From 1b453c7f42634d40924d1906fec024012c341d4a Mon Sep 17 00:00:00 2001 From: GigiaJ Date: Sat, 22 Nov 2025 17:03:55 -0600 Subject: [PATCH] Revise harbor to use HTTPRoute and Gateway API --- .../k8s/add_ons/image_registry/harbor.cljs | 89 ++++++++++--------- 1 file changed, 45 insertions(+), 44 deletions(-) diff --git a/iac/src/main/k8s/add_ons/image_registry/harbor.cljs b/iac/src/main/k8s/add_ons/image_registry/harbor.cljs index e0bcca9..687bac8 100644 --- a/iac/src/main/k8s/add_ons/image_registry/harbor.cljs +++ b/iac/src/main/k8s/add_ons/image_registry/harbor.cljs @@ -7,50 +7,51 @@ :image-port 80 :vault-load-yaml false :k8s:chart-opts {:fetchOpts {:repo "https://helm.goharbor.io"} - :values {:externalURL '(str "https://" host) - :expose {:type "ingress" - :tls {:enabled false} - :ingress {:className "caddy" - :hosts {:core 'host}}} - :harborAdminPassword 'admin-password - :secretKey 'secret-key - :database {:enabled true - :internal {:password 'db-password}} - :postgresql {:auth {:postgresPassword 'db-password}} - :persistence {:enabled true - :resourcePolicy "keep" - :imageChartStorage {:type "s3" - :redirect {:disable true} - :delete {:enabled true} - :disableredirect true - :s3 {:region 'region - :bucket 'bucket - :secure false - :v4auth true - :accesskey 's3-access-key - :secretkey 's3-secret-key - :regionendpoint 'region-endpoint}}} - :core {:secret 'core-secret - :xsrfKey 'core-xrsf-key - :tokenKey 'core-token-key - :tokenCert 'core-token-cert} - :jobservice {:secret 'jobservice-secret} - :registry {:secret 'registry-secret - :s3 {:region 'region - :bucket 'bucket - :secure false - :forcepathstyle true - :accesskey 's3-access-key - :secretkey 's3-secret-key - :regionendpoint 'region-endpoint} - :upload_purging {:enabled true} - :logLevel "debug"}} - :transformations [(fn [args _opts] - (let [kind (get-in args [:resource :kind])] - (if (some #{kind} ["StatefulSet" "PersistentVolumeClaim" "Ingress"]) - (update-in args [:resource :metadata :annotations] - #(assoc (or % {}) "pulumi.com/skipAwait" "true")) - args)))]} + :values {:externalURL '(str "https://" host) + :expose {:type "route" + :tls {:enabled false} + :route {:hosts ['host] + :parentRefs [{:name "main-gateway" + :namespace "traefik"}]}} + :harborAdminPassword 'admin-password + :secretKey 'secret-key + :database {:enabled true + :internal {:password 'db-password}} + :postgresql {:auth {:postgresPassword 'db-password}} + :persistence {:enabled true + :resourcePolicy "keep" + :imageChartStorage {:type "s3" + :redirect {:disable true} + :delete {:enabled true} + :disableredirect true + :s3 {:region 'region + :bucket 'bucket + :secure false + :v4auth true + :accesskey 's3-access-key + :secretkey 's3-secret-key + :regionendpoint 'region-endpoint}}} + :core {:secret 'core-secret + :xsrfKey 'core-xrsf-key + :tokenKey 'core-token-key + :tokenCert 'core-token-cert} + :jobservice {:secret 'jobservice-secret} + :registry {:secret 'registry-secret + :s3 {:region 'region + :bucket 'bucket + :secure false + :forcepathstyle true + :accesskey 's3-access-key + :secretkey 's3-secret-key + :regionendpoint 'region-endpoint} + :upload_purging {:enabled true} + :logLevel "debug"}} + :transformations [(fn [args _opts] + (let [kind (get-in args [:resource :kind])] + (if (some #{kind} ["StatefulSet" "PersistentVolumeClaim" "Ingress"]) + (update-in args [:resource :metadata :annotations] + #(assoc (or % {}) "pulumi.com/skipAwait" "true")) + args)))]} :k8s:storage-class-opts {:provisioner "ru.yandex.s3.csi" :parameters {"mounter" "geesefs" "bucket" "pulumi-harbor"