mirror of
https://github.com/bitnami/charts.git
synced 2026-02-10 20:27:38 +08:00
[bitnami/harbor] feat(redis tls): Support connecting to SSL/TLS Redis endpoints (#32999)
* [bitnami/harbor] feat(readis tls): Add support for TLS in redis client Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> * Add documentation and validation Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Remove non ASCII character Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> * Update bitnami/harbor/templates/trivy/trivy-sts.yaml Co-authored-by: Juan Ariza Toledano <juan.ariza@broadcom.com> Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> * Apply suggestions Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> * Update CHANGELOG.md Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> * Update bitnami/harbor/values.yaml Co-authored-by: Juan Ariza Toledano <juan.ariza@broadcom.com> Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> * Update bitnami/harbor/values.yaml Co-authored-by: Juan Ariza Toledano <juan.ariza@broadcom.com> Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> * Update bitnami/harbor/templates/_helpers.tpl Co-authored-by: Juan Ariza Toledano <juan.ariza@broadcom.com> Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> --------- Signed-off-by: Fran Mulero <francisco-jose.mulero@broadcom.com> Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com> Co-authored-by: Bitnami Bot <bitnami.bot@broadcom.com> Co-authored-by: Juan Ariza Toledano <juan.ariza@broadcom.com>
This commit is contained in:
Fran Mulero
@@ -1,8 +1,12 @@
|
||||
# Changelog
|
||||
|
||||
## 24.5.1 (2025-04-11)
|
||||
## 24.6.0 (2025-04-15)
|
||||
|
||||
* [bitnami/harbor] Release 24.5.1 ([#32973](https://github.com/bitnami/charts/pull/32973))
|
||||
* [bitnami/harbor] feat(redis tls): Support connecting to SSL/TLS Redis endpoints ([#32999](https://github.com/bitnami/charts/pull/32999))
|
||||
|
||||
## <small>24.5.1 (2025-04-11)</small>
|
||||
|
||||
* [bitnami/harbor] Release 24.5.1 (#32973) ([a229712](https://github.com/bitnami/charts/commit/a2297124b5e7956c5f564be37d58e1a3c5e84373)), closes [#32973](https://github.com/bitnami/charts/issues/32973)
|
||||
|
||||
## 24.5.0 (2025-03-27)
|
||||
|
||||
|
||||
@@ -56,4 +56,4 @@ maintainers:
|
||||
name: harbor
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/harbor
|
||||
version: 24.5.1
|
||||
version: 24.6.0
|
||||
|
||||
@@ -342,7 +342,7 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
|
||||
| `persistence.imageChartStorage.swift.insecureskipverify` | Swift storage type setting: Verification | `""` |
|
||||
| `persistence.imageChartStorage.swift.chunksize` | Swift storage type setting: Chunk | `""` |
|
||||
| `persistence.imageChartStorage.swift.prefix` | Swift storage type setting: Prefix | `""` |
|
||||
| `persistence.imageChartStorage.swift.secretkey` | Swift storage type setting: Secre Key | `""` |
|
||||
| `persistence.imageChartStorage.swift.secretkey` | Swift storage type setting: Secret Key | `""` |
|
||||
| `persistence.imageChartStorage.swift.accesskey` | Swift storage type setting: Access Key | `""` |
|
||||
| `persistence.imageChartStorage.swift.authversion` | Swift storage type setting: Auth | `""` |
|
||||
| `persistence.imageChartStorage.swift.endpointtype` | Swift storage type setting: Endpoint | `""` |
|
||||
@@ -1236,6 +1236,13 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
|
||||
| Name | Description | Value |
|
||||
| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ |
|
||||
| `redis.enabled` | Switch to enable or disable the Redis® helm | `true` |
|
||||
| `redis.tls.enabled` | Enable Redis TLS traffic | `false` |
|
||||
| `redis.tls.authClients` | Require Redis clients to authenticate. Mutual TLS is not supported by Harbor. | `false` |
|
||||
| `redis.tls.autoGenerated` | Enable autogenerated Redis TLS certificates | `true` |
|
||||
| `redis.tls.existingSecret` | The name of the existing secret that contains the Redis TLS certificates | `""` |
|
||||
| `redis.tls.certFilename` | Name of key in existing secret for the Redis TLS certificate | `""` |
|
||||
| `redis.tls.certKeyFilename` | Name of key in existing secret for the Redis TLS certificate key | `""` |
|
||||
| `redis.tls.certCAFilename` | Name of key in existing secret for the Redis CA certificate | `""` |
|
||||
| `redis.auth.enabled` | Enable password authentication | `false` |
|
||||
| `redis.auth.password` | Redis® password | `""` |
|
||||
| `redis.auth.existingSecret` | The name of an existing secret with Redis® credentials | `""` |
|
||||
@@ -1252,6 +1259,9 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
|
||||
| `externalRedis.jobserviceDatabaseIndex` | Index for jobservice database | `1` |
|
||||
| `externalRedis.registryDatabaseIndex` | Index for registry database | `2` |
|
||||
| `externalRedis.trivyAdapterDatabaseIndex` | Index for trivy adapter database | `5` |
|
||||
| `externalRedis.tls.enabled` | Enable Redis TLS traffic | `false` |
|
||||
| `externalRedis.tls.existingSecret` | The name of the existing secret that contains the Redis TLS certificates | `""` |
|
||||
| `externalRedis.tls.certCAFilename` | Name of key in existing secret for the Redis CA certificate | `""` |
|
||||
| `externalRedis.sentinel.enabled` | If external redis with sentinal is used, set it to `true` | `false` |
|
||||
| `externalRedis.sentinel.masterSet` | Name of sentinel masterSet if sentinel is used | `mymaster` |
|
||||
| `externalRedis.sentinel.hosts` | Sentinel hosts and ports in the format | `""` |
|
||||
|
||||
@@ -163,7 +163,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.redis.host" -}}
|
||||
{{- ternary (ternary (printf "%s-headless" (include "harbor.redis.fullname" .)) (printf "%s-master" (include "harbor.redis.fullname" .)) .Values.redis.sentinel.enabled) (ternary (printf "%s" .Values.externalRedis.sentinel.hosts) .Values.externalRedis.host .Values.externalRedis.sentinel.enabled) .Values.redis.enabled -}}
|
||||
{{- ternary (ternary (printf "%s-headless.%s.svc.%s" (include "harbor.redis.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain ) (printf "%s-master.%s.svc.%s" (include "harbor.redis.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain ) .Values.redis.sentinel.enabled) (ternary (printf "%s" .Values.externalRedis.sentinel.hosts) .Values.externalRedis.host .Values.externalRedis.sentinel.enabled) .Values.redis.enabled -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.redis.port" -}}
|
||||
@@ -214,19 +214,29 @@ Return whether Redis® uses password authentication or not
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Redis Scheme used in the connection URL */}}
|
||||
{{- define "harbor.redis.scheme" -}}
|
||||
{{- $defaultScheme := ternary "rediss" "redis" (or .Values.externalRedis.tls.enabled .Values.redis.tls.enabled ) -}}
|
||||
{{- if or .Values.externalRedis.sentinel.enabled .Values.redis.sentinel.enabled -}}
|
||||
{{- printf "%s+sentinel" $defaultScheme -}}
|
||||
{{- else -}}
|
||||
{{- print $defaultScheme -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*the username redis is used for a placeholder as no username needed in redis*/}}
|
||||
{{- define "harbor.redisForJobservice" -}}
|
||||
{{- if and (eq .Values.externalRedis.sentinel.enabled false) (eq .Values.redis.sentinel.enabled false) -}}
|
||||
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
|
||||
{{- printf "redis://default:%s@%s:%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.jobserviceDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://default:%s@%s:%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.jobserviceDatabaseIndex" . ) -}}
|
||||
{{- else -}}
|
||||
{{- printf "redis://%s:%s/%s" (include "harbor.redis.host" .) (include "harbor.redis.port" .) (include "harbor.redis.jobserviceDatabaseIndex" .) -}}
|
||||
{{- printf "%s://%s:%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.host" .) (include "harbor.redis.port" .) (include "harbor.redis.jobserviceDatabaseIndex" .) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
|
||||
{{- printf "redis+sentinel://default:%s@%s:%s/%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.jobserviceDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://default:%s@%s:%s/%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.jobserviceDatabaseIndex" . ) -}}
|
||||
{{- else -}}
|
||||
{{- printf "redis+sentinel://%s:%s/%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.jobserviceDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://%s:%s/%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.jobserviceDatabaseIndex" . ) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -235,15 +245,15 @@ Return whether Redis® uses password authentication or not
|
||||
{{- define "harbor.redisForGC" -}}
|
||||
{{- if and (eq .Values.externalRedis.sentinel.enabled false) (eq .Values.redis.sentinel.enabled false) -}}
|
||||
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
|
||||
{{- printf "redis://default:%s@%s:%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.registryDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://default:%s@%s:%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.registryDatabaseIndex" . ) -}}
|
||||
{{- else -}}
|
||||
{{- printf "redis://%s:%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.registryDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://%s:%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.registryDatabaseIndex" . ) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
|
||||
{{- printf "redis+sentinel://default:%s@%s:%s/%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.registryDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://default:%s@%s:%s/%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.registryDatabaseIndex" . ) -}}
|
||||
{{- else -}}
|
||||
{{- printf "redis+sentinel://%s:%s/%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.registryDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://%s:%s/%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.registryDatabaseIndex" . ) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -251,15 +261,15 @@ Return whether Redis® uses password authentication or not
|
||||
{{- define "harbor.redisForTrivyAdapter" -}}
|
||||
{{- if and (eq .Values.externalRedis.sentinel.enabled false) (eq .Values.redis.sentinel.enabled false) -}}
|
||||
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
|
||||
{{- printf "redis://default:%s@%s:%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.trivyAdapterDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://default:%s@%s:%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.trivyAdapterDatabaseIndex" . ) -}}
|
||||
{{- else -}}
|
||||
{{- printf "redis://%s:%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.trivyAdapterDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://%s:%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.trivyAdapterDatabaseIndex" . ) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
|
||||
{{- printf "redis+sentinel://default:%s@%s:%s/%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.trivyAdapterDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://default:%s@%s:%s/%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.trivyAdapterDatabaseIndex" . ) -}}
|
||||
{{- else -}}
|
||||
{{- printf "redis+sentinel://%s:%s/%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.trivyAdapterDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://%s:%s/%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.trivyAdapterDatabaseIndex" . ) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -267,19 +277,59 @@ Return whether Redis® uses password authentication or not
|
||||
{{- define "harbor.redisForCore" -}}
|
||||
{{- if and (eq .Values.externalRedis.sentinel.enabled false) (eq .Values.redis.sentinel.enabled false) -}}
|
||||
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
|
||||
{{- printf "redis://default:%s@%s:%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.coreDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://default:%s@%s:%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.coreDatabaseIndex" . ) -}}
|
||||
{{- else -}}
|
||||
{{- printf "redis://%s:%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.coreDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://%s:%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.coreDatabaseIndex" . ) -}}
|
||||
{{- end -}}
|
||||
{{- else -}}
|
||||
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
|
||||
{{- printf "redis+sentinel://default:%s@%s:%s/%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.coreDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://default:%s@%s:%s/%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.coreDatabaseIndex" . ) -}}
|
||||
{{- else -}}
|
||||
{{- printf "redis+sentinel://%s:%s/%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.coreDatabaseIndex" . ) -}}
|
||||
{{- printf "%s://%s:%s/%s/%s" (include "harbor.redis.scheme" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.sentinel.masterSet" . ) (include "harbor.redis.coreDatabaseIndex" . ) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Volume Mount with Redis TLS secrets */}}
|
||||
{{- define "harbor.redis.caVolumeMount" -}}
|
||||
{{- if or .Values.redis.tls.enabled .Values.externalRedis.tls.enabled -}}
|
||||
- name: redis-certs
|
||||
mountPath: /harbor_cust_cert/redis-ca.crt
|
||||
subPath: {{ include "harbor.redis.caFileName" . | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Volume with Redis TLS secrets */}}
|
||||
{{- define "harbor.redis.caVolume" -}}
|
||||
{{- if or .Values.redis.tls.enabled .Values.externalRedis.tls.enabled -}}
|
||||
- name: redis-certs
|
||||
secret:
|
||||
secretName: {{ include "harbor.redis.caSecretName" . | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Get Redis secret with the CA certificate */}}
|
||||
{{- define "harbor.redis.caSecretName" -}}
|
||||
{{- if and .Values.redis.enabled .Values.redis.tls.enabled .Values.redis.tls.existingSecret -}}
|
||||
{{- print (tpl .Values.redis.tls.existingSecret .) -}}
|
||||
{{- else if and .Values.externalRedis .Values.externalRedis.tls.enabled .Values.externalRedis.tls.existingSecret -}}
|
||||
{{- print (tpl .Values.externalRedis.tls.existingSecret .) -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-crt" (include "harbor.redis.fullname" .) -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Get key in Redis secret with the CA certificate */}}
|
||||
{{- define "harbor.redis.caFileName" -}}
|
||||
{{- if and .Values.redis.enabled .Values.redis.tls.enabled .Values.redis.tls.certCAFilename -}}
|
||||
{{- print (tpl .Values.redis.tls.certCAFilename .) -}}
|
||||
{{- else if and .Values.externalRedis .Values.externalRedis.tls.enabled .Values.externalRedis.tls.certCAFilename -}}
|
||||
{{- print (tpl .Values.externalRedis.tls.certCAFilename .) -}}
|
||||
{{- else -}}
|
||||
{{- print "ca.crt" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "harbor.portal" -}}
|
||||
{{- printf "%s-portal" (include "common.names.fullname" .) -}}
|
||||
{{- end -}}
|
||||
@@ -412,6 +462,8 @@ Compile all warnings into a single message, and call fail.
