From b1b28cc64dbcf4da43e0506e97a1a6366e146db8 Mon Sep 17 00:00:00 2001 From: "Miguel A. Cabrera Minagorri" Date: Mon, 12 Aug 2019 15:09:11 +0000 Subject: [PATCH 1/3] Add ChartMuseum component to Harbor Chart Signed-off-by: Miguel A. Cabrera Minagorri --- bitnami/harbor/Chart.yaml | 2 +- bitnami/harbor/README.md | 30 ++++ bitnami/harbor/templates/_helpers.tpl | 24 ++++ .../templates/chartmuseum/chartmuseum-cm.yaml | 110 +++++++++++++++ .../chartmuseum/chartmuseum-dpl.yaml | 129 ++++++++++++++++++ .../chartmuseum/chartmuseum-pvc.yaml | 32 +++++ .../chartmuseum/chartmuseum-secret.yaml | 37 +++++ .../chartmuseum/chartmuseum-svc.yaml | 17 +++ bitnami/harbor/values-production.yaml | 95 ++++++++++++- bitnami/harbor/values.yaml | 98 ++++++++++++- 10 files changed, 566 insertions(+), 8 deletions(-) create mode 100644 bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml create mode 100644 bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml create mode 100644 bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml create mode 100644 bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml create mode 100644 bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml diff --git a/bitnami/harbor/Chart.yaml b/bitnami/harbor/Chart.yaml index 463af6a43e..c137e58b51 100644 --- a/bitnami/harbor/Chart.yaml +++ b/bitnami/harbor/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: harbor -version: 2.2.0 +version: 2.3.0 appVersion: 1.8.1 description: Harbor is an an open source trusted cloud native registry project that stores, signs, and scans content keywords: diff --git a/bitnami/harbor/README.md b/bitnami/harbor/README.md index 63e25e2983..4d83ba0e3e 100644 --- a/bitnami/harbor/README.md +++ b/bitnami/harbor/README.md @@ -258,6 +258,36 @@ The following table lists the configurable parameters of the Harbor chart and th | `registry.affinity` | Node/Pod affinities | `{}` (The value is evaluated as a template) | | `registry.podAnnotations` | Annotations to add to the registry pod | `{}` | | `registry.secret` | Secret is used to secure the upload state from client and registry storage backend. See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | `nil` | +| **Chartmuseum** | +| `chartMuseumImage.registry` | Registry for ChartMuseum image | `docker.io` | +| `chartMuseumImage.repository` | Repository for clair image | `bitnami/chartmuseum` | +| `chartMuseumImage.tag` | Tag for ChartMuseum image | `0.9.0-debian-9-r6` | +| `chartMuseumImage.pullPolicy` | ChartMuseum image pull policy | `IfNotPresent` | +| `chartMuseumImage.debug` | Specify if debug logs should be enabled | `false` | +| `chartmuseum.enabled` | Enable ChartMuseum | `true` | +| `chartmuseum.replicas` | Number of ChartMuseum replicas | `1` | +| `chartmuseum.port` | ChartMuseum listen port | `8080` | +| `chartmuseum.useRedisCache` | Specify if ChartMuseum will use redis cache | `true` | +| `chartmuseum.absoluteUrl` | Specify an absolute URL for ChartMuseum registry | `false` | +| `chartmuseum.chartRepoName` | Specify the endpoint for the chartmuseum registry. Only applicable if `chartmuseum.absoluteUrl` is `true` | `chartsRepo` | +| `chartmuseum.basicAuth.enabled` | Enable ChartMuseum basic authentication | `true` | +| `chartmuseum.basicAuth.basicAuthUser` | Chartmuseum's user | `chart_controller` | +| `chartmuseum.basicAuth.basicAuthPass` | Chartmuseum's password | Random value | +| `chartmuseum.depth` | Support for multitenancy. More info [here](https://chartmuseum.com/docs/#multitenancy) | `0` | +| `chartmuseum.logJson` | Print logs on JSON format | `false` | +| `chartmuseum.disableMetrics` | Disable prometheus metrics exposure | `false` | +| `chartmuseum.disableApi` | Disable all the routes prefixed with `/api` | `false` | +| `chartmuseum.disableStatefiles` | Disable use of index-cache.yaml | `false` | +| `chartmuseum.allowOverwrite` | Allow chart versions to be re-uploaded without force querystring | `true` | +| `chartmuseum.anonymousGet` | Allow anonymous GET operations | `false` | +| `chartmuseum.enableTLS` | Enable use of TLS access | `false` | +| `chartmuseum.contextPath` | Set the base context path for ChartMuseum | `nil` | +| `chartmuseum.indexLimit` | Limit the number of parallels indexes for ChartMuseum | `nil` | +| `chartmuseum.chartPostFormFieldName` | Form field which will be queried for the chart file content | `nil` | +| `chartmuseum.provPostFormFieldName` | Form field which will be queried for the provenance file content | `nil` | +| `chartmuseum.extraEnvVars` | Allow to pass extra environment variables to the chartmuseum image | `nil` | +| `chartmuseum.livenessProbe` | Liveness probe configuration | `Check values.yaml file` | +| `chartmuseum.readinessProbe` | Readiness probe configuration | `Check values.yaml file` | | **Clair** | | `clairImage.registry` | Registry for clair image | `docker.io` | | `clairImage.repository` | Repository for clair image | `bitnami/harbor-clair` | diff --git a/bitnami/harbor/templates/_helpers.tpl b/bitnami/harbor/templates/_helpers.tpl index c5a8693b96..c885507806 100644 --- a/bitnami/harbor/templates/_helpers.tpl +++ b/bitnami/harbor/templates/_helpers.tpl @@ -1,3 +1,4 @@ + {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. @@ -389,6 +390,29 @@ Also, we can't use a single if because lazy evaluation is not an option {{- end -}} {{- end -}} +{{/* +Return the proper ChartMuseum image name +*/}} +{{- define "harbor.chartMuseumImage" -}} +{{- $registryName := .Values.chartMuseumImage.registry -}} +{{- $repositoryName := .Values.chartMuseumImage.repository -}} +{{- $tag := .Values.chartMuseumImage.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + {{/* Return the proper Harbor Notary Server image name */}} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml new file mode 100644 index 0000000000..eef363e62c --- /dev/null +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml @@ -0,0 +1,110 @@ +{{- if .Values.chartmuseum.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "harbor.chartmuseum" . }}-envvars" + labels: + {{ include "harbor.labels" . | nindent 4 }} + +data: + PORT: {{ .Values.chartmuseum.port | quote }} + {{- if and .Values.chartmuseum.useRedisCache }} + CACHE: "redis" + CACHE_REDIS_ADDR: "{{ include "harbor.redis.host" . }}:{{ include "harbor.redis.port" . }}" + CACHE_REDIS_DB: "{{ include "harbor.redis.chartmuseumDatabaseIndex" . }}" + {{- end }} + {{- if .Values.chartmuseum.basicAuth.enabled }} + BASIC_AUTH_USER: {{ .Values.chartmuseum.basicAuth.basicAuthUser | quote }} + {{- end }} + {{- if .Values.chartmuseum.absoluteUrl }} + CHART_URL: "{{ .Values.externalURL }}/{{ .Values.chartmuseum.chartRepoName }}" + {{- end }} + DEPTH: {{ .Values.chartmuseum.depth | quote }} + {{- if or (eq .Values.logLevel "debug") .Values.chartMuseumImage.debug }} + DEBUG: "1" + {{- else }} + DEBUG: "0" + {{- end }} + LOG_JSON: {{ .Values.chartmuseum.logJson | quote }} + DISABLE_METRICS: {{ .Values.chartmuseum.disableMetrics | quote }} + DISABLE_API: {{ .Values.chartmuseum.disableApi | quote }} + DISABLE_STATEFILES: {{ .Values.chartmuseum.disableStatefiles | quote }} + ALLOW_OVERWRITE: {{ .Values.chartmuseum.allowOverwrite | quote }} + AUTH_ANONYMOUS_GET: {{ .Values.chartmuseum.anonymousGet | quote }} + {{- if .Values.chartmuseum.contextPath }} + CONTEXT_PATH: {{ .Values.chartmuseum.contextPath | quote }} + {{- end }} + {{- if .Values.chartmuseum.indexLimit }} + INDEX_LIMIT: {{ .Values.chartmuseum.indexLimit | quote }} + {{- end }} + {{- if .Values.chartmuseum.chartPostFormFieldName }} + CHART_POST_FORM_FIELD_NAME: {{ .Values.chartmuseum.chartPostFormFieldName | quote }} + {{- end }} + {{- if .Values.chartmuseum.provPostFormFieldName }} + PROV_POST_FORM_FIELD_NAME: {{ .Values.chartmuseum.provPostFormFieldName | quote }} + {{- end }} + {{- $storage := .Values.persistence.imageChartStorage }} + {{- $storageType := $storage.type }} + {{- if eq $storageType "filesystem" }} + STORAGE: "local" + STORAGE_LOCAL_ROOTDIR: "/bitnami/data" + {{- else if eq $storageType "azure" }} + STORAGE: "microsoft" + STORAGE_MICROSOFT_CONTAINER: {{ $storage.azure.container }} + AZURE_STORAGE_ACCOUNT: {{ $storage.azure.accountname }} + STORAGE_MICROSOFT_PREFIX: {{ $storage.azure.storagePrefix }} + {{- else if eq $storageType "gcs" }} + STORAGE: "google" + STORAGE_GOOGLE_BUCKET: {{ $storage.gcs.bucket }} + GOOGLE_APPLICATION_CREDENTIALS: /etc/chartmuseum/gcs-key.json + {{- if $storage.gcs.rootdirectory }} + STORAGE_GOOGLE_PREFIX: {{ $storage.gcs.rootdirectory }} + {{- end }} + {{- else if eq $storageType "s3" }} + STORAGE: "amazon" + STORAGE_AMAZON_BUCKET: {{ $storage.s3.bucket }} + {{- if $storage.s3.rootdirectory }} + STORAGE_AMAZON_PREFIX: {{ $storage.s3.rootdirectory }} + {{- end }} + STORAGE_AMAZON_REGION: {{ $storage.s3.region }} + {{- if $storage.s3.regionendpoint }} + STORAGE_AMAZON_ENDPOINT: {{ $storage.s3.regionendpoint }} + {{- end }} + {{- if $storage.s3.accesskey }} + AWS_ACCESS_KEY_ID: {{ $storage.s3.accesskey }} + {{- end }} + {{- else if eq $storageType "swift" }} + STORAGE: "openstack" + STORAGE_OPENSTACK_CONTAINER: {{ $storage.swift.container }} + {{- if $storage.swift.secretkey }} + STORAGE_OPENSTACK_PREFIX: {{ $storage.swift.prefix }} + {{- end }} + {{- if $storage.swift.secretkey }} + STORAGE_OPENSTACK_REGION: {{ $storage.swift.region }} + {{- end }} + OS_AUTH_URL: {{ $storage.swift.authurl }} + OS_USERNAME: {{ $storage.swift.username }} + {{- if $storage.swift.secretkey }} + OS_PROJECT_ID: {{ $storage.swift.tenantid }} + {{- end }} + {{- if $storage.swift.secretkey }} + OS_PROJECT_NAME: {{ $storage.swift.tenant }} + {{- end }} + {{- if $storage.swift.secretkey }} + OS_DOMAIN_ID: {{ $storage.swift.domainid }} + {{- end }} + {{- if $storage.swift.secretkey }} + OS_DOMAIN_NAME: {{ $storage.swift.domain }} + {{- end }} + {{- else if eq $storageType "oss" }} + STORAGE: "alibaba" + STORAGE_ALIBABA_BUCKET: {{ $storage.oss.bucket }} + {{- if $storage.oss.secretkey }} + STORAGE_ALIBABA_PREFIX: {{ $storage.oss.rootdirectory }} + {{- end }} + {{- if $storage.oss.secretkey }} + STORAGE_ALIBABA_ENDPOINT: {{ $storage.oss.endpoint }} + {{- end }} + ALIBABA_CLOUD_ACCESS_KEY_ID: {{ $storage.oss.accesskeyid }} + {{- end }} +{{- end }} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml new file mode 100644 index 0000000000..b81ed2bddd --- /dev/null +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml @@ -0,0 +1,129 @@ +{{- if .Values.chartmuseum.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ template "harbor.chartmuseum" . }}" + labels: + {{ include "harbor.labels" . | nindent 4 }} + app.kubernetes.io/component: chartmuseum +spec: + replicas: {{ .Values.chartmuseum.replicas }} + selector: + matchLabels: + {{ include "harbor.