From ffcce5770d064df7a60e935fe8030ab5d1962f6d Mon Sep 17 00:00:00 2001 From: Steven Zou Date: Thu, 29 Apr 2021 10:49:54 +0800 Subject: [PATCH] feat(samples):adjust the related samples (#622) * feat(samples):adjust the related samples - adjust samples under config folder - use hierarchical kustomization manifests to generate samples for minimal, standard and full stack - rename manifest yamls under manifests/samples - do necessary changes for the above changes Signed-off-by: Steven Zou also fix #607 * fix(action):update sample flow Signed-off-by: Steven Zou * Update tests.yml * fix(samples):add image patch to kustomization Signed-off-by: Steven Zou Co-authored-by: Ziming --- .github/workflows/tests.yml | 33 +-- config/samples/harbor/internal_tls.yaml | 17 -- config/samples/harbor/kustomization.yaml | 36 --- .../certificate_patch.yaml | 4 + .../incluster_cache_patch.yaml | 19 ++ .../incluster_database_patch.yaml | 17 ++ .../incluster_storage_patch.yaml | 25 ++ .../kustomization.yaml | 37 +++ .../resources_patch.yaml | 11 + .../harborcluster-fullstack/spec_patch.yaml | 6 + .../goharbor_v1alpha3_harbor.yaml | 2 +- .../https.yaml | 0 .../harborcluster-minimal/images_patch.yaml | 7 + .../kustomization.yaml | 11 +- .../service_token_issuer.yaml | 0 .../storage.yaml | 0 .../harbor_chartmuseum_patch.yaml | 2 +- .../harbor_notary_patch.yaml | 2 +- .../harbor_trivy_patch.yaml | 3 +- .../kustomization.yaml | 2 +- .../storage.yaml | 0 .../goharbor_v1alpha3_harborcluster.yaml | 56 ----- .../harborcluster/service_token_issuer.yaml | 6 - config/samples/harborcluster/storage.yaml | 48 ---- .../customize-storage-db-redis.md | 3 + docs/manifests-reference.md | 10 +- docs/tutorial.md | 2 +- ...harbor_full_minio.yaml => full_stack.yaml} | 0 ...harborcluster_standard_stack_external.yaml | 167 -------------- ...bor_core_fs.yaml => minimal_stack_fs.yaml} | 0 ...inio.yaml => minimal_stack_incluster.yaml} | 0 .../samples/standard_stack.yaml | 216 +++++++++++++++++- ...or_full_fs.yaml => standard_stack_fs.yaml} | 0 33 files changed, 370 insertions(+), 372 deletions(-) delete mode 100644 config/samples/harbor/internal_tls.yaml delete mode 100644 config/samples/harbor/kustomization.yaml create mode 100644 config/samples/harborcluster-fullstack/certificate_patch.yaml create mode 100644 config/samples/harborcluster-fullstack/incluster_cache_patch.yaml create mode 100644 config/samples/harborcluster-fullstack/incluster_database_patch.yaml create mode 100644 config/samples/harborcluster-fullstack/incluster_storage_patch.yaml create mode 100644 config/samples/harborcluster-fullstack/kustomization.yaml create mode 100644 config/samples/harborcluster-fullstack/resources_patch.yaml create mode 100644 config/samples/harborcluster-fullstack/spec_patch.yaml rename config/samples/{harbor => harborcluster-minimal}/goharbor_v1alpha3_harbor.yaml (97%) rename config/samples/{harbor => harborcluster-minimal}/https.yaml (100%) create mode 100644 config/samples/harborcluster-minimal/images_patch.yaml rename config/samples/{harborcluster => harborcluster-minimal}/kustomization.yaml (61%) rename config/samples/{harbor => harborcluster-minimal}/service_token_issuer.yaml (100%) rename config/samples/{harbor => harborcluster-minimal}/storage.yaml (100%) rename config/samples/{harbor-full => harborcluster-standard}/harbor_chartmuseum_patch.yaml (90%) rename config/samples/{harbor-full => harborcluster-standard}/harbor_notary_patch.yaml (92%) rename config/samples/{harbor-full => harborcluster-standard}/harbor_trivy_patch.yaml (83%) rename config/samples/{harbor-full => harborcluster-standard}/kustomization.yaml (90%) rename config/samples/{harbor-full => harborcluster-standard}/storage.yaml (100%) delete mode 100644 config/samples/harborcluster/goharbor_v1alpha3_harborcluster.yaml delete mode 100644 config/samples/harborcluster/service_token_issuer.yaml delete mode 100644 config/samples/harborcluster/storage.yaml create mode 100644 docs/installation/customize-storage-db-redis.md rename manifests/samples/{harbor_full_minio.yaml => full_stack.yaml} (100%) delete mode 100644 manifests/samples/harborcluster_standard_stack_external.yaml rename manifests/samples/{harbor_core_fs.yaml => minimal_stack_fs.yaml} (100%) rename manifests/samples/{harbor_core_minio.yaml => minimal_stack_incluster.yaml} (100%) rename config/samples/harborcluster/https.yaml => manifests/samples/standard_stack.yaml (66%) rename manifests/samples/{harbor_full_fs.yaml => standard_stack_fs.yaml} (100%) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index c9ab1e114..9874e95d3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -155,9 +155,9 @@ jobs: ingress: - "0.35.0" - storage: - - "fs" - - "minio" + samples: + - "full_stack.yaml" + - "standard_stack_fs.yaml" steps: - uses: actions/checkout@v2 @@ -232,7 +232,7 @@ jobs: echo "CORE_HOST=$CORE_HOST" >> $GITHUB_ENV echo "NOTARY_HOST=$NOTARY_HOST" >> $GITHUB_ENV echo "MINIO_HOST=$MINIO_HOST" >> $GITHUB_ENV - samplefile=harbor_full_${{ matrix.storage }}.yaml + samplefile=${{ matrix.samples }} sed -i "s/core.harbor.domain/$CORE_HOST/g" manifests/samples/$samplefile sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" manifests/samples/$samplefile sed -i "s/minio.harbor.domain/$MINIO_HOST/g" manifests/samples/$samplefile @@ -316,7 +316,7 @@ jobs: kubectl -n cluster-sample-ns logs -l "goharbor.io/operator-controller=$name" --all-containers > /tmp/harbor/$name.log ; \ done kubectl -n cluster-sample-ns logs -l "application=spilo" --all-containers > /tmp/harbor/db.log - kubectl -n cluster-sample-ns logs -l "app.kubernetes.io/component=redis" > /tmp/harbor/redis.log + kubectl -n cluster-sample-ns logs -l "app.kubernetes.io/component=redis" --all-containers > /tmp/harbor/redis.log - uses: actions/upload-artifact@v2 if: ${{ failure() }} @@ -435,11 +435,12 @@ jobs: NOTARY_HOST=notary.