diff --git a/bitnami/harbor/README.md b/bitnami/harbor/README.md index f4ecae4255..a995ceb311 100644 --- a/bitnami/harbor/README.md +++ b/bitnami/harbor/README.md @@ -109,7 +109,7 @@ The following table lists the configurable parameters of the Harbor chart and th | **Expose** | | `service.type` | The way how to expose the service: `Ingress`, `ClusterIP`, `NodePort` or `LoadBalancer` | `ingress` | | `service.tls.enabled` | Enable the tls or not | `true` | -| `service.ingress.controller` | The ingress controller type. Currently supports `default` and `gce` | `default` | +| `service.ingress.controller` | The ingress controller type. Currently supports `default`, `gce` and `ncp` | `default` | | `service.tls.secretName` | Fill the name of secret if you want to use your own TLS certificate and private key. The secret must contain two keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Will be generated automatically if not set | `nil` | | `service.tls.notarySecretName` | By default, the Notary service will use the same cert and key as described above. Fill the name of secret if you want to use a separated one. Only needed when the `service.type` is `ingress`. | `nil` | | `service.tls.commonName` | The common name used to generate the certificate, it's necessary when the `service.type` is `ClusterIP` or `NodePort` and `service.tls.secretName` is null | `nil` | @@ -131,6 +131,8 @@ The following table lists the configurable parameters of the Harbor chart and th | `service.loadBalancer.ports.httpPort` | The service port Harbor listens on when serving with HTTP | `80` | | `service.loadBalancer.ports.httpsPort` | The service port Harbor listens on when serving with HTTP | `30002` | | `service.loadBalancer.ports.notaryPort` | The service port Notary listens on. Only needed when `notary.enabled` is set to `true` | `nil` | +| `service.loadBalancer.annotations` | The annotations attached to the loadBalancer service | {} | +| `service.loadBalancer.sourceRanges` | List of IP address ranges to assign to loadBalancerSourceRanges | [] | | **Persistence** | | `persistence.enabled` | Enable the data persistence or not | `true` | | `persistence.resourcePolicy` | Setting it to `keep` to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `keep` | diff --git a/bitnami/harbor/templates/ingress/ingress.yaml b/bitnami/harbor/templates/ingress/ingress.yaml index 0117083f97..6337e3b84e 100644 --- a/bitnami/harbor/templates/ingress/ingress.yaml +++ b/bitnami/harbor/templates/ingress/ingress.yaml @@ -1,6 +1,28 @@ {{- if eq .Values.service.type "Ingress" }} {{- $ingress := .Values.service.ingress -}} {{- $tls := .Values.service.tls -}} +{{- if eq .Values.expose.ingress.controller "gce" }} + {{- $_ := set . "portal_path" "/*" -}} + {{- $_ := set . "api_path" "/api/*" -}} + {{- $_ := set . "service_path" "/service/*" -}} + {{- $_ := set . "v2_path" "/v2/*" -}} + {{- $_ := set . "chartrepo_path" "/chartrepo/*" -}} + {{- $_ := set . "controller_path" "/c/*" -}} +{{- else if eq .Values.expose.ingress.controller "ncp" }} + {{- $_ := set . "portal_path" "/" -}} + {{- $_ := set . "api_path" "/api/.*" -}} + {{- $_ := set . "service_path" "/service/.*" -}} + {{- $_ := set . "v2_path" "/v2/.*" -}} + {{- $_ := set . "chartrepo_path" "/chartrepo/.*" -}} + {{- $_ := set . "controller_path" "/c/.*" -}} +{{- else }} + {{- $_ := set . "portal_path" "/" -}} + {{- $_ := set . "api_path" "/api/" -}} + {{- $_ := set . "service_path" "/service/" -}} + {{- $_ := set . "v2_path" "/v2/" -}} + {{- $_ := set . "chartrepo_path" "/chartrepo/" -}} + {{- $_ := set . "controller_path" "/c/" -}} +{{- end }} apiVersion: extensions/v1beta1 kind: Ingress metadata: @@ -34,73 +56,35 @@ spec: {{- end }} {{- end }} {{- end }} -{{- if eq .Values.service.ingress.controller "gce" }} - rules: - - http: - paths: - - path: /* - backend: - serviceName: "{{ template "harbor.portal" . }}" - servicePort: http - - path: /api/* - backend: - serviceName: "{{ template "harbor.core" . }}" - servicePort: http - - path: /service/* - backend: - serviceName: "{{ template "harbor.core" . }}" - servicePort: http - - path: /v2/* - backend: - serviceName: "{{ template "harbor.core" . }}" - servicePort: http - - path: /chartrepo/* - backend: - serviceName: "{{ template "harbor.core" . }}" - servicePort: http - - path: /c/* - backend: - serviceName: "{{ template "harbor.core" . }}" - servicePort: http - {{- if $ingress.hosts.core }} - host: {{ $ingress.hosts.core }} - {{- end }} - {{- if .Values.notary.enabled }} - - http: - paths: - - path: / - backend: - serviceName: "{{ template "harbor.notary-server" . }}" - servicePort: notary-server - {{- if $ingress.hosts.notary }} - host: {{ $ingress.hosts.notary }} - {{- end }} + {{- if eq .Values.expose.ingress.controller "ncp" }} + backend: + serviceName: "{{ template "harbor.portal" . }}" + servicePort: http {{- end }} -{{- else }} rules: - http: paths: - - path: / + - path: {{ .portal_path }} backend: serviceName: "{{ template "harbor.portal" . }}" servicePort: http - - path: /api/ + - path: {{ .api_path }} backend: serviceName: "{{ template "harbor.core" . }}" servicePort: http - - path: /service/ + - path: {{ .service_path }} backend: serviceName: "{{ template "harbor.core" . }}" servicePort: http - - path: /v2/ + - path: {{ .v2_path }} backend: serviceName: "{{ template "harbor.core" . }}" servicePort: http - - path: /chartrepo/ + - path: {{ .chartrepo_path }} backend: serviceName: "{{ template "harbor.core" . }}" servicePort: http - - path: /c/ + - path: {{ .controller_path }} backend: serviceName: "{{ template "harbor.core" . }}" servicePort: http @@ -119,4 +103,3 @@ spec: {{- end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file diff --git a/bitnami/harbor/templates/nginx/deployment.yaml b/bitnami/harbor/templates/nginx/deployment.yaml index e9dcd9cd15..24a63d6e64 100644 --- a/bitnami/harbor/templates/nginx/deployment.yaml +++ b/bitnami/harbor/templates/nginx/deployment.yaml @@ -7,7 +7,7 @@ metadata: {{- include "harbor.labels" . | nindent 4 }} app.kubernetes.io/component: nginx spec: - replicas: 1 + replicas: {{ .Values.nginx.replicas }} selector: matchLabels: {{ include "harbor.matchLabels" . | nindent 6 }} app.kubernetes.io/component: nginx @@ -109,4 +109,4 @@ spec: {{- with .Values.nginx.tolerations }} tolerations: {{ tpl (toYaml .) $ | nindent 8 }} {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/bitnami/harbor/templates/nginx/service.yaml b/bitnami/harbor/templates/nginx/service.yaml index 5708d65470..a5a7605fa0 100644 --- a/bitnami/harbor/templates/nginx/service.yaml +++ b/bitnami/harbor/templates/nginx/service.yaml @@ -55,8 +55,16 @@ spec: {{- $loadBalancer := .Values.service.loadBalancer }} name: {{ $loadBalancer.name }} labels: {{ include "harbor.labels" . | nindent 4 }} + {{- with $loadBalancer.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: LoadBalancer + {{- with $loadBalancer.sourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} ports: - name: http port: {{ $loadBalancer.ports.httpPort }} @@ -75,4 +83,4 @@ spec: selector: {{- include "harbor.matchLabels" . | nindent 4 }} app.kubernetes.io/component: nginx -{{- end }} \ No newline at end of file +{{- end }} diff --git a/bitnami/harbor/values-production.yaml b/bitnami/harbor/values-production.yaml index 1d532a76b1..9f6cd2c8ec 100644 --- a/bitnami/harbor/values-production.yaml +++ b/bitnami/harbor/values-production.yaml @@ -253,7 +253,7 @@ service: # described above. Fill the name of secret if you want to use a # separated one. Only needed when the type is "ingress". notarySecretName: "" - # The commmon name used to generate the certificate, it's necessary + # The common name used to generate the certificate, it's necessary # when the type isn't "ingress" and "secretName" is null commonName: "" ingress: @@ -263,6 +263,7 @@ service: # set to the type of ingress controller if it has specific requirements. # leave as `default` for most ingress controllers. # set to `gce` if using the GCE ingress controller + # set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller controller: default annotations: ingress.kubernetes.io/ssl-redirect: "true" @@ -280,6 +281,8 @@ service: # The service port Notary listens on. Only needed when notary.enabled # is set to true notaryPort: 4443 + annotations: {} + sourceRanges: [] nodePort: # The name of NodePort service name: harbor @@ -327,6 +330,14 @@ service: # If Harbor is deployed behind the proxy, set it as the URL of proxy externalURL: https://core.harbor.domain +## UAA Authentication Options +# If you're using UAA for authentication behind a self-signed +# certificate you will need to provide the CA Cert. +# Set uaaSecretName below to provide a pre-created secret that +# contains a base64 encoded CA Certificate named `ca.crt`. +# uaaSecretName: + + ## Kubernetes Security Context ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## diff --git a/bitnami/harbor/values.yaml b/bitnami/harbor/values.yaml index a1a0fbbbff..3d6ef81b57 100644 --- a/bitnami/harbor/values.yaml +++ b/bitnami/harbor/values.yaml @@ -253,7 +253,7 @@ service: # described above. Fill the name of secret if you want to use a # separated one. Only needed when the type is "ingress". notarySecretName: "" - # The commmon name used to generate the certificate, it's necessary + # The common name used to generate the certificate, it's necessary # when the type isn't "ingress" and "secretName" is null commonName: "" ingress: @@ -263,6 +263,7 @@ service: # set to the type of ingress controller if it has specific requirements. # leave as `default` for most ingress controllers. # set to `gce` if using the GCE ingress controller + # set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller controller: default annotations: ingress.kubernetes.io/ssl-redirect: "true" @@ -280,6 +281,8 @@ service: # The service port Notary listens on. Only needed when notary.enabled # is set to true notaryPort: 4443 + annotations: {} + sourceRanges: [] nodePort: # The name of NodePort service name: harbor @@ -311,6 +314,8 @@ service: # The service port Notary listens on. Only needed when notary.enabled # is set to true notaryPort: 4443 + annotations: {} + sourceRanges: [] # The external URL for Harbor core service. It is used to # 1) populate the docker/helm commands showed on portal @@ -327,6 +332,14 @@ service: # If Harbor is deployed behind the proxy, set it as the URL of proxy externalURL: https://core.harbor.domain +## UAA Authentication Options +# If you're using UAA for authentication behind a self-signed +# certificate you will need to provide the CA Cert. +# Set uaaSecretName below to provide a pre-created secret that +# contains a base64 encoded CA Certificate named `ca.crt`. +# uaaSecretName: + + ## Kubernetes Security Context ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ##