
      View file @ a78f0494
      apiVersion: v1
      kind: Service
      metadata:
      name: "{{ template "harbor.fullname" . }}-ui"
      labels:
      {{ include "harbor.labels" . | indent 4 }}
      spec:
      ports:
      - port: 80
      targetPort: 8080
      selector:
      {{ include "harbor.matchLabels" . | indent 4 }}
      component: ui
      values.yaml 0 → 100644
      View file @ a78f0494
      persistence:
      enabled: true
      externalProtocol: https
      # The FQDN for Harbor service
      externalDomain: harbor.wodcloud.com
      # The Port for Harbor service, leave empty if the service
      # is to be bound to port 80/443
      externalPort:
      harborAdminPassword: "58772015"
      authenticationMode: "db_auth"
      selfRegistration: "on"
      ldap:
      url: "ldaps://ldapserver"
      searchDN: ""
      searchPassword: ""
      baseDN: ""
      filter: "(objectClass=person)"
      uid: "uid"
      scope: "2"
      timeout: "5"
      verifyCert: "True"
      email:
      host: "smtp.mydomain.com"
      port: "25"
      username: "sample_admin@mydomain.com"
      password: "password"
      ssl: "false"
      insecure: "false"
      from: "admin <sample_admin@mydomain.com>"
      identity: ""
      # The secret key used for encryption. Must be a string of 16 chars.
      secretKey: "nQImBn5SVCHL7ehq"
      # These annotations allow the registry to work behind the nginx
      # ingress controller.
      ingress:
      enabled: true
      annotations:
      tls:
      # Fill the secretName if you want to use the certificate of
      # yourself when Harbor serves with HTTPS. A certificate will
      # be generated automatically by the chart if leave it empty
      secretName: ""
      # The tag for Harbor docker images.
      harborImageTag: &harbor_image_tag dev
      adminserver:
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver
      tag: *harbor_image_tag
      pullPolicy: IfNotPresent
      volumes:
      config:
      storageClass: "storageos"
      accessMode: ReadWriteOnce
      size: 1Gi
      # resources:
      # requests:
      # memory: 256Mi
      # cpu: 100m
      nodeSelector: {}
      tolerations: []
      affinity: {}
      jobservice:
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
      tag: *harbor_image_tag
      pullPolicy: IfNotPresent
      secret: "BBRQwySksiHZqJUh"
      maxWorkers: 50
      # resources:
      # requests:
      # memory: 256Mi
      # cpu: 100m
      nodeSelector: {}
      tolerations: []
      affinity: {}
      ui:
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui
      tag: *harbor_image_tag
      pullPolicy: IfNotPresent
      secret: "BBRQwySksiHZqJUh"
      # resources:
      # requests:
      # memory: 256Mi
      # cpu: 100m
      nodeSelector: {}
      tolerations: []
      affinity: {}
      busybox:
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/busybox
      tag: 1.29
      # TODO: change the style to be same with redis
      database:
      # if external database is used, set "type" to "external"
      # and fill the connection informations in "external" section
      type: internal
      internal:
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db
      tag: *harbor_image_tag
      pullPolicy: IfNotPresent
      # the superuser password of database
      password: "spaceIN511"
      volumes:
      data:
      storageClass: "storageos"
      accessMode: ReadWriteOnce
      size: 1Gi
      # resources:
      # requests:
      # memory: 256Mi
      # cpu: 100m
      nodeSelector: {}
      tolerations: []
      affinity: {}
      external:
      host: "192.168.0.1"
      port: "5432"
      username: "user"
      password: "password"
      coreDatabase: "registry"
      clairDatabase: "clair"
      notaryServerDatabase: "notary_server"
      notarySignerDatabase: "notary_signer"
      registry:
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/registry-photon
      tag: dev
      pullPolicy: IfNotPresent
      httpSecret: "BBRQwySksiHZqJUh"
      logLevel: info
      storage:
      # specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift",
      # "oss" and fill the information needed in the corresponding section
      type: filesystem
      filesystem:
      rootdirectory: /var/lib/registry
      #maxthreads: 100
      azure:
      accountname: accountname
      accountkey: base64encodedaccountkey
      container: containername
      #realm: core.windows.net
      gcs:
      bucket: bucketname
      # TODO: support the keyfile of gcs
      #keyfile: /path/to/keyfile
      #rootdirectory: /gcs/object/name/prefix
      #chunksize: 5242880
      s3:
      region: us-west-1
      bucket: bucketname
      #accesskey: awsaccesskey
      #secretkey: awssecretkey
      #regionendpoint: http://myobjects.local
      #encrypt: false
      #keyid: mykeyid
      #secure: true
      #v4auth: true
      #chunksize: 5242880
      #rootdirectory: /s3/object/name/prefix
      #storageclass: STANDARD
      swift:
      authurl: https://storage.myprovider.com/v3/auth
      username: username
      password: password
      container: containername
      #region: fr
      #tenant: tenantname
      #tenantid: tenantid
      #domain: domainname
      #domainid: domainid
      #trustid: trustid
      #insecureskipverify: false
      #chunksize: 5M
      #prefix:
      #secretkey: secretkey
      #accesskey: accesskey
      #authversion: 3
      #endpointtype: public
      #tempurlcontainerkey: false
      #tempurlmethods:
      oss:
      accesskeyid: accesskeyid
      accesskeysecret: accesskeysecret
      region: regionname
      bucket: bucketname
      #endpoint: endpoint
      #internal: false
      #encrypt: false
      #secure: true
      #chunksize: 10M
      #rootdirectory: rootdirectory
      ## Persist data to a persistent volume
      volumes:
      data:
      # storageClass: "-"
      accessMode: ReadWriteOnce
      size: 5Gi
      # resources:
      # requests:
      # memory: 256Mi
      # cpu: 100m
      nodeSelector:
      kubernetes.io/hostname: 172.31.14.41
      tolerations: []
      affinity: {}
      chartmuseum:
      enabled: true
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum-photon
      tag: dev
      pullPolicy: IfNotPresent
      volumes:
      data:
      storageClass: "storageos"
      accessMode: ReadWriteOnce
      size: 5Gi
      # resources:
      # requests:
      # memory: 256Mi
      # cpu: 100m
      nodeSelector: {}
      tolerations: []
      affinity: {}
      clair:
      enabled: true
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/clair-photon
      tag: dev
      pullPolicy: IfNotPresent
      volumes:
      pgData:
      storageClass: "storageos"
      accessMode: ReadWriteOnce
      size: 1Gi
      # resources:
      # requests:
      # memory: 256Mi
      # cpu: 100m
      nodeSelector: {}
      tolerations: []
      affinity: {}
      redis:
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/redis
      tag: 4.0.1-alpine
      pullPolicy: IfNotPresent
      # if external Redis is used, set "external.enabled" to "true"
      # and fill the connection informations in "external" section.
      # or the internal Redis will be used
      usePassword: false
      password: "spaceIN511"
      cluster:
      enabled: false
      master:
      persistence:
      # TODO: There is a perm issue: Can't open the append-only file: Permission denied
      # TODO: Setting it to false is a temp workaround. Will re-visit this problem.
      enabled: false
      external:
      enabled: false
      host: "192.168.0.2"
      port: "6379"
      databaseIndex: "0"
      usePassword: false
      password: "spaceIN511"
      notary:
      enabled: true
      server:
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server-photon
      tag: dev
      pullPolicy: IfNotPresent
      signer:
      image:
      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-signer-photon
      tag: dev
      pullPolicy: IfNotPresent
      env:
      NOTARY_SIGNER_DEFAULTALIAS: defaultalias
      # The TLS certificate for Notary Signer. Will auto generate them if unspecified here.
      caCrt:
      tlsCrt:
      tlsKey:
      nodeSelector: {}
      tolerations: []
      affinity: {}
      Markdown is supported
      0% or
      You are about to add 0 people to the discussion. Proceed with caution.
      Finish editing this message first!
      Please register or to comment