alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions 1 Activity

migration to next

Browse Source
This commit is contained in:
Alex Lebens
2025-03-02 16:56:16 -06:00
parent 1693ecd0ae
commit 9fe661cf24
342 changed files with 166 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
clusters/cl01tl/services/harbor/Chart.yaml
View File

@@ -1,29 +0,0 @@
apiVersion: v2
name: harbor
version: 1.0.0
description: Harbor
keywords:
- harbor
- images
- cache
- kubernetes
home: https://wiki.alexlebens.dev/doc/harbor-
sources:
- https://github.com/goharborv
- https://github.com/goharbor/harbor-helm
- https://github.com/valkey-io/valkey
- https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/bitnami/charts/tree/main/bitnami/valkey
- https://github.com/alexlebens/helm-charts/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: harbor
version: 1.16.2
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-17-cluster
version: 4.2.0
repository: http://alexlebens.github.io/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
appVersion: v2.12.1

97
clusters/cl01tl/services/harbor/templates/external-secret.yaml
View File

@@ -1,97 +0,0 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: harbor-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: HARBOR_ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: admin-password
- secretKey: secretKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secretKey
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secret
- secretKey: JOBSERVICE_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: jobservice-secret
- secretKey: REGISTRY_HTTP_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-http-secret
- secretKey: REGISTRY_PASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-password
- secretKey: REGISTRY_HTPASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: registry-ht-password
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: harbor-postgresql-17-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-postgresql-17-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: database
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/postgres-backups
metadataPolicy: None
property: secret

59
clusters/cl01tl/services/harbor/templates/ingress.yaml
View File

@@ -1,59 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: harbor-tailscale
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: harbor-tailscale
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
app.kubernetes.io/component: web
app.kubernetes.io/part-of: {{ .Release.Name }}
labels:
tailscale.com/proxy-class: no-metrics
annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
spec:
ingressClassName: tailscale
tls:
- hosts:
- harbor-cl01tl
rules:
- host: harbor-cl01tl
http:
paths:
- backend:
service:
name: harbor-core
port:
number: 80
path: /api/
pathType: Prefix
- backend:
service:
name: harbor-core
port:
number: 80
path: /service/
pathType: Prefix
- backend:
service:
name: harbor-core
port:
number: 80
path: /v2/
pathType: Prefix
- backend:
service:
name: harbor-core
port:
number: 80
path: /c/
pathType: Prefix
- backend:
service:
name: harbor-portal
port:
number: 80
path: /
pathType: Prefix

136
clusters/cl01tl/services/harbor/values.yaml
View File

@@ -1,136 +0,0 @@
harbor:
expose:
type: ingress
ingress:
hosts:
core: harbor.alexlebens.net
className: traefik
labels:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
cert-manager.io/cluster-issuer: letsencrypt-issuer
externalURL: https://harbor-cl01tl.boreal-beaufort.ts.net
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 20Gi
jobservice:
jobLog:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
redis:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
trivy:
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 5Gi
imageChartStorage:
type: filesystem
filesystem:
rootdirectory: /storage
existingSecretAdminPassword: harbor-secret
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
ipFamily:
ipv6:
enabled: false
ipv4:
enabled: true
updateStrategy:
type: Recreate
existingSecretSecretKey: harbor-secret
metrics:
enabled: true
core:
path: /metrics
port: 8001
registry:
path: /metrics
port: 8001
jobservice:
path: /metrics
port: 8001
exporter:
path: /metrics
port: 8001
serviceMonitor:
enabled: true
trace:
enabled: false
cache:
enabled: false
portal:
image:
repository: ghcr.io/goharbor/harbor-portal
tag: v2.12.2
core:
image:
repository: ghcr.io/goharbor/harbor-core
tag: v2.12.2
existingSecret: harbor-secret
jobservice:
image:
repository: ghcr.io/goharbor/harbor-jobservice
tag: v2.12.2
existingSecret: harbor-secret
existingSecretKey: JOBSERVICE_SECRET
registry:
registry:
image:
repository: ghcr.io/goharbor/registry-photon
tag: v2.12.2
controller:
image:
repository: ghcr.io/goharbor/harbor-registryctl
tag: v2.12.2
existingSecret: harbor-secret
existingSecretKey: REGISTRY_HTTP_SECRET
relativeurls: false
credentials:
existingSecret: harbor-secret
upload_purging:
enabled: true
age: 168h
interval: 24h
dryrun: false
trivy:
enabled: false
database:
type: external
external:
host: harbor-postgresql-17-cluster-rw
port: "5432"
username: app
coreDatabase: app
existingSecret: harbor-postgresql-17-cluster-app
redis:
type: internal
internal:
image:
repository: goharbor/redis-photon
tag: v2.12.2
exporter:
image:
repository: ghcr.io/goharbor/harbor-exporter
tag: v2.12.2
postgres-17-cluster:
mode: standalone
cluster:
walStorage:
storageClass: local-path
storage:
storageClass: local-path
monitoring:
enabled: true
backup:
enabled: true
endpointURL: https://nyc3.digitaloceanspaces.com
destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/harbor/harbor-postgresql-17-cluster
endpointCredentials: harbor-postgresql-17-cluster-backup-secret
backupIndex: 1