local images = import "k8s/configs/images.libsonnet"; local base = import "k8s/configs/base.libsonnet"; local SecretParams = base.SimpleFieldStruct([ "namespace", "name", "adminPassword", "secretKey", "registryPassword", "registryHtpassword", "databasePassword", ]); local Secret(params) = base.Secret(params.namespace, params.name) { data: { adminPassword: params.adminPassword, secretKey: params.secretKey, // TODO: passwd: params.registryPassword, REGISTRY_PASSWD: params.registryPassword, REGISTRY_HTPASSWD: params.registryHtpassword, // Database password password: params.databasePassword, }, }; local Params = base.SimpleFieldStruct([ "namespace", "context", // Ingress "ingressHost", "ingressClassName", "ingressAnnotations", // Volume claims "registryExistingClaim", "jobServiceJobLogExistingClaim", "redisExistingClaim", "trivyExistingClaim", // Credentials "existingSecretAdminPassword", "existingSecretSecretKey", // key is "secretKey"? //"coreSecretName", // keys are "tls.crt" and "tls.key" "registryCredentialsExistingSecret", // key must be "REGISTRY_PASSWD" // Database "databaseHost", "databasePort", "databaseExistingSecret", // key must be "password" // I hope these are optional if "secretKey" is provided. "coreSecret", // "must be a string of 16 characters" "jobserviceSecret", // string of 16 characters? "registrySecret", // Also string of 16 characters? ]) { storageClass: null, // Not actually used (external db) databaseExistingClaim: null, databaseName: "harbor", existingSecretAdminPasswordKey: "adminPassword", }; local App(params) = { app: params.context.helm.template("harbor", "./charts/harbor", { namespace: params.namespace, values: { externalURL: "https://" + params.ingressHost, existingSecretAdminPassword: params.existingSecretAdminPassword, existingSecretAdminPasswordKey: params.existingSecretAdminPasswordKey, existingSecretSecretKey: params.existingSecretSecretKey, core: { secret: params.coreSecret, //secretName: params.coreSecretName, }, jobService: { secret: params.jobserviceSecret, }, registry: { secret: params.registrySecret, credentials: { existingSecret: params.registryCredentialsExistingSecret, }, }, expose: { type: "ingress", tls: { certSource: "secret", secret: { secretName: "harbor-ingress-cert" }, }, ingress: { hosts: { core: params.ingressHost, }, className: params.ingressClassName, annotations: params.ingressAnnotations }, }, database: { type: "external", external: { host: params.databaseHost, username: "harbor", coreDatabase: params.databaseName, port: params.databasePort, existingSecret: params.databaseExistingSecret, }, }, persistence: { enabled: true, resourcePolicy: "keep", imageChartStorage: { type: "filesystem", }, persistentVolumeClaim: { registry: { existingClaim: params.registryExistingClaim, storageClass: params.storageClass, }, jobservice: { jobLog: { existingClaim: params.jobServiceJobLogExistingClaim, storageClass: params.storageClass, }, }, database: { existingClaim: params.databaseExistingClaim, storageClass: params.storageClass, }, redis: { existingClaim: params.redisExistingClaim, storageClass: params.storageClass, }, trivy: { existingClaim: params.trivyExistingClaim, storageClass: params.storageClass, }, }, }, }, }) }; { SecretParams: SecretParams, Secret: Secret, Params: Params, App: App, }