Commit 584a284f authored by Jehoszafat Zimnowoda's avatar Jehoszafat Zimnowoda
Browse files

feat: add harbor chart

parent 1c29f51c
Showing with 1837 additions and 0 deletions
+1837 -0
docs/*
.git/*
.gitignore
CONTRIBUTING.md
.travis.yaml
test/*
\ No newline at end of file
dist: xenial
language: minimal
matrix:
include:
- name: "helm v2"
env: HELM_VERSION=2
- name: "helm v3"
env: HELM_VERSION=3
before_install:
- test/install_helm.sh
before_script:
# rename the "harbor-helm" folder to "harbor" to avoid the helm lint failure
- cd ..; mv harbor-helm harbor; cd harbor
script:
- test/verify.sh
\ No newline at end of file
apiVersion: v1
appVersion: 2.0.0
description: An open source trusted cloud native registry that stores, signs, and
scans content
home: https://goharbor.io
icon: https://raw.githubusercontent.com/goharbor/harbor/master/docs/img/harbor_logo.png
keywords:
- docker
- registry
- harbor
maintainers:
- email: yinw@vmware.com
name: Wenkai Yin
- email: hweiwei@vmware.com
name: Weiwei He
- email: dengq@vmware.com
name: Qian Deng
name: harbor
sources:
- https://github.com/goharbor/harbor
- https://github.com/goharbor/harbor-helm
version: 1.4.0
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
This diff is collapsed.
-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIJAPY/OzLMeVq2MA0GCSqGSIb3DQEBCwUAMAAwHhcNMTkw
NDE4MDIyNzM3WhcNMjkwNDE1MDIyNzM3WjAAMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA3xlUJs2b/aI2NLoy4OIQ+dn/yMb/O99iKDRyZKpH8rSOmS+o
F9unmSAzL65XA/v6nY0OLI/dASDjkqkBpIdTGzogR5f8UiB6osuEY7V71XZdzWLr
PjnJq6ZLAaoKmwG80W5+Wd6V8PygOx52mkr1w7IWKz+1ZLI5izbppon7XVGVRaAT
RvNZDiJ6CeJpcJ5H723lkf5RvJWatZLCYIYDbRfTiKsyQ/SlRcv5BVfHg/LJSH9Q
LGRhPMARldl9wyZCwZZDHxheI4a+26aa8MY3u9st/l0/Oo6VCTGpMiEhiGF2LVjp
UWq/+BP4SFEvJfq/DuinI139W/5aZZ7/HwRPlmYU6pXTRLyIg7jd+19fJwR7X37q
w0o8t06FhjmrCzaYCUjoReqDmHaNmZN/ddvG7jZWBu+jNh0YavsyQyCIVmv6yqSc
jPiD9uivxqTwjJidIBRfuUrz3aERQ7cQgf0qhqjIzflzHbFKhILocBWq7zyNl9hr
vUGT/WZcw0t/OtM72SPaplmTgVbbQRxf2VHzyptGIvtydlXK8thxOMpXo4e+Sl8d
1gdQcC4oisN9F29oNs8P5yFQP//xYuv8C607nCj1DzrId5avG/NVfKB/fbDKEFgN
2WhHInTzPLEcjF4fErcUAEuWW0buX/6FHCG3iTtrqyD92KTVDfN1J56rrcsCAwEA
AaNQME4wHQYDVR0OBBYEFFhNhTo4UAC2PUsf8jYaWj160vGEMB8GA1UdIwQYMBaA
FFhNhTo4UAC2PUsf8jYaWj160vGEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggIBAMAsEtVlELMwdtcifHeOT0kOmf5wo9In/eFSgscCzBMDaRx2B3q36AoS
Il7XWAZpevaR7W7yeARKaAshBLhygUqLD0zWbKlSN9Hprd1wdpM0ffyPpN5dxOYA
er04y12GRnCbMYqi4cvztP4TinXqq2yHSYhLbO9qkI5gbWVxkRuIcMKvixddllNY
Q3obJaDDHmovM3+g/G+1YFgt4qES38XnJ7BrSshHnn5EIQh286xfJriyrK2hHbLJ
qz0YuF6G3DXPeWGgXvj0Hipc0f8UDZkKkk/eGEI6vEkytyvoepoZI2XbAf/ZMy5n
KwuhEn4hhkFMwWaSWp/h0QdMCaxk4BVSOqmNVaLSB7+FjsIj4CasFotYiyJ2gpRB
Nf8QaS4bz0Tn1eBbC8ksj+e3ZWeX2b5wVMjql9jTt2X1ICs8KKe3vEBkjqT2AUi2
52TtKzm73aWrz/GPy/Q2LCor3Fh9FGVSBOBBDXGy6MJpNHJnYVH9EENFGOh85ol1
2pADOBB5vAU/kLB5LHPj2kue/FMiHaNnrSYIGrMlBSX2jj9EYa1uuUH+pd4MBj1F
5uH8ORiaQ6ht2+WHklxic1Rj5yTYQwVlH70CBOn+qVEdo63yQwzAMJKFIwlGUQEX
jiljgc86q4cZtUTFrcwMidbk+8Q6+JbDVg7HV/+pnC+wnv197kwe
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA3xlUJs2b/aI2NLoy4OIQ+dn/yMb/O99iKDRyZKpH8rSOmS+o
F9unmSAzL65XA/v6nY0OLI/dASDjkqkBpIdTGzogR5f8UiB6osuEY7V71XZdzWLr
PjnJq6ZLAaoKmwG80W5+Wd6V8PygOx52mkr1w7IWKz+1ZLI5izbppon7XVGVRaAT
RvNZDiJ6CeJpcJ5H723lkf5RvJWatZLCYIYDbRfTiKsyQ/SlRcv5BVfHg/LJSH9Q
LGRhPMARldl9wyZCwZZDHxheI4a+26aa8MY3u9st/l0/Oo6VCTGpMiEhiGF2LVjp
UWq/+BP4SFEvJfq/DuinI139W/5aZZ7/HwRPlmYU6pXTRLyIg7jd+19fJwR7X37q
w0o8t06FhjmrCzaYCUjoReqDmHaNmZN/ddvG7jZWBu+jNh0YavsyQyCIVmv6yqSc
jPiD9uivxqTwjJidIBRfuUrz3aERQ7cQgf0qhqjIzflzHbFKhILocBWq7zyNl9hr
vUGT/WZcw0t/OtM72SPaplmTgVbbQRxf2VHzyptGIvtydlXK8thxOMpXo4e+Sl8d
1gdQcC4oisN9F29oNs8P5yFQP//xYuv8C607nCj1DzrId5avG/NVfKB/fbDKEFgN
2WhHInTzPLEcjF4fErcUAEuWW0buX/6FHCG3iTtrqyD92KTVDfN1J56rrcsCAwEA
AQKCAgEAk8q8s4PrvYby79UVlWJNKqceykwBkxE1fjrYORWQ2hiAirxGV5+8lDT/
k6ujm1EWwb5K0HxxRKkb+PEa1HqNNHE6JxNpJKK9exDlYAQ+x7dFBqVr/2nazmo4
MB8MLYlmIztWWoSYwe8o2mEg4q+bxYs5Imdu7AkhE7dJ63hm23gLMfeMLalRqopu
XBPwE5nXP6aGuUNHtG1K8tQJDlZY+LEbAeOfReNQhT9NdRukYSW579vfKblJrSvz
ulg89sVm3cWEK5pB6rj9wJbK94voKftVqbbuBwWjd1a9pibKhwVBe2L2FWhpSZc5
F/coC7njTaYT6tr91y5VhhJhIZQCf/vv4Zl5XhFHs5VTZNbM/OfqyFQLYXVJO48K
F7tmazAEQQBQwVZqH9C9NQdzPHWmc38Okhtc1wzaqn/rg9+1sgAMD8hWCtQJUe97
b9ymh5A0Z4QXKpyFT0b+pXcD1jRha07UtkX+/zLJ9HpAXcUmzkG+j5CXNpnxsIq5
fJFeq3hBj9w6n4h+50M4W0Fse5YoEUsc3B0fz8BlQBb+YJLFLNH34MH8p1l0ZDYJ
yae0psxlBijg4OPZ+WCBa+jtFW4LiWgEcxwgz8w+hEOAQr2a1Dc7w8jd+Y4IK8Um
lTVs5dbp4mOmPMlRv/GM7kDudFqbMg3YFwXg3QbquVqLZzEzjVkCggEBAPJKZbCW
YfLejkS/fkRyV3VIb54mKwQHoMWub88tPgGuXzjsJyd5QTQ58PpUjXrLHmn8lS2+
viE8GJylKwN1yMlZw40+kZhpHUpCWx/2ZKjAqvqA9OOKo2fv6Hd/wOAnU4CtioC1
pri7lKFYXoP8DtQVwHYvIzCRqDnhc4mwJDqzTC9xduI+svxzl4xH82fx0jrPiFY+
/wOdXjyfIPjyhHC4jPTWbairwXS9dBjSl128aIRT580/yXE/SYAugg05jKtg5zQA
So13MTezXRHXdO0di3tEMHGREEkFpeVnnPQvCCedK0DV36iNwiWc8pwdfLMVneTt
DKwZedCx+o/7ev0CggEBAOu48DGEJJJzHxVR5mY1K2AlZyYtpTOWehK1zX74JvM3
YxN4nd+Zx5n9uSPmmKzqF3TU+44RVtdJK6ejoFE8dMDTNWaSLW/ZDmN1nT0njvOn
IWJn59ynOChWWKZgXZ/9UqGR7Pt6OxSkkex9c/fYBsMX/xusdXQigeogl0iOYVFW
gXIiiLRLHpHJsK/uNxIizj0hTYYn7uD7PRENwFRcCYf8J1eUFbd6DuCVWeQCKWgf
Nd2tSWoi0Vylj4uUX8Iw0tjLNMD5CREJEk4GSv4EDSmvUdv1LiBKJCL2lEcgoPeC
oOD2iCc5KqgnmQraRilFFk8RVXA9PWZGY3C0b6TVmmcCggEANZO2AOKALlCAbTtb
FI+kP08RP4t5H58AMjZsiweaGo0QiWnPDq+Fd6MIYpKn5mtcAlvUMRVovbioSJtN
c6psB/pNf8JCN82mqHEb7WlywM46AMLbZCWYFLe8VBBv+iE4GdBGPEfu4hK4vyTn
YZAvRz64HGo4Adlztbjg76V/nWtggW05uLXcpm55KJAQhv+2WULjBw9PHOGDoSwf
Am2+U567rLht70prsQDj10laJ2QuSHS1YXGlfeFcw3eFUp9TN+JpvdoCol2lCIgl
IHjgZj6ORWfCvpoxW7RgBuZukqCD0R60HdYtavxN3jtiepsapA83pxO0JapMgZWZ
rpURkQKCAQBOcEv9Liu9T/GX9pjkiezVIZ0hZy8B66DTeQvYpFrRtCyT3h8quNFi
vLtO5v0HDR6hEf5jWAG9wet07U37ulJfl+i9KQdVoLTZA9o+71ryWTsSs+DD3CEj
yxfUxVxiULmeaiChzhq608h7GYPthUU6xlFttAWhj5oLfqzYyAg6OL76a+Nxm02g
1ayl3m8U6eAXF23kpoUm+HNpqVnGuJmzVoUA75YKZ+NreEdhSBbfPwN9sJwtZUil
u7H4kHcM95Ix8eysCjKqKIqezBlITbDTnjNvLjcbJ5C+0a6lvIXT1vQR5/eGlc9M
BWE360pNkV/LD8mOf9Jepi2Q43oDL9EhAoIBAQDTWImfy0K9gGzA2rPy169mWYQK
OlcnD3+hQq6x51Zn1e/texFeVlhHn4rrnRdCFOAp47uFkJ2m72GCVD74EwQucK9y
AD5jorqgVHqCKZdkHjb2V60Mzm6g3rtL9WJXFVLvNBb/QGB2vgHVOO0zqiqGZj4e
Ex7l2m//5SE4DLtn70J9CgG1HtXCS8dWrGPL1pzDnk8VXtnoXzb0LChLUFEgZRmh
cV6AFHEK2H8wBHviNyehsRQiDkl2AiWOcJNvkzW68ck2nJjRWyPYK1JL3NCKpB3Q
OohrP0fHcWAXMW97wFXZhRfnQfDxxIOlj3McYT0AlanXd0F4NGc2Nvmphx04
-----END RSA PRIVATE KEY-----
clair:
database:
type: pgsql
options:
source: "{{ template "harbor.database.clair" . }}"
# Number of elements kept in the cache
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
cachesize: 16384
api:
# API server port
port: 6060
healthport: 6061
# Deadline before an API request will respond with a 503
timeout: 300s
updater:
interval: {{ .Values.clair.updatersInterval }}h
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at {{ .Values.externalURL }}
For more details, please visit https://github.com/goharbor/harbor
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "harbor.name" -}}
{{- default "harbor" .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "harbor.fullname" -}}
{{- $name := default "harbor" .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Helm required labels */}}
{{- define "harbor.labels" -}}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}
app: "{{ template "harbor.name" . }}"
{{- end -}}
{{/* matchLabels */}}
{{- define "harbor.matchLabels" -}}
release: {{ .Release.Name }}
app: "{{ template "harbor.name" . }}"
{{- end -}}
{{- define "harbor.autoGenCert" -}}
{{- if and .Values.expose.tls.enabled (not .Values.expose.tls.secretName) -}}
{{- printf "true" -}}
{{- else -}}
{{- printf "false" -}}
{{- end -}}
{{- end -}}
{{- define "harbor.autoGenCertForIngress" -}}
{{- if and (eq (include "harbor.autoGenCert" .) "true") (eq .Values.expose.type "ingress") -}}
{{- printf "true" -}}
{{- else -}}
{{- printf "false" -}}
{{- end -}}
{{- end -}}
{{- define "harbor.autoGenCertForNginx" -}}
{{- if and (eq (include "harbor.autoGenCert" .) "true") (ne .Values.expose.type "ingress") -}}
{{- printf "true" -}}
{{- else -}}
{{- printf "false" -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.host" -}}
{{- if eq .Values.database.type "internal" -}}
{{- template "harbor.database" . }}
{{- else -}}
{{- .Values.database.external.host -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.port" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "5432" -}}
{{- else -}}
{{- .Values.database.external.port -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.username" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "postgres" -}}
{{- else -}}
{{- .Values.database.external.username -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.rawPassword" -}}
{{- if eq .Values.database.type "internal" -}}
{{- .Values.database.internal.password -}}
{{- else -}}
{{- .Values.database.external.password -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.escapedRawPassword" -}}
{{- include "harbor.database.rawPassword" . | urlquery | replace "+" "%20" -}}
{{- end -}}
{{- define "harbor.database.encryptedPassword" -}}
{{- include "harbor.database.rawPassword" . | b64enc | quote -}}
{{- end -}}
{{- define "harbor.database.coreDatabase" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "registry" -}}
{{- else -}}
{{- .Values.database.external.coreDatabase -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.clairDatabase" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "postgres" -}}
{{- else -}}
{{- .Values.database.external.clairDatabase -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.notaryServerDatabase" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "notaryserver" -}}
{{- else -}}
{{- .Values.database.external.notaryServerDatabase -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.notarySignerDatabase" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "notarysigner" -}}
