diff --git a/bitnami/harbor/CHANGELOG.md b/bitnami/harbor/CHANGELOG.md index 5d9853e706..9443124001 100644 --- a/bitnami/harbor/CHANGELOG.md +++ b/bitnami/harbor/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog +## 24.3.0 (2025-01-27) + +* [bitnami/harbor] Added existingSecret parameter for external database ([#31492](https://github.com/bitnami/charts/pull/31492)) + ## 24.2.0 (2025-01-27) -* [bitnami/harbor] allow custom trivy db repository ([#31594](https://github.com/bitnami/charts/pull/31594)) +* [bitnami/harbor] allow custom trivy db repository (#31594) ([1041261](https://github.com/bitnami/charts/commit/1041261ac0c42618da3e0357e18ac200052ff31f)), closes [#31594](https://github.com/bitnami/charts/issues/31594) ## 24.1.8 (2025-01-23) diff --git a/bitnami/harbor/Chart.yaml b/bitnami/harbor/Chart.yaml index a7735d6bba..17dbe332ef 100644 --- a/bitnami/harbor/Chart.yaml +++ b/bitnami/harbor/Chart.yaml @@ -55,4 +55,4 @@ maintainers: name: harbor sources: - https://github.com/bitnami/charts/tree/main/bitnami/harbor -version: 24.2.0 +version: 24.3.0 diff --git a/bitnami/harbor/README.md b/bitnami/harbor/README.md index 60c1d86291..ed2214a2fc 100644 --- a/bitnami/harbor/README.md +++ b/bitnami/harbor/README.md @@ -1163,27 +1163,29 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru ### PostgreSQL Parameters -| Name | Description | Value | -| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | -| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` | -| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` | -| `postgresql.auth.postgresPassword` | Password for the "postgres" admin user | `not-secure-database-password` | -| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` | -| `postgresql.architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | -| `postgresql.primary.extendedConfiguration` | Extended PostgreSQL Primary configuration (appended to main or default configuration) | `max_connections = 1024 +| Name | Description | Value | +| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | +| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` | +| `postgresql.auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` | +| `postgresql.auth.postgresPassword` | Password for the "postgres" admin user | `not-secure-database-password` | +| `postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials | `""` | +| `postgresql.architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | +| `postgresql.primary.extendedConfiguration` | Extended PostgreSQL Primary configuration (appended to main or default configuration) | `max_connections = 1024 ` | -| `postgresql.primary.initdb.scripts` | Initdb scripts to create Harbor databases | `{}` | -| `postgresql.image.registry` | PostgreSQL image registry | `REGISTRY_NAME` | -| `postgresql.image.repository` | PostgreSQL image repository | `REPOSITORY_NAME/postgresql` | -| `postgresql.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `postgresql.primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `nano` | -| `postgresql.primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `externalDatabase.host` | Database host | `localhost` | -| `externalDatabase.port` | Database port number | `5432` | -| `externalDatabase.user` | Non-root username for Harbor | `bn_harbor` | -| `externalDatabase.password` | Password for the non-root username for Harbor | `""` | -| `externalDatabase.sslmode` | External database ssl mode | `disable` | -| `externalDatabase.coreDatabase` | External database name for core | `""` | +| `postgresql.primary.initdb.scripts` | Initdb scripts to create Harbor databases | `{}` | +| `postgresql.image.registry` | PostgreSQL image registry | `REGISTRY_NAME` | +| `postgresql.image.repository` | PostgreSQL image repository | `REPOSITORY_NAME/postgresql` | +| `postgresql.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `postgresql.primary.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `nano` | +| `postgresql.primary.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `externalDatabase.host` | Database host | `localhost` | +| `externalDatabase.port` | Database port number | `5432` | +| `externalDatabase.user` | Non-root username for Harbor | `bn_harbor` | +| `externalDatabase.password` | Password for the non-root username for Harbor | `""` | +| `externalDatabase.sslmode` | External database ssl mode | `disable` | +| `externalDatabase.coreDatabase` | External database name for core | `""` | +| `externalDatabase.existingSecret` | The name of an existing secret with database credentials | `""` | +| `externalDatabase.existingSecretPasswordKey` | Password key on the existing secret | `db-password` | ### Redis® parameters diff --git a/bitnami/harbor/templates/_helpers.tpl b/bitnami/harbor/templates/_helpers.tpl index d4c868794a..e99c0018e8 100644 --- a/bitnami/harbor/templates/_helpers.tpl +++ b/bitnami/harbor/templates/_helpers.tpl @@ -129,17 +129,19 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- define "harbor.database.rawPassword" -}} {{- if .Values.postgresql.enabled }} - {{- if .Values.global.postgresql }} - {{- if .Values.global.postgresql.auth }} - {{- coalesce .Values.global.postgresql.auth.postgresPassword .Values.postgresql.auth.postgresPassword -}} - {{- else -}} - {{- .Values.postgresql.auth.postgresPassword -}} - {{- end -}} + {{- if .Values.global.postgresql }} + {{- if .Values.global.postgresql.auth }} + {{- coalesce .Values.global.postgresql.auth.postgresPassword .Values.postgresql.auth.postgresPassword -}} {{- else -}} - {{- .Values.postgresql.auth.postgresPassword -}} + {{- .Values.postgresql.auth.postgresPassword -}} {{- end -}} + {{- else -}} + {{- .Values.postgresql.auth.postgresPassword -}} + {{- end -}} {{- else -}} + {{- if not .Values.externalDatabase.existingSecret -}} {{- .Values.externalDatabase.password -}} + {{- end -}} {{- end -}} {{- end -}} @@ -426,10 +428,10 @@ harbor: PostgreSQL password Please set a password (--set postgresql.auth.postgresPassword="xxxx") {{- end -}} {{- else -}} - {{- if not .Values.externalDatabase.password -}} + {{- if and (not .Values.externalDatabase.password) (not .Values.externalDatabase.existingSecret) -}} harbor: External PostgreSQL password An external database password is required!. - Please set a password (--set externalDatabase.password="xxxx") + Please set a password (--set externalDatabase.password="xxxx") or using an existing secret {{- end -}} {{- end -}} {{- end -}} diff --git a/bitnami/harbor/templates/core/core-dpl.yaml b/bitnami/harbor/templates/core/core-dpl.yaml index 26b18c4ffa..f6389dd694 100644 --- a/bitnami/harbor/templates/core/core-dpl.yaml +++ b/bitnami/harbor/templates/core/core-dpl.yaml @@ -139,6 +139,13 @@ spec: name: {{ include "harbor.jobservice" . }} key: secret {{- end }} + {{- if and (not .Values.postgresql.enabled) .Values.externalDatabase.existingSecret }} + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.externalDatabase.existingSecret }} + key: {{ .Values.externalDatabase.existingSecretPasswordKey }} + {{- end }} {{- if or .Values.core.configOverwriteJson .Values.core.configOverwriteJsonSecret }} - name: CONFIG_OVERWRITE_JSON valueFrom: diff --git a/bitnami/harbor/templates/core/core-secret-envvars.yaml b/bitnami/harbor/templates/core/core-secret-envvars.yaml index 2c072b0d4e..15075657f2 100644 --- a/bitnami/harbor/templates/core/core-secret-envvars.yaml +++ b/bitnami/harbor/templates/core/core-secret-envvars.yaml @@ -15,7 +15,15 @@ SPDX-License-Identifier: APACHE-2.0 {{- $_POSTGRESQL_PASSWORD := index $secret.data "POSTGRESQL_PASSWORD" | default "" -}} {{- $_REGISTRY_CREDENTIAL_PASSWORD := index $secret.data "REGISTRY_CREDENTIAL_PASSWORD" | default "" -}} {{- $_REGISTRY_CREDENTIAL_USERNAME := index $secret.data "REGISTRY_CREDENTIAL_USERNAME" | default "" -}} - {{- $existingEnvVarsSecretCore = dict "_REDIS_URL_CORE" ($_REDIS_URL_CORE | b64dec) "_REDIS_URL_REG" ($_REDIS_URL_REG | b64dec) "CSRF_KEY" ($_CSRF_KEY | b64dec) "HARBOR_ADMIN_PASSWORD" ($_HARBOR_ADMIN_PASSWORD | b64dec) "POSTGRESQL_PASSWORD" ($_POSTGRESQL_PASSWORD | b64dec) "REGISTRY_CREDENTIAL_PASSWORD" ($_REGISTRY_CREDENTIAL_PASSWORD | b64dec) "REGISTRY_CREDENTIAL_USERNAME" ($_REGISTRY_CREDENTIAL_USERNAME | b64dec) -}} + {{- $existingEnvVarsSecretCore = dict + "_REDIS_URL_CORE" ($_REDIS_URL_CORE | b64dec) + "_REDIS_URL_REG" ($_REDIS_URL_REG | b64dec) + "CSRF_KEY" ($_CSRF_KEY | b64dec) + "HARBOR_ADMIN_PASSWORD" ($_HARBOR_ADMIN_PASSWORD | b64dec) + "POSTGRESQL_PASSWORD" ($_POSTGRESQL_PASSWORD | b64dec) + "REGISTRY_CREDENTIAL_PASSWORD" ($_REGISTRY_CREDENTIAL_PASSWORD | b64dec) + "REGISTRY_CREDENTIAL_USERNAME" ($_REGISTRY_CREDENTIAL_USERNAME | b64dec) + -}} {{- end }} apiVersion: v1 diff --git a/bitnami/harbor/templates/exporter/exporter-dpl.yaml b/bitnami/harbor/templates/exporter/exporter-dpl.yaml index cde2737e26..c2546b5812 100644 --- a/bitnami/harbor/templates/exporter/exporter-dpl.yaml +++ b/bitnami/harbor/templates/exporter/exporter-dpl.yaml @@ -117,13 +117,21 @@ spec: value: {{ ternary "true" "false" .Values.exporter.image.debug | quote }} - name: HARBOR_DATABASE_PASSWORD valueFrom: + {{- if and .Values.externalDatabase.existingSecret (not .Values.postgresql.enabled) }} + secretKeyRef: + name: {{ .Values.externalDatabase.existingSecret }} + key: {{ .Values.externalDatabase.existingSecretPasswordKey }} + {{- else }} + {{- if .Values.core.existingEnvVarsSecret }} secretKeyRef: - {{- if .Values.core.existingEnvVarsSecret }} name: {{ .Values.core.existingEnvVarsSecret }} - {{- else }} - name: {{ printf "%s-envvars" (include "harbor.core" .) }} - {{- end }} key: POSTGRESQL_PASSWORD + {{- else }} + secretKeyRef: + name: {{ printf "%s-envvars" (include "harbor.core" .) }} + key: POSTGRESQL_PASSWORD + {{- end }} + {{- end }} - name: HARBOR_ADMIN_PASSWORD valueFrom: secretKeyRef: diff --git a/bitnami/harbor/values.yaml b/bitnami/harbor/values.yaml index 580d183fd6..60ea9d48f7 100644 --- a/bitnami/harbor/values.yaml +++ b/bitnami/harbor/values.yaml @@ -3679,6 +3679,8 @@ postgresql: ## @param externalDatabase.password Password for the non-root username for Harbor ## @param externalDatabase.sslmode External database ssl mode ## @param externalDatabase.coreDatabase External database name for core +## @param externalDatabase.existingSecret The name of an existing secret with database credentials +## @param externalDatabase.existingSecretPasswordKey Password key on the existing secret ## externalDatabase: host: localhost @@ -3687,6 +3689,9 @@ externalDatabase: password: "" sslmode: disable coreDatabase: "" + existingSecret: "" + existingSecretPasswordKey: "db-password" + ## @section Redis® parameters ##