From 30ab4f8a03f66bcef980461d8e79eba3ba1f1fbf Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Sun, 16 Apr 2023 01:05:17 -0400 Subject: [PATCH] Add harbor --- cluster/apps/default/harbor/harbor-pv.yaml | 27 +++++++ cluster/apps/default/harbor/harbor.sops.yaml | 61 +++++++++++++++ cluster/apps/default/harbor/helm-release.yaml | 76 +++++++++++++++++++ .../apps/default/harbor/helm-repository.yaml | 8 ++ .../apps/default/harbor/kustomization.yaml | 6 ++ cluster/apps/default/kustomization.yaml | 4 + cluster/apps/kustomization.yaml | 3 +- 7 files changed, 184 insertions(+), 1 deletion(-) create mode 100644 cluster/apps/default/harbor/harbor-pv.yaml create mode 100644 cluster/apps/default/harbor/harbor.sops.yaml create mode 100644 cluster/apps/default/harbor/helm-release.yaml create mode 100644 cluster/apps/default/harbor/helm-repository.yaml create mode 100644 cluster/apps/default/harbor/kustomization.yaml create mode 100644 cluster/apps/default/kustomization.yaml diff --git a/cluster/apps/default/harbor/harbor-pv.yaml b/cluster/apps/default/harbor/harbor-pv.yaml new file mode 100644 index 0000000..dea2e8d --- /dev/null +++ b/cluster/apps/default/harbor/harbor-pv.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: harbor-registry-pv + namespace: default +spec: + storageClassName: hostpath + persistentVolumeReclaimPolicy: Retain + capacity: + storage: 2Gi + accessModes: + - ReadWriteOnce + hostPath: + path: "/mnt/MainPool/Kubernetes/harbor" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: harbor-registry-pv-claim + namespace: default +spec: + storageClassName: hostpath + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi \ No newline at end of file diff --git a/cluster/apps/default/harbor/harbor.sops.yaml b/cluster/apps/default/harbor/harbor.sops.yaml new file mode 100644 index 0000000..014a186 --- /dev/null +++ b/cluster/apps/default/harbor/harbor.sops.yaml @@ -0,0 +1,61 @@ +apiVersion: v1 +kind: Secret +metadata: + name: harbor-secret + namespace: default +stringData: + REGISTRY_STORAGE_S3_ACCESSKEY: ENC[AES256_GCM,data:1k2KYsDvvQs=,iv:6GEFFeLSKH8+QxDg3rLR7q9h0jglYU4ou1byklt2x8w=,tag:JjFAs/3jsVhSBGJmbul4iQ==,type:str] + REGISTRY_STORAGE_S3_SECRETKEY: ENC[AES256_GCM,data:0U40z0y7vn2wPPyGt0dYQx80QuGoj7Ni/uJMtHgrc5U=,iv:YX9acsf2G2B4RLnGez6VLD2UiwKFIqhz2X4S+uTyX50=,tag:hVJVh2aSpVz22BjGGcPOuA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-04-15T23:23:46Z" + mac: ENC[AES256_GCM,data:u9+hjupgSaEA4pyO1P/n3blrX48r0ddtAHr2ZvEElGR4qUKsBbeiGcF0YOUNkjefF+n4AKmwfgUNkbXced3BODT4JQO9S+0D11j/GA6JxRKhDsUbDKIFPWoiokn7ekUyvGkx+toyHhURWMJ/yiLhT+oFFBU/AosZ5UsP8nWtp5c=,iv:ZSECGiko8NhlKx56hdMFNv0GSCaXgjM0lM8ek0pGhz0=,tag:g21J+6JoSYyzst6iAzKeaQ==,type:str] + pgp: + - created_at: "2023-04-07T01:57:22Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAzKleRwoSoixAQ/9Hi4VyrUXV7LvbCFiLbyfv314lMGwrAf+2po/4Lr1hANe + KiwpfthiNheAjNaGCG6v2C1rx2Wrr5G3+rMik/1TLWbg2u9zZU4mWO8bwJUGXKDo + /T1nl47f09UPDtQ6KiG0nPf3M0Ovmk3d63R3zpY4Q7uE4uhLNDr0KD9mp7MmRCbZ + PO++tdiZa67z9owNDh/NSnQr9Y6JwjlxlkJl5SJ76vaK/SaOi/j86mOm9CV6SQmk + cLOwiO7JxV8I4gD9jlLdYEPS+nqztX5eHLRoaXsAQrX4DdWNnOF0C2sk9nMHwQTb + W8/SVmg7TiVVL6qVCXgUCgFRXllrlGlXlfv+W6ruuZIBv2MAA1V+afl5A3/KVvE6 + FDq9YrJ4XfZPCD2ZByM2386L8MiUwkfF/3uge38MT/WDU2DTT+g7jV3UQs+Awi8f + N4YBVBcp5jGTkMD0347GPfPF7kdiN/YFZ/Ws1jf/EsS6vOpKNlPn64fVJfTSfdie + rvNxksi8Y4vpwEngy38t7JRfpJniDo9iK9EwhXMChYXnWkiz/B3vMoii496B7TzO + 9gKd4v7kFA6iXI+wqbYrZfOGeLZlMI99pwTatNL4fo9ABJ7JScISzTvS7p/xB6Ae + JPdlA0Tf8wP4RYz8YYRcNlfEQPZYb4kHj5r9Ei59InHzwKfq9GyKKvluS0/k3NHU + aAEJAhCVkPuIHluRLHsjVEbKbFzSJUG8p/hSSmQnfk3CT36/dJhgv3jzoL+1/Sx1 + o8OwWPmNq8TuX9SaXfhfy/EGMulWgRaztxt9D+0+wgc8IOAPp+0SYUsaOa0T9+Pl + pjU1GRaK5AlT + =mItp + -----END PGP MESSAGE----- + fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 + - created_at: "2023-04-07T01:57:22Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4WLYkVpP8xtAQ/9FQGyKS1wEodU9ZVZ8kxijp6aFtMCmL/I5HBEhbSLj0P9 + TVD0QwnUPZqf7zlWrAh6TspyLQdRMt9JAYZCPyLgu//FdKfBJNYeU3+aWj/lMtJ4 + Twgs7NPtGbRJcpF+a4NmAOIqzKfJI+h714BLFoWrGtUmTE9/dBHh2yxADSgprY1o + /4J8aHQfaqg5JwijP3PhtRMxla4YQfhqf0JRAcmQPKUDuxT2QG/wp59Fq/665aaO + JFWiCOPBqTtEhY4ML4EYNUV+Cd7UT7LOXC+Xzuj1eEGMV1Pmqd1u1UyQKvHOOXhT + AfGeCub+ZONGfmcDcY5gEMnbSCGcQEvipA3dBIIFklgnxM00jmcJ1Ojo1+MYynpl + E1XLOaolRWinlDNXA62k8iWG33hcxHGSzkHrsQjtqrrD2PdHS1RmTJ8Hn+iuRUn6 + /fGk8ZQJ7oMPsZNyfiM0OdwSXxJ4rQUtGkHHd727S4K6nXC6OLxXCzl7lYG7QKcP + RVrbFMNv01aToyNGhLmcSxUYdQ4oc+nv65rNZDsdbi34T+dlULboJDkwV6JrJ5dz + hlu3ySgijZuRD5bfpfKB2RScu2ixEijOIyk1oXBB2Dhyh1ezc3qnAw8xkGr9W2SE + roBuu95mZsIZEtfMS5hxwGyWzSCENnbkSukQhUoIjRXryly7MQgNZ5FMX+f5n3DU + aAEJAhBJcIEidIhFVqDkezzMcofKl3MlXWqkfTUV3vsjz6EpN1FwhpZ3prTexUcM + 9XCx9Wq1kMpjkphWETh2lSAafyIz6R/d4zWV5IWIeDh+USYT9z0Rprp4URka4Wjx + fux0T5xDbgq5 + =eiXM + -----END PGP MESSAGE----- + fp: 8DF31C9F48A24F525FFB1815FC96C52B59328E95 + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/cluster/apps/default/harbor/helm-release.yaml b/cluster/apps/default/harbor/helm-release.yaml new file mode 100644 index 0000000..c9f4724 --- /dev/null +++ b/cluster/apps/default/harbor/helm-release.yaml @@ -0,0 +1,76 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: harbor + namespace: default +spec: + interval: 5m + chart: + spec: + chart: harbor + version: 1.3.x + sourceRef: + kind: HelmRepository + name: harbor-charts + namespace: flux-system + + values: + expose: + tls: + secret: + secretName: wildcard-main-tls + notarySecretName: wildcard-main-tls + + ingress: + hosts: + core: oci.${SECRET_NEW_DOMAIN} + notary: charts.${SECRET_NEW_DOMAIN} + + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + traefik.ingress.kubernetes.io/router.entrypoints: websecure + + persistence: + persistentVolumeClaim: + registry: + existingClaim: harbor-registry-pv-claim + subPath: "/registry" + +# trivy: +# existingClaim: +# subPath: "/trivy" + + imageChartStorage: + type: s3 + s3: + bucket: harbor + existingSecret: "harbor-secret" + regionendpoint: http://minio.database:9000 + + notary: + enabled: false + + trivy: + enabled: false + + database: + type: external + external: + host: "postgresql.database" + port: "5432" + username: "k3spostgresql" + existingSecret: "harbor-secret" + coreDatabase: "harbor-registry" + + redis: + type: external + external: + addr: "redis-master.database:6379" + username: "" + existingSecret: "harbor-secret" + + metrics: + enabled: true + + serviceMonitor: + enabled: true \ No newline at end of file diff --git a/cluster/apps/default/harbor/helm-repository.yaml b/cluster/apps/default/harbor/helm-repository.yaml new file mode 100644 index 0000000..4985cab --- /dev/null +++ b/cluster/apps/default/harbor/helm-repository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: HelmRepository +metadata: + name: harbor-charts + namespace: flux-system +spec: + interval: 1m + url: https://helm.goharbor.io \ No newline at end of file diff --git a/cluster/apps/default/harbor/kustomization.yaml b/cluster/apps/default/harbor/kustomization.yaml new file mode 100644 index 0000000..82fc7b8 --- /dev/null +++ b/cluster/apps/default/harbor/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./harbor-pv.yaml +- ./helm-repository.yaml +- ./helm-release.yaml \ No newline at end of file diff --git a/cluster/apps/default/kustomization.yaml b/cluster/apps/default/kustomization.yaml new file mode 100644 index 0000000..fd395f7 --- /dev/null +++ b/cluster/apps/default/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ./harbor \ No newline at end of file diff --git a/cluster/apps/kustomization.yaml b/cluster/apps/kustomization.yaml index 4ee2bb0..7cea4d2 100644 --- a/cluster/apps/kustomization.yaml +++ b/cluster/apps/kustomization.yaml @@ -8,4 +8,5 @@ resources: - ./management - ./tools - ./irc -- ./monitoring \ No newline at end of file +- ./monitoring +- ./default \ No newline at end of file