From dd6c88c552f9011775c47cee0913f2de14f9924c Mon Sep 17 00:00:00 2001 From: shucheng Date: Thu, 18 Oct 2018 19:09:14 +0800 Subject: [PATCH] update --- dist.yaml | 1293 +++++++++++++++++++++++++++ readme.md | 12 + templates/_helpers.tpl | 1 - templates/database/database-ss.yaml | 4 +- templates/istio/notary.gateway.yaml | 6 +- templates/istio/ui.gateway.yaml | 6 +- 6 files changed, 1313 insertions(+), 9 deletions(-) create mode 100644 dist.yaml diff --git a/dist.yaml b/dist.yaml new file mode 100644 index 0000000..9bc67f2 --- /dev/null +++ b/dist.yaml @@ -0,0 +1,1293 @@ +--- +# Source: harbor/templates/adminserver/adminserver-secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: "harbor-adminserver" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-adminserver +type: Opaque +data: + secretKey: "blFJbUJuNVNWQ0hMN2VocQ==" + EMAIL_PWD: "cGFzc3dvcmQ=" + HARBOR_ADMIN_PASSWORD: "NTg3NzIwMTU=" + POSTGRESQL_PASSWORD: "c3BhY2VJTjUxMQ==" + JOBSERVICE_SECRET: "QkJSUXd5U2tzaUhacUpVaA==" + UI_SECRET: "QkJSUXd5U2tzaUhacUpVaA==" + + CLAIR_DB_PASSWORD: "c3BhY2VJTjUxMQ==" + + +--- +# Source: harbor/templates/chartmuseum/chartmuseum-secret.yaml + +apiVersion: v1 +kind: Secret +metadata: + name: "harbor-chartmuseum" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +type: Opaque +data: + CACHE_REDIS_PASSWORD: "" + BASIC_AUTH_PASS: "QkJSUXd5U2tzaUhacUpVaA==" +--- +# Source: harbor/templates/database/database-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: "harbor-database" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +type: Opaque +data: + POSTGRES_PASSWORD: "c3BhY2VJTjUxMQ==" +--- +# Source: harbor/templates/jobservice/jobservice-secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: "harbor-jobservice" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +type: Opaque +data: + secretKey: "blFJbUJuNVNWQ0hMN2VocQ==" + JOBSERVICE_SECRET: "QkJSUXd5U2tzaUhacUpVaA==" + UI_SECRET: "QkJSUXd5U2tzaUhacUpVaA==" +--- +# Source: harbor/templates/registry/registry-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: "harbor-registry" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +type: Opaque +data: + httpSecret: "QkJSUXd5U2tzaUhacUpVaA==" +--- +# Source: harbor/templates/ui/ui-secrets.yaml + +apiVersion: v1 +kind: Secret +metadata: + name: "harbor-ui" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +type: Opaque +data: + secretKey: "blFJbUJuNVNWQ0hMN2VocQ==" + secret: "QkJSUXd5U2tzaUhacUpVaA==" + jobserviceSecret: "QkJSUXd5U2tzaUhacUpVaA==" + tokenServiceRootCertBundle: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2ekNDQWRPZ0F3SUJBZ0lRTGh6a0EyN2Nhd1JKczl6d1hNeUxhREFOQmdrcWhraUc5dzBCQVFzRkFEQVIKTVE4d0RRWURWUVFERXdab1lYSmliM0l3SGhjTk1UZ3hNREU0TVRFd01EQTFXaGNOTVRreE1ERTRNVEV3TURBMQpXakFSTVE4d0RRWURWUVFERXdab1lYSmliM0l3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUUM4ckV5TW80eTN0TVNhemRQWGZrOXlUczBydHRnQkgraTFLS2l5b3F1SGtFN2hiUmJZbXJGbzYzSmMKYmF3bk1mZnBUT1pEajVmb0hFaXR4TmlvVEdNR2tEMng0Uy9vd2hDSEs5cHplNFJtOTF3SjZrK2d1VWhnOXRHdwpDbFM1YmxYUVRrVXh3WUprSG9lbnkvZGFmNUU5ZzlSYkJtQ0hNSTFxS0V1T1UrSkhTZ3lYMmE3cHViNkgzQ1hICkJZSlEyVzJHTjJ5RmhudHlEcXhFRGpEVTd3QXBEcGdUeXh6dllkemlFdjdMYUE3Y2ZxQzJqUURMZmsrK2w1d2YKeGVONHk4NFlNV2ZEb0pkblpQNjQ3bVpZaGJ0aHVjWlRPMWI3RUprTEsyTkNJK0xCMnVHS3BiMGxVTnczMzlvdQpCWUlEaXdRRDg0V2lhdHZoZTd4TVZUY2wvUHI5QWdNQkFBR2pQekE5TUE0R0ExVWREd0VCL3dRRUF3SUZvREFkCkJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3QURBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFPUVM0cEpsZHhscGFObnFiL2tUQ1lBaStLdi80cko3TjN1dFFCQit4UEJCMwpiTnQ1ZlpQemhkbEhyRHRTVWhCRGRHNzVpWitWcE1NVGtNanAwM0txYXhPcnZ1eXdpY2o1Q2hEOERFYURDM3JCClBsaE5UZE5HUzVtVURUUmloUkZYRklHdDBrQjh2cjNXUTRDY2VsT0NOdG1NSzNqN2l5R3o1MmxZR0tKMUFnZkwKVWFVVXZnSVVZTnFDR1ZwZG1FWDF0YTRUN2w2T3cvbmNJdkpSZEtHbDhNUTRSV0pvcWNpbEcrQk9udFB5MEo3SQpkOXZyUWxHSVowOGlyaTVyaERWbFBMYmR1YmpzTVJzWERhSGhxWWpiMjFZOHpiWWJWNnd1ZHlzRUVJSHJaNER4CnJ3NlY2UnZPYkpnUC9JK2dad01NanhmRTFNSGRrSVNkTXVBZ1RtVU5WUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + tokenServicePrivateKey: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdkt4TWpLT010N1RFbXMzVDEzNVBjazdOSzdiWUFSL290U2lvc3FLcmg1Qk80VzBXCjJKcXhhT3R5WEcyc0p6SDM2VXptUTQrWDZCeElyY1RZcUV4akJwQTlzZUV2Nk1JUWh5dmFjM3VFWnZkY0NlcFAKb0xsSVlQYlJzQXBVdVc1VjBFNUZNY0dDWkI2SHA4djNXbitSUFlQVVd3WmdoekNOYWloTGpsUGlSMG9NbDltdQo2Ym0raDl3bHh3V0NVTmx0aGpkc2hZWjdjZzZzUkE0dzFPOEFLUTZZRThzYzcySGM0aEwreTJnTzNINmd0bzBBCnkzNVB2cGVjSDhYamVNdk9HREZudzZDWFoyVCt1TzVtV0lXN1libkdVenRXK3hDWkN5dGpRaVBpd2RyaGlxVzkKSlZEY045L2FMZ1dDQTRzRUEvT0ZvbXJiNFh1OFRGVTNKZno2L1FJREFRQUJBb0lCQUdMNFZ1ZG5XNGQ2TWErcQp6TGM3c04wYmJSRERSeWUvMzBnNFhkWG04dWVYMFdqNjJvTWhFbk1oSHNwUlZYN3gvVVBLYlBkL3VZV3VZSW1XCnVyZjk2ZXdsZWRkM2NyUThLSU5mZzZZVVl1M0lUK1Y3bmUySGcrb3BUdkZ6V2VJemVKeGVrbmw1TXJibU5PN1cKVlppSlZselliR3FiTzhOdXVwKzNKM3N2a1lFbTlSOUVFRXJWczFNZU9LeFp2azRtSVdyT05BdHVMTlM5VDFlKwpEbHdhWjhHQ1dMdUxwTkhMMnRjWGdPa0NocUpPQmV4RHkrdmsxc3RTd3VtRk1PanRSNHhBV1BiSms2QUVFVzhiCndhYjlKaW9PR0U4MFNYZHowVGVDV1lIZCt6Q2g0M2JlSXRSMUEzZXd1RG40ZlI0VEdyTTAwZ0M5L29XelM0RUwKQUFBVXNrRUNnWUVBeHVLYWxiQXRhN3JINXBpNjYyWDJjRmNTUnlOUjA3UmNTSlRzWXl5dWQ0ZUJFaE1WaU5RUQphcXlzTmdIR1ljdlN1bGVSYVdpYVVOT2tlRDNUdTk4aGhCRkdGU1ZpandZZXAzUW02RnFYOG52d1BDVklOTkttClVTNnZ1b0FPUjBySTA5bkJ4aktwZHZRRUJuVHE4THV4MHY1MWRIWEVrM0pHUVRxanhidFQ1bFVDZ1lFQTh0cnUKdFVVQVIvUGs3cmtuSTRLMGhucGZxNDlCa05RUXdKd3hPMk8xS2V6eEVXOGowTTBFOHg0VGZJUDNFNWxUdHh6VQpQZlJrVnpRblE4Z21hWEZDSnUxWktvL09oaUJ1am9kYnJKMzdCL24zTnZKRW45QnFrdGJBbTN5VTJPajdIZjVTCnpXdkw5WVFNRk85NVEvc0RNeGJjamtRYlByMitDdmNUUFR6UVdna0NnWUFMQi9pUkF1T1NEUnNYVkROUjZTYmgKRmtOQ1JOZytDTXZ4anFrSjJ5bVdJYUxzRUxqcURQRVlLWm1ucVRPS3F4WjJGWE5RU0dmK3dhNW1xTzg4aFdURApnWDNFb0gwMTk1M3RwY2llckordTZHYnJ2eG1oTEduaktOYkFYbWZzVmw2TE9aSEEzNEI4dzQ0Um1aeUtXNjdDClNERFZrODZpYXYwd2t3TVFiWko2dlFLQmdIM1YzelpoNklGZjZOR2hjcHc5ejVpV3RCZkxCT2dzV2ZuVGROY1gKRlBvQ1llN3NyWncxZjBrUjNucjRUZ0FEeEpMdkJ6S0svYXNKeFFha0lQTWwwbWNsT0x5TEF6SVFmL2l1UGx3MQpCNnZjWTdJKzJqd00zQXYxNXBzcWRGM29hcVhoNzdtdEQyUEo1aEM2L1JTeWJiZjlNbzhzendrMWU5Rm1zTHRjClZZRXhBb0dCQUo1ZjRlaGZQbDBhUTJ3ZzVoY25INCtDeTNwZjFDWDJQUkZmNGU5Q2cvVXFGMmNRQnA1TFNKdzQKZ0kyQ3hWMmRpdU1NMTdSbnZtMWl2ZGRvd0E1MnM2aTNad1JOSStxWDU0d2tzSUtucyt5VG90ek9pUEFoemUrNgpKU0lOVXc4ZUFzNTBmOVdTc21UbDl0RWNVN0t4TVRQbkltZTF5Rjl4TlJuQktQc01JZm1OCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==" + +--- +# Source: harbor/templates/adminserver/adminserver-cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: "harbor-adminserver" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-adminserver +data: + POSTGRESQL_HOST: "harbor-database" + POSTGRESQL_PORT: "5432" + POSTGRESQL_USERNAME: "postgres" + POSTGRESQL_DATABASE: "registry" + EMAIL_HOST: "smtp.mydomain.com" + EMAIL_PORT: "25" + EMAIL_USR: "sample_admin@mydomain.com" + EMAIL_SSL: "false" + EMAIL_FROM: "admin " + EMAIL_IDENTITY: "" + EMAIL_INSECURE: "false" + EXT_ENDPOINT: "https://harbor.wodcloud.com" + UI_URL: "http://harbor-ui" + JOBSERVICE_URL: "http://harbor-jobservice" + REGISTRY_URL: "http://harbor-registry:5000" + TOKEN_SERVICE_URL: "http://harbor-ui/service/token" + WITH_NOTARY: "true" + NOTARY_URL: "http://harbor-notary-server:4443" + LOG_LEVEL: "info" + IMAGE_STORE_PATH: "/" # This is a temporary hack. + AUTH_MODE: "db_auth" + SELF_REGISTRATION: "on" + LDAP_URL: "ldaps://ldapserver" + LDAP_SEARCH_DN: "" + LDAP_BASE_DN: "" + LDAP_FILTER: "(objectClass=person)" + LDAP_UID: "uid" + LDAP_SCOPE: "2" + LDAP_TIMEOUT: "5" + LDAP_VERIFY_CERT: "True" + DATABASE_TYPE: "postgresql" + PROJECT_CREATION_RESTRICTION: "everyone" + VERIFY_REMOTE_CERT: "off" + MAX_JOB_WORKERS: "3" + TOKEN_EXPIRATION: "30" + CFG_EXPIRATION: "5" + GODEBUG: "netdns=cgo" + ADMIRAL_URL: "NA" + RESET: "false" + WITH_CLAIR: "true" + CLAIR_DB_HOST: "harbor-database" + CLAIR_DB_PORT: "5432" + CLAIR_DB_USERNAME: "postgres" + CLAIR_DB: "postgres" + CLAIR_URL: "http://harbor-clair:6060" + UAA_ENDPOINT: "" + UAA_CLIENTID: "" + UAA_CLIENTSECRET: "" + UAA_VERIFY_CERT: "True" + REGISTRY_STORAGE_PROVIDER_NAME: "filesystem" + WITH_CHARTMUSEUM: "true" + CHART_REPOSITORY_URL: "http://harbor-chartmuseum" +--- +# Source: harbor/templates/chartmuseum/chartmuseum-cm.yaml + +apiVersion: v1 +kind: ConfigMap +metadata: + name: "harbor-chartmuseum" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +data: + PORT: "9999" + CACHE: "redis" + CACHE_REDIS_ADDR: "harbor-redis:6379" + CACHE_REDIS_DB: "0" + BASIC_AUTH_USER: "chart_controller" + DEPTH: "1" + STORAGE: "local" + STORAGE_LOCAL_ROOTDIR: "/chart_storage" + DEBUG: "false" + LOG_JSON: "true" + DISABLE_METRICS: "false" + DISABLE_API: "false" + DISABLE_STATEFILES: "false" + ALLOW_OVERWRITE: "true" + CHART_URL: "" + AUTH_ANONYMOUS_GET: "false" + TLS_CERT: "" + TLS_KEY: "" + CONTEXT_PATH: "" + INDEX_LIMIT: "0" + MAX_STORAGE_OBJECTS: "0" + MAX_UPLOAD_SIZE: "20971520" + CHART_POST_FORM_FIELD_NAME: "chart" + PROV_POST_FORM_FIELD_NAME: "prov" +--- +# Source: harbor/templates/clair/clair-cm.yaml + +apiVersion: v1 +kind: ConfigMap +metadata: + name: harbor-clair + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-clair +data: + config.yaml: | + clair: + database: + type: pgsql + options: + source: "postgres://postgres:spaceIN511@harbor-database:5432/postgres?sslmode=disable" + # Number of elements kept in the cache + # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database. + cachesize: 16384 + + api: + # API server port + port: 6060 + healthport: 6061 + + # Deadline before an API request will respond with a 503 + timeout: 300s + updater: + interval: 12h + + notifier: + attempts: 3 + renotifyinterval: 2h + http: + endpoint: "http://harbor-ui/service/notifications/clair" + + +--- +# Source: harbor/templates/jobservice/jobservice-cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: "harbor-jobservice" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +data: + config.yml: |+ + protocol: "http" + port: 8080 + worker_pool: + workers: 50 + backend: "redis" + redis_pool: + redis_url: "harbor-redis:6379/0" + namespace: "harbor_job_service_namespace" + logger: + path: "/var/log/jobs" + level: "INFO" + archive_period: 14 #days + admin_server: "http://harbor-adminserver" + +--- +# Source: harbor/templates/notary/notary-cm.yaml + +apiVersion: v1 +kind: ConfigMap +metadata: + name: harbor-notary + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-notary +data: + + + notary-signer-ca.crt: | + -----BEGIN CERTIFICATE----- + MIIDAzCCAeugAwIBAgIRAJezuy9IauATwFDRanYM33owDQYJKoZIhvcNAQELBQAw + GzEZMBcGA1UEAxMQaGFyYm9yLW5vdGFyeS1jYTAeFw0xODEwMTgxMTAwMDVaFw0y + ODEwMTUxMTAwMDVaMBsxGTAXBgNVBAMTEGhhcmJvci1ub3RhcnktY2EwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLUeEUgREsFZ+r5x0OiWieMWrvjQJy + +SwJQ9e4OFa6dHaHVC70Mf9mlcYE0Kgj9MXTCDTI48JCq2fFzHApCM1Sr7s0Xm7g + IaYdx0BGU2ybzW72WXhVp4/r2JPZzt19zEhBjqtrZZDYLx+p7seJHd4YPruv4R2w + k0/SMY7kJuTRqwzQtQ8x9Qa8Dxc2ZGjR19t+yvJzI4/Nk7iBKZ5ulspqF+02avnw + ZVtg8xFgWct4IrOyxWO3sv0tAXppdEqU4SFxwPwuZJWKFg6CNADDZzDn1ajIdSYu + rzteVCH7qhSZO1xM+VJyU3WJphvQh4pZ5Q7comIGBu2yBdVTU3jpqudRAgMBAAGj + QjBAMA4GA1UdDwEB/wQEAwICpDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH + AwIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAcCG0K7/Zulet + 4qnHq1X6VfGhchSBsxyLzNPEY1Y6OM1WyiThGlV1zJTCOKU4jS49/24eT/6re20m + XwdAVtoGXisK6RsR6iR6Y+THHMFSqNdwdnyuYlwmeYK+QbWEOOb0FzVNe8PzJB2w + Tg7b+HpxrNSTvf0U4I6BxQbe2Qjdyj4JIYcCCPqiR3yeY1BZkS3WG+vTnqPwgd0a + Hld2+GkB+bFEsl9rn4x3shP5QtS0ZtvXFiJh56Bp0608ibhoQVCCGf1K/MxE0gCE + 4mQeaZPLamHVEuR0rSZ7gaklT78LSHDtkWR91Ai8ulHH7QwX7MgiEd1SMiJY7zg2 + Qnka6VHgYA== + -----END CERTIFICATE----- + + notary-signer.crt: | + -----BEGIN CERTIFICATE----- + MIIDBDCCAeygAwIBAgIRAOAVbcc/AWPNSiDvJ4vV4DEwDQYJKoZIhvcNAQELBQAw + GzEZMBcGA1UEAxMQaGFyYm9yLW5vdGFyeS1jYTAeFw0xODEwMTgxMTAwMDZaFw0y + ODEwMTUxMTAwMDZaMB8xHTAbBgNVBAMTFGhhcmJvci1ub3Rhcnktc2lnbmVyMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyacGm7wIAAf70W6F3BqHVc9 + nKtgn3jXu8muBNJYDBmotNMKN64Qi6ZCJLryWWkMlYBJkD3col9dpZl5nzS16x7u + 1PsW6xChAZEaYOpHHDnPxgpHCjnauDh6zlT5LWaM7f2p+HVb0/eCCYbSlH8jQ2uD + y8zUnE2Ff0uEUsYT6PTFsFWF9k8A6EwvIA7TfeGQks9RyZmtYGTX1rRnjimxnbf6 + ghCzqJCsNJMNK1jcKSQ2isPnWPi3aCpRXURc6uipGdbBhFpCBdL9f2oQm8m6I6O8 + 7DRwR6UsH+Dr1b1KOmGnZ4sh4+ek0joPvDwd8b4oymlynCINwMjC+ONUXHAScQID + AQABoz8wPTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG + AQUFBwMCMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAHCgamM9Ou3L + zIY3ZIAOgB4PL+9MA4qi8tmJmVUN2i2ZEQsoz3Jby5kb31lZsXX4IZzTo8LUSPrQ + XikiHqwfSIgasmnQMd3ZtIzvW2rH7jsExHnLE0yYpQaFUFoqHpsiPlgHsQFqVy91 + ffGWgEWRBzf5zUVocGhr7IGT9E2a0ckD80/nijLyvRVXNAcvOd3qlu2S8J/HKkeW + YS2LMfidjKIkDt/8HyVQwV6Ebt8o2558Rv7qS6WxwqYS5Xaau8YLzH+UCAfdpS+S + tlhRQMtfViUboW4UY6s/oUFvB+f1Fk1HUU+zBg/anWWQAwO6+X3zY2wuDIfrgBwf + 0+eB5olU6UI= + -----END CERTIFICATE----- + + notary-signer.key: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAqyacGm7wIAAf70W6F3BqHVc9nKtgn3jXu8muBNJYDBmotNMK + N64Qi6ZCJLryWWkMlYBJkD3col9dpZl5nzS16x7u1PsW6xChAZEaYOpHHDnPxgpH + CjnauDh6zlT5LWaM7f2p+HVb0/eCCYbSlH8jQ2uDy8zUnE2Ff0uEUsYT6PTFsFWF + 9k8A6EwvIA7TfeGQks9RyZmtYGTX1rRnjimxnbf6ghCzqJCsNJMNK1jcKSQ2isPn + WPi3aCpRXURc6uipGdbBhFpCBdL9f2oQm8m6I6O87DRwR6UsH+Dr1b1KOmGnZ4sh + 4+ek0joPvDwd8b4oymlynCINwMjC+ONUXHAScQIDAQABAoIBAQCcF8OJTCKOXO7D + L6mwFOOCzP0xNRATgYfoCeE/HoQUzRYTjOIltAf9BW4Px7yeFPPYKb9t4S2nnShw + js/ghpdfz79s2W+mhW0CW89eEm02bfd0HA18YxV6rHA8XD1BzeS8bXwmUQqmAHdF + rwPBUU7c/2Kdbbt+rikR1tLhFywzagRF+LzTaQZ4R2II9JqbuHTeQhGNFapApPUR + WC9WytBJKQNJ9Ep+o8YZkuuANAeGYRKxAJC8lGsN8/582lh3sekSvGjHjSqGh+dq + adpr+7/V3NcBoss1CXwVKiouHeotlovOSjQdbcveAD5awXSkzrjoMRuqaTp9iZw0 + 37p6BhU9AoGBAM6ThTHXLZLqNuBt2drUI7gfCp3e+/uKYaObj+xZr5lvxFb3zyd5 + GLg2anRe3ciGQq3cP+3Fjji0wKTH+PACy7X4Q3iNm1q6E/6x5O0py5d2Y49Wrgzq + g29Kdxe3H3nKGBJnLaqkpUAaS080cZFNFDBIb2ehQwme+SppISe1Hay7AoGBANQZ + Vf9/R9ToYb/RT8w3glFTCbCrVnvdSdhSD1Djj8QjaPHBsEhyEXqUqvnLro4vMtIo + DsrzSUto/9+OVMc0jgA4t/rLdAgkw7g/U8BxskrpvbfQ+Vp8X5engLGyIJhCrcXb + xEce1lpn5la1xBFGMAsKapV+o3YVKJFtotEl6IDDAoGAGqAa98yTPC9h+VVPUgwr + umyN0sFN2yL/6LWBPGZm4rDsLoVsNts922hwGiWsEk9zwrLzrnLbHOX3OoXnyQ+j + MAYatCwUTQJU12wYZJURf6krternLhT/8dU4Ol9I+EqbBaw0z5y/C98Xu9K3nJHB + u2NqsIGxgUjzNossUdDfTUcCgYEAvm6JEj9bZUPIEAuElBz6ur3No3wSyF+lH759 + 1eibekU4wmdfOYyBOQgmguVnsm2aOaqRrZLGKhj6M+R9JeZ/4J8MQPdPFMi9mb3y + GoV6yVwYZOQSHjYxNd7E48bFETA9CbsJ/bkoSD+lRhEpG0FjfWY60ELFzQ2uQPSp + DRP2LzUCgYAU/qXXqxP8TsYo7qDXBQywILxQXOT0H6IsuTNx8h9xX3/C1WBpRBmW + pGMx9QLr2l3wxyPprmJmOKis11zQF3U8pCTKnhy1J9KTSaQXddhye3oweb/MWdGs + bbv5Ecd4bMS/chn2H0BOzHQsJNJ9fpnBPxhotI/uJ7P/ZpiFrJIkug== + -----END RSA PRIVATE KEY----- + + server-config.postgres.json: | + { + "server": { + "http_addr": ":4443" + }, + "trust_service": { + "type": "remote", + "hostname": "harbor-notary-signer", + "port": "7899", + "tls_ca_file": "./notary-signer-ca.crt", + "key_algorithm": "ecdsa" + }, + "logging": { + "level": "debug" + }, + "storage": { + "backend": "postgres", + "db_url": "postgres://postgres:spaceIN511@harbor-database:5432/notaryserver?sslmode=disable" + }, + "auth": { + "type": "token", + "options": { + "realm": "https://harbor.wodcloud.com/service/token", + "service": "harbor-notary", + "issuer": "harbor-token-issuer", + "rootcertbundle": "/root.crt" + } + } + } + signer-config.postgres.json: | + { + "server": { + "grpc_addr": ":7899", + "tls_cert_file": "./notary-signer.crt", + "tls_key_file": "./notary-signer.key" + }, + "logging": { + "level": "debug" + }, + "storage": { + "backend": "postgres", + "db_url": "postgres://postgres:spaceIN511@harbor-database:5432/notarysigner?sslmode=disable", + "default_alias": "defaultalias" + } + } + + +--- +# Source: harbor/templates/registry/registry-cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: "harbor-registry" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +data: + config.yml: |+ + version: 0.1 + log: + level: info + fields: + service: registry + storage: + filesystem: + rootdirectory: /var/lib/registry + cache: + layerinfo: redis + maintenance: + uploadpurging: + enabled: false + delete: + enabled: true + redis: + addr: "harbor-redis:6379" + password: + db: 0 + http: + addr: :5000 + # set via environment variable + # secret: placeholder + debug: + addr: localhost:5001 + auth: + token: + issuer: harbor-token-issuer + realm: "https://harbor.wodcloud.com/service/token" + rootcertbundle: /etc/registry/root.crt + service: harbor-registry + notifications: + endpoints: + - name: harbor + disabled: false + url: http://harbor-ui/service/notifications + timeout: 3000ms + threshold: 5 + backoff: 1s + +--- +# Source: harbor/templates/ui/ui-cm.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: "harbor-ui" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +data: + app.conf: |+ + appname = Harbor + runmode = prod + enablegzip = true + + [prod] + httpport = 8080 + +--- +# Source: harbor/templates/adminserver/adminserver-svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: "harbor-adminserver" +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + release: harbor + app: harbor-adminserver +--- +# Source: harbor/templates/chartmuseum/chartmuseum-svc.yaml + +apiVersion: v1 +kind: Service +metadata: + name: "harbor-chartmuseum" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +spec: + ports: + - port: 80 + targetPort: 9999 + selector: + release: harbor + app: harbor-chartmuseum +--- +# Source: harbor/templates/clair/clair-svc.yaml + +# clair host isn't configurable yet. this creates a service +# to get it working for now. +# see https://github.com/vmware/harbor/issues/3250 +apiVersion: v1 +kind: Service +metadata: + name: "harbor-clair" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +spec: + ports: + - port: 6060 + selector: + release: harbor + app: harbor-clair + + +--- +# Source: harbor/templates/database/database-svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: "harbor-database" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +spec: + ports: + - port: 5432 + selector: + release: harbor + app: harbor-database +--- +# Source: harbor/templates/jobservice/jobservice-svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: "harbor-jobservice" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + release: harbor + app: harbor-jobservice + +--- +# Source: harbor/templates/notary/notary-svc.yaml + +apiVersion: v1 +kind: Service +metadata: + name: harbor-notary-server + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +spec: + ports: + - port: 4443 + selector: + release: harbor + app: harbor-notary-server + +--- +apiVersion: v1 +kind: Service +metadata: + name: harbor-notary-signer + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +spec: + ports: + - port: 7899 + selector: + release: harbor + app: harbor-notary-signer + +--- +# Source: harbor/templates/redis/redis.svc.yml +--- +apiVersion: v1 +kind: Service +metadata: + name: harbor-redis + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-redis +spec: + selector: + release: harbor + app: harbor-redis + ports: + - name: redis + port: 6379 +--- +# Source: harbor/templates/registry/registry-svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: "harbor-registry" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +spec: + ports: + - port: 5000 + selector: + release: harbor + app: harbor-registry +--- +# Source: harbor/templates/ui/ui-svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: "harbor-ui" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + release: harbor + app: harbor-ui + +--- +# Source: harbor/templates/clair/clair-dpl.yaml + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: harbor-clair + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-clair + version: v2.0.6 +spec: + replicas: 1 + template: + metadata: + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-clair + version: v2.0.6 + spec: + containers: + - name: clair + image: registry-vpc.cn-qingdao.aliyuncs.com/wod/clair:v2.0.6 + imagePullPolicy: IfNotPresent + args: ["-insecure-tls", "-config", "/etc/clair/config.yaml"] + resources: + null + + ports: + - containerPort: 6060 + volumeMounts: + - name: clair-config + mountPath: /etc/clair/config.yaml + subPath: config.yaml + volumes: + - name: clair-config + configMap: + name: "harbor-clair" + items: + - key: config.yaml + path: config.yaml + + +--- +# Source: harbor/templates/jobservice/jobservice-dpl.yaml +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: "harbor-jobservice" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-jobservice +spec: + replicas: 1 + selector: + matchLabels: + release: harbor + app: harbor-jobservice + template: + metadata: + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-jobservice + spec: + containers: + - name: jobservice + image: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v1.6.0 + imagePullPolicy: IfNotPresent + resources: + null + + envFrom: + - secretRef: + name: "harbor-jobservice" + env: + - name: LOG_LEVEL + value: debug + - name: GODEBUG + value: netdns=cgo + ports: + - containerPort: 8080 + volumeMounts: + - name: jobservice-config + mountPath: /etc/jobservice/config.yml + subPath: config.yml + - name: job-logs + mountPath: /var/log/jobs + volumes: + - name: jobservice-config + configMap: + name: "harbor-jobservice" + - name: job-logs + emptyDir: {} + +--- +# Source: harbor/templates/notary/notary-server.yaml + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: harbor-notary-server + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-notary-server + version: dev +spec: + replicas: 1 + template: + metadata: + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-notary-server + version: dev + spec: + containers: + - name: notary-server + image: registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server-photon:dev + imagePullPolicy: IfNotPresent + resources: + null + + env: + - name: MIGRATIONS_PATH + value: migrations/server/postgresql + - name: DB_URL + value: postgres://postgres:spaceIN511@harbor-database:5432/notaryserver?sslmode=disable + volumeMounts: + - name: notary-config + mountPath: /etc/notary + - name: root-certificate + mountPath: /root.crt + subPath: tokenServiceRootCertBundle + volumes: + - name: notary-config + configMap: + name: "harbor-notary" + - name: root-certificate + secret: + secretName: "harbor-ui" + + +--- +# Source: harbor/templates/notary/notary-signer.yaml + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: harbor-notary-signer + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-notary-signer + version: dev +spec: + replicas: 1 + template: + metadata: + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-notary-signer + version: dev + spec: + containers: + - name: notary-signer + image: registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-signer-photon:dev + imagePullPolicy: IfNotPresent + resources: + null + + env: + - name: MIGRATIONS_PATH + value: migrations/signer/postgresql + - name: DB_URL + value: postgres://postgres:spaceIN511@harbor-database:5432/notarysigner?sslmode=disable + - name: NOTARY_SIGNER_DEFAULTALIAS + value: defaultalias + volumeMounts: + - name: notary-config + mountPath: /etc/notary + volumes: + - name: notary-config + configMap: + name: "harbor-notary" + + +--- +# Source: harbor/templates/redis/redis.dp.yml +--- +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: harbor-redis + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-redis + version: 4.0.1-alpine +spec: + replicas: 1 + template: + metadata: + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-redis + version: 4.0.1-alpine + spec: + containers: + - name: redis + image: registry-vpc.cn-qingdao.aliyuncs.com/wod/redis:4.0.1-alpine + imagePullPolicy: IfNotPresent + args: ["--save","''","--appendonly","no"] + ports: + - name: redis + containerPort: 6379 +--- +# Source: harbor/templates/ui/ui-dpl.yaml +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: "harbor-ui" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-ui + version: v1.6.0 +spec: + replicas: 1 + template: + metadata: + labels: + release: harbor + app: harbor-ui + version: v1.6.0 + spec: + containers: + - name: ui + image: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui:v1.6.0 + imagePullPolicy: IfNotPresent + env: + - name: UI_SECRET + valueFrom: + secretKeyRef: + name: "harbor-ui" + key: secret + - name: JOBSERVICE_SECRET + valueFrom: + secretKeyRef: + name: "harbor-ui" + key: jobserviceSecret + - name: _REDIS_URL + value: harbor-redis:6379,100, + - name: GODEBUG + value: netdns=cgo + - name: LOG_LEVEL + value: debug + - name: CONFIG_PATH + value: /etc/ui/app.conf + - name: ENABLE_HARBOR_SCAN_ON_PUSH + value: "1" + - name: ADMINSERVER_URL + value: "http://harbor-adminserver" + - name: CHART_CACHE_DRIVER + value: "redis" + ports: + - containerPort: 8080 + volumeMounts: + - name: ui-config + mountPath: /etc/ui/app.conf + subPath: app.conf + - name: ui-secrets-key + mountPath: /etc/ui/key + subPath: key + - name: ui-secrets-private-key + mountPath: /etc/ui/private_key.pem + subPath: tokenServicePrivateKey + - name: psc + mountPath: /etc/ui/token + volumes: + - name: ui-config + configMap: + name: "harbor-ui" + - name: ui-secrets-key + secret: + secretName: "harbor-ui" + items: + - key: secretKey + path: key + - name: ui-secrets-private-key + secret: + secretName: "harbor-ui" + - name: psc + emptyDir: {} + +--- +# Source: harbor/templates/adminserver/adminserver-ss.yaml +apiVersion: apps/v1beta2 +kind: StatefulSet +metadata: + name: "harbor-adminserver" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-adminserver + version: v1.6.0 +spec: + replicas: 1 + serviceName: "harbor-adminserver" + selector: + matchLabels: + release: harbor + app: harbor-adminserver + template: + metadata: + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-adminserver + version: v1.6.0 + spec: + containers: + - name: adminserver + image: "registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver:v1.6.0" + imagePullPolicy: "IfNotPresent" + resources: + null + + envFrom: + - configMapRef: + name: "harbor-adminserver" + - secretRef: + name: "harbor-adminserver" + env: + - name: PORT + value: "8080" + - name: JSON_CFG_STORE_PATH + value: /etc/adminserver/config/config.json + - name: KEY_PATH + value: /etc/adminserver/key + ports: + - containerPort: 8080 + volumeMounts: + - name: data + mountPath: /etc/adminserver/config + - name: adminserver-key + mountPath: /etc/adminserver/key + subPath: key + volumes: + - name: adminserver-key + secret: + secretName: "harbor-adminserver" + items: + - key: secretKey + path: key + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: "storageos" + resources: + requests: + storage: "1Gi" +--- +# Source: harbor/templates/chartmuseum/chartmuseum-ss.yaml + +apiVersion: apps/v1beta2 +kind: StatefulSet +metadata: + name: "harbor-chartmuseum" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-chartmuseum + version: v0.7.1 +spec: + replicas: 1 + serviceName: "harbor-chartmuseum" + selector: + matchLabels: + release: harbor + app: harbor-chartmuseum + template: + metadata: + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-chartmuseum + version: v0.7.1 + spec: + containers: + - name: chartmuseum + image: registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum:v0.7.1 + imagePullPolicy: IfNotPresent + resources: + null + + envFrom: + - configMapRef: + name: "harbor-chartmuseum" + - secretRef: + name: "harbor-chartmuseum" + ports: + - containerPort: 9999 + # TODO: update it after moving the storage out of registry scope + volumeMounts: + - name: data + mountPath: /chart_storage + volumeClaimTemplates: + - metadata: + name: data + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: "storageos" + resources: + requests: + storage: "5Gi" +--- +# Source: harbor/templates/database/database-ss.yaml +apiVersion: apps/v1beta2 +kind: StatefulSet +metadata: + name: "harbor-database" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-database + version: 1.29 +spec: + replicas: 1 + serviceName: "harbor-database" + selector: + matchLabels: + release: harbor + app: harbor-database + template: + metadata: + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-database + version: 1.29 + spec: + initContainers: + - name: "remove-lost-found" + image: "registry-vpc.cn-qingdao.aliyuncs.com/wod/busybox:1.29" + command: ["rm", "-Rf", "/var/lib/postgresql/data/lost+found"] + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data + containers: + - name: database + image: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db:v1.6.0 + imagePullPolicy: IfNotPresent + resources: + null + + envFrom: + - secretRef: + name: "harbor-database" + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data + volumeClaimTemplates: + - metadata: + name: "data" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: "storageos" + resources: + requests: + storage: "1Gi" +--- +# Source: harbor/templates/registry/registry-ss.yaml +apiVersion: apps/v1beta2 +kind: StatefulSet +metadata: + name: "harbor-registry" + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-registry + version: 2.6.2 +spec: + replicas: 1 + serviceName: "harbor-registry" + selector: + matchLabels: + release: harbor + app: harbor-registry + template: + metadata: + labels: + heritage: Tiller + release: harbor + chart: harbor-0.2.0 + app: harbor-registry + version: 2.6.2 + spec: + containers: + - name: registry + image: registry-vpc.cn-qingdao.aliyuncs.com/wod/registry:2.6.2 + imagePullPolicy: IfNotPresent + resources: + null + + args: ["serve", "/etc/registry/config.yml"] + env: + - name: REGISTRY_HTTP_SECRET + valueFrom: + secretKeyRef: + name: "harbor-registry" + key: httpSecret + ports: + - containerPort: 5000 + - containerPort: 5001 + volumeMounts: + - name: registry-data + mountPath: /var/lib/registry + - name: registry-root-certificate + mountPath: /etc/registry/root.crt + subPath: tokenServiceRootCertBundle + - name: registry-config + mountPath: /etc/registry/config.yml + subPath: config.yml + volumes: + - name: registry-root-certificate + secret: + secretName: "harbor-ui" + - name: registry-config + configMap: + name: "harbor-registry" + - name: registry-data + hostPath: + path: /etc/kubernetes/data/registry + nodeSelector: + harbor-registry: enabled + kubernetes.io/hostname: 172.31.14.41 + + +--- +# Source: harbor/templates/istio/notary.gateway.yaml + +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: harbor-notary +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "notary-harbor.wodcloud.com" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: harbor-notary +spec: + hosts: + - "notary-harbor.wodcloud.com" + gateways: + - harbor-notary + http: + - route: + - destination: + host: harbor-notary-server + port: + number: 4443 + + +--- +# Source: harbor/templates/istio/ui.gateway.yaml + +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: harbor-ui +spec: + selector: + istio: ingressgateway # use istio default controller + servers: + - port: + number: 80 + name: http + protocol: HTTP + hosts: + - "harbor.wodcloud.com" +--- +apiVersion: networking.istio.io/v1alpha3 +kind: VirtualService +metadata: + name: harbor-ui +spec: + hosts: + - "harbor.wodcloud.com" + gateways: + - harbor-ui + http: + - route: + - destination: + host: harbor-ui + port: + number: 80 + + +--- +# Source: harbor/templates/ingress/ingress.yaml + +--- +# Source: harbor/templates/ingress/secret.yaml + + + diff --git a/readme.md b/readme.md index b92d6ef..65ed6e8 100644 --- a/readme.md +++ b/readme.md @@ -178,4 +178,16 @@ helm install \ # uninstall helm delete harbor --purge + +# update +helm upgrade harbor /etc/kubernetes/helm/harbor \ +-f /etc/kubernetes/helm/harbor/values-overrides.yaml + +# template +helm template \ +/etc/kubernetes/helm/harbor \ +--name=harbor \ +--namespace=devops \ +-f /etc/kubernetes/helm/harbor/values-overrides.yaml \ +> /etc/kubernetes/helm/harbor/dist.yaml ``` \ No newline at end of file diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 88c4e43..08e34e4 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -26,7 +26,6 @@ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} {{/* matchLabels */}} {{- define "harbor.matchLabels" -}} release: {{ .Release.Name }} -app: "{{ template "harbor.name" . }}" {{- end -}} {{- define "harbor.externalURL" -}} diff --git a/templates/database/database-ss.yaml b/templates/database/database-ss.yaml index 15e8903..b718557 100644 --- a/templates/database/database-ss.yaml +++ b/templates/database/database-ss.yaml @@ -6,7 +6,7 @@ metadata: labels: {{ include "harbor.labels" . | indent 4 }} app: harbor-database - version: {{ .Values.busybox.image.tag }} + version: {{ .Values.database.internal.image.tag }} spec: replicas: 1 serviceName: "{{ template "harbor.fullname" . }}-database" @@ -19,7 +19,7 @@ spec: labels: {{ include "harbor.labels" . | indent 8 }} app: harbor-database - version: {{ .Values.busybox.image.tag }} + version: {{ .Values.database.internal.image.tag }} spec: initContainers: - name: "remove-lost-found" diff --git a/templates/istio/notary.gateway.yaml b/templates/istio/notary.gateway.yaml index 0086fbb..73bae82 100644 --- a/templates/istio/notary.gateway.yaml +++ b/templates/istio/notary.gateway.yaml @@ -2,7 +2,7 @@ apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: - name: "{{ template "harbor.fullname" . }}"-notary + name: {{ template "harbor.fullname" . }}-notary spec: selector: istio: ingressgateway # use istio default controller @@ -17,12 +17,12 @@ spec: apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: - name: "{{ template "harbor.fullname" . }}"-notary + name: {{ template "harbor.fullname" . }}-notary spec: hosts: - "{{ template "harbor.notaryFQDN" . }}" gateways: - - "{{ template "harbor.fullname" . }}"-notary + - {{ template "harbor.fullname" . }}-notary http: - route: - destination: diff --git a/templates/istio/ui.gateway.yaml b/templates/istio/ui.gateway.yaml index 620d97b..31be8f5 100644 --- a/templates/istio/ui.gateway.yaml +++ b/templates/istio/ui.gateway.yaml @@ -2,7 +2,7 @@ apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: - name: "{{ template "harbor.fullname" . }}"-ui + name: {{ template "harbor.fullname" . }}-ui spec: selector: istio: ingressgateway # use istio default controller @@ -17,12 +17,12 @@ spec: apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: - name: "{{ template "harbor.fullname" . }}"-ui + name: {{ template "harbor.fullname" . }}-ui spec: hosts: - "{{ .Values.externalDomain }}" gateways: - - "{{ template "harbor.fullname" . }}"-ui + - {{ template "harbor.fullname" . }}-ui http: - route: - destination: -- 2.26.0