From 09edf75966199a388b9dcdf3d180a429a82b2a0e Mon Sep 17 00:00:00 2001 From: Vincent Ni Date: Wed, 1 Mar 2023 15:45:30 -0800 Subject: [PATCH] add digest, namespace and imagepullsecret support --- templates/_helpers.tpl | 14 ++- templates/chartmuseum/chartmuseum-cm.yaml | 1 + templates/chartmuseum/chartmuseum-dpl.yaml | 4 +- templates/chartmuseum/chartmuseum-pvc.yaml | 1 + templates/chartmuseum/chartmuseum-secret.yaml | 1 + templates/chartmuseum/chartmuseum-svc.yaml | 1 + templates/chartmuseum/chartmuseum-tls.yaml | 1 + templates/core/core-cm.yaml | 1 + templates/core/core-dpl.yaml | 4 +- templates/core/core-pre-upgrade-job.yaml | 4 +- templates/core/core-secret.yaml | 3 +- templates/core/core-svc.yaml | 1 + templates/core/core-tls.yaml | 1 + templates/core/secret.yaml | 16 ++++ templates/database/database-secret.yaml | 1 + templates/database/database-ss.yaml | 9 +- templates/database/database-svc.yaml | 1 + templates/exporter/exporter-cm-env.yaml | 1 + templates/exporter/exporter-dpl.yaml | 4 +- templates/exporter/exporter-secret.yaml | 1 + templates/exporter/exporter-svc.yaml | 1 + templates/ingress/ingress.yaml | 2 + templates/ingress/secret.yaml | 1 + templates/internal/auto-tls.yaml | 6 ++ templates/jobservice/jobservice-cm-env.yaml | 1 + templates/jobservice/jobservice-cm.yaml | 1 + templates/jobservice/jobservice-dpl.yaml | 4 +- templates/jobservice/jobservice-pvc.yaml | 1 + templates/jobservice/jobservice-secrets.yaml | 1 + templates/jobservice/jobservice-svc.yaml | 1 + templates/jobservice/jobservice-tls.yaml | 1 + templates/metrics/metrics-svcmon.yaml | 1 + templates/nginx/configmap-http.yaml | 1 + templates/nginx/configmap-https.yaml | 1 + templates/nginx/deployment.yaml | 4 +- templates/nginx/secret.yaml | 1 + templates/nginx/service.yaml | 1 + templates/notary/notary-secret.yaml | 1 + templates/notary/notary-server.yaml | 4 +- templates/notary/notary-signer.yaml | 4 +- templates/notary/notary-svc.yaml | 2 + templates/portal/configmap.yaml | 1 + templates/portal/deployment.yaml | 4 +- templates/portal/service.yaml | 1 + templates/portal/tls.yaml | 1 + templates/redis/service.yaml | 1 + templates/redis/statefulset.yaml | 5 +- templates/registry/registry-cm.yaml | 1 + templates/registry/registry-dpl.yaml | 6 +- templates/registry/registry-pvc.yaml | 1 + templates/registry/registry-secret.yaml | 2 + templates/registry/registry-svc.yaml | 1 + templates/registry/registry-tls.yaml | 1 + templates/registry/registryctl-cm.yaml | 1 + templates/registry/registryctl-secret.yaml | 1 + templates/trivy/trivy-secret.yaml | 1 + templates/trivy/trivy-sts.yaml | 5 +- templates/trivy/trivy-svc.yaml | 1 + templates/trivy/trivy-tls.yaml | 1 + values.yaml | 85 +++++++++++-------- 60 files changed, 175 insertions(+), 55 deletions(-) create mode 100644 templates/core/secret.yaml diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index e92b8ec..8c02d4c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -603,4 +603,16 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab {{/* Allow KubeVersion to be overridden. */}} {{- define "harbor.ingress.kubeVersion" -}} {{- default .Capabilities.KubeVersion.Version .Values.expose.ingress.kubeVersionOverride -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* Generate image repository path. */}} +{{- define "harbor.image.repository.path" -}} + {{- .repository }}@{{ .digest -}} +{{- end -}} + +{{/* Create imagePullSecret */}} +{{- define "imagePullSecret" }} +{{- with .Values.imageCredentials }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} diff --git a/templates/chartmuseum/chartmuseum-cm.yaml b/templates/chartmuseum/chartmuseum-cm.yaml index 754e86e..5a4480d 100644 --- a/templates/chartmuseum/chartmuseum-cm.yaml +++ b/templates/chartmuseum/chartmuseum-cm.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: "{{ template "harbor.chartmuseum" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} data: diff --git a/templates/chartmuseum/chartmuseum-dpl.yaml b/templates/chartmuseum/chartmuseum-dpl.yaml index a6f5c27..1ab7c0c 100644 --- a/templates/chartmuseum/chartmuseum-dpl.yaml +++ b/templates/chartmuseum/chartmuseum-dpl.yaml @@ -5,6 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: "{{ template "harbor.chartmuseum" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: chartmuseum @@ -22,6 +23,7 @@ spec: component: chartmuseum template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} component: chartmuseum @@ -51,7 +53,7 @@ spec: automountServiceAccountToken: {{ .Values.chartmuseum.automountServiceAccountToken | default false }} containers: - name: chartmuseum - image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.chartmuseum.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: diff --git a/templates/chartmuseum/chartmuseum-pvc.yaml b/templates/chartmuseum/chartmuseum-pvc.yaml index fd62ac3..4bff3f3 100644 --- a/templates/chartmuseum/chartmuseum-pvc.yaml +++ b/templates/chartmuseum/chartmuseum-pvc.yaml @@ -7,6 +7,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ template "harbor.chartmuseum" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} annotations: {{- range $key, $value := $chartmuseum.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/templates/chartmuseum/chartmuseum-secret.yaml b/templates/chartmuseum/chartmuseum-secret.yaml index 900e4ef..a0e9149 100644 --- a/templates/chartmuseum/chartmuseum-secret.yaml +++ b/templates/chartmuseum/chartmuseum-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.chartmuseum" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: Opaque diff --git a/templates/chartmuseum/chartmuseum-svc.yaml b/templates/chartmuseum/chartmuseum-svc.yaml index df58475..6b6580d 100644 --- a/templates/chartmuseum/chartmuseum-svc.yaml +++ b/templates/chartmuseum/chartmuseum-svc.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: "{{ template "harbor.chartmuseum" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} spec: diff --git a/templates/chartmuseum/chartmuseum-tls.yaml b/templates/chartmuseum/chartmuseum-tls.yaml index cda17c3..5f9e540 100644 --- a/templates/chartmuseum/chartmuseum-tls.yaml +++ b/templates/chartmuseum/chartmuseum-tls.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.chartmuseum.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls diff --git a/templates/core/core-cm.yaml b/templates/core/core-cm.yaml index ff08176..e02827b 100644 --- a/templates/core/core-cm.yaml +++ b/templates/core/core-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "harbor.core" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} data: diff --git a/templates/core/core-dpl.yaml b/templates/core/core-dpl.yaml index fa7fd42..5e1383f 100644 --- a/templates/core/core-dpl.yaml +++ b/templates/core/core-dpl.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "harbor.core" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: core @@ -14,6 +15,7 @@ spec: component: core template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.matchLabels" . | indent 8 }} component: core @@ -44,7 +46,7 @@ spec: terminationGracePeriodSeconds: 120 containers: - name: core - image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.core.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} {{- if .Values.core.startupProbe.enabled }} startupProbe: diff --git a/templates/core/core-pre-upgrade-job.yaml b/templates/core/core-pre-upgrade-job.yaml index 43c9d35..5d25cd1 100644 --- a/templates/core/core-pre-upgrade-job.yaml +++ b/templates/core/core-pre-upgrade-job.yaml @@ -3,6 +3,7 @@ apiVersion: batch/v1 kind: Job metadata: name: migration-job + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: migrator @@ -14,6 +15,7 @@ metadata: spec: template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.matchLabels" . | indent 8 }} component: migrator @@ -32,7 +34,7 @@ spec: terminationGracePeriodSeconds: 120 containers: - name: core-job - image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.core.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} command: ["/harbor/harbor_core", "-mode=migrate"] envFrom: diff --git a/templates/core/core-secret.yaml b/templates/core/core-secret.yaml index f14823f..f4f2a2e 100644 --- a/templates/core/core-secret.yaml +++ b/templates/core/core-secret.yaml @@ -2,12 +2,13 @@ apiVersion: v1 kind: Secret metadata: name: {{ template "harbor.core" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: Opaque data: {{- if not .Values.existingSecretSecretKey }} - secretKey: {{ .Values.secretKey | b64enc | quote }} + secretKey: {{ required ".Values.secretKey must be set!" .Values.secretKey | b64enc | quote }} {{- end }} secret: {{ .Values.core.secret | default (randAlphaNum 16) | b64enc | quote }} {{- if not .Values.core.secretName }} diff --git a/templates/core/core-svc.yaml b/templates/core/core-svc.yaml index 0d2cfb2..56b85e2 100644 --- a/templates/core/core-svc.yaml +++ b/templates/core/core-svc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "harbor.core" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} {{- with .Values.core.serviceAnnotations }} diff --git a/templates/core/core-tls.yaml b/templates/core/core-tls.yaml index c52148f..4c26890 100644 --- a/templates/core/core-tls.yaml +++ b/templates/core/core-tls.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.core.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls diff --git a/templates/core/secret.yaml b/templates/core/secret.yaml new file mode 100644 index 0000000..f87c66c --- /dev/null +++ b/templates/core/secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.imagePullSecrets }} +{{- if .Values.pullSecretName }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.pullSecretName }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} +type: kubernetes.io/dockerconfigjson +data: + {{- if .Values.pullSecretData }} + .dockerconfigjson: {{ .Values.pullSecretData }} + {{- else }} + .dockerconfigjson: {{ template "imagePullSecret" . }} + {{- end }} +{{- end }} +{{- end }} diff --git a/templates/database/database-secret.yaml b/templates/database/database-secret.yaml index 864aff4..07c0d7b 100644 --- a/templates/database/database-secret.yaml +++ b/templates/database/database-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.database" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: Opaque diff --git a/templates/database/database-ss.yaml b/templates/database/database-ss.yaml index 733243c..d9a7772 100644 --- a/templates/database/database-ss.yaml +++ b/templates/database/database-ss.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: "{{ template "harbor.database" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: database @@ -16,6 +17,7 @@ spec: component: database template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} component: database @@ -43,7 +45,7 @@ spec: # for more detail. # we may remove it after several releases - name: "data-migrator" - image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.database.internal.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} command: ["/bin/sh"] args: ["-c", "[ -e /var/lib/postgresql/data/postgresql.conf ] && [ ! -d /var/lib/postgresql/data/pgdata ] && mkdir -m 0700 /var/lib/postgresql/data/pgdata && mv /var/lib/postgresql/data/* /var/lib/postgresql/data/pgdata/ || true"] @@ -60,7 +62,7 @@ spec: # use this init container to correct the permission # as "fsGroup" applied before the init container running, the container has enough permission to execute the command - name: "data-permissions-ensurer" - image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.database.internal.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} command: ["/bin/sh"] args: ["-c", "chmod -R 700 /var/lib/postgresql/data/pgdata || true"] @@ -74,7 +76,7 @@ spec: subPath: {{ $database.subPath }} containers: - name: database - image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.database.internal.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: exec: @@ -140,6 +142,7 @@ spec: volumeClaimTemplates: - metadata: name: "database-data" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} annotations: diff --git a/templates/database/database-svc.yaml b/templates/database/database-svc.yaml index 6475048..3528cc9 100644 --- a/templates/database/database-svc.yaml +++ b/templates/database/database-svc.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: "{{ template "harbor.database" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} spec: diff --git a/templates/exporter/exporter-cm-env.yaml b/templates/exporter/exporter-cm-env.yaml index 0bf4e7d..63d7690 100644 --- a/templates/exporter/exporter-cm-env.yaml +++ b/templates/exporter/exporter-cm-env.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: "{{ template "harbor.exporter" . }}-env" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} data: diff --git a/templates/exporter/exporter-dpl.yaml b/templates/exporter/exporter-dpl.yaml index 99d0a1a..94cb79f 100644 --- a/templates/exporter/exporter-dpl.yaml +++ b/templates/exporter/exporter-dpl.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "harbor.exporter" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: exporter @@ -15,6 +16,7 @@ spec: component: exporter template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} component: exporter @@ -36,7 +38,7 @@ spec: automountServiceAccountToken: {{ .Values.exporter.automountServiceAccountToken | default false }} containers: - name: exporter - image: {{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.exporter.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: diff --git a/templates/exporter/exporter-secret.yaml b/templates/exporter/exporter-secret.yaml index 328470f..02e0a1d 100644 --- a/templates/exporter/exporter-secret.yaml +++ b/templates/exporter/exporter-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ template "harbor.exporter" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: Opaque diff --git a/templates/exporter/exporter-svc.yaml b/templates/exporter/exporter-svc.yaml index 4a6f3fd..de69ef3 100644 --- a/templates/exporter/exporter-svc.yaml +++ b/templates/exporter/exporter-svc.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: "{{ template "harbor.exporter" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} spec: diff --git a/templates/ingress/ingress.yaml b/templates/ingress/ingress.yaml index eedd136..924dda6 100644 --- a/templates/ingress/ingress.yaml +++ b/templates/ingress/ingress.yaml @@ -38,6 +38,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: "{{ template "harbor.ingress" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} {{- if $ingress.harbor.labels }} @@ -157,6 +158,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: "{{ template "harbor.ingress-notary" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} {{- if $ingress.notary.labels }} diff --git a/templates/ingress/secret.yaml b/templates/ingress/secret.yaml index 0d89af9..0072905 100644 --- a/templates/ingress/secret.yaml +++ b/templates/ingress/secret.