From 60bb0997616c2da99bdc09641f52f1142c4b01fb Mon Sep 17 00:00:00 2001 From: GigiaJ Date: Sun, 19 Oct 2025 01:42:18 -0500 Subject: [PATCH] Correct harbor imlementation at long last --- .../k8s/add_ons/image_registry/harbor.cljs | 88 ++++++++++--------- 1 file changed, 48 insertions(+), 40 deletions(-) diff --git a/iac/src/main/k8s/add_ons/image_registry/harbor.cljs b/iac/src/main/k8s/add_ons/image_registry/harbor.cljs index c73f253..bdb360e 100644 --- a/iac/src/main/k8s/add_ons/image_registry/harbor.cljs +++ b/iac/src/main/k8s/add_ons/image_registry/harbor.cljs @@ -1,12 +1,56 @@ -(ns k8s.add-ons.image-registry.harbor - (:require [utils.k8s :refer [make-transformer]])) +(ns k8s.add-ons.image-registry.harbor) (def config - {:stack [:storage-class :vault-secrets :chart :ingress] + {:stack [:storage-class :vault-secrets :chart] :app-namespace "harbor" :app-name "harbor" :image-port 80 :vault-load-yaml false + :chart-opts {:fetchOpts {:repo "https://helm.goharbor.io"} + :values {:externalURL '(str "https://" host) + :expose {:type "ingress" + :tls {:enabled false} + :ingress {:className "caddy" + :hosts {:core 'host}}} + :harborAdminPassword 'admin-password + :secretKey 'secret-key + :database {:enabled true + :internal {:password 'db-password}} + :postgresql {:auth {:postgresPassword 'db-password}} + :persistence {:enabled true + :resourcePolicy "keep" + :imageChartStorage {:type "s3" + :redirect {:disable true} + :delete {:enabled true} + :disableredirect true + :s3 {:region 'region + :bucket 'bucket + :secure false + :v4auth true + :accesskey 's3-access-key + :secretkey 's3-secret-key + :regionendpoint 'region-endpoint}}} + :core {:secret 'core-secret + :xsrfKey 'core-xrsf-key + :tokenKey 'core-token-key + :tokenCert 'core-token-cert} + :jobservice {:secret 'jobservice-secret} + :registry {:secret 'registry-secret + :s3 {:region 'region + :bucket 'bucket + :secure false + :forcepathstyle true + :accesskey 's3-access-key + :secretkey 's3-secret-key + :regionendpoint 'region-endpoint} + :upload_purging {:enabled true} + :logLevel "debug"}} + :transformations [(fn [args _opts] + (let [kind (get-in args [:resource :kind])] + (if (some #{kind} ["StatefulSet" "PersistentVolumeClaim" "Ingress"]) + (update-in args [:resource :metadata :annotations] + #(assoc (or % {}) "pulumi.com/skipAwait" "true")) + args)))]} :storage-class-opts {:provisioner "ru.yandex.s3.csi" :parameters {"mounter" "geesefs" "bucket" "pulumi-harbor" @@ -26,41 +70,5 @@ "csi.storage.k8s.io/node-stage-secret-name" "wasabi-csi-secrets" "csi.storage.k8s.io/node-stage-secret-namespace" "kube-system" "csi.storage.k8s.io/controller-publish-secret-name" "wasabi-csi-secrets" - "csi.storage.k8s.io/controller-publish-secret-namespace" "kube-system"}} - - :ingress-opts {:spec {:ingressClassName "caddy" - :rules [{:host 'host - :http {:paths '(make-paths - {:paths ["/" "/c"] - :backend {:name (str app-name "-portal") - :port {:number image-port}}} - {:paths ["/api" "/v2" "/chartrepo" "/service"] - :backend {:name (str app-name "-core") - :port {:number image-port}}})}}]}} - - :chart-opts {:fetchOpts {:repo "https://helm.goharbor.io"} - - :values {:externalURL '(str "https://" host) - :expose {:ingress {:enabled true} - :tls {:enabled true}} - :harborAdminPassword 'admin-password - :secretKey 'secret-key - :database {:enabled true - :internal {:password 'db-password}} - :postgresql {:auth {:postgresPassword 'db-password}} - :persistence {:enabled true - :resourcePolicy "keep"} - :registry {:storage {:type "s3" - :s3 {:region 'region - :bucket 'bucket - :accessKey 's3-access-key - :secretKey 's3-secret-key - :regionendpoint 'region-endpoint}}}} - :transformations [(fn [args _opts] - (let [kind (get-in args [:resource :kind])] - (if (some #{kind} ["StatefulSet" "PersistentVolumeClaim" "Ingress"]) - (update-in args [:resource :metadata :annotations] - #(assoc (or % {}) "pulumi.com/skipAwait" "true")) - args)))] - }}) + "csi.storage.k8s.io/controller-publish-secret-namespace" "kube-system"}}})