{{- else -}}
{{- .Values.database.external.notarySignerDatabase -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.sslmode" -}}
{{- if eq .Values.database.type "internal" -}}
{{- printf "%s" "disable" -}}
{{- else -}}
{{- .Values.database.external.sslmode -}}
{{- end -}}
{{- end -}}
{{- define "harbor.database.clair" -}}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.clairDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
{{- end -}}
{{- define "harbor.database.notaryServer" -}}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notaryServerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
{{- end -}}
{{- define "harbor.database.notarySigner" -}}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notarySignerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
{{- end -}}
{{- define "harbor.redis.host" -}}
{{- if eq .Values.redis.type "internal" -}}
{{- template "harbor.redis" . -}}
{{- else -}}
{{- .Values.redis.external.host -}}
{{- end -}}
{{- end -}}
{{- define "harbor.redis.port" -}}
{{- if eq .Values.redis.type "internal" -}}
{{- printf "%s" "6379" -}}
{{- else -}}
{{- .Values.redis.external.port -}}
{{- end -}}
{{- end -}}
{{- define "harbor.redis.coreDatabaseIndex" -}}
{{- if eq .Values.redis.type "internal" -}}
{{- printf "%s" "0" }}
{{- else -}}
{{- .Values.redis.external.coreDatabaseIndex -}}
{{- end -}}
{{- end -}}
{{- define "harbor.redis.jobserviceDatabaseIndex" -}}
{{- if eq .Values.redis.type "internal" -}}
{{- printf "%s" "1" }}
{{- else -}}
{{- .Values.redis.external.jobserviceDatabaseIndex -}}
{{- end -}}
{{- end -}}
{{- define "harbor.redis.registryDatabaseIndex" -}}
{{- if eq .Values.redis.type "internal" -}}
{{- printf "%s" "2" }}
{{- else -}}
{{- .Values.redis.external.registryDatabaseIndex -}}
{{- end -}}
{{- end -}}
{{- define "harbor.redis.chartmuseumDatabaseIndex" -}}
{{- if eq .Values.redis.type "internal" -}}
{{- printf "%s" "3" }}
{{- else -}}
{{- .Values.redis.external.chartmuseumDatabaseIndex -}}
{{- end -}}
{{- end -}}
{{- define "harbor.redis.clairAdapterIndex" -}}
{{- if eq .Values.redis.type "internal" -}}
{{- printf "%s" "4" }}
{{- else -}}
{{- .Values.redis.external.clairAdapterIndex -}}
{{- end -}}
{{- end -}}
{{- define "harbor.redis.trivyAdapterIndex" -}}
{{- if eq .Values.redis.type "internal" -}}
{{- printf "%s" "5" }}
{{- else -}}
{{- .Values.redis.external.trivyAdapterIndex -}}
{{- end -}}
{{- end -}}
{{- define "harbor.redis.rawPassword" -}}
{{- if and (eq .Values.redis.type "external") .Values.redis.external.password -}}
{{- .Values.redis.external.password -}}
{{- end -}}
{{- end -}}
{{- define "harbor.redis.escapedRawPassword" -}}
{{- if (include "harbor.redis.rawPassword" . ) -}}
{{- include "harbor.redis.rawPassword" . | urlquery | replace "+" "%20" -}}
{{- end -}}
{{- end -}}
{{/*the username redis is used for a placeholder as no username needed in redis*/}}
{{- define "harbor.redisForJobservice" -}}
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
{{- printf "redis://redis:%s@%s:%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.jobserviceDatabaseIndex" . ) }}
{{- else }}
{{- template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}/{{ template "harbor.redis.jobserviceDatabaseIndex" . }}
{{- end -}}
{{- end -}}
{{/*the username redis is used for a placeholder as no username needed in redis*/}}
{{- define "harbor.redisForGC" -}}
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
{{- printf "redis://redis:%s@%s:%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.registryDatabaseIndex" . ) }}
{{- else }}
{{- printf "redis://%s:%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.registryDatabaseIndex" . ) -}}
{{- end -}}
{{- end -}}
{{/*the username redis is used for a placeholder as no username needed in redis*/}}
{{- define "harbor.redisForClairAdapter" -}}
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
{{- printf "redis://redis:%s@%s:%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.clairAdapterIndex" . ) }}
{{- else }}
{{- printf "redis://%s:%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.clairAdapterIndex" . ) -}}
{{- end -}}
{{- end -}}
{{- define "harbor.redisForTrivyAdapter" -}}
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
{{- printf "redis://redis:%s@%s:%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.trivyAdapterIndex" . ) }}
{{- else }}
{{- printf "redis://%s:%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.trivyAdapterIndex" . ) -}}
{{- end -}}
{{- end -}}
{{/*
host:port,pool_size,password
100 is the default value of pool size
*/}}
{{- define "harbor.redisForCore" -}}
{{- template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }},100,{{ template "harbor.redis.rawPassword" . }}
{{- end -}}
{{- define "harbor.portal" -}}
{{- printf "%s-portal" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.core" -}}
{{- printf "%s-core" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.redis" -}}
{{- printf "%s-redis" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.jobservice" -}}
{{- printf "%s-jobservice" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.registry" -}}
{{- printf "%s-registry" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.chartmuseum" -}}
{{- printf "%s-chartmuseum" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.database" -}}
{{- printf "%s-database" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.clair" -}}
{{- printf "%s-clair" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.trivy" -}}
{{- printf "%s-trivy" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.notary-server" -}}
{{- printf "%s-notary-server" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.notary-signer" -}}
{{- printf "%s-notary-signer" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.nginx" -}}
{{- printf "%s-nginx" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.ingress" -}}
{{- printf "%s-ingress" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.ingress-notary" -}}
{{- printf "%s-ingress-notary" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.noProxy" -}}
{{- printf "%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.chartmuseum" .) (include "harbor.clair" .) (include "harbor.notary-server" .) (include "harbor.notary-signer" .) (include "harbor.registry" .) (include "harbor.portal" .) .Values.proxy.noProxy -}}
{{- end -}}
{{/* scheme for all components except notary because it only support http mode */}}
{{- define "harbor.component.scheme" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "https" -}}
{{- else -}}
{{- printf "http" -}}
{{- end -}}
{{- end -}}
{{/* chartmuseum component container port */}}
{{- define "harbor.chartmuseum.containerPort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "9443" -}}
{{- else -}}
{{- printf "9999" -}}
{{- end -}}
{{- end -}}
{{/* chartmuseum component service port */}}
{{- define "harbor.chartmuseum.servicePort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "443" -}}
{{- else -}}
{{- printf "80" -}}
{{- end -}}
{{- end -}}
{{/* clair adapter component container port */}}
{{- define "harbor.clairAdapter.containerPort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "8443" -}}
{{- else -}}
{{- printf "8080" -}}
{{- end -}}
{{- end -}}
{{/* clair adapter component service port */}}
{{- define "harbor.clairAdapter.servicePort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "8443" -}}
{{- else -}}
{{- printf "8080" -}}
{{- end -}}
{{- end -}}
{{/* core component container port */}}
{{- define "harbor.core.containerPort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "8443" -}}
{{- else -}}
{{- printf "8080" -}}
{{- end -}}
{{- end -}}
{{/* core component service port */}}
{{- define "harbor.core.servicePort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "443" -}}
{{- else -}}
{{- printf "80" -}}
{{- end -}}
{{- end -}}
{{/* jobservice component container port */}}
{{- define "harbor.jobservice.containerPort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "8443" -}}
{{- else -}}
{{- printf "8080" -}}
{{- end -}}
{{- end -}}
{{/* jobservice component service port */}}
{{- define "harbor.jobservice.servicePort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "443" -}}
{{- else -}}
{{- printf "80" -}}
{{- end -}}
{{- end -}}
{{/* portal component container port */}}
{{- define "harbor.portal.containerPort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "8443" -}}
{{- else -}}
{{- printf "8080" -}}
{{- end -}}
{{- end -}}
{{/* portal component service port */}}
{{- define "harbor.portal.servicePort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "443" -}}
{{- else -}}
{{- printf "80" -}}
{{- end -}}
{{- end -}}
{{/* registry component container port */}}
{{- define "harbor.registry.containerPort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "5443" -}}
{{- else -}}
{{- printf "5000" -}}
{{- end -}}
{{- end -}}
{{/* registry component service port */}}
{{- define "harbor.registry.servicePort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "5443" -}}
{{- else -}}
{{- printf "5000" -}}
{{- end -}}
{{- end -}}
{{/* registryctl component container port */}}
{{- define "harbor.registryctl.containerPort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "8443" -}}
{{- else -}}
{{- printf "8080" -}}
{{- end -}}
{{- end -}}
{{/* registryctl component service port */}}
{{- define "harbor.registryctl.servicePort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "8443" -}}
{{- else -}}
{{- printf "8080" -}}
{{- end -}}
{{- end -}}
{{/* trivy component container port */}}
{{- define "harbor.trivy.containerPort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "8443" -}}
{{- else -}}
{{- printf "8080" -}}
{{- end -}}
{{- end -}}
{{/* trivy component service port */}}
{{- define "harbor.trivy.servicePort" -}}
{{- if .Values.internalTLS.enabled -}}
{{- printf "8443" -}}
{{- else -}}
{{- printf "8080" -}}
{{- end -}}
{{- end -}}
{{/* CLAIR_ADAPTER_URL */}}
{{- define "harbor.clairAdapterURL" -}}
{{- printf "%s://%s:%s" (include "harbor.component.scheme" .) (include "harbor.clair" .) (include "harbor.clairAdapter.servicePort" .) -}}
{{- end -}}
{{/* CORE_URL */}}
{{/* port is included in this url as a workaround for issue https://github.com/aquasecurity/harbor-scanner-trivy/issues/108 */}}
{{- define "harbor.coreURL" -}}
{{- printf "%s://%s:%s" (include "harbor.component.scheme" .) (include "harbor.core" .) (include "harbor.core.servicePort" .) -}}
{{- end -}}
{{/* JOBSERVICE_URL */}}
{{- define "harbor.jobserviceURL" -}}
{{- printf "%s://%s-jobservice" (include "harbor.component.scheme" .) (include "harbor.fullname" .) -}}
{{- end -}}
{{/* PORTAL_URL */}}
{{- define "harbor.portalURL" -}}
{{- printf "%s://%s" (include "harbor.component.scheme" .) (include "harbor.portal" .) -}}
{{- end -}}
{{/* REGISTRY_URL */}}
{{- define "harbor.registryURL" -}}
{{- printf "%s://%s:%s" (include "harbor.component.scheme" .) (include "harbor.registry" .) (include "harbor.registry.servicePort" .) -}}
{{- end -}}
{{/* REGISTRY_CONTROLLER_URL */}}
{{- define "harbor.registryControllerURL" -}}
{{- printf "%s://%s:%s" (include "harbor.component.scheme" .) (include "harbor.registry" .) (include "harbor.registryctl.servicePort" .) -}}
{{- end -}}
{{/* TOKEN_SERVICE_URL */}}
{{- define "harbor.tokenServiceURL" -}}
{{- printf "%s/service/token" (include "harbor.coreURL" .) -}}
{{- end -}}
{{/* TRIVY_ADAPTER_URL */}}
{{- define "harbor.trivyAdapterURL" -}}
{{- printf "%s://%s:%s" (include "harbor.component.scheme" .) (include "harbor.trivy" .) (include "harbor.trivy.servicePort" .) -}}
{{- end -}}
{{- define "harbor.internalTLS.chartmuseum.secretName" -}}
{{- if eq .Values.internalTLS.certSource "secret" -}}
{{- .Values.internalTLS.chartmuseum.secretName -}}
{{- else -}}
{{- printf "%s-chartmuseum-internal-tls" (include "harbor.fullname" .) -}}
{{- end -}}
{{- end -}}
{{- define "harbor.internalTLS.clair.secretName" -}}
{{- if eq .Values.internalTLS.certSource "secret" -}}
{{- .Values.internalTLS.clair.secretName -}}
{{- else -}}
{{- printf "%s-clair-internal-tls" (include "harbor.fullname" .) -}}
{{- end -}}
{{- end -}}
{{- define "harbor.internalTLS.core.secretName" -}}
{{- if eq .Values.internalTLS.certSource "secret" -}}
{{- .Values.internalTLS.core.secretName -}}
{{- else -}}
{{- printf "%s-core-internal-tls" (include "harbor.fullname" .) -}}
{{- end -}}
{{- end -}}
{{- define "harbor.internalTLS.jobservice.secretName" -}}
{{- if eq .Values.internalTLS.certSource "secret" -}}
{{- .Values.internalTLS.jobservice.secretName -}}
{{- else -}}
{{- printf "%s-jobservice-internal-tls" (include "harbor.fullname" .) -}}
{{- end -}}
{{- end -}}
{{- define "harbor.internalTLS.portal.secretName" -}}
{{- if eq .Values.internalTLS.certSource "secret" -}}
{{- .Values.internalTLS.portal.secretName -}}
{{- else -}}
{{- printf "%s-portal-internal-tls" (include "harbor.fullname" .) -}}
{{- end -}}
{{- end -}}
{{- define "harbor.internalTLS.registry.secretName" -}}
{{- if eq .Values.internalTLS.certSource "secret" -}}
{{- .Values.internalTLS.registry.secretName -}}
{{- else -}}
{{- printf "%s-registry-internal-tls" (include "harbor.fullname" .) -}}
{{- end -}}
{{- end -}}
{{- define "harbor.internalTLS.trivy.secretName" -}}
{{- if eq .Values.internalTLS.certSource "secret" -}}
{{- .Values.internalTLS.trivy.secretName -}}
{{- else -}}
{{- printf "%s-trivy-internal-tls" (include "harbor.fullname" .) -}}
{{- end -}}
{{- end -}}
{{- if .Values.chartmuseum.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.chartmuseum" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
data:
PORT: "{{ template "harbor.chartmuseum.containerPort" . }}"
{{- if .Values.internalTLS.enabled }}
TLS_CERT: "/etc/harbor/ssl/chartmuseum.crt"
TLS_KEY: "/etc/harbor/ssl/chartmuseum.key"
{{- end }}
CACHE: "redis"
CACHE_REDIS_ADDR: "{{ template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}"
CACHE_REDIS_DB: "{{ template "harbor.redis.chartmuseumDatabaseIndex" . }}"
BASIC_AUTH_USER: "chart_controller"
{{- if .Values.chartmuseum.absoluteUrl }}
CHART_URL: {{ .Values.externalURL }}/chartrepo
{{- end }}
DEPTH: "1"
{{- if eq .Values.logLevel "debug" }}
DEBUG: "true"
{{- else }}
DEBUG: "false"
{{- end }}
LOG_JSON: "true"
DISABLE_METRICS: "false"
DISABLE_API: "false"
DISABLE_STATEFILES: "false"
ALLOW_OVERWRITE: "true"
AUTH_ANONYMOUS_GET: "false"
CONTEXT_PATH: ""
INDEX_LIMIT: "0"
MAX_STORAGE_OBJECTS: "0"
MAX_UPLOAD_SIZE: "20971520"
CHART_POST_FORM_FIELD_NAME: "chart"
PROV_POST_FORM_FIELD_NAME: "prov"
{{- $storage := .Values.persistence.imageChartStorage }}
{{- $storageType := $storage.type }}
{{- if eq $storageType "filesystem" }}
STORAGE: "local"
STORAGE_LOCAL_ROOTDIR: "/chart_storage"
{{- else if eq $storageType "azure" }}
STORAGE: "microsoft"
STORAGE_MICROSOFT_CONTAINER: {{ $storage.azure.container }}
AZURE_STORAGE_ACCOUNT: {{ $storage.azure.accountname }}
AZURE_BASE_URL: {{ $storage.azure.realm }}
STORAGE_MICROSOFT_PREFIX: "/azure/harbor/charts"
{{- else if eq $storageType "gcs" }}
STORAGE: "google"
STORAGE_GOOGLE_BUCKET: {{ $storage.gcs.bucket }}
GOOGLE_APPLICATION_CREDENTIALS: /etc/chartmuseum/gcs-key.json
{{- if $storage.gcs.rootdirectory }}
STORAGE_GOOGLE_PREFIX: {{ $storage.gcs.rootdirectory }}
{{- end }}
{{- else if eq $storageType "s3" }}
STORAGE: "amazon"
STORAGE_AMAZON_BUCKET: {{ $storage.s3.bucket }}
{{- if $storage.s3.rootdirectory }}
STORAGE_AMAZON_PREFIX: {{ $storage.s3.rootdirectory }}
{{- end }}
STORAGE_AMAZON_REGION: {{ $storage.s3.region }}
{{- if $storage.s3.regionendpoint }}
STORAGE_AMAZON_ENDPOINT: {{ $storage.s3.regionendpoint }}
{{- end }}
{{- if $storage.s3.accesskey }}
AWS_ACCESS_KEY_ID: {{ $storage.s3.accesskey }}
{{- end }}
{{- if $storage.s3.keyid }}
STORAGE_AMAZON_SSE: aws:kms
{{- end }}
{{- else if eq $storageType "swift" }}
STORAGE: "openstack"
STORAGE_OPENSTACK_CONTAINER: {{ $storage.swift.container }}
{{- if $storage.swift.prefix }}
STORAGE_OPENSTACK_PREFIX: {{ $storage.swift.prefix }}
{{- end }}
{{- if $storage.swift.region }}
STORAGE_OPENSTACK_REGION: {{ $storage.swift.region }}
{{- end }}
OS_AUTH_URL: {{ $storage.swift.authurl }}
OS_USERNAME: {{ $storage.swift.username }}
{{- if $storage.swift.tenantid }}
OS_PROJECT_ID: {{ $storage.swift.tenantid }}
{{- end }}
{{- if $storage.swift.tenant }}
OS_PROJECT_NAME: {{ $storage.swift.tenant }}
{{- end }}
{{- if $storage.swift.domainid }}
OS_DOMAIN_ID: {{ $storage.swift.domainid }}
{{- end }}
{{- if $storage.swift.domain }}
OS_DOMAIN_NAME: {{ $storage.swift.domain }}
{{- end }}
{{- else if eq $storageType "oss" }}
STORAGE: "alibaba"
STORAGE_ALIBABA_BUCKET: {{ $storage.oss.bucket }}
{{- if $storage.oss.rootdirectory }}
STORAGE_ALIBABA_PREFIX: {{ $storage.oss.rootdirectory }}
{{- end }}
{{- if $storage.oss.endpoint }}
STORAGE_ALIBABA_ENDPOINT: {{ $storage.oss.endpoint }}
{{- end }}
ALIBABA_CLOUD_ACCESS_KEY_ID: {{ $storage.oss.accesskeyid }}
{{- end }}
{{- end }}
{{- if .Values.chartmuseum.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ template "harbor.chartmuseum" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
component: chartmuseum
spec:
replicas: {{ .Values.chartmuseum.replicas }}
strategy:
type: {{ .Values.updateStrategy.type }}
{{- if eq .Values.updateStrategy.type "Recreate" }}
rollingUpdate: null
{{- end }}
selector:
matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
component: chartmuseum
template:
metadata:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: chartmuseum
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }}
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
{{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }}
checksum/tls: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-tls.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.chartmuseum.podAnnotations }}
{{ toYaml .Values.chartmuseum.podAnnotations | indent 8 }}
{{- end }}
spec:
securityContext:
fsGroup: 10000
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: chartmuseum
image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
path: /health
scheme: {{ include "harbor.component.scheme" . | upper }}
port: {{ template "harbor.chartmuseum.containerPort" . }}
initialDelaySeconds: 300
periodSeconds: 10
readinessProbe:
httpGet:
path: /health
scheme: {{ include "harbor.component.scheme" . | upper }}
port: {{ template "harbor.chartmuseum.containerPort" . }}
initialDelaySeconds: 1
periodSeconds: 10
{{- if .Values.chartmuseum.resources }}
resources:
{{ toYaml .Values.chartmuseum.resources | indent 10 }}
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "harbor.chartmuseum" . }}"
- secretRef:
name: "{{ template "harbor.chartmuseum" . }}"
env:
{{- if has "chartmuseum" .Values.proxy.components }}
- name: HTTP_PROXY
value: "{{ .Values.proxy.httpProxy }}"
- name: HTTPS_PROXY
value: "{{ .Values.proxy.httpsProxy }}"
- name: NO_PROXY
value: "{{ template "harbor.noProxy" . }}"
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: INTERNAL_TLS_ENABLED
value: "true"
- name: INTERNAL_TLS_KEY_PATH
value: /etc/harbor/ssl/chartmuseum.key
- name: INTERNAL_TLS_CERT_PATH
value: /etc/harbor/ssl/chartmuseum.crt
- name: INTERNAL_TLS_TRUST_CA_PATH
value: /harbor_cust_cert/harbor_internal_ca.crt
{{- end }}
- name: BASIC_AUTH_PASS
valueFrom:
secretKeyRef:
name: {{ template "harbor.core" . }}
key: secret
ports:
- containerPort: {{ template "harbor.chartmuseum.containerPort" . }}
volumeMounts:
- name: chartmuseum-data
mountPath: /chart_storage
subPath: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.subPath }}
