Skip to content

Commit 745d69d

Browse files
airycanonairycanon
committed
alauda changes
1 parent fd26bc3 commit 745d69d

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

48 files changed

+2067
-155
lines changed

templates/_helpers.tpl

Lines changed: 38 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -118,7 +118,14 @@ app: "{{ template "harbor.name" . }}"
118118
{{- .Values.database.internal.password -}}
119119
{{- end -}}
120120
{{- else -}}
121-
{{- .Values.database.external.password -}}
121+
{{- $password := .Values.database.external.password -}}
122+
{{- if .Values.database.external.existingSecret -}}
123+
{{- $passwordSecret := (lookup "v1" "Secret" .Release.Namespace .Values.database.external.existingSecret) }}
124+
{{- if and $passwordSecret ( index $passwordSecret.data "POSTGRES_PASSWORD" | default "") -}}
125+
{{- $password = index $passwordSecret.data "POSTGRES_PASSWORD" | b64dec -}}
126+
{{- end -}}
127+
{{- end -}}
128+
{{- $password -}}
122129
{{- end -}}
123130
{{- end -}}
124131

@@ -248,6 +255,19 @@ app: "{{ template "harbor.name" . }}"
248255
{{- end }}
249256
{{- end -}}
250257

258+
{{- define "harbor.registry.password" -}}
259+
{{- if not .Values.registry.credentials.existingSecret }}
260+
{{ .Values.registry.credentials.password | b64enc }}
261+
{{- else -}}
262+
{{- $password := "" -}}
263+
{{- $passwordSecret := (lookup "v1" "Secret" .Release.Namespace .Values.registry.credentials.existingSecret) }}
264+
{{- if and $passwordSecret ( index $passwordSecret.data .Values.registry.credentials.existingSecretKey | default "") -}}
265+
{{- $password = index $passwordSecret.data .Values.registry.credentials.existingSecretKey | b64dec -}}
266+
{{- end -}}
267+
{{- $password -}}
268+
{{- end -}}
269+
{{- end -}}
270+
251271
{{- define "harbor.portal" -}}
252272
{{- printf "%s-portal" (include "harbor.fullname" .) -}}
253273
{{- end -}}
@@ -288,6 +308,10 @@ app: "{{ template "harbor.name" . }}"
288308
{{- printf "%s-exporter" (include "harbor.fullname" .) -}}
289309
{{- end -}}
290310

311+
{{- define "harbor.oidc" -}}
312+
{{- printf "%s-oidc" (include "harbor.fullname" .) -}}
313+
{{- end -}}
314+
291315
{{- define "harbor.ingress" -}}
292316
{{- printf "%s-ingress" (include "harbor.fullname" .) -}}
293317
{{- end -}}
@@ -579,3 +603,16 @@ app: "{{ template "harbor.name" . }}"
579603
{{- define "harbor.ingress.kubeVersion" -}}
580604
{{- default .Capabilities.KubeVersion.Version .Values.expose.ingress.kubeVersionOverride -}}
581605
{{- end -}}
606+
607+
{{- define "harbor.admin.password"}}
608+
{{- if not .Values.existingSecretAdminPassword }}
609+
{{ .Values.harborAdminPassword | b64enc }}
610+
{{- else -}}
611+
{{- $passwordSecret := (lookup "v1" "Secret" $.Release.Namespace .Values.existingSecretAdminPassword) }}
612+
{{- $passwordValue := "" -}}
613+
{{- if $passwordSecret -}}
614+
{{- $passwordValue = index $passwordSecret.data .Values.existingSecretAdminPasswordKey | default "" }}
615+
{{- end }}
616+
{{- ternary ($passwordValue | b64dec) "" (ne $passwordValue "") }}
617+
{{- end -}}
618+
{{- end -}}

templates/core/core-dpl.yaml

Lines changed: 1 addition & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ spec:
6464
{{- end }}
6565
containers:
6666
- name: core
67-
image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
67+
image: "{{ .Values.global.registry.address }}/{{ .Values.global.images.core.repository }}:{{ .Values.global.images.core.tag }}"
6868
imagePullPolicy: {{ .Values.imagePullPolicy }}
6969
{{- if .Values.core.startupProbe.enabled }}
7070
startupProbe:
@@ -110,13 +110,6 @@ spec:
110110
{{- else }}
111111
key: JOBSERVICE_SECRET
112112
{{- end }}
113-
{{- if .Values.existingSecretAdminPassword }}
114-
- name: HARBOR_ADMIN_PASSWORD
115-
valueFrom:
116-
secretKeyRef:
117-
name: {{ .Values.existingSecretAdminPassword }}
118-
key: {{ .Values.existingSecretAdminPasswordKey }}
119-
{{- end }}
120113
{{- if .Values.internalTLS.enabled }}
121114
- name: INTERNAL_TLS_ENABLED
122115
value: "true"
@@ -127,20 +120,6 @@ spec:
127120
- name: INTERNAL_TLS_TRUST_CA_PATH
128121
value: /etc/harbor/ssl/core/ca.crt
129122
{{- end }}
130-
{{- if .Values.database.external.existingSecret }}
131-
- name: POSTGRESQL_PASSWORD
132-
valueFrom:
133-
secretKeyRef:
134-
name: {{ .Values.database.external.existingSecret }}
135-
key: password
136-
{{- end }}
137-
{{- if .Values.registry.credentials.existingSecret }}
138-
- name: REGISTRY_CREDENTIAL_PASSWORD
139-
valueFrom:
140-
secretKeyRef:
141-
name: {{ .Values.registry.credentials.existingSecret }}
142-
key: REGISTRY_PASSWD
143-
{{- end }}
144123
{{- if .Values.core.existingXsrfSecret }}
145124
- name: CSRF_KEY
146125
valueFrom:

templates/core/core-pre-upgrade-job.yaml

Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
apiVersion: batch/v1
33
kind: Job
44
metadata:
5-
name: migration-job
5+
name: {{ template "harbor.core" . }}-migration-job
66
namespace: {{ .Release.Namespace | quote }}
77
labels:
88
{{ include "harbor.labels" . | indent 4 }}
@@ -13,6 +13,7 @@ metadata:
1313
"helm.sh/hook": pre-upgrade
1414
"helm.sh/hook-weight": "-5"
1515
spec:
16+
ttlSecondsAfterFinished: 300
1617
template:
1718
metadata:
1819
labels:
@@ -33,22 +34,14 @@ spec:
3334
terminationGracePeriodSeconds: 120
3435
containers:
3536
- name: core-job
36-
image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
37+
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.core.repository }}:{{ .Values.global.images.core.tag }}
3738
imagePullPolicy: {{ .Values.imagePullPolicy }}
3839
command: ["/harbor/harbor_core", "-mode=migrate"]
3940
envFrom:
4041
- configMapRef:
4142
name: "{{ template "harbor.core" . }}"
4243
- secretRef:
4344
name: "{{ template "harbor.core" . }}"
44-
{{- if .Values.database.external.existingSecret }}
45-
env:
46-
- name: POSTGRESQL_PASSWORD
47-
valueFrom:
48-
secretKeyRef:
49-
name: {{ .Values.database.external.existingSecret }}
50-
key: password
51-
{{- end }}
5245
{{- if not (empty .Values.containerSecurityContext) }}
5346
securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }}
5447
{{- end }}

templates/core/core-secret.yaml

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -15,19 +15,13 @@ data:
1515
secret: {{ .Values.core.secret | default (include "harbor.secretKeyHelper" (dict "key" "secret" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }}
1616
{{- end }}
1717
{{- if not .Values.core.secretName }}
18-
{{- $ca := genCA "harbor-token-ca" 365 }}
18+
{{- $ca := genCA "harbor-token-ca" 3650 }}
1919
tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }}
2020
tls.crt: {{ .Values.core.tokenCert | default $ca.Cert | b64enc | quote }}
2121
{{- end }}
22-
{{- if not .Values.existingSecretAdminPassword }}
23-
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
24-
{{- end }}
25-
{{- if not .Values.database.external.existingSecret }}
22+
HARBOR_ADMIN_PASSWORD: {{ template "harbor.admin.password" . }}
2623
POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
27-
{{- end }}
28-
{{- if not .Values.registry.credentials.existingSecret }}
29-
REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }}
30-
{{- end }}
24+
REGISTRY_CREDENTIAL_PASSWORD: {{ template "harbor.registry.password" . }}
3125
{{- if not .Values.core.existingXsrfSecret }}
3226
CSRF_KEY: {{ .Values.core.xsrfKey | default (include "harbor.secretKeyHelper" (dict "key" "CSRF_KEY" "data" $existingSecret.data)) | default (randAlphaNum 32) | b64enc | quote }}
3327
{{- end }}

templates/database/database-ss.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ spec:
4949
# use this init container to correct the permission
5050
# as "fsGroup" applied before the init container running, the container has enough permission to execute the command
5151
- name: "data-permissions-ensurer"
52-
image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
52+
image: "{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}"
5353
imagePullPolicy: {{ .Values.imagePullPolicy }}
5454
{{- if not (empty .Values.containerSecurityContext) }}
5555
securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }}
@@ -69,7 +69,7 @@ spec:
6969
{{- end }}
7070
containers:
7171
- name: database
72-
image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
72+
image: "{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}"
7373
imagePullPolicy: {{ .Values.imagePullPolicy }}
7474
{{- if not (empty .Values.containerSecurityContext) }}
7575
securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }}

templates/exporter/exporter-dpl.yaml

Lines changed: 1 addition & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ spec:
5959
{{- end }}
6060
containers:
6161
- name: exporter
62-
image: {{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}
62+
image: "{{ .Values.global.registry.address }}/{{ .Values.global.images.exporter.repository }}:{{ .Values.global.images.exporter.tag }}"
6363
imagePullPolicy: {{ .Values.imagePullPolicy }}
6464
livenessProbe:
6565
httpGet:
@@ -79,21 +79,6 @@ spec:
7979
name: "{{ template "harbor.exporter" . }}-env"
8080
- secretRef:
8181
name: "{{ template "harbor.exporter" . }}"
82-
env:
83-
{{- if .Values.database.external.existingSecret }}
84-
- name: HARBOR_DATABASE_PASSWORD
85-
valueFrom:
86-
secretKeyRef:
87-
name: {{ .Values.database.external.existingSecret }}
88-
key: password
89-
{{- end }}
90-
{{- if .Values.existingSecretAdminPassword }}
91-
- name: HARBOR_ADMIN_PASSWORD
92-
valueFrom:
93-
secretKeyRef:
94-
name: {{ .Values.existingSecretAdminPassword }}
95-
key: {{ .Values.existingSecretAdminPasswordKey }}
96-
{{- end }}
9782
{{- if .Values.exporter.resources }}
9883
resources:
9984
{{ toYaml .Values.exporter.resources | indent 10 }}

templates/exporter/exporter-secret.yaml

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,6 @@ metadata:
88
{{ include "harbor.labels" . | indent 4 }}
99
type: Opaque
1010
data:
11-
{{- if not .Values.existingSecretAdminPassword }}
12-
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
13-
{{- end }}
14-
{{- if not .Values.database.external.existingSecret }}
11+
HARBOR_ADMIN_PASSWORD: {{ template "harbor.admin.password" . }}
1512
HARBOR_DATABASE_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
1613
{{- end }}
17-
{{- end }}

templates/ingress/ingress.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,9 @@ metadata:
4242
{{ toYaml $ingress.labels | indent 4 }}
4343
{{- end }}
4444
annotations:
45+
alb.ingress.kubernetes.io/scheme: internet-facing
46+
alb.ingress.kubernetes.io/target-type: ip
47+
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}, {"HTTP":80}]'
4548
{{ toYaml $ingress.annotations | indent 4 }}
4649
{{- if .Values.internalTLS.enabled }}
4750
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

templates/ingress/secret.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{{- if eq (include "harbor.autoGenCertForIngress" .) "true" }}
2-
{{- $ca := genCA "harbor-ca" 365 }}
3-
{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core) 365 $ca }}
2+
{{- $ca := genCA "harbor-ca" 3650 }}
3+
{{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core) 3650 $ca }}
44
apiVersion: v1
55
kind: Secret
66
metadata:

templates/internal/auto-tls.yaml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
{{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }}
2-
{{- $ca := genCA "harbor-internal-ca" 365 }}
2+
{{- $ca := genCA "harbor-internal-ca" 3650 }}
33
{{- $coreCN := (include "harbor.core" .) }}
4-
{{- $coreCrt := genSignedCert $coreCN (list "127.0.0.1") (list "localhost" $coreCN) 365 $ca }}
4+
{{- $coreCrt := genSignedCert $coreCN (list "127.0.0.1") (list "localhost" $coreCN) 3650 $ca }}
55
{{- $jsCN := (include "harbor.jobservice" .) }}
6-
{{- $jsCrt := genSignedCert $jsCN nil (list $jsCN) 365 $ca }}
6+
{{- $jsCrt := genSignedCert $jsCN nil (list $jsCN) 3650 $ca }}
77
{{- $regCN := (include "harbor.registry" .) }}
8-
{{- $regCrt := genSignedCert $regCN nil (list $regCN) 365 $ca }}
8+
{{- $regCrt := genSignedCert $regCN nil (list $regCN) 3650 $ca }}
99
{{- $portalCN := (include "harbor.portal" .) }}
10-
{{- $portalCrt := genSignedCert $portalCN nil (list $portalCN) 365 $ca }}
10+
{{- $portalCrt := genSignedCert $portalCN nil (list $portalCN) 3650 $ca }}
1111

1212
---
1313
apiVersion: v1

0 commit comments

Comments
 (0)