$IP.nip.io echo "CORE_HOST=$CORE_HOST" >> $GITHUB_ENV echo "NOTARY_HOST=$NOTARY_HOST" >> $GITHUB_ENV - sed -i "s/core.harbor.domain/$CORE_HOST/g" config/samples/harborcluster/*.yaml - sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" config/samples/harborcluster/*.yaml - sed -i "s/logLevel: info/logLevel: debug/g" config/samples/harborcluster/goharbor_v1alpha3_harborcluster.yaml + sed -i "s/core.harbor.domain/$CORE_HOST/g" config/samples/harborcluster-minimal/*.yaml + sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" config/samples/harborcluster-minimal/*.yaml + sed -i "s/core.harbor.domain/$CORE_HOST/g" config/samples/harborcluster-standard/*.yaml + sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" config/samples/harborcluster-standard/*.yaml - make sample-harborcluster + make sample-harborcluster-standard for i in $(seq 1 7);do sleep 30 @@ -485,7 +486,7 @@ jobs: - name: apidb test run: | git clone https://github.com/goharbor/harbor -b v2.2.1 - kubectl patch deploy harborcluster-sample-harbor-harbor-core -p '{"spec":{"template":{"spec":{"containers":[{"name":"core","env":[{"name":"GC_TIME_WINDOW_HOURS","value":"0"}]}]}}}}' + kubectl patch deploy sample-harbor-harbor-core -p '{"spec":{"template":{"spec":{"containers":[{"name":"core","env":[{"name":"GC_TIME_WINDOW_HOURS","value":"0"}]}]}}}}' sleep 5 kubectl wait --for=condition=Ready -l job-type!=minio-init pod --all --timeout 600s docker run --rm -t --privileged -v `pwd`/harbor:/drone -v /etc/docker/certs.d/$CORE_HOST/:/ca -v /etc/docker/certs.d/$CORE_HOST/:/root/.docker/tls/$NOTARY_HOST/ -e NOTARY_URL=https://$NOTARY_HOST -w /drone goharbor/harbor-e2e-engine:2.6.3 \ @@ -498,10 +499,10 @@ jobs: run: | mkdir -p /tmp/harbor for name in core jobservice registry registryctl trivy chartmuseum notaryserver notarysigner portal; do \ - kubectl -n cluster-sample-ns logs -l "goharbor.io/operator-controller=$name" --all-containers > /tmp/harbor/$name.log ; \ + kubectl logs -l "goharbor.io/operator-controller=$name" --all-containers > /tmp/harbor/$name.log ; \ done - kubectl -n cluster-sample-ns logs -l "application=spilo" --all-containers > /tmp/harbor/db.log - kubectl -n cluster-sample-ns logs -l "app.kubernetes.io/component=redis" > /tmp/harbor/redis.log + kubectl logs -l "app.kubernetes.io/instance=harbor-database" --all-containers > /tmp/harbor/db.log + kubectl logs -l "release=harbor-redis" --all-containers > /tmp/harbor/redis.log - uses: actions/upload-artifact@v2 if: ${{ failure() }} @@ -566,9 +567,9 @@ jobs: fail-fast: false matrix: path: - - harbor - - harbor-full - - harborcluster + - harborcluster-minimal + - harborcluster-standard + - harborcluster-fullstack steps: - uses: actions/checkout@v2 - uses: azure/k8s-bake@v1 diff --git a/config/samples/harbor/internal_tls.yaml b/config/samples/harbor/internal_tls.yaml deleted file mode 100644 index c153b6ffa..000000000 --- a/config/samples/harbor/internal_tls.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: harbor-sample -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: harbor-ca -spec: - isCA: true - issuerRef: - name: harbor-sample - secretName: harbor-sample-ca - commonName: harbor-sample diff --git a/config/samples/harbor/kustomization.yaml b/config/samples/harbor/kustomization.yaml deleted file mode 100644 index 33761094b..000000000 --- a/config/samples/harbor/kustomization.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -commonLabels: - sample: "true" - -resources: -- https.yaml -- internal_tls.yaml -- service_token_issuer.yaml -- storage.yaml -- goharbor_v1alpha3_harbor.yaml - -secretGenerator: -- name: core-secret - literals: - - secret=unsecure-core-secret - type: "goharbor.io/single-secret" -- name: csrf-key - literals: - - key=12345678901234567890123456789012 - type: "goharbor.io/csrf" -- name: admin-core-secret - literals: - - secret=Harbor12345 - type: "goharbor.io/single-secret" -- name: core-database-encryption - literals: - - secret=1234567890123456 - type: "goharbor.io/single-secret" -- name: jobservice-secret - literals: - - secret=unsecure-jobservice-secret - type: "goharbor.io/single-secret" - -bases: -- ../../kustomizeconfig diff --git a/config/samples/harborcluster-fullstack/certificate_patch.yaml b/config/samples/harborcluster-fullstack/certificate_patch.yaml new file mode 100644 index 000000000..f9e5b806d --- /dev/null +++ b/config/samples/harborcluster-fullstack/certificate_patch.yaml @@ -0,0 +1,4 @@ +- op: add + path: "/spec/dnsNames/-" + value: + minio.harbor.domain \ No newline at end of file diff --git a/config/samples/harborcluster-fullstack/incluster_cache_patch.yaml