SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 33 Packages Projects Releases Wiki Activity

Add harbor

This commit is contained in:
SeanOMik 2023-04-16 01:05:17 -04:00
parent 2d9f43afe0
commit 30ab4f8a03
Signed by: SeanOMik
GPG Key ID: 568F326C7EB33ACB
7 changed files with 184 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
cluster/apps/default/harbor/harbor-pv.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-registry-pv
namespace: default
spec:
storageClassName: hostpath
persistentVolumeReclaimPolicy: Retain
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/MainPool/Kubernetes/harbor"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-registry-pv-claim
namespace: default
spec:
storageClassName: hostpath
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi

61
cluster/apps/default/harbor/harbor.sops.yaml Normal file
View File

@ -0,0 +1,61 @@
apiVersion: v1
kind: Secret
metadata:
name: harbor-secret
namespace: default
stringData:
REGISTRY_STORAGE_S3_ACCESSKEY: ENC[AES256_GCM,data:1k2KYsDvvQs=,iv:6GEFFeLSKH8+QxDg3rLR7q9h0jglYU4ou1byklt2x8w=,tag:JjFAs/3jsVhSBGJmbul4iQ==,type:str]
REGISTRY_STORAGE_S3_SECRETKEY: ENC[AES256_GCM,data:0U40z0y7vn2wPPyGt0dYQx80QuGoj7Ni/uJMtHgrc5U=,iv:YX9acsf2G2B4RLnGez6VLD2UiwKFIqhz2X4S+uTyX50=,tag:hVJVh2aSpVz22BjGGcPOuA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-04-15T23:23:46Z"
mac: ENC[AES256_GCM,data:u9+hjupgSaEA4pyO1P/n3blrX48r0ddtAHr2ZvEElGR4qUKsBbeiGcF0YOUNkjefF+n4AKmwfgUNkbXced3BODT4JQO9S+0D11j/GA6JxRKhDsUbDKIFPWoiokn7ekUyvGkx+toyHhURWMJ/yiLhT+oFFBU/AosZ5UsP8nWtp5c=,iv:ZSECGiko8NhlKx56hdMFNv0GSCaXgjM0lM8ek0pGhz0=,tag:g21J+6JoSYyzst6iAzKeaQ==,type:str]
pgp:
- created_at: "2023-04-07T01:57:22Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ/9Hi4VyrUXV7LvbCFiLbyfv314lMGwrAf+2po/4Lr1hANe
KiwpfthiNheAjNaGCG6v2C1rx2Wrr5G3+rMik/1TLWbg2u9zZU4mWO8bwJUGXKDo
/T1nl47f09UPDtQ6KiG0nPf3M0Ovmk3d63R3zpY4Q7uE4uhLNDr0KD9mp7MmRCbZ
PO++tdiZa67z9owNDh/NSnQr9Y6JwjlxlkJl5SJ76vaK/SaOi/j86mOm9CV6SQmk
cLOwiO7JxV8I4gD9jlLdYEPS+nqztX5eHLRoaXsAQrX4DdWNnOF0C2sk9nMHwQTb
W8/SVmg7TiVVL6qVCXgUCgFRXllrlGlXlfv+W6ruuZIBv2MAA1V+afl5A3/KVvE6
FDq9YrJ4XfZPCD2ZByM2386L8MiUwkfF/3uge38MT/WDU2DTT+g7jV3UQs+Awi8f
N4YBVBcp5jGTkMD0347GPfPF7kdiN/YFZ/Ws1jf/EsS6vOpKNlPn64fVJfTSfdie
rvNxksi8Y4vpwEngy38t7JRfpJniDo9iK9EwhXMChYXnWkiz/B3vMoii496B7TzO
9gKd4v7kFA6iXI+wqbYrZfOGeLZlMI99pwTatNL4fo9ABJ7JScISzTvS7p/xB6Ae
JPdlA0Tf8wP4RYz8YYRcNlfEQPZYb4kHj5r9Ei59InHzwKfq9GyKKvluS0/k3NHU
aAEJAhCVkPuIHluRLHsjVEbKbFzSJUG8p/hSSmQnfk3CT36/dJhgv3jzoL+1/Sx1
o8OwWPmNq8TuX9SaXfhfy/EGMulWgRaztxt9D+0+wgc8IOAPp+0SYUsaOa0T9+Pl
pjU1GRaK5AlT
=mItp
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-04-07T01:57:22Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA4WLYkVpP8xtAQ/9FQGyKS1wEodU9ZVZ8kxijp6aFtMCmL/I5HBEhbSLj0P9
TVD0QwnUPZqf7zlWrAh6TspyLQdRMt9JAYZCPyLgu//FdKfBJNYeU3+aWj/lMtJ4
Twgs7NPtGbRJcpF+a4NmAOIqzKfJI+h714BLFoWrGtUmTE9/dBHh2yxADSgprY1o
/4J8aHQfaqg5JwijP3PhtRMxla4YQfhqf0JRAcmQPKUDuxT2QG/wp59Fq/665aaO
JFWiCOPBqTtEhY4ML4EYNUV+Cd7UT7LOXC+Xzuj1eEGMV1Pmqd1u1UyQKvHOOXhT
AfGeCub+ZONGfmcDcY5gEMnbSCGcQEvipA3dBIIFklgnxM00jmcJ1Ojo1+MYynpl
E1XLOaolRWinlDNXA62k8iWG33hcxHGSzkHrsQjtqrrD2PdHS1RmTJ8Hn+iuRUn6
/fGk8ZQJ7oMPsZNyfiM0OdwSXxJ4rQUtGkHHd727S4K6nXC6OLxXCzl7lYG7QKcP
RVrbFMNv01aToyNGhLmcSxUYdQ4oc+nv65rNZDsdbi34T+dlULboJDkwV6JrJ5dz
hlu3ySgijZuRD5bfpfKB2RScu2ixEijOIyk1oXBB2Dhyh1ezc3qnAw8xkGr9W2SE
roBuu95mZsIZEtfMS5hxwGyWzSCENnbkSukQhUoIjRXryly7MQgNZ5FMX+f5n3DU
aAEJAhBJcIEidIhFVqDkezzMcofKl3MlXWqkfTUV3vsjz6EpN1FwhpZ3prTexUcM
9XCx9Wq1kMpjkphWETh2lSAafyIz6R/d4zWV5IWIeDh+USYT9z0Rprp4URka4Wjx
fux0T5xDbgq5
=eiXM
-----END PGP MESSAGE-----
fp: 8DF31C9F48A24F525FFB1815FC96C52B59328E95
encrypted_regex: ^(data|stringData)$
version: 3.7.3

