154 lines
4.5 KiB
YAML
154 lines
4.5 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: harbor-core
|
|
namespace: "harbor"
|
|
labels:
|
|
heritage: Helm
|
|
release: harbor
|
|
chart: harbor
|
|
app: "harbor"
|
|
app.kubernetes.io/instance: harbor
|
|
app.kubernetes.io/name: harbor
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/part-of: harbor
|
|
app.kubernetes.io/version: "2.14.2"
|
|
component: core
|
|
app.kubernetes.io/component: core
|
|
spec:
|
|
replicas: 2
|
|
revisionHistoryLimit: 10
|
|
selector:
|
|
matchLabels:
|
|
release: harbor
|
|
app: "harbor"
|
|
component: core
|
|
template:
|
|
metadata:
|
|
labels:
|
|
heritage: Helm
|
|
release: harbor
|
|
chart: harbor
|
|
app: "harbor"
|
|
app.kubernetes.io/instance: harbor
|
|
app.kubernetes.io/name: harbor
|
|
app.kubernetes.io/managed-by: Helm
|
|
app.kubernetes.io/part-of: harbor
|
|
app.kubernetes.io/version: "2.14.2"
|
|
component: core
|
|
app.kubernetes.io/component: core
|
|
annotations:
|
|
checksum/configmap: 1cd92d6ad655a3c1d33e18b68b16811a6876c079f89d8e606ae522d6c43f1278
|
|
checksum/secret: ea96175d9d13685272268c622197e7f602ef7f436c55dafd8e625f468586290d
|
|
checksum/secret-jobservice: d997909ea151f04cd3c6ce0da2b1e4b09ab6eecdc3d048c0d3aedf21b23285ba
|
|
spec:
|
|
securityContext:
|
|
runAsUser: 10000
|
|
fsGroup: 10000
|
|
automountServiceAccountToken: false
|
|
terminationGracePeriodSeconds: 120
|
|
containers:
|
|
- name: core
|
|
image: goharbor/harbor-core:v2.14.3
|
|
imagePullPolicy: IfNotPresent
|
|
startupProbe:
|
|
httpGet:
|
|
path: /api/v2.0/ping
|
|
scheme: HTTP
|
|
port: 8080
|
|
failureThreshold: 360
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /api/v2.0/ping
|
|
scheme: HTTP
|
|
port: 8080
|
|
failureThreshold: 2
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /api/v2.0/ping
|
|
scheme: HTTP
|
|
port: 8080
|
|
failureThreshold: 2
|
|
periodSeconds: 10
|
|
envFrom:
|
|
- configMapRef:
|
|
name: "harbor-core"
|
|
- secretRef:
|
|
name: "harbor-core"
|
|
env:
|
|
- name: CORE_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-secret
|
|
key: secret
|
|
- name: JOBSERVICE_SECRET
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-secret
|
|
key: JOBSERVICE_SECRET
|
|
- name: HARBOR_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-secret
|
|
key: HARBOR_ADMIN_PASSWORD
|
|
- name: POSTGRESQL_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-postgresql-18-cluster-app
|
|
key: password
|
|
- name: REGISTRY_CREDENTIAL_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-secret
|
|
key: REGISTRY_PASSWD
|
|
- name: CSRF_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: harbor-secret
|
|
key: CSRF_KEY
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
ports:
|
|
- containerPort: 8080
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/core/app.conf
|
|
subPath: app.conf
|
|
- name: secret-key
|
|
mountPath: /etc/core/key
|
|
subPath: key
|
|
- name: token-service-private-key
|
|
mountPath: /etc/core/private_key.pem
|
|
subPath: tls.key
|
|
- name: psc
|
|
mountPath: /etc/core/token
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: harbor-core
|
|
items:
|
|
- key: app.conf
|
|
path: app.conf
|
|
- name: secret-key
|
|
secret:
|
|
secretName: harbor-secret
|
|
items:
|
|
- key: secretKey
|
|
path: key
|
|
- name: token-service-private-key
|
|
secret:
|
|
secretName: harbor-secret
|
|
- name: psc
|
|
emptyDir: {}
|