|
||||
{{- $messages := list -}}
|
||||
{{- $messages := append $messages (include "harbor.validateValues.postgresqlPassword" .) -}}
|
||||
{{- $messages := append $messages (include "harbor.validateValues.exposureType" .) -}}
|
||||
{{- $messages := append $messages (include "harbor.validateValues.redisTLS" .) -}}
|
||||
{{- $messages := append $messages (include "harbor.validateValues.redisMutualTLS" .) -}}
|
||||
{{- $messages := without $messages "" -}}
|
||||
{{- $message := join "\n" $messages -}}
|
||||
|
||||
@@ -446,6 +498,26 @@ harbor: exposureType
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Harbor - must provide a valid Redis TLS config */}}
|
||||
{{- define "harbor.validateValues.redisTLS" -}}
|
||||
{{- if or (and (not .Values.redis.enabled) .Values.externalRedis.tls.enabled (not .Values.externalRedis.tls.existingSecret))
|
||||
(and .Values.redis.enabled (not .Values.redis.tls.autoGenerated) (not .Values.redis.tls.existingSecret)) -}}
|
||||
harbor: Redis TLS
|
||||
CA certificate for Redis when TLS is enabled is required.
|
||||
Please set redis.tls.existingSecret or externalRedis.tls.existingSecret. Example:
|
||||
kubectl create secret generic redis-ca --from-file ca.crt (--set externalRedis.tls.existingSecret="redis-ca")
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Validate values of Harbor - Redis Mutual TLS not supported */}}
|
||||
{{- define "harbor.validateValues.redisMutualTLS" -}}
|
||||
{{- if and .Values.redis.tls.enabled .Values.redis.tls.authClients -}}
|
||||
harbor: Redis Mutual TLS
|
||||
At the moment Harbor does not support this configuration. Please set
|
||||
redis.tls.authClients to false (--set redis.tls.authClients=false)
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* lists all tracing related environment variables except for TRACE_SERVICE_NAME, which should be set separately */}}
|
||||
{{- define "harbor.tracing.envvars" -}}
|
||||
TRACE_ENABLE: {{ .Values.tracing.enabled | quote }}
|
||||
|
||||
@@ -254,6 +254,7 @@ spec:
|
||||
mountPath: /etc/core/auth-ca/auth-ca.crt
|
||||
subPath: auth-ca.crt
|
||||
{{- end }}
|
||||
{{- include "harbor.redis.caVolumeMount" . | nindent 12 }}
|
||||
{{- if .Values.internalTLS.caBundleSecret }}
|
||||
{{- include "harbor.caBundleVolumeMount" . | nindent 12 }}
|
||||
{{- end }}
|
||||
@@ -321,6 +322,7 @@ spec:
|
||||
- key: ca.crt
|
||||
path: auth-ca.crt
|
||||
{{- end }}
|
||||
{{- include "harbor.redis.caVolume" . | nindent 8 }}
|
||||
{{- if .Values.core.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.core.extraVolumes "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -254,6 +254,7 @@ spec:
|
||||
- name: internal-tls-certs
|
||||
mountPath: /etc/harbor/ssl/jobservice
|
||||
{{- end }}
|
||||
{{- include "harbor.redis.caVolumeMount" . | nindent 12 }}
|
||||
{{- if .Values.internalTLS.caBundleSecret }}
|
||||
{{- include "harbor.caBundleVolumeMount" . | nindent 12 }}
|
||||
{{- end }}
|
||||
@@ -284,6 +285,7 @@ spec:
|
||||
secret:
|
||||
secretName: {{ include "harbor.jobservice.tls.secretName" . }}
|
||||
{{- end }}
|
||||
{{- include "harbor.redis.caVolume" . | nindent 8 }}
|
||||
{{- if .Values.jobservice.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.jobservice.extraVolumes "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -212,6 +212,7 @@ spec:
|
||||
- name: internal-tls-certs
|
||||
mountPath: /etc/harbor/ssl/trivy
|
||||
{{- end }}
|
||||
{{- include "harbor.redis.caVolumeMount" . | nindent 12 }}
|
||||
{{- if .Values.internalTLS.caBundleSecret }}
|
||||
{{- include "harbor.caBundleVolumeMount" . | nindent 12 }}
|
||||
{{- end }}
|
||||
@@ -236,6 +237,7 @@ spec:
|
||||
- name: data
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- include "harbor.redis.caVolume" . | nindent 8 }}
|
||||
{{- if .Values.trivy.extraVolumes }}
|
||||
