alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Packages Projects Releases Wiki Activity

add harbor

Browse Source
This commit is contained in:
Alex Lebens
2025-03-03 11:15:01 -06:00
parent 4efc3b1c02
commit 82474d8302
5 changed files with 366 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
clusters/cl01tl/services/harbor/Chart.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: v2
name: harbor
version: 1.0.0
description: Harbor
keywords:
- harbor
- images
- cache
- kubernetes
home: https://wiki.alexlebens.dev/doc/harbor-
sources:
- https://github.com/goharborv
- https://github.com/goharbor/harbor-helm
- https://github.com/valkey-io/valkey
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: harbor
version: 1.16.2
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: v2.12.1

97
clusters/cl01tl/services/harbor/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,97 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: harbor-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: HARBOR_ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: admin-password
- secretKey: secretKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secretKey
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secret
- secretKey: JOBSERVICE_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: jobservice-secret
- secretKey: REGISTRY_HTTP_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-http-secret
- secretKey: REGISTRY_PASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-password
- secretKey: REGISTRY_HTPASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-ht-password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: harbor-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

49
clusters/cl01tl/services/harbor/templates/http-route.yaml Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: http-route-harbor
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: http-route-harbor
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- harbor.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /api/
- path:
type: PathPrefix
value: /service/
- path:
type: PathPrefix
value: /v2/
- path:
type: PathPrefix
value: /c/
backendRefs:
- group: ''
kind: Service
name: harbor-core
port: 80
weight: 100
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: harbor-portal
port: 80
weight: 100

59
clusters/cl01tl/services/harbor/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,59 @@
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
# name: harbor-tailscale
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: harbor-tailscale
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/version: {{ .Chart.AppVersion }}
# app.kubernetes.io/component: web
# app.kubernetes.io/part-of: {{ .Release.Name }}
# labels:
# tailscale.com/proxy-class: no-metrics
# annotations:
# tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
# spec:
# ingressClassName: tailscale
# tls:
# - hosts:
# - harbor-cl01tl
# rules:
# - host: harbor-cl01tl
# http:
# paths:
# - backend:
# service:
# name: harbor-core
# port:
# number: 80
# path: /api/
# pathType: Prefix
# - backend:
# service:
# name: harbor-core
# port:
# number: 80
# path: /service/
# pathType: Prefix
# - backend:
# service:
# name: harbor-core
# port:
# number: 80
# path: /v2/
# pathType: Prefix
# - backend:
# service:
# name: harbor-core
# port:
# number: 80
# path: /c/
# pathType: Prefix
# - backend:
# service:
# name: harbor-portal
# port:
# number: 80
# path: /
# pathType: Prefix

132
clusters/cl01tl/services/harbor/values.yaml Normal file
View File

@@ -0,0 +1,132 @@
harbor:
expose:
type: clusterIP
externalURL: https://harbor.alexlebens.net
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
jobservice:
jobLog:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
redis:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
trivy:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
imageChartStorage:
type: filesystem
filesystem:
rootdirectory: /storage
existingSecretAdminPassword: harbor-secret
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
ipFamily:
ipv6:
enabled: false
ipv4:
enabled: true
updateStrategy:
type: Recreate
existingSecretSecretKey: harbor-secret
metrics:
enabled: true
core:
path: /metrics
port: 8001
registry:
path: /metrics
port: 8001
jobservice:
path: /metrics
port: 8001
exporter:
path: /metrics
port: 8001
serviceMonitor:
enabled: true
trace:
enabled: false
cache:
enabled: false
portal:
image:
repository: ghcr.io/goharbor/harbor-portal
tag: v2.12.2
core:
image:
repository: ghcr.io/goharbor/harbor-core
tag: v2.12.2
existingSecret: harbor-secret
jobservice:
image:
repository: ghcr.io/goharbor/harbor-jobservice
tag: v2.12.2
existingSecret: harbor-secret
existingSecretKey: JOBSERVICE_SECRET
registry:
registry:
image:
repository: ghcr.io/goharbor/registry-photon
tag: v2.12.2
controller:
image:
repository: ghcr.io/goharbor/harbor-registryctl
tag: v2.12.2
existingSecret: harbor-secret
existingSecretKey: REGISTRY_HTTP_SECRET
relativeurls: false
credentials:
existingSecret: harbor-secret
upload_purging:
enabled: true
age: 168h
interval: 24h
dryrun: false
trivy:
enabled: false
database:
type: external
external:
host: harbor-postgresql-17-cluster-rw
port: "5432"
username: app
coreDatabase: app
existingSecret: harbor-postgresql-17-cluster-app
redis:
type: internal
internal:
image:
repository: goharbor/redis-photon
tag: v2.12.2
exporter:
image:
repository: ghcr.io/goharbor/harbor-exporter
tag: v2.12.2
postgres-17-cluster:
mode: recovery
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
recovery:
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster
endpointCredentials: harbor-postgresql-17-cluster-backup-secret
backup:
enabled: false
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster
endpointCredentials: harbor-postgresql-17-cluster-backup-secret
backupIndex: 2