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: chartmuseum + template: + metadata: + labels: + {{ include "harbor.matchLabels" . | nindent 8 }} + app.kubernetes.io/component: chartmuseum + annotations: + checksum/configmap-envvars: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }} + {{- if .Values.chartmuseum.podAnnotations }} + {{ toYaml .Values.chartmuseum.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + containers: + - name: chartmuseum + image: "{{ template "harbor.chartMuseumImage" . }}" + imagePullPolicy: {{ .Values.chartMuseumImage.imagePullPolicy | quote }} + imagePullSecrets: + {{- range .Values.chartMuseumImage.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- if .Values.chartmuseum.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /health + port: http + {{- if .Values.chartmuseum.enableTLS }} + scheme: "HTTPS" + {{- end }} + initialDelaySeconds: {{ .Values.chartmuseum.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.chartmuseum.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.chartmuseum.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.chartmuseum.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.chartmuseum.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.chartmuseum.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /health + port: http + {{- if .Values.chartmuseum.enableTLS }} + scheme: "HTTPS" + {{- end }} + initialDelaySeconds: {{ .Values.chartmuseum.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.chartmuseum.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.chartmuseum.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.chartmuseum.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.chartmuseum.readinessProbe.failureThreshold }} + {{- end }} + envFrom: + - configMapRef: + name: "{{ template "harbor.chartmuseum" . }}-envvars" + - secretRef: + name: "{{ template "harbor.chartmuseum" . }}-secret" + env: + - name: DEBUG + value: {{ ternary "1" "0" .Values.chartMuseumImage.debug | quote }} + {{- if .Values.extraEnvVars }} + {{ toYaml .Values.extraEnvVars | indent 8 }} + {{- end }} + ports: + - containerPort: 8080 + name: http + volumeMounts: + - name: chartmuseum-data + mountPath: /bitnami/data + {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }} + - name: gcs-key + mountPath: /etc/chartmuseum/gcs-key.json + subPath: gcs-key.json + {{- end }} + {{- if .Values.chartmuseum.enableTLS }} + - name: tls-certs + mountPath: /bitnami/certs + {{- end }} + volumes: + - name: chartmuseum-data + {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.existingClaim | default (include "harbor.chartmuseum" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }} + - name: gcs-key + secret: + secretName: "{{ template "harbor.chartmuseum" . }}-secret" + items: + - key: GCS_KEY_DATA + path: gcs-key.json + {{- end }} + {{- if .Values.chartmuseum.enableTLS }} + - name: tls-certs + secret: + secretName: "{{ template "harbor.chartmuseum" . }}-secret" + items: + - key: TLS_CERT + path: server.crt + - key: TLS_KEY + path: server.key + {{- end }} + {{- with .Values.core.nodeSelector }} + nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.core.affinity }} + affinity: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.core.tolerations }} + tolerations: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} +{{- end }} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml new file mode 100644 index 0000000000..5651e98c6e --- /dev/null +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml @@ -0,0 +1,32 @@ +{{- if .Values.chartmuseum.enabled }} +{{- $persistence := .Values.persistence -}} +{{- if $persistence.enabled }} +{{- $chartmuseum := $persistence.persistentVolumeClaim.chartmuseum -}} +{{- if and (not $chartmuseum.existingClaim) (eq $persistence.imageChartStorage.type "filesystem") }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "harbor.chartmuseum" . }} + {{- if eq $persistence.resourcePolicy "keep" }} + annotations: + helm.sh/resource-policy: keep + {{- end }} + labels: + {{ include "harbor.labels" . | nindent 4 }} + app.kubernetes.io/component: chartmuseum +spec: + accessModes: + - {{ $chartmuseum.accessMode }} + resources: + requests: + storage: {{ $chartmuseum.size }} + {{- if $chartmuseum.storageClass }} + {{- if eq "-" $chartmuseum.storageClass }} + storageClassName: "" + {{- else }} + storageClassName: {{ $chartmuseum.storageClass }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml new file mode 100644 index 0000000000..bad913af09 --- /dev/null +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml @@ -0,0 +1,37 @@ +{{- if .Values.chartmuseum.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ template "harbor.chartmuseum" . }}-secret" + labels: + {{ include "harbor.labels" . | nindent 4 }} +type: Opaque +data: + {{- if and .Values.chartmuseum.useRedisCache }} + CACHE_REDIS_PASSWORD: {{ include "harbor.redis.rawPassword" . | b64enc | quote }} + {{- end }} + {{- $storage := .Values.persistence.imageChartStorage }} + {{- $storageType := $storage.type }} + {{- if eq $storageType "azure" }} + AZURE_STORAGE_ACCESS_KEY: {{ $storage.azure.accountkey | b64enc | quote }} + {{- else if eq $storageType "gcs" }} + GCS_KEY_DATA: {{ $storage.gcs.encodedkey | b64enc | quote }} + {{- else if eq $storageType "s3" }} + {{- if $storage.s3.secretkey }} + AWS_SECRET_ACCESS_KEY: {{ $storage.s3.secretkey | b64enc | quote }} + {{- end }} + {{- else if eq $storageType "swift" }} + OS_PASSWORD: {{ $storage.swift.password | b64enc | quote }} + {{- else if eq $storageType "oss" }} + ALIBABA_CLOUD_ACCESS_KEY_SECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }} + {{- end }} + {{- if and .Values.chartmuseum.basicAuth.enabled ( eq .Values.chartmuseum.basicAuth.basicAuthPass "" ) }} + BASIC_AUTH_PASS: {{ randAlphaNum 10 | b64enc | quote }} + {{- else if .Values.chartmuseum.basicAuth.enabled }} + BASIC_AUTH_PASS: {{ .Values.chartmuseum.basicAuth.basicAuthPass | b64enc | quote }} + {{- end }} + {{- if .Values.chartmuseum.enableTLS }} + TLS_CERT: {{ .Files.Get "cert/tls.crt" | b64enc }} + TLS_KEY: {{ .Files.Get "cert/tls.key" | b64enc }} + {{- end }} +{{- end }} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml new file mode 100644 index 0000000000..fbd8965df7 --- /dev/null +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml @@ -0,0 +1,17 @@ +{{- if .Values.chartmuseum.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "harbor.chartmuseum" . }}" + labels: + {{ include "harbor.labels" . | nindent 4 }} + app.kubernetes.io/component: chartmuseum-service +spec: + ports: + - port: 80 + name: http + targetPort: 8080 + selector: + {{ include "harbor.matchLabels" . | nindent 4 }} + component: chartmuseum +{{- end }} diff --git a/bitnami/harbor/values-production.yaml b/bitnami/harbor/values-production.yaml index 41ce625a31..3c8c2d5b34 100644 --- a/bitnami/harbor/values-production.yaml +++ b/bitnami/harbor/values-production.yaml @@ -1,3 +1,4 @@ + ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry and imagePullSecrets @@ -79,6 +80,30 @@ jobserviceImage: ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false +## Bitnami ChartMuseum image +## ref: https://hub.docker.com/r/bitnami/chartmuseum/tags/ +## +chartMuseumImage: + registry: docker.io + repository: bitnami/chartmuseum + tag: latest + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + ## Bitnami Harbor Registry image ## ref: https://hub.docker.com/r/bitnami/harbor-registry/tags/ ## @@ -397,6 +422,14 @@ persistence: subPath: "" accessMode: ReadWriteOnce size: 1Gi + + chartmuseum: + existingClaim: "" + storageClass: "" + subPath: "" + accessMode: ReadWriteOnce + size: 5Gi + # Define which storage backend is used for registry and chartmuseum to store # images and charts. Refer to # https://github.com/docker/distribution/blob/master/docs/configuration.md#storage @@ -424,7 +457,7 @@ persistence: #realm: core.windows.net gcs: bucket: bucketname - # The base64 encoded json file which contains the key + # The base64 encoded json file which contains the gcs key (file's content) encodedkey: base64-encoded-json-key-file #rootdirectory: /gcs/object/name/prefix #chunksize: "5242880" @@ -692,9 +725,65 @@ registry: # Must be a string of 16 chars. secret: "" -# Enable Chartmuseum is not supported yet. chartmuseum: - enabled: false + enabled: true + replicas: 1 + port: 8080 + + ## Set the use of the Redis cache. + useRedisCache: true + + ## Set the absolute URL to access the chartmuseum repository and the + ## endpoint where it will be available. + absoluteUrl: false + chartRepoName: "chartsRepo" + + ## Configure basic authentication to access the ChartMuseum server. + basicAuth: + enabled: true + basicAuthUser: "chart_controller" + basicAuthPass: "password" + + depth: 1 + logJson: false + disableMetrics: false + disableApi: false + disableStatefiles: false + allowOverwrite: true + anonymousGet: false + + ## Optional parameters for ChartMuseum not used by default. + # contextPath: "" + # indexLimit: 0 + # chartPostFormFieldName: "chart" + # provPostFormFieldName: "prov" + + ## Enable the TLS access to the ChartMuseum server. + enableTLS: true + + ## An array to add extra env vars to chartmuseum + ## For example: + ## extraEnvVars: + ## - name: BEARER_AUTH + ## value: true + + ## Configure extra options for liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 20 + failureThreshold: 10 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 20 + failureThreshold: 10 + successThreshold: 1 clair: enabled: true diff --git a/bitnami/harbor/values.yaml b/bitnami/harbor/values.yaml index b2d80a3a3e..da978b8bba 100644 --- a/bitnami/harbor/values.yaml +++ b/bitnami/harbor/values.yaml @@ -1,3 +1,4 @@ + ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry and imagePullSecrets @@ -79,6 +80,30 @@ jobserviceImage: ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false +## Bitnami ChartMuseum image +## ref: https://hub.docker.com/r/bitnami/chartmuseum/tags/ +## +chartMuseumImage: + registry: docker.io + repository: bitnami/chartmuseum + tag: 0.9.0-debian-9-r6 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + ## Bitnami Harbor Registry image ## ref: https://hub.docker.com/r/bitnami/harbor-registry/tags/ ## @@ -231,7 +256,7 @@ nginxImage: ## # fullnameOverride: - ## Init containers parameters: +## Init containers parameters: ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. ## volumePermissions: @@ -397,6 +422,14 @@ persistence: subPath: "" accessMode: ReadWriteOnce size: 1Gi + + chartmuseum: + existingClaim: "" + storageClass: "" + subPath: "" + accessMode: ReadWriteOnce + size: 5Gi + # Define which storage backend is used for registry and chartmuseum to store # images and charts. Refer to # https://github.com/docker/distribution/blob/master/docs/configuration.md#storage @@ -421,10 +454,11 @@ persistence: accountname: accountname accountkey: base64encodedaccountkey container: containername + storagePrefix: "/azure/harbor/charts" #realm: core.windows.net gcs: bucket: bucketname - # The base64 encoded json file which contains the key + # The base64 encoded json file which contains the gcs key (file's content) encodedkey: base64-encoded-json-key-file #rootdirectory: /gcs/object/name/prefix #chunksize: "5242880" @@ -692,9 +726,65 @@ registry: # Must be a string of 16 chars. secret: "" -# Enable Chartmuseum is not supported yet. chartmuseum: - enabled: false + enabled: true + replicas: 1 + port: 8080 + + ## Set the use of the Redis cache. + useRedisCache: true + + ## Set the absolute URL to access the chartmuseum repository and the + ## endpoint where it will be available. + absoluteUrl: false + chartRepoName: "chartsRepo" + + ## Configure basic authentication to access the ChartMuseum server. + basicAuth: + enabled: true + basicAuthUser: "chart_controller" + basicAuthPass: "" + + depth: 0 + logJson: false + disableMetrics: false + disableApi: false + disableStatefiles: false + allowOverwrite: true + anonymousGet: false + + ## Optional parameters for ChartMuseum not used by default. + # contextPath: "" + # indexLimit: 0 + # chartPostFormFieldName: "chart" + # provPostFormFieldName: "prov" + + ## Enable the TLS access to the ChartMuseum server. + enableTLS: false + + ## An array to add extra env vars to chartmuseum + ## For example: + ## extraEnvVars: + ## - name: BEARER_AUTH + ## value: true + + ## Configure extra options for liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 20 + failureThreshold: 10 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 20 + failureThreshold: 10 + successThreshold: 1 clair: enabled: true From 2b21b809972bc00a44b77d4e6711cbb96ad21cfa Mon Sep 17 00:00:00 2001 From: "Miguel A. Cabrera Minagorri" Date: Tue, 13 Aug 2019 11:07:24 +0000 Subject: [PATCH 2/3] Add changes to Chartmuseum on Harbor Chart Signed-off-by: Miguel A. Cabrera Minagorri --- bitnami/harbor/README.md | 62 +++++----- bitnami/harbor/templates/_helpers.tpl | 1 - ...um-cm.yaml => chartmuseum-cm-envvars.yaml} | 7 +- .../chartmuseum/chartmuseum-dpl.yaml | 13 +-- .../chartmuseum/chartmuseum-pvc.yaml | 3 +- .../chartmuseum/chartmuseum-secret.yaml | 6 +- .../chartmuseum/chartmuseum-svc.yaml | 10 +- bitnami/harbor/values-production.yaml | 102 +++++++++++++++-- bitnami/harbor/values.yaml | 107 +++++++++++++++++- 9 files changed, 245 insertions(+), 66 deletions(-) rename bitnami/harbor/templates/chartmuseum/{chartmuseum-cm.yaml => chartmuseum-cm-envvars.yaml} (96%) diff --git a/bitnami/harbor/README.md b/bitnami/harbor/README.md index 4d83ba0e3e..a8e25afe24 100644 --- a/bitnami/harbor/README.md +++ b/bitnami/harbor/README.md @@ -117,8 +117,8 @@ The following table lists the configurable parameters of the Harbor chart and th | --------------------------------------------------------------------------- | ----------------------------------------------------------------------- | ------------------------------------------------------- | | **Expose** | | `service.type` | The way how to expose the service: `Ingress`, `ClusterIP`, `NodePort` or `LoadBalancer` | `ingress` | -| `service.tls.enabled` | Enable the tls or not | `true` | -| `service.ingress.controller` | The ingress controller type. Currently supports `default`, `gce` and `ncp` | `default` | +| `service.tls.enabled` | Enable the tls or not | `true` | +| `service.ingress.controller` | The ingress controller type. Currently supports `default`, `gce` and `ncp` | `default` | | `service.tls.secretName` | Fill the name of secret if you want to use your own TLS certificate and private key. The secret must contain two keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Will be generated automatically if not set | `nil` | | `service.tls.notarySecretName` | By default, the Notary service will use the same cert and key as described above. Fill the name of secret if you want to use a separated one. Only needed when the `service.type` is `ingress`. | `nil` | | `service.tls.commonName` | The common name used to generate the certificate, it's necessary when the `service.type` is `ClusterIP` or `NodePort` and `service.tls.secretName` is null | `nil` | @@ -259,35 +259,35 @@ The following table lists the configurable parameters of the Harbor chart and th | `registry.podAnnotations` | Annotations to add to the registry pod | `{}` | | `registry.secret` | Secret is used to secure the upload state from client and registry storage backend. See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | `nil` | | **Chartmuseum** | -| `chartMuseumImage.registry` | Registry for ChartMuseum image | `docker.io` | -| `chartMuseumImage.repository` | Repository for clair image | `bitnami/chartmuseum` | -| `chartMuseumImage.tag` | Tag for ChartMuseum image | `0.9.0-debian-9-r6` | -| `chartMuseumImage.pullPolicy` | ChartMuseum image pull policy | `IfNotPresent` | -| `chartMuseumImage.debug` | Specify if debug logs should be enabled | `false` | -| `chartmuseum.enabled` | Enable ChartMuseum | `true` | -| `chartmuseum.replicas` | Number of ChartMuseum replicas | `1` | -| `chartmuseum.port` | ChartMuseum listen port | `8080` | -| `chartmuseum.useRedisCache` | Specify if ChartMuseum will use redis cache | `true` | -| `chartmuseum.absoluteUrl` | Specify an absolute URL for ChartMuseum registry | `false` | -| `chartmuseum.chartRepoName` | Specify the endpoint for the chartmuseum registry. Only applicable if `chartmuseum.absoluteUrl` is `true` | `chartsRepo` | -| `chartmuseum.basicAuth.enabled` | Enable ChartMuseum basic authentication | `true` | -| `chartmuseum.basicAuth.basicAuthUser` | Chartmuseum's user | `chart_controller` | -| `chartmuseum.basicAuth.basicAuthPass` | Chartmuseum's password | Random value | -| `chartmuseum.depth` | Support for multitenancy. More info [here](https://chartmuseum.com/docs/#multitenancy) | `0` | -| `chartmuseum.logJson` | Print logs on JSON format | `false` | -| `chartmuseum.disableMetrics` | Disable prometheus metrics exposure | `false` | -| `chartmuseum.disableApi` | Disable all the routes prefixed with `/api` | `false` | -| `chartmuseum.disableStatefiles` | Disable use of index-cache.yaml | `false` | -| `chartmuseum.allowOverwrite` | Allow chart versions to be re-uploaded without force querystring | `true` | -| `chartmuseum.anonymousGet` | Allow anonymous GET operations | `false` | -| `chartmuseum.enableTLS` | Enable use of TLS access | `false` | -| `chartmuseum.contextPath` | Set the base context path for ChartMuseum | `nil` | -| `chartmuseum.indexLimit` | Limit the number of parallels indexes for ChartMuseum | `nil` | -| `chartmuseum.chartPostFormFieldName` | Form field which will be queried for the chart file content | `nil` | -| `chartmuseum.provPostFormFieldName` | Form field which will be queried for the provenance file content | `nil` | -| `chartmuseum.extraEnvVars` | Allow to pass extra environment variables to the chartmuseum image | `nil` | -| `chartmuseum.livenessProbe` | Liveness probe configuration | `Check values.yaml file` | -| `chartmuseum.readinessProbe` | Readiness probe configuration | `Check values.yaml file` | +| `chartMuseumImage.registry` | Registry for ChartMuseum image | `docker.io` | +| `chartMuseumImage.repository` | Repository for clair image | `bitnami/chartmuseum` | +| `chartMuseumImage.tag` | Tag for ChartMuseum image | `0.9.0-debian-9-r6` | +| `chartMuseumImage.pullPolicy` | ChartMuseum image pull policy | `IfNotPresent` | +| `chartMuseumImage.debug` | Specify if debug logs should be enabled | `false` | +| `chartmuseum.enabled` | Enable ChartMuseum | `true` | +| `chartmuseum.replicas` | Number of ChartMuseum replicas | `1` | +| `chartmuseum.port` | ChartMuseum listen port | `8080` | +| `chartmuseum.useRedisCache` | Specify if ChartMuseum will use redis cache | `true` | +| `chartmuseum.absoluteUrl` | Specify an absolute URL for ChartMuseum registry | `false` | +| `chartmuseum.chartRepoName` | Specify the endpoint for the chartmuseum registry. Only applicable if `chartmuseum.absoluteUrl` is `true` | `chartsRepo` | +| `chartmuseum.basicAuth.enabled` | Enable ChartMuseum basic authentication | `true` | +| `chartmuseum.basicAuth.basicAuthUser` | Chartmuseum's user | `chart_controller` | +| `chartmuseum.basicAuth.basicAuthPass` | Chartmuseum's password | Random value | +| `chartmuseum.depth` | Support for multitenancy. More info [here](https://chartmuseum.com/docs/#multitenancy) | `0` | +| `chartmuseum.logJson` | Print logs on JSON format | `false` | +| `chartmuseum.disableMetrics` | Disable prometheus metrics exposure | `false` | +| `chartmuseum.disableApi` | Disable all the routes prefixed with `/api` | `false` | +| `chartmuseum.disableStatefiles` | Disable use of index-cache.yaml | `false` | +| `chartmuseum.allowOverwrite` | Allow chart versions to be re-uploaded without force querystring | `true` | +| `chartmuseum.anonymousGet` | Allow anonymous GET operations | `false` | +| `chartmuseum.enableTLS` | Enable use of TLS access | `false` | +| `chartmuseum.contextPath` | Set the base context path for ChartMuseum | `nil` | +| `chartmuseum.indexLimit` | Limit the number of parallels indexes for ChartMuseum | `nil` | +| `chartmuseum.chartPostFormFieldName` | Form field which will be queried for the chart file content | `nil` | +| `chartmuseum.provPostFormFieldName` | Form field which will be queried for the provenance file content | `nil` | +| `chartmuseum.extraEnvVars` | Allow to pass extra environment variables to the chartmuseum image | `nil` | +| `chartmuseum.livenessProbe` | Liveness probe configuration | `Check values.yaml file` | +| `chartmuseum.readinessProbe` | Readiness probe configuration | `Check values.yaml file` | | **Clair** | | `clairImage.registry` | Registry for clair image | `docker.io` | | `clairImage.repository` | Repository for clair image | `bitnami/harbor-clair` | diff --git a/bitnami/harbor/templates/_helpers.tpl b/bitnami/harbor/templates/_helpers.tpl index c885507806..ce376bc3dd 100644 --- a/bitnami/harbor/templates/_helpers.tpl +++ b/bitnami/harbor/templates/_helpers.tpl @@ -1,4 +1,3 @@ - {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-cm-envvars.yaml similarity index 96% rename from bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml rename to bitnami/harbor/templates/chartmuseum/chartmuseum-cm-envvars.yaml index eef363e62c..5af23323aa 100644 --- a/bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-cm-envvars.yaml @@ -3,12 +3,11 @@ apiVersion: v1 kind: ConfigMap metadata: name: "{{ template "harbor.chartmuseum" . }}-envvars" - labels: - {{ include "harbor.labels" . | nindent 4 }} - + labels: {{ include "harbor.labels" . | nindent 4 }} + app.kubernetes.io/component: chartmuseum data: PORT: {{ .Values.chartmuseum.port | quote }} - {{- if and .Values.chartmuseum.useRedisCache }} + {{- if .Values.chartmuseum.useRedisCache }} CACHE: "redis" CACHE_REDIS_ADDR: "{{ include "harbor.redis.host" . }}:{{ include "harbor.redis.port" . }}" CACHE_REDIS_DB: "{{ include "harbor.redis.chartmuseumDatabaseIndex" . }}" diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml index b81ed2bddd..c34216dde9 100644 --- a/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml @@ -3,8 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: "{{ template "harbor.chartmuseum" . }}" - labels: - {{ include "harbor.labels" . | nindent 4 }} + labels: {{ include "harbor.labels" . | nindent 4 }} app.kubernetes.io/component: chartmuseum spec: replicas: {{ .Values.chartmuseum.replicas }} @@ -18,7 +17,7 @@ spec: {{ include "harbor.matchLabels" . | nindent 8 }} app.kubernetes.io/component: chartmuseum annotations: - checksum/configmap-envvars: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm.yaml") . | sha256sum }} + checksum/configmap-envvars: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm-envvars.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }} {{- if .Values.chartmuseum.podAnnotations }} {{ toYaml .Values.chartmuseum.podAnnotations | indent 8 }} @@ -77,7 +76,7 @@ spec: {{ toYaml .Values.extraEnvVars | indent 8 }} {{- end }} ports: - - containerPort: 8080 + - containerPort: {{ .Values.chartmuseum.port }} name: http volumeMounts: - name: chartmuseum-data @@ -117,13 +116,13 @@ spec: - key: TLS_KEY path: server.key {{- end }} - {{- with .Values.core.nodeSelector }} + {{- with .Values.chartmuseum.nodeSelector }} nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }} {{- end }} - {{- with .Values.core.affinity }} + {{- with .Values.chartmuseum.affinity }} affinity: {{ tpl (toYaml .) $ | nindent 8 }} {{- end }} - {{- with .Values.core.tolerations }} + {{- with .Values.chartmuseum.tolerations }} tolerations: {{ tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- end }} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml index 5651e98c6e..264954c8b8 100644 --- a/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml @@ -11,8 +11,7 @@ metadata: annotations: helm.sh/resource-policy: keep {{- end }} - labels: - {{ include "harbor.labels" . | nindent 4 }} + labels: {{ include "harbor.labels" . | nindent 4 }} app.kubernetes.io/component: chartmuseum spec: accessModes: diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml index bad913af09..fa7ee8efbf 100644 --- a/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml @@ -3,11 +3,11 @@ apiVersion: v1 kind: Secret metadata: name: "{{ template "harbor.chartmuseum" . }}-secret" - labels: - {{ include "harbor.labels" . | nindent 4 }} + labels: {{ include "harbor.labels" . | nindent 4 }} + app.kubernetes.io/component: chartmuseum type: Opaque data: - {{- if and .Values.chartmuseum.useRedisCache }} + {{- if .Values.chartmuseum.useRedisCache }} CACHE_REDIS_PASSWORD: {{ include "harbor.redis.rawPassword" . | b64enc | quote }} {{- end }} {{- $storage := .Values.persistence.imageChartStorage }} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml index fbd8965df7..e1a48d0a14 100644 --- a/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml @@ -3,15 +3,13 @@ apiVersion: v1 kind: Service metadata: name: "{{ template "harbor.chartmuseum" . }}" - labels: - {{ include "harbor.labels" . | nindent 4 }} - app.kubernetes.io/component: chartmuseum-service + labels: {{ include "harbor.labels" . | nindent 4 }} + app.kubernetes.io/component: chartmuseum spec: ports: - port: 80 name: http - targetPort: 8080 - selector: - {{ include "harbor.matchLabels" . | nindent 4 }} + targetPort: http + selector: {{ include "harbor.matchLabels" . | nindent 4 }} component: chartmuseum {{- end }} diff --git a/bitnami/harbor/values-production.yaml b/bitnami/harbor/values-production.yaml index 3c8c2d5b34..02f1d061cc 100644 --- a/bitnami/harbor/values-production.yaml +++ b/bitnami/harbor/values-production.yaml @@ -1,4 +1,3 @@ - ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry and imagePullSecrets @@ -86,7 +85,7 @@ jobserviceImage: chartMuseumImage: registry: docker.io repository: bitnami/chartmuseum - tag: latest + tag: 0.9.0-debian-9-r6 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -530,10 +529,22 @@ nginx: # requests: # memory: 256Mi # cpu: 100m - ## These values are evaluated as a template (nodeSelector, tolerations and affinity) + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} ## When setting up Harbor behind another reverse proxy, such as a nginx instance, set this value to true @@ -564,10 +575,22 @@ portal: # requests: # memory: 256Mi # cpu: 100m - ## These values are evaluated as a template (nodeSelector, tolerations and affinity) + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} ## Configure extra options for liveness and readiness probes @@ -594,10 +617,22 @@ core: # requests: # memory: 256Mi # cpu: 100m - ## These values are evaluated as a template (nodeSelector, tolerations and affinity) + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} # Secret is used when core server communicates with other components. @@ -638,10 +673,22 @@ jobservice: # requests: # memory: 256Mi # cpu: 100m - ## These values are evaluated as a template (nodeSelector, tolerations and affinity) + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} # Secret is used when job service communicates with other components. @@ -712,10 +759,22 @@ registry: # memory: 256Mi # cpu: 100m replicas: 1 - ## These values are evaluated as a template (nodeSelector, tolerations and affinity) + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} # Secret is used to secure the upload state from client @@ -753,6 +812,7 @@ chartmuseum: anonymousGet: false ## Optional parameters for ChartMuseum not used by default. + ## ref: https://chartmuseum.com/docs/#other-cli-options # contextPath: "" # indexLimit: 0 # chartPostFormFieldName: "chart" @@ -767,6 +827,21 @@ chartmuseum: ## - name: BEARER_AUTH ## value: true + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + ## Configure extra options for liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## @@ -798,9 +873,22 @@ clair: # requests: # memory: 256Mi # cpu: 100m + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} ## Configure extra options for liveness and readiness probes diff --git a/bitnami/harbor/values.yaml b/bitnami/harbor/values.yaml index da978b8bba..95612b06e3 100644 --- a/bitnami/harbor/values.yaml +++ b/bitnami/harbor/values.yaml @@ -531,10 +531,22 @@ nginx: # requests: # memory: 256Mi # cpu: 100m - ## These values are evaluated as a template (nodeSelector, tolerations and affinity) + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} ## When setting up Harbor behind another reverse proxy, such as a nginx instance, set this value to true @@ -565,10 +577,22 @@ portal: # requests: # memory: 256Mi # cpu: 100m - ## These values are evaluated as a template (nodeSelector, tolerations and affinity) + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} ## Configure extra options for liveness and readiness probes @@ -595,10 +619,22 @@ core: # requests: # memory: 256Mi # cpu: 100m - ## These values are evaluated as a template (nodeSelector, tolerations and affinity) + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} # Secret is used when core server communicates with other components. @@ -639,10 +675,22 @@ jobservice: # requests: # memory: 256Mi # cpu: 100m - ## These values are evaluated as a template (nodeSelector, tolerations and affinity) + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} # Secret is used when job service communicates with other components. @@ -713,10 +761,22 @@ registry: # memory: 256Mi # cpu: 100m replicas: 1 - ## These values are evaluated as a template (nodeSelector, tolerations and affinity) + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} # Secret is used to secure the upload state from client @@ -754,6 +814,8 @@ chartmuseum: anonymousGet: false ## Optional parameters for ChartMuseum not used by default. + ## ref: https://chartmuseum.com/docs/#other-cli-options + ## # contextPath: "" # indexLimit: 0 # chartPostFormFieldName: "chart" @@ -768,6 +830,28 @@ chartmuseum: ## - name: BEARER_AUTH ## value: true + # resources: + # requests: + # memory: 256Mi + # cpu: 100m + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Additional deployment annotations + podAnnotations: {} ## Configure extra options for liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## @@ -799,9 +883,22 @@ clair: # requests: # memory: 256Mi # cpu: 100m + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## nodeSelector: {} + + ## Tolerations for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## tolerations: [] + + ## Affinity for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## affinity: {} + ## Additional deployment annotations podAnnotations: {} ## Configure extra options for liveness and readiness probes From 6eadb142cc748b74a5d9b6ee21ec5d93a7d7060a Mon Sep 17 00:00:00 2001 From: "Miguel A. Cabrera Minagorri" Date: Tue, 13 Aug 2019 15:08:10 +0000 Subject: [PATCH 3/3] Update Harbor dependencies --- bitnami/harbor/requirements.yaml | 2 +- .../templates/chartmuseum/chartmuseum-dpl.yaml | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/harbor/requirements.yaml b/bitnami/harbor/requirements.yaml index 50cbf6b7de..a46722413c 100644 --- a/bitnami/harbor/requirements.yaml +++ b/bitnami/harbor/requirements.yaml @@ -4,6 +4,6 @@ dependencies: repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled - name: redis - version: 8.x.x + version: 9.x.x repository: https://charts.bitnami.com/bitnami condition: redis.enabled diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml index c34216dde9..7b245a6f79 100644 --- a/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml @@ -28,6 +28,15 @@ spec: fsGroup: {{ .Values.securityContext.fsGroup }} runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} + {{- with .Values.chartmuseum.nodeSelector }} + nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.chartmuseum.affinity }} + affinity: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.chartmuseum.tolerations }} + tolerations: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} containers: - name: chartmuseum image: "{{ template "harbor.chartMuseumImage" . }}" @@ -116,13 +125,4 @@ spec: - key: TLS_KEY path: server.key {{- end }} - {{- with .Values.chartmuseum.nodeSelector }} - nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.chartmuseum.affinity }} - affinity: {{ tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with .Values.chartmuseum.tolerations }} - tolerations: {{ tpl (toYaml .) $ | nindent 8 }} - {{- end }} {{- end }}