Update ghcr.io/immich-app/immich-server Docker tag to v1.134.0

add fixed secret
2025-06-05 15:49:34 +00:00 · 2025-06-05 10:47:57 -05:00
2 changed files with 92 additions and 25 deletions
--- a/clusters/cl01tl/services/harbor/templates/external-secret.yaml
+++ b/clusters/cl01tl/services/harbor/templates/external-secret.yaml
@@ -26,41 +26,113 @@ spec:
        key: /cl01tl/harbor/config
        metadataPolicy: None
        property: secretKey
+    - secretKey: CSRF_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/core
+        metadataPolicy: None
+        property: CSRF_KEY
    - secretKey: secret
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/harbor/config
+        key: /cl01tl/harbor/core
        metadataPolicy: None
        property: secret
+    - secretKey: tls.crt
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/core
+        metadataPolicy: None
+        property: tls.crt
+    - secretKey: tls.key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/core
+        metadataPolicy: None
+        property: tls.key
    - secretKey: JOBSERVICE_SECRET
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/harbor/config
+        key: /cl01tl/harbor/jobservice
        metadataPolicy: None
-        property: jobservice-secret
+        property: JOBSERVICE_SECRET
    - secretKey: REGISTRY_HTTP_SECRET
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/harbor/config
+        key: /cl01tl/harbor/registry
        metadataPolicy: None
-        property: registry-http-secret
-    - secretKey: REGISTRY_PASSWD
+        property: REGISTRY_HTTP_SECRET
+    - secretKey: REGISTRY_REDIS_PASSWORD
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/harbor/config
+        key: /cl01tl/harbor/registry
        metadataPolicy: None
-        property: registry-password
+        property: REGISTRY_REDIS_PASSWORD
    - secretKey: REGISTRY_HTPASSWD
      remoteRef:
        conversionStrategy: Default
        decodingStrategy: None
-        key: /cl01tl/harbor/config
+        key: /cl01tl/harbor/registry
        metadataPolicy: None
-        property: registry-ht-password
+        property: REGISTRY_HTPASSWD
+    - secretKey: REGISTRY_CREDENTIAL_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/registry
+        metadataPolicy: None
+        property: REGISTRY_CREDENTIAL_PASSWORD
+    - secretKey: REGISTRY_PASSWD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/registry
+        metadataPolicy: None
+        property: REGISTRY_CREDENTIAL_PASSWORD
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: harbor-nginx-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: harbor-nginx-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ca.crt
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/nginx
+        metadataPolicy: None
+        property: ca.crt
+    - secretKey: tls.crt
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/nginx
+        metadataPolicy: None
+        property: tls.crt
+    - secretKey: tls.key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/harbor/nginx
+        metadataPolicy: None
+        property: tls.key

 ---
 apiVersion: external-secrets.io/v1
--- a/clusters/cl01tl/services/harbor/values.yaml
+++ b/clusters/cl01tl/services/harbor/values.yaml
@@ -45,17 +45,18 @@ harbor:
    image:
      repository: goharbor/harbor-core
      tag: v2.13.1
-    replicas: 3
-    # existingSecret: harbor-secret
+    replicas: 2
+    existingSecret: harbor-secret
+    secretName: harbor-secret
+    existingXsrfSecret: harbor-secret
  jobservice:
    image:
      repository: goharbor/harbor-jobservice
      tag: v2.13.1
-    replicas: 3
+    replicas: 2
    jobLoggers:
      - stdout
-    # existingSecret: harbor-secret
-    # existingSecretKey: JOBSERVICE_SECRET
+    existingSecret: harbor-secret
  registry:
    registry:
      image:
@@ -65,16 +66,10 @@ harbor:
      image:
        repository: goharbor/harbor-registryctl
        tag: v2.13.1
-    # existingSecret: harbor-secret
-    # existingSecretKey: REGISTRY_HTTP_SECRET
-    # relativeurls: true
-    # credentials:
-    #   existingSecret: harbor-secret
-    # upload_purging:
-    #   enabled: true
-    #   age: 168h
-    #   interval: 24h
-    #   dryrun: false
+    existingSecret: harbor-secret
+    relativeurls: true
+    credentials:
+      existingSecret: harbor-secret
  trivy:
    enabled: true
  database:
Author	SHA1	Message	Date
Renovate Bot	452a8c1798	Update ghcr.io/immich-app/immich-server Docker tag to v1.134.0 All checks were successful lint-and-test-charts / lint-test (pull_request) Successful in 35s Details	2025-06-05 15:49:34 +00:00
Alex Lebens	c04cbeb747	add fixed secret All checks were successful renovate / renovate (push) Successful in 2m16s Details	2025-06-05 10:47:57 -05:00