--- apiVersion: apps/v1 kind: Deployment metadata: name: harbor-core namespace: "harbor" labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.14.2" component: core app.kubernetes.io/component: core spec: replicas: 2 revisionHistoryLimit: 10 selector: matchLabels: release: harbor app: "harbor" component: core template: metadata: labels: heritage: Helm release: harbor chart: harbor app: "harbor" app.kubernetes.io/instance: harbor app.kubernetes.io/name: harbor app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: harbor app.kubernetes.io/version: "2.14.2" component: core app.kubernetes.io/component: core annotations: checksum/configmap: 1cd92d6ad655a3c1d33e18b68b16811a6876c079f89d8e606ae522d6c43f1278 checksum/secret: ea96175d9d13685272268c622197e7f602ef7f436c55dafd8e625f468586290d checksum/secret-jobservice: d997909ea151f04cd3c6ce0da2b1e4b09ab6eecdc3d048c0d3aedf21b23285ba spec: securityContext: runAsUser: 10000 fsGroup: 10000 automountServiceAccountToken: false terminationGracePeriodSeconds: 120 containers: - name: core image: goharbor/harbor-core:v2.14.3 imagePullPolicy: IfNotPresent startupProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 360 initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 2 periodSeconds: 10 readinessProbe: httpGet: path: /api/v2.0/ping scheme: HTTP port: 8080 failureThreshold: 2 periodSeconds: 10 envFrom: - configMapRef: name: "harbor-core" - secretRef: name: "harbor-core" env: - name: CORE_SECRET valueFrom: secretKeyRef: name: harbor-secret key: secret - name: JOBSERVICE_SECRET valueFrom: secretKeyRef: name: harbor-secret key: JOBSERVICE_SECRET - name: HARBOR_ADMIN_PASSWORD valueFrom: secretKeyRef: name: harbor-secret key: HARBOR_ADMIN_PASSWORD - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: name: harbor-postgresql-18-cluster-app key: password - name: REGISTRY_CREDENTIAL_PASSWORD valueFrom: secretKeyRef: name: harbor-secret key: REGISTRY_PASSWD - name: CSRF_KEY valueFrom: secretKeyRef: name: harbor-secret key: CSRF_KEY securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL privileged: false runAsNonRoot: true seccompProfile: type: RuntimeDefault ports: - containerPort: 8080 volumeMounts: - name: config mountPath: /etc/core/app.conf subPath: app.conf - name: secret-key mountPath: /etc/core/key subPath: key - name: token-service-private-key mountPath: /etc/core/private_key.pem subPath: tls.key - name: psc mountPath: /etc/core/token volumes: - name: config configMap: name: harbor-core items: - key: app.conf path: app.conf - name: secret-key secret: secretName: harbor-secret items: - key: secretKey path: key - name: token-service-private-key secret: secretName: harbor-secret - name: psc emptyDir: {}