squash all

Mostly copied over from my old repo and modified for app of apps.
Cleaning up the mess from migration

Signed-off-by: gwg313 <gwg313@pm.me>
This commit is contained in:
gwg313 2025-07-03 08:02:33 -04:00
parent 471f30f0b1
commit 52933116f0
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
104 changed files with 2532 additions and 44 deletions

View file

@ -0,0 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: harbor-cert-nginx
namespace: harbor
spec:
secretName: harbor-cert-nginx
issuerRef:
name: letsencrypt-dns
kind: ClusterIssuer
dnsNames:
- harbor.gwg313.xyz

View file

@ -0,0 +1,12 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: harbor-cert
namespace: istio-system
spec:
secretName: harbor-cert
issuerRef:
name: letsencrypt-dns
kind: ClusterIssuer
dnsNames:
- registry.gwg313.xyz

View file

@ -0,0 +1,18 @@
apiVersion: networking.istio.io/v1beta1
kind: Gateway
metadata:
name: harbor-gateway
namespace: harbor
spec:
selector:
istio: gateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
hosts:
- registry.gwg313.xyz
tls:
mode: SIMPLE
credentialName: harbor-cert

View file

@ -0,0 +1,18 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: harbor-iscsi-auth
namespace: harbor
spec:
encryptedData:
discovery.sendtargets.auth.password: AgAeJ3ODG8BmuWuPNj9VRVGJdi68V0NMTAdhF2Nhk8soW+l742UnEQNneZLEg2MBM4iHOit5Nsjw/0YRm8Yb8loTZInIDIXCi6LrP1NX58zANuoc/K8lovHL9BxwSeucfs+/Jh9vfM6tvuFExFz+yHeYhlufWSBkZIqF7LkX/yR7H1Yc5r4hXCJ2lDd/0TDssN8CjrIZ/2R/8rhKB7/14KfHifV/bXVwXUMtevXvbeEqeJxPPvRPb2fX6D3rrlbOLBnWBiRr4pLf76QrKG5ZgRiV2iXOKHfP3JBO5SCh5ftK8qIVgmAt7TcnEftzp4R6z6BvD2s5UNtUdzXSuwBuGW6Hc7jR8KszoziLI4LEVfU5YZtlc4U2NYuvrWUfzl7WB4c15saqr3ZK1jFxfzTQE4CPfY3HD4mQR0wQvzpDFrTI57sygXG5mRcpePnxu62i7rmx/RUSMAY6kt00YnrnSTafufdcFBA+RbFcJ7saDiidhC1R9nmanl1R2bOh0aZN6c5GPfGcaAvP4CqSVmns/e3s3Csm3OIMaKB+D3adkcMT3iDrpmaoN0eSCYFFKeIzUApVgEWMOWGoGRfeomAzJbpqwhfLecNkOAH2jgX3OTDYuKxik1oAwNOlH7s9ogTXtALG51x7brH1Hfcp5J36v0g+dZV4k2/z4V1R4GbQ9HvKiIA/zWDjZXUwh1/Jmf/n1J2tgK4DFnOpfA5+Hi27OFtQ
