jaggar/iac-cljs-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update to modern config style

Browse Source
This commit is contained in:
GigiaJ
2025-11-16 13:08:20 -06:00
parent 0c2279a142
commit f8226c0077
1 changed files with 22 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
iac/src/main/k8s/add_ons/image_registry/harbor.cljs
View File

@@ -1,12 +1,12 @@
(ns k8s.add-ons.image-registry.harbor) (ns k8s.add-ons.image-registry.harbor)
(def config (def config
{:stack [:storage-class :vault-secrets :chart] {:stack [:vault:prepare [:k8s :storage-class :chart]]
:app-namespace "harbor" :app-namespace "harbor"
:app-name "harbor" :app-name "harbor"
:image-port 80 :image-port 80
:vault-load-yaml false :vault-load-yaml false
:chart-opts {:fetchOpts {:repo "https://helm.goharbor.io"} :k8s:chart-opts {:fetchOpts {:repo "https://helm.goharbor.io"}
:values {:externalURL '(str "https://" host) :values {:externalURL '(str "https://" host)
:expose {:type "ingress" :expose {:type "ingress"
:tls {:enabled false} :tls {:enabled false}
@@ -51,122 +51,23 @@
(update-in args [:resource :metadata :annotations] (update-in args [:resource :metadata :annotations]
#(assoc (or % {}) "pulumi.com/skipAwait" "true")) #(assoc (or % {}) "pulumi.com/skipAwait" "true"))
args)))]} args)))]}
:storage-class-opts {:provisioner "ru.yandex.s3.csi" :k8s:storage-class-opts {:provisioner "ru.yandex.s3.csi"
:parameters {"mounter" "geesefs" :parameters {"mounter" "geesefs"
"bucket" "pulumi-harbor" "bucket" "pulumi-harbor"
"singleBucket" "pulumi-harbor" "singleBucket" "pulumi-harbor"
"region" "us-east-1" "region" "us-east-1"
"accessKey" "something" "accessKey" "something"
"secretKey" "something" "secretKey" "something"
"accessKeyID" "something" "accessKeyID" "something"
"secretAccessKey" "something" "secretAccessKey" "something"
"usePathStyle" "true" "usePathStyle" "true"
"insecureSkipVerify" "true" "insecureSkipVerify" "true"
"options" "--memory-limit 1000 --dir-mode 0777 --file-mode 0666" "options" "--memory-limit 1000 --dir-mode 0777 --file-mode 0666"
"csi.storage.k8s.io/provisioner-secret-name" "wasabi-csi-secrets" "csi.storage.k8s.io/provisioner-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/provisioner-secret-namespace" "kube-system" "csi.storage.k8s.io/provisioner-secret-namespace" "kube-system"
"csi.storage.k8s.io/node-publish-secret-name" "wasabi-csi-secrets" "csi.storage.k8s.io/node-publish-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/node-publish-secret-namespace" "kube-system" "csi.storage.k8s.io/node-publish-secret-namespace" "kube-system"
"csi.storage.k8s.io/node-stage-secret-name" "wasabi-csi-secrets" "csi.storage.k8s.io/node-stage-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/node-stage-secret-namespace" "kube-system" "csi.storage.k8s.io/node-stage-secret-namespace" "kube-system"
"csi.storage.k8s.io/controller-publish-secret-name" "wasabi-csi-secrets" "csi.storage.k8s.io/controller-publish-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/controller-publish-secret-namespace" "kube-system"}}}) "csi.storage.k8s.io/controller-publish-secret-namespace" "kube-system"}}})
#_(def config
{:stack [:vault-secrets:prepare (-> :k8s :storage-class :chart) :vault-secrets:retrieve (-> :harbor :project :robot-account) :execute :k8s:secret]
:app-namespace "harbor"
:app-name "harbor"
:image-port 80
:vault-load-yaml false
:chart-opts {:fetchOpts {:repo "https://helm.goharbor.io"}
:values {:externalURL '(str "https://" host)
:expose {:type "ingress"
:tls {:enabled false}
:ingress {:className "caddy"
:hosts {:core 'host}}}
:harborAdminPassword 'admin-password
:secretKey 'secret-key
:database {:enabled true
:internal {:password 'db-password}}
:postgresql {:auth {:postgresPassword 'db-password}}
:persistence {:enabled true
:resourcePolicy "keep"
:imageChartStorage {:type "s3"
:redirect {:disable true}
:delete {:enabled true}
:disableredirect true
:s3 {:region 'region
:bucket 'bucket
:secure false
:v4auth true
:accesskey 's3-access-key
:secretkey 's3-secret-key
:regionendpoint 'region-endpoint}}}
:core {:secret 'core-secret
:xsrfKey 'core-xrsf-key
:tokenKey 'core-token-key
:tokenCert 'core-token-cert}
:jobservice {:secret 'jobservice-secret}
:registry {:secret 'registry-secret
:s3 {:region 'region
:bucket 'bucket
:secure false
:forcepathstyle true
:accesskey 's3-access-key
:secretkey 's3-secret-key
:regionendpoint 'region-endpoint}
:upload_purging {:enabled true}
:logLevel "debug"}}
:transformations [(fn [args _opts]
(let [kind (get-in args [:resource :kind])]
(if (some #{kind} ["StatefulSet" "PersistentVolumeClaim" "Ingress"])
(update-in args [:resource :metadata :annotations]
#(assoc (or % {}) "pulumi.com/skipAwait" "true"))
args)))]}
:storage-class-opts {:provisioner "ru.yandex.s3.csi"
:parameters {"mounter" "geesefs"
"bucket" "pulumi-harbor"
"singleBucket" "pulumi-harbor"
"region" "us-east-1"
"accessKey" "something"
"secretKey" "something"
"accessKeyID" "something"
"secretAccessKey" "something"
"usePathStyle" "true"
"insecureSkipVerify" "true"
"options" "--memory-limit 1000 --dir-mode 0777 --file-mode 0666"
"csi.storage.k8s.io/provisioner-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/provisioner-secret-namespace" "kube-system"
"csi.storage.k8s.io/node-publish-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/node-publish-secret-namespace" "kube-system"
"csi.storage.k8s.io/node-stage-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/node-stage-secret-namespace" "kube-system"
"csi.storage.k8s.io/controller-publish-secret-name" "wasabi-csi-secrets"
"csi.storage.k8s.io/controller-publish-secret-namespace" "kube-system"}}
:execute-opts {:docker-json-string
'(str "{\"auths\":{\""
host
"\":{\"auth\":\""
(b64e (str (-> :harbor:robot-account .-name)
":"
(-> :harbor:robot-account .-secret)))
"\"}}}")}
:k8s:secret-opts {:metadata
{:name "harbor-creds-secrets"
:namespace "kube-system"
:annotations {"replicator.v1.mittwald.de/replicate-to" "*"}}
:type "kubernetes.io/dockerconfigjson"
:stringData {".dockerconfigjson" 'docker-json-string}}
:harbor:robot-opts {:name (str "kube" "-robot")
:namespace 'app-name
:level "project"
:permissions [{:kind "project"
:namespace 'app-name
:access [{:action "pull" :resource "repository"}
{:action "list" :resource "repository"}]}]}
:vault-secrets:retrieve-opts {:app-name "harbor"
:app-namespace "harbor"}})