{{ if .Values.notary.enabled }} apiVersion: v1 kind: ConfigMap metadata: name: {{ template "harbor.notary-server" . }} labels: {{ include "harbor.labels" . | indent 4 }} component: notary data: {{ $ca := genCA "harbor-notary-ca" 365 }} {{ $cert := genSignedCert (include "harbor.notary-signer" .) nil nil 365 $ca }} {{- if not .Values.notary.secretName }} notary-signer-ca.crt: | {{ $ca.Cert | indent 4 }} notary-signer.crt: | {{ $cert.Cert | indent 4 }} notary-signer.key: | {{ $cert.Key | indent 4 }} {{- end }} server-config.postgres.json: | { "server": { "http_addr": ":4443" }, "trust_service": { "type": "remote", "hostname": "{{ template "harbor.notary-signer" . }}", "port": "7899", {{- if not .Values.notary.secretName }} "tls_ca_file": "./notary-signer-ca.crt", {{- else }} "tls_ca_file": "/etc/ssl/notary/cert/notary-signer-ca.crt", {{- end }} "key_algorithm": "ecdsa" }, "logging": { "level": "{{ .Values.logLevel }}" }, "storage": { "backend": "postgres", "db_url": "{{ template "harbor.database.notaryServer" . }}" }, "auth": { "type": "token", "options": { "realm": "{{ .Values.externalURL }}/service/token", "service": "harbor-notary", "issuer": "harbor-token-issuer", "rootcertbundle": "/root.crt" } } } signer-config.postgres.json: | { "server": { "grpc_addr": ":7899", {{- if not .Values.notary.secretName }} "tls_cert_file": "./notary-signer.crt", "tls_key_file": "./notary-signer.key" {{- else }} "tls_cert_file": "/etc/ssl/notary/cert/notary-signer.crt", "tls_key_file": "/etc/ssl/notary/cert/notary-signer.key" {{- end }} }, "logging": { "level": "{{ .Values.logLevel }}" }, "storage": { "backend": "postgres", "db_url": "{{ template "harbor.database.notarySigner" . }}", "default_alias": "defaultalias" } } {{ end }}