discovery.sendtargets.auth.username: AgAUXQyptx3bktJI+I6jvViwYvq1tETgA4z06HqAF9sCy7FA/tLnhmaDFOJBlsUUZdxKvybpL4gFfibfEGv0hrVb5yPhf2CZGPRnWEjqRBTzKwmtT8eeRnkR4WxNx/bsJhlNr3p1EAAVYJqot4qH6FuFh9zG/rwzAaLT883/p4HCGPf0vgCQmQYOrKT1tNVb7+hvDWLTkA+A45R86SznapYMT+awIHRO/ePngMYzpwmnBw82X+z7QubLSZyqEzyBoF7G1Bst81aiSlCeip/BWgS///EAvqvFTUMMHkRn48Qm4S4qRHepEJD3jpk28PcF4hs06e3NluEmxJ6cr7ejtFMoSu0vkw5FHHZN3U5YoafxvC8hc+5TotkFs4KIUnAsgFwTn68w7qwjmClUtFoughW3Ku5+7DEd1Klw1CBqSO7kURZI/777kyfcoEeXmkXbRzr8lOfvJoaMrHUsR5v9RZrsvWiuhXJjOdfVGw5p8RL137E4MxPwMAdlCW3Ry78AJnSAaIn+3Nuv0+lSpB1LFGGiuDPR5hKfA/dKX+FqFFF1CMn7q/DrLlcBlkjUHLR5sg0IBc4EReZLLa02USNwsisTkiQo+Wm5rwZ0ZvCCHOSmJjbLsbmqzSuAf5ffVcnEk2OWjxzZoMB8+d7HRqXumrA7vKK70sTpSNoMR1UuL0Kfgm8wvKvP3Fqd0dKEb/etLaGvL0RJ4ek=
node.session.auth.password: AgANvpN/nYqlyN7mZyIBE9aXRrOiINOTurXYDSwI9N9rc2SwBKvtUC9kvDE/5MZaU/Itk2SK4vFJEKuLkmomeyk9BFJJ0V3tqEDklgvGG2EMSt8Xlj9We8ujWnrN4GYSb047F3b0mBakczxcRNiJisPkvq/XyYrBVCgPPJqVhJIYKXjSXcthd1Jfd3kJzbippjCykmupRTbz7/Vk6QtKmQXfEcPDuOLPCaF/gFL2/3vVachJh7zON62lKCkuHE7QTeIEPFOCJib/oDSi2TG4ts5u8h+uTXoJCBpJwAGDhHly6cOOAiXR9BAp2nbprRb193Ga5aOGmR+qXmjQdMc3dLiJnWpMmGo0tbl5JD4bUOi/E9VFzOprKdGeYlGssGOTdAtmlrnKvaiSS6YiuCvFMFsHdo8jyC45dE4LNuiOI3MX6mkyLEGOYStiS8e/HzRPg5AGLQsuD33RVKE0+IpPGys4ScU44k+jclpcdS00eXI+ZSEfSUQA8di8rXgZfrJLvuVtRFCTjx3HA8kb4J68nHEdBeXJJEQp9Nx/Tc1ic/Iyi+Br/4Pw+UQHI3YYkUfwWaBuCqxOX5Yedcy3BHqxkdCARNVB9cRBcfFMhJJnS6WVaCgXa0qzZLt7RqutVCa7jtCOmMK3PiU4q09ML4OqyIg/HV+c2OMCJG9nBKL8wtE0Huz1ZNWDgFIWybKA4an1P2cULiMAMNQHGPrvL+o9v9CO
node.session.auth.username: AgA+bt5d5wiAHDmoV5fJExQIUFFy+WmJFFmZY5/WnulzC+/SRxssz/MtikNv8nkFdtvPfTXM57ic2SwPfSXULyQbDY/Kiwi0UejaC+9lN+weCKhks2UgaHYUtv3Inm6xLMHcvfxrwUERrfx7U70vl60WP3CYQ91l0d3fxbbRByw3TZuTZkuYnGmCsfJK0q+hd7GCa8cSxMvUf32MbRrVXecxsBKB4dtsMz0kHiZaH0wchmzWV/mBmAHV5oqkTyk3rAKZHd8D9uqy23fUr8BV6e5hSF67JicCgn94gJq8Z0hrDnu93zZl+mCFnkwPk9uA1jAuQOptHNdXEkZSjUKXFSp5pG5hgxCmwtJNBxUiZDc7IjPETCh/BzD3WLHIzfYAqW7LxDDr9IKlUEf5CUeBw2CULCq9wIaRhXqiJmV36XmMlAGJt+J2SCCKUbhKsJfyHL+PG19gDv2f75bcWc3U6646Pn5b3f0X+eJ9wIyW2Q1cqxo0yZJ+kQ3M7/ABOQfZBYoafi305fE5byecWBgz91ZrXDG/lXGat1rZBVpZ660iIZ9YvCHCC0Vb5LNEPwsfgodUnp1lXoSq8Fm6ggfLhKLL2JrlJhmou3fHsnovNmqTC9wJ026iGrwFNE8nRKvniK8aujK8IHfklodDSFWC4h/IpJf9oLWw8li0a4Ll/s0msFlWq+GABYJZW9CA0br0tp4Or8PwUwM=
template:
metadata:
creationTimestamp: null
name: harbor-iscsi-auth
namespace: harbor
type: kubernetes.io/iscsi-chap