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.ingress" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls diff --git a/templates/internal/auto-tls.yaml b/templates/internal/auto-tls.yaml index 6c7a5c9..6bc9548 100644 --- a/templates/internal/auto-tls.yaml +++ b/templates/internal/auto-tls.yaml @@ -14,6 +14,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.core.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls @@ -27,6 +28,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.jobservice.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls @@ -40,6 +42,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.registry.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls @@ -53,6 +56,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.portal.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls @@ -69,6 +73,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.chartmuseum.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls @@ -86,6 +91,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.trivy.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls diff --git a/templates/jobservice/jobservice-cm-env.yaml b/templates/jobservice/jobservice-cm-env.yaml index 28b8f75..09ec4f3 100644 --- a/templates/jobservice/jobservice-cm-env.yaml +++ b/templates/jobservice/jobservice-cm-env.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: "{{ template "harbor.jobservice" . }}-env" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} data: diff --git a/templates/jobservice/jobservice-cm.yaml b/templates/jobservice/jobservice-cm.yaml index 6500475..5c0675a 100644 --- a/templates/jobservice/jobservice-cm.yaml +++ b/templates/jobservice/jobservice-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: "{{ template "harbor.jobservice" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} data: diff --git a/templates/jobservice/jobservice-dpl.yaml b/templates/jobservice/jobservice-dpl.yaml index 32df454..a1642e2 100644 --- a/templates/jobservice/jobservice-dpl.yaml +++ b/templates/jobservice/jobservice-dpl.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: "{{ template "harbor.jobservice" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: jobservice @@ -19,6 +20,7 @@ spec: component: jobservice template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} component: jobservice @@ -50,7 +52,7 @@ spec: terminationGracePeriodSeconds: 120 containers: - name: jobservice - image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.jobservice.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: diff --git a/templates/jobservice/jobservice-pvc.yaml b/templates/jobservice/jobservice-pvc.yaml index a6b8b8b..fa28162 100644 --- a/templates/jobservice/jobservice-pvc.yaml +++ b/templates/jobservice/jobservice-pvc.yaml @@ -4,6 +4,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ template "harbor.jobservice" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} annotations: {{- range $key, $value := $jobLog.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/templates/jobservice/jobservice-secrets.yaml b/templates/jobservice/jobservice-secrets.yaml index 3dfa6bd..5093d57 100644 --- a/templates/jobservice/jobservice-secrets.yaml +++ b/templates/jobservice/jobservice-secrets.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.jobservice" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: Opaque diff --git a/templates/jobservice/jobservice-svc.yaml b/templates/jobservice/jobservice-svc.yaml index d2b7a47..13a9401 100644 --- a/templates/jobservice/jobservice-svc.yaml +++ b/templates/jobservice/jobservice-svc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: "{{ template "harbor.jobservice" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} spec: diff --git a/templates/jobservice/jobservice-tls.yaml b/templates/jobservice/jobservice-tls.yaml index 234cb39..3946104 100644 --- a/templates/jobservice/jobservice-tls.yaml +++ b/templates/jobservice/jobservice-tls.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.jobservice.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls diff --git a/templates/metrics/metrics-svcmon.yaml b/templates/metrics/metrics-svcmon.yaml index ad85229..061478c 100644 --- a/templates/metrics/metrics-svcmon.yaml +++ b/templates/metrics/metrics-svcmon.yaml @@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "harbor.fullname" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | nindent 4 }} {{- if .Values.metrics.serviceMonitor.additionalLabels }} {{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} diff --git a/templates/nginx/configmap-http.yaml b/templates/nginx/configmap-http.yaml index 3aa4263..828b7e5 100644 --- a/templates/nginx/configmap-http.yaml +++ b/templates/nginx/configmap-http.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "harbor.nginx" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} data: diff --git a/templates/nginx/configmap-https.yaml b/templates/nginx/configmap-https.yaml index 045c576..b1e0c8f 100644 --- a/templates/nginx/configmap-https.yaml +++ b/templates/nginx/configmap-https.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "harbor.nginx" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} data: diff --git a/templates/nginx/deployment.yaml b/templates/nginx/deployment.yaml index bc1de0a..414512d 100644 --- a/templates/nginx/deployment.yaml +++ b/templates/nginx/deployment.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "harbor.nginx" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: nginx @@ -15,6 +16,7 @@ spec: component: nginx template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} component: nginx @@ -44,7 +46,7 @@ spec: automountServiceAccountToken: {{ .Values.nginx.automountServiceAccountToken | default false }} containers: - name: nginx - image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}" + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.nginx.image }} imagePullPolicy: "{{ .Values.imagePullPolicy }}" {{- $_ := set . "scheme" "HTTP" -}} {{- $_ := set . "port" "8080" -}} diff --git a/templates/nginx/secret.yaml b/templates/nginx/secret.yaml index c819c55..6012913 100644 --- a/templates/nginx/secret.yaml +++ b/templates/nginx/secret.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ template "harbor.nginx" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: Opaque diff --git a/templates/nginx/service.yaml b/templates/nginx/service.yaml index df4da09..2ff22c1 100644 --- a/templates/nginx/service.yaml +++ b/templates/nginx/service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} {{- if eq .Values.expose.type "clusterIP" }} {{- $clusterIP := .Values.expose.clusterIP }} name: {{ $clusterIP.name }} diff --git a/templates/notary/notary-secret.yaml b/templates/notary/notary-secret.yaml index 6de63dd..d5df112 100644 --- a/templates/notary/notary-secret.yaml +++ b/templates/notary/notary-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ template "harbor.notary-server" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: notary diff --git a/templates/notary/notary-server.yaml b/templates/notary/notary-server.yaml index 64cfd29..247d6e9 100644 --- a/templates/notary/notary-server.yaml +++ b/templates/notary/notary-server.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "harbor.notary-server" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: notary-server @@ -14,6 +15,7 @@ spec: component: notary-server template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} component: notary-server @@ -37,7 +39,7 @@ spec: automountServiceAccountToken: {{ .Values.notary.server.automountServiceAccountToken | default false }} containers: - name: notary-server - image: {{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.notary.server.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: diff --git a/templates/notary/notary-signer.yaml b/templates/notary/notary-signer.yaml index d94e490..c8d99da 100644 --- a/templates/notary/notary-signer.yaml +++ b/templates/notary/notary-signer.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "harbor.notary-signer" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: notary-signer @@ -14,6 +15,7 @@ spec: component: notary-signer template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} component: notary-signer @@ -36,7 +38,7 @@ spec: automountServiceAccountToken: {{ .Values.notary.signer.automountServiceAccountToken | default false }} containers: - name: notary-signer - image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.notary.signer.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: diff --git a/templates/notary/notary-svc.yaml b/templates/notary/notary-svc.yaml index b6aa42d..552a22f 100644 --- a/templates/notary/notary-svc.yaml +++ b/templates/notary/notary-svc.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "harbor.notary-server" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} {{- with .Values.notary.serviceAnnotations }} @@ -24,6 +25,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "harbor.notary-signer" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} spec: diff --git a/templates/portal/configmap.yaml b/templates/portal/configmap.yaml index 1cea8ab..3d8a175 100644 --- a/templates/portal/configmap.yaml +++ b/templates/portal/configmap.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: "{{ template "harbor.portal" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} data: diff --git a/templates/portal/deployment.yaml b/templates/portal/deployment.yaml index 934dc56..b1b4260 100644 --- a/templates/portal/deployment.yaml +++ b/templates/portal/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: "{{ template "harbor.portal" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: portal @@ -14,6 +15,7 @@ spec: component: portal template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.matchLabels" . | indent 8 }} component: portal @@ -40,7 +42,7 @@ spec: automountServiceAccountToken: {{ .Values.portal.automountServiceAccountToken | default false }} containers: - name: portal - image: {{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.portal.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} {{- if .Values.portal.resources }} resources: diff --git a/templates/portal/service.yaml b/templates/portal/service.yaml index ff4eda4..dc6d2df 100644 --- a/templates/portal/service.yaml +++ b/templates/portal/service.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: "{{ template "harbor.portal" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} spec: diff --git a/templates/portal/tls.yaml b/templates/portal/tls.yaml index de63f4e..75b0be1 100644 --- a/templates/portal/tls.yaml +++ b/templates/portal/tls.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.portal.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls diff --git a/templates/redis/service.yaml b/templates/redis/service.yaml index 79c95c3..24fafd9 100644 --- a/templates/redis/service.yaml +++ b/templates/redis/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "harbor.redis" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} spec: diff --git a/templates/redis/statefulset.yaml b/templates/redis/statefulset.yaml index 74b7581..e6d3d08 100644 --- a/templates/redis/statefulset.yaml +++ b/templates/redis/statefulset.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "harbor.redis" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: redis @@ -16,6 +17,7 @@ spec: component: redis template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} component: redis @@ -38,7 +40,7 @@ spec: terminationGracePeriodSeconds: 120 containers: - name: redis - image: {{ .Values.redis.internal.image.repository }}:{{ .Values.redis.internal.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.redis.internal.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: tcpSocket: @@ -87,6 +89,7 @@ spec: volumeClaimTemplates: - metadata: name: data + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} annotations: diff --git a/templates/registry/registry-cm.yaml b/templates/registry/registry-cm.yaml index 4f7056c..85d3137 100644 --- a/templates/registry/registry-cm.yaml +++ b/templates/registry/registry-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: "{{ template "harbor.registry" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} data: diff --git a/templates/registry/registry-dpl.yaml b/templates/registry/registry-dpl.yaml index 118a165..ab83b98 100644 --- a/templates/registry/registry-dpl.yaml +++ b/templates/registry/registry-dpl.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: "{{ template "harbor.registry" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: registry @@ -21,6 +22,7 @@ spec: component: registry template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} component: registry @@ -53,7 +55,7 @@ spec: terminationGracePeriodSeconds: 120 containers: - name: registry - image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.registry.registry.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: @@ -145,7 +147,7 @@ spec: {{ include "harbor.caBundleVolumeMount" . | indent 8 }} {{- end }} - name: registryctl - image: {{ .Values.registry.controller.image.repository }}:{{ .Values.registry.controller.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.registry.controller.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} livenessProbe: httpGet: diff --git a/templates/registry/registry-pvc.yaml b/templates/registry/registry-pvc.yaml index 2112e22..3e092d0 100644 --- a/templates/registry/registry-pvc.yaml +++ b/templates/registry/registry-pvc.yaml @@ -5,6 +5,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ template "harbor.registry" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} annotations: {{- range $key, $value := $registry.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/templates/registry/registry-secret.yaml b/templates/registry/registry-secret.yaml index 5294629..1b7ae65 100644 --- a/templates/registry/registry-secret.yaml +++ b/templates/registry/registry-secret.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.registry" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: Opaque @@ -40,6 +41,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.registry" . }}-htpasswd" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: Opaque diff --git a/templates/registry/registry-svc.yaml b/templates/registry/registry-svc.yaml index 749690e..c582af4 100644 --- a/templates/registry/registry-svc.yaml +++ b/templates/registry/registry-svc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: "{{ template "harbor.registry" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} spec: diff --git a/templates/registry/registry-tls.yaml b/templates/registry/registry-tls.yaml index 9d1862c..c1dc73a 100644 --- a/templates/registry/registry-tls.yaml +++ b/templates/registry/registry-tls.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.registry.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls diff --git a/templates/registry/registryctl-cm.yaml b/templates/registry/registryctl-cm.yaml index 87aa5ff..d8f5669 100644 --- a/templates/registry/registryctl-cm.yaml +++ b/templates/registry/registryctl-cm.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: "{{ template "harbor.registryCtl" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} data: diff --git a/templates/registry/registryctl-secret.yaml b/templates/registry/registryctl-secret.yaml index 7009770..ce96a14 100644 --- a/templates/registry/registryctl-secret.yaml +++ b/templates/registry/registryctl-secret.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.registryCtl" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: Opaque diff --git a/templates/trivy/trivy-secret.yaml b/templates/trivy/trivy-secret.yaml index 84652c7..91fe39a 100644 --- a/templates/trivy/trivy-secret.yaml +++ b/templates/trivy/trivy-secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ template "harbor.trivy" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: Opaque diff --git a/templates/trivy/trivy-sts.yaml b/templates/trivy/trivy-sts.yaml index 37b19ac..6271af0 100644 --- a/templates/trivy/trivy-sts.yaml +++ b/templates/trivy/trivy-sts.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "harbor.trivy" . }} + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} component: trivy @@ -16,6 +17,7 @@ spec: component: trivy template: metadata: + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} component: trivy @@ -43,7 +45,7 @@ spec: automountServiceAccountToken: {{ .Values.trivy.automountServiceAccountToken | default false }} containers: - name: trivy - image: {{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag }} + image: {{ .Values.sourceRegistry }}/{{ include "harbor.image.repository.path" .Values.trivy.image }} imagePullPolicy: {{ .Values.imagePullPolicy }} securityContext: privileged: false @@ -184,6 +186,7 @@ spec: volumeClaimTemplates: - metadata: name: data + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 8 }} annotations: diff --git a/templates/trivy/trivy-svc.yaml b/templates/trivy/trivy-svc.yaml index 24daf09..91c8a88 100644 --- a/templates/trivy/trivy-svc.yaml +++ b/templates/trivy/trivy-svc.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: "{{ template "harbor.trivy" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} spec: diff --git a/templates/trivy/trivy-tls.yaml b/templates/trivy/trivy-tls.yaml index a9c8330..d19e7ce 100644 --- a/templates/trivy/trivy-tls.yaml +++ b/templates/trivy/trivy-tls.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.internalTLS.trivy.secretName" . }}" + namespace: {{ .Release.Namespace | default .Values.defaultNamespace | quote }} labels: {{ include "harbor.labels" . | indent 4 }} type: kubernetes.io/tls diff --git a/values.yaml b/values.yaml index 32d690d..f45e89b 100644 --- a/values.yaml +++ b/values.yaml @@ -1,7 +1,19 @@ +sourceRegistry: "public.ecr.aws/eks-anywhere" +defaultNamespace: "harbor" + +# Values for configuring pull secrets through charts +pullSecretName: "" +pullSecretData: "" +imageCredentials: + registry: "" + username: "" + password: "" + email: "" + expose: # Set how to expose the service. Set the type as "ingress", "clusterIP", "nodePort" or "loadBalancer" # and fill the information in the corresponding section - type: ingress + type: nodePort tls: # Enable TLS or not. # Delete the "ssl-redirect" annotations in "expose.ingress.annotations" when TLS is disabled and "expose.type" is "ingress" @@ -16,7 +28,7 @@ expose: # The tls certificate can be generated manually or by cert manager # 3) none: configure no tls certificate for the ingress. If the default # tls certificate is configured in the ingress controller, choose this option - certSource: auto + certSource: secret auto: # The common name used to generate the certificate, it's necessary # when the type isn't "ingress" @@ -25,7 +37,7 @@ expose: # The name of secret which contains keys named: # "tls.crt" - the certificate # "tls.key" - the private key - secretName: "" + secretName: "harbor-tls-secret" # The name of secret which contains keys named: # "tls.crt" - the certificate # "tls.key" - the private key @@ -124,13 +136,13 @@ expose: # the IP address of k8s node # # If Harbor is deployed behind the proxy, set it as the URL of proxy -externalURL: https://core.harbor.domain +externalURL: https://127.0.0.1:30003 # The internal TLS used for harbor components secure communicating. In