add harbor
This commit is contained in:
@@ -360,6 +360,12 @@ homepage:
|
||||
href: https://traefik-ps10rp.lebens-home.net/dashboard/#/
|
||||
siteMonitor: https://traefik-ps10rp.lebens-home.net/dashboard/#/
|
||||
statusStyle: dot
|
||||
- Image Cache:
|
||||
icon: sh-harbor.svg
|
||||
description: Harbor
|
||||
href: https://harbor-cl01tl.boreal-beaufort.ts.net
|
||||
siteMonitor: http://harbor.harbor:80
|
||||
statusStyle: dot
|
||||
- Hardware:
|
||||
- Network Management (alexlebens.net):
|
||||
icon: sh-ubiquiti-unifi.svg
|
||||
|
25
clusters/cl01tl/services/harbor/Chart.yaml
Normal file
25
clusters/cl01tl/services/harbor/Chart.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
apiVersion: v2
|
||||
name: harbor
|
||||
version: 1.0.0
|
||||
description: Harbor
|
||||
keywords:
|
||||
- harbor
|
||||
- images
|
||||
- cache
|
||||
- kubernetes
|
||||
home: https://wiki.alexlebens.dev/doc/harbor-
|
||||
sources:
|
||||
- https://github.com/goharborv
|
||||
- https://github.com/goharbor/harbor-helm
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: harbor
|
||||
version: v2.12.1
|
||||
repository: https://helm.goharbor.io
|
||||
- name: postgres-cluster
|
||||
alias: postgres-17-cluster
|
||||
version: 4.1.3
|
||||
repository: http://alexlebens.github.io/helm-charts
|
||||
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
|
||||
appVersion: v2.12.1
|
@@ -0,0 +1,97 @@
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: harbor-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: harbor-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: web
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: HARBOR_ADMIN_PASSWORD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/config
|
||||
metadataPolicy: None
|
||||
property: admin-password
|
||||
- secretKey: secretKey
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/config
|
||||
metadataPolicy: None
|
||||
property: secretKey
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/config
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
- secretKey: JOBSERVICE_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/config
|
||||
metadataPolicy: None
|
||||
property: jobservice-secret
|
||||
- secretKey: REGISTRY_HTTP_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/config
|
||||
metadataPolicy: None
|
||||
property: registry-http-secret
|
||||
- secretKey: REGISTRY_PASSWD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/config
|
||||
metadataPolicy: None
|
||||
property: registry-password
|
||||
- secretKey: REGISTRY_HTPASSWD
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/harbor/config
|
||||
metadataPolicy: None
|
||||
property: registry-ht-password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: harbor-postgresql-17-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: database
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: access
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: secret
|
27
clusters/cl01tl/services/harbor/templates/ingress.yaml
Normal file
27
clusters/cl01tl/services/harbor/templates/ingress.yaml
Normal file
@@ -0,0 +1,27 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: harbor-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: harbor-tailscale
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion }}
|
||||
app.kubernetes.io/component: web
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
ingressClassName: tailscale
|
||||
tls:
|
||||
- hosts:
|
||||
- harbor-cl01tl
|
||||
rules:
|
||||
- host: harbor-cl01tl
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: harbor-core
|
||||
port:
|
||||
number: 80
|
136
clusters/cl01tl/services/harbor/values.yaml
