acmcarther/yesod-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
yesod-mirror/k8s/configs/templates/dev/ops/harbor.libsonnet
Copybara 8157b39ea4
Some checks failed
CI / build (push) Failing after 12s
Details
Project import generated by Copybara. 
GitOrigin-RevId: 6370f6ea785709295b6abcf9c60717cacf3ac432
2026-01-20 21:26:21 +00:00

148 lines
No EOL
4.8 KiB
Jsonnet
Raw Blame History

local images = import "k8s/configs/images.libsonnet";
local base = import "k8s/configs/base.libsonnet";
local SecretParams = base.SimpleFieldStruct([
"namespace",
"name",
"adminPassword",
"secretKey",
"registryPassword",
"registryHtpassword",
"databasePassword",
]);
local Secret(params) = base.Secret(params.namespace, params.name) {
data: {
adminPassword: params.adminPassword,
secretKey: params.secretKey,
// TODO:
passwd: params.registryPassword,
REGISTRY_PASSWD: params.registryPassword,
REGISTRY_HTPASSWD: params.registryHtpassword,
// Database password
password: params.databasePassword,
},
};
local Params = base.SimpleFieldStruct([
"namespace",
"context",
// Ingress
"ingressHost",
"ingressClassName",
"ingressAnnotations",
// Volume claims
"registryExistingClaim",
"jobServiceJobLogExistingClaim",
"redisExistingClaim",
"trivyExistingClaim",
// Credentials
"existingSecretAdminPassword",
"existingSecretSecretKey", // key is "secretKey"?
//"coreSecretName", // keys are "tls.crt" and "tls.key"
"registryCredentialsExistingSecret", // key must be "REGISTRY_PASSWD"
// Database
"databaseHost",
"databasePort",
"databaseExistingSecret", // key must be "password"
// I hope these are optional if "secretKey" is provided.
"coreSecret", // "must be a string of 16 characters"
"jobserviceSecret", // string of 16 characters?
"registrySecret", // Also string of 16 characters?
]) {
storageClass: null,
// Not actually used (external db)
databaseExistingClaim: null,
databaseName: "harbor",
existingSecretAdminPasswordKey: "adminPassword",
};
local App(params) = {
app: params.context.helm.template("harbor", "./charts/harbor", {
namespace: params.namespace,
values: {
externalURL: "https://" + params.ingressHost,
existingSecretAdminPassword: params.existingSecretAdminPassword,
existingSecretAdminPasswordKey: params.existingSecretAdminPasswordKey,
existingSecretSecretKey: params.existingSecretSecretKey,
core: {
secret: params.coreSecret,
//secretName: params.coreSecretName,
},
jobService: {
secret: params.jobserviceSecret,
},
registry: {
secret: params.registrySecret,
credentials: {
existingSecret: params.registryCredentialsExistingSecret,
},
},
expose: {
type: "ingress",
tls: {
certSource: "secret",
secret: {
secretName: "harbor-ingress-cert"
},
},
ingress: {
hosts: {
core: params.ingressHost,
},
className: params.ingressClassName,
annotations: params.ingressAnnotations
},
},
database: {
type: "external",
external: {
host: params.databaseHost,
username: "harbor",
coreDatabase: params.databaseName,
port: params.databasePort,
existingSecret: params.databaseExistingSecret,
},
},
persistence: {
enabled: true,
resourcePolicy: "keep",
imageChartStorage: {
type: "filesystem",
},
persistentVolumeClaim: {
registry: {
existingClaim: params.registryExistingClaim,
storageClass: params.storageClass,
},
jobservice: {
jobLog: {
existingClaim: params.jobServiceJobLogExistingClaim,
storageClass: params.storageClass,
},
},
database: {
existingClaim: params.databaseExistingClaim,
storageClass: params.storageClass,
},
redis: {
existingClaim: params.redisExistingClaim,
storageClass: params.storageClass,
},
trivy: {
existingClaim: params.trivyExistingClaim,
storageClass: params.storageClass,
},
},
},
},
})
};
{
SecretParams: SecretParams,
Secret: Secret,
Params: Params,
App: App,
}
Reference in a new issue View git blame Copy permalink