Skip to content

Commit

Permalink
Merge branch 'goharbor:main' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
@rgarcia89
rgarcia89 authored Jan 3, 2024
2 parents b17fd7f + c7d2e6b commit 9c0e526
Show file tree
Hide file tree
Showing 15 changed files with 251 additions and 34 deletions.
10 changes: 9 additions & 1 deletion README.md
View file

Large diffs are not rendered by default.

58 changes: 50 additions & 8 deletions templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,13 @@ release: {{ .Release.Name }}
app: "{{ template "harbor.name" . }}"
{{- end -}}

{{/* Helper for printing values from existing secrets*/}}
{{- define "harbor.secretKeyHelper" -}}
{{- if and (not (empty .data)) (hasKey .data .key) }}
{{- index .data .key | b64dec -}}
{{- end -}}
{{- end -}}

{{- define "harbor.autoGenCert" -}}
{{- if and .Values.expose.tls.enabled (eq .Values.expose.tls.certSource "auto") -}}
{{- printf "true" -}}
Expand Down Expand Up @@ -89,7 +96,12 @@ app: "{{ template "harbor.name" . }}"

{{- define "harbor.database.rawPassword" -}}
{{- if eq .Values.database.type "internal" -}}
{{- .Values.database.internal.password -}}
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.database" .) -}}
{{- if and (not (empty $existingSecret)) (hasKey $existingSecret.data "POSTGRES_PASSWORD") -}}
{{- .Values.database.internal.password | default (index $existingSecret.data "POSTGRES_PASSWORD") | b64dec -}}
{{- else -}}
{{- .Values.database.internal.password -}}
{{- end -}}
{{- else -}}
{{- .Values.database.external.password -}}
{{- end -}}
Expand Down Expand Up @@ -144,12 +156,26 @@ app: "{{ template "harbor.name" . }}"
{{- end }}
{{- end -}}


{{- define "harbor.redis.pwdfromsecret" -}}
{{- (lookup "v1" "Secret" .Release.Namespace (.Values.redis.external.existingSecret)).data.REDIS_PASSWORD | b64dec }}
{{- end -}}

{{- define "harbor.redis.cred" -}}
{{- with .Values.redis }}
{{- if (and (eq .type "external" ) (.external.existingSecret)) }}
{{- printf ":%s@" (include "harbor.redis.pwdfromsecret" $) }}
{{- else }}
{{- ternary (printf "%s:%s@" (.external.username | urlquery) (.external.password | urlquery)) "" (and (eq .type "external" ) (not (not .external.password))) }}
{{- end }}
{{- end }}
{{- end -}}

/*scheme://[:password@]host:port[/master_set]*/
{{- define "harbor.redis.url" -}}
{{- with .Values.redis }}
{{- $path := ternary "" (printf "/%s" (include "harbor.redis.masterSet" $)) (not (include "harbor.redis.masterSet" $)) }}
{{- $cred := ternary (printf "%s:%s@" (.external.username | urlquery) (.external.password | urlquery)) "" (and (eq .type "external" ) (not (not .external.password))) }}
{{- printf "%s://%s%s%s" (include "harbor.redis.scheme" $) $cred (include "harbor.redis.addr" $) $path -}}
{{- printf "%s://%s%s%s" (include "harbor.redis.scheme" $) (include "harbor.redis.cred" $) (include "harbor.redis.addr" $) $path -}}
{{- end }}
{{- end -}}

Expand All @@ -164,30 +190,46 @@ app: "{{ template "harbor.name" . }}"
/*scheme://[:password@]addr/db_index*/
{{- define "harbor.redis.urlForJobservice" -}}
{{- with .Values.redis }}
{{- $index := ternary "1" .external.jobserviceDatabaseIndex (eq .type "internal") }}
{{- $index := ternary .internal.jobserviceDatabaseIndex .external.jobserviceDatabaseIndex (eq .type "internal") }}
{{- printf "%s/%s" (include "harbor.redis.url" $) $index -}}
{{- end }}
{{- end -}}

/*scheme://[:password@]addr/db_index?idle_timeout_seconds=30*/
{{- define "harbor.redis.urlForRegistry" -}}
{{- with .Values.redis }}
{{- $index := ternary "2" .external.registryDatabaseIndex (eq .type "internal") }}
{{- $index := ternary .internal.registryDatabaseIndex .external.registryDatabaseIndex (eq .type "internal") }}
{{- printf "%s/%s?idle_timeout_seconds=30" (include "harbor.redis.url" $) $index -}}
{{- end }}
{{- end -}}

/*scheme://[:password@]addr/db_index?idle_timeout_seconds=30*/
{{- define "harbor.redis.urlForTrivy" -}}
{{- with .Values.redis }}
{{- $index := ternary "5" .external.trivyAdapterIndex (eq .type "internal") }}
{{- $index := ternary .internal.trivyAdapterIndex .external.trivyAdapterIndex (eq .type "internal") }}
{{- printf "%s/%s?idle_timeout_seconds=30" (include "harbor.redis.url" $) $index -}}
{{- end }}
{{- end -}}

/*scheme://[:password@]addr/db_index?idle_timeout_seconds=30*/
{{- define "harbor.redis.urlForHarbor" -}}
{{- with .Values.redis }}
{{- $index := ternary .internal.harborDatabaseIndex .external.harborDatabaseIndex (eq .type "internal") }}
{{- printf "%s/%s?idle_timeout_seconds=30" (include "harbor.redis.url" $) $index -}}
{{- end }}
{{- end -}}

/*scheme://[:password@]addr/db_index?idle_timeout_seconds=30*/
{{- define "harbor.redis.urlForCache" -}}
{{- with .Values.redis }}
{{- $index := ternary .internal.cacheLayerDatabaseIndex .external.cacheLayerDatabaseIndex (eq .type "internal") }}
{{- printf "%s/%s?idle_timeout_seconds=30" (include "harbor.redis.url" $) $index -}}
{{- end }}
{{- end -}}

{{- define "harbor.redis.dbForRegistry" -}}
{{- with .Values.redis }}
{{- ternary "2" .external.registryDatabaseIndex (eq .type "internal") }}
{{- ternary .internal.registryDatabaseIndex .external.registryDatabaseIndex (eq .type "internal") }}
{{- end }}
{{- end -}}

Expand Down Expand Up @@ -475,7 +517,7 @@ app: "{{ template "harbor.name" . }}"
TRACE_SAMPLE_RATE: "{{ .Values.trace.sample_rate }}"
TRACE_NAMESPACE: "{{ .Values.trace.namespace }}"
{{- if .Values.trace.attributes }}
TRACE_ATTRIBUTES: "{{ .Values.trace.attributes | toJson }}"
TRACE_ATTRIBUTES: {{ .Values.trace.attributes | toJson | squote }}
{{- end }}
{{- if eq .Values.trace.provider "jaeger" }}
TRACE_JAEGER_ENDPOINT: "{{ .Values.trace.jaeger.endpoint }}"
Expand Down
10 changes: 8 additions & 2 deletions templates/core/core-cm.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,12 @@ data:
CHART_CACHE_DRIVER: "redis"
_REDIS_URL_CORE: "{{ template "harbor.redis.urlForCore" . }}"
_REDIS_URL_REG: "{{ template "harbor.redis.urlForRegistry" . }}"
{{- if or (and (eq .Values.redis.type "internal") .Values.redis.internal.harborDatabaseIndex) (and (eq .Values.redis.type "external") .Values.redis.external.harborDatabaseIndex) }}
_REDIS_URL_HARBOR: "{{ template "harbor.redis.urlForHarbor" . }}"
{{- end }}
{{- if or (and (eq .Values.redis.type "internal") .Values.redis.internal.cacheLayerDatabaseIndex) (and (eq .Values.redis.type "external") .Values.redis.external.cacheLayerDatabaseIndex) }}
_REDIS_URL_CACHE_LAYER: "{{ template "harbor.redis.urlForCache" . }}"
{{- end }}
PORTAL_URL: "{{ template "harbor.portalURL" . }}"
REGISTRY_CONTROLLER_URL: "{{ template "harbor.registryControllerURL" . }}"
REGISTRY_CREDENTIAL_USERNAME: "{{ .Values.registry.credentials.username }}"
Expand All @@ -61,8 +67,8 @@ data:
{{- end }}
{{- template "harbor.traceEnvsForCore" . }}

{{- if .Values.core.artifactPullAsyncFlushDuration | quote }}
ARTIFACT_PULL_ASYNC_FLUSH_DURATION: {{ .Values.core.artifactPullAsyncFlushDuration }}
{{- if .Values.core.artifactPullAsyncFlushDuration }}
ARTIFACT_PULL_ASYNC_FLUSH_DURATION: {{ .Values.core.artifactPullAsyncFlushDuration | quote }}
{{- end }}

{{- if .Values.core.gdpr}}
Expand Down
15 changes: 13 additions & 2 deletions templates/core/core-dpl.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,13 +92,17 @@ spec:
- name: CORE_SECRET
valueFrom:
secretKeyRef:
name: {{ template "harbor.core" . }}
name: {{ default (include "harbor.core" .) .Values.core.existingSecret }}
key: secret
- name: JOBSERVICE_SECRET
valueFrom:
secretKeyRef:
name: "{{ template "harbor.jobservice" . }}"
name: {{ default (include "harbor.jobservice" .) .Values.jobservice.existingSecret }}
{{- if .Values.jobservice.existingSecret }}
key: {{ .Values.jobservice.existingSecretKey }}
{{- else }}
key: JOBSERVICE_SECRET
{{- end }}
{{- if .Values.existingSecretAdminPassword }}
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
Expand Down Expand Up @@ -130,6 +134,13 @@ spec:
name: {{ .Values.registry.credentials.existingSecret }}
key: REGISTRY_PASSWD
{{- end }}
{{- if .Values.core.existingXsrfSecret }}
- name: CSRF_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.core.existingXsrfSecret }}
key: {{ .Values.core.existingXsrfSecretKey }}
{{- end }}
{{- with .Values.core.extraEnvVars }}
{{- toYaml . | nindent 10 }}
{{- end }}
Expand Down
9 changes: 7 additions & 2 deletions templates/core/core-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.core" .) }}
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -9,7 +10,9 @@ data:
{{- if not .Values.existingSecretSecretKey }}
secretKey: {{ .Values.secretKey | b64enc | quote }}
{{- end }}
secret: {{ .Values.core.secret | default (randAlphaNum 16) | b64enc | quote }}
{{- if not .Values.core.existingSecret }}
secret: {{ .Values.core.secret | default (include "harbor.secretKeyHelper" (dict "key" "secret" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }}
{{- end }}
{{- if not .Values.core.secretName }}
{{- $ca := genCA "harbor-token-ca" 365 }}
tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }}
Expand All @@ -24,7 +27,9 @@ data:
{{- if not .Values.registry.credentials.existingSecret }}
REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
{{- end }}
CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }}
{{- if not .Values.core.existingXsrfSecret }}
CSRF_KEY: {{ .Values.core.xsrfKey | default (include "harbor.secretKeyHelper" (dict "key" "CSRF_KEY" "data" $existingSecret.data)) | default (randAlphaNum 32) | b64enc | quote }}
{{- end }}
{{- if .Values.core.configureUserSettings }}
CONFIG_OVERWRITE_JSON: {{ .Values.core.configureUserSettings | b64enc | quote }}
{{- end }}
Expand Down
3 changes: 3 additions & 0 deletions templates/jobservice/jobservice-cm-env.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,6 @@ data:
CACHE_ENABLED: "true"
CACHE_EXPIRE_HOURS: "{{ .Values.cache.expireHours }}"
{{- end }}
{{- if or (and (eq .Values.redis.type "internal") .Values.redis.internal.cacheLayerDatabaseIndex) (and (eq .Values.redis.type "external") .Values.redis.external.cacheLayerDatabaseIndex) }}
_REDIS_URL_CACHE_LAYER: "{{ template "harbor.redis.urlForCache" . }}"
{{- end }}
9 changes: 8 additions & 1 deletion templates/jobservice/jobservice-dpl.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,15 @@ spec:
- name: CORE_SECRET
valueFrom:
secretKeyRef:
name: {{ template "harbor.core" . }}
name: {{ default (include "harbor.core" .) .Values.core.existingSecret }}
key: secret
{{- if .Values.jobservice.existingSecret }}
- name: JOBSERVICE_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.jobservice.existingSecret }}
key: {{ .Values.jobservice.existingSecretKey }}
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: INTERNAL_TLS_ENABLED
value: "true"
Expand Down
5 changes: 4 additions & 1 deletion templates/jobservice/jobservice-secrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.jobservice" .) }}
apiVersion: v1
kind: Secret
metadata:
Expand All @@ -6,7 +7,9 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
JOBSERVICE_SECRET: {{ .Values.jobservice.secret | default (randAlphaNum 16) | b64enc | quote }}
{{- if not .Values.jobservice.existingSecret }}
JOBSERVICE_SECRET: {{ .Values.jobservice.secret | default (include "harbor.secretKeyHelper" (dict "key" "JOBSERVICE_SECRET" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }}
{{- end }}
{{- if not .Values.registry.credentials.existingSecret }}
REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
{{- end }}
Expand Down
3 changes: 3 additions & 0 deletions templates/nginx/service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ metadata:
{{- end }}
spec:
type: ClusterIP
{{- if .Values.expose.clusterIP.staticClusterIP }}
clusterIP: {{ .Values.expose.clusterIP.staticClusterIP }}
{{- end }}
ports:
- name: http
port: {{ $clusterIP.ports.httpPort }}
Expand Down
4 changes: 4 additions & 0 deletions templates/portal/service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ metadata:
name: "{{ template "harbor.portal" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- with .Values.portal.serviceAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if or (eq .Values.expose.ingress.controller "gce") (eq .Values.expose.ingress.controller "alb") (eq .Values.expose.ingress.controller "f5-bigip") }}
type: NodePort
Expand Down
87 changes: 85 additions & 2 deletions templates/registry/registry-dpl.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,13 @@ spec:
name: {{ .Values.persistence.imageChartStorage.s3.existingSecret }}
{{- end }}
env:
{{- if .Values.registry.existingSecret }}
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.registry.existingSecret }}
key: {{ .Values.registry.existingSecretKey }}
{{- end }}
{{- if has "registry" .Values.proxy.components }}
- name: HTTP_PROXY
value: "{{ .Values.proxy.httpProxy }}"
Expand All @@ -113,13 +120,47 @@ spec:
- name: INTERNAL_TLS_TRUST_CA_PATH
value: /etc/harbor/ssl/registry/ca.crt
{{- end }}
{{- if .Values.redis.external.existingSecret }}
- name: REGISTRY_REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.redis.external.existingSecret }}
key: REDIS_PASSWORD
{{- end }}
{{- if .Values.persistence.imageChartStorage.azure.existingSecret }}
- name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
key: AZURE_STORAGE_ACCESS_KEY
{{- end }}
{{- if .Values.persistence.imageChartStorage.swift.existingSecret }}
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
key: REGISTRY_STORAGE_SWIFT_PASSWORD
- name: REGISTRY_STORAGE_SWIFT_SECRETKEY
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
key: REGISTRY_STORAGE_SWIFT_SECRETKEY
optional: true
- name: REGISTRY_STORAGE_SWIFT_ACCESSKEY
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
key: REGISTRY_STORAGE_SWIFT_ACCESSKEY
optional: true
{{- end }}
{{- if .Values.persistence.imageChartStorage.oss.existingSecret }}
- name: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.imageChartStorage.oss.existingSecret }}
key: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
optional: true
{{- end}}
{{- with .Values.registry.registry.extraEnvVars }}
{{- toYaml . | nindent 8 }}
{{- end }}
Expand Down Expand Up @@ -188,17 +229,32 @@ spec:
name: "{{ template "harbor.registry" . }}"
- secretRef:
name: "{{ template "harbor.registryCtl" . }}"
{{- if .Values.persistence.imageChartStorage.s3.existingSecret }}
- secretRef:
name: {{ .Values.persistence.imageChartStorage.s3.existingSecret }}
{{- end }}
env:
{{- if .Values.registry.existingSecret }}
- name: REGISTRY_HTTP_SECRET
valueFrom:
secretKeyRef:
name: {{ .Values.registry.existingSecret }}
key: {{ .Values.registry.existingSecretKey }}
{{- end }}
- name: CORE_SECRET
valueFrom:
secretKeyRef:
name: {{ template "harbor.core" . }}
name: {{ default (include "harbor.core" .) .Values.core.existingSecret }}
key: secret
- name: JOBSERVICE_SECRET
valueFrom:
secretKeyRef:
name: {{ template "harbor.jobservice" . }}
name: {{ default (include "harbor.jobservice" .) .Values.jobservice.existingSecret }}
{{- if .Values.jobservice.existingSecret }}
key: {{ .Values.jobservice.existingSecretKey }}
{{- else }}
key: JOBSERVICE_SECRET
{{- end }}
{{- if has "registry" .Values.proxy.components }}
- name: HTTP_PROXY
value: "{{ .Values.proxy.httpProxy }}"
Expand Down Expand Up @@ -231,6 +287,33 @@ spec:
name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
key: AZURE_STORAGE_ACCESS_KEY
{{- end }}
{{- if .Values.persistence.imageChartStorage.swift.existingSecret }}
- name: REGISTRY_STORAGE_SWIFT_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
key: REGISTRY_STORAGE_SWIFT_PASSWORD
- name: REGISTRY_STORAGE_SWIFT_SECRETKEY
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
key: REGISTRY_STORAGE_SWIFT_SECRETKEY
optional: true
- name: REGISTRY_STORAGE_SWIFT_ACCESSKEY
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.imageChartStorage.swift.existingSecret }}
key: REGISTRY_STORAGE_SWIFT_ACCESSKEY
optional: true
{{- end }}
{{- if .Values.persistence.imageChartStorage.oss.existingSecret }}
- name: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
valueFrom:
secretKeyRef:
name: {{ .Values.persistence.imageChartStorage.oss.existingSecret }}
key: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
optional: true
{{- end}}
{{- with .Values.registry.controller.extraEnvVars }}
{{- toYaml . | nindent 8 }}
{{- end }}
Expand Down
Loading

0 comments on commit 9c0e526

Please sign in to comment.