Normal file
136
clusters/cl01tl/services/harbor/values.yaml
Normal file
@@ -0,0 +1,136 @@
|
||||
harbor:
|
||||
expose:
|
||||
type: ingress
|
||||
ingress:
|
||||
hosts:
|
||||
core: harbor.alexlebens.net
|
||||
className: traefik
|
||||
labels:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
cert-manager.io/cluster-issuer: letsencrypt-issuer
|
||||
externalURL: https://harbor-cl01tl.boreal-beaufort.ts.net
|
||||
persistence:
|
||||
enabled: true
|
||||
resourcePolicy: "keep"
|
||||
persistentVolumeClaim:
|
||||
registry:
|
||||
storageClass: ceph-block-delete
|
||||
accessMode: ReadWriteOnce
|
||||
size: 20Gi
|
||||
jobservice:
|
||||
jobLog:
|
||||
storageClass: ceph-block-delete
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
redis:
|
||||
storageClass: ceph-block-delete
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
trivy:
|
||||
storageClass: ceph-block-delete
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
imageChartStorage:
|
||||
type: filesystem
|
||||
filesystem:
|
||||
rootdirectory: /storage
|
||||
existingSecretAdminPassword: harbor-secret
|
||||
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
|
||||
ipFamily:
|
||||
ipv6:
|
||||
enabled: false
|
||||
ipv4:
|
||||
enabled: true
|
||||
updateStrategy:
|
||||
type: Recreate
|
||||
existingSecretSecretKey: harbor-secret
|
||||
metrics:
|
||||
enabled: true
|
||||
core:
|
||||
path: /metrics
|
||||
port: 8001
|
||||
registry:
|
||||
path: /metrics
|
||||
port: 8001
|
||||
jobservice:
|
||||
path: /metrics
|
||||
port: 8001
|
||||
exporter:
|
||||
path: /metrics
|
||||
port: 8001
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
trace:
|
||||
enabled: false
|
||||
cache:
|
||||
enabled: false
|
||||
portal:
|
||||
image:
|
||||
repository: ghcr.io/goharbor/harbor-portal
|
||||
tag: v2.12.1
|
||||
core:
|
||||
image:
|
||||
repository: ghcr.io/goharbor/harbor-core
|
||||
tag: v2.12.1
|
||||
existingSecret: harbor-secret
|
||||
jobservice:
|
||||
image:
|
||||
repository: ghcr.io/goharbor/harbor-jobservice
|
||||
tag: v2.12.1
|
||||
existingSecret: harbor-secret
|
||||
existingSecretKey: JOBSERVICE_SECRET
|
||||
registry:
|
||||
registry:
|
||||
image:
|
||||
repository: ghcr.io/goharbor/registry-photon
|
||||
tag: v2.12.1
|
||||
controller:
|
||||
image:
|
||||
repository: ghcr.io/goharbor/harbor-registryctl
|
||||
tag: v2.12.1
|
||||
existingSecret: harbor-secret
|
||||
existingSecretKey: REGISTRY_HTTP_SECRET
|
||||
relativeurls: false
|
||||
credentials:
|
||||
existingSecret: harbor-secret
|
||||
upload_purging:
|
||||
enabled: true
|
||||
age: 168h
|
||||
interval: 24h
|
||||
dryrun: false
|
||||
trivy:
|
||||
enabled: false
|
||||
database:
|
||||
type: external
|
||||
external:
|
||||
host: harbor-postgresql-17-cluster-rw
|
||||
port: "5432"
|
||||
username: app
|
||||
coreDatabase: app
|
||||
existingSecret: harbor-postgresql-17-cluster-app
|
||||
redis:
|
||||
type: internal
|
||||
internal:
|
||||
image:
|
||||
repository: ghcr.io/goharbor/redis-photon
|
||||
tag: v2.12.1
|
||||
exporter:
|
||||
image:
|
||||
repository: ghcr.io/goharbor/harbor-exporter
|
||||
tag: v2.12.1
|
||||
postgres-17-cluster:
|
||||
mode: standalone
|
||||
cluster:
|
||||
walStorage:
|
||||
storageClass: local-path
|
||||
storage:
|
||||
storageClass: local-path
|
||||
monitoring:
|
||||
enabled: true
|
||||
backup:
|
||||
enabled: true
|
||||
endpointURL: https://nyc3.digitaloceanspaces.com
|
||||
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster
|
||||
endpointCredentials: harbor-postgresql-17-cluster-backup-secret
|
||||
backupIndex: 1
|
Reference in New Issue
Block a user