b/config/samples/harborcluster-fullstack/incluster_cache_patch.yaml new file mode 100644 index 000000000..ed6e3c8d3 --- /dev/null +++ b/config/samples/harborcluster-fullstack/incluster_cache_patch.yaml @@ -0,0 +1,19 @@ +apiVersion: goharbor.io/v1alpha3 +kind: HarborCluster +metadata: + name: sample +spec: + inClusterCache: + kind: Redis + redisSpec: + server: + replicas: 1 + resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 100m + memory: 250Mi + sentinel: + replicas: 1 \ No newline at end of file diff --git a/config/samples/harborcluster-fullstack/incluster_database_patch.yaml b/config/samples/harborcluster-fullstack/incluster_database_patch.yaml new file mode 100644 index 000000000..ca7c8dca5 --- /dev/null +++ b/config/samples/harborcluster-fullstack/incluster_database_patch.yaml @@ -0,0 +1,17 @@ +apiVersion: goharbor.io/v1alpha3 +kind: HarborCluster +metadata: + name: sample +spec: + inClusterDatabase: + kind: PostgresSQL + postgresSqlSpec: + storage: 1Gi + replicas: 1 + resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 100m + memory: 250Mi \ No newline at end of file diff --git a/config/samples/harborcluster-fullstack/incluster_storage_patch.yaml b/config/samples/harborcluster-fullstack/incluster_storage_patch.yaml new file mode 100644 index 000000000..912756d4a --- /dev/null +++ b/config/samples/harborcluster-fullstack/incluster_storage_patch.yaml @@ -0,0 +1,25 @@ +apiVersion: goharbor.io/v1alpha3 +kind: HarborCluster +metadata: + name: sample +spec: + inClusterStorage: + kind: MinIO + minIOSpec: + replicas: 2 + secretRef: minio-access-secret + redirect: + enable: true + expose: + ingress: + host: minio.harbor.domain + tls: + certificateRef: sample-public-certificate + volumesPerServer: 2 + volumeClaimTemplate: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi \ No newline at end of file diff --git a/config/samples/harborcluster-fullstack/kustomization.yaml b/config/samples/harborcluster-fullstack/kustomization.yaml new file mode 100644 index 000000000..3008c2a0d --- /dev/null +++ b/config/samples/harborcluster-fullstack/kustomization.yaml @@ -0,0 +1,37 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + sample: "true" + +bases: + - ../../kustomizeconfig + - ../harborcluster-standard/ + +secretGenerator: + - name: minio-access-secret + literals: + - accesskey=admin + - secretkey=minio123 + type: Opaque +generatorOptions: + disableNameSuffixHash: true + +patchesStrategicMerge: + - incluster_cache_patch.yaml + - incluster_database_patch.yaml + - incluster_storage_patch.yaml + - resources_patch.yaml + +patchesJson6902: + - target: + kind: Certificate + name: sample-public-certificate + group: cert-manager.io + version: v1 + path: certificate_patch.yaml + - target: + kind: HarborCluster + name: sample + group: goharbor.io + version: v1alpha3 + path: spec_patch.yaml \ No newline at end of file diff --git a/config/samples/harborcluster-fullstack/resources_patch.yaml b/config/samples/harborcluster-fullstack/resources_patch.yaml new file mode 100644 index 000000000..a79f8c628 --- /dev/null +++ b/config/samples/harborcluster-fullstack/resources_patch.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sample-harbor-chart +$patch: delete +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sample-harbor-registry +$patch: delete \ No newline at end of file diff --git a/config/samples/harborcluster-fullstack/spec_patch.yaml b/config/samples/harborcluster-fullstack/spec_patch.yaml new file mode 100644 index 000000000..698371c24 --- /dev/null +++ b/config/samples/harborcluster-fullstack/spec_patch.yaml @@ -0,0 +1,6 @@ +- op: remove + path: "/spec/database" +- op: remove + path: "/spec/imageChartStorage" +- op: remove + path: "/spec/redis" \ No newline at end of file diff --git a/config/samples/harbor/goharbor_v1alpha3_harbor.yaml b/config/samples/harborcluster-minimal/goharbor_v1alpha3_harbor.yaml similarity index 97% rename from config/samples/harbor/goharbor_v1alpha3_harbor.yaml rename to config/samples/harborcluster-minimal/goharbor_v1alpha3_harbor.yaml index fca7d39b4..67cdaf580 100644 --- a/config/samples/harbor/goharbor_v1alpha3_harbor.yaml +++ b/config/samples/harborcluster-minimal/goharbor_v1alpha3_harbor.yaml @@ -1,5 +1,5 @@ apiVersion: goharbor.io/v1alpha3 -kind: Harbor +kind: HarborCluster metadata: name: sample spec: diff --git a/config/samples/harbor/https.yaml b/config/samples/harborcluster-minimal/https.yaml similarity index 100% rename from config/samples/harbor/https.yaml rename to config/samples/harborcluster-minimal/https.yaml diff --git a/config/samples/harborcluster-minimal/images_patch.yaml b/config/samples/harborcluster-minimal/images_patch.yaml new file mode 100644 index 000000000..28c597544 --- /dev/null +++ b/config/samples/harborcluster-minimal/images_patch.yaml @@ -0,0 +1,7 @@ +apiVersion: goharbor.io/v1alpha3 +kind: HarborCluster +metadata: + name: sample +spec: + imageSource: + repository: ghcr.io/goharbor \ No newline at end of file diff --git a/config/samples/harborcluster/kustomization.yaml b/config/samples/harborcluster-minimal/kustomization.yaml similarity index 61% rename from config/samples/harborcluster/kustomization.yaml rename to config/samples/harborcluster-minimal/kustomization.yaml index cb0922eaf..f1ef2457d 100644 --- a/config/samples/harborcluster/kustomization.yaml +++ b/config/samples/harborcluster-minimal/kustomization.yaml @@ -7,17 +7,16 @@ resources: - https.yaml - service_token_issuer.yaml - storage.yaml -- goharbor_v1alpha3_harborcluster.yaml +- goharbor_v1alpha3_harbor.yaml secretGenerator: - name: admin-core-secret literals: - secret=Harbor12345 type: "goharbor.io/single-secret" -- name: core-database-encryption - literals: - - secret=1234567890123456 - type: "goharbor.io/single-secret" bases: - - ../../kustomizeconfig +- ../../kustomizeconfig + +patchesStrategicMerge: + - images_patch.yaml diff --git a/config/samples/harbor/service_token_issuer.yaml b/config/samples/harborcluster-minimal/service_token_issuer.yaml similarity index 100% rename from config/samples/harbor/service_token_issuer.yaml rename to config/samples/harborcluster-minimal/service_token_issuer.yaml diff --git a/config/samples/harbor/storage.yaml b/config/samples/harborcluster-minimal/storage.yaml similarity index 100% rename from config/samples/harbor/storage.yaml rename to config/samples/harborcluster-minimal/storage.yaml diff --git a/config/samples/harbor-full/harbor_chartmuseum_patch.yaml b/config/samples/harborcluster-standard/harbor_chartmuseum_patch.yaml similarity index 90% rename from config/samples/harbor-full/harbor_chartmuseum_patch.yaml rename to config/samples/harborcluster-standard/harbor_chartmuseum_patch.yaml index cbed7222e..f7af03339 100644 --- a/config/samples/harbor-full/harbor_chartmuseum_patch.yaml +++ b/config/samples/harborcluster-standard/harbor_chartmuseum_patch.yaml @@ -1,5 +1,5 @@ apiVersion: goharbor.io/v1alpha3 -kind: Harbor +kind: HarborCluster metadata: name: sample spec: diff --git a/config/samples/harbor-full/harbor_notary_patch.yaml b/config/samples/harborcluster-standard/harbor_notary_patch.yaml similarity index 92% rename from config/samples/harbor-full/harbor_notary_patch.yaml rename to config/samples/harborcluster-standard/harbor_notary_patch.yaml index 6d754f5d1..9703d42c2 100644 --- a/config/samples/harbor-full/harbor_notary_patch.yaml +++ b/config/samples/harborcluster-standard/harbor_notary_patch.yaml @@ -1,5 +1,5 @@ apiVersion: goharbor.io/v1alpha3 -kind: Harbor +kind: HarborCluster metadata: name: sample spec: diff --git a/config/samples/harbor-full/harbor_trivy_patch.yaml b/config/samples/harborcluster-standard/harbor_trivy_patch.yaml similarity index 83% rename from config/samples/harbor-full/harbor_trivy_patch.yaml rename to config/samples/harborcluster-standard/harbor_trivy_patch.yaml index e85532d63..4bb2796d4 100644 --- a/config/samples/harbor-full/harbor_trivy_patch.yaml +++ b/config/samples/harborcluster-standard/harbor_trivy_patch.yaml @@ -1,11 +1,10 @@ apiVersion: goharbor.io/v1alpha3 -kind: Harbor +kind: HarborCluster metadata: name: sample spec: trivy: skipUpdate: false - githubTokenRef: github-credentials storage: reportsPersistentVolume: claimName: sample-harbor-trivy-reports diff --git a/config/samples/harbor-full/kustomization.yaml b/config/samples/harborcluster-standard/kustomization.yaml similarity index 90% rename from config/samples/harbor-full/kustomization.yaml rename to config/samples/harborcluster-standard/kustomization.yaml index 08003d7f5..837699911 100644 --- a/config/samples/harbor-full/kustomization.yaml +++ b/config/samples/harborcluster-standard/kustomization.yaml @@ -8,7 +8,7 @@ resources: bases: - ../../kustomizeconfig -- ../harbor +- ../harborcluster-minimal patchesStrategicMerge: - harbor_chartmuseum_patch.yaml diff --git a/config/samples/harbor-full/storage.yaml b/config/samples/harborcluster-standard/storage.yaml similarity index 100% rename from config/samples/harbor-full/storage.yaml rename to config/samples/harborcluster-standard/storage.yaml diff --git a/config/samples/harborcluster/goharbor_v1alpha3_harborcluster.yaml b/config/samples/harborcluster/goharbor_v1alpha3_harborcluster.yaml deleted file mode 100644 index da566a081..000000000 --- a/config/samples/harborcluster/goharbor_v1alpha3_harborcluster.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: goharbor.io/v1alpha3 -kind: HarborCluster -metadata: - name: harborcluster-sample -spec: - logLevel: info - imageSource: - repository: ghcr.io/goharbor - harborAdminPasswordRef: admin-core-secret - externalURL: https://core.harbor.domain - redis: - host: harbor-redis-master - port: 6379 - passwordRef: harbor-redis - database: - hosts: - - host: harbor-database-postgresql - port: 5432 - username: postgres - passwordRef: harbor-database-password - sslMode: disable - expose: - core: - ingress: - host: core.harbor.domain - tls: - certificateRef: sample-public-certificate - notary: - ingress: - host: notary.harbor.domain - tls: - certificateRef: sample-public-certificate - internalTLS: - enabled: true - portal: {} - registry: {} - core: - tokenIssuer: - name: service-token - kind: Issuer - trivy: - skipUpdate: false - storage: - reportsPersistentVolume: - claimName: sample-harbor-trivy-reports - cachePersistentVolume: - claimName: sample-harbor-trivy-cache - chartmuseum: {} - notary: - migrationEnabled: true - imageChartStorage: - filesystem: - registryPersistentVolume: - claimName: sample-harbor-registry - chartPersistentVolume: - claimName: sample-harbor-chart diff --git a/config/samples/harborcluster/service_token_issuer.yaml b/config/samples/harborcluster/service_token_issuer.yaml deleted file mode 100644 index ed6541a07..000000000 --- a/config/samples/harborcluster/service_token_issuer.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: service-token -spec: - selfSigned: {} diff --git a/config/samples/harborcluster/storage.yaml b/config/samples/harborcluster/storage.yaml deleted file mode 100644 index a083d15e7..000000000 --- a/config/samples/harborcluster/storage.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sample-harbor-registry -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sample-harbor-trivy-reports -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sample-harbor-trivy-cache -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 5Gi ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: sample-harbor-chart -spec: - accessModes: - - ReadWriteOnce - volumeMode: Filesystem - resources: - requests: - storage: 5Gi ---- \ No newline at end of file diff --git a/docs/installation/customize-storage-db-redis.md b/docs/installation/customize-storage-db-redis.md new file mode 100644 index 000000000..20402f619 --- /dev/null +++ b/docs/installation/customize-storage-db-redis.md @@ -0,0 +1,3 @@ +# Customize the existing storage, database and cache services + +tbd diff --git a/docs/manifests-reference.md b/docs/manifests-reference.md index 7b1ec898d..8625f7c01 100644 --- a/docs/manifests-reference.md +++ b/docs/manifests-reference.md @@ -66,11 +66,11 @@ This folder contains several sample manifests for you to deploy Harbor cluster w | Manifests | Description | |--------------|------------------| -| [harbor_core_fs.yaml](../manifests/samples/harbor_core_fs.yaml) |Deploy the Harbor cluster with the structure: harbor core components + filesystem storage(PV) + in-cluster PostgreSQL + in-cluster Redis | -| [harbor_core_minio.yaml](../manifests/samples/harbor_core_minio.yaml) |Deploy the Harbor cluster with the structure: harbor core components + in-cluster storage(Minio) + in-cluster PostgreSQL + in-cluster Redis | -| [harbor_full_fs.yaml](../manifests/samples/harbor_full_fs.yaml) |Deploy the Harbor cluster with the structure: harbor all components + filesystem storage(PV) + in-cluster PostgreSQL + in-cluster Redis | -| [harbor_full_minio.yaml](../manifests/samples/harbor_full_minio.yaml) |Deploy the Harbor cluster with the structure: harbor all components + in-cluster storage(Minio) + in-cluster PostgreSQL + in-cluster Redis | -| [harborcluster_standard_stack_external.yaml](../manifests/samples/harborcluster_standard_stack_external.yaml) |Deploy the Harbor cluster with the structure: harbor all components + filesystem storage(PV) + external PostgreSQL + external Redis| +| [minimal_stack_fs.yaml](../manifests/samples/minimal_stack_fs.yaml) |Deploy the Harbor cluster with the structure: harbor core components + filesystem storage(PV) + in-cluster PostgreSQL + in-cluster Redis | +| [minimal_stack_incluster.yaml](../manifests/samples/minimal_stack_incluster.yaml) |Deploy the Harbor cluster with the structure: harbor core components + in-cluster storage(Minio) + in-cluster PostgreSQL + in-cluster Redis | +| [standard_stack_fs.yaml](../manifests/samples/standard_stack_fs.yaml) |Deploy the Harbor cluster with the structure: harbor all components + filesystem storage(PV) + in-cluster PostgreSQL + in-cluster Redis | +| [full_stack.yaml](../manifests/samples/full_stack.yaml) |Deploy the Harbor cluster with the structure: harbor all components + in-cluster storage(Minio) + in-cluster PostgreSQL + in-cluster Redis | +| [standard_stack.yaml](../manifests/samples/standard_stack.yaml) |Deploy the Harbor cluster with the structure: harbor all components + filesystem storage(PV) + external PostgreSQL + external Redis| > NOTE: `external` means you need to pre-deploy the required services; `in-cluster` means the Harbor operator will create the required services while deploying the Harbor cluster. diff --git a/docs/tutorial.md b/docs/tutorial.md index 43b546c64..d6da4e920 100644 --- a/docs/tutorial.md +++ b/docs/tutorial.md @@ -47,7 +47,7 @@ Learn more about the sample manifests, you can check [manifests reference](./man > NOTES: to allow the deployed Harbor cluster to be accessible outside the Kubenetes cluster, make sure the ingress hosts and host in the `externalURL` should be mapping with accessible IPs in the /etc/hosts (for local development environments) or can be resolved and accessible by DNS resolver. >TIPS: for local development, some plan-domain services like `sub-domain..xip.io` can be used to provide simple public accessible hosts. -Here we clone the [full stack sample manifest](../manifests/samples/harbor_full_minio.yaml) as an example and modify the external host and ingress hosts with `sub-domain..xip.io` pattern. Modified content is shown as below. Please pay attention here, the 'namespace', 'admin password', 'minio access secret' and 'cert-manager issuer' are pre-defined resources and bound to the deploying Harbor cluster. +Here we clone the [full stack sample manifest](../manifests/samples/full_stack.yaml) as an example and modify the external host and ingress hosts with `sub-domain..xip.io` pattern. Modified content is shown as below. Please pay attention here, the 'namespace', 'admin password', 'minio access secret' and 'cert-manager issuer' are pre-defined resources and bound to the deploying Harbor cluster. `my_full_stack.yaml`: diff --git a/manifests/samples/harbor_full_minio.yaml b/manifests/samples/full_stack.yaml similarity index 100% rename from manifests/samples/harbor_full_minio.yaml rename to manifests/samples/full_stack.yaml diff --git a/manifests/samples/harborcluster_standard_stack_external.yaml b/manifests/samples/harborcluster_standard_stack_external.yaml deleted file mode 100644 index e795264ba..000000000 --- a/manifests/samples/harborcluster_standard_stack_external.yaml +++ /dev/null @@ -1,167 +0,0 @@ -apiVersion: v1 -data: - secret: SGFyYm9yMTIzNDU= -kind: Secret -metadata: - labels: - sample: "true" - name: admin-core-secret-7274ck5bh5 -type: goharbor.io/single-secret ---- -apiVersion: v1 -data: - secret: MTIzNDU2Nzg5MDEyMzQ1Ng== -kind: Secret -metadata: - labels: - sample: "true" - name: core-database-encryption-dddh7f9gfg -type: goharbor.io/single-secret ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - sample: "true" - name: sample-harbor-chart -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - volumeMode: Filesystem ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - sample: "true" - name: sample-harbor-registry -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - volumeMode: Filesystem ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - sample: "true" - name: sample-harbor-trivy-cache -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - volumeMode: Filesystem ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - sample: "true" - name: sample-harbor-trivy-reports -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - volumeMode: Filesystem ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - sample: "true" - name: sample-public-certificate -spec: - dnsNames: - - core.harbor.domain - - notary.harbor.domain - isCA: true - issuerRef: - name: sample-public-certificate - secretName: sample-public-certificate ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - sample: "true" - name: sample-public-certificate -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - sample: "true" - name: service-token -spec: - selfSigned: {} ---- -apiVersion: goharbor.io/v1alpha3 -kind: HarborCluster -metadata: - labels: - sample: "true" - name: harborcluster-sample -spec: - chartmuseum: {} - core: - tokenIssuer: - kind: Issuer - name: service-token - database: - hosts: - - host: harbor-database-postgresql - port: 5432 - passwordRef: harbor-database-password - sslMode: disable - username: postgres - expose: - core: - ingress: - host: core.harbor.domain - tls: - certificateRef: sample-public-certificate - notary: - ingress: - host: notary.harbor.domain - tls: - certificateRef: sample-public-certificate - externalURL: https://core.harbor.domain - harborAdminPasswordRef: admin-core-secret-7274ck5bh5 - imageChartStorage: - filesystem: - chartPersistentVolume: - claimName: sample-harbor-chart - registryPersistentVolume: - claimName: sample-harbor-registry - imageSource: - repository: ghcr.io/goharbor - internalTLS: - enabled: true - logLevel: info - notary: - migrationEnabled: true - portal: {} - redis: - host: harbor-redis-master - passwordRef: harbor-redis - port: 6379 - registry: {} - trivy: - skipUpdate: false - storage: - cachePersistentVolume: - claimName: sample-harbor-trivy-cache - reportsPersistentVolume: - claimName: sample-harbor-trivy-reports diff --git a/manifests/samples/harbor_core_fs.yaml b/manifests/samples/minimal_stack_fs.yaml similarity index 100% rename from manifests/samples/harbor_core_fs.yaml rename to manifests/samples/minimal_stack_fs.yaml diff --git a/manifests/samples/harbor_core_minio.yaml b/manifests/samples/minimal_stack_incluster.yaml similarity index 100% rename from manifests/samples/harbor_core_minio.yaml rename to manifests/samples/minimal_stack_incluster.yaml diff --git a/config/samples/harborcluster/https.yaml b/manifests/samples/standard_stack.yaml similarity index 66% rename from config/samples/harborcluster/https.yaml rename to manifests/samples/standard_stack.yaml index f7aa993c7..d244cc244 100644 --- a/config/samples/harborcluster/https.yaml +++ b/manifests/samples/standard_stack.yaml @@ -1,27 +1,227 @@ apiVersion: v1 +data: + secret: SGFyYm9yMTIzNDU= kind: Secret metadata: - name: harbor-test-ca + labels: + sample: "true" + name: admin-core-secret-7274ck5bh5 +type: goharbor.io/single-secret +--- +apiVersion: v1 +data: + secret: MTIzNDU2Nzg5MDEyMzQ1Ng== +kind: Secret +metadata: + labels: + sample: "true" + name: core-database-encryption-dddh7f9gfg +type: goharbor.io/single-secret +--- +apiVersion: v1 +data: + secret: dW5zZWN1cmUtY29yZS1zZWNyZXQ= +kind: Secret +metadata: + labels: + sample: "true" + name: core-secret-m77cc2b6k2 +type: goharbor.io/single-secret +--- +apiVersion: v1 +data: + key: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= +kind: Secret +metadata: + labels: + sample: "true" + name: csrf-key-dmb742k6m2 +type: goharbor.io/csrf +--- +apiVersion: v1 data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpekNDQTNPZ0F3SUJBZ0lVU2Fva1FldWczaGJHQVF3U1BqaklsMmV1akl3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1ZERUxNQWtHQTFVRUJoTUNRMDR4RERBS0JnTlZCQWdNQTFCRlN6RVJNQThHQTFVRUJ3d0lRbVZwSUVwcApibWN4RVRBUEJnTlZCQW9NQ0dkdmFHRnlZbTl5TVJFd0R3WURWUVFEREFoSVlYSmliM0pEUVRBZ0Z3MHlNREE0Ck1USXhNRFV5TkROYUdBOHlNVEl3TURjeE9URXdOVEkwTTFvd1ZERUxNQWtHQTFVRUJoTUNRMDR4RERBS0JnTlYKQkFnTUExQkZTekVSTUE4R0ExVUVCd3dJUW1WcElFcHBibWN4RVRBUEJnTlZCQW9NQ0dkdmFHRnlZbTl5TVJFdwpEd1lEVlFRRERBaElZWEppYjNKRFFUQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCCkFPWlJaWWtGbVZCTmFiRVU0Y0RhcWEyN2s1K091VUhnMW9vU2NDbmJiQkZ4TkIyMi83Q3pYSVdPV21GQ1ZQalgKTHdBVjEzdTZwUWtNTWFqRHFQQS83bGR6OGFqWW05VlREZzgvcUdib2E2YW9OTzRHTExkeWlsaTY2R0xtSHBXawpCNi9KWjNKYUV2cHozOTQ4dk1pb0dDdXBjQnFFeGw4Z0hxcmdzeWpSOXVlcVM5bGU2Ni9nMWdEcVZtU0FVM3BQCndLa3dkUk1PaVFzeFNMOVRZL0lYYkNkVWVwc2xJQ2VHTEdqdjQvVUN0ZDlZVWhpSVJWOTdLc2dLRG4wQk8yOWMKVitXM0lDcW1yUDVsUUNYeUJQL0lPZW4zc0VoSlBDVTFuZUNZOWM2ODdKTlJJQ2VEWGUyTGJSUnRBcUIvblNXLwp1OGNzY3kwWFd6QjhicHN2dmU2d0hOMmNCU2thTXQ5MGN2N1JxMlpLNnRqMTltcHM1NXhoSjJibDFMTkNKbDZiClU2U0YvNXphZjQvdkF6SVJoUlpyMkJhQzlvdGc5U2ZQMXl2VHZBbVpUL1Z5T2h4R05QdGpZdU5rZm9YNVVSQ2QKWTB3N2l0S0VEZk82MDVJaXN1TEpGdUlhWVNMTzg1YWJSNmo3QzdNQnlWWHpxVEU1aGF1dFZlWno2SHNNOWxrbwp1dlQxejRZWm9hTVQrME4yT0dOcGtRdnlMTmZLM2djVitya0hkNURBSmdKWG1nNlVpZXh3UUtJZFIxNi9keWRPCkQ3RHpKTDVTU0tFbnNCaDA1NnRqQzU4NEdhVmljQ1U1WVBVdVBpSGx3dkRSREVLQytFNDQwdUxvQjUwTXE0TDgKOFI5Y3JZYklsWFkvdFF5eVdGL1FEbXFyZzMxeTVJRjBwV3JoOThoWm92eUxBZ01CQUFHalV6QlJNQjBHQTFVZApEZ1FXQkJTMUo2V3dyV1JPZlZ6UkNnVWtQeGVmMzV1ZW56QWZCZ05WSFNNRUdEQVdnQlMxSjZXd3JXUk9mVnpSCkNnVWtQeGVmMzV1ZW56QVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQ2IKR2RvUytOQmQ5KzJjUDViS1FFYjdsZXhXdEI5M1oyVWVsVkhhNllSRW90K2d1dU1yVkJnTGJvWmNGMS9pZzJIRApNV2l1bFIvQ2ZDN2tQbUxTWVZLRFlXWmJXRXBaUWhTNnYrSnlaQUkxY1lsU0d0cWVMcW41ZHBpUXZ2OTl2anJyCmFYTzV3a2U0Q3VZNnRqVTZzTkNhc2k5SDVXN09JRTlCRmxhSmtJeTh4SjNBeGpESlpDakthK2FsUFd0SnhGSSsKTHNKZkRmTFJTeERONlhPQ1hJTTZQM0NNVnYzemNudU9iQ3pwNUNKZWlULzA0eXdqWkJKQjB3bERVeGs3byt5WApjTzJUUEc4N01LOG1WelE3L1prZzgvUVZzTlNHcGlsSTBLYzVmNEtLR0NwUkR1RUx1dVNRbHNIdnZNaWRRcmQxCktDZHRHeDVIRFlJeDgrd0Z1RU5XTHZDVG4vd2dQQWtGbitqaU9Yb29CYmM4WllSU1NheW5mZzFtd0tpR2hPQ3EKK0hWV3hzdVNQSzFSZ2drTTFhMDJqTDZXby9wb0lsdkxvRFNhNjZDNHJoRnZmZGZWSlRJZWY2ZVBGb3k1Y0pNcwo4ZkZETU9SZ0Z4T29xbHliWGRyRmJsUEE0VzZUMjhLR0VwSmcyWVlDbmR3YkY3M0N6dkUrb2tlM254Uzcvakt4ClR4SFZJU01uY1ZONjNybnJoS1hNZEtCUzZvR1ErRkhXY0ZUNFhrbTBoU2drVURVTnZIMkxzaFUxREl5NGFrTmkKKzRhVlExdHlSd2huRjcrNVlUTDZnRTcremtZTXNOdkU2bDlFOU1MYW5TeUU5bnhPSDRKOHc0VUFuVTF2ZHZpQwpwQitXNXhsdVpvczZjMnUwbVk0d0UvdmVXV0lXRFdXdDFlT3J1RlBYUGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRG1VV1dKQlpsUVRXbXgKRk9IQTJxbXR1NU9manJsQjROYUtFbkFwMjJ3UmNUUWR0dit3czF5RmpscGhRbFQ0MXk4QUZkZDd1cVVKRERHbwp3Nmp3UCs1WGMvR28ySnZWVXc0UFA2aG02R3VtcURUdUJpeTNjb3BZdXVoaTVoNlZwQWV2eVdkeVdoTDZjOS9lClBMeklxQmdycVhBYWhNWmZJQjZxNExNbzBmYm5xa3ZaWHV1djROWUE2bFprZ0ZONlQ4Q3BNSFVURG9rTE1VaS8KVTJQeUYyd25WSHFiSlNBbmhpeG83K1AxQXJYZldGSVlpRVZmZXlySUNnNTlBVHR2WEZmbHR5QXFwcXorWlVBbAo4Z1QveURucDk3QklTVHdsTlozZ21QWE92T3lUVVNBbmcxM3RpMjBVYlFLZ2Y1MGx2N3ZITEhNdEYxc3dmRzZiCkw3M3VzQnpkbkFVcEdqTGZkSEwrMGF0bVN1clk5ZlpxYk9lY1lTZG01ZFN6UWlaZW0xT2toZitjMm4rUDd3TXkKRVlVV2E5Z1dndmFMWVBVbno5Y3IwN3dKbVUvMWNqb2NSalQ3WTJMalpINkYrVkVRbldOTU80clNoQTN6dXRPUwpJckxpeVJiaUdtRWl6dk9XbTBlbyt3dXpBY2xWODZreE9ZV3JyVlhtYytoN0RQWlpLTHIwOWMrR0dhR2pFL3RECmRqaGphWkVMOGl6WHl0NEhGZnE1QjNlUXdDWUNWNW9PbEluc2NFQ2lIVWRldjNjblRnK3c4eVMrVWtpaEo3QVkKZE9lcll3dWZPQm1sWW5BbE9XRDFMajRoNWNMdzBReENndmhPT05MaTZBZWRES3VDL1BFZlhLMkd5SlYyUDdVTQpzbGhmMEE1cXE0TjljdVNCZEtWcTRmZklXYUw4aXdJREFRQUJBb0lDQUV6YnNOUnU1K0NpVkxqaFRReThhNDhzClgzRUpnY3o0S04vZWswdUVpNld1YjBQVFE3UkZ4b1JUSXRuOTlya3JwZVdUWkZ0SHg3Y2pPSmNtNUFONGNpTUEKOEEzMmF0cGZZdnUzdEl6UzFzbkFyQmthT21YbGRVRnk3Z1hDNFVYeWZSWXVVYlVaVmVmNkx5VE1nL3M2RFFiVQovakg3U08rSm1uSlBsYm56aHo5NzF0L3RDeDJnSEFvbUtUcFVrSWJxZ2xKemR6NHF4WlRVbDRBeFpkTHQrZ3VOCjUzUktpVlpuTWY2NnZ3bU9JLzhxVEFzZnZuYkVkVnhYN3NuTVZYY3VDNjcrMDE4b1MrYUJCMDBpWElTMjNveXoKT1VLR0hlb1U0R0NJNnM1WXdXSFAycmtVMzQxYno4VFhNOTgzZHN1WUZpTzdNNXhDaFEzREdHMzFHcDdDYW43dgpaeWVCaGwxeXBvZHVVYjQxUW0vRzB4S3gyelRyeWR6RXBOZUNidCtJazhjMDBvMW1JTXRVdkc3ekVzeFFBc2M2CnBGMTZEK0lEZ01UdzZLM1FuYmpiMzE2QlFxQzhoOW9PMkJYZ1c0UGdnVVphWjByS2RTMGs2Ylo1dnE3T3I2Qk4KZW8zamlwbjlxZWxlODZHaU5aMmF5cmNyck50M2VlSkdmK3h0ZXBMVERYU2krTCt2OS8rd056bFZ1Vm5VWVIyWQpLdC84Y1htR2tvcmtDK2djN0RYbnhiMllaRTE2RDZWcE5rcEd0QlZpQTVZMXdDeGdtcVNRbDRneGNMZWE2RUNWCkVCeFhqOWFvWjZJTGlYRnRwRFZtVStVVVZZNmVPMSsxSVBqNmFiNEdibEhPRE5BcFJGekpUS29oS2tBY0ViZXkKNi90NW1KNGRjZXAxRm5veTFDQXhBb0lCQVFENXk4NU4xQmgwMCtwdmpEU3VWdkwrcll4VlFZakdTLzFtWlYvYgorSXo3N3hBOTlzU2ZkSzNWS2UxSk15bFg0Zkx4SEo2TG9kYUxoMysyU3U3MTNqSTQzUTJ4bFRiSURJeFQxdEJECjhucEpzNHI2YktINHh2NGYyby9RYzhnWjQwTEg4bkdTc1VPZUdEYU1DTlN3ZjNxR0FnMFlJY2EzSkhQUnJBdk8KZE9OZmFicWVyaVFYcUt4VzFObUxhdGtaVTI0S0twWmcra0oyV2picGl3dms0SFM4Zmdwb0puRkd2L3I5ZEJnQgprQW8yeGpTOEJMZFU5cno2SjFpQ1I2ZURPN3dhZCtiWmlIVFVBSXFyUmRKYU5lSmFTS2dwYUpheEp6cUNQODBkCjd4LzFKQTBSY3NvUU5VMHVpeml5MmdKUCt4bVgvN2FMNzJCdDBJYzZtT1VicTlwSEFvSUJBUURzQ2IvVklLSUwKUWNrYlZpSW1DanFuQllVQW5RZmpRaUlpaTFqV3lCOGVvOXlqVVM2b0JNMTdOOVJrU1psVHZtMzBGcjdsVXAwKwpNUmVmVkxLdG5EYUhQOXZqWTVvQ0xObEs3Ryt1U0hZRTl3NFI0T2lzelYzeWl4L3JVV0cramVKRHhGeGVnUFJKCnc1cUExclZUblcvVGlMc0ltUG94RG1HRUNKRjBhTi83dmMvaW51ZS9LVGZSc2J6OThmTWd3SUltTHVBT0UrekwKMzRPRHdMRU1BbjZCaG5sTUlweE8xSDU1QUdVOEc0MnNjM1ZwRkcvMHBWYU14TzR5VnQzaDY3U2JJV05zT1hBYgpPdm43L04xVlQ5TUtWUkFVMTZ2ZnJENW82TjRPZnd0eW1TcVhHUFBhTXRBRDYwM0l6UWp2ajV2WCsvRDZEMVJSCjBSOEpNYzVxRVdtZEFvSUJBUURqRVdiSnpNRW1nZlNiemNHZHNTQldiZ0FoQjkrREVsU1luaEpUYlU4TFBMZHcKL0Q2a0RIWndUUnFMN2R2cExWV2Y0N29qaDh2MUxnamo5cDNlRmt0azhWeWZUdHByWXl5MGtaTGtFU2tra2ZjRgp5WFk3SlBpZ2tCY25EL2lYdjhSVzZZWmdLSThreVRIY2ZiS0pkbmcwRk8wK1FJWFl1V1FtOXRRTXFxaDlkU2pWClVjc3hUbnpLdWRXL0xET0pHQlB4WGVFdzZvMDc5S255QmhtYnhvV1hTcU8vSlNMWGczQnVzUGVaaEF3azJtdloKZGhnSlBmbHZGQkVhN0hQVGtadGVIQnhYSmZtOU5YallWREh4R3daVnQ3SlZZZU9KeWZVZnJVdVJxR3RPZGFVRApkV3RFN0k3cWZsZmVETnNKUldKd2oxeXJPOEJXVXJaNmg3M01ONTNGQW9JQkFRQ042OHJCTGc3Z3I5eG9xR0I5CitOYU5TRjlSSUJuM0JmT2FTNmpOODZQcWUySVZmS0dOK3QxR0FpcWRaamRmeC9jNnRWWndjajBEZ09jUU1SQUMKSFJRWVBFaE5MNzBSSThBL01XeHhJVFo5QThNYzh0dFQwMk55aXo1VThpalFOMlZkazdwcVJDVWVHUk5UOWtVdQprbElEb1ltN3dLZG1TWnhPbEF4Skx5bkZwcnBSSzNSeVZ5a3QxeTJvandxOW5hSmpyUG1nM1ZBYXdUakZSbDN0CnQ2NHkyUlVqdHdlK3lqdUZLN3l5NkdwRnoySkFIVDYzblpZdHE5Y0F3NFJENjhJN0tGY3NZbGpLdHFwS1hoOEMKeGExQjRDVjhNclV3RnRPcnBxQ2xuTFBZWXNuZDhlM2xPM29oY1NEaTVJMUQ1Vmd5QkZVL05XcGdpMW1hNEt5WQowQUZ0QW9JQkFGZ1h0ZWM2VE1EVGVpRDFXQzRFK3E5aHNKZHBSamFwTGJqOGlTdFVyZVNmL2xIcFQrb1dYdUt3CnJnS2d6bm8vVjNxeEdKaFBWaFJJUW1Kb3U2M01LY1hxWXVwSlkxRTdjMmVhbU84SkpPZlpNTFFrWlN1MWlxSmIKZ3JITCt6YVAvTjRqVmkrWTJqbG81OEloYzBLNzVtak9rYjVBZ2ExOFhySnBlYlRHbFdnWFlxY05xUmZzbWhVago3VmMxQk9vVGwwb3pPU21JRmpyQUp3R0pNZjFuQzBuODI5Mks2WERyN0tDbDJXazN2OC9oVzNpRzJ6cW55aFBHCkl3czY0L0NLYU03OTdIc0R1ZXlBTU5vUVJXUHk5d2I3YXZqZlI2TDNGOWczS2l6c1pVbjFtUWcwc0JsQVRTU2QKVEN6SGxtdjZqQVFqY0RxVzdxQ3I0SHRFTXJBNjJGWT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo= +kind: Secret +metadata: + labels: + sample: "true" + name: harbor-test-ca +--- +apiVersion: v1 +data: + secret: dW5zZWN1cmUtam9ic2VydmljZS1zZWNyZXQ= +kind: Secret +metadata: + labels: + sample: "true" + name: jobservice-secret-ffkf2d298g +type: goharbor.io/single-secret +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + sample: "true" + name: sample-harbor-chart +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + volumeMode: Filesystem +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + sample: "true" + name: sample-harbor-registry +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + volumeMode: Filesystem +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + sample: "true" + name: sample-harbor-trivy-cache +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + volumeMode: Filesystem +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + sample: "true" + name: sample-harbor-trivy-reports +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + volumeMode: Filesystem --- apiVersion: cert-manager.io/v1 -kind: Issuer +kind: Certificate metadata: - name: sample-public-certificate + labels: + sample: "true" + name: harbor-ca spec: - ca: - secretName: harbor-test-ca + commonName: harbor-sample + isCA: true + issuerRef: + name: harbor-sample + secretName: harbor-sample-ca --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: + labels: + sample: "true" name: sample-public-certificate spec: - issuerRef: - name: sample-public-certificate - secretName: sample-public-certificate dnsNames: - core.harbor.domain - notary.harbor.domain + issuerRef: + name: sample-public-certificate + secretName: sample-public-certificate +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + sample: "true" + name: harbor-sample +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + sample: "true" + name: sample-public-certificate +spec: + ca: + secretName: harbor-test-ca +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + sample: "true" + name: service-token +spec: + selfSigned: {} +--- +apiVersion: goharbor.io/v1alpha3 +kind: Harbor +metadata: + labels: + sample: "true" + name: sample +spec: + chartmuseum: {} + core: + tokenIssuer: + kind: Issuer + name: service-token + database: + hosts: + - host: harbor-database-postgresql + port: 5432 + passwordRef: harbor-database-password + sslMode: disable + username: postgres + expose: + core: + ingress: + host: core.harbor.domain + tls: + certificateRef: sample-public-certificate + notary: + ingress: + host: notary.harbor.domain + tls: + certificateRef: sample-public-certificate + externalURL: https://core.harbor.domain + harborAdminPasswordRef: admin-core-secret-7274ck5bh5 + imageChartStorage: + filesystem: + chartPersistentVolume: + claimName: sample-harbor-chart + registryPersistentVolume: + claimName: sample-harbor-registry + internalTLS: + enabled: true + notary: + migrationEnabled: true + portal: {} + redis: + host: harbor-redis-master + passwordRef: harbor-redis + port: 6379 + registry: {} + trivy: + githubTokenRef: github-credentials + skipUpdate: false + storage: + cachePersistentVolume: + claimName: sample-harbor-trivy-cache + reportsPersistentVolume: + claimName: sample-harbor-trivy-reports diff --git a/manifests/samples/harbor_full_fs.yaml b/manifests/samples/standard_stack_fs.yaml similarity index 100% rename from manifests/samples/harbor_full_fs.yaml rename to manifests/samples/standard_stack_fs.yaml