{{- if .Values.internalTLS.enabled }}
- name: chart-internal-certs
mountPath: /harbor_cust_cert/harbor_internal_ca.crt
subPath: ca.crt
- name: chart-internal-certs
mountPath: /etc/harbor/ssl/chartmuseum.crt
subPath: tls.crt
- name: chart-internal-certs
mountPath: /etc/harbor/ssl/chartmuseum.key
subPath: tls.key
{{- end }}
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }}
- name: gcs-key
mountPath: /etc/chartmuseum/gcs-key.json
subPath: gcs-key.json
{{- end }}
{{- if .Values.persistence.imageChartStorage.caBundleSecretName }}
- name: storage-service-ca
mountPath: /harbor_cust_cert/custom-ca-bundle.crt
subPath: ca.crt
{{- end }}
volumes:
- name: chartmuseum-data
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.existingClaim | default (include "harbor.chartmuseum" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: chart-internal-certs
secret:
secretName: {{ template "harbor.internalTLS.chartmuseum.secretName" . }}
{{- end }}
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }}
- name: gcs-key
secret:
secretName: {{ template "harbor.registry" . }}
items:
- key: GCS_KEY_DATA
path: gcs-key.json
{{- end }}
{{- if .Values.persistence.imageChartStorage.caBundleSecretName }}
- name: storage-service-ca
secret:
secretName: {{ .Values.persistence.imageChartStorage.caBundleSecretName }}
{{- end }}
{{- with .Values.chartmuseum.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.chartmuseum.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.chartmuseum.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.chartmuseum.enabled }}
{{- $persistence := .Values.persistence -}}
{{- if $persistence.enabled }}
{{- $chartmuseum := $persistence.persistentVolumeClaim.chartmuseum -}}
{{- if and (not $chartmuseum.existingClaim) (eq $persistence.imageChartStorage.type "filesystem") }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "harbor.chartmuseum" . }}
{{- if eq $persistence.resourcePolicy "keep" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: chartmuseum
spec:
accessModes:
- {{ $chartmuseum.accessMode }}
resources:
requests:
storage: {{ $chartmuseum.size }}
{{- if $chartmuseum.storageClass }}
{{- if eq "-" $chartmuseum.storageClass }}
storageClassName: ""
{{- else }}
storageClassName: {{ $chartmuseum.storageClass }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
\ No newline at end of file
{{- if .Values.chartmuseum.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.chartmuseum" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
CACHE_REDIS_PASSWORD: {{ include "harbor.redis.rawPassword" . | b64enc | quote }}
{{- $storage := .Values.persistence.imageChartStorage }}
{{- $storageType := $storage.type }}
{{- if eq $storageType "azure" }}
AZURE_STORAGE_ACCESS_KEY: {{ $storage.azure.accountkey | b64enc | quote }}
{{- else if eq $storageType "gcs" }}
# TODO support the keyfile of gcs
{{- else if eq $storageType "s3" }}
{{- if $storage.s3.secretkey }}
AWS_SECRET_ACCESS_KEY: {{ $storage.s3.secretkey | b64enc | quote }}
{{- end }}
{{- else if eq $storageType "swift" }}
OS_PASSWORD: {{ $storage.swift.password | b64enc | quote }}
{{- else if eq $storageType "oss" }}
ALIBABA_CLOUD_ACCESS_KEY_SECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }}
{{- end }}
{{- end }}
\ No newline at end of file
{{- if .Values.chartmuseum.enabled }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.chartmuseum" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
ports:
- port: {{ template "harbor.chartmuseum.servicePort" . }}
targetPort: {{ template "harbor.chartmuseum.containerPort" . }}
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: chartmuseum
{{- end }}
\ No newline at end of file
{{- if and .Values.chartmuseum.enabled .Values.internalTLS.enabled }}
{{- if eq .Values.internalTLS.certSource "manual" }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.chartmuseum.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
tls.ca: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
tls.crt: {{ (required "The \"internalTLS.chartmuseum.crt\" is required!" .Values.internalTLS.chartmuseum.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.chartmuseum.key\" is required!" .Values.internalTLS.chartmuseum.key) | b64enc | quote }}
{{- end }}
{{- end }}
{{ if .Values.clair.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "harbor.clair" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: clair
spec:
replicas: {{ .Values.clair.replicas }}
selector:
matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
component: clair
template:
metadata:
labels:
{{ include "harbor.labels" . | indent 8 }}
component: clair
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/clair/clair-secret.yaml") . | sha256sum }}
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
{{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }}
