gitea-bot
fcc928a9f2
This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. ### Details - **Trigger**: `pull_request` by `@alexlebens` - **Commit**: `9adfa37` (on `9adfa37bfd180bb019e148085441833e626d9571`) - **Charts Updated**: `harbor,yubal` ### Update Details (2026-03-24 22:14 UTC) - **Trigger**: `pull_request` by `@alexlebens` - **Commit**: `27fe9e1` (on `27fe9e1cc52fb8b974f5d2ca538bd9a669cb855f`) - **Charts Updated**: `harbor` ### Update Details (2026-03-24 22:20 UTC) - **Trigger**: `workflow_dispatch` by `@alexlebens` - **Commit**: `27fe9e1` (on `main`) - **Charts Updated**: `yubal` Reviewed-on: #5089 Co-authored-by: gitea-bot <gitea-bot@alexlebens.net> Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
178 lines
5.5 KiB
YAML
178 lines
5.5 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: "harbor-registry"
|
|
namespace: "harbor"
|
|
labels:
|
|
heritage: Helm
|
|
release: harbor
|
|
chart: harbor
|
|
app: "harbor"
|
|
app.kubernetes.io/instance: harbor
|
|
app.kubernetes.io/name: harbor
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/part-of: harbor
|
|
app.kubernetes.io/version: "2.14.3"
|
|
component: registry
|
|
app.kubernetes.io/component: registry
|
|
spec:
|
|
replicas: 1
|
|
revisionHistoryLimit: 10
|
|
strategy:
|
|
type: Recreate
|
|
rollingUpdate: null
|
|
selector:
|
|
matchLabels:
|
|
release: harbor
|
|
app: "harbor"
|
|
component: registry
|
|
template:
|
|
metadata:
|
|
labels:
|
|
heritage: Helm
|
|
release: harbor
|
|
chart: harbor
|
|
app: "harbor"
|
|
app.kubernetes.io/instance: harbor
|
|
app.kubernetes.io/name: harbor
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/part-of: harbor
|
|
app.kubernetes.io/version: "2.14.3"
|
|
component: registry
|
|
app.kubernetes.io/component: registry
|
|
annotations:
|
|
checksum/configmap: 77823f5f18ace686e7928407a3f045ee24ae0a3bd616a88a110e4a504b03f7ca
|
|
checksum/secret: 47a7c4b7d3c8e57c96d426d6085e3d3c9dfed0b5590c1c5a46f3ea642e876775
|
|
checksum/secret-jobservice: f3a0135630d8fa98235c6c6341ee8e42262bad005727f86ce3f0a0679271f1ed
|
|
checksum/secret-core: 59669814fb7baa809e9428f8ded55a9bf9281f6bfedaa638b53b49cff7b66e22
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 10000
|
|
fsGroup: 10000
|
|
fsGroupChangePolicy: OnRootMismatch
|
|
automountServiceAccountToken: false
|
|
terminationGracePeriodSeconds: 120
|
|
containers:
|
|
- name: registry
|
|
image: goharbor/registry-photon:v2.15.0@sha256:beb49fd16cf0906c04a2bf51a22f7210289e7cc2ae43a733e2a0364380aceae6
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /
|
|
scheme: HTTP
|
|
port: 5000
|
|
initialDelaySeconds: 300
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /
|
|
scheme: HTTP
|
|
port: 5000
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 10
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
envFrom:
|
|
- secretRef:
|
|
name: "harbor-registry"
|
|
env:
|
|
- name: REGISTRY_HTTP_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-secret
|
|
key: REGISTRY_HTTP_SECRET
|
|
ports:
|
|
- containerPort: 5000
|
|
- containerPort: 8001
|
|
volumeMounts:
|
|
- name: registry-data
|
|
mountPath: /storage
|
|
subPath:
|
|
- name: registry-htpasswd
|
|
mountPath: /etc/registry/passwd
|
|
subPath: passwd
|
|
- name: registry-config
|
|
mountPath: /etc/registry/config.yml
|
|
subPath: config.yml
|
|
- name: registryctl
|
|
image: ghcr.io/goharbor/harbor-registryctl:v2.15.0@sha256:463172f71d3a1e8d4f9e3b4e687a447f41fbc3126316d8c150dba04a903bbc47
|
|
imagePullPolicy: IfNotPresent
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /api/health
|
|
scheme: HTTP
|
|
port: 8080
|
|
initialDelaySeconds: 300
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /api/health
|
|
scheme: HTTP
|
|
port: 8080
|
|
initialDelaySeconds: 1
|
|
periodSeconds: 10
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
envFrom:
|
|
- configMapRef:
|
|
name: "harbor-registryctl"
|
|
- secretRef:
|
|
name: "harbor-registry"
|
|
- secretRef:
|
|
name: "harbor-registryctl"
|
|
env:
|
|
- name: REGISTRY_HTTP_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-secret
|
|
key: REGISTRY_HTTP_SECRET
|
|
- name: CORE_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-secret
|
|
key: secret
|
|
- name: JOBSERVICE_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-secret
|
|
key: JOBSERVICE_SECRET
|
|
ports:
|
|
- containerPort: 8080
|
|
volumeMounts:
|
|
- name: registry-data
|
|
mountPath: /storage
|
|
subPath:
|
|
- name: registry-config
|
|
mountPath: /etc/registry/config.yml
|
|
subPath: config.yml
|
|
- name: registry-config
|
|
mountPath: /etc/registryctl/config.yml
|
|
subPath: ctl-config.yml
|
|
volumes:
|
|
- name: registry-htpasswd
|
|
secret:
|
|
secretName: harbor-secret
|
|
items:
|
|
- key: REGISTRY_HTPASSWD
|
|
path: passwd
|
|
- name: registry-config
|
|
configMap:
|
|
name: "harbor-registry"
|
|
- name: registry-data
|
|
persistentVolumeClaim:
|
|
claimName: harbor-registry
|