{{- include "common.tplvalues.render" (dict "value" .Values.trivy.extraVolumes "context" $) | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
@@ -476,7 +476,7 @@ persistence:
|
||||
## @param persistence.imageChartStorage.swift.insecureskipverify Swift storage type setting: Verification
|
||||
## @param persistence.imageChartStorage.swift.chunksize Swift storage type setting: Chunk
|
||||
## @param persistence.imageChartStorage.swift.prefix Swift storage type setting: Prefix
|
||||
## @param persistence.imageChartStorage.swift.secretkey Swift storage type setting: Secre Key
|
||||
## @param persistence.imageChartStorage.swift.secretkey Swift storage type setting: Secret Key
|
||||
## @param persistence.imageChartStorage.swift.accesskey Swift storage type setting: Access Key
|
||||
## @param persistence.imageChartStorage.swift.authversion Swift storage type setting: Auth
|
||||
## @param persistence.imageChartStorage.swift.endpointtype Swift storage type setting: Endpoint
|
||||
@@ -3863,6 +3863,13 @@ externalDatabase:
|
||||
## Redis® chart configuration
|
||||
## ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml
|
||||
## @param redis.enabled Switch to enable or disable the Redis® helm
|
||||
## @param redis.tls.enabled Enable Redis TLS traffic
|
||||
## @param redis.tls.authClients Require Redis clients to authenticate. Mutual TLS is not supported by Harbor.
|
||||
## @param redis.tls.autoGenerated Enable autogenerated Redis TLS certificates
|
||||
## @param redis.tls.existingSecret The name of the existing secret that contains the Redis TLS certificates
|
||||
## @param redis.tls.certFilename Name of key in existing secret for the Redis TLS certificate
|
||||
## @param redis.tls.certKeyFilename Name of key in existing secret for the Redis TLS certificate key
|
||||
## @param redis.tls.certCAFilename Name of key in existing secret for the Redis CA certificate
|
||||
## @param redis.auth.enabled Enable password authentication
|
||||
## @param redis.auth.password Redis® password
|
||||
## @param redis.auth.existingSecret The name of an existing secret with Redis® credentials
|
||||
@@ -3873,6 +3880,16 @@ externalDatabase:
|
||||
##
|
||||
redis:
|
||||
enabled: true
|
||||
tls:
|
||||
## Redis TLS configuration
|
||||
enabled: false
|
||||
# Please note that Mutual TLS is not supported by Harbor.
|
||||
authClients: false
|
||||
autoGenerated: true
|
||||
existingSecret: ""
|
||||
certFilename: ""
|
||||
certKeyFilename: ""
|
||||
certCAFilename: ""
|
||||
auth:
|
||||
enabled: false
|
||||
## Redis® password (both master and slave). Defaults to a random 10-character alphanumeric string if not set and auth.enabled is true.
|
||||
@@ -3916,6 +3933,9 @@ redis:
|
||||
## @param externalRedis.jobserviceDatabaseIndex Index for jobservice database
|
||||
## @param externalRedis.registryDatabaseIndex Index for registry database
|
||||
## @param externalRedis.trivyAdapterDatabaseIndex Index for trivy adapter database
|
||||
## @param externalRedis.tls.enabled Enable Redis TLS traffic
|
||||
## @param externalRedis.tls.existingSecret The name of the existing secret that contains the Redis TLS certificates
|
||||
## @param externalRedis.tls.certCAFilename Name of key in existing secret for the Redis CA certificate
|
||||
##
|
||||
externalRedis:
|
||||
host: localhost
|
||||
@@ -3925,6 +3945,10 @@ externalRedis:
|
||||
jobserviceDatabaseIndex: "1"
|
||||
registryDatabaseIndex: "2"
|
||||
trivyAdapterDatabaseIndex: "5"
|
||||
tls:
|
||||
enabled: false
|
||||
existingSecret: ""
|
||||
certCAFilename: ""
|
||||
## Redis® sentinel configuration
|
||||
## @param externalRedis.sentinel.enabled If external redis with sentinal is used, set it to `true`
|
||||
## @param externalRedis.sentinel.masterSet Name of sentinel masterSet if sentinel is used
|
||||
|
||||
Reference in New Issue
Block a user