order to enable https # in each components tls cert files need to provided in advance. internalTLS: # If internal TLS enabled - enabled: false + enabled: true # There are three ways to provide tls # 1) "auto" will generate cert automatically # 2) "manual" need provide cert file manually in following value @@ -367,7 +379,7 @@ imagePullSecrets: # and chartmuseum): "RollingUpdate" or "Recreate" # Set it as "Recreate" when "RWM" for volumes isn't supported updateStrategy: - type: RollingUpdate + type: Recreate # debug, info, warning, error or fatal logLevel: info @@ -381,7 +393,7 @@ harborAdminPassword: "Harbor12345" caSecretName: "" # The secret key used for encryption. Must be a string of 16 chars. -secretKey: "not-a-secure-key" +secretKey: "" # If using existingSecretSecretKey, the key must be sercretKey existingSecretSecretKey: "" @@ -413,8 +425,8 @@ enableMigrateHelmHook: false # If service exposed via "ingress", the Nginx will not be used nginx: image: - repository: goharbor/nginx-photon - tag: v2.7.1 + repository: harbor/harbor-nginx + digest: {{harbor/harbor-nginx}} # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -435,8 +447,8 @@ nginx: portal: image: - repository: goharbor/harbor-portal - tag: v2.7.1 + repository: harbor/harbor-portal + digest: {{harbor/harbor-portal}} # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -457,8 +469,8 @@ portal: core: image: - repository: goharbor/harbor-core - tag: v2.7.1 + repository: harbor/harbor-core + digest: {{harbor/harbor-core}} # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -510,8 +522,8 @@ core: jobservice: image: - repository: goharbor/harbor-jobservice - tag: v2.7.1 + repository: harbor/harbor-jobservice + digest: {{harbor/harbor-jobservice}} replicas: 1 revisionHistoryLimit: 10 # set the service account to be used, default if left empty @@ -550,16 +562,16 @@ registry: automountServiceAccountToken: false registry: image: - repository: goharbor/registry-photon - tag: v2.7.1 + repository: harbor/harbor-registry + digest: {{harbor/harbor-registry}} # resources: # requests: # memory: 256Mi # cpu: 100m controller: image: - repository: goharbor/harbor-registryctl - tag: v2.7.1 + repository: harbor/harbor-registryctl + digest: {{harbor/harbor-registryctl}} # resources: # requests: @@ -581,7 +593,7 @@ registry: # Must be a string of 16 chars. secret: "" # If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. - relativeurls: false + relativeurls: true credentials: username: "harbor_registry_user" password: "harbor_registry_password" @@ -610,7 +622,7 @@ registry: dryrun: false chartmuseum: - enabled: true + enabled: false # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -618,8 +630,8 @@ chartmuseum: # Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true' absoluteUrl: false image: - repository: goharbor/chartmuseum-photon - tag: v2.7.1 + repository: harbor/harbor-chartmuseum + digest: {{harbor/harbor-chartmuseum}} replicas: 1 revisionHistoryLimit: 10 # resources: @@ -641,9 +653,8 @@ trivy: enabled: true image: # repository the repository for Trivy adapter image - repository: goharbor/trivy-adapter-photon - # tag the tag for Trivy adapter image - tag: v2.7.1 + repository: harbor/harbor-trivy + digest: {{harbor/harbor-trivy}} # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -710,15 +721,15 @@ trivy: priorityClassName: notary: - enabled: true + enabled: false server: # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token automountServiceAccountToken: false image: - repository: goharbor/notary-server-photon - tag: v2.7.1 + repository: harbor/harbor-notary-server + digest: {{harbor/harbor-notary-server}} replicas: 1 # resources: # requests: @@ -739,8 +750,8 @@ notary: # mount the service account token automountServiceAccountToken: false image: - repository: goharbor/notary-signer-photon - tag: v2.7.1 + repository: harbor/harbor-notary-signer + digest: {{harbor/harbor-notary-signer}} replicas: 1 # resources: # requests: @@ -771,8 +782,8 @@ database: # mount the service account token automountServiceAccountToken: false image: - repository: goharbor/harbor-db - tag: v2.7.1 + repository: harbor/harbor-db + digest: {{harbor/harbor-db}} # The initial superuser password for internal database password: "changeit" # The size limit for Shared memory, pgSQL use it for shared_buffer @@ -843,8 +854,8 @@ redis: # mount the service account token automountServiceAccountToken: false image: - repository: goharbor/redis-photon - tag: v2.7.1 + repository: harbor/harbor-redis + digest: {{harbor/harbor-redis}} # resources: # requests: # memory: 256Mi @@ -886,8 +897,8 @@ exporter: # mount the service account token automountServiceAccountToken: false image: - repository: goharbor/harbor-exporter - tag: v2.7.1 + repository: harbor/harbor-exporter + digest: {{harbor/harbor-exporter}} nodeSelector: {} tolerations: [] affinity: {} -- 2.37.1 (Apple Git-137.1)