commit
dc731a8a3b
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,9 +1,9 @@
|
|||
dependencies:
|
||||
- name: zookeeper
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 12.1.0
|
||||
version: 12.1.1
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.9.0
|
||||
digest: sha256:a54db8d2946ff889eaa08317cdc9eccbfe55722b08c147ee0799925cd1b43c93
|
||||
generated: "2023-08-23T10:11:09.64327+02:00"
|
||||
version: 2.9.1
|
||||
digest: sha256:d80576ab604d6ae40689f985ffff711a95525fd2e04df86f7524300fb5c7b6de
|
||||
generated: "2023-08-30T12:23:35.3141937Z"
|
||||
|
|
|
@ -6,15 +6,15 @@ annotations:
|
|||
category: Infrastructure
|
||||
images: |
|
||||
- name: jmx-exporter
|
||||
image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r49
|
||||
image: docker.io/bitnami/jmx-exporter:0.19.0-debian-11-r57
|
||||
- name: kafka-exporter
|
||||
image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r85
|
||||
image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r93
|
||||
- name: kafka
|
||||
image: docker.io/bitnami/kafka:3.5.1-debian-11-r25
|
||||
image: docker.io/bitnami/kafka:3.5.1-debian-11-r35
|
||||
- name: kubectl
|
||||
image: docker.io/bitnami/kubectl:1.25.12-debian-11-r29
|
||||
image: docker.io/bitnami/kubectl:1.25.13-debian-11-r5
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r43
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r51
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 3.5.1
|
||||
|
@ -45,4 +45,4 @@ maintainers:
|
|||
name: kafka
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
|
||||
version: 25.1.2
|
||||
version: 25.1.4
|
||||
|
|
|
@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| `image.registry` | Kafka image registry | `docker.io` |
|
||||
| `image.repository` | Kafka image repository | `bitnami/kafka` |
|
||||
| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.1-debian-11-r25` |
|
||||
| `image.tag` | Kafka image tag (immutable tags are recommended) | `3.5.1-debian-11-r35` |
|
||||
| `image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | Kafka image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -366,7 +366,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
### Traffic Exposure parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
|
||||
| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- |
|
||||
| `service.type` | Kubernetes Service type | `ClusterIP` |
|
||||
| `service.ports.client` | Kafka svc port for client connections | `9092` |
|
||||
| `service.ports.controller` | Kafka svc port for controller connections. It is used if "kraft.enabled: true" | `9093` |
|
||||
|
@ -390,7 +390,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs/ports by querying the K8s API | `false` |
|
||||
| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `docker.io` |
|
||||
| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `bitnami/kubectl` |
|
||||
| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.12-debian-11-r29` |
|
||||
| `externalAccess.autoDiscovery.image.tag` | Init container auto-discovery image tag (immutable tags are recommended) | `1.25.13-debian-11-r5` |
|
||||
| `externalAccess.autoDiscovery.image.digest` | Kubectl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` |
|
||||
| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` |
|
||||
|
@ -440,7 +440,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
|
||||
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/os-shell` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r43` |
|
||||
| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r51` |
|
||||
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
|
||||
|
@ -465,7 +465,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.kafka.enabled` | Whether or not to create a standalone Kafka exporter to expose Kafka metrics | `false` |
|
||||
| `metrics.kafka.image.registry` | Kafka exporter image registry | `docker.io` |
|
||||
| `metrics.kafka.image.repository` | Kafka exporter image repository | `bitnami/kafka-exporter` |
|
||||
| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r85` |
|
||||
| `metrics.kafka.image.tag` | Kafka exporter image tag (immutable tags are recommended) | `1.7.0-debian-11-r93` |
|
||||
| `metrics.kafka.image.digest` | Kafka exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.kafka.image.pullPolicy` | Kafka exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.kafka.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -519,7 +519,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.jmx.kafkaJmxPort` | JMX port where the exporter will collect metrics, exposed in the Kafka container. | `5555` |
|
||||
| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` |
|
||||
| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` |
|
||||
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r49` |
|
||||
| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.19.0-debian-11-r57` |
|
||||
| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
|
@ -1087,6 +1087,10 @@ This guide is an adaptation from upstream documentation: [Migrate from ZooKeeper
|
|||
|
||||
## Upgrading
|
||||
|
||||
### To 25.0.0
|
||||
|
||||
This major updates the Zookeeper subchart to it newest major, 12.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-1200).
|
||||
|
||||
### To 24.0.0
|
||||
|
||||
This major version is a refactor of the Kafka chart and its architecture, to better adapt to Kraft features introduced in version 22.0.0.
|
||||
|
@ -1209,10 +1213,6 @@ kubectl apply -f $NEW_PVC_MANIFEST_FILE
|
|||
|
||||
Repeat this process for each replica you had in your Kafka cluster. Once completed, upgrade the cluster and the new Statefulset should reuse the existing PVCs.
|
||||
|
||||
### To 25.0.0
|
||||
|
||||
This major updates the Zookeeper subchart to it newest major, 12.0.0. For more information on this subchart's major, please refer to [zookeeper upgrade notes](https://github.com/bitnami/charts/tree/main/bitnami/zookeeper#to-1200).
|
||||
|
||||
### To 23.0.0
|
||||
|
||||
This major updates Kafka to its newest version, 3.5.x. For more information, please refer to [kafka upgrade notes](https://kafka.apache.org/35/documentation.html#upgrade).
|
||||
|
|
|
@ -2,7 +2,7 @@ annotations:
|
|||
category: Infrastructure
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 2.9.0
|
||||
appVersion: 2.9.1
|
||||
description: A Library Helm Chart for grouping common logic between bitnami charts.
|
||||
This chart is not deployable by itself.
|
||||
home: https://bitnami.com
|
||||
|
@ -20,4 +20,4 @@ name: common
|
|||
sources:
|
||||
- https://github.com/bitnami/charts
|
||||
type: library
|
||||
version: 2.9.0
|
||||
version: 2.9.1
|
||||
|
|
|
@ -60,12 +60,13 @@ Return a topologyKey definition
|
|||
|
||||
{{/*
|
||||
Return a soft podAffinity/podAntiAffinity definition
|
||||
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
|
||||
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
|
||||
*/}}
|
||||
{{- define "common.affinities.pods.soft" -}}
|
||||
{{- $component := default "" .component -}}
|
||||
{{- $customLabels := default (dict) .customLabels -}}
|
||||
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
|
||||
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- podAffinityTerm:
|
||||
labelSelector:
|
||||
|
@ -78,16 +79,30 @@ preferredDuringSchedulingIgnoredDuringExecution:
|
|||
{{- end }}
|
||||
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
|
||||
weight: 1
|
||||
{{- range $extraPodAffinityTerms }}
|
||||
- podAffinityTerm:
|
||||
labelSelector:
|
||||
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }}
|
||||
{{- if not (empty $component) }}
|
||||
{{ printf "app.kubernetes.io/component: %s" $component }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .extraMatchLabels }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
|
||||
weight: {{ .weight | default 1 -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return a hard podAffinity/podAntiAffinity definition
|
||||
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
|
||||
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
|
||||
*/}}
|
||||
{{- define "common.affinities.pods.hard" -}}
|
||||
{{- $component := default "" .component -}}
|
||||
{{- $customLabels := default (dict) .customLabels -}}
|
||||
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
|
||||
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }}
|
||||
|
@ -98,6 +113,17 @@ requiredDuringSchedulingIgnoredDuringExecution:
|
|||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
|
||||
{{- range $extraPodAffinityTerms }}
|
||||
- labelSelector:
|
||||
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }}
|
||||
{{- if not (empty $component) }}
|
||||
{{ printf "app.kubernetes.io/component: %s" $component }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .extraMatchLabels }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
|
|
|
@ -26,4 +26,4 @@ maintainers:
|
|||
name: zookeeper
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/zookeeper
|
||||
version: 12.1.0
|
||||
version: 12.1.1
|
||||
|
|
|
@ -423,6 +423,10 @@ Find more information about how to deal with common errors related to Bitnami's
|
|||
|
||||
## Upgrading
|
||||
|
||||
### To 12.0.0
|
||||
|
||||
This new version of the chart includes the new ZooKeeper major version 3.9.x. For more information, please refer to [Zookeeper 3.9.0 Release Notes](https://zookeeper.apache.org/doc/r3.9.0/releasenotes.html)
|
||||
|
||||
### To 11.0.0
|
||||
|
||||
This major version removes `commonAnnotations` and `commonLabels` from `volumeClaimTemplates`. Now annotations and labels can be set in volume claims using `persistence.annotations` and `persistence.labels` values. If the previous deployment has already set `commonAnnotations` and/or `commonLabels` values, to ensure a clean upgrade from previous version without loosing data, please set `persistence.annotations` and/or `persistence.labels` values with the same content as the common values.
|
||||
|
|
|
@ -61,8 +61,8 @@ spec:
|
|||
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.broker.affinity "context" $) | nindent 8 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAntiAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAffinityPreset "component" "broker" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.broker.podAntiAffinityPreset "component" "broker" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.broker.nodeAffinityPreset.type "key" .Values.broker.nodeAffinityPreset.key "values" .Values.broker.nodeAffinityPreset.values) | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.broker.nodeSelector }}
|
||||
|
|
|
@ -61,8 +61,8 @@ spec:
|
|||
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.controller.affinity "context" $) | nindent 8 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "kafka" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAffinityPreset "component" "controller-eligible" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.controller.podAntiAffinityPreset "component" "controller-eligible" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.controller.nodeAffinityPreset.type "key" .Values.controller.nodeAffinityPreset.key "values" .Values.controller.nodeAffinityPreset.values) | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.controller.nodeSelector }}
|
||||
|
|
|
@ -7,7 +7,7 @@ SPDX-License-Identifier: APACHE-2.0
|
|||
{{- $releaseNamespace := include "common.names.namespace" . -}}
|
||||
{{- $clusterDomain := .Values.clusterDomain -}}
|
||||
{{- $fullname := include "common.names.fullname" . -}}
|
||||
{{- $servicePort := int .Values.service.ports.client -}}
|
||||
{{- $containerPort := int .Values.listeners.client.containerPort -}}
|
||||
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
|
||||
kind: Deployment
|
||||
metadata:
|
||||
|
@ -40,8 +40,8 @@ spec:
|
|||
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.kafka.affinity "context" $) | nindent 8 }}
|
||||
{{- else }}
|
||||
affinity:
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAffinityPreset "component" "metrics" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAntiAffinityPreset "component" "metrics" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAffinityPreset "component" "cluster-metrics" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.metrics.kafka.podAntiAffinityPreset "component" "cluster-metrics" "customLabels" $podLabels "context" $) | nindent 10 }}
|
||||
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.metrics.kafka.nodeAffinityPreset.type "key" .Values.metrics.kafka.nodeAffinityPreset.key "values" .Values.metrics.kafka.nodeAffinityPreset.values) | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- if .Values.metrics.kafka.nodeSelector }}
|
||||
|
@ -92,10 +92,10 @@ spec:
|
|||
- |
|
||||
kafka_exporter \
|
||||
{{- range $i := until (int .Values.controller.replicaCount) }}
|
||||
--kafka.server={{ $fullname }}-controller-{{ $i }}.{{ $fullname }}-controller-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $servicePort }} \
|
||||
--kafka.server={{ $fullname }}-controller-{{ $i }}.{{ $fullname }}-controller-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $containerPort }} \
|
||||
{{- end }}
|
||||
{{- range $i := until (int .Values.broker.replicaCount) }}
|
||||
--kafka.server={{ $fullname }}-broker-{{ $i }}.{{ $fullname }}-broker-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $servicePort }} \
|
||||
--kafka.server={{ $fullname }}-broker-{{ $i }}.{{ $fullname }}-broker-headless.{{ $releaseNamespace }}.svc.{{ $clusterDomain }}:{{ $containerPort }} \
|
||||
{{- end }}
|
||||
{{- if regexFind "SASL" (upper .Values.listeners.client.protocol) }}
|
||||
--sasl.enabled \
|
||||
|
|
|
@ -80,7 +80,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/kafka
|
||||
tag: 3.5.1-debian-11-r25
|
||||
tag: 3.5.1-debian-11-r35
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -1254,7 +1254,7 @@ externalAccess:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/kubectl
|
||||
tag: 1.25.12-debian-11-r29
|
||||
tag: 1.25.13-debian-11-r5
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -1504,7 +1504,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/os-shell
|
||||
tag: 11-debian-11-r43
|
||||
tag: 11-debian-11-r51
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
@ -1586,7 +1586,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/kafka-exporter
|
||||
tag: 1.7.0-debian-11-r85
|
||||
tag: 1.7.0-debian-11-r93
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -1840,7 +1840,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/jmx-exporter
|
||||
tag: 0.19.0-debian-11-r49
|
||||
tag: 0.19.0-debian-11-r57
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
|
|
@ -4,9 +4,9 @@ dependencies:
|
|||
version: 6.6.0
|
||||
- name: mariadb
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 13.1.0
|
||||
version: 13.1.2
|
||||
- name: common
|
||||
repository: oci://registry-1.docker.io/bitnamicharts
|
||||
version: 2.9.0
|
||||
digest: sha256:19433d22b87927464569967e128b716709f4b8e8c99e59c5b6d00b6c61ed98f4
|
||||
generated: "2023-08-23T12:48:27.768104+02:00"
|
||||
version: 2.9.1
|
||||
digest: sha256:5df6e862af69422cc6e287bf9dd560b3a1e56d3b49b4bc81132b0db10903cd80
|
||||
generated: "2023-08-30T09:41:25.351778314Z"
|
||||
|
|
|
@ -6,14 +6,14 @@ annotations:
|
|||
category: CMS
|
||||
images: |
|
||||
- name: apache-exporter
|
||||
image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r23
|
||||
image: docker.io/bitnami/apache-exporter:1.0.1-debian-11-r29
|
||||
- name: os-shell
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r45
|
||||
image: docker.io/bitnami/os-shell:11-debian-11-r51
|
||||
- name: wordpress
|
||||
image: docker.io/bitnami/wordpress:6.3.0-debian-11-r13
|
||||
image: docker.io/bitnami/wordpress:6.3.1-debian-11-r0
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 6.3.0
|
||||
appVersion: 6.3.1
|
||||
dependencies:
|
||||
- condition: memcached.enabled
|
||||
name: memcached
|
||||
|
@ -47,4 +47,4 @@ maintainers:
|
|||
name: wordpress
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/wordpress
|
||||
version: 17.1.3
|
||||
version: 17.1.4
|
||||
|
|
|
@ -79,10 +79,10 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
### WordPress Image parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- |
|
||||
| ------------------- | --------------------------------------------------------------------------------------------------------- | -------------------- |
|
||||
| `image.registry` | WordPress image registry | `docker.io` |
|
||||
| `image.repository` | WordPress image repository | `bitnami/wordpress` |
|
||||
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.3.0-debian-11-r13` |
|
||||
| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.3.1-debian-11-r0` |
|
||||
| `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | WordPress image pull secrets | `[]` |
|
||||
|
@ -249,7 +249,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` |
|
||||
| `volumePermissions.image.registry` | OS Shell + Utility image registry | `docker.io` |
|
||||
| `volumePermissions.image.repository` | OS Shell + Utility image repository | `bitnami/os-shell` |
|
||||
| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r45` |
|
||||
| `volumePermissions.image.tag` | OS Shell + Utility image tag (immutable tags are recommended) | `11-debian-11-r51` |
|
||||
| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` |
|
||||
| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` |
|
||||
|
@ -281,7 +281,7 @@ The command removes all the Kubernetes components associated with the chart and
|
|||
| `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` |
|
||||
| `metrics.image.registry` | Apache exporter image registry | `docker.io` |
|
||||
| `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` |
|
||||
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `1.0.1-debian-11-r23` |
|
||||
| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `1.0.1-debian-11-r29` |
|
||||
| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` |
|
||||
| `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` |
|
||||
|
|
|
@ -2,7 +2,7 @@ annotations:
|
|||
category: Infrastructure
|
||||
licenses: Apache-2.0
|
||||
apiVersion: v2
|
||||
appVersion: 2.9.0
|
||||
appVersion: 2.9.1
|
||||
description: A Library Helm Chart for grouping common logic between bitnami charts.
|
||||
This chart is not deployable by itself.
|
||||
home: https://bitnami.com
|
||||
|
@ -20,4 +20,4 @@ name: common
|
|||
sources:
|
||||
- https://github.com/bitnami/charts
|
||||
type: library
|
||||
version: 2.9.0
|
||||
version: 2.9.1
|
||||
|
|
|
@ -60,12 +60,13 @@ Return a topologyKey definition
|
|||
|
||||
{{/*
|
||||
Return a soft podAffinity/podAntiAffinity definition
|
||||
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
|
||||
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
|
||||
*/}}
|
||||
{{- define "common.affinities.pods.soft" -}}
|
||||
{{- $component := default "" .component -}}
|
||||
{{- $customLabels := default (dict) .customLabels -}}
|
||||
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
|
||||
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
- podAffinityTerm:
|
||||
labelSelector:
|
||||
|
@ -78,16 +79,30 @@ preferredDuringSchedulingIgnoredDuringExecution:
|
|||
{{- end }}
|
||||
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
|
||||
weight: 1
|
||||
{{- range $extraPodAffinityTerms }}
|
||||
- podAffinityTerm:
|
||||
labelSelector:
|
||||
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }}
|
||||
{{- if not (empty $component) }}
|
||||
{{ printf "app.kubernetes.io/component: %s" $component }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .extraMatchLabels }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
|
||||
weight: {{ .weight | default 1 -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Return a hard podAffinity/podAntiAffinity definition
|
||||
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}}
|
||||
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
|
||||
*/}}
|
||||
{{- define "common.affinities.pods.hard" -}}
|
||||
{{- $component := default "" .component -}}
|
||||
{{- $customLabels := default (dict) .customLabels -}}
|
||||
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
|
||||
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }}
|
||||
|
@ -98,6 +113,17 @@ requiredDuringSchedulingIgnoredDuringExecution:
|
|||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
|
||||
{{- range $extraPodAffinityTerms }}
|
||||
- labelSelector:
|
||||
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }}
|
||||
{{- if not (empty $component) }}
|
||||
{{ printf "app.kubernetes.io/component: %s" $component }}
|
||||
{{- end }}
|
||||
{{- range $key, $value := .extraMatchLabels }}
|
||||
{{ $key }}: {{ $value | quote }}
|
||||
{{- end }}
|
||||
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
|
|
|
@ -33,4 +33,4 @@ maintainers:
|
|||
name: mariadb
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/mariadb
|
||||
version: 13.1.0
|
||||
version: 13.1.2
|
||||
|
|
|
@ -27,7 +27,7 @@ spec:
|
|||
externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{ .Values.primary.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{- toYaml .Values.primary.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{ end }}
|
||||
{{- if (and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP))) }}
|
||||
loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }}
|
||||
|
|
|
@ -28,7 +28,7 @@ spec:
|
|||
externalTrafficPolicy: {{ .Values.secondary.service.externalTrafficPolicy | quote }}
|
||||
{{- end }}
|
||||
{{- if and (eq .Values.secondary.service.type "LoadBalancer") .Values.secondary.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{ .Values.secondary.service.loadBalancerSourceRanges }}
|
||||
loadBalancerSourceRanges: {{- toYaml .Values.secondary.service.loadBalancerSourceRanges | nindent 4 }}
|
||||
{{ end }}
|
||||
{{- if and (eq .Values.secondary.service.type "LoadBalancer") (not (empty .Values.secondary.service.loadBalancerIP)) }}
|
||||
loadBalancerIP: {{ .Values.secondary.service.loadBalancerIP }}
|
||||
|
|
|
@ -76,7 +76,7 @@ diagnosticMode:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/wordpress
|
||||
tag: 6.3.0-debian-11-r13
|
||||
tag: 6.3.1-debian-11-r0
|
||||
digest: ""
|
||||
## Specify a imagePullPolicy
|
||||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||||
|
@ -766,7 +766,7 @@ volumePermissions:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/os-shell
|
||||
tag: 11-debian-11-r45
|
||||
tag: 11-debian-11-r51
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
@ -860,7 +860,7 @@ metrics:
|
|||
image:
|
||||
registry: docker.io
|
||||
repository: bitnami/apache-exporter
|
||||
tag: 1.0.1-debian-11-r23
|
||||
tag: 1.0.1-debian-11-r29
|
||||
digest: ""
|
||||
pullPolicy: IfNotPresent
|
||||
## Optionally specify an array of imagePullSecrets.
|
||||
|
|
|
@ -12,4 +12,4 @@ maintainers:
|
|||
- email: robertb@fairwinds.com
|
||||
name: rbren
|
||||
name: polaris
|
||||
version: 5.13.0
|
||||
version: 5.14.0
|
||||
|
|
|
@ -79,6 +79,7 @@ the 0.10.0 version of this chart will only work on kubernetes 1.14.0+
|
|||
| webhook.validate | bool | `true` | Enables the Validating Webhook, to reject resources with issues |
|
||||
| webhook.mutate | bool | `false` | Enables the Mutating Webhook, to modify resources with issues |
|
||||
| webhook.replicas | int | `2` | Number of replicas |
|
||||
| webhook.logLevel | string | `"info"` | Set the logging level for the Webhook command |
|
||||
| webhook.nodeSelector | object | `{}` | Webhook pod nodeSelector |
|
||||
| webhook.tolerations | list | `[]` | Webhook pod tolerations |
|
||||
| webhook.affinity | object | `{}` | Webhook pods affinity |
|
||||
|
|
|
@ -52,6 +52,9 @@ spec:
|
|||
{{- end }}
|
||||
- --validate={{ .Values.webhook.validate }}
|
||||
- --mutate={{ .Values.webhook.mutate }}
|
||||
{{- if .Values.webhook.logLevel }}
|
||||
- --log-level={{ .Values.webhook.logLevel }}
|
||||
{{- end }}
|
||||
image: '{{.Values.image.repository}}:{{.Values.image.tag | default .Chart.AppVersion }}'
|
||||
imagePullPolicy: '{{.Values.image.pullPolicy}}'
|
||||
ports:
|
||||
|
|
|
@ -139,6 +139,8 @@ webhook:
|
|||
mutate: false
|
||||
# webhook.replicas -- Number of replicas
|
||||
replicas: 2
|
||||
# webhook.logLevel -- Set the logging level for the Webhook command
|
||||
logLevel: info
|
||||
# webhook.nodeSelector -- Webhook pod nodeSelector
|
||||
nodeSelector: {}
|
||||
# webhook.tolerations -- Webhook pod tolerations
|
||||
|
|
|
@ -4,11 +4,11 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.20-0'
|
||||
catalog.cattle.io/release-name: harbor
|
||||
apiVersion: v1
|
||||
appVersion: 2.8.4
|
||||
appVersion: 2.9.0
|
||||
description: An open source trusted cloud native registry that stores, signs, and
|
||||
scans content
|
||||
home: https://goharbor.io
|
||||
icon: https://raw.githubusercontent.com/goharbor/website/master/static/img/logos/harbor-icon-color.png
|
||||
icon: https://raw.githubusercontent.com/goharbor/website/main/static/img/logos/harbor-icon-color.png
|
||||
keywords:
|
||||
- docker
|
||||
- registry
|
||||
|
@ -24,4 +24,4 @@ name: harbor
|
|||
sources:
|
||||
- https://github.com/goharbor/harbor
|
||||
- https://github.com/goharbor/harbor-helm
|
||||
version: 1.12.4
|
||||
version: 1.13.0
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Helm Chart for Harbor
|
||||
|
||||
**Notes:** The master branch is in heavy development, please use the other stable versions instead. A highly available solution for Harbor based on chart can be find [here](docs/High%20Availability.md). And refer to the [guide](docs/Upgrade.md) to upgrade the existing deployment.
|
||||
**Notes:** The master branch is in heavy development, please use the other stable versions instead. A highly available solution for Harbor based on chart can be found [here](docs/High%20Availability.md). And refer to the [guide](docs/Upgrade.md) to upgrade the existing deployment.
|
||||
|
||||
This repository, including the issues, focuses on deploying Harbor chart via helm. For functionality issues or Harbor questions, please open issues on [goharbor/harbor](https://github.com/goharbor/harbor)
|
||||
|
||||
|
@ -38,7 +38,7 @@ The following items can be set via `--set` flag during installation or configure
|
|||
The external URL for Harbor core service is used to:
|
||||
|
||||
1. populate the docker/helm commands showed on portal
|
||||
2. populate the token service URL returned to docker/notary client
|
||||
2. populate the token service URL returned to docker client
|
||||
|
||||
Format: `protocol://domain[:port]`. Usually:
|
||||
|
||||
|
@ -83,37 +83,30 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `expose.tls.certSource` | The source of the TLS certificate. Set as `auto`, `secret` or `none` and fill the information in the corresponding section: 1) auto: generate the TLS certificate automatically 2) secret: read the TLS certificate from the specified secret. The TLS certificate can be generated manually or by cert manager 3) none: configure no TLS certificate for the ingress. If the default TLS certificate is configured in the ingress controller, choose this option | `auto` |
|
||||
| `expose.tls.auto.commonName` | The common name used to generate the certificate, it's necessary when the type isn't `ingress` | |
|
||||
| `expose.tls.secret.secretName` | The name of secret which contains keys named: `tls.crt` - the certificate; `tls.key` - the private key | |
|
||||
| `expose.tls.secret.notarySecretName` | The name of secret which contains keys named: `tls.crt` - the certificate; `tls.key` - the private key. Only needed when the `expose.type` is `ingress` | |
|
||||
| `expose.ingress.hosts.core` | The host of Harbor core service in ingress rule | `core.harbor.domain` |
|
||||
| `expose.ingress.hosts.notary` | The host of Harbor Notary service in ingress rule | `notary.harbor.domain` |
|
||||
| `expose.ingress.controller` | The ingress controller type. Currently supports `default`, `gce`, `alb`, `f5-bigip` and `ncp` | `default` |
|
||||
| `expose.ingress.kubeVersionOverride` | Allows the ability to override the kubernetes version used while templating the ingress | |
|
||||
| `expose.ingress.annotations` | The annotations used commonly for ingresses | |
|
||||
| `expose.ingress.harbor.annotations` | The annotations specific to harbor ingress | {} |
|
||||
| `expose.ingress.harbor.labels` | The labels specific to harbor ingress | {} |
|
||||
| `expose.ingress.notary.annotations` | The annotations specific to notary ingress | {} |
|
||||
| `expose.ingress.notary.labels` | The labels specific to notary ingress | {} |
|
||||
| `expose.clusterIP.name` | The name of ClusterIP service | `harbor` |
|
||||
| `expose.clusterIP.annotations` | The annotations attached to the ClusterIP service | {} |
|
||||
| `expose.clusterIP.ports.httpPort` | The service port Harbor listens on when serving HTTP | `80` |
|
||||
| `expose.clusterIP.ports.httpsPort` | The service port Harbor listens on when serving HTTPS | `443` |
|
||||
| `expose.clusterIP.ports.notaryPort` | The service port Notary listens on. Only needed when `notary.enabled` is set to `true` | `4443` |
|
||||
| `expose.nodePort.name` | The name of NodePort service | `harbor` |
|
||||
| `expose.nodePort.ports.http.port` | The service port Harbor listens on when serving HTTP | `80` |
|
||||
| `expose.nodePort.ports.http.nodePort` | The node port Harbor listens on when serving HTTP | `30002` |
|
||||
| `expose.nodePort.ports.https.port` | The service port Harbor listens on when serving HTTPS | `443` |
|
||||
| `expose.nodePort.ports.https.nodePort` | The node port Harbor listens on when serving HTTPS | `30003` |
|
||||
| `expose.nodePort.ports.notary.port` | The service port Notary listens on. Only needed when `notary.enabled` is set to `true` | `4443` |
|
||||
| `expose.nodePort.ports.notary.nodePort` | The node port Notary listens on. Only needed when `notary.enabled` is set to `true` | `30004` |
|
||||
| `expose.loadBalancer.name` | The name of service | `harbor` |
|
||||
| `expose.loadBalancer.IP` | The IP of the loadBalancer. It only works when loadBalancer supports assigning IP | `""` |
|
||||
| `expose.loadBalancer.ports.httpPort` | The service port Harbor listens on when serving HTTP | `80` |
|
||||
| `expose.loadBalancer.ports.httpsPort` | The service port Harbor listens on when serving HTTPS | `30002` |
|
||||
| `expose.loadBalancer.ports.notaryPort` | The service port Notary listens on. Only needed when `notary.enabled` is set to `true` | |
|
||||
| `expose.loadBalancer.annotations` | The annotations attached to the loadBalancer service | {} |
|
||||
| `expose.loadBalancer.sourceRanges` | List of IP address ranges to assign to loadBalancerSourceRanges | [] |
|
||||
| **Internal TLS** | | |
|
||||
| `internalTLS.enabled` | Enable TLS for the components (core, jobservice, portal, registry, trivy) | `false` |
|
||||
| `internalTLS.strong_ssl_ciphers` | Enable strong ssl ciphers for nginx and portal | `false`
|
||||
| `internalTLS.certSource` | Method to provide TLS for the components, options are `auto`, `manual`, `secret`. | `auto` |
|
||||
| `internalTLS.trustCa` | The content of trust CA, only available when `certSource` is `manual`. **Note**: all the internal certificates of the components must be issued by this CA | |
|
||||
| `internalTLS.core.secretName` | The secret name for core component, only available when `certSource` is `secret`. The secret must contain keys named: `ca.crt` - the CA certificate which is used to issue internal key and crt pair for components and all Harbor components must be issued by the same CA, `tls.crt` - the content of the TLS cert file, `tls.key` - the content of the TLS key file. | |
|
||||
|
@ -201,6 +194,7 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `nginx.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `nginx.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `nginx.affinity` | Node/Pod affinities | `{}` |
|
||||
| `nginx.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
|
||||
| `nginx.podAnnotations` | Annotations to add to the nginx pod | `{}` |
|
||||
| `nginx.priorityClassName` | The priority class to run the pod as | |
|
||||
| **Portal** | | |
|
||||
|
@ -213,6 +207,7 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `portal.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `portal.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `portal.affinity` | Node/Pod affinities | `{}` |
|
||||
| `portal.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
|
||||
| `portal.podAnnotations` | Annotations to add to the portal pod | `{}` |
|
||||
| `portal.priorityClassName` | The priority class to run the pod as | |
|
||||
| **Core** | | |
|
||||
|
@ -226,8 +221,11 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `core.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `core.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `core.affinity` | Node/Pod affinities | `{}` |
|
||||
| `core.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
|
||||
| `core.podAnnotations` | Annotations to add to the core pod | `{}` |
|
||||
| `core.serviceAnnotations` | Annotations to add to the core service | `{}` |
|
||||
| `core.configureUserSettings` | A JSON string to set in the environment variable `CONFIG_OVERWRITE_JSON` to configure user settings. See the [official docs](https://goharbor.io/docs/latest/install-config/configure-user-settings-cli/#configure-users-settings-using-an-environment-variable). | |
|
||||
| `core.quotaUpdateProvider` | The provider for updating project quota(usage), there are 2 options, redis or db. By default it is implemented by db but you can configure it to redis which can improve the performance of high concurrent pushing to the same project, and reduce the database connections spike and occupies. Using redis will bring up some delay for quota usage updation for display, so only suggest switch provider to redis if you were ran into the db connections spike around the scenario of high concurrent pushing to same project, no improvment for other scenes. | `db` |
|
||||
| `core.secret` | Secret is used when core server communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
|
||||
| `core.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate and private key for token encryption/decryption. The secret must contain keys named: `tls.crt` - the certificate and `tls.key` - the private key. The default key pair will be used if it isn't set | |
|
||||
| `core.tokenKey` | PEM-formatted RSA private key used to sign service tokens. Only used if `core.secretName` is unset. If set, `core.tokenCert` MUST also be set. | |
|
||||
|
@ -253,6 +251,7 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `jobservice.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `jobservice.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `jobservice.affinity` | Node/Pod affinities | `{}` |
|
||||
| `jobservice.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
|
||||
| `jobservice.podAnnotations` | Annotations to add to the jobservice pod | `{}` |
|
||||
| `jobservice.priorityClassName` | The priority class to run the pod as | |
|
||||
| `jobservice.secret` | Secret is used when job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
|
||||
|
@ -269,12 +268,13 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `registry.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
|
||||
| `registry.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `registry.affinity` | Node/Pod affinities | `{}` |
|
||||
| `registry.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
|
||||
| `registry.middleware` | Middleware is used to add support for a CDN between backend storage and `docker pull` recipient. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#middleware). | |
|
||||
| `registry.podAnnotations` | Annotations to add to the registry pod | `{}` |
|
||||
| `registry.priorityClassName` | The priority class to run the pod as | |
|
||||
| `registry.secret` | Secret is used to secure the upload state from client and registry storage backend. See [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#http). If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
|
||||
| `registry.credentials.username` | The username for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). | `harbor_registry_user` |
|
||||
| `registry.credentials.password` | The password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). It is suggested you update this value before installation. | `harbor_registry_password` |
|
||||
| `registry.credentials.username` | The username that harbor core uses internally to access the registry instance. Together with the `registry.credentials.password`, a htpasswd is created. This is an alternative to providing `registry.credentials.htpasswdString`. For more details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). | `harbor_registry_user` |
|
||||
| `registry.credentials.password` | The password that harbor core uses internally to access the registry instance. Together with the `registry.credentials.username`, a htpasswd is created. This is an alternative to providing `registry.credentials.htpasswdString`. For more details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). It is suggested you update this value before installation. | `harbor_registry_password` |
|
||||
| `registry.credentials.existingSecret` | An existing secret containing the password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). The key must be `REGISTRY_PASSWD` | `""` |
|
||||
| `registry.credentials.htpasswdString` | Login and password in htpasswd string format. Excludes `registry.credentials.username` and `registry.credentials.password`. May come in handy when integrating with tools like argocd or flux. This allows the same line to be generated each time the template is rendered, instead of the `htpasswd` function from helm, which generates different lines each time because of the salt. | undefined |
|
||||
| `registry.relativeurls` | If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. Needed if harbor is behind a reverse proxy | `false` |
|
||||
|
@ -300,26 +300,7 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `trivy.timeout` | The duration to wait for scan completion | `5m0s` |
|
||||
| `trivy.gitHubToken` | The GitHub access token to download [Trivy DB][trivy-db] (see [GitHub rate limiting][trivy-rate-limiting]) | |
|
||||
| `trivy.priorityClassName` | The priority class to run the pod as | |
|
||||
| **Notary** | | |
|
||||
| `notary.enabled` | Enable Notary? | `true` |
|
||||
| `notary.server.image.repository` | Repository for notary server image | `goharbor/notary-server-photon` |
|
||||
| `notary.server.image.tag` | Tag for notary server image | `dev` |
|
||||
| `notary.server.replicas` | The replica count | `1` |
|
||||
| `notary.server.resources` | The [resources] to allocate for container | undefined |
|
||||
| `notary.server.priorityClassName` | The priority class to run the pod as | |
|
||||
| `notary.server.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
|
||||
| `notary.signer.image.repository` | Repository for notary signer image | `goharbor/notary-signer-photon` |
|
||||
| `notary.signer.image.tag` | Tag for notary signer image | `dev` |
|
||||
| `notary.signer.replicas` | The replica count | `1` |
|
||||
| `notary.signer.resources` | The [resources] to allocate for container | undefined |
|
||||
| `notary.signer.priorityClassName` | The priority class to run the pod as | |
|
||||
| `notary.signer.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
|
||||
| `notary.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `notary.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `notary.affinity` | Node/Pod affinities | `{}` |
|
||||
| `notary.podAnnotations` | Annotations to add to the notary pod | `{}` |
|
||||
| `notary.serviceAnnotations` | Annotations to add to the notary service | `{}` |
|
||||
| `notary.secretName` | Fill the name of a kubernetes secret if you want to use your own TLS certificate authority, certificate and private key for notary communications. The secret must contain keys named `ca.crt`, `tls.crt` and `tls.key` that contain the CA, certificate and private key. They will be generated if not set. | |
|
||||
| `trivy.topologySpreadConstraints` | The priority class to run the pod as | |
|
||||
| **Database** | | |
|
||||
| `database.type` | If external database is used, set it to `external` | `internal` |
|
||||
| `database.internal.image.repository` | Repository for database image | `goharbor/harbor-db` |
|
||||
|
@ -341,8 +322,6 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `database.external.username` | The username of external database | `user` |
|
||||
| `database.external.password` | The password of external database | `password` |
|
||||
| `database.external.coreDatabase` | The database used by core service | `registry` |
|
||||
| `database.external.notaryServerDatabase` | The database used by Notary server | `notary_server` |
|
||||
| `database.external.notarySignerDatabase` | The database used by Notary signer | `notary_signer` |
|
||||
| `database.external.existingSecret` | An existing password containing the database password. the key must be `password`. | `""` |
|
||||
| `database.external.sslmode` | Connection method of external database (require, verify-full, verify-ca, disable) | `disable` |
|
||||
| `database.maxIdleConns` | The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. | `50` |
|
||||
|
@ -384,6 +363,7 @@ The following table lists the configurable parameters of the Harbor chart and th
|
|||
| `exporter.nodeSelector` | Node labels for pod assignment | `{}` |
|
||||
| `exporter.tolerations` | Tolerations for pod assignment | `[]` |
|
||||
| `exporter.affinity` | Node/Pod affinities | `{}` |
|
||||
| `exporter.topologySpreadConstraints` | Constraints that define how Pods are spread across failure-domains like regions or availability zones | `[]` |
|
||||
| `exporter.automountServiceAccountToken` | Mount serviceAccountToken? | `false` |
|
||||
| `exporter.cacheDuration` | the cache duration for information that exporter collected from Harbor | `30` |
|
||||
| `exporter.cacheCleanInterval` | cache clean interval for information that exporter collected from Harbor | `14400` |
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
{
|
||||
"server": {
|
||||
"http_addr": ":4443"
|
||||
},
|
||||
"trust_service": {
|
||||
"type": "remote",
|
||||
"hostname": "{{ template "harbor.notary-signer" . }}",
|
||||
"port": "7899",
|
||||
"tls_ca_file": "/etc/ssl/notary/ca.crt",
|
||||
"key_algorithm": "ecdsa"
|
||||
},
|
||||
"logging": {
|
||||
"level": "{{ .Values.logLevel }}"
|
||||
},
|
||||
"storage": {
|
||||
"backend": "postgres",
|
||||
"db_url": "{{ template "harbor.database.notaryServer" . }}"
|
||||
},
|
||||
"auth": {
|
||||
"type": "token",
|
||||
"options": {
|
||||
"realm": "{{ .Values.externalURL }}/service/token",
|
||||
"service": "harbor-notary",
|
||||
"issuer": "harbor-token-issuer",
|
||||
"rootcertbundle": "/root.crt"
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
{
|
||||
"server": {
|
||||
"grpc_addr": ":7899",
|
||||
"tls_cert_file": "/etc/ssl/notary/tls.crt",
|
||||
"tls_key_file": "/etc/ssl/notary/tls.key"
|
||||
},
|
||||
"logging": {
|
||||
"level": "{{ .Values.logLevel }}"
|
||||
},
|
||||
"storage": {
|
||||
"backend": "postgres",
|
||||
"db_url": "{{ template "harbor.database.notarySigner" . }}",
|
||||
"default_alias": "defaultalias"
|
||||
}
|
||||
}
|
|
@ -111,22 +111,6 @@ app: "{{ template "harbor.name" . }}"
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.database.notaryServerDatabase" -}}
|
||||
{{- if eq .Values.database.type "internal" -}}
|
||||
{{- printf "%s" "notaryserver" -}}
|
||||
{{- else -}}
|
||||
{{- .Values.database.external.notaryServerDatabase -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.database.notarySignerDatabase" -}}
|
||||
{{- if eq .Values.database.type "internal" -}}
|
||||
{{- printf "%s" "notarysigner" -}}
|
||||
{{- else -}}
|
||||
{{- .Values.database.external.notarySignerDatabase -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.database.sslmode" -}}
|
||||
{{- if eq .Values.database.type "internal" -}}
|
||||
{{- printf "%s" "disable" -}}
|
||||
|
@ -135,14 +119,6 @@ app: "{{ template "harbor.name" . }}"
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.database.notaryServer" -}}
|
||||
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notaryServerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.database.notarySigner" -}}
|
||||
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notarySignerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.redis.scheme" -}}
|
||||
{{- with .Values.redis }}
|
||||
{{- ternary "redis+sentinel" "redis" (and (eq .type "external" ) (not (not .external.sentinelMasterSet))) }}
|
||||
|
@ -263,14 +239,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
{{- printf "%s-trivy" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.notary-server" -}}
|
||||
{{- printf "%s-notary-server" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.notary-signer" -}}
|
||||
{{- printf "%s-notary-signer" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.nginx" -}}
|
||||
{{- printf "%s-nginx" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
@ -283,12 +251,8 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
{{- printf "%s-ingress" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.ingress-notary" -}}
|
||||
{{- printf "%s-ingress-notary" (include "harbor.fullname" .) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.noProxy" -}}
|
||||
{{- printf "%s,%s,%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.notary-server" .) (include "harbor.notary-signer" .) (include "harbor.registry" .) (include "harbor.portal" .) (include "harbor.trivy" .) (include "harbor.exporter" .) .Values.proxy.noProxy -}}
|
||||
{{- printf "%s,%s,%s,%s,%s,%s,%s,%s" (include "harbor.core" .) (include "harbor.jobservice" .) (include "harbor.database" .) (include "harbor.registry" .) (include "harbor.portal" .) (include "harbor.trivy" .) (include "harbor.exporter" .) .Values.proxy.noProxy -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.caBundleVolume" -}}
|
||||
|
@ -303,7 +267,7 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
subPath: ca.crt
|
||||
{{- end -}}
|
||||
|
||||
{{/* scheme for all components except notary because it only support http mode */}}
|
||||
{{/* scheme for all components because it only support http mode */}}
|
||||
{{- define "harbor.component.scheme" -}}
|
||||
{{- if .Values.internalTLS.enabled -}}
|
||||
{{- printf "https" -}}
|
||||
|
@ -506,16 +470,6 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.tlsNotarySecretForIngress" -}}
|
||||
{{- if eq .Values.expose.tls.certSource "none" -}}
|
||||
{{- printf "" -}}
|
||||
{{- else if eq .Values.expose.tls.certSource "secret" -}}
|
||||
{{- .Values.expose.tls.secret.notarySecretName -}}
|
||||
{{- else -}}
|
||||
{{- include "harbor.ingress" . -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.tlsSecretForNginx" -}}
|
||||
{{- if eq .Values.expose.tls.certSource "secret" -}}
|
||||
{{- .Values.expose.tls.secret.secretName -}}
|
||||
|
@ -537,7 +491,7 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
|
|||
TRACE_SAMPLE_RATE: "{{ .Values.trace.sample_rate }}"
|
||||
TRACE_NAMESPACE: "{{ .Values.trace.namespace }}"
|
||||
{{- if .Values.trace.attributes }}
|
||||
TRACE_ATTRIBUTES: "{{ .Values.trace.attributes | toJson }}"
|
||||
TRACE_ATTRIBUTES: {{ .Values.trace.attributes | toJson | squote }}
|
||||
{{- end }}
|
||||
{{- if eq .Values.trace.provider "jaeger" }}
|
||||
TRACE_JAEGER_ENDPOINT: "{{ .Values.trace.jaeger.endpoint }}"
|
||||
|
|
|
@ -26,8 +26,6 @@ data:
|
|||
JOBSERVICE_URL: "{{ template "harbor.jobserviceURL" . }}"
|
||||
REGISTRY_URL: "{{ template "harbor.registryURL" . }}"
|
||||
TOKEN_SERVICE_URL: "{{ template "harbor.tokenServiceURL" . }}"
|
||||
WITH_NOTARY: "{{ .Values.notary.enabled }}"
|
||||
NOTARY_URL: "http://{{ template "harbor.notary-server" . }}:4443"
|
||||
CORE_LOCAL_URL: "{{ ternary "https://127.0.0.1:8443" "http://127.0.0.1:8080" .Values.internalTLS.enabled }}"
|
||||
WITH_TRIVY: {{ .Values.trivy.enabled | quote }}
|
||||
TRIVY_ADAPTER_URL: "{{ template "harbor.trivyAdapterURL" . }}"
|
||||
|
@ -83,3 +81,7 @@ data:
|
|||
CACHE_ENABLED: "true"
|
||||
CACHE_EXPIRE_HOURS: "{{ .Values.cache.expireHours }}"
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.core.quotaUpdateProvider }}
|
||||
QUOTA_UPDATE_PROVIDER: "{{ .Values.core.quotaUpdateProvider }}"
|
||||
{{- end }}
|
|
@ -17,6 +17,9 @@ spec:
|
|||
labels:
|
||||
{{ include "harbor.matchLabels" . | indent 8 }}
|
||||
component: core
|
||||
{{- if .Values.core.podLabels }}
|
||||
{{ toYaml .Values.core.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/configmap: {{ include (print $.Template.BasePath "/core/core-cm.yaml") . | sha256sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
|
||||
|
@ -42,6 +45,16 @@ spec:
|
|||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.core.automountServiceAccountToken | default false }}
|
||||
terminationGracePeriodSeconds: 120
|
||||
{{- with .Values.core.topologySpreadConstraints}}
|
||||
topologySpreadConstraints:
|
||||
{{- range . }}
|
||||
- {{ . | toYaml | indent 8 | trim }}
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
{{ include "harbor.matchLabels" $ | indent 12 }}
|
||||
component: core
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: core
|
||||
image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
|
||||
|
@ -117,6 +130,9 @@ spec:
|
|||
name: {{ .Values.registry.credentials.existingSecret }}
|
||||
key: REGISTRY_PASSWD
|
||||
{{- end }}
|
||||
{{- with .Values.core.extraEnvVars }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: {{ template "harbor.core.containerPort" . }}
|
||||
volumeMounts:
|
||||
|
|
|
@ -25,4 +25,7 @@ data:
|
|||
REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
|
||||
{{- end }}
|
||||
CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }}
|
||||
{{- if .Values.core.configureUserSettings }}
|
||||
CONFIG_OVERWRITE_JSON: {{ .Values.core.configureUserSettings | b64enc | quote }}
|
||||
{{- end }}
|
||||
{{- template "harbor.traceJaegerPassword" . }}
|
||||
|
|
|
@ -19,6 +19,9 @@ spec:
|
|||
labels:
|
||||
{{ include "harbor.labels" . | indent 8 }}
|
||||
component: database
|
||||
{{- if .Values.database.podLabels }}
|
||||
{{ toYaml .Values.database.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/database/database-secret.yaml") . | sha256sum }}
|
||||
{{- if .Values.database.podAnnotations }}
|
||||
|
@ -102,6 +105,9 @@ spec:
|
|||
# more detail refer to https://github.com/goharbor/harbor-helm/issues/756
|
||||
- name: PGDATA
|
||||
value: "/var/lib/postgresql/data/pgdata"
|
||||
{{- with .Values.database.internal.extraEnvVars }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: database-data
|
||||
mountPath: /var/lib/postgresql/data
|
||||
|
|
|
@ -18,7 +18,15 @@ spec:
|
|||
labels:
|
||||
{{ include "harbor.labels" . | indent 8 }}
|
||||
component: exporter
|
||||
{{- if .Values.exporter.podLabels }}
|
||||
{{ toYaml .Values.exporter.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
|
||||
checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
|
||||
{{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }}
|
||||
checksum/tls: {{ include (print $.Template.BasePath "/core/core-tls.yaml") . | sha256sum }}
|
||||
{{- end }}
|
||||
{{- if .Values.exporter.podAnnotations }}
|
||||
{{ toYaml .Values.exporter.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
|
@ -34,6 +42,16 @@ spec:
|
|||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.exporter.automountServiceAccountToken | default false }}
|
||||
{{- with .Values.exporter.topologySpreadConstraints }}
|
||||
topologySpreadConstraints:
|
||||
{{- range . }}
|
||||
- {{ . | toYaml | indent 8 | trim }}
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
{{ include "harbor.matchLabels" $ | indent 12 }}
|
||||
component: exporter
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: exporter
|
||||
image: {{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}
|
||||
|
@ -74,6 +92,10 @@ spec:
|
|||
{{- if .Values.exporter.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.exporter.resources | indent 10 }}
|
||||
{{- end }}
|
||||
{{- with .Values.exporter.extraEnvVars }}
|
||||
env:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: {{ template "harbor.core.containerPort" . }}
|
||||
|
|
|
@ -8,7 +8,6 @@
|
|||
{{- $_ := set . "v2_path" "/v2/*" -}}
|
||||
{{- $_ := set . "chartrepo_path" "/chartrepo/*" -}}
|
||||
{{- $_ := set . "controller_path" "/c/*" -}}
|
||||
{{- $_ := set . "notary_path" "/" -}}
|
||||
{{- else if eq .Values.expose.ingress.controller "ncp" }}
|
||||
{{- $_ := set . "portal_path" "/.*" -}}
|
||||
{{- $_ := set . "api_path" "/api/.*" -}}
|
||||
|
@ -16,7 +15,6 @@
|
|||
{{- $_ := set . "v2_path" "/v2/.*" -}}
|
||||
{{- $_ := set . "chartrepo_path" "/chartrepo/.*" -}}
|
||||
{{- $_ := set . "controller_path" "/c/.*" -}}
|
||||
{{- $_ := set . "notary_path" "/.*" -}}
|
||||
{{- else }}
|
||||
{{- $_ := set . "portal_path" "/" -}}
|
||||
{{- $_ := set . "api_path" "/api/" -}}
|
||||
|
@ -24,7 +22,6 @@
|
|||
{{- $_ := set . "v2_path" "/v2/" -}}
|
||||
{{- $_ := set . "chartrepo_path" "/chartrepo/" -}}
|
||||
{{- $_ := set . "controller_path" "/c/" -}}
|
||||
{{- $_ := set . "notary_path" "/" -}}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
|
@ -145,65 +142,4 @@ spec:
|
|||
host: {{ $ingress.hosts.core }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.notary.enabled }}
|
||||
---
|
||||
{{- if semverCompare "<1.14-0" (include "harbor.ingress.kubeVersion" .) }}
|
||||
apiVersion: extensions/v1beta1
|
||||
{{- else if semverCompare "<1.19-0" (include "harbor.ingress.kubeVersion" .) }}
|
||||
apiVersion: networking.k8s.io/v1beta1
|
||||
{{- else }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
{{- end }}
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: "{{ template "harbor.ingress-notary" . }}"
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
{{- if $ingress.notary.labels }}
|
||||
{{ toYaml $ingress.notary.labels | indent 4 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{ toYaml $ingress.annotations | indent 4 }}
|
||||
{{- if eq .Values.expose.ingress.controller "ncp" }}
|
||||
ncp/use-regex: "true"
|
||||
{{- if $tls.enabled }}
|
||||
ncp/http-redirect: "true"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if $ingress.notary.annotations }}
|
||||
{{ toYaml $ingress.notary.annotations | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if $ingress.className }}
|
||||
ingressClassName: {{ $ingress.className }}
|
||||
{{- end }}
|
||||
{{- if $tls.enabled }}
|
||||
tls:
|
||||
- secretName: {{ template "harbor.tlsNotarySecretForIngress" . }}
|
||||
{{- if $ingress.hosts.notary }}
|
||||
hosts:
|
||||
- {{ $ingress.hosts.notary }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
- path: {{ .notary_path }}
|
||||
{{- if semverCompare "<1.19-0" (include "harbor.ingress.kubeVersion" .) }}
|
||||
backend:
|
||||
serviceName: {{ template "harbor.notary-server" . }}
|
||||
servicePort: 4443
|
||||
{{- else }}
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: {{ template "harbor.notary-server" . }}
|
||||
port:
|
||||
number: 4443
|
||||
{{- end -}}
|
||||
{{- if $ingress.hosts.notary }}
|
||||
host: {{ $ingress.hosts.notary }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{{- if eq (include "harbor.autoGenCertForIngress" .) "true" }}
|
||||
{{- $ca := genCA "harbor-ca" 365 }}
|
||||
{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core .Values.expose.ingress.hosts.notary) 365 $ca }}
|
||||
{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core) 365 $ca }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
|
|
|
@ -22,6 +22,9 @@ spec:
|
|||
labels:
|
||||
{{ include "harbor.labels" . | indent 8 }}
|
||||
component: jobservice
|
||||
{{- if .Values.jobservice.podLabels }}
|
||||
{{ toYaml .Values.jobservice.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/configmap: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm.yaml") . | sha256sum }}
|
||||
checksum/configmap-env: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm-env.yaml") . | sha256sum }}
|
||||
|
@ -48,6 +51,16 @@ spec:
|
|||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.jobservice.automountServiceAccountToken | default false }}
|
||||
terminationGracePeriodSeconds: 120
|
||||
{{- with .Values.jobservice.topologySpreadConstraints}}
|
||||
topologySpreadConstraints:
|
||||
{{- range . }}
|
||||
- {{ . | toYaml | indent 8 | trim }}
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
{{ include "harbor.matchLabels" $ | indent 12 }}
|
||||
component: jobservice
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: jobservice
|
||||
image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }}
|
||||
|
@ -93,6 +106,9 @@ spec:
|
|||
name: {{ .Values.registry.credentials.existingSecret }}
|
||||
key: REGISTRY_PASSWD
|
||||
{{- end }}
|
||||
{{- with .Values.jobservice.extraEnvVars }}
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "{{ template "harbor.jobservice" . }}-env"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
|
||||
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
|
|
|
@ -36,12 +36,6 @@ data:
|
|||
server "{{ template "harbor.portal" . }}:{{ template "harbor.portal.servicePort" . }}";
|
||||
}
|
||||
|
||||
{{- if .Values.notary.enabled }}
|
||||
upstream notary-server {
|
||||
server {{ template "harbor.notary-server" . }}:4443;
|
||||
}
|
||||
{{- end }}
|
||||
|
||||
log_format timed_combined '[$time_local]:$remote_addr - '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" '
|
||||
|
@ -54,47 +48,6 @@ data:
|
|||
"" $scheme;
|
||||
}
|
||||
|
||||
{{- if .Values.notary.enabled }}
|
||||
server {
|
||||
{{- if .Values.ipFamily.ipv4.enabled }}
|
||||
listen 4443 ssl;
|
||||
{{- end}}
|
||||
{{- if .Values.ipFamily.ipv6.enabled}}
|
||||
listen [::]:4443 ssl;
|
||||
{{- end }}
|
||||
server_tokens off;
|
||||
# ssl
|
||||
ssl_certificate /etc/nginx/cert/tls.crt;
|
||||
ssl_certificate_key /etc/nginx/cert/tls.key;
|
||||
|
||||
# recommendations from https://raymii.org/s/tutorials/strong_ssl_security_on_nginx.html
|
||||
ssl_protocols tlsv1.2;
|
||||
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:ssl:10m;
|
||||
|
||||
# disable any limits to avoid http 413 for large image uploads
|
||||
client_max_body_size 0;
|
||||
|
||||
# required to avoid http 411: see issue #1486 (https://github.com/docker/docker/issues/1486)
|
||||
chunked_transfer_encoding on;
|
||||
|
||||
location /v2/ {
|
||||
proxy_pass http://notary-server/v2/;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
|
||||
proxy_send_timeout 900;
|
||||
proxy_read_timeout 900;
|
||||
}
|
||||
}
|
||||
{{- end }}
|
||||
|
||||
server {
|
||||
{{- if .Values.ipFamily.ipv4.enabled }}
|
||||
listen 8443 ssl;
|
||||
|
@ -109,8 +62,12 @@ data:
|
|||
ssl_certificate_key /etc/nginx/cert/tls.key;
|
||||
|
||||
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
{{- if .Values.internalTLS.strong_ssl_ciphers }}
|
||||
ssl_ciphers ECDHE+AESGCM:DHE+AESGCM:ECDHE+RSA+SHA256:DHE+RSA+SHA256:!AES128;
|
||||
{{ else }}
|
||||
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
|
||||
{{- end }}
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
|
||||
|
|
|
@ -18,6 +18,9 @@ spec:
|
|||
labels:
|
||||
{{ include "harbor.labels" . | indent 8 }}
|
||||
component: nginx
|
||||
{{- if .Values.nginx.podLabels }}
|
||||
{{ toYaml .Values.nginx.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- if not .Values.expose.tls.enabled }}
|
||||
checksum/configmap: {{ include (print $.Template.BasePath "/nginx/configmap-http.yaml") . | sha256sum }}
|
||||
|
@ -42,6 +45,16 @@ spec:
|
|||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.nginx.automountServiceAccountToken | default false }}
|
||||
{{- with .Values.nginx.topologySpreadConstraints}}
|
||||
topologySpreadConstraints:
|
||||
{{- range . }}
|
||||
- {{ . | toYaml | indent 8 | trim }}
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
{{ include "harbor.matchLabels" $ | indent 12 }}
|
||||
component: nginx
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: nginx
|
||||
image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}"
|
||||
|
@ -69,6 +82,10 @@ spec:
|
|||
{{- if .Values.nginx.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.nginx.resources | indent 10 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nginx.extraEnvVars }}
|
||||
env:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
|
|
|
@ -22,11 +22,6 @@ spec:
|
|||
port: {{ $clusterIP.ports.httpsPort }}
|
||||
targetPort: 8443
|
||||
{{- end }}
|
||||
{{- if .Values.notary.enabled }}
|
||||
- name: notary
|
||||
port: {{ $clusterIP.ports.notaryPort }}
|
||||
targetPort: 4443
|
||||
{{- end }}
|
||||
{{- else if eq .Values.expose.type "nodePort" }}
|
||||
{{- $nodePort := .Values.expose.nodePort }}
|
||||
name: {{ $nodePort.name }}
|
||||
|
@ -49,14 +44,6 @@ spec:
|
|||
nodePort: {{ $nodePort.ports.https.nodePort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.notary.enabled }}
|
||||
- name: notary
|
||||
port: {{ $nodePort.ports.notary.port }}
|
||||
targetPort: 4443
|
||||
{{- if $nodePort.ports.notary.nodePort }}
|
||||
nodePort: {{ $nodePort.ports.notary.nodePort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- else if eq .Values.expose.type "loadBalancer" }}
|
||||
{{- $loadBalancer := .Values.expose.loadBalancer }}
|
||||
name: {{ $loadBalancer.name }}
|
||||
|
@ -84,11 +71,6 @@ spec:
|
|||
port: {{ $loadBalancer.ports.httpsPort }}
|
||||
targetPort: 8443
|
||||
{{- end }}
|
||||
{{- if .Values.notary.enabled }}
|
||||
- name: notary
|
||||
port: {{ $loadBalancer.ports.notaryPort }}
|
||||
targetPort: 4443
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
selector:
|
||||
{{ include "harbor.matchLabels" . | indent 4 }}
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
{{- if and .Values.notary.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ template "harbor.notary-server" . }}
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
component: notary
|
||||
type: Opaque
|
||||
data:
|
||||
{{- if not .Values.notary.secretName }}
|
||||
{{- $ca := genCA "harbor-notary-ca" 365 }}
|
||||
{{- $cert := genSignedCert (include "harbor.notary-signer" .) nil (list (include "harbor.notary-signer" .)) 365 $ca }}
|
||||
ca.crt: {{ $ca.Cert | b64enc | quote }}
|
||||
tls.crt: {{ $cert.Cert | b64enc | quote }}
|
||||
tls.key: {{ $cert.Key | b64enc | quote }}
|
||||
{{- end }}
|
||||
server.json: {{ tpl (.Files.Get "conf/notary-server.json") . | b64enc }}
|
||||
signer.json: {{ tpl (.Files.Get "conf/notary-signer.json") . | b64enc }}
|
||||
NOTARY_SERVER_DB_URL: {{ include "harbor.database.notaryServer" . | b64enc }}
|
||||
NOTARY_SIGNER_DB_URL: {{ include "harbor.database.notarySigner" . | b64enc }}
|
||||
{{- end }}
|
|
@ -1,111 +0,0 @@
|
|||
{{ if .Values.notary.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "harbor.notary-server" . }}
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
component: notary-server
|
||||
spec:
|
||||
replicas: {{ .Values.notary.server.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ include "harbor.matchLabels" . | indent 6 }}
|
||||
component: notary-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 8 }}
|
||||
component: notary-server
|
||||
annotations:
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/notary/notary-secret.yaml") . | sha256sum }}
|
||||
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
|
||||
{{- if .Values.notary.server.podAnnotations }}
|
||||
{{ toYaml .Values.notary.server.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 10000
|
||||
fsGroup: 10000
|
||||
{{- if .Values.notary.server.serviceAccountName }}
|
||||
serviceAccountName: {{ .Values.notary.server.serviceAccountName }}
|
||||
{{- end -}}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.notary.server.automountServiceAccountToken | default false }}
|
||||
containers:
|
||||
- name: notary-server
|
||||
image: {{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }}
|
||||
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /_notary_server/health
|
||||
scheme: "HTTP"
|
||||
port: 4443
|
||||
initialDelaySeconds: 300
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /_notary_server/health
|
||||
scheme: "HTTP"
|
||||
port: 4443
|
||||
initialDelaySeconds: 20
|
||||
periodSeconds: 10
|
||||
{{- if .Values.notary.server.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.notary.server.resources | indent 10 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: MIGRATIONS_PATH
|
||||
value: migrations/server/postgresql
|
||||
- name: DB_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "harbor.notary-server" . }}
|
||||
key: NOTARY_SERVER_DB_URL
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /etc/notary/server-config.postgres.json
|
||||
subPath: server.json
|
||||
- name: token-service-certificate
|
||||
mountPath: /root.crt
|
||||
subPath: tls.crt
|
||||
- name: signer-certificate
|
||||
mountPath: /etc/ssl/notary/ca.crt
|
||||
subPath: ca.crt
|
||||
volumes:
|
||||
- name: config
|
||||
secret:
|
||||
secretName: "{{ template "harbor.notary-server" . }}"
|
||||
- name: token-service-certificate
|
||||
secret:
|
||||
{{- if .Values.core.secretName }}
|
||||
secretName: {{ .Values.core.secretName }}
|
||||
{{- else }}
|
||||
secretName: {{ template "harbor.core" . }}
|
||||
{{- end }}
|
||||
- name: signer-certificate
|
||||
secret:
|
||||
{{- if .Values.notary.secretName }}
|
||||
secretName: {{ .Values.notary.secretName }}
|
||||
{{- else }}
|
||||
secretName: {{ template "harbor.notary-server" . }}
|
||||
{{- end }}
|
||||
{{- with .Values.notary.server.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.notary.server.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.notary.server.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.notary.server.priorityClassName }}
|
||||
priorityClassName: {{ .Values.notary.server.priorityClassName }}
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -1,105 +0,0 @@
|
|||
{{ if .Values.notary.enabled }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "harbor.notary-signer" . }}
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
component: notary-signer
|
||||
spec:
|
||||
replicas: {{ .Values.notary.signer.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{ include "harbor.matchLabels" . | indent 6 }}
|
||||
component: notary-signer
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 8 }}
|
||||
component: notary-signer
|
||||
annotations:
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/notary/notary-secret.yaml") . | sha256sum }}
|
||||
{{- if .Values.notary.signer.podAnnotations }}
|
||||
{{ toYaml .Values.notary.signer.podAnnotations | indent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 10000
|
||||
fsGroup: 10000
|
||||
{{- if .Values.notary.signer.serviceAccountName }}
|
||||
serviceAccountName: {{ .Values.notary.signer.serviceAccountName }}
|
||||
{{- end -}}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.notary.signer.automountServiceAccountToken | default false }}
|
||||
containers:
|
||||
- name: notary-signer
|
||||
image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }}
|
||||
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
scheme: "HTTPS"
|
||||
port: 7899
|
||||
initialDelaySeconds: 300
|
||||
periodSeconds: 10
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
scheme: "HTTPS"
|
||||
port: 7899
|
||||
initialDelaySeconds: 20
|
||||
periodSeconds: 10
|
||||
{{- if .Values.notary.signer.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.notary.signer.resources | indent 10 }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: MIGRATIONS_PATH
|
||||
value: migrations/signer/postgresql
|
||||
- name: DB_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ template "harbor.notary-server" . }}
|
||||
key: NOTARY_SIGNER_DB_URL
|
||||
- name: NOTARY_SIGNER_DEFAULTALIAS
|
||||
value: defaultalias
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /etc/notary/signer-config.postgres.json
|
||||
subPath: signer.json
|
||||
- name: signer-certificate
|
||||
mountPath: /etc/ssl/notary/tls.crt
|
||||
subPath: tls.crt
|
||||
- name: signer-certificate
|
||||
mountPath: /etc/ssl/notary/tls.key
|
||||
subPath: tls.key
|
||||
volumes:
|
||||
- name: config
|
||||
secret:
|
||||
secretName: "{{ template "harbor.notary-server" . }}"
|
||||
- name: signer-certificate
|
||||
secret:
|
||||
{{- if .Values.notary.secretName }}
|
||||
secretName: {{ .Values.notary.secretName }}
|
||||
{{- else }}
|
||||
secretName: {{ template "harbor.notary-server" . }}
|
||||
{{- end }}
|
||||
{{- with .Values.notary.signer.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.notary.signer.affinity }}
|
||||
affinity:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.notary.signer.tolerations }}
|
||||
tolerations:
|
||||
{{ toYaml . | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.notary.signer.priorityClassName }}
|
||||
priorityClassName: {{ .Values.notary.signer.priorityClassName }}
|
||||
{{- end }}
|
||||
{{ end }}
|
|
@ -1,35 +0,0 @@
|
|||
{{ if .Values.notary.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "harbor.notary-server" . }}
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
{{- with .Values.notary.serviceAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if or (eq .Values.expose.ingress.controller "gce") (eq .Values.expose.ingress.controller "alb") (eq .Values.expose.ingress.controller "f5-bigip") }}
|
||||
type: NodePort
|
||||
{{- end }}
|
||||
ports:
|
||||
- port: 4443
|
||||
selector:
|
||||
{{ include "harbor.matchLabels" . | indent 4 }}
|
||||
component: notary-server
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "harbor.notary-signer" . }}
|
||||
labels:
|
||||
{{ include "harbor.labels" . | indent 4 }}
|
||||
spec:
|
||||
ports:
|
||||
- port: 7899
|
||||
selector:
|
||||
{{ include "harbor.matchLabels" . | indent 4 }}
|
||||
component: notary-signer
|
||||
{{ end }}
|
|
@ -30,8 +30,12 @@ data:
|
|||
ssl_certificate_key /etc/harbor/ssl/portal/tls.key;
|
||||
|
||||
# Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
{{- if .Values.internalTLS.strong_ssl_ciphers }}
|
||||
ssl_ciphers ECDHE+AESGCM:DHE+AESGCM:ECDHE+RSA+SHA256:DHE+RSA+SHA256:!AES128;
|
||||
{{ else }}
|
||||
ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:';
|
||||
{{- end }}
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
{{- else }}
|
||||
|
|
|
@ -17,6 +17,9 @@ spec:
|
|||
labels:
|
||||
{{ include "harbor.matchLabels" . | indent 8 }}
|
||||
component: portal
|
||||
{{- if .Values.portal.podLabels }}
|
||||
{{ toYaml .Values.portal.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
|
||||
checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }}
|
||||
|
@ -39,6 +42,16 @@ spec:
|
|||
serviceAccountName: {{ .Values.portal.serviceAccountName }}
|
||||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.portal.automountServiceAccountToken | default false }}
|
||||
{{- with .Values.portal.topologySpreadConstraints}}
|
||||
topologySpreadConstraints:
|
||||
{{- range . }}
|
||||
- {{ . | toYaml | indent 8 | trim }}
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
{{ include "harbor.matchLabels" $ | indent 12 }}
|
||||
component: portal
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: portal
|
||||
image: {{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }}
|
||||
|
@ -46,6 +59,10 @@ spec:
|
|||
{{- if .Values.portal.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.portal.resources | indent 10 }}
|
||||
{{- end }}
|
||||
{{- with .Values.portal.extraEnvVars }}
|
||||
env:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
|
|
|
@ -19,6 +19,9 @@ spec:
|
|||
labels:
|
||||
{{ include "harbor.labels" . | indent 8 }}
|
||||
component: redis
|
||||
{{- if .Values.redis.podLabels }}
|
||||
{{ toYaml .Values.redis.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.redis.podAnnotations }}
|
||||
annotations:
|
||||
{{ toYaml .Values.redis.podAnnotations | indent 8 }}
|
||||
|
@ -53,6 +56,10 @@ spec:
|
|||
{{- if .Values.redis.internal.resources }}
|
||||
resources:
|
||||
{{ toYaml .Values.redis.internal.resources | indent 10 }}
|
||||
{{- end }}
|
||||
{{- with .Values.redis.internal.extraEnvVars }}
|
||||
env:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
|
|
|
@ -24,6 +24,9 @@ spec:
|
|||
labels:
|
||||
{{ include "harbor.labels" . | indent 8 }}
|
||||
component: registry
|
||||
{{- if .Values.registry.podLabels }}
|
||||
{{ toYaml .Values.registry.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/configmap: {{ include (print $.Template.BasePath "/registry/registry-cm.yaml") . | sha256sum }}
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/registry/registry-secret.yaml") . | sha256sum }}
|
||||
|
@ -51,6 +54,16 @@ spec:
|
|||
{{- end }}
|
||||
automountServiceAccountToken: {{ .Values.registry.automountServiceAccountToken | default false }}
|
||||
terminationGracePeriodSeconds: 120
|
||||
{{- with .Values.registry.topologySpreadConstraints}}
|
||||
topologySpreadConstraints:
|
||||
{{- range . }}
|
||||
- {{ . | toYaml | indent 8 | trim }}
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
{{ include "harbor.matchLabels" $ | indent 12 }}
|
||||
component: registry
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: registry
|
||||
image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }}
|
||||
|
@ -107,6 +120,9 @@ spec:
|
|||
name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
|
||||
key: AZURE_STORAGE_ACCESS_KEY
|
||||
{{- end }}
|
||||
{{- with .Values.registry.registry.extraEnvVars }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: {{ template "harbor.registry.containerPort" . }}
|
||||
- containerPort: 5001
|
||||
|
@ -172,6 +188,10 @@ spec:
|
|||
name: "{{ template "harbor.registry" . }}"
|
||||
- secretRef:
|
||||
name: "{{ template "harbor.registryCtl" . }}"
|
||||
{{- if .Values.persistence.imageChartStorage.s3.existingSecret }}
|
||||
- secretRef:
|
||||
name: {{ .Values.persistence.imageChartStorage.s3.existingSecret }}
|
||||
{{- end }}
|
||||
env:
|
||||
- name: CORE_SECRET
|
||||
valueFrom:
|
||||
|
@ -215,6 +235,9 @@ spec:
|
|||
name: {{ .Values.persistence.imageChartStorage.azure.existingSecret }}
|
||||
key: AZURE_STORAGE_ACCESS_KEY
|
||||
{{- end }}
|
||||
{{- with .Values.registry.controller.extraEnvVars }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- containerPort: {{ template "harbor.registryctl.containerPort" . }}
|
||||
volumeMounts:
|
||||
|
|
|
@ -19,6 +19,9 @@ spec:
|
|||
labels:
|
||||
{{ include "harbor.labels" . | indent 8 }}
|
||||
component: trivy
|
||||
{{- if .Values.trivy.podLabels }}
|
||||
{{ toYaml .Values.trivy.podLabels | indent 8 }}
|
||||
{{- end }}
|
||||
annotations:
|
||||
checksum/secret: {{ include (print $.Template.BasePath "/trivy/trivy-secret.yaml") . | sha256sum }}
|
||||
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
|
||||
|
@ -41,6 +44,16 @@ spec:
|
|||
runAsUser: 10000
|
||||
fsGroup: 10000
|
||||
automountServiceAccountToken: {{ .Values.trivy.automountServiceAccountToken | default false }}
|
||||
{{- with .Values.trivy.topologySpreadConstraints}}
|
||||
topologySpreadConstraints:
|
||||
{{- range . }}
|
||||
- {{ . | toYaml | indent 8 | trim }}
|
||||
labelSelector:
|
||||
matchLabels:
|
||||
{{ include "harbor.matchLabels" $ | indent 12 }}
|
||||
component: trivy
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: trivy
|
||||
image: {{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag }}
|
||||
|
@ -111,6 +124,9 @@ spec:
|
|||
secretKeyRef:
|
||||
name: {{ template "harbor.trivy" . }}
|
||||
key: redisURL
|
||||
{{- with .Values.trivy.extraEnvVars }}
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: api-server
|
||||
containerPort: {{ template "harbor.trivy.containerPort" . }}
|
||||
|
|
|
@ -26,15 +26,9 @@ expose:
|
|||
# "tls.crt" - the certificate
|
||||
# "tls.key" - the private key
|
||||
secretName: ""
|
||||
# The name of secret which contains keys named:
|
||||
# "tls.crt" - the certificate
|
||||
# "tls.key" - the private key
|
||||
# Only needed when the "expose.type" is "ingress".
|
||||
notarySecretName: ""
|
||||
ingress:
|
||||
hosts:
|
||||
core: core.harbor.domain
|
||||
notary: notary.harbor.domain
|
||||
# set to the type of ingress controller if it has specific requirements.
|
||||
# leave as `default` for most ingress controllers.
|
||||
# set to `gce` if using the GCE ingress controller
|
||||
|
@ -52,11 +46,6 @@ expose:
|
|||
ingress.kubernetes.io/proxy-body-size: "0"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
notary:
|
||||
# notary ingress-specific annotations
|
||||
annotations: {}
|
||||
# notary ingress-specific labels
|
||||
labels: {}
|
||||
harbor:
|
||||
# harbor ingress-specific annotations
|
||||
annotations: {}
|
||||
|
@ -71,10 +60,6 @@ expose:
|
|||
# The service port Harbor listens on when serving HTTP
|
||||
httpPort: 80
|
||||
# The service port Harbor listens on when serving HTTPS
|
||||
httpsPort: 443
|
||||
# The service port Notary listens on. Only needed when notary.enabled
|
||||
# is set to true
|
||||
notaryPort: 4443
|
||||
nodePort:
|
||||
# The name of NodePort service
|
||||
name: harbor
|
||||
|
@ -89,12 +74,6 @@ expose:
|
|||
port: 443
|
||||
# The node port Harbor listens on when serving HTTPS
|
||||
nodePort: 30003
|
||||
# Only needed when notary.enabled is set to true
|
||||
notary:
|
||||
# The service port Notary listens on
|
||||
port: 4443
|
||||
# The node port Notary listens on
|
||||
nodePort: 30004
|
||||
loadBalancer:
|
||||
# The name of LoadBalancer service
|
||||
name: harbor
|
||||
|
@ -105,15 +84,12 @@ expose:
|
|||
httpPort: 80
|
||||
# The service port Harbor listens on when serving HTTPS
|
||||
httpsPort: 443
|
||||
# The service port Notary listens on. Only needed when notary.enabled
|
||||
# is set to true
|
||||
notaryPort: 4443
|
||||
annotations: {}
|
||||
sourceRanges: []
|
||||
|
||||
# The external URL for Harbor core service. It is used to
|
||||
# 1) populate the docker/helm commands showed on portal
|
||||
# 2) populate the token service URL returned to docker/notary client
|
||||
# 2) populate the token service URL returned to docker client
|
||||
#
|
||||
# Format: protocol://domain[:port]. Usually:
|
||||
# 1) if "expose.type" is "ingress", the "domain" should be
|
||||
|
@ -127,10 +103,12 @@ expose:
|
|||
externalURL: https://core.harbor.domain
|
||||
|
||||
# The internal TLS used for harbor components secure communicating. In order to enable https
|
||||
# in each components tls cert files need to provided in advance.
|
||||
# in each component tls cert files need to provided in advance.
|
||||
internalTLS:
|
||||
# If internal TLS enabled
|
||||
enabled: false
|
||||
# enable strong ssl ciphers (default: false)
|
||||
strong_ssl_ciphers: false
|
||||
# There are three ways to provide tls
|
||||
# 1) "auto" will generate cert automatically
|
||||
# 2) "manual" need provide cert file manually in following value
|
||||
|
@ -249,14 +227,14 @@ persistence:
|
|||
annotations: {}
|
||||
# Define which storage backend is used for registry to store
|
||||
# images and charts. Refer to
|
||||
# https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
|
||||
# https://github.com/distribution/distribution/blob/main/docs/configuration.md#storage
|
||||
# for the detail.
|
||||
imageChartStorage:
|
||||
# Specify whether to disable `redirect` for images and chart storage, for
|
||||
# backends which not supported it (such as using minio for `s3` storage type), please disable
|
||||
# it. To disable redirects, simply set `disableredirect` to `true` instead.
|
||||
# Refer to
|
||||
# https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect
|
||||
# https://github.com/distribution/distribution/blob/main/docs/configuration.md#redirect
|
||||
# for the detail.
|
||||
disableredirect: false
|
||||
# Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
|
||||
|
@ -284,7 +262,7 @@ persistence:
|
|||
encodedkey: base64-encoded-json-key-file
|
||||
#rootdirectory: /gcs/object/name/prefix
|
||||
#chunksize: "5242880"
|
||||
# To use existing secret, the key must be gcs-key.json
|
||||
# To use existing secret, the key must be GCS_KEY_DATA
|
||||
existingSecret: ""
|
||||
useWorkloadIdentity: false
|
||||
s3:
|
||||
|
@ -400,7 +378,7 @@ enableMigrateHelmHook: false
|
|||
nginx:
|
||||
image:
|
||||
repository: goharbor/nginx-photon
|
||||
tag: v2.8.4
|
||||
tag: v2.9.0
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
|
@ -411,18 +389,27 @@ nginx:
|
|||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
extraEnvVars: []
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
# Spread Pods across failure-domains like regions, availability zones or nodes
|
||||
topologySpreadConstraints: []
|
||||
# - maxSkew: 1
|
||||
# topologyKey: topology.kubernetes.io/zone
|
||||
# nodeTaintsPolicy: Honor
|
||||
# whenUnsatisfiable: DoNotSchedule
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## Additional deployment labels
|
||||
podLabels: {}
|
||||
## The priority class to run the pod as
|
||||
priorityClassName:
|
||||
|
||||
portal:
|
||||
image:
|
||||
repository: goharbor/harbor-portal
|
||||
tag: v2.8.4
|
||||
tag: v2.9.0
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
|
@ -433,18 +420,27 @@ portal:
|
|||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
extraEnvVars: []
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
# Spread Pods across failure-domains like regions, availability zones or nodes
|
||||
topologySpreadConstraints: []
|
||||
# - maxSkew: 1
|
||||
# topologyKey: topology.kubernetes.io/zone
|
||||
# nodeTaintsPolicy: Honor
|
||||
# whenUnsatisfiable: DoNotSchedule
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## Additional deployment labels
|
||||
podLabels: {}
|
||||
## The priority class to run the pod as
|
||||
priorityClassName:
|
||||
|
||||
core:
|
||||
image:
|
||||
repository: goharbor/harbor-core
|
||||
tag: v2.8.4
|
||||
tag: v2.9.0
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
|
@ -459,18 +455,37 @@ core:
|
|||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
extraEnvVars: []
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
# Spread Pods across failure-domains like regions, availability zones or nodes
|
||||
topologySpreadConstraints: []
|
||||
# - maxSkew: 1
|
||||
# topologyKey: topology.kubernetes.io/zone
|
||||
# nodeTaintsPolicy: Honor
|
||||
# whenUnsatisfiable: DoNotSchedule
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## Additional deployment labels
|
||||
podLabels: {}
|
||||
## Additional service annotations
|
||||
serviceAnnotations: {}
|
||||
## User settings configuration json string
|
||||
configureUserSettings:
|
||||
# The provider for updating project quota(usage), there are 2 options, redis or db.
|
||||
# By default it is implemented by db but you can configure it to redis which
|
||||
# can improve the performance of high concurrent pushing to the same project,
|
||||
# and reduce the database connections spike and occupies.
|
||||
# Using redis will bring up some delay for quota usage updation for display, so only
|
||||
# suggest switch provider to redis if you were ran into the db connections spike around
|
||||
# the scenario of high concurrent pushing to same project, no improvment for other scenes.
|
||||
quotaUpdateProvider: db # Or redis
|
||||
# Secret is used when core server communicates with other components.
|
||||
# If a secret key is not specified, Helm will generate one.
|
||||
# Must be a string of 16 chars.
|
||||
secret: ""
|
||||
# Fill the name of a kubernetes secret if you want to use your own
|
||||
# Fill in the name of a kubernetes secret if you want to use your own
|
||||
# TLS certificate and private key for token encryption/decryption.
|
||||
# The secret must contain keys named:
|
||||
# "tls.key" - the private key
|
||||
|
@ -497,7 +512,7 @@ core:
|
|||
jobservice:
|
||||
image:
|
||||
repository: goharbor/harbor-jobservice
|
||||
tag: v2.8.4
|
||||
tag: v2.9.0
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
# set the service account to be used, default if left empty
|
||||
|
@ -525,11 +540,20 @@ jobservice:
|
|||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
extraEnvVars: []
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
# Spread Pods across failure-domains like regions, availability zones or nodes
|
||||
topologySpreadConstraints:
|
||||
# - maxSkew: 1
|
||||
# topologyKey: topology.kubernetes.io/zone
|
||||
# nodeTaintsPolicy: Honor
|
||||
# whenUnsatisfiable: DoNotSchedule
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## Additional deployment labels
|
||||
podLabels: {}
|
||||
# Secret is used when job service communicates with other components.
|
||||
# If a secret key is not specified, Helm will generate one.
|
||||
# Must be a string of 16 chars.
|
||||
|
@ -545,32 +569,42 @@ registry:
|
|||
registry:
|
||||
image:
|
||||
repository: goharbor/registry-photon
|
||||
tag: v2.8.4
|
||||
tag: v2.9.0
|
||||
# resources:
|
||||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
extraEnvVars: []
|
||||
controller:
|
||||
image:
|
||||
repository: goharbor/harbor-registryctl
|
||||
tag: v2.8.4
|
||||
tag: v2.9.0
|
||||
|
||||
# resources:
|
||||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
extraEnvVars: []
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
# Spread Pods across failure-domains like regions, availability zones or nodes
|
||||
topologySpreadConstraints: []
|
||||
# - maxSkew: 1
|
||||
# topologyKey: topology.kubernetes.io/zone
|
||||
# nodeTaintsPolicy: Honor
|
||||
# whenUnsatisfiable: DoNotSchedule
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## Additional deployment labels
|
||||
podLabels: {}
|
||||
## The priority class to run the pod as
|
||||
priorityClassName:
|
||||
# Secret is used to secure the upload state from client
|
||||
# and registry storage backend.
|
||||
# See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http
|
||||
# See: https://github.com/distribution/distribution/blob/main/docs/configuration.md#http
|
||||
# If a secret key is not specified, Helm will generate one.
|
||||
# Must be a string of 16 chars.
|
||||
secret: ""
|
||||
|
@ -610,7 +644,7 @@ trivy:
|
|||
# repository the repository for Trivy adapter image
|
||||
repository: goharbor/trivy-adapter-photon
|
||||
# tag the tag for Trivy adapter image
|
||||
tag: v2.8.4
|
||||
tag: v2.9.0
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
|
@ -668,66 +702,23 @@ trivy:
|
|||
limits:
|
||||
cpu: 1
|
||||
memory: 1Gi
|
||||
extraEnvVars: []
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
# Spread Pods across failure-domains like regions, availability zones or nodes
|
||||
topologySpreadConstraints: []
|
||||
# - maxSkew: 1
|
||||
# topologyKey: topology.kubernetes.io/zone
|
||||
# nodeTaintsPolicy: Honor
|
||||
# whenUnsatisfiable: DoNotSchedule
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## Additional deployment labels
|
||||
podLabels: {}
|
||||
## The priority class to run the pod as
|
||||
priorityClassName:
|
||||
|
||||
notary:
|
||||
enabled: true
|
||||
server:
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
automountServiceAccountToken: false
|
||||
image:
|
||||
repository: goharbor/notary-server-photon
|
||||
tag: v2.8.4
|
||||
replicas: 1
|
||||
# resources:
|
||||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## The priority class to run the pod as
|
||||
priorityClassName:
|
||||
## Additional service annotations
|
||||
serviceAnnotations: {}
|
||||
signer:
|
||||
# set the service account to be used, default if left empty
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
automountServiceAccountToken: false
|
||||
image:
|
||||
repository: goharbor/notary-signer-photon
|
||||
tag: v2.8.4
|
||||
replicas: 1
|
||||
# resources:
|
||||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## The priority class to run the pod as
|
||||
priorityClassName:
|
||||
# Fill the name of a kubernetes secret if you want to use your own
|
||||
# TLS certificate authority, certificate and private key for notary
|
||||
# communications.
|
||||
# The secret must contain keys named ca.crt, tls.crt and tls.key that
|
||||
# contain the CA, certificate and private key.
|
||||
# They will be generated if not set.
|
||||
secretName: ""
|
||||
|
||||
database:
|
||||
# if external database is used, set "type" to "external"
|
||||
# and fill the connection information in "external" section
|
||||
|
@ -739,7 +730,7 @@ database:
|
|||
automountServiceAccountToken: false
|
||||
image:
|
||||
repository: goharbor/harbor-db
|
||||
tag: v2.8.4
|
||||
tag: v2.9.0
|
||||
# The initial superuser password for internal database
|
||||
password: "changeit"
|
||||
# The size limit for Shared memory, pgSQL use it for shared_buffer
|
||||
|
@ -756,6 +747,7 @@ database:
|
|||
# The timeout used in readinessProbe; 1 to 5 seconds
|
||||
readinessProbe:
|
||||
timeoutSeconds: 1
|
||||
extraEnvVars: []
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
|
@ -778,8 +770,6 @@ database:
|
|||
username: "user"
|
||||
password: "password"
|
||||
coreDatabase: "registry"
|
||||
notaryServerDatabase: "notary_server"
|
||||
notarySignerDatabase: "notary_signer"
|
||||
# if using existing secret, the key must be "password"
|
||||
existingSecret: ""
|
||||
# "disable" - No SSL
|
||||
|
@ -799,6 +789,8 @@ database:
|
|||
maxOpenConns: 900
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## Additional deployment labels
|
||||
podLabels: {}
|
||||
|
||||
redis:
|
||||
# if external Redis is used, set "type" to "external"
|
||||
|
@ -811,11 +803,12 @@ redis:
|
|||
automountServiceAccountToken: false
|
||||
image:
|
||||
repository: goharbor/redis-photon
|
||||
tag: v2.8.4
|
||||
tag: v2.9.0
|
||||
# resources:
|
||||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
extraEnvVars: []
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
|
@ -855,6 +848,8 @@ redis:
|
|||
existingSecret: ""
|
||||
## Additional deployment annotations
|
||||
podAnnotations: {}
|
||||
## Additional deployment labels
|
||||
podLabels: {}
|
||||
|
||||
exporter:
|
||||
replicas: 1
|
||||
|
@ -863,16 +858,25 @@ exporter:
|
|||
# requests:
|
||||
# memory: 256Mi
|
||||
# cpu: 100m
|
||||
extraEnvVars: []
|
||||
podAnnotations: {}
|
||||
## Additional deployment labels
|
||||
podLabels: {}
|
||||
serviceAccountName: ""
|
||||
# mount the service account token
|
||||
automountServiceAccountToken: false
|
||||
image:
|
||||
repository: goharbor/harbor-exporter
|
||||
tag: v2.8.4
|
||||
tag: v2.9.0
|
||||
nodeSelector: {}
|
||||
tolerations: []
|
||||
affinity: {}
|
||||
# Spread Pods across failure-domains like regions, availability zones or nodes
|
||||
topologySpreadConstraints: []
|
||||
# - maxSkew: 1
|
||||
# topologyKey: topology.kubernetes.io/zone
|
||||
# nodeTaintsPolicy: Honor
|
||||
# whenUnsatisfiable: DoNotSchedule
|
||||
cacheDuration: 23
|
||||
cacheCleanInterval: 14400
|
||||
## The priority class to run the pod as
|
||||
|
@ -894,7 +898,7 @@ metrics:
|
|||
port: 8001
|
||||
## Create prometheus serviceMonitor to scrape harbor metrics.
|
||||
## This requires the monitoring.coreos.com/v1 CRD. Please see
|
||||
## https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md
|
||||
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md
|
||||
##
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
|
|
|
@ -3,4 +3,4 @@ dependencies:
|
|||
repository: https://charts.jetstack.io
|
||||
version: v1.12.3
|
||||
digest: sha256:3110ca458f8a903dc025408701614af03df859bf827824478ed68c785b0e6209
|
||||
generated: "2023-08-29T05:47:05.106503476Z"
|
||||
generated: "2023-08-30T06:44:07.371307817Z"
|
||||
|
|
|
@ -14,7 +14,7 @@ annotations:
|
|||
catalog.cattle.io/kube-version: '>=1.19.0'
|
||||
catalog.cattle.io/release-name: koor-operator
|
||||
apiVersion: v2
|
||||
appVersion: v0.3.5
|
||||
appVersion: v0.3.6
|
||||
dependencies:
|
||||
- alias: certmanager
|
||||
condition: certmanager.enabled
|
||||
|
@ -33,4 +33,4 @@ name: koor-operator
|
|||
sources:
|
||||
- https://github.com/koor-tech/koor-operator/
|
||||
type: application
|
||||
version: 0.3.5
|
||||
version: 0.3.6
|
||||
|
|
|
@ -52,7 +52,7 @@ The following table lists the configurable parameters of the rook-operator chart
|
|||
| `controllerManager.manager.args` | Operator args | `["--health-probe-bind-address=:8081","--metrics-bind-address=127.0.0.1:8080","--leader-elect"]` |
|
||||
| `controllerManager.manager.containerSecurityContext` | Operator container security context | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` |
|
||||
| `controllerManager.manager.image.repository` | Operator image repository | `"docker.io/koorinc/koor-operator"` |
|
||||
| `controllerManager.manager.image.tag` | Operator image tag | `"v0.3.5"` |
|
||||
| `controllerManager.manager.image.tag` | Operator image tag | `"v0.3.6"` |
|
||||
| `controllerManager.manager.resources` | Operator container resources | `{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"10m","memory":"128Mi"}}` |
|
||||
| `controllerManager.replicas` | | `1` |
|
||||
| `koorCluster.spec.dashboardEnabled` | Enable the Ceph MGR dashboard. | `true` |
|
||||
|
|
|
@ -8,6 +8,7 @@ metadata:
|
|||
{{- include "koor-operator.labels" . | nindent 4 }}
|
||||
spec:
|
||||
backoffLimit: 20
|
||||
ttlSecondsAfterFinished: 0
|
||||
template:
|
||||
metadata:
|
||||
name: {{ include "koor-operator.jobName" . }}
|
||||
|
|
|
@ -49,7 +49,7 @@ controllerManager:
|
|||
# -- Operator image repository
|
||||
repository: docker.io/koorinc/koor-operator
|
||||
# -- Operator image tag
|
||||
tag: v0.3.5
|
||||
tag: v0.3.6
|
||||
# -- Operator container resources
|
||||
resources:
|
||||
limits:
|
||||
|
|
|
@ -4,7 +4,7 @@ annotations:
|
|||
catalog.cattle.io/namespace: kuma-system
|
||||
catalog.cattle.io/release-name: kuma
|
||||
apiVersion: v2
|
||||
appVersion: 2.3.2
|
||||
appVersion: 2.4.0
|
||||
description: A Helm chart for the Kuma Control Plane
|
||||
home: https://github.com/kumahq/kuma
|
||||
icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg
|
||||
|
@ -20,4 +20,4 @@ maintainers:
|
|||
name: nickolaev
|
||||
name: kuma
|
||||
type: application
|
||||
version: 2.3.2
|
||||
version: 2.4.0
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
A Helm chart for the Kuma Control Plane
|
||||
|
||||
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.3.2](https://img.shields.io/badge/Version-2.3.2-informational?style=flat-square) ![AppVersion: 2.3.2](https://img.shields.io/badge/AppVersion-2.3.2-informational?style=flat-square)
|
||||
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square)
|
||||
|
||||
**Homepage:** <https://github.com/kumahq/kuma>
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: circuitbreakers.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: containerpatches.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: dataplaneinsights.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: dataplanes.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: externalservices.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: faultinjections.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: healthchecks.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshaccesslogs.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshaccesslog
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -97,6 +104,11 @@ spec:
|
|||
type: string
|
||||
type: object
|
||||
type: array
|
||||
body:
|
||||
description: Body is a raw string or an OTLP any
|
||||
value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body
|
||||
It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
endpoint:
|
||||
description: Endpoint of OpenTelemetry collector.
|
||||
An empty port defaults to 4317.
|
||||
|
@ -160,6 +172,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -194,6 +207,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -275,6 +289,11 @@ spec:
|
|||
type: string
|
||||
type: object
|
||||
type: array
|
||||
body:
|
||||
description: Body is a raw string or an OTLP any
|
||||
value as described at https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/logs/data-model.md#field-body
|
||||
It can contain placeholders available on https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#command-operators
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
endpoint:
|
||||
description: Endpoint of OpenTelemetry collector.
|
||||
An empty port defaults to 4317.
|
||||
|
@ -338,6 +357,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -368,3 +388,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshcircuitbreakers.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshcircuitbreaker
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -301,6 +308,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -335,6 +343,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -619,6 +628,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -649,3 +659,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshes.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshfaultinjections.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshfaultinjection
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -127,6 +134,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -161,6 +169,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -186,3 +195,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshgatewayinstances.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshgatewayroutes.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshgateways.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshhealthchecks.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshhealthcheck
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -45,6 +52,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -270,6 +278,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -300,3 +309,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshhttproutes.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshhttproute
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -45,6 +52,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -88,6 +96,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -181,6 +190,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -473,6 +483,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -499,3 +510,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshinsights.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshloadbalancingstrategies.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshloadbalancingstrategy
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -46,6 +53,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -382,6 +390,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -412,3 +421,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshproxypatches.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshproxypatch
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -475,6 +482,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -501,3 +509,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshratelimits.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshratelimit
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -165,6 +172,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -199,6 +207,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -224,3 +233,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshretries.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshretry
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -45,6 +52,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -364,6 +372,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -394,3 +403,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshtcproutes.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshtcproute
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -45,6 +52,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -88,6 +96,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -132,6 +141,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -163,3 +173,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshtimeouts.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshtimeout
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -96,6 +103,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -130,6 +138,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -210,6 +219,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -240,3 +250,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshtraces.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshtrace
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -193,6 +200,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -218,3 +226,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: meshtrafficpermissions.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
@ -16,7 +16,14 @@ spec:
|
|||
singular: meshtrafficpermission
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.targetRef.kind
|
||||
name: TargetRef Kind
|
||||
type: string
|
||||
- jsonPath: .spec.targetRef.name
|
||||
name: TargetRef Name
|
||||
type: string
|
||||
name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
|
@ -63,6 +70,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -97,6 +105,7 @@ spec:
|
|||
enum:
|
||||
- Mesh
|
||||
- MeshSubset
|
||||
- MeshGateway
|
||||
- MeshService
|
||||
- MeshServiceSubset
|
||||
- MeshHTTPRoute
|
||||
|
@ -122,3 +131,4 @@ spec:
|
|||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources: {}
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: proxytemplates.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: ratelimits.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: retries.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: serviceinsights.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: timeouts.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: trafficlogs.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
|
@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
|
|||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.12.0
|
||||
controller-gen.kubebuilder.io/version: v0.13.0
|
||||
name: trafficpermissions.kuma.io
|
||||
spec:
|
||||
group: kuma.io
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue