Skip to content

Commit

Permalink
alauda changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@airycanon
airycanon committed Dec 12, 2024
1 parent fd26bc3 commit 36f4465
Show file tree
Hide file tree
Showing 50 changed files with 2,070 additions and 158 deletions.
39 changes: 38 additions & 1 deletion templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,14 @@ app: "{{ template "harbor.name" . }}"
{{- .Values.database.internal.password -}}
{{- end -}}
{{- else -}}
{{- .Values.database.external.password -}}
{{- $password := .Values.database.external.password -}}
{{- if .Values.database.external.existingSecret -}}
{{- $passwordSecret := (lookup "v1" "Secret" .Release.Namespace .Values.database.external.existingSecret) }}
{{- if and $passwordSecret ( index $passwordSecret.data "POSTGRES_PASSWORD" | default "") -}}
{{- $password = index $passwordSecret.data "POSTGRES_PASSWORD" | b64dec -}}
{{- end -}}
{{- end -}}
{{- $password -}}
{{- end -}}
{{- end -}}

Expand Down Expand Up @@ -248,6 +255,19 @@ app: "{{ template "harbor.name" . }}"
{{- end }}
{{- end -}}

{{- define "harbor.registry.password" -}}
{{- if not .Values.registry.credentials.existingSecret }}
{{ .Values.registry.credentials.password | b64enc }}
{{- else -}}
{{- $password := "" -}}
{{- $passwordSecret := (lookup "v1" "Secret" .Release.Namespace .Values.registry.credentials.existingSecret) }}
{{- if and $passwordSecret ( index $passwordSecret.data .Values.registry.credentials.existingSecretKey | default "") -}}
{{- $password = index $passwordSecret.data .Values.registry.credentials.existingSecretKey -}}
{{- end -}}
{{- $password -}}
{{- end -}}
{{- end -}}

{{- define "harbor.portal" -}}
{{- printf "%s-portal" (include "harbor.fullname" .) -}}
{{- end -}}
Expand Down Expand Up @@ -288,6 +308,10 @@ app: "{{ template "harbor.name" . }}"
{{- printf "%s-exporter" (include "harbor.fullname" .) -}}
{{- end -}}

{{- define "harbor.oidc" -}}
{{- printf "%s-oidc" (include "harbor.fullname" .) -}}
{{- end -}}

{{- define "harbor.ingress" -}}
{{- printf "%s-ingress" (include "harbor.fullname" .) -}}
{{- end -}}
Expand Down Expand Up @@ -579,3 +603,16 @@ app: "{{ template "harbor.name" . }}"
{{- define "harbor.ingress.kubeVersion" -}}
{{- default .Capabilities.KubeVersion.Version .Values.expose.ingress.kubeVersionOverride -}}
{{- end -}}

{{- define "harbor.admin.password"}}
{{- if not .Values.existingSecretAdminPassword }}
{{ .Values.harborAdminPassword | b64enc }}
{{- else -}}
{{- $passwordSecret := (lookup "v1" "Secret" $.Release.Namespace .Values.existingSecretAdminPassword) }}
{{- $password := "" -}}
{{- if $passwordSecret -}}
{{- $password = index $passwordSecret.data .Values.existingSecretAdminPasswordKey | default "" }}
{{- end }}
{{ $password }}
{{- end -}}
{{- end -}}
23 changes: 1 addition & 22 deletions templates/core/core-dpl.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ spec:
{{- end }}
containers:
- name: core
image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
image: "{{ .Values.global.registry.address }}/{{ .Values.global.images.core.repository }}:{{ .Values.global.images.core.tag }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- if .Values.core.startupProbe.enabled }}
startupProbe:
Expand Down Expand Up @@ -110,13 +110,6 @@ spec:
{{- else }}
key: JOBSERVICE_SECRET
{{- end }}
{{- if .Values.existingSecretAdminPassword }}
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.existingSecretAdminPassword }}
key: {{ .Values.existingSecretAdminPasswordKey }}
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: INTERNAL_TLS_ENABLED
value: "true"
Expand All @@ -127,20 +120,6 @@ spec:
- name: INTERNAL_TLS_TRUST_CA_PATH
value: /etc/harbor/ssl/core/ca.crt
{{- end }}
{{- if .Values.database.external.existingSecret }}
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.external.existingSecret }}
key: password
{{- end }}
{{- if .Values.registry.credentials.existingSecret }}
- name: REGISTRY_CREDENTIAL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.registry.credentials.existingSecret }}
key: REGISTRY_PASSWD
{{- end }}
{{- if .Values.core.existingXsrfSecret }}
- name: CSRF_KEY
valueFrom:
Expand Down
13 changes: 3 additions & 10 deletions templates/core/core-pre-upgrade-job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: migration-job
name: {{ template "harbor.core" . }}-migration-job
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
Expand All @@ -13,6 +13,7 @@ metadata:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-5"
spec:
ttlSecondsAfterFinished: 300
template:
metadata:
labels:
Expand All @@ -33,22 +34,14 @@ spec:
terminationGracePeriodSeconds: 120
containers:
- name: core-job
image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.core.repository }}:{{ .Values.global.images.core.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
command: ["/harbor/harbor_core", "-mode=migrate"]
envFrom:
- configMapRef:
name: "{{ template "harbor.core" . }}"
- secretRef:
name: "{{ template "harbor.core" . }}"
{{- if .Values.database.external.existingSecret }}
env:
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.external.existingSecret }}
key: password
{{- end }}
{{- if not (empty .Values.containerSecurityContext) }}
securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }}
{{- end }}
Expand Down
12 changes: 3 additions & 9 deletions templates/core/core-secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,13 @@ data:
secret: {{ .Values.core.secret | default (include "harbor.secretKeyHelper" (dict "key" "secret" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }}
{{- end }}
{{- if not .Values.core.secretName }}
{{- $ca := genCA "harbor-token-ca" 365 }}
{{- $ca := genCA "harbor-token-ca" 3650 }}
tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }}
tls.crt: {{ .Values.core.tokenCert | default $ca.Cert | b64enc | quote }}
{{- end }}
{{- if not .Values.existingSecretAdminPassword }}
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
{{- end }}
{{- if not .Values.database.external.existingSecret }}
HARBOR_ADMIN_PASSWORD: {{ template "harbor.admin.password" . }}
POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
{{- end }}
{{- if not .Values.registry.credentials.existingSecret }}
REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
{{- end }}
REGISTRY_CREDENTIAL_PASSWORD: {{ template "harbor.registry.password" . }}
{{- if not .Values.core.existingXsrfSecret }}
CSRF_KEY: {{ .Values.core.xsrfKey | default (include "harbor.secretKeyHelper" (dict "key" "CSRF_KEY" "data" $existingSecret.data)) | default (randAlphaNum 32) | b64enc | quote }}
{{- end }}
Expand Down
4 changes: 2 additions & 2 deletions templates/database/database-ss.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ spec:
# use this init container to correct the permission
# as "fsGroup" applied before the init container running, the container has enough permission to execute the command
- name: "data-permissions-ensurer"
image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
image: "{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- if not (empty .Values.containerSecurityContext) }}
securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }}
Expand All @@ -69,7 +69,7 @@ spec:
{{- end }}
containers:
- name: database
image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
image: "{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- if not (empty .Values.containerSecurityContext) }}
securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }}
Expand Down
17 changes: 1 addition & 16 deletions templates/exporter/exporter-dpl.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ spec:
{{- end }}
containers:
- name: exporter
image: {{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}
image: "{{ .Values.global.registry.address }}/{{ .Values.global.images.exporter.repository }}:{{ .Values.global.images.exporter.tag }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
Expand All @@ -79,21 +79,6 @@ spec:
name: "{{ template "harbor.exporter" . }}-env"
- secretRef:
name: "{{ template "harbor.exporter" . }}"
env:
{{- if .Values.database.external.existingSecret }}
- name: HARBOR_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.database.external.existingSecret }}
key: password
{{- end }}
{{- if .Values.existingSecretAdminPassword }}
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.existingSecretAdminPassword }}
key: {{ .Values.existingSecretAdminPasswordKey }}
{{- end }}
{{- if .Values.exporter.resources }}
resources:
{{ toYaml .Values.exporter.resources | indent 10 }}
Expand Down
6 changes: 1 addition & 5 deletions templates/exporter/exporter-secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,6 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
{{- if not .Values.existingSecretAdminPassword }}
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
{{- end }}
{{- if not .Values.database.external.existingSecret }}
HARBOR_ADMIN_PASSWORD: {{ template "harbor.admin.password" . }}
HARBOR_DATABASE_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
{{- end }}
{{- end }}
3 changes: 3 additions & 0 deletions templates/ingress/ingress.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,9 @@ metadata:
{{ toYaml $ingress.labels | indent 4 }}
{{- end }}
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
{{ toYaml $ingress.annotations | indent 4 }}
{{- if .Values.internalTLS.enabled }}
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
Expand Down
4 changes: 2 additions & 2 deletions templates/ingress/secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{{- if eq (include "harbor.autoGenCertForIngress" .) "true" }}
{{- $ca := genCA "harbor-ca" 365 }}
{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core) 365 $ca }}
{{- $ca := genCA "harbor-ca" 3650 }}
{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core) 3650 $ca }}
apiVersion: v1
kind: Secret
metadata:
Expand Down
10 changes: 5 additions & 5 deletions templates/internal/auto-tls.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
{{- $ca := genCA "harbor-internal-ca" 365 }}
{{- $ca := genCA "harbor-internal-ca" 3650 }}
{{- $coreCN := (include "harbor.core" .) }}
{{- $coreCrt := genSignedCert $coreCN (list "127.0.0.1") (list "localhost" $coreCN) 365 $ca }}
{{- $coreCrt := genSignedCert $coreCN (list "127.0.0.1") (list "localhost" $coreCN) 3650 $ca }}
{{- $jsCN := (include "harbor.jobservice" .) }}
{{- $jsCrt := genSignedCert $jsCN nil (list $jsCN) 365 $ca }}
{{- $jsCrt := genSignedCert $jsCN nil (list $jsCN) 3650 $ca }}
{{- $regCN := (include "harbor.registry" .) }}
{{- $regCrt := genSignedCert $regCN nil (list $regCN) 365 $ca }}
{{- $regCrt := genSignedCert $regCN nil (list $regCN) 3650 $ca }}
{{- $portalCN := (include "harbor.portal" .) }}
{{- $portalCrt := genSignedCert $portalCN nil (list $portalCN) 365 $ca }}
{{- $portalCrt := genSignedCert $portalCN nil (list $portalCN) 3650 $ca }}

---
apiVersion: v1
Expand Down
21 changes: 10 additions & 11 deletions templates/jobservice/jobservice-dpl.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ spec:
{{- end }}
containers:
- name: jobservice
image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }}
image: "{{ .Values.global.registry.address }}/{{ .Values.global.images.jobservice.repository }}:{{ .Values.global.images.jobservice.tag }}"
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
Expand Down Expand Up @@ -113,13 +113,6 @@ spec:
- name: INTERNAL_TLS_TRUST_CA_PATH
value: /etc/harbor/ssl/jobservice/ca.crt
{{- end }}
{{- if .Values.registry.credentials.existingSecret }}
- name: REGISTRY_CREDENTIAL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.registry.credentials.existingSecret }}
key: REGISTRY_PASSWD
{{- end }}
{{- with .Values.jobservice.extraEnvVars }}
{{- toYaml . | nindent 10 }}
{{- end }}
Expand Down Expand Up @@ -152,12 +145,18 @@ spec:
configMap:
name: "{{ template "harbor.jobservice" . }}"
- name: job-logs
{{- if and .Values.persistence.enabled (has "file" .Values.jobservice.jobLoggers) }}
{{- if and .Values.persistence.enabled (has "file" .Values.jobservice.jobLoggers) }}
{{- if .Values.persistence.hostPath.jobservice.path }}
hostPath:
path: {{ .Values.persistence.hostPath.jobservice.path }}
type: DirectoryOrCreate
{{- else }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.persistentVolumeClaim.jobservice.jobLog.existingClaim | default (include "harbor.jobservice" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: jobservice-internal-certs
secret:
Expand Down
2 changes: 1 addition & 1 deletion templates/jobservice/jobservice-pvc.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{- $jobLog := .Values.persistence.persistentVolumeClaim.jobservice.jobLog -}}
{{- if and .Values.persistence.enabled (not $jobLog.existingClaim) (has "file" .Values.jobservice.jobLoggers) }}
{{- if and .Values.persistence.enabled $jobLog.storageClass (has "file" .Values.jobservice.jobLoggers) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
Expand Down
4 changes: 1 addition & 3 deletions templates/jobservice/jobservice-secrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,5 @@ data:
{{- if not .Values.jobservice.existingSecret }}
JOBSERVICE_SECRET: {{ .Values.jobservice.secret | default (include "harbor.secretKeyHelper" (dict "key" "JOBSERVICE_SECRET" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }}
{{- end }}
{{- if not .Values.registry.credentials.existingSecret }}
REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
{{- end }}
REGISTRY_CREDENTIAL_PASSWORD: {{ template "harbor.registry.password" . }}
{{- template "harbor.traceJaegerPassword" . }}
2 changes: 1 addition & 1 deletion templates/nginx/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ spec:
{{- end }}
containers:
- name: nginx
image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}"
image: "{{ .Values.global.registry.address }}/{{ .Values.global.images.nginx.repository }}:{{ .Values.global.images.nginx.tag }}"
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
{{- $_ := set . "scheme" "HTTP" -}}
{{- $_ := set . "port" "8080" -}}
Expand Down
6 changes: 3 additions & 3 deletions templates/nginx/secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{- if eq (include "harbor.autoGenCertForNginx" .) "true" }}
{{- $ca := genCA "harbor-ca" 365 }}
{{- $ca := genCA "harbor-ca" 3650 }}
{{- $cn := (required "The \"expose.tls.auto.commonName\" is required!" .Values.expose.tls.auto.commonName) }}
apiVersion: v1
kind: Secret
Expand All @@ -11,12 +11,12 @@ metadata:
type: Opaque
data:
{{- if regexMatch `^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$` $cn }}
{{- $cert := genSignedCert $cn (list $cn) nil 365 $ca }}
{{- $cert := genSignedCert $cn (list $cn) nil 3650 $ca }}
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
{{- else }}
{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca }}
{{- $cert := genSignedCert $cn nil (list $cn) 3650 $ca }}
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
Expand Down
4 changes: 2 additions & 2 deletions templates/nginx/service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: Service
metadata:
{{- if eq .Values.expose.type "clusterIP" }}
{{- $clusterIP := .Values.expose.clusterIP }}
name: {{ $clusterIP.name }}
name: {{ template "harbor.fullname" .}}-{{ $clusterIP.name }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
Expand All @@ -31,7 +31,7 @@ spec:
{{- end }}
{{- else if eq .Values.expose.type "nodePort" }}
{{- $nodePort := .Values.expose.nodePort }}
name: {{ $nodePort.name }}
name: {{ template "harbor.fullname" .}}-{{ $nodePort.name }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.expose.nodePort.labels }}
Expand Down
8 changes: 8 additions & 0 deletions templates/portal/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,14 @@ data:
location /devcenter-api-2.0 {
try_files $uri $uri/ /swagger-ui-index.html;
}
{{- if not .Values.portal.swagger.enabled }}
location = /swagger.json {
return 404;
}
location = /swagger.yaml {
return 404;
}
{{- end }}
location / {
try_files $uri $uri/ /index.html;
}
Expand Down
Loading

0 comments on commit 36f4465

Please sign in to comment.