alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

add harbor

Browse Source
This commit is contained in:
Alex Lebens
2025-01-15 01:49:33 -06:00
parent b480d8d093
commit 3d5158faac
5 changed files with 291 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
clusters/cl01tl/applications/homepage/values.yaml
View File

@@ -360,6 +360,12 @@ homepage:
href: https://traefik-ps10rp.lebens-home.net/dashboard/#/
siteMonitor: https://traefik-ps10rp.lebens-home.net/dashboard/#/
statusStyle: dot
- Image Cache:
icon: sh-harbor.svg
description: Harbor
href: https://harbor-cl01tl.boreal-beaufort.ts.net
siteMonitor: http://harbor.harbor:80
statusStyle: dot
- Hardware:
- Network Management (alexlebens.net):
icon: sh-ubiquiti-unifi.svg

25
clusters/cl01tl/services/harbor/Chart.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v2
name: harbor
version: 1.0.0
description: Harbor
keywords:
- harbor
- images
- cache
- kubernetes
home: https://wiki.alexlebens.dev/doc/harbor-
sources:
- https://github.com/goharborv
- https://github.com/goharbor/harbor-helm
maintainers:
- name: alexlebens
dependencies:
- name: harbor
version: v2.12.1
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.1.3
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: v2.12.1

97
clusters/cl01tl/services/harbor/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,97 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: harbor-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: HARBOR_ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: admin-password
- secretKey: secretKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secretKey
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secret
- secretKey: JOBSERVICE_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: jobservice-secret
- secretKey: REGISTRY_HTTP_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-http-secret
- secretKey: REGISTRY_PASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-password
- secretKey: REGISTRY_HTPASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-ht-password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: harbor-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

27
clusters/cl01tl/services/harbor/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,27 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: harbor-tailscale
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-tailscale
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
ingressClassName: tailscale
tls:
- hosts:
- harbor-cl01tl
rules:
- host: harbor-cl01tl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: harbor-core
port:
number: 80

136
clusters/cl01tl/services/harbor/values.yaml Normal file
View File

@@ -0,0 +1,136 @@
harbor:
expose:
type: ingress
ingress:
hosts:
core: harbor.alexlebens.net
className: traefik
labels:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
externalURL: https://harbor-cl01tl.boreal-beaufort.ts.net
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: ceph-block-delete
accessMode: ReadWriteOnce
size: 20Gi
jobservice:
jobLog:
storageClass: ceph-block-delete
accessMode: ReadWriteOnce
size: 5Gi
redis:
storageClass: ceph-block-delete
accessMode: ReadWriteOnce
size: 5Gi
trivy:
storageClass: ceph-block-delete
accessMode: ReadWriteOnce
size: 5Gi
imageChartStorage:
type: filesystem
filesystem:
rootdirectory: /storage
existingSecretAdminPassword: harbor-secret
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
ipFamily:
ipv6:
enabled: false
ipv4:
enabled: true
updateStrategy:
type: Recreate
existingSecretSecretKey: harbor-secret
metrics:
enabled: true
core:
path: /metrics
port: 8001
registry:
path: /metrics
port: 8001
jobservice:
path: /metrics
port: 8001
exporter:
path: /metrics
port: 8001
serviceMonitor:
enabled: true
trace:
enabled: false
cache:
enabled: false
portal:
image:
repository: ghcr.io/goharbor/harbor-portal
tag: v2.12.1
core:
image:
repository: ghcr.io/goharbor/harbor-core
tag: v2.12.1
existingSecret: harbor-secret
jobservice:
image:
repository: ghcr.io/goharbor/harbor-jobservice
tag: v2.12.1
existingSecret: harbor-secret
existingSecretKey: JOBSERVICE_SECRET
registry:
registry:
image:
repository: ghcr.io/goharbor/registry-photon
tag: v2.12.1
controller:
image:
repository: ghcr.io/goharbor/harbor-registryctl
tag: v2.12.1
existingSecret: harbor-secret
existingSecretKey: REGISTRY_HTTP_SECRET
relativeurls: false
credentials:
existingSecret: harbor-secret
upload_purging:
enabled: true
age: 168h
interval: 24h
dryrun: false
trivy:
enabled: false
database:
type: external
external:
host: harbor-postgresql-17-cluster-rw
port: "5432"
username: app
coreDatabase: app
existingSecret: harbor-postgresql-17-cluster-app
redis:
type: internal
internal:
image:
repository: ghcr.io/goharbor/redis-photon
tag: v2.12.1
exporter:
image:
repository: ghcr.io/goharbor/harbor-exporter
tag: v2.12.1
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster
endpointCredentials: harbor-postgresql-17-cluster-backup-secret
backupIndex: 1