checksum/tls: {{ include (print $.Template.BasePath "/clair/clair-tls.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.clair.podAnnotations }}
{{ toYaml .Values.clair.podAnnotations | indent 8 }}
{{- end }}
spec:
securityContext:
fsGroup: 10000
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: clair
image: {{ .Values.clair.clair.image.repository }}:{{ .Values.clair.clair.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
path: /health
port: 6061
initialDelaySeconds: 300
periodSeconds: 10
readinessProbe:
httpGet:
path: /health
port: 6061
initialDelaySeconds: 30
periodSeconds: 10
args: ["-log-level", "{{ .Values.logLevel }}"]
env:
{{- if has "clair" .Values.proxy.components }}
- name: HTTP_PROXY
value: "{{ .Values.proxy.httpProxy }}"
- name: HTTPS_PROXY
value: "{{ .Values.proxy.httpsProxy }}"
- name: NO_PROXY
value: "{{ template "harbor.noProxy" . }}"
{{- end }}
{{- if .Values.clair.clair.resources }}
resources:
{{ toYaml .Values.clair.clair.resources | indent 10 }}
{{- end }}
ports:
- containerPort: 6060
volumeMounts:
- name: config
mountPath: /etc/clair/config.yaml
subPath: config.yaml
{{- if .Values.internalTLS.enabled }}
- name: clair-internal-certs
mountPath: /harbor_cust_cert/harbor_internal_ca.crt
subPath: ca.crt
- name: clair-internal-certs
mountPath: /etc/harbor/ssl/clair_adapter.crt
subPath: tls.crt
- name: clair-internal-certs
mountPath: /etc/harbor/ssl/clair_adapter.key
subPath: tls.key
{{- end }}
- name: adapter
image: {{ .Values.clair.adapter.image.repository }}:{{ .Values.clair.adapter.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
path: /probe/healthy
scheme: {{ include "harbor.component.scheme" . | upper }}
port: {{ template "harbor.clairAdapter.containerPort" . }}
initialDelaySeconds: 300
periodSeconds: 10
readinessProbe:
httpGet:
path: /probe/ready
scheme: {{ include "harbor.component.scheme" . | upper }}
port: {{ template "harbor.clairAdapter.containerPort" . }}
initialDelaySeconds: 30
periodSeconds: 10
env:
- name: SCANNER_CLAIR_URL
# To avoid a pod cannot reach itself via service IP when the clusters disable hairpin
value: "http://127.0.0.1:6060"
- name: SCANNER_STORE_REDIS_URL
valueFrom:
secretKeyRef:
name: {{ template "harbor.clair" . }}
key: redis
- name: SCANNER_CLAIR_DATABASE_URL
valueFrom:
secretKeyRef:
name: {{ template "harbor.clair" . }}
key: database
{{- if .Values.internalTLS.enabled }}
- name: INTERNAL_TLS_ENABLED
value: "true"
- name: SCANNER_API_SERVER_ADDR
value: ":8443"
- name: SCANNER_API_SERVER_TLS_KEY
value: /etc/harbor/ssl/clair_adapter.key
- name: SCANNER_API_SERVER_TLS_CERTIFICATE
value: /etc/harbor/ssl/clair_adapter.crt
{{- end }}
- name: SCANNER_LOG_LEVEL
value: "{{ .Values.logLevel }}"
{{- if .Values.clair.adapter.resources }}
resources:
{{ toYaml .Values.clair.adapter.resources | indent 10 }}
{{- end }}
ports:
- containerPort: {{ template "harbor.clairAdapter.containerPort" . }}
{{- if .Values.internalTLS.enabled }}
volumeMounts:
- name: clair-internal-certs
mountPath: /harbor_cust_cert/harbor_internal_ca.crt
subPath: ca.crt
- name: clair-internal-certs
mountPath: /etc/harbor/ssl/clair_adapter.crt
subPath: tls.crt
- name: clair-internal-certs
mountPath: /etc/harbor/ssl/clair_adapter.key
subPath: tls.key
{{- end }}
volumes:
- name: config
secret:
secretName: "{{ template "harbor.clair" . }}"
{{- if .Values.internalTLS.enabled }}
- name: clair-internal-certs
secret:
secretName: {{ template "harbor.internalTLS.clair.secretName" . }}
{{- end }}
{{- with .Values.clair.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.clair.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.clair.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{ end }}
{{- if .Values.clair.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "harbor.clair" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
config.yaml: {{ tpl (.Files.Get "conf/clair.yaml") . | b64enc }}
redis: {{ include "harbor.redisForClairAdapter" . | b64enc }}
database: {{ include "harbor.database.clair" . | b64enc }}
{{- end }}
\ No newline at end of file
{{ if .Values.clair.enabled }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.clair" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
ports:
- name: adapter
port: {{ include "harbor.clairAdapter.servicePort" . }}
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: clair
{{ end }}
{{- if and .Values.clair.enabled .Values.internalTLS.enabled }}
{{- if eq .Values.internalTLS.certSource "manual" }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.clair.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
tls.crt: {{ (required "The \"internalTLS.clair.crt\" is required!" .Values.internalTLS.clair.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.clair.key\" is required!" .Values.internalTLS.clair.key) | b64enc | quote }}
{{- end }}
{{- end }}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment