squash all
Mostly copied over from my old repo and modified for app of apps. Cleaning up the mess from migration Signed-off-by: gwg313 <gwg313@pm.me>
This commit is contained in:
parent
471f30f0b1
commit
52933116f0
104 changed files with 2532 additions and 44 deletions
12
harbor-config/certificate-harbor.yaml
Normal file
12
harbor-config/certificate-harbor.yaml
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: harbor-cert-nginx
|
||||
namespace: harbor
|
||||
spec:
|
||||
secretName: harbor-cert-nginx
|
||||
issuerRef:
|
||||
name: letsencrypt-dns
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- harbor.gwg313.xyz
|
||||
12
harbor-config/certificate.yaml
Normal file
12
harbor-config/certificate.yaml
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: harbor-cert
|
||||
namespace: istio-system
|
||||
spec:
|
||||
secretName: harbor-cert
|
||||
issuerRef:
|
||||
name: letsencrypt-dns
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- registry.gwg313.xyz
|
||||
18
harbor-config/gateway.yaml
Normal file
18
harbor-config/gateway.yaml
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
apiVersion: networking.istio.io/v1beta1
|
||||
kind: Gateway
|
||||
metadata:
|
||||
name: harbor-gateway
|
||||
namespace: harbor
|
||||
spec:
|
||||
selector:
|
||||
istio: gateway
|
||||
servers:
|
||||
- port:
|
||||
number: 443
|
||||
name: https
|
||||
protocol: HTTPS
|
||||
hosts:
|
||||
- registry.gwg313.xyz
|
||||
tls:
|
||||
mode: SIMPLE
|
||||
credentialName: harbor-cert
|
||||
18
harbor-config/harbor-iscsi-secrets-sealed.yaml
Normal file
18
harbor-config/harbor-iscsi-secrets-sealed.yaml
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: harbor-iscsi-auth
|
||||
namespace: harbor
|
||||
spec:
|
||||
encryptedData:
|
||||
discovery.sendtargets.auth.password: AgAeJ3ODG8BmuWuPNj9VRVGJdi68V0NMTAdhF2Nhk8soW+l742UnEQNneZLEg2MBM4iHOit5Nsjw/0YRm8Yb8loTZInIDIXCi6LrP1NX58zANuoc/K8lovHL9BxwSeucfs+/Jh9vfM6tvuFExFz+yHeYhlufWSBkZIqF7LkX/yR7H1Yc5r4hXCJ2lDd/0TDssN8CjrIZ/2R/8rhKB7/14KfHifV/bXVwXUMtevXvbeEqeJxPPvRPb2fX6D3rrlbOLBnWBiRr4pLf76QrKG5ZgRiV2iXOKHfP3JBO5SCh5ftK8qIVgmAt7TcnEftzp4R6z6BvD2s5UNtUdzXSuwBuGW6Hc7jR8KszoziLI4LEVfU5YZtlc4U2NYuvrWUfzl7WB4c15saqr3ZK1jFxfzTQE4CPfY3HD4mQR0wQvzpDFrTI57sygXG5mRcpePnxu62i7rmx/RUSMAY6kt00YnrnSTafufdcFBA+RbFcJ7saDiidhC1R9nmanl1R2bOh0aZN6c5GPfGcaAvP4CqSVmns/e3s3Csm3OIMaKB+D3adkcMT3iDrpmaoN0eSCYFFKeIzUApVgEWMOWGoGRfeomAzJbpqwhfLecNkOAH2jgX3OTDYuKxik1oAwNOlH7s9ogTXtALG51x7brH1Hfcp5J36v0g+dZV4k2/z4V1R4GbQ9HvKiIA/zWDjZXUwh1/Jmf/n1J2tgK4DFnOpfA5+Hi27OFtQ
|
||||
discovery.sendtargets.auth.username: AgAUXQyptx3bktJI+I6jvViwYvq1tETgA4z06HqAF9sCy7FA/tLnhmaDFOJBlsUUZdxKvybpL4gFfibfEGv0hrVb5yPhf2CZGPRnWEjqRBTzKwmtT8eeRnkR4WxNx/bsJhlNr3p1EAAVYJqot4qH6FuFh9zG/rwzAaLT883/p4HCGPf0vgCQmQYOrKT1tNVb7+hvDWLTkA+A45R86SznapYMT+awIHRO/ePngMYzpwmnBw82X+z7QubLSZyqEzyBoF7G1Bst81aiSlCeip/BWgS///EAvqvFTUMMHkRn48Qm4S4qRHepEJD3jpk28PcF4hs06e3NluEmxJ6cr7ejtFMoSu0vkw5FHHZN3U5YoafxvC8hc+5TotkFs4KIUnAsgFwTn68w7qwjmClUtFoughW3Ku5+7DEd1Klw1CBqSO7kURZI/777kyfcoEeXmkXbRzr8lOfvJoaMrHUsR5v9RZrsvWiuhXJjOdfVGw5p8RL137E4MxPwMAdlCW3Ry78AJnSAaIn+3Nuv0+lSpB1LFGGiuDPR5hKfA/dKX+FqFFF1CMn7q/DrLlcBlkjUHLR5sg0IBc4EReZLLa02USNwsisTkiQo+Wm5rwZ0ZvCCHOSmJjbLsbmqzSuAf5ffVcnEk2OWjxzZoMB8+d7HRqXumrA7vKK70sTpSNoMR1UuL0Kfgm8wvKvP3Fqd0dKEb/etLaGvL0RJ4ek=
|
||||
node.session.auth.password: AgANvpN/nYqlyN7mZyIBE9aXRrOiINOTurXYDSwI9N9rc2SwBKvtUC9kvDE/5MZaU/Itk2SK4vFJEKuLkmomeyk9BFJJ0V3tqEDklgvGG2EMSt8Xlj9We8ujWnrN4GYSb047F3b0mBakczxcRNiJisPkvq/XyYrBVCgPPJqVhJIYKXjSXcthd1Jfd3kJzbippjCykmupRTbz7/Vk6QtKmQXfEcPDuOLPCaF/gFL2/3vVachJh7zON62lKCkuHE7QTeIEPFOCJib/oDSi2TG4ts5u8h+uTXoJCBpJwAGDhHly6cOOAiXR9BAp2nbprRb193Ga5aOGmR+qXmjQdMc3dLiJnWpMmGo0tbl5JD4bUOi/E9VFzOprKdGeYlGssGOTdAtmlrnKvaiSS6YiuCvFMFsHdo8jyC45dE4LNuiOI3MX6mkyLEGOYStiS8e/HzRPg5AGLQsuD33RVKE0+IpPGys4ScU44k+jclpcdS00eXI+ZSEfSUQA8di8rXgZfrJLvuVtRFCTjx3HA8kb4J68nHEdBeXJJEQp9Nx/Tc1ic/Iyi+Br/4Pw+UQHI3YYkUfwWaBuCqxOX5Yedcy3BHqxkdCARNVB9cRBcfFMhJJnS6WVaCgXa0qzZLt7RqutVCa7jtCOmMK3PiU4q09ML4OqyIg/HV+c2OMCJG9nBKL8wtE0Huz1ZNWDgFIWybKA4an1P2cULiMAMNQHGPrvL+o9v9CO
|
||||
node.session.auth.username: AgA+bt5d5wiAHDmoV5fJExQIUFFy+WmJFFmZY5/WnulzC+/SRxssz/MtikNv8nkFdtvPfTXM57ic2SwPfSXULyQbDY/Kiwi0UejaC+9lN+weCKhks2UgaHYUtv3Inm6xLMHcvfxrwUERrfx7U70vl60WP3CYQ91l0d3fxbbRByw3TZuTZkuYnGmCsfJK0q+hd7GCa8cSxMvUf32MbRrVXecxsBKB4dtsMz0kHiZaH0wchmzWV/mBmAHV5oqkTyk3rAKZHd8D9uqy23fUr8BV6e5hSF67JicCgn94gJq8Z0hrDnu93zZl+mCFnkwPk9uA1jAuQOptHNdXEkZSjUKXFSp5pG5hgxCmwtJNBxUiZDc7IjPETCh/BzD3WLHIzfYAqW7LxDDr9IKlUEf5CUeBw2CULCq9wIaRhXqiJmV36XmMlAGJt+J2SCCKUbhKsJfyHL+PG19gDv2f75bcWc3U6646Pn5b3f0X+eJ9wIyW2Q1cqxo0yZJ+kQ3M7/ABOQfZBYoafi305fE5byecWBgz91ZrXDG/lXGat1rZBVpZ660iIZ9YvCHCC0Vb5LNEPwsfgodUnp1lXoSq8Fm6ggfLhKLL2JrlJhmou3fHsnovNmqTC9wJ026iGrwFNE8nRKvniK8aujK8IHfklodDSFWC4h/IpJf9oLWw8li0a4Ll/s0msFlWq+GABYJZW9CA0br0tp4Or8PwUwM=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: harbor-iscsi-auth
|
||||
namespace: harbor
|
||||
type: kubernetes.io/iscsi-chap
|
||||
197
harbor-config/storage.yaml
Normal file
197
harbor-config/storage.yaml
Normal file
|
|
@ -0,0 +1,197 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: harbor-registry-pv
|
||||
spec:
|
||||
capacity:
|
||||
storage: 200Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: harbor-iscsi
|
||||
iscsi:
|
||||
targetPortal: truenas.local.gwg313.xyz
|
||||
iqn: iqn.2005-10.org.freenas.ctl:harbor-registry
|
||||
lun: 1
|
||||
fsType: ext4
|
||||
readOnly: false
|
||||
chapAuthDiscovery: true
|
||||
chapAuthSession: true
|
||||
secretRef:
|
||||
name: harbor-iscsi-auth
|
||||
namespace: harbor
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: harbor-registry
|
||||
namespace: harbor
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: harbor-iscsi
|
||||
volumeName: harbor-registry-pv
|
||||
resources:
|
||||
requests:
|
||||
storage: 200Gi
|
||||
|
||||
# Harbor: Jobservice
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: harbor-jobservice-pv
|
||||
spec:
|
||||
capacity:
|
||||
storage: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: harbor-iscsi
|
||||
iscsi:
|
||||
targetPortal: truenas.local.gwg313.xyz
|
||||
iqn: iqn.2005-10.org.freenas.ctl:harbor-jobservice
|
||||
lun: 0
|
||||
fsType: ext4
|
||||
readOnly: false
|
||||
chapAuthDiscovery: true
|
||||
chapAuthSession: true
|
||||
secretRef:
|
||||
name: harbor-iscsi-auth
|
||||
namespace: harbor
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: harbor-jobservice
|
||||
namespace: harbor
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: harbor-iscsi
|
||||
volumeName: harbor-jobservice-pv
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
|
||||
# Harbor: Database
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: harbor-database-pv
|
||||
spec:
|
||||
capacity:
|
||||
storage: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: harbor-iscsi
|
||||
iscsi:
|
||||
targetPortal: truenas.local.gwg313.xyz
|
||||
iqn: iqn.2005-10.org.freenas.ctl:harbor-database
|
||||
lun: 2
|
||||
fsType: ext4
|
||||
readOnly: false
|
||||
chapAuthDiscovery: true
|
||||
chapAuthSession: true
|
||||
secretRef:
|
||||
name: harbor-iscsi-auth
|
||||
namespace: harbor
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: harbor-database
|
||||
namespace: harbor
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: harbor-iscsi
|
||||
volumeName: harbor-database-pv
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
|
||||
# Harbor: Redis
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: harbor-redis-pv
|
||||
spec:
|
||||
capacity:
|
||||
storage: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: harbor-iscsi
|
||||
iscsi:
|
||||
targetPortal: truenas.local.gwg313.xyz
|
||||
iqn: iqn.2005-10.org.freenas.ctl:harbor-redis
|
||||
lun: 3
|
||||
fsType: ext4
|
||||
readOnly: false
|
||||
chapAuthDiscovery: true
|
||||
chapAuthSession: true
|
||||
secretRef:
|
||||
name: harbor-iscsi-auth
|
||||
namespace: harbor
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: harbor-redis
|
||||
namespace: harbor
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: harbor-iscsi
|
||||
volumeName: harbor-redis-pv
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
|
||||
# Harbor: Trivy
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: harbor-trivy-pv
|
||||
spec:
|
||||
capacity:
|
||||
storage: 10Gi
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
volumeMode: Filesystem
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: harbor-iscsi
|
||||
iscsi:
|
||||
targetPortal: truenas.local.gwg313.xyz
|
||||
iqn: iqn.2005-10.org.freenas.ctl:harbor-trivy
|
||||
lun: 4
|
||||
fsType: ext4
|
||||
readOnly: false
|
||||
chapAuthDiscovery: true
|
||||
chapAuthSession: true
|
||||
secretRef:
|
||||
name: harbor-iscsi-auth
|
||||
namespace: harbor
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: harbor-trivy
|
||||
namespace: harbor
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
storageClassName: harbor-iscsi
|
||||
volumeName: harbor-trivy-pv
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
39
harbor-config/virtualservice.yaml
Normal file
39
harbor-config/virtualservice.yaml
Normal file
|
|
@ -0,0 +1,39 @@
|
|||
apiVersion: networking.istio.io/v1beta1
|
||||
kind: VirtualService
|
||||
metadata:
|
||||
name: harbor
|
||||
namespace: harbor
|
||||
spec:
|
||||
hosts:
|
||||
- registry.gwg313.xyz
|
||||
gateways:
|
||||
- harbor-gateway
|
||||
http:
|
||||
- match:
|
||||
- uri:
|
||||
prefix: /api/
|
||||
- uri:
|
||||
prefix: /service/
|
||||
- uri:
|
||||
prefix: /chartrepo
|
||||
- uri:
|
||||
prefix: /c/
|
||||
- uri:
|
||||
prefix: /v1/
|
||||
- uri:
|
||||
prefix: /v2/
|
||||
route:
|
||||
- destination:
|
||||
host: harbor-core
|
||||
port:
|
||||
number: 80
|
||||
- match:
|
||||
- uri:
|
||||
prefix: /
|
||||
name: portal
|
||||
route:
|
||||
- destination:
|
||||
host: harbor-portal
|
||||
port:
|
||||
number: 80
|
||||
timeout: 30s
|
||||
Loading…
Add table
Add a link
Reference in a new issue