197
harbor-config/storage.yaml Normal file
View file

@ -0,0 +1,197 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-registry-pv
spec:
capacity:
storage: 200Gi
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
persistentVolumeReclaimPolicy: Retain
storageClassName: harbor-iscsi
iscsi:
targetPortal: truenas.local.gwg313.xyz
iqn: iqn.2005-10.org.freenas.ctl:harbor-registry
lun: 1
fsType: ext4
readOnly: false
chapAuthDiscovery: true
chapAuthSession: true
secretRef:
name: harbor-iscsi-auth
namespace: harbor
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-registry
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
storageClassName: harbor-iscsi
volumeName: harbor-registry-pv
resources:
requests:
storage: 200Gi
# Harbor: Jobservice
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-jobservice-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
persistentVolumeReclaimPolicy: Retain
storageClassName: harbor-iscsi
iscsi:
targetPortal: truenas.local.gwg313.xyz
iqn: iqn.2005-10.org.freenas.ctl:harbor-jobservice
lun: 0
fsType: ext4
readOnly: false
chapAuthDiscovery: true
chapAuthSession: true
secretRef:
name: harbor-iscsi-auth
namespace: harbor
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-jobservice
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
storageClassName: harbor-iscsi
volumeName: harbor-jobservice-pv
resources:
requests:
storage: 10Gi
# Harbor: Database
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-database-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
persistentVolumeReclaimPolicy: Retain
storageClassName: harbor-iscsi
iscsi:
targetPortal: truenas.local.gwg313.xyz
iqn: iqn.2005-10.org.freenas.ctl:harbor-database
lun: 2
fsType: ext4
readOnly: false
chapAuthDiscovery: true
chapAuthSession: true
secretRef:
name: harbor-iscsi-auth
namespace: harbor
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-database
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
storageClassName: harbor-iscsi
volumeName: harbor-database-pv
resources:
requests:
storage: 10Gi
# Harbor: Redis
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-redis-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
persistentVolumeReclaimPolicy: Retain
storageClassName: harbor-iscsi
iscsi:
targetPortal: truenas.local.gwg313.xyz
iqn: iqn.2005-10.org.freenas.ctl:harbor-redis
lun: 3
fsType: ext4
readOnly: false
chapAuthDiscovery: true
chapAuthSession: true
secretRef:
name: harbor-iscsi-auth
namespace: harbor
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-redis
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
storageClassName: harbor-iscsi
volumeName: harbor-redis-pv
resources:
requests:
storage: 10Gi
# Harbor: Trivy
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor-trivy-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
persistentVolumeReclaimPolicy: Retain
storageClassName: harbor-iscsi
iscsi:
targetPortal: truenas.local.gwg313.xyz
iqn: iqn.2005-10.org.freenas.ctl:harbor-trivy
lun: 4
fsType: ext4
readOnly: false
chapAuthDiscovery: true
chapAuthSession: true
secretRef:
name: harbor-iscsi-auth
namespace: harbor
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor-trivy
namespace: harbor
spec:
accessModes:
- ReadWriteOnce
storageClassName: harbor-iscsi
volumeName: harbor-trivy-pv
resources:
requests:
storage: 10Gi

View file

@ -0,0 +1,39 @@
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: harbor
namespace: harbor
spec:
hosts:
- registry.gwg313.xyz
gateways:
- harbor-gateway
http:
- match:
- uri:
prefix: /api/
- uri:
prefix: /service/
- uri:
prefix: /chartrepo
- uri:
prefix: /c/
- uri:
prefix: /v1/
- uri:
prefix: /v2/
route:
- destination:
host: harbor-core
port:
number: 80
- match:
- uri:
prefix: /
name: portal
route:
- destination:
host: harbor-portal
port:
number: 80
timeout: 30s