76
cluster/apps/default/harbor/helm-release.yaml Normal file
View File

@ -0,0 +1,76 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: harbor
namespace: default
spec:
interval: 5m
chart:
spec:
chart: harbor
version: 1.3.x
sourceRef:
kind: HelmRepository
name: harbor-charts
namespace: flux-system
values:
expose:
tls:
secret:
secretName: wildcard-main-tls
notarySecretName: wildcard-main-tls
ingress:
hosts:
core: oci.${SECRET_NEW_DOMAIN}
notary: charts.${SECRET_NEW_DOMAIN}
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
persistence:
persistentVolumeClaim:
registry:
existingClaim: harbor-registry-pv-claim
subPath: "/registry"
# trivy:
# existingClaim:
# subPath: "/trivy"
imageChartStorage:
type: s3
s3:
bucket: harbor
existingSecret: "harbor-secret"
regionendpoint: http://minio.database:9000
notary:
enabled: false
trivy:
enabled: false
database:
type: external
external:
host: "postgresql.database"
port: "5432"
username: "k3spostgresql"
existingSecret: "harbor-secret"
coreDatabase: "harbor-registry"
redis:
type: external
external:
addr: "redis-master.database:6379"
username: ""
existingSecret: "harbor-secret"
metrics:
enabled: true
serviceMonitor:
enabled: true

8
cluster/apps/default/harbor/helm-repository.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: harbor-charts
namespace: flux-system
spec:
interval: 1m
url: https://helm.goharbor.io

6
cluster/apps/default/harbor/kustomization.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./harbor-pv.yaml
- ./helm-repository.yaml
- ./helm-release.yaml

4
cluster/apps/default/kustomization.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./harbor

1
cluster/apps/kustomization.yaml
View File

@ -9,3 +9,4 @@ resources:
- ./tools - ./tools
- ./irc - ./irc
- ./monitoring - ./monitoring
- ./default