Update ghcr.io/immich-app/immich-server Docker tag to v1.134.0

2025-06-05 15:16:50 +00:00
2 changed files with 25 additions and 92 deletions
--- a/clusters/cl01tl/services/harbor/templates/external-secret.yaml
+++ b/clusters/cl01tl/services/harbor/templates/external-secret.yaml
@@ -26,113 +26,41 @@ spec:
        key: /cl01tl/harbor/config
        metadataPolicy: None
        property: secretKey
-    - secretKey: CSRF_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/harbor/core
-        metadataPolicy: None
-        property: CSRF_KEY
    - secretKey: secret
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/harbor/core
+        key: /cl01tl/harbor/config
        metadataPolicy: None
        property: secret
-    - secretKey: tls.crt
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/harbor/core
-        metadataPolicy: None
-        property: tls.crt
-    - secretKey: tls.key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/harbor/core
-        metadataPolicy: None
-        property: tls.key
    - secretKey: JOBSERVICE_SECRET
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/harbor/jobservice
+        key: /cl01tl/harbor/config
        metadataPolicy: None
-        property: JOBSERVICE_SECRET
+        property: jobservice-secret
    - secretKey: REGISTRY_HTTP_SECRET
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/harbor/registry
+        key: /cl01tl/harbor/config
        metadataPolicy: None
-        property: REGISTRY_HTTP_SECRET
-    - secretKey: REGISTRY_REDIS_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/harbor/registry
-        metadataPolicy: None
-        property: REGISTRY_REDIS_PASSWORD
-    - secretKey: REGISTRY_HTPASSWD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/harbor/registry
-        metadataPolicy: None
-        property: REGISTRY_HTPASSWD
-    - secretKey: REGISTRY_CREDENTIAL_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/harbor/registry
-        metadataPolicy: None
-        property: REGISTRY_CREDENTIAL_PASSWORD
+        property: registry-http-secret
    - secretKey: REGISTRY_PASSWD
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/harbor/registry
+        key: /cl01tl/harbor/config
        metadataPolicy: None
-        property: REGISTRY_CREDENTIAL_PASSWORD
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: harbor-nginx-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: harbor-nginx-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: ca.crt
+        property: registry-password
+    - secretKey: REGISTRY_HTPASSWD
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/harbor/nginx
+        key: /cl01tl/harbor/config
        metadataPolicy: None
-        property: ca.crt
-    - secretKey: tls.crt
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/harbor/nginx
-        metadataPolicy: None
-        property: tls.crt
-    - secretKey: tls.key
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/harbor/nginx
-        metadataPolicy: None
-        property: tls.key
+        property: registry-ht-password

 ---
 apiVersion: external-secrets.io/v1
--- a/clusters/cl01tl/services/harbor/values.yaml
+++ b/clusters/cl01tl/services/harbor/values.yaml
@@ -45,18 +45,17 @@ harbor:
    image:
      repository: goharbor/harbor-core
      tag: v2.13.1
-    replicas: 2
-    existingSecret: harbor-secret
-    secretName: harbor-secret
-    existingXsrfSecret: harbor-secret
+    replicas: 3
+    # existingSecret: harbor-secret
  jobservice:
    image:
      repository: goharbor/harbor-jobservice
      tag: v2.13.1
-    replicas: 2
+    replicas: 3
    jobLoggers:
      - stdout
-    existingSecret: harbor-secret
+    # existingSecret: harbor-secret
+    # existingSecretKey: JOBSERVICE_SECRET
  registry:
    registry:
      image:
@@ -66,10 +65,16 @@ harbor:
      image:
        repository: goharbor/harbor-registryctl
        tag: v2.13.1
-    existingSecret: harbor-secret
-    relativeurls: true
-    credentials:
-      existingSecret: harbor-secret
+    # existingSecret: harbor-secret
+    # existingSecretKey: REGISTRY_HTTP_SECRET
+    # relativeurls: true
+    # credentials:
+    #   existingSecret: harbor-secret
+    # upload_purging:
+    #   enabled: true
+    #   age: 168h
+    #   interval: 24h
+    #   dryrun: false
  trivy:
    enabled: true
  database: