feat: ✨ arbitrary values can be passed to helm harbor

roles/harbor/tasks/main.yaml

@@ -37,103 +37,19 @@
 
 - name: Set harbor helm values
   ansible.builtin.set_fact:
-    harbor_values: |
-      expose:
-        type: ingress
-        tls:
-          enabled: true
-      {% if ingress.tls.type == 'tlsSecret' %}
-          certSource: secret
-          secret:
-            secretName: {{ ingress.tls.tlsSecret.name }}
-            notarySecretName: {{ ingress.tls.tlsSecret.name }}
-      {% else %}
-          certSource: null
-          secret: {}
-      {% endif %}
-        ingress:
-          hosts:
-            core: {{ HARBOR_DOMAIN }}
-            notary: notary{{ ROOT_DOMAIN }}
-          notary:
-            annotations:
-      {% for key, val in ingress.annotations.items() %}
-              {{ key }}: {{ val }}
-      {% endfor %}
-            labels:
-      {% for key, val in ingress.labels.items() %}
-              {{ key }}: {{ val }}
-      {% endfor %}
-          harbor:
-            annotations:
-      {% for key, val in ingress.annotations.items() %}
-              {{ key }}: {{ val }}
-      {% endfor %}
-            labels:
-      {% for key, val in ingress.labels.items() %}
-              {{ key }}: {{ val }}
-      {% endfor %}
-      externalURL: https://{{ HARBOR_DOMAIN }}
-      persistence:
-        enabled: true
-        resourcePolicy: keep
-      harborAdminPassword: "{{ HARBOR_ADMIN_PASSWORD }}"
-      nginx:
-        serviceAccountName: harbor-sa
-        image:
-          repository: docker.io/goharbor/nginx-photon
-      portal:
-        serviceAccountName: harbor-sa
-        image:
-          repository: docker.io/goharbor/harbor-portal
-      core:
-        serviceAccountName: harbor-sa
-        image:
-          repository: docker.io/goharbor/harbor-core
-      jobservice:
-        serviceAccountName: harbor-sa
-        image:
-          repository: docker.io/goharbor/harbor-jobservice
-      registry:
-        serviceAccountName: harbor-sa
-        registry:
-          image:
-            repository: docker.io/goharbor/registry-photon
-        controller:
-          image:
-            repository: docker.io/goharbor/harbor-registryctl
-      chartmuseum:
-        serviceAccountName: harbor-sa
-      trivy:
-        serviceAccountName: harbor-sa
-        image:
-          repository: docker.io/goharbor/trivy-adapter-photon
-      notary:
-        server:
-          serviceAccountName: harbor-sa
-        signer:
-          serviceAccountName: harbor-sa
-      database:
-        internal:
-          serviceAccountName: harbor-sa
-          image:
-            repository: docker.io/goharbor/harbor-db
-      redis:
-        internal:
-          serviceAccountName: harbor-sa
-          image:
-            repository: docker.io/goharbor/redis-photon
-      exporter:
-        image:
-          repository: docker.io/goharbor/harbor-exporter
+    harbor_values: "{{ lookup('template', 'values.yaml.j2') | from_yaml }}"
+
+- name: Merge with harbor user values
+  set_fact:
+    harbor_values: "{{ harbor_values | combine(HARBOR_VALUES, recursive=True) }}"
 
 - name: Deploy helm
   kubernetes.core.helm:
     name: harbor
     chart_ref: harbor/harbor
     chart_version: "1.12.0"
     release_namespace: "{{ HARBOR_NAMESPACE }}"
-    values: "{{ helm_values | from_yaml }}"
+    values: "{{ harbor_values }}"
 
 - name: Update inventory
   kubernetes.core.k8s:

roles/harbor/templates/values.yaml.j2

@@ -0,0 +1,88 @@
+expose:
+  type: ingress
+  tls:
+    enabled: true
+{% if ingress.tls.type == 'tlsSecret' %}
+    certSource: secret
+    secret:
+      secretName: {{ ingress.tls.tlsSecret.name }}
+      notarySecretName: {{ ingress.tls.tlsSecret.name }}
+{% else %}
+    certSource: null
+    secret: {}
+{% endif %}
+  ingress:
+    hosts:
+      core: {{ HARBOR_DOMAIN }}
+      notary: notary{{ ROOT_DOMAIN }}
+    notary:
+      annotations:
+{% for key, val in ingress.annotations.items() %}
+        {{ key }}: {{ val }}
+{% endfor %}
+      labels:
+{% for key, val in ingress.labels.items() %}
+        {{ key }}: {{ val }}
+{% endfor %}
+    harbor:
+      annotations:
+{% for key, val in ingress.annotations.items() %}
+        {{ key }}: {{ val }}
+{% endfor %}
+      labels:
+{% for key, val in ingress.labels.items() %}
+        {{ key }}: {{ val }}
+{% endfor %}
+externalURL: https://{{ HARBOR_DOMAIN }}
+persistence:
+  enabled: true
+  resourcePolicy: keep
+harborAdminPassword: "{{ HARBOR_ADMIN_PASSWORD }}"
+nginx:
+  serviceAccountName: harbor-sa
+  image:
+    repository: docker.io/goharbor/nginx-photon
+portal:
+  serviceAccountName: harbor-sa
+  image:
+    repository: docker.io/goharbor/harbor-portal
+core:
+  serviceAccountName: harbor-sa
+  image:
+    repository: docker.io/goharbor/harbor-core
+jobservice:
+  serviceAccountName: harbor-sa
+  image:
+    repository: docker.io/goharbor/harbor-jobservice
+registry:
+  serviceAccountName: harbor-sa
+  registry:
+    image:
+      repository: docker.io/goharbor/registry-photon
+  controller:
+    image:
+      repository: docker.io/goharbor/harbor-registryctl
+chartmuseum:
+  serviceAccountName: harbor-sa
+trivy:
+  serviceAccountName: harbor-sa
+  image:
+    repository: docker.io/goharbor/trivy-adapter-photon
+notary:
+  server:
+    serviceAccountName: harbor-sa
+  signer:
+    serviceAccountName: harbor-sa
+database:
+  internal:
+    serviceAccountName: harbor-sa
+    image:
+      repository: docker.io/goharbor/harbor-db
+redis:
+  internal:
+    serviceAccountName: harbor-sa
+    image:
+      repository: docker.io/goharbor/redis-photon
+exporter:
+  image:
+    repository: docker.io/goharbor/harbor-exporte

roles/socle-config/files/socle-config.yaml

@@ -99,6 +99,9 @@ GITLAB_VALUES: {}
 HARBOR_NAMESPACE: harbor-system
 HARBOR_DOMAIN: harbor{{ ROOT_DOMAIN }}
 HARBOR_ADMIN_PASSWORD: MySuperPassword
+# You can merge customs values for harbor, it will be merged with roles/harbor/tasks/main.yaml
+# See https://github.com/goharbor/harbor-helm
+HARBOR_VALUES: {}
 
 # KEYCLOAK
 KEYCLOAK_NAMESPACE: keycloak-system