From c9d380de92ffd2c550436cdbf97a0787c0184901 Mon Sep 17 00:00:00 2001 From: soulseen Date: Sat, 23 Oct 2021 14:49:48 +0800 Subject: [PATCH] update storage config Signed-off-by: soulseen --- apis/goharbor.io/v1beta1/harbor_types.go | 5 + apis/goharbor.io/v1beta1/registry_types.go | 1 + .../config/assets/registry-config.yaml.tmpl | 7 + controllers/goharbor/harbor/storage.go | 12 ++ controllers/goharbor/registry/deployments.go | 22 +++ manifests/cluster/deployment.yaml | 2 +- manifests/harbor/deployment.yaml | 2 +- manifests/samples/zxy_test.yaml | 133 ------------------ pkg/cluster/controllers/harbor/harbor.go | 5 + 9 files changed, 54 insertions(+), 135 deletions(-) delete mode 100644 manifests/samples/zxy_test.yaml diff --git a/apis/goharbor.io/v1beta1/harbor_types.go b/apis/goharbor.io/v1beta1/harbor_types.go index 703a81b08..5bf4fa94c 100644 --- a/apis/goharbor.io/v1beta1/harbor_types.go +++ b/apis/goharbor.io/v1beta1/harbor_types.go @@ -507,6 +507,7 @@ const ( S3DriverName = "s3" SwiftDriverName = "swift" FileSystemDriverName = "filesystem" + AzureDriverName = "azure" ) func (r *HarborStorageImageChartStorageSpec) ProviderName() string { @@ -518,6 +519,10 @@ func (r *HarborStorageImageChartStorageSpec) ProviderName() string { return SwiftDriverName } + if r.Azure != nil { + return AzureDriverName + } + return FileSystemDriverName } diff --git a/apis/goharbor.io/v1beta1/registry_types.go b/apis/goharbor.io/v1beta1/registry_types.go index 5326cadd5..ad2815e10 100644 --- a/apis/goharbor.io/v1beta1/registry_types.go +++ b/apis/goharbor.io/v1beta1/registry_types.go @@ -605,6 +605,7 @@ type RegistryStorageDriverSpec struct { // See: https://docs.docker.com/registry/storage-drivers/swift/ Swift *RegistryStorageDriverSwiftSpec `json:"swift,omitempty"` + // +kubebuilder:validation:Optional Azure *RegistryStorageDriverAzureSpec `json:"azure,omitempty"` } diff --git a/config/config/assets/registry-config.yaml.tmpl b/config/config/assets/registry-config.yaml.tmpl index c54ee27eb..d70cfd19d 100644 --- a/config/config/assets/registry-config.yaml.tmpl +++ b/config/config/assets/registry-config.yaml.tmpl @@ -138,6 +138,13 @@ storage: {{- end }} {{- end }} + {{- if .Spec.Storage.Driver.Azure }} + azure: + accountname: {{ .Spec.Storage.Driver.Azure.AccountName | quote }} + container: {{ .Spec.Storage.Driver.Azure.Container | quote }} + realm: {{ .Spec.Storage.Driver.Azure.BaseURL | quote }} + {{- end }} + {{- if .Spec.Storage.Driver.Swift }} swift: username: {{ .Spec.Storage.Driver.Swift.Username | quote }} diff --git a/controllers/goharbor/harbor/storage.go b/controllers/goharbor/harbor/storage.go index 9d897c1b2..946449e27 100644 --- a/controllers/goharbor/harbor/storage.go +++ b/controllers/goharbor/harbor/storage.go @@ -20,6 +20,12 @@ func (r *Reconciler) ChartMuseumStorage(ctx context.Context, harbor *goharborv1. } } + if harbor.Spec.ImageChartStorage.Azure != nil { + return goharborv1.ChartMuseumChartStorageDriverSpec{ + Azure: harbor.Spec.ImageChartStorage.Azure.ChartMuseum(), + } + } + prefix := "" pvc := &harbor.Spec.ImageChartStorage.FileSystem.RegistryPersistentVolume.PersistentVolumeClaimVolumeSource @@ -87,6 +93,12 @@ func (r *Reconciler) RegistryStorage(ctx context.Context, harbor *goharborv1.Har } } + if harbor.Spec.ImageChartStorage.Azure != nil { + return goharborv1.RegistryStorageDriverSpec{ + Azure: harbor.Spec.ImageChartStorage.Azure.Registry(), + } + } + return goharborv1.RegistryStorageDriverSpec{ FileSystem: &goharborv1.RegistryStorageDriverFilesystemSpec{ VolumeSource: corev1.VolumeSource{ diff --git a/controllers/goharbor/registry/deployments.go b/controllers/goharbor/registry/deployments.go index dd7ef740a..fcb16c65e 100644 --- a/controllers/goharbor/registry/deployments.go +++ b/controllers/goharbor/registry/deployments.go @@ -361,6 +361,24 @@ func (r *Reconciler) ApplySwiftStorageEnvs(ctx context.Context, registry *goharb return nil } +func (r *Reconciler) ApplyAzureStorageEnvs(ctx context.Context, registry *goharborv1.Registry, deploy *appsv1.Deployment) error { + regContainer := &deploy.Spec.Template.Spec.Containers[registryContainerIndex] + + regContainer.Env = append(regContainer.Env, corev1.EnvVar{ + Name: "REGISTRY_STORAGE_AZURE_ACCOUNTKEY", + ValueFrom: &corev1.EnvVarSource{ + SecretKeyRef: &corev1.SecretKeySelector{ + Key: harbormetav1.SharedSecretKey, + LocalObjectReference: corev1.LocalObjectReference{ + Name: registry.Spec.Storage.Driver.Azure.AccountKeyRef, + }, + }, + }, + }) + + return nil +} + func (r *Reconciler) ApplyInMemoryStorageEnvs(ctx context.Context, registry *goharborv1.Registry, deploy *appsv1.Deployment) error { regContainer := &deploy.Spec.Template.Spec.Containers[registryContainerIndex] @@ -383,6 +401,10 @@ func (r *Reconciler) ApplyStorageConfiguration(ctx context.Context, registry *go return r.ApplySwiftStorageEnvs(ctx, registry, deploy) } + if registry.Spec.Storage.Driver.Azure != nil { + return r.ApplyAzureStorageEnvs(ctx, registry, deploy) + } + if registry.Spec.Storage.Driver.FileSystem != nil { return r.ApplyFilesystemStorageEnvs(ctx, registry, deploy) } diff --git a/manifests/cluster/deployment.yaml b/manifests/cluster/deployment.yaml index e2a4e4931..f0ebcb7ec 100644 --- a/manifests/cluster/deployment.yaml +++ b/manifests/cluster/deployment.yaml @@ -34477,7 +34477,7 @@ data: } } } - registry-config.yaml.tmpl: "# https://docs.docker.com/registry/configuration/\nversion: 0.1\nlog:\n accesslog:\n disabled: {{ .Spec.Log.AccessLog.Disabled }}\n level: {{ .Spec.Log.Level | quote }}\n formatter: {{ .Spec.Log.Formatter | quote }}\n {{- if .Spec.Log.Fields }}\n fields: {{ .Spec.Log.Fields | toJson }}\n {{- end }}\n {{- if .Spec.Log.Hooks }}\n hooks:\n {{- range $index, $element := .Spec.Log.Hooks }}\n - type: {{ $element.Type | quote }}\n disabled: {{ $element.Disabled }}\n {{- if $element.Levels }}\n levels: {{ $element.Levels | toJson }}\n {{- end }}\n {{- if $element.OptionsRef }}\n {{- with ( secretData $element.OptionsRef) }}\n {{- if . }}\n options: {{ toJson . }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\nhttp:\n # secret: setted through environment variable\n {{- if .Spec.HTTP.Debug }}\n debug:\n addr: :{{ .Spec.HTTP.Debug.Port }}\n prometheus:\n enabled: {{ .Spec.HTTP.Debug.Prometheus.Enabled }}\n path: {{ .Spec.HTTP.Debug.Prometheus.Path | quote }}\n {{- end }}\n net: {{ .Spec.HTTP.Net | quote }}\n addr: :5000\n {{- if .Spec.HTTP.Prefix }}\n prefix: {{ .Spec.HTTP.Prefix | quote }}\n {{- end }}\n {{- if .Spec.HTTP.Headers }}\n headers: {{ .Spec.HTTP.Headers | toJson }}\n {{- end }}\n http2:\n disabled: {{ .Spec.HTTP.HTTP2.Disabled }}\n host: {{ .Spec.HTTP.Host | quote }}\n relativeurls: {{ .Spec.HTTP.RelativeURLs }}\n {{- if .Spec.HTTP.DrainTimeout }}\n draintimeout: {{ .Spec.HTTP.DrainTimeout.Duration }}\n {{- end }}\n {{- if .Spec.HTTP.TLS.Enabled }}\n tls:\n certificate: /etc/registry/ssl/tls.crt\n key: /etc/registry/ssl/tls.key\n {{- end }}\n{{- if .Spec.Reporting }}\nreporting:\n {{- range $name, $reference := .Spec.Reporting }}\n {{ $name | quote }}: {{ secretData $reference | toJson }}\n {{- end }}\n{{- end }}\nstorage:\n {{- if .Spec.Storage.Delete.Enabled }}\n delete:\n {{- if .Spec.Storage.Delete.Enabled }}\n enabled: {{ .Spec.Storage.Delete.Enabled }}\n {{- end }}\n {{- end }}\n cache:\n blobdescriptor: {{ default \"inmemory\" .Spec.Storage.Cache.Blobdescriptor | quote }}\n maintenance:\n uploadPurging:\n enabled: {{ .Spec.Storage.Maintenance.UploadPurging.Enabled }}\n {{- if .Spec.Storage.Maintenance.UploadPurging.Age }}\n age: {{ .Spec.Storage.Maintenance.UploadPurging.Age.Duration }}\n {{- end }}\n {{- if .Spec.Storage.Maintenance.UploadPurging.Interval }}\n interval: {{ .Spec.Storage.Maintenance.UploadPurging.Interval.Duration }}\n {{- end }}\n dryRun: {{ .Spec.Storage.Maintenance.UploadPurging.DryRun }}\n readOnly:\n enabled: {{ .Spec.Storage.Maintenance.ReadOnly.Enabled }}\n redirect: \n disable: {{ .Spec.Storage.Redirect.Disable }}\n\n {{- if .Spec.Storage.Driver.InMemory }}\n inmemory: {}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.FileSystem }}\n filesystem:\n rootdirectory: /var/lib/registry\n maxthreads: {{ .Spec.Storage.Driver.FileSystem.MaxThreads }}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.S3 }}\n s3:\n region: {{ .Spec.Storage.Driver.S3.Region | quote }}\n bucket: {{ .Spec.Storage.Driver.S3.Bucket | quote }}\n encrypt: {{ .Spec.Storage.Driver.S3.Encrypt }}\n skipverify: {{ .Spec.Storage.Driver.S3.SkipVerify }}\n {{- if .Spec.Storage.Driver.S3.KeyID }}\n keyid: {{ .Spec.Storage.Driver.S3.KeyID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.Secure }}\n secure: {{ .Spec.Storage.Driver.S3.Secure }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.V4Auth }}\n v4auth: {{ .Spec.Storage.Driver.S3.V4Auth }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.ChunkSize }}\n chunksize: {{ .Spec.Storage.Driver.S3.ChunkSize }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.StorageClass }}\n storageclass: {{ .Spec.Storage.Driver.S3.StorageClass | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.RootDirectory }}\n rootdirectory: {{ .Spec.Storage.Driver.S3.RootDirectory | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.AccessKey }}\n accesskey: {{ .Spec.Storage.Driver.S3.AccessKey | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.SecretKeyRef }}\n # secretkey: setted through environment variable\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.RegionEndpoint }}\n regionendpoint: {{ .Spec.Storage.Driver.S3.RegionEndpoint | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyChunkSize }}\n multipartcopychunksize: {{ .Spec.Storage.Driver.S3.MultipartCopyChunkSize | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyMaxConcurrency }}\n multipartcopymaxconcurrency: {{ .Spec.Storage.Driver.S3.MultipartCopyMaxConcurrency | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyThresholdSize }}\n multipartcopythresholdsize: {{ .Spec.Storage.Driver.S3.MultipartCopyThresholdSize | quote }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.Swift }}\n swift:\n username: {{ .Spec.Storage.Driver.Swift.Username | quote }}\n # password: setted through environment variable\n authurl: {{ .Spec.Storage.Driver.Swift.AuthURL | quote }}\n container: {{ .Spec.Storage.Driver.Swift.Container | quote }}\n insecureskipverify: {{ .Spec.Storage.Driver.Swift.InsecureSkipVerify }}\n {{- if .Spec.Storage.Driver.Swift.Prefix }}\n prefix: {{ .Spec.Storage.Driver.Swift.Prefix | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.EndpointType }}\n endpointtype: {{ .Spec.Storage.Driver.Swift.EndpointType | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.ChunkSize }}\n chunksize: {{ .Spec.Storage.Driver.Swift.ChunkSize }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.AccessKey }}\n accesskey: {{ .Spec.Storage.Driver.Swift.AccessKey | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.SecretKeyRef }}\n # secretkey: setted through environment variable\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.AuthVersion }}\n authversion: {{ .Spec.Storage.Driver.Swift.AuthVersion | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Tenant }}\n tenantid: {{ .Spec.Storage.Driver.Swift.Tenant | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.TenantID }}\n tenantid: {{ .Spec.Storage.Driver.Swift.TenantID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Domain }}\n domain: {{ .Spec.Storage.Driver.Swift.Domain | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.DomainID }}\n domainid: {{ .Spec.Storage.Driver.Swift.DomainID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.TrustID }}\n trustid: {{ .Spec.Storage.Driver.Swift.TrustID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Region }}\n region: {{ .Spec.Storage.Driver.Swift.Region | quote }}\n {{- end }}\n {{- end }}\n\n{{- if ( or .Spec.Middlewares.Registry ( or .Spec.Middlewares.Repository .Spec.Middlewares.Storage ) ) }}\nmiddleware:\n {{- if .Spec.Middlewares.Registry }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Registry }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Spec.Middlewares.Repository }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Repository }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Spec.Middlewares.Storage }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Storage }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n{{- end }}\n{{- if .Spec.Redis }}\nredis:\n {{- if .Spec.Redis.SentinelMasterSet }}\n sentinelMasterSet: {{ .Spec.Redis.SentinelMasterSet | quote }}\n {{- end }}\n {{- if .Spec.Redis.Port }}\n addr: {{ printf \"%s:%d\" .Spec.Redis.Host .Spec.Redis.Port | quote }}\n {{- else }}\n addr: {{ .Spec.Redis.Host | quote }}\n {{- end }}\n # password: setted through environment variable\n db: {{ .Spec.Redis.Database }}\n {{- if .Spec.Redis.DialTimeout }}\n dialtimeout: {{ .Spec.Redis.DialTimeout.Duration }}\n {{- end }}\n {{- if .Spec.Redis.ReadTimeout }}\n readtimeout: {{ .Spec.Redis.ReadTimeout.Duration }}\n {{- end }}\n {{- if .Spec.Redis.WriteTimeout }}\n writetimeout: {{ .Spec.Redis.WriteTimeout.Duration }}\n {{- end }}\n {{- if ( or .Spec.Redis.Pool.MaxIdle ( or .Spec.Redis.Pool.MaxActive .Spec.Redis.Pool.IdleTimeout ) ) }}\n pool:\n {{- if .Spec.Redis.Pool.MaxIdle }}\n maxidle: {{ .Spec.Redis.Pool.MaxIdle }}\n {{- end }}\n {{- if .Spec.Redis.Pool.MaxActive }}\n maxactive: {{ .Spec.Redis.Pool.MaxActive }}\n {{- end }}\n {{- if .Spec.Redis.Pool.IdleTimeout }}\n idletimeout: {{ .Spec.Redis.Pool.IdleTimeout.Duration }}\n {{- end }}\n {{- end }}\n{{- end }}\ncompatibility:\n schema1:\n # signingkeyfile: setted through environment variable\n enabled: {{ .Spec.Compatibility.Schema1.Enabled }}\nvalidation:\n disabled: {{ .Spec.Validation.Disabled }}\n {{- if or .Spec.Validation.Manifests.URLs.Allow .Spec.Validation.Manifests.URLs.Deny }}\n manifests:\n urls:\n {{- if .Spec.Validation.Manifests.URLs.Allow }}\n allow: {{ .Spec.Validation.Manifests.URLs.Allow | toJson }}\n {{- end }}\n {{- if .Spec.Validation.Manifests.URLs.Deny }}\n deny: {{ .Spec.Validation.Manifests.URLs.Deny | toJson }}\n {{- end }}\n {{- end }}\n{{- if ( or .Spec.Authentication.Silly ( or .Spec.Authentication.Token .Spec.Authentication.HTPasswd ) ) }}\nauth:\n {{- if .Spec.Authentication.Silly }}\n silly:\n realm: {{ .Spec.Authentication.Silly.Realm | quote }}\n service: {{ .Spec.Authentication.Silly.Service | quote }}\n {{- end }}\n {{- if .Spec.Authentication.Token }}\n token:\n realm: {{ .Spec.Authentication.Token.Realm | quote }}\n service: {{ .Spec.Authentication.Token.Service | quote }}\n issuer: registry-token-issuer\n rootcertbundle: /root/certs/bundle\n autoredirect: {{ .Spec.Authentication.Token.AutoRedirect }}\n {{- end }}\n {{- if .Spec.Authentication.HTPasswd }}\n htpasswd:\n realm: {{ .Spec.Authentication.HTPasswd.Realm | quote }}\n # path: setted through environment variable\n {{- end }}\n{{- end }}\nnotifications:\n {{- if .Spec.Notifications.Endpoints }}\n endpoints:\n {{- range $_, $endpoint := .Spec.Notifications.Endpoints }}\n - name: {{ $endpoint.Name | quote }}\n disabled: {{ $endpoint.Disabled }}\n url: {{ $endpoint.URL | quote }}\n {{- if $endpoint.Headers }}\n headers: {{ $endpoint.Headers | toJson }}\n {{- end }}\n {{- if $endpoint.Timeout }}\n timeout: {{ $endpoint.Timeout.Duration }}\n {{- end }}\n {{- if $endpoint.Threshold }}\n threshold: {{ $endpoint.Threshold }}\n {{- end }}\n {{- if $endpoint.Backoff }}\n backoff: {{ $endpoint.Backoff }}\n {{- end }}\n {{- if $endpoint.IgnoredMediaTypes }}\n ignoredmediatypes: {{ $endpoint.IgnoredMediaTypes | toJson }}\n {{- end }}\n {{- if ( or $endpoint.Ignore.MediaTypes $endpoint.Ignore.Actions ) }}\n ignore:\n {{- if $endpoint.Ignore.MediaTypes }}\n mediatypes: {{ $endpoint.Ignore.MediaTypes | toJson }}\n {{- end }}\n {{- if $endpoint.Ignore.Actions }}\n actions: {{ $endpoint.Ignore.Actions | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n events:\n includereferences: {{ default true .Spec.Notifications.Events.IncludeReferences }}\n\nhealth:\n storagedriver:\n enabled: {{ default true .Spec.Health.StorageDriver.Enabled }}\n {{- if .Spec.Health.StorageDriver.Interval }}\n interval: {{ .Spec.Health.StorageDriver.Interval.Duration }}\n {{- end }}\n {{- if .Spec.Health.StorageDriver.Threshold }}\n threshold: {{ .Spec.Health.StorageDriver.Threshold }}\n {{- end }}\n\n {{- if .Spec.Health.File }}\n file:\n {{- range $_, $health := .Spec.Health.File }}\n - file: {{ $health.File | quote }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Health.HTTP }}\n http:\n {{- range $_, $health := .Spec.Health.HTTP }}\n - uri: {{ $health.URI | quote }}\n headers: {{ $health.Headers | toJson }}\n {{- if $health.StatusCode }}\n statuscode: {{ $health.StatusCode }}\n {{- end }}\n {{- if $health.Timeout }}\n timeout: {{ $health.Timeout.Duration }}\n {{- end }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n threshold: {{ $health.Threshold }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Health.TCP }}\n tcp:\n {{- range $_, $health := .Spec.Health.TCP }}\n - addr: {{ $health.Address | quote }}\n {{- if $health.Timeout }}\n timeout: {{ $health.Timeout.Duration }}\n {{- end }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n threshold: {{ $health.Threshold }}\n {{- end }}\n {{- end }}\n" + registry-config.yaml.tmpl: "# https://docs.docker.com/registry/configuration/\nversion: 0.1\nlog:\n accesslog:\n disabled: {{ .Spec.Log.AccessLog.Disabled }}\n level: {{ .Spec.Log.Level | quote }}\n formatter: {{ .Spec.Log.Formatter | quote }}\n {{- if .Spec.Log.Fields }}\n fields: {{ .Spec.Log.Fields | toJson }}\n {{- end }}\n {{- if .Spec.Log.Hooks }}\n hooks:\n {{- range $index, $element := .Spec.Log.Hooks }}\n - type: {{ $element.Type | quote }}\n disabled: {{ $element.Disabled }}\n {{- if $element.Levels }}\n levels: {{ $element.Levels | toJson }}\n {{- end }}\n {{- if $element.OptionsRef }}\n {{- with ( secretData $element.OptionsRef) }}\n {{- if . }}\n options: {{ toJson . }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\nhttp:\n # secret: setted through environment variable\n {{- if .Spec.HTTP.Debug }}\n debug:\n addr: :{{ .Spec.HTTP.Debug.Port }}\n prometheus:\n enabled: {{ .Spec.HTTP.Debug.Prometheus.Enabled }}\n path: {{ .Spec.HTTP.Debug.Prometheus.Path | quote }}\n {{- end }}\n net: {{ .Spec.HTTP.Net | quote }}\n addr: :5000\n {{- if .Spec.HTTP.Prefix }}\n prefix: {{ .Spec.HTTP.Prefix | quote }}\n {{- end }}\n {{- if .Spec.HTTP.Headers }}\n headers: {{ .Spec.HTTP.Headers | toJson }}\n {{- end }}\n http2:\n disabled: {{ .Spec.HTTP.HTTP2.Disabled }}\n host: {{ .Spec.HTTP.Host | quote }}\n relativeurls: {{ .Spec.HTTP.RelativeURLs }}\n {{- if .Spec.HTTP.DrainTimeout }}\n draintimeout: {{ .Spec.HTTP.DrainTimeout.Duration }}\n {{- end }}\n {{- if .Spec.HTTP.TLS.Enabled }}\n tls:\n certificate: /etc/registry/ssl/tls.crt\n key: /etc/registry/ssl/tls.key\n {{- end }}\n{{- if .Spec.Reporting }}\nreporting:\n {{- range $name, $reference := .Spec.Reporting }}\n {{ $name | quote }}: {{ secretData $reference | toJson }}\n {{- end }}\n{{- end }}\nstorage:\n {{- if .Spec.Storage.Delete.Enabled }}\n delete:\n {{- if .Spec.Storage.Delete.Enabled }}\n enabled: {{ .Spec.Storage.Delete.Enabled }}\n {{- end }}\n {{- end }}\n cache:\n blobdescriptor: {{ default \"inmemory\" .Spec.Storage.Cache.Blobdescriptor | quote }}\n maintenance:\n uploadPurging:\n enabled: {{ .Spec.Storage.Maintenance.UploadPurging.Enabled }}\n {{- if .Spec.Storage.Maintenance.UploadPurging.Age }}\n age: {{ .Spec.Storage.Maintenance.UploadPurging.Age.Duration }}\n {{- end }}\n {{- if .Spec.Storage.Maintenance.UploadPurging.Interval }}\n interval: {{ .Spec.Storage.Maintenance.UploadPurging.Interval.Duration }}\n {{- end }}\n dryRun: {{ .Spec.Storage.Maintenance.UploadPurging.DryRun }}\n readOnly:\n enabled: {{ .Spec.Storage.Maintenance.ReadOnly.Enabled }}\n redirect: \n disable: {{ .Spec.Storage.Redirect.Disable }}\n\n {{- if .Spec.Storage.Driver.InMemory }}\n inmemory: {}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.FileSystem }}\n filesystem:\n rootdirectory: /var/lib/registry\n maxthreads: {{ .Spec.Storage.Driver.FileSystem.MaxThreads }}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.S3 }}\n s3:\n region: {{ .Spec.Storage.Driver.S3.Region | quote }}\n bucket: {{ .Spec.Storage.Driver.S3.Bucket | quote }}\n encrypt: {{ .Spec.Storage.Driver.S3.Encrypt }}\n skipverify: {{ .Spec.Storage.Driver.S3.SkipVerify }}\n {{- if .Spec.Storage.Driver.S3.KeyID }}\n keyid: {{ .Spec.Storage.Driver.S3.KeyID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.Secure }}\n secure: {{ .Spec.Storage.Driver.S3.Secure }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.V4Auth }}\n v4auth: {{ .Spec.Storage.Driver.S3.V4Auth }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.ChunkSize }}\n chunksize: {{ .Spec.Storage.Driver.S3.ChunkSize }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.StorageClass }}\n storageclass: {{ .Spec.Storage.Driver.S3.StorageClass | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.RootDirectory }}\n rootdirectory: {{ .Spec.Storage.Driver.S3.RootDirectory | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.AccessKey }}\n accesskey: {{ .Spec.Storage.Driver.S3.AccessKey | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.SecretKeyRef }}\n # secretkey: setted through environment variable\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.RegionEndpoint }}\n regionendpoint: {{ .Spec.Storage.Driver.S3.RegionEndpoint | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyChunkSize }}\n multipartcopychunksize: {{ .Spec.Storage.Driver.S3.MultipartCopyChunkSize | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyMaxConcurrency }}\n multipartcopymaxconcurrency: {{ .Spec.Storage.Driver.S3.MultipartCopyMaxConcurrency | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyThresholdSize }}\n multipartcopythresholdsize: {{ .Spec.Storage.Driver.S3.MultipartCopyThresholdSize | quote }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.Azure }}\n azure:\n accountname: {{ .Spec.Storage.Driver.Azure.AccountName | quote }}\n container: {{ .Spec.Storage.Driver.Azure.Container | quote }}\n realm: {{ .Spec.Storage.Driver.Azure.BaseURL | quote }}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.Swift }}\n swift:\n username: {{ .Spec.Storage.Driver.Swift.Username | quote }}\n # password: setted through environment variable\n authurl: {{ .Spec.Storage.Driver.Swift.AuthURL | quote }}\n container: {{ .Spec.Storage.Driver.Swift.Container | quote }}\n insecureskipverify: {{ .Spec.Storage.Driver.Swift.InsecureSkipVerify }}\n {{- if .Spec.Storage.Driver.Swift.Prefix }}\n prefix: {{ .Spec.Storage.Driver.Swift.Prefix | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.EndpointType }}\n endpointtype: {{ .Spec.Storage.Driver.Swift.EndpointType | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.ChunkSize }}\n chunksize: {{ .Spec.Storage.Driver.Swift.ChunkSize }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.AccessKey }}\n accesskey: {{ .Spec.Storage.Driver.Swift.AccessKey | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.SecretKeyRef }}\n # secretkey: setted through environment variable\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.AuthVersion }}\n authversion: {{ .Spec.Storage.Driver.Swift.AuthVersion | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Tenant }}\n tenantid: {{ .Spec.Storage.Driver.Swift.Tenant | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.TenantID }}\n tenantid: {{ .Spec.Storage.Driver.Swift.TenantID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Domain }}\n domain: {{ .Spec.Storage.Driver.Swift.Domain | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.DomainID }}\n domainid: {{ .Spec.Storage.Driver.Swift.DomainID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.TrustID }}\n trustid: {{ .Spec.Storage.Driver.Swift.TrustID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Region }}\n region: {{ .Spec.Storage.Driver.Swift.Region | quote }}\n {{- end }}\n {{- end }}\n\n{{- if ( or .Spec.Middlewares.Registry ( or .Spec.Middlewares.Repository .Spec.Middlewares.Storage ) ) }}\nmiddleware:\n {{- if .Spec.Middlewares.Registry }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Registry }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Spec.Middlewares.Repository }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Repository }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Spec.Middlewares.Storage }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Storage }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n{{- end }}\n{{- if .Spec.Redis }}\nredis:\n {{- if .Spec.Redis.SentinelMasterSet }}\n sentinelMasterSet: {{ .Spec.Redis.SentinelMasterSet | quote }}\n {{- end }}\n {{- if .Spec.Redis.Port }}\n addr: {{ printf \"%s:%d\" .Spec.Redis.Host .Spec.Redis.Port | quote }}\n {{- else }}\n addr: {{ .Spec.Redis.Host | quote }}\n {{- end }}\n # password: setted through environment variable\n db: {{ .Spec.Redis.Database }}\n {{- if .Spec.Redis.DialTimeout }}\n dialtimeout: {{ .Spec.Redis.DialTimeout.Duration }}\n {{- end }}\n {{- if .Spec.Redis.ReadTimeout }}\n readtimeout: {{ .Spec.Redis.ReadTimeout.Duration }}\n {{- end }}\n {{- if .Spec.Redis.WriteTimeout }}\n writetimeout: {{ .Spec.Redis.WriteTimeout.Duration }}\n {{- end }}\n {{- if ( or .Spec.Redis.Pool.MaxIdle ( or .Spec.Redis.Pool.MaxActive .Spec.Redis.Pool.IdleTimeout ) ) }}\n pool:\n {{- if .Spec.Redis.Pool.MaxIdle }}\n maxidle: {{ .Spec.Redis.Pool.MaxIdle }}\n {{- end }}\n {{- if .Spec.Redis.Pool.MaxActive }}\n maxactive: {{ .Spec.Redis.Pool.MaxActive }}\n {{- end }}\n {{- if .Spec.Redis.Pool.IdleTimeout }}\n idletimeout: {{ .Spec.Redis.Pool.IdleTimeout.Duration }}\n {{- end }}\n {{- end }}\n{{- end }}\ncompatibility:\n schema1:\n # signingkeyfile: setted through environment variable\n enabled: {{ .Spec.Compatibility.Schema1.Enabled }}\nvalidation:\n disabled: {{ .Spec.Validation.Disabled }}\n {{- if or .Spec.Validation.Manifests.URLs.Allow .Spec.Validation.Manifests.URLs.Deny }}\n manifests:\n urls:\n {{- if .Spec.Validation.Manifests.URLs.Allow }}\n allow: {{ .Spec.Validation.Manifests.URLs.Allow | toJson }}\n {{- end }}\n {{- if .Spec.Validation.Manifests.URLs.Deny }}\n deny: {{ .Spec.Validation.Manifests.URLs.Deny | toJson }}\n {{- end }}\n {{- end }}\n{{- if ( or .Spec.Authentication.Silly ( or .Spec.Authentication.Token .Spec.Authentication.HTPasswd ) ) }}\nauth:\n {{- if .Spec.Authentication.Silly }}\n silly:\n realm: {{ .Spec.Authentication.Silly.Realm | quote }}\n service: {{ .Spec.Authentication.Silly.Service | quote }}\n {{- end }}\n {{- if .Spec.Authentication.Token }}\n token:\n realm: {{ .Spec.Authentication.Token.Realm | quote }}\n service: {{ .Spec.Authentication.Token.Service | quote }}\n issuer: registry-token-issuer\n rootcertbundle: /root/certs/bundle\n autoredirect: {{ .Spec.Authentication.Token.AutoRedirect }}\n {{- end }}\n {{- if .Spec.Authentication.HTPasswd }}\n htpasswd:\n realm: {{ .Spec.Authentication.HTPasswd.Realm | quote }}\n # path: setted through environment variable\n {{- end }}\n{{- end }}\nnotifications:\n {{- if .Spec.Notifications.Endpoints }}\n endpoints:\n {{- range $_, $endpoint := .Spec.Notifications.Endpoints }}\n - name: {{ $endpoint.Name | quote }}\n disabled: {{ $endpoint.Disabled }}\n url: {{ $endpoint.URL | quote }}\n {{- if $endpoint.Headers }}\n headers: {{ $endpoint.Headers | toJson }}\n {{- end }}\n {{- if $endpoint.Timeout }}\n timeout: {{ $endpoint.Timeout.Duration }}\n {{- end }}\n {{- if $endpoint.Threshold }}\n threshold: {{ $endpoint.Threshold }}\n {{- end }}\n {{- if $endpoint.Backoff }}\n backoff: {{ $endpoint.Backoff }}\n {{- end }}\n {{- if $endpoint.IgnoredMediaTypes }}\n ignoredmediatypes: {{ $endpoint.IgnoredMediaTypes | toJson }}\n {{- end }}\n {{- if ( or $endpoint.Ignore.MediaTypes $endpoint.Ignore.Actions ) }}\n ignore:\n {{- if $endpoint.Ignore.MediaTypes }}\n mediatypes: {{ $endpoint.Ignore.MediaTypes | toJson }}\n {{- end }}\n {{- if $endpoint.Ignore.Actions }}\n actions: {{ $endpoint.Ignore.Actions | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n events:\n includereferences: {{ default true .Spec.Notifications.Events.IncludeReferences }}\n\nhealth:\n storagedriver:\n enabled: {{ default true .Spec.Health.StorageDriver.Enabled }}\n {{- if .Spec.Health.StorageDriver.Interval }}\n interval: {{ .Spec.Health.StorageDriver.Interval.Duration }}\n {{- end }}\n {{- if .Spec.Health.StorageDriver.Threshold }}\n threshold: {{ .Spec.Health.StorageDriver.Threshold }}\n {{- end }}\n\n {{- if .Spec.Health.File }}\n file:\n {{- range $_, $health := .Spec.Health.File }}\n - file: {{ $health.File | quote }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Health.HTTP }}\n http:\n {{- range $_, $health := .Spec.Health.HTTP }}\n - uri: {{ $health.URI | quote }}\n headers: {{ $health.Headers | toJson }}\n {{- if $health.StatusCode }}\n statuscode: {{ $health.StatusCode }}\n {{- end }}\n {{- if $health.Timeout }}\n timeout: {{ $health.Timeout.Duration }}\n {{- end }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n threshold: {{ $health.Threshold }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Health.TCP }}\n tcp:\n {{- range $_, $health := .Spec.Health.TCP }}\n - addr: {{ $health.Address | quote }}\n {{- if $health.Timeout }}\n timeout: {{ $health.Timeout.Duration }}\n {{- end }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n threshold: {{ $health.Threshold }}\n {{- end }}\n {{- end }}\n" registryctl-config.yaml.tmpl: | {{- if .Spec.TLS.Enabled }} protocol: https diff --git a/manifests/harbor/deployment.yaml b/manifests/harbor/deployment.yaml index 18e024354..6c6d4fd57 100644 --- a/manifests/harbor/deployment.yaml +++ b/manifests/harbor/deployment.yaml @@ -27018,7 +27018,7 @@ data: } } } - registry-config.yaml.tmpl: "# https://docs.docker.com/registry/configuration/\nversion: 0.1\nlog:\n accesslog:\n disabled: {{ .Spec.Log.AccessLog.Disabled }}\n level: {{ .Spec.Log.Level | quote }}\n formatter: {{ .Spec.Log.Formatter | quote }}\n {{- if .Spec.Log.Fields }}\n fields: {{ .Spec.Log.Fields | toJson }}\n {{- end }}\n {{- if .Spec.Log.Hooks }}\n hooks:\n {{- range $index, $element := .Spec.Log.Hooks }}\n - type: {{ $element.Type | quote }}\n disabled: {{ $element.Disabled }}\n {{- if $element.Levels }}\n levels: {{ $element.Levels | toJson }}\n {{- end }}\n {{- if $element.OptionsRef }}\n {{- with ( secretData $element.OptionsRef) }}\n {{- if . }}\n options: {{ toJson . }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\nhttp:\n # secret: setted through environment variable\n {{- if .Spec.HTTP.Debug }}\n debug:\n addr: :{{ .Spec.HTTP.Debug.Port }}\n prometheus:\n enabled: {{ .Spec.HTTP.Debug.Prometheus.Enabled }}\n path: {{ .Spec.HTTP.Debug.Prometheus.Path | quote }}\n {{- end }}\n net: {{ .Spec.HTTP.Net | quote }}\n addr: :5000\n {{- if .Spec.HTTP.Prefix }}\n prefix: {{ .Spec.HTTP.Prefix | quote }}\n {{- end }}\n {{- if .Spec.HTTP.Headers }}\n headers: {{ .Spec.HTTP.Headers | toJson }}\n {{- end }}\n http2:\n disabled: {{ .Spec.HTTP.HTTP2.Disabled }}\n host: {{ .Spec.HTTP.Host | quote }}\n relativeurls: {{ .Spec.HTTP.RelativeURLs }}\n {{- if .Spec.HTTP.DrainTimeout }}\n draintimeout: {{ .Spec.HTTP.DrainTimeout.Duration }}\n {{- end }}\n {{- if .Spec.HTTP.TLS.Enabled }}\n tls:\n certificate: /etc/registry/ssl/tls.crt\n key: /etc/registry/ssl/tls.key\n {{- end }}\n{{- if .Spec.Reporting }}\nreporting:\n {{- range $name, $reference := .Spec.Reporting }}\n {{ $name | quote }}: {{ secretData $reference | toJson }}\n {{- end }}\n{{- end }}\nstorage:\n {{- if .Spec.Storage.Delete.Enabled }}\n delete:\n {{- if .Spec.Storage.Delete.Enabled }}\n enabled: {{ .Spec.Storage.Delete.Enabled }}\n {{- end }}\n {{- end }}\n cache:\n blobdescriptor: {{ default \"inmemory\" .Spec.Storage.Cache.Blobdescriptor | quote }}\n maintenance:\n uploadPurging:\n enabled: {{ .Spec.Storage.Maintenance.UploadPurging.Enabled }}\n {{- if .Spec.Storage.Maintenance.UploadPurging.Age }}\n age: {{ .Spec.Storage.Maintenance.UploadPurging.Age.Duration }}\n {{- end }}\n {{- if .Spec.Storage.Maintenance.UploadPurging.Interval }}\n interval: {{ .Spec.Storage.Maintenance.UploadPurging.Interval.Duration }}\n {{- end }}\n dryRun: {{ .Spec.Storage.Maintenance.UploadPurging.DryRun }}\n readOnly:\n enabled: {{ .Spec.Storage.Maintenance.ReadOnly.Enabled }}\n redirect: \n disable: {{ .Spec.Storage.Redirect.Disable }}\n\n {{- if .Spec.Storage.Driver.InMemory }}\n inmemory: {}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.FileSystem }}\n filesystem:\n rootdirectory: /var/lib/registry\n maxthreads: {{ .Spec.Storage.Driver.FileSystem.MaxThreads }}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.S3 }}\n s3:\n region: {{ .Spec.Storage.Driver.S3.Region | quote }}\n bucket: {{ .Spec.Storage.Driver.S3.Bucket | quote }}\n encrypt: {{ .Spec.Storage.Driver.S3.Encrypt }}\n skipverify: {{ .Spec.Storage.Driver.S3.SkipVerify }}\n {{- if .Spec.Storage.Driver.S3.KeyID }}\n keyid: {{ .Spec.Storage.Driver.S3.KeyID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.Secure }}\n secure: {{ .Spec.Storage.Driver.S3.Secure }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.V4Auth }}\n v4auth: {{ .Spec.Storage.Driver.S3.V4Auth }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.ChunkSize }}\n chunksize: {{ .Spec.Storage.Driver.S3.ChunkSize }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.StorageClass }}\n storageclass: {{ .Spec.Storage.Driver.S3.StorageClass | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.RootDirectory }}\n rootdirectory: {{ .Spec.Storage.Driver.S3.RootDirectory | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.AccessKey }}\n accesskey: {{ .Spec.Storage.Driver.S3.AccessKey | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.SecretKeyRef }}\n # secretkey: setted through environment variable\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.RegionEndpoint }}\n regionendpoint: {{ .Spec.Storage.Driver.S3.RegionEndpoint | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyChunkSize }}\n multipartcopychunksize: {{ .Spec.Storage.Driver.S3.MultipartCopyChunkSize | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyMaxConcurrency }}\n multipartcopymaxconcurrency: {{ .Spec.Storage.Driver.S3.MultipartCopyMaxConcurrency | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyThresholdSize }}\n multipartcopythresholdsize: {{ .Spec.Storage.Driver.S3.MultipartCopyThresholdSize | quote }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.Swift }}\n swift:\n username: {{ .Spec.Storage.Driver.Swift.Username | quote }}\n # password: setted through environment variable\n authurl: {{ .Spec.Storage.Driver.Swift.AuthURL | quote }}\n container: {{ .Spec.Storage.Driver.Swift.Container | quote }}\n insecureskipverify: {{ .Spec.Storage.Driver.Swift.InsecureSkipVerify }}\n {{- if .Spec.Storage.Driver.Swift.Prefix }}\n prefix: {{ .Spec.Storage.Driver.Swift.Prefix | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.EndpointType }}\n endpointtype: {{ .Spec.Storage.Driver.Swift.EndpointType | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.ChunkSize }}\n chunksize: {{ .Spec.Storage.Driver.Swift.ChunkSize }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.AccessKey }}\n accesskey: {{ .Spec.Storage.Driver.Swift.AccessKey | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.SecretKeyRef }}\n # secretkey: setted through environment variable\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.AuthVersion }}\n authversion: {{ .Spec.Storage.Driver.Swift.AuthVersion | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Tenant }}\n tenantid: {{ .Spec.Storage.Driver.Swift.Tenant | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.TenantID }}\n tenantid: {{ .Spec.Storage.Driver.Swift.TenantID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Domain }}\n domain: {{ .Spec.Storage.Driver.Swift.Domain | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.DomainID }}\n domainid: {{ .Spec.Storage.Driver.Swift.DomainID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.TrustID }}\n trustid: {{ .Spec.Storage.Driver.Swift.TrustID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Region }}\n region: {{ .Spec.Storage.Driver.Swift.Region | quote }}\n {{- end }}\n {{- end }}\n\n{{- if ( or .Spec.Middlewares.Registry ( or .Spec.Middlewares.Repository .Spec.Middlewares.Storage ) ) }}\nmiddleware:\n {{- if .Spec.Middlewares.Registry }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Registry }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Spec.Middlewares.Repository }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Repository }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Spec.Middlewares.Storage }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Storage }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n{{- end }}\n{{- if .Spec.Redis }}\nredis:\n {{- if .Spec.Redis.SentinelMasterSet }}\n sentinelMasterSet: {{ .Spec.Redis.SentinelMasterSet | quote }}\n {{- end }}\n {{- if .Spec.Redis.Port }}\n addr: {{ printf \"%s:%d\" .Spec.Redis.Host .Spec.Redis.Port | quote }}\n {{- else }}\n addr: {{ .Spec.Redis.Host | quote }}\n {{- end }}\n # password: setted through environment variable\n db: {{ .Spec.Redis.Database }}\n {{- if .Spec.Redis.DialTimeout }}\n dialtimeout: {{ .Spec.Redis.DialTimeout.Duration }}\n {{- end }}\n {{- if .Spec.Redis.ReadTimeout }}\n readtimeout: {{ .Spec.Redis.ReadTimeout.Duration }}\n {{- end }}\n {{- if .Spec.Redis.WriteTimeout }}\n writetimeout: {{ .Spec.Redis.WriteTimeout.Duration }}\n {{- end }}\n {{- if ( or .Spec.Redis.Pool.MaxIdle ( or .Spec.Redis.Pool.MaxActive .Spec.Redis.Pool.IdleTimeout ) ) }}\n pool:\n {{- if .Spec.Redis.Pool.MaxIdle }}\n maxidle: {{ .Spec.Redis.Pool.MaxIdle }}\n {{- end }}\n {{- if .Spec.Redis.Pool.MaxActive }}\n maxactive: {{ .Spec.Redis.Pool.MaxActive }}\n {{- end }}\n {{- if .Spec.Redis.Pool.IdleTimeout }}\n idletimeout: {{ .Spec.Redis.Pool.IdleTimeout.Duration }}\n {{- end }}\n {{- end }}\n{{- end }}\ncompatibility:\n schema1:\n # signingkeyfile: setted through environment variable\n enabled: {{ .Spec.Compatibility.Schema1.Enabled }}\nvalidation:\n disabled: {{ .Spec.Validation.Disabled }}\n {{- if or .Spec.Validation.Manifests.URLs.Allow .Spec.Validation.Manifests.URLs.Deny }}\n manifests:\n urls:\n {{- if .Spec.Validation.Manifests.URLs.Allow }}\n allow: {{ .Spec.Validation.Manifests.URLs.Allow | toJson }}\n {{- end }}\n {{- if .Spec.Validation.Manifests.URLs.Deny }}\n deny: {{ .Spec.Validation.Manifests.URLs.Deny | toJson }}\n {{- end }}\n {{- end }}\n{{- if ( or .Spec.Authentication.Silly ( or .Spec.Authentication.Token .Spec.Authentication.HTPasswd ) ) }}\nauth:\n {{- if .Spec.Authentication.Silly }}\n silly:\n realm: {{ .Spec.Authentication.Silly.Realm | quote }}\n service: {{ .Spec.Authentication.Silly.Service | quote }}\n {{- end }}\n {{- if .Spec.Authentication.Token }}\n token:\n realm: {{ .Spec.Authentication.Token.Realm | quote }}\n service: {{ .Spec.Authentication.Token.Service | quote }}\n issuer: registry-token-issuer\n rootcertbundle: /root/certs/bundle\n autoredirect: {{ .Spec.Authentication.Token.AutoRedirect }}\n {{- end }}\n {{- if .Spec.Authentication.HTPasswd }}\n htpasswd:\n realm: {{ .Spec.Authentication.HTPasswd.Realm | quote }}\n # path: setted through environment variable\n {{- end }}\n{{- end }}\nnotifications:\n {{- if .Spec.Notifications.Endpoints }}\n endpoints:\n {{- range $_, $endpoint := .Spec.Notifications.Endpoints }}\n - name: {{ $endpoint.Name | quote }}\n disabled: {{ $endpoint.Disabled }}\n url: {{ $endpoint.URL | quote }}\n {{- if $endpoint.Headers }}\n headers: {{ $endpoint.Headers | toJson }}\n {{- end }}\n {{- if $endpoint.Timeout }}\n timeout: {{ $endpoint.Timeout.Duration }}\n {{- end }}\n {{- if $endpoint.Threshold }}\n threshold: {{ $endpoint.Threshold }}\n {{- end }}\n {{- if $endpoint.Backoff }}\n backoff: {{ $endpoint.Backoff }}\n {{- end }}\n {{- if $endpoint.IgnoredMediaTypes }}\n ignoredmediatypes: {{ $endpoint.IgnoredMediaTypes | toJson }}\n {{- end }}\n {{- if ( or $endpoint.Ignore.MediaTypes $endpoint.Ignore.Actions ) }}\n ignore:\n {{- if $endpoint.Ignore.MediaTypes }}\n mediatypes: {{ $endpoint.Ignore.MediaTypes | toJson }}\n {{- end }}\n {{- if $endpoint.Ignore.Actions }}\n actions: {{ $endpoint.Ignore.Actions | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n events:\n includereferences: {{ default true .Spec.Notifications.Events.IncludeReferences }}\n\nhealth:\n storagedriver:\n enabled: {{ default true .Spec.Health.StorageDriver.Enabled }}\n {{- if .Spec.Health.StorageDriver.Interval }}\n interval: {{ .Spec.Health.StorageDriver.Interval.Duration }}\n {{- end }}\n {{- if .Spec.Health.StorageDriver.Threshold }}\n threshold: {{ .Spec.Health.StorageDriver.Threshold }}\n {{- end }}\n\n {{- if .Spec.Health.File }}\n file:\n {{- range $_, $health := .Spec.Health.File }}\n - file: {{ $health.File | quote }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Health.HTTP }}\n http:\n {{- range $_, $health := .Spec.Health.HTTP }}\n - uri: {{ $health.URI | quote }}\n headers: {{ $health.Headers | toJson }}\n {{- if $health.StatusCode }}\n statuscode: {{ $health.StatusCode }}\n {{- end }}\n {{- if $health.Timeout }}\n timeout: {{ $health.Timeout.Duration }}\n {{- end }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n threshold: {{ $health.Threshold }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Health.TCP }}\n tcp:\n {{- range $_, $health := .Spec.Health.TCP }}\n - addr: {{ $health.Address | quote }}\n {{- if $health.Timeout }}\n timeout: {{ $health.Timeout.Duration }}\n {{- end }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n threshold: {{ $health.Threshold }}\n {{- end }}\n {{- end }}\n" + registry-config.yaml.tmpl: "# https://docs.docker.com/registry/configuration/\nversion: 0.1\nlog:\n accesslog:\n disabled: {{ .Spec.Log.AccessLog.Disabled }}\n level: {{ .Spec.Log.Level | quote }}\n formatter: {{ .Spec.Log.Formatter | quote }}\n {{- if .Spec.Log.Fields }}\n fields: {{ .Spec.Log.Fields | toJson }}\n {{- end }}\n {{- if .Spec.Log.Hooks }}\n hooks:\n {{- range $index, $element := .Spec.Log.Hooks }}\n - type: {{ $element.Type | quote }}\n disabled: {{ $element.Disabled }}\n {{- if $element.Levels }}\n levels: {{ $element.Levels | toJson }}\n {{- end }}\n {{- if $element.OptionsRef }}\n {{- with ( secretData $element.OptionsRef) }}\n {{- if . }}\n options: {{ toJson . }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\nhttp:\n # secret: setted through environment variable\n {{- if .Spec.HTTP.Debug }}\n debug:\n addr: :{{ .Spec.HTTP.Debug.Port }}\n prometheus:\n enabled: {{ .Spec.HTTP.Debug.Prometheus.Enabled }}\n path: {{ .Spec.HTTP.Debug.Prometheus.Path | quote }}\n {{- end }}\n net: {{ .Spec.HTTP.Net | quote }}\n addr: :5000\n {{- if .Spec.HTTP.Prefix }}\n prefix: {{ .Spec.HTTP.Prefix | quote }}\n {{- end }}\n {{- if .Spec.HTTP.Headers }}\n headers: {{ .Spec.HTTP.Headers | toJson }}\n {{- end }}\n http2:\n disabled: {{ .Spec.HTTP.HTTP2.Disabled }}\n host: {{ .Spec.HTTP.Host | quote }}\n relativeurls: {{ .Spec.HTTP.RelativeURLs }}\n {{- if .Spec.HTTP.DrainTimeout }}\n draintimeout: {{ .Spec.HTTP.DrainTimeout.Duration }}\n {{- end }}\n {{- if .Spec.HTTP.TLS.Enabled }}\n tls:\n certificate: /etc/registry/ssl/tls.crt\n key: /etc/registry/ssl/tls.key\n {{- end }}\n{{- if .Spec.Reporting }}\nreporting:\n {{- range $name, $reference := .Spec.Reporting }}\n {{ $name | quote }}: {{ secretData $reference | toJson }}\n {{- end }}\n{{- end }}\nstorage:\n {{- if .Spec.Storage.Delete.Enabled }}\n delete:\n {{- if .Spec.Storage.Delete.Enabled }}\n enabled: {{ .Spec.Storage.Delete.Enabled }}\n {{- end }}\n {{- end }}\n cache:\n blobdescriptor: {{ default \"inmemory\" .Spec.Storage.Cache.Blobdescriptor | quote }}\n maintenance:\n uploadPurging:\n enabled: {{ .Spec.Storage.Maintenance.UploadPurging.Enabled }}\n {{- if .Spec.Storage.Maintenance.UploadPurging.Age }}\n age: {{ .Spec.Storage.Maintenance.UploadPurging.Age.Duration }}\n {{- end }}\n {{- if .Spec.Storage.Maintenance.UploadPurging.Interval }}\n interval: {{ .Spec.Storage.Maintenance.UploadPurging.Interval.Duration }}\n {{- end }}\n dryRun: {{ .Spec.Storage.Maintenance.UploadPurging.DryRun }}\n readOnly:\n enabled: {{ .Spec.Storage.Maintenance.ReadOnly.Enabled }}\n redirect: \n disable: {{ .Spec.Storage.Redirect.Disable }}\n\n {{- if .Spec.Storage.Driver.InMemory }}\n inmemory: {}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.FileSystem }}\n filesystem:\n rootdirectory: /var/lib/registry\n maxthreads: {{ .Spec.Storage.Driver.FileSystem.MaxThreads }}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.S3 }}\n s3:\n region: {{ .Spec.Storage.Driver.S3.Region | quote }}\n bucket: {{ .Spec.Storage.Driver.S3.Bucket | quote }}\n encrypt: {{ .Spec.Storage.Driver.S3.Encrypt }}\n skipverify: {{ .Spec.Storage.Driver.S3.SkipVerify }}\n {{- if .Spec.Storage.Driver.S3.KeyID }}\n keyid: {{ .Spec.Storage.Driver.S3.KeyID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.Secure }}\n secure: {{ .Spec.Storage.Driver.S3.Secure }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.V4Auth }}\n v4auth: {{ .Spec.Storage.Driver.S3.V4Auth }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.ChunkSize }}\n chunksize: {{ .Spec.Storage.Driver.S3.ChunkSize }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.StorageClass }}\n storageclass: {{ .Spec.Storage.Driver.S3.StorageClass | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.RootDirectory }}\n rootdirectory: {{ .Spec.Storage.Driver.S3.RootDirectory | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.AccessKey }}\n accesskey: {{ .Spec.Storage.Driver.S3.AccessKey | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.SecretKeyRef }}\n # secretkey: setted through environment variable\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.RegionEndpoint }}\n regionendpoint: {{ .Spec.Storage.Driver.S3.RegionEndpoint | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyChunkSize }}\n multipartcopychunksize: {{ .Spec.Storage.Driver.S3.MultipartCopyChunkSize | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyMaxConcurrency }}\n multipartcopymaxconcurrency: {{ .Spec.Storage.Driver.S3.MultipartCopyMaxConcurrency | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.S3.MultipartCopyThresholdSize }}\n multipartcopythresholdsize: {{ .Spec.Storage.Driver.S3.MultipartCopyThresholdSize | quote }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.Azure }}\n azure:\n accountname: {{ .Spec.Storage.Driver.Azure.AccountName | quote }}\n container: {{ .Spec.Storage.Driver.Azure.Container | quote }}\n realm: {{ .Spec.Storage.Driver.Azure.BaseURL | quote }}\n {{- end }}\n\n {{- if .Spec.Storage.Driver.Swift }}\n swift:\n username: {{ .Spec.Storage.Driver.Swift.Username | quote }}\n # password: setted through environment variable\n authurl: {{ .Spec.Storage.Driver.Swift.AuthURL | quote }}\n container: {{ .Spec.Storage.Driver.Swift.Container | quote }}\n insecureskipverify: {{ .Spec.Storage.Driver.Swift.InsecureSkipVerify }}\n {{- if .Spec.Storage.Driver.Swift.Prefix }}\n prefix: {{ .Spec.Storage.Driver.Swift.Prefix | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.EndpointType }}\n endpointtype: {{ .Spec.Storage.Driver.Swift.EndpointType | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.ChunkSize }}\n chunksize: {{ .Spec.Storage.Driver.Swift.ChunkSize }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.AccessKey }}\n accesskey: {{ .Spec.Storage.Driver.Swift.AccessKey | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.SecretKeyRef }}\n # secretkey: setted through environment variable\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.AuthVersion }}\n authversion: {{ .Spec.Storage.Driver.Swift.AuthVersion | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Tenant }}\n tenantid: {{ .Spec.Storage.Driver.Swift.Tenant | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.TenantID }}\n tenantid: {{ .Spec.Storage.Driver.Swift.TenantID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Domain }}\n domain: {{ .Spec.Storage.Driver.Swift.Domain | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.DomainID }}\n domainid: {{ .Spec.Storage.Driver.Swift.DomainID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.TrustID }}\n trustid: {{ .Spec.Storage.Driver.Swift.TrustID | quote }}\n {{- end }}\n {{- if .Spec.Storage.Driver.Swift.Region }}\n region: {{ .Spec.Storage.Driver.Swift.Region | quote }}\n {{- end }}\n {{- end }}\n\n{{- if ( or .Spec.Middlewares.Registry ( or .Spec.Middlewares.Repository .Spec.Middlewares.Storage ) ) }}\nmiddleware:\n {{- if .Spec.Middlewares.Registry }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Registry }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Spec.Middlewares.Repository }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Repository }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- if .Spec.Middlewares.Storage }}\n registry:\n {{- range $index, $middleware := .Spec.Middlewares.Storage }}\n - name: {{ $middleware.Name | quote }}\n {{- if $middleware.OptionsRef }}\n options: {{ secretData $middleware.OptionsRef | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n{{- end }}\n{{- if .Spec.Redis }}\nredis:\n {{- if .Spec.Redis.SentinelMasterSet }}\n sentinelMasterSet: {{ .Spec.Redis.SentinelMasterSet | quote }}\n {{- end }}\n {{- if .Spec.Redis.Port }}\n addr: {{ printf \"%s:%d\" .Spec.Redis.Host .Spec.Redis.Port | quote }}\n {{- else }}\n addr: {{ .Spec.Redis.Host | quote }}\n {{- end }}\n # password: setted through environment variable\n db: {{ .Spec.Redis.Database }}\n {{- if .Spec.Redis.DialTimeout }}\n dialtimeout: {{ .Spec.Redis.DialTimeout.Duration }}\n {{- end }}\n {{- if .Spec.Redis.ReadTimeout }}\n readtimeout: {{ .Spec.Redis.ReadTimeout.Duration }}\n {{- end }}\n {{- if .Spec.Redis.WriteTimeout }}\n writetimeout: {{ .Spec.Redis.WriteTimeout.Duration }}\n {{- end }}\n {{- if ( or .Spec.Redis.Pool.MaxIdle ( or .Spec.Redis.Pool.MaxActive .Spec.Redis.Pool.IdleTimeout ) ) }}\n pool:\n {{- if .Spec.Redis.Pool.MaxIdle }}\n maxidle: {{ .Spec.Redis.Pool.MaxIdle }}\n {{- end }}\n {{- if .Spec.Redis.Pool.MaxActive }}\n maxactive: {{ .Spec.Redis.Pool.MaxActive }}\n {{- end }}\n {{- if .Spec.Redis.Pool.IdleTimeout }}\n idletimeout: {{ .Spec.Redis.Pool.IdleTimeout.Duration }}\n {{- end }}\n {{- end }}\n{{- end }}\ncompatibility:\n schema1:\n # signingkeyfile: setted through environment variable\n enabled: {{ .Spec.Compatibility.Schema1.Enabled }}\nvalidation:\n disabled: {{ .Spec.Validation.Disabled }}\n {{- if or .Spec.Validation.Manifests.URLs.Allow .Spec.Validation.Manifests.URLs.Deny }}\n manifests:\n urls:\n {{- if .Spec.Validation.Manifests.URLs.Allow }}\n allow: {{ .Spec.Validation.Manifests.URLs.Allow | toJson }}\n {{- end }}\n {{- if .Spec.Validation.Manifests.URLs.Deny }}\n deny: {{ .Spec.Validation.Manifests.URLs.Deny | toJson }}\n {{- end }}\n {{- end }}\n{{- if ( or .Spec.Authentication.Silly ( or .Spec.Authentication.Token .Spec.Authentication.HTPasswd ) ) }}\nauth:\n {{- if .Spec.Authentication.Silly }}\n silly:\n realm: {{ .Spec.Authentication.Silly.Realm | quote }}\n service: {{ .Spec.Authentication.Silly.Service | quote }}\n {{- end }}\n {{- if .Spec.Authentication.Token }}\n token:\n realm: {{ .Spec.Authentication.Token.Realm | quote }}\n service: {{ .Spec.Authentication.Token.Service | quote }}\n issuer: registry-token-issuer\n rootcertbundle: /root/certs/bundle\n autoredirect: {{ .Spec.Authentication.Token.AutoRedirect }}\n {{- end }}\n {{- if .Spec.Authentication.HTPasswd }}\n htpasswd:\n realm: {{ .Spec.Authentication.HTPasswd.Realm | quote }}\n # path: setted through environment variable\n {{- end }}\n{{- end }}\nnotifications:\n {{- if .Spec.Notifications.Endpoints }}\n endpoints:\n {{- range $_, $endpoint := .Spec.Notifications.Endpoints }}\n - name: {{ $endpoint.Name | quote }}\n disabled: {{ $endpoint.Disabled }}\n url: {{ $endpoint.URL | quote }}\n {{- if $endpoint.Headers }}\n headers: {{ $endpoint.Headers | toJson }}\n {{- end }}\n {{- if $endpoint.Timeout }}\n timeout: {{ $endpoint.Timeout.Duration }}\n {{- end }}\n {{- if $endpoint.Threshold }}\n threshold: {{ $endpoint.Threshold }}\n {{- end }}\n {{- if $endpoint.Backoff }}\n backoff: {{ $endpoint.Backoff }}\n {{- end }}\n {{- if $endpoint.IgnoredMediaTypes }}\n ignoredmediatypes: {{ $endpoint.IgnoredMediaTypes | toJson }}\n {{- end }}\n {{- if ( or $endpoint.Ignore.MediaTypes $endpoint.Ignore.Actions ) }}\n ignore:\n {{- if $endpoint.Ignore.MediaTypes }}\n mediatypes: {{ $endpoint.Ignore.MediaTypes | toJson }}\n {{- end }}\n {{- if $endpoint.Ignore.Actions }}\n actions: {{ $endpoint.Ignore.Actions | toJson }}\n {{- end }}\n {{- end }}\n {{- end }}\n {{- end }}\n events:\n includereferences: {{ default true .Spec.Notifications.Events.IncludeReferences }}\n\nhealth:\n storagedriver:\n enabled: {{ default true .Spec.Health.StorageDriver.Enabled }}\n {{- if .Spec.Health.StorageDriver.Interval }}\n interval: {{ .Spec.Health.StorageDriver.Interval.Duration }}\n {{- end }}\n {{- if .Spec.Health.StorageDriver.Threshold }}\n threshold: {{ .Spec.Health.StorageDriver.Threshold }}\n {{- end }}\n\n {{- if .Spec.Health.File }}\n file:\n {{- range $_, $health := .Spec.Health.File }}\n - file: {{ $health.File | quote }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Health.HTTP }}\n http:\n {{- range $_, $health := .Spec.Health.HTTP }}\n - uri: {{ $health.URI | quote }}\n headers: {{ $health.Headers | toJson }}\n {{- if $health.StatusCode }}\n statuscode: {{ $health.StatusCode }}\n {{- end }}\n {{- if $health.Timeout }}\n timeout: {{ $health.Timeout.Duration }}\n {{- end }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n threshold: {{ $health.Threshold }}\n {{- end }}\n {{- end }}\n\n {{- if .Spec.Health.TCP }}\n tcp:\n {{- range $_, $health := .Spec.Health.TCP }}\n - addr: {{ $health.Address | quote }}\n {{- if $health.Timeout }}\n timeout: {{ $health.Timeout.Duration }}\n {{- end }}\n {{- if $health.Interval }}\n interval: {{ $health.Interval.Duration }}\n {{- end }}\n threshold: {{ $health.Threshold }}\n {{- end }}\n {{- end }}\n" registryctl-config.yaml.tmpl: | {{- if .Spec.TLS.Enabled }} protocol: https diff --git a/manifests/samples/zxy_test.yaml b/manifests/samples/zxy_test.yaml deleted file mode 100644 index 7f9b4b8eb..000000000 --- a/manifests/samples/zxy_test.yaml +++ /dev/null @@ -1,133 +0,0 @@ -# Sample namespace -apiVersion: v1 -kind: Namespace -metadata: - name: cluster-sample-ns ---- -# A secret of harbor admin password. -apiVersion: v1 -kind: Secret -metadata: - name: admin-core-secret - namespace: cluster-sample-ns -data: - secret: SGFyYm9yMTIzNDU= -type: Opaque ---- -# A secret for azure access. -apiVersion: v1 -kind: Secret -metadata: - name: azure-access-secret - namespace: cluster-sample-ns -data: - accountkey: WkIvWmRobVA5emRYOWtCMlErMWhxNE5ESEdiZk4yZWMvdWlGWURDRytya2tVa01wbVBQanIyMTJ3V1gyekZzazJHUU56cE53VEJ5V3J2UU9EWkVNT1E9PQo= -type: Opaque ---- -apiVersion: v1 -kind: Secret -metadata: - name: harbor-test-ca - namespace: cluster-sample-ns -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpekNDQTNPZ0F3SUJBZ0lVU2Fva1FldWczaGJHQVF3U1BqaklsMmV1akl3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1ZERUxNQWtHQTFVRUJoTUNRMDR4RERBS0JnTlZCQWdNQTFCRlN6RVJNQThHQTFVRUJ3d0lRbVZwSUVwcApibWN4RVRBUEJnTlZCQW9NQ0dkdmFHRnlZbTl5TVJFd0R3WURWUVFEREFoSVlYSmliM0pEUVRBZ0Z3MHlNREE0Ck1USXhNRFV5TkROYUdBOHlNVEl3TURjeE9URXdOVEkwTTFvd1ZERUxNQWtHQTFVRUJoTUNRMDR4RERBS0JnTlYKQkFnTUExQkZTekVSTUE4R0ExVUVCd3dJUW1WcElFcHBibWN4RVRBUEJnTlZCQW9NQ0dkdmFHRnlZbTl5TVJFdwpEd1lEVlFRRERBaElZWEppYjNKRFFUQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCCkFPWlJaWWtGbVZCTmFiRVU0Y0RhcWEyN2s1K091VUhnMW9vU2NDbmJiQkZ4TkIyMi83Q3pYSVdPV21GQ1ZQalgKTHdBVjEzdTZwUWtNTWFqRHFQQS83bGR6OGFqWW05VlREZzgvcUdib2E2YW9OTzRHTExkeWlsaTY2R0xtSHBXawpCNi9KWjNKYUV2cHozOTQ4dk1pb0dDdXBjQnFFeGw4Z0hxcmdzeWpSOXVlcVM5bGU2Ni9nMWdEcVZtU0FVM3BQCndLa3dkUk1PaVFzeFNMOVRZL0lYYkNkVWVwc2xJQ2VHTEdqdjQvVUN0ZDlZVWhpSVJWOTdLc2dLRG4wQk8yOWMKVitXM0lDcW1yUDVsUUNYeUJQL0lPZW4zc0VoSlBDVTFuZUNZOWM2ODdKTlJJQ2VEWGUyTGJSUnRBcUIvblNXLwp1OGNzY3kwWFd6QjhicHN2dmU2d0hOMmNCU2thTXQ5MGN2N1JxMlpLNnRqMTltcHM1NXhoSjJibDFMTkNKbDZiClU2U0YvNXphZjQvdkF6SVJoUlpyMkJhQzlvdGc5U2ZQMXl2VHZBbVpUL1Z5T2h4R05QdGpZdU5rZm9YNVVSQ2QKWTB3N2l0S0VEZk82MDVJaXN1TEpGdUlhWVNMTzg1YWJSNmo3QzdNQnlWWHpxVEU1aGF1dFZlWno2SHNNOWxrbwp1dlQxejRZWm9hTVQrME4yT0dOcGtRdnlMTmZLM2djVitya0hkNURBSmdKWG1nNlVpZXh3UUtJZFIxNi9keWRPCkQ3RHpKTDVTU0tFbnNCaDA1NnRqQzU4NEdhVmljQ1U1WVBVdVBpSGx3dkRSREVLQytFNDQwdUxvQjUwTXE0TDgKOFI5Y3JZYklsWFkvdFF5eVdGL1FEbXFyZzMxeTVJRjBwV3JoOThoWm92eUxBZ01CQUFHalV6QlJNQjBHQTFVZApEZ1FXQkJTMUo2V3dyV1JPZlZ6UkNnVWtQeGVmMzV1ZW56QWZCZ05WSFNNRUdEQVdnQlMxSjZXd3JXUk9mVnpSCkNnVWtQeGVmMzV1ZW56QVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ2IKR2RvUytOQmQ5KzJjUDViS1FFYjdsZXhXdEI5M1oyVWVsVkhhNllSRW90K2d1dU1yVkJnTGJvWmNGMS9pZzJIRApNV2l1bFIvQ2ZDN2tQbUxTWVZLRFlXWmJXRXBaUWhTNnYrSnlaQUkxY1lsU0d0cWVMcW41ZHBpUXZ2OTl2anJyCmFYTzV3a2U0Q3VZNnRqVTZzTkNhc2k5SDVXN09JRTlCRmxhSmtJeTh4SjNBeGpESlpDakthK2FsUFd0SnhGSSsKTHNKZkRmTFJTeERONlhPQ1hJTTZQM0NNVnYzemNudU9iQ3pwNUNKZWlULzA0eXdqWkJKQjB3bERVeGs3byt5WApjTzJUUEc4N01LOG1WelE3L1prZzgvUVZzTlNHcGlsSTBLYzVmNEtLR0NwUkR1RUx1dVNRbHNIdnZNaWRRcmQxCktDZHRHeDVIRFlJeDgrd0Z1RU5XTHZDVG4vd2dQQWtGbitqaU9Yb29CYmM4WllSU1NheW5mZzFtd0tpR2hPQ3EKK0hWV3hzdVNQSzFSZ2drTTFhMDJqTDZXby9wb0lsdkxvRFNhNjZDNHJoRnZmZGZWSlRJZWY2ZVBGb3k1Y0pNcwo4ZkZETU9SZ0Z4T29xbHliWGRyRmJsUEE0VzZUMjhLR0VwSmcyWVlDbmR3YkY3M0N6dkUrb2tlM254Uzcvakt4ClR4SFZJU01uY1ZONjNybnJoS1hNZEtCUzZvR1ErRkhXY0ZUNFhrbTBoU2drVURVTnZIMkxzaFUxREl5NGFrTmkKKzRhVlExdHlSd2huRjcrNVlUTDZnRTcremtZTXNOdkU2bDlFOU1MYW5TeUU5bnhPSDRKOHc0VUFuVTF2ZHZpQwpwQitXNXhsdVpvczZjMnUwbVk0d0UvdmVXV0lXRFdXdDFlT3J1RlBYUGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRG1VV1dKQlpsUVRXbXgKRk9IQTJxbXR1NU9manJsQjROYUtFbkFwMjJ3UmNUUWR0dit3czF5RmpscGhRbFQ0MXk4QUZkZDd1cVVKRERHbwp3Nmp3UCs1WGMvR28ySnZWVXc0UFA2aG02R3VtcURUdUJpeTNjb3BZdXVoaTVoNlZwQWV2eVdkeVdoTDZjOS9lClBMeklxQmdycVhBYWhNWmZJQjZxNExNbzBmYm5xa3ZaWHV1djROWUE2bFprZ0ZONlQ4Q3BNSFVURG9rTE1VaS8KVTJQeUYyd25WSHFiSlNBbmhpeG83K1AxQXJYZldGSVlpRVZmZXlySUNnNTlBVHR2WEZmbHR5QXFwcXorWlVBbAo4Z1QveURucDk3QklTVHdsTlozZ21QWE92T3lUVVNBbmcxM3RpMjBVYlFLZ2Y1MGx2N3ZITEhNdEYxc3dmRzZiCkw3M3VzQnpkbkFVcEdqTGZkSEwrMGF0bVN1clk5ZlpxYk9lY1lTZG01ZFN6UWlaZW0xT2toZitjMm4rUDd3TXkKRVlVV2E5Z1dndmFMWVBVbno5Y3IwN3dKbVUvMWNqb2NSalQ3WTJMalpINkYrVkVRbldOTU80clNoQTN6dXRPUwpJckxpeVJiaUdtRWl6dk9XbTBlbyt3dXpBY2xWODZreE9ZV3JyVlhtYytoN0RQWlpLTHIwOWMrR0dhR2pFL3RECmRqaGphWkVMOGl6WHl0NEhGZnE1QjNlUXdDWUNWNW9PbEluc2NFQ2lIVWRldjNjblRnK3c4eVMrVWtpaEo3QVkKZE9lcll3dWZPQm1sWW5BbE9XRDFMajRoNWNMdzBReENndmhPT05MaTZBZWRES3VDL1BFZlhLMkd5SlYyUDdVTQpzbGhmMEE1cXE0TjljdVNCZEtWcTRmZklXYUw4aXdJREFRQUJBb0lDQUV6YnNOUnU1K0NpVkxqaFRReThhNDhzClgzRUpnY3o0S04vZWswdUVpNld1YjBQVFE3UkZ4b1JUSXRuOTlya3JwZVdUWkZ0SHg3Y2pPSmNtNUFONGNpTUEKOEEzMmF0cGZZdnUzdEl6UzFzbkFyQmthT21YbGRVRnk3Z1hDNFVYeWZSWXVVYlVaVmVmNkx5VE1nL3M2RFFiVQovakg3U08rSm1uSlBsYm56aHo5NzF0L3RDeDJnSEFvbUtUcFVrSWJxZ2xKemR6NHF4WlRVbDRBeFpkTHQrZ3VOCjUzUktpVlpuTWY2NnZ3bU9JLzhxVEFzZnZuYkVkVnhYN3NuTVZYY3VDNjcrMDE4b1MrYUJCMDBpWElTMjNveXoKT1VLR0hlb1U0R0NJNnM1WXdXSFAycmtVMzQxYno4VFhNOTgzZHN1WUZpTzdNNXhDaFEzREdHMzFHcDdDYW43dgpaeWVCaGwxeXBvZHVVYjQxUW0vRzB4S3gyelRyeWR6RXBOZUNidCtJazhjMDBvMW1JTXRVdkc3ekVzeFFBc2M2CnBGMTZEK0lEZ01UdzZLM1FuYmpiMzE2QlFxQzhoOW9PMkJYZ1c0UGdnVVphWjByS2RTMGs2Ylo1dnE3T3I2Qk4KZW8zamlwbjlxZWxlODZHaU5aMmF5cmNyck50M2VlSkdmK3h0ZXBMVERYU2krTCt2OS8rd056bFZ1Vm5VWVIyWQpLdC84Y1htR2tvcmtDK2djN0RYbnhiMllaRTE2RDZWcE5rcEd0QlZpQTVZMXdDeGdtcVNRbDRneGNMZWE2RUNWCkVCeFhqOWFvWjZJTGlYRnRwRFZtVStVVVZZNmVPMSsxSVBqNmFiNEdibEhPRE5BcFJGekpUS29oS2tBY0ViZXkKNi90NW1KNGRjZXAxRm5veTFDQXhBb0lCQVFENXk4NU4xQmgwMCtwdmpEU3VWdkwrcll4VlFZakdTLzFtWlYvYgorSXo3N3hBOTlzU2ZkSzNWS2UxSk15bFg0Zkx4SEo2TG9kYUxoMysyU3U3MTNqSTQzUTJ4bFRiSURJeFQxdEJECjhucEpzNHI2YktINHh2NGYyby9RYzhnWjQwTEg4bkdTc1VPZUdEYU1DTlN3ZjNxR0FnMFlJY2EzSkhQUnJBdk8KZE9OZmFicWVyaVFYcUt4VzFObUxhdGtaVTI0S0twWmcra0oyV2picGl3dms0SFM4Zmdwb0puRkd2L3I5ZEJnQgprQW8yeGpTOEJMZFU5cno2SjFpQ1I2ZURPN3dhZCtiWmlIVFVBSXFyUmRKYU5lSmFTS2dwYUpheEp6cUNQODBkCjd4LzFKQTBSY3NvUU5VMHVpeml5MmdKUCt4bVgvN2FMNzJCdDBJYzZtT1VicTlwSEFvSUJBUURzQ2IvVklLSUwKUWNrYlZpSW1DanFuQllVQW5RZmpRaUlpaTFqV3lCOGVvOXlqVVM2b0JNMTdOOVJrU1psVHZtMzBGcjdsVXAwKwpNUmVmVkxLdG5EYUhQOXZqWTVvQ0xObEs3Ryt1U0hZRTl3NFI0T2lzelYzeWl4L3JVV0cramVKRHhGeGVnUFJKCnc1cUExclZUblcvVGlMc0ltUG94RG1HRUNKRjBhTi83dmMvaW51ZS9LVGZSc2J6OThmTWd3SUltTHVBT0UrekwKMzRPRHdMRU1BbjZCaG5sTUlweE8xSDU1QUdVOEc0MnNjM1ZwRkcvMHBWYU14TzR5VnQzaDY3U2JJV05zT1hBYgpPdm43L04xVlQ5TUtWUkFVMTZ2ZnJENW82TjRPZnd0eW1TcVhHUFBhTXRBRDYwM0l6UWp2ajV2WCsvRDZEMVJSCjBSOEpNYzVxRVdtZEFvSUJBUURqRVdiSnpNRW1nZlNiemNHZHNTQldiZ0FoQjkrREVsU1luaEpUYlU4TFBMZHcKL0Q2a0RIWndUUnFMN2R2cExWV2Y0N29qaDh2MUxnamo5cDNlRmt0azhWeWZUdHByWXl5MGtaTGtFU2tra2ZjRgp5WFk3SlBpZ2tCY25EL2lYdjhSVzZZWmdLSThreVRIY2ZiS0pkbmcwRk8wK1FJWFl1V1FtOXRRTXFxaDlkU2pWClVjc3hUbnpLdWRXL0xET0pHQlB4WGVFdzZvMDc5S255QmhtYnhvV1hTcU8vSlNMWGczQnVzUGVaaEF3azJtdloKZGhnSlBmbHZGQkVhN0hQVGtadGVIQnhYSmZtOU5YallWREh4R3daVnQ3SlZZZU9KeWZVZnJVdVJxR3RPZGFVRApkV3RFN0k3cWZsZmVETnNKUldKd2oxeXJPOEJXVXJaNmg3M01ONTNGQW9JQkFRQ042OHJCTGc3Z3I5eG9xR0I5CitOYU5TRjlSSUJuM0JmT2FTNmpOODZQcWUySVZmS0dOK3QxR0FpcWRaamRmeC9jNnRWWndjajBEZ09jUU1SQUMKSFJRWVBFaE5MNzBSSThBL01XeHhJVFo5QThNYzh0dFQwMk55aXo1VThpalFOMlZkazdwcVJDVWVHUk5UOWtVdQprbElEb1ltN3dLZG1TWnhPbEF4Skx5bkZwcnBSSzNSeVZ5a3QxeTJvandxOW5hSmpyUG1nM1ZBYXdUakZSbDN0CnQ2NHkyUlVqdHdlK3lqdUZLN3l5NkdwRnoySkFIVDYzblpZdHE5Y0F3NFJENjhJN0tGY3NZbGpLdHFwS1hoOEMKeGExQjRDVjhNclV3RnRPcnBxQ2xuTFBZWXNuZDhlM2xPM29oY1NEaTVJMUQ1Vmd5QkZVL05XcGdpMW1hNEt5WQowQUZ0QW9JQkFGZ1h0ZWM2VE1EVGVpRDFXQzRFK3E5aHNKZHBSamFwTGJqOGlTdFVyZVNmL2xIcFQrb1dYdUt3CnJnS2d6bm8vVjNxeEdKaFBWaFJJUW1Kb3U2M01LY1hxWXVwSlkxRTdjMmVhbU84SkpPZlpNTFFrWlN1MWlxSmIKZ3JITCt6YVAvTjRqVmkrWTJqbG81OEloYzBLNzVtak9rYjVBZ2ExOFhySnBlYlRHbFdnWFlxY05xUmZzbWhVago3VmMxQk9vVGwwb3pPU21JRmpyQUp3R0pNZjFuQzBuODI5Mks2WERyN0tDbDJXazN2OC9oVzNpRzJ6cW55aFBHCkl3czY0L0NLYU03OTdIc0R1ZXlBTU5vUVJXUHk5d2I3YXZqZlI2TDNGOWczS2l6c1pVbjFtUWcwc0JsQVRTU2QKVEN6SGxtdjZqQVFqY0RxVzdxQ3I0SHRFTXJBNjJGWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= ---- -# Cert issuer -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: cluster-sample-ns -spec: - ca: - secretName: harbor-test-ca ---- -# Certificates of ingress -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: sample-public-certificate - namespace: cluster-sample-ns -spec: - secretName: sample-public-certificate - dnsNames: - - core.harbor.domain - - notary.harbor.domain - - minio.harbor.domain - issuerRef: - name: selfsigned-issuer - kind: Issuer ---- -# Full stack Harbor -apiVersion: goharbor.io/v1beta1 -kind: HarborCluster -metadata: - name: harborcluster-sample - namespace: cluster-sample-ns -spec: - version: 2.3.0 - logLevel: info - imageSource: - repository: ghcr.io/goharbor - harborAdminPasswordRef: admin-core-secret - externalURL: https://core.harbor.domain - expose: - core: - ingress: - host: core.harbor.domain - controller: default - tls: - certificateRef: sample-public-certificate - internalTLS: - enabled: true - portal: {} - registry: - metrics: - enabled: true - core: - tokenIssuer: - name: selfsigned-issuer - kind: Issuer - metrics: - enabled: true - exporter: {} - database: - kind: Zlando/PostgreSQL - spec: - zlandoPostgreSql: - operatorVersion: "1.5.0" - storage: 1Gi - replicas: 1 - resources: - limits: - cpu: 500m - memory: 500Mi - requests: - cpu: 100m - memory: 250Mi - storage: - kind: Azure - spec: - azure: - accountname: "testharbor" - accountkeyRef: "azure-access-secret" - container: "zxyharbor" - baseURL: "core.windows.net" - pathPrefix: "/azure/harbor/charts" - cache: - kind: RedisFailover - spec: - redisFailover: - operatorVersion: "1.0.0" - server: - replicas: 1 - resources: - limits: - cpu: 500m - memory: 500Mi - requests: - cpu: 100m - memory: 250Mi - sentinel: - replicas: 1 diff --git a/pkg/cluster/controllers/harbor/harbor.go b/pkg/cluster/controllers/harbor/harbor.go index 47d401527..1514f0088 100644 --- a/pkg/cluster/controllers/harbor/harbor.go +++ b/pkg/cluster/controllers/harbor/harbor.go @@ -157,6 +157,11 @@ func (harbor *Controller) getHarborCR(ctx context.Context, harborcluster *goharb harborcluster.Spec.Storage.Spec.Swift.HarborStorageImageChartStorageSwiftSpec.DeepCopy() } + if harborcluster.Spec.Storage.Spec.Azure != nil { + harborCR.Spec.ImageChartStorage.Azure = + harborcluster.Spec.Storage.Spec.Azure.HarborStorageImageChartStorageAzureSpec.DeepCopy() + } + if harborcluster.Spec.Database.Spec.PostgreSQL != nil { harborCR.Spec.Database = harborcluster.Spec.Database.Spec.PostgreSQL.HarborDatabaseSpec.DeepCopy()