Update ghcr.io/immich-app/immich-server Docker tag to v1.134.0

clusters/cl01tl/applications/immich/values.yaml

@@ -9,7 +9,7 @@ immich:
         main:
           image:
             repository: ghcr.io/immich-app/immich-server
-            tag: v1.132.3
+            tag: v1.134.0
             pullPolicy: IfNotPresent
           env:
             - name: TZ

clusters/cl01tl/services/harbor/templates/external-secret.yaml

@@ -26,41 +26,113 @@ spec:
         key: /cl01tl/harbor/config
         metadataPolicy: None
         property: secretKey
+    - secretKey: CSRF_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/core
+        metadataPolicy: None
+        property: CSRF_KEY
     - secretKey: secret
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/harbor/config
+        key: /cl01tl/harbor/core
         metadataPolicy: None
         property: secret
+    - secretKey: tls.crt
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/core
+        metadataPolicy: None
+        property: tls.crt
+    - secretKey: tls.key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/core
+        metadataPolicy: None
+        property: tls.key
     - secretKey: JOBSERVICE_SECRET
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/harbor/config
+        key: /cl01tl/harbor/jobservice
         metadataPolicy: None
-        property: jobservice-secret
+        property: JOBSERVICE_SECRET
     - secretKey: REGISTRY_HTTP_SECRET
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/harbor/config
+        key: /cl01tl/harbor/registry
         metadataPolicy: None
-        property: registry-http-secret
+        property: REGISTRY_HTTP_SECRET
-    - secretKey: REGISTRY_PASSWD
+    - secretKey: REGISTRY_REDIS_PASSWORD
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/harbor/config
+        key: /cl01tl/harbor/registry
         metadataPolicy: None
-        property: registry-password
+        property: REGISTRY_REDIS_PASSWORD
     - secretKey: REGISTRY_HTPASSWD
       remoteRef:
         conversionStrategy: Default
         decodingStrategy: None
-        key: /cl01tl/harbor/config
+        key: /cl01tl/harbor/registry
         metadataPolicy: None
-        property: registry-ht-password
+        property: REGISTRY_HTPASSWD
+    - secretKey: REGISTRY_CREDENTIAL_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/registry
+        metadataPolicy: None
+        property: REGISTRY_CREDENTIAL_PASSWORD
+    - secretKey: REGISTRY_PASSWD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/registry
+        metadataPolicy: None
+        property: REGISTRY_CREDENTIAL_PASSWORD
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: harbor-nginx-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: harbor-nginx-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ca.crt
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/nginx
+        metadataPolicy: None
+        property: ca.crt
+    - secretKey: tls.crt
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/nginx
+        metadataPolicy: None
+        property: tls.crt
+    - secretKey: tls.key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/nginx
+        metadataPolicy: None
+        property: tls.key
 
 ---
 apiVersion: external-secrets.io/v1

clusters/cl01tl/services/harbor/values.yaml

@@ -45,17 +45,18 @@ harbor:
     image:
       repository: goharbor/harbor-core
       tag: v2.13.1
-    replicas: 3
+    replicas: 2
-    # existingSecret: harbor-secret
+    existingSecret: harbor-secret
+    secretName: harbor-secret
+    existingXsrfSecret: harbor-secret
   jobservice:
     image:
       repository: goharbor/harbor-jobservice
       tag: v2.13.1
-    replicas: 3
+    replicas: 2
     jobLoggers:
       - stdout
-    # existingSecret: harbor-secret
+    existingSecret: harbor-secret
-    # existingSecretKey: JOBSERVICE_SECRET
   registry:
     registry:
       image:
@@ -65,16 +66,10 @@ harbor:
       image:
         repository: goharbor/harbor-registryctl
         tag: v2.13.1
-    # existingSecret: harbor-secret
+    existingSecret: harbor-secret
-    # existingSecretKey: REGISTRY_HTTP_SECRET
+    relativeurls: true
-    # relativeurls: true
+    credentials:
-    # credentials:
+      existingSecret: harbor-secret
-    #   existingSecret: harbor-secret
-    # upload_purging:
-    #   enabled: true
-    #   age: 168h
-    #   interval: 24h
-    #   dryrun: false
   trivy:
     enabled: true
   database: