From b1b28cc64dbcf4da43e0506e97a1a6366e146db8 Mon Sep 17 00:00:00 2001 From: "Miguel A. Cabrera Minagorri" Date: Mon, 12 Aug 2019 15:09:11 +0000 Subject: [PATCH] Add ChartMuseum component to Harbor Chart Signed-off-by: Miguel A. Cabrera Minagorri --- bitnami/harbor/Chart.yaml | 2 +- bitnami/harbor/README.md | 30 ++++ bitnami/harbor/templates/_helpers.tpl | 24 ++++ .../templates/chartmuseum/chartmuseum-cm.yaml | 110 +++++++++++++++ .../chartmuseum/chartmuseum-dpl.yaml | 129 ++++++++++++++++++ .../chartmuseum/chartmuseum-pvc.yaml | 32 +++++ .../chartmuseum/chartmuseum-secret.yaml | 37 +++++ .../chartmuseum/chartmuseum-svc.yaml | 17 +++ bitnami/harbor/values-production.yaml | 95 ++++++++++++- bitnami/harbor/values.yaml | 98 ++++++++++++- 10 files changed, 566 insertions(+), 8 deletions(-) create mode 100644 bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml create mode 100644 bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml create mode 100644 bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml create mode 100644 bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml create mode 100644 bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml diff --git a/bitnami/harbor/Chart.yaml b/bitnami/harbor/Chart.yaml index 463af6a43e..c137e58b51 100644 --- a/bitnami/harbor/Chart.yaml +++ b/bitnami/harbor/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: harbor -version: 2.2.0 +version: 2.3.0 appVersion: 1.8.1 description: Harbor is an an open source trusted cloud native registry project that stores, signs, and scans content keywords: diff --git a/bitnami/harbor/README.md b/bitnami/harbor/README.md index 63e25e2983..4d83ba0e3e 100644 --- a/bitnami/harbor/README.md +++ b/bitnami/harbor/README.md @@ -258,6 +258,36 @@ The following table lists the configurable parameters of the Harbor chart and th | `registry.affinity` | Node/Pod affinities | `{}` (The value is evaluated as a template) | | `registry.podAnnotations` | Annotations to add to the registry pod | `{}` | | `registry.secret` | Secret is used to secure the upload state from client and registry storage backend. See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | `nil` | +| **Chartmuseum** | +| `chartMuseumImage.registry` | Registry for ChartMuseum image | `docker.io` | +| `chartMuseumImage.repository` | Repository for clair image | `bitnami/chartmuseum` | +| `chartMuseumImage.tag` | Tag for ChartMuseum image | `0.9.0-debian-9-r6` | +| `chartMuseumImage.pullPolicy` | ChartMuseum image pull policy | `IfNotPresent` | +| `chartMuseumImage.debug` | Specify if debug logs should be enabled | `false` | +| `chartmuseum.enabled` | Enable ChartMuseum | `true` | +| `chartmuseum.replicas` | Number of ChartMuseum replicas | `1` | +| `chartmuseum.port` | ChartMuseum listen port | `8080` | +| `chartmuseum.useRedisCache` | Specify if ChartMuseum will use redis cache | `true` | +| `chartmuseum.absoluteUrl` | Specify an absolute URL for ChartMuseum registry | `false` | +| `chartmuseum.chartRepoName` | Specify the endpoint for the chartmuseum registry. Only applicable if `chartmuseum.absoluteUrl` is `true` | `chartsRepo` | +| `chartmuseum.basicAuth.enabled` | Enable ChartMuseum basic authentication | `true` | +| `chartmuseum.basicAuth.basicAuthUser` | Chartmuseum's user | `chart_controller` | +| `chartmuseum.basicAuth.basicAuthPass` | Chartmuseum's password | Random value | +| `chartmuseum.depth` | Support for multitenancy. More info [here](https://chartmuseum.com/docs/#multitenancy) | `0` | +| `chartmuseum.logJson` | Print logs on JSON format | `false` | +| `chartmuseum.disableMetrics` | Disable prometheus metrics exposure | `false` | +| `chartmuseum.disableApi` | Disable all the routes prefixed with `/api` | `false` | +| `chartmuseum.disableStatefiles` | Disable use of index-cache.yaml | `false` | +| `chartmuseum.allowOverwrite` | Allow chart versions to be re-uploaded without force querystring | `true` | +| `chartmuseum.anonymousGet` | Allow anonymous GET operations | `false` | +| `chartmuseum.enableTLS` | Enable use of TLS access | `false` | +| `chartmuseum.contextPath` | Set the base context path for ChartMuseum | `nil` | +| `chartmuseum.indexLimit` | Limit the number of parallels indexes for ChartMuseum | `nil` | +| `chartmuseum.chartPostFormFieldName` | Form field which will be queried for the chart file content | `nil` | +| `chartmuseum.provPostFormFieldName` | Form field which will be queried for the provenance file content | `nil` | +| `chartmuseum.extraEnvVars` | Allow to pass extra environment variables to the chartmuseum image | `nil` | +| `chartmuseum.livenessProbe` | Liveness probe configuration | `Check values.yaml file` | +| `chartmuseum.readinessProbe` | Readiness probe configuration | `Check values.yaml file` | | **Clair** | | `clairImage.registry` | Registry for clair image | `docker.io` | | `clairImage.repository` | Repository for clair image | `bitnami/harbor-clair` | diff --git a/bitnami/harbor/templates/_helpers.tpl b/bitnami/harbor/templates/_helpers.tpl index c5a8693b96..c885507806 100644 --- a/bitnami/harbor/templates/_helpers.tpl +++ b/bitnami/harbor/templates/_helpers.tpl @@ -1,3 +1,4 @@ + {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. @@ -389,6 +390,29 @@ Also, we can't use a single if because lazy evaluation is not an option {{- end -}} {{- end -}} +{{/* +Return the proper ChartMuseum image name +*/}} +{{- define "harbor.chartMuseumImage" -}} +{{- $registryName := .Values.chartMuseumImage.registry -}} +{{- $repositoryName := .Values.chartMuseumImage.repository -}} +{{- $tag := .Values.chartMuseumImage.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + {{/* Return the proper Harbor Notary Server image name */}} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml new file mode 100644 index 0000000000..eef363e62c --- /dev/null +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-cm.yaml @@ -0,0 +1,110 @@ +{{- if .Values.chartmuseum.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ template "harbor.chartmuseum" . }}-envvars" + labels: + {{ include "harbor.labels" . | nindent 4 }} + +data: + PORT: {{ .Values.chartmuseum.port | quote }} + {{- if and .Values.chartmuseum.useRedisCache }} + CACHE: "redis" + CACHE_REDIS_ADDR: "{{ include "harbor.redis.host" . }}:{{ include "harbor.redis.port" . }}" + CACHE_REDIS_DB: "{{ include "harbor.redis.chartmuseumDatabaseIndex" . }}" + {{- end }} + {{- if .Values.chartmuseum.basicAuth.enabled }} + BASIC_AUTH_USER: {{ .Values.chartmuseum.basicAuth.basicAuthUser | quote }} + {{- end }} + {{- if .Values.chartmuseum.absoluteUrl }} + CHART_URL: "{{ .Values.externalURL }}/{{ .Values.chartmuseum.chartRepoName }}" + {{- end }} + DEPTH: {{ .Values.chartmuseum.depth | quote }} + {{- if or (eq .Values.logLevel "debug") .Values.chartMuseumImage.debug }} + DEBUG: "1" + {{- else }} + DEBUG: "0" + {{- end }} + LOG_JSON: {{ .Values.chartmuseum.logJson | quote }} + DISABLE_METRICS: {{ .Values.chartmuseum.disableMetrics | quote }} + DISABLE_API: {{ .Values.chartmuseum.disableApi | quote }} + DISABLE_STATEFILES: {{ .Values.chartmuseum.disableStatefiles | quote }} + ALLOW_OVERWRITE: {{ .Values.chartmuseum.allowOverwrite | quote }} + AUTH_ANONYMOUS_GET: {{ .Values.chartmuseum.anonymousGet | quote }} + {{- if .Values.chartmuseum.contextPath }} + CONTEXT_PATH: {{ .Values.chartmuseum.contextPath | quote }} + {{- end }} + {{- if .Values.chartmuseum.indexLimit }} + INDEX_LIMIT: {{ .Values.chartmuseum.indexLimit | quote }} + {{- end }} + {{- if .Values.chartmuseum.chartPostFormFieldName }} + CHART_POST_FORM_FIELD_NAME: {{ .Values.chartmuseum.chartPostFormFieldName | quote }} + {{- end }} + {{- if .Values.chartmuseum.provPostFormFieldName }} + PROV_POST_FORM_FIELD_NAME: {{ .Values.chartmuseum.provPostFormFieldName | quote }} + {{- end }} + {{- $storage := .Values.persistence.imageChartStorage }} + {{- $storageType := $storage.type }} + {{- if eq $storageType "filesystem" }} + STORAGE: "local" + STORAGE_LOCAL_ROOTDIR: "/bitnami/data" + {{- else if eq $storageType "azure" }} + STORAGE: "microsoft" + STORAGE_MICROSOFT_CONTAINER: {{ $storage.azure.container }} + AZURE_STORAGE_ACCOUNT: {{ $storage.azure.accountname }} + STORAGE_MICROSOFT_PREFIX: {{ $storage.azure.storagePrefix }} + {{- else if eq $storageType "gcs" }} + STORAGE: "google" + STORAGE_GOOGLE_BUCKET: {{ $storage.gcs.bucket }} + GOOGLE_APPLICATION_CREDENTIALS: /etc/chartmuseum/gcs-key.json + {{- if $storage.gcs.rootdirectory }} + STORAGE_GOOGLE_PREFIX: {{ $storage.gcs.rootdirectory }} + {{- end }} + {{- else if eq $storageType "s3" }} + STORAGE: "amazon" + STORAGE_AMAZON_BUCKET: {{ $storage.s3.bucket }} + {{- if $storage.s3.rootdirectory }} + STORAGE_AMAZON_PREFIX: {{ $storage.s3.rootdirectory }} + {{- end }} + STORAGE_AMAZON_REGION: {{ $storage.s3.region }} + {{- if $storage.s3.regionendpoint }} + STORAGE_AMAZON_ENDPOINT: {{ $storage.s3.regionendpoint }} + {{- end }} + {{- if $storage.s3.accesskey }} + AWS_ACCESS_KEY_ID: {{ $storage.s3.accesskey }} + {{- end }} + {{- else if eq $storageType "swift" }} + STORAGE: "openstack" + STORAGE_OPENSTACK_CONTAINER: {{ $storage.swift.container }} + {{- if $storage.swift.secretkey }} + STORAGE_OPENSTACK_PREFIX: {{ $storage.swift.prefix }} + {{- end }} + {{- if $storage.swift.secretkey }} + STORAGE_OPENSTACK_REGION: {{ $storage.swift.region }} + {{- end }} + OS_AUTH_URL: {{ $storage.swift.authurl }} + OS_USERNAME: {{ $storage.swift.username }} + {{- if $storage.swift.secretkey }} + OS_PROJECT_ID: {{ $storage.swift.tenantid }} + {{- end }} + {{- if $storage.swift.secretkey }} + OS_PROJECT_NAME: {{ $storage.swift.tenant }} + {{- end }} + {{- if $storage.swift.secretkey }} + OS_DOMAIN_ID: {{ $storage.swift.domainid }} + {{- end }} + {{- if $storage.swift.secretkey }} + OS_DOMAIN_NAME: {{ $storage.swift.domain }} + {{- end }} + {{- else if eq $storageType "oss" }} + STORAGE: "alibaba" + STORAGE_ALIBABA_BUCKET: {{ $storage.oss.bucket }} + {{- if $storage.oss.secretkey }} + STORAGE_ALIBABA_PREFIX: {{ $storage.oss.rootdirectory }} + {{- end }} + {{- if $storage.oss.secretkey }} + STORAGE_ALIBABA_ENDPOINT: {{ $storage.oss.endpoint }} + {{- end }} + ALIBABA_CLOUD_ACCESS_KEY_ID: {{ $storage.oss.accesskeyid }} + {{- end }} +{{- end }} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml new file mode 100644 index 0000000000..b81ed2bddd --- /dev/null +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml @@ -0,0 +1,129 @@ +{{- if .Values.chartmuseum.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: "{{ template "harbor.chartmuseum" . }}" + labels: + {{ include "harbor.labels" . | nindent 4 }} + app.kubernetes.io/component: chartmuseum +spec: + replicas: {{ .Values.chartmuseum.replicas }} + selector: + matchLabels: + {{ include "harbor.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: chartmuseum + template: + metadata: + labels: + {{ include "harbor.matchLabels" . | nindent 8 }} + app.kubernetes.io/component: chartmuseum + annotations: + checksum/configmap-envvars: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }} + {{- if .Values.chartmuseum.podAnnotations }} + {{ toYaml .Values.chartmuseum.podAnnotations | indent 8 }} + {{- end }} + spec: + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + containers: + - name: chartmuseum + image: "{{ template "harbor.chartMuseumImage" . }}" + imagePullPolicy: {{ .Values.chartMuseumImage.imagePullPolicy | quote }} + imagePullSecrets: + {{- range .Values.chartMuseumImage.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- if .Values.chartmuseum.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /health + port: http + {{- if .Values.chartmuseum.enableTLS }} + scheme: "HTTPS" + {{- end }} + initialDelaySeconds: {{ .Values.chartmuseum.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.chartmuseum.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.chartmuseum.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.chartmuseum.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.chartmuseum.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.chartmuseum.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /health + port: http + {{- if .Values.chartmuseum.enableTLS }} + scheme: "HTTPS" + {{- end }} + initialDelaySeconds: {{ .Values.chartmuseum.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.chartmuseum.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.chartmuseum.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.chartmuseum.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.chartmuseum.readinessProbe.failureThreshold }} + {{- end }} + envFrom: + - configMapRef: + name: "{{ template "harbor.chartmuseum" . }}-envvars" + - secretRef: + name: "{{ template "harbor.chartmuseum" . }}-secret" + env: + - name: DEBUG + value: {{ ternary "1" "0" .Values.chartMuseumImage.debug | quote }} + {{- if .Values.extraEnvVars }} + {{ toYaml .Values.extraEnvVars | indent 8 }} + {{- end }} + ports: + - containerPort: 8080 + name: http + volumeMounts: + - name: chartmuseum-data + mountPath: /bitnami/data + {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }} + - name: gcs-key + mountPath: /etc/chartmuseum/gcs-key.json + subPath: gcs-key.json + {{- end }} + {{- if .Values.chartmuseum.enableTLS }} + - name: tls-certs + mountPath: /bitnami/certs + {{- end }} + volumes: + - name: chartmuseum-data + {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.existingClaim | default (include "harbor.chartmuseum" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }} + - name: gcs-key + secret: + secretName: "{{ template "harbor.chartmuseum" . }}-secret" + items: + - key: GCS_KEY_DATA + path: gcs-key.json + {{- end }} + {{- if .Values.chartmuseum.enableTLS }} + - name: tls-certs + secret: + secretName: "{{ template "harbor.chartmuseum" . }}-secret" + items: + - key: TLS_CERT + path: server.crt + - key: TLS_KEY + path: server.key + {{- end }} + {{- with .Values.core.nodeSelector }} + nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.core.affinity }} + affinity: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.core.tolerations }} + tolerations: {{ tpl (toYaml .) $ | nindent 8 }} + {{- end }} +{{- end }} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml new file mode 100644 index 0000000000..5651e98c6e --- /dev/null +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml @@ -0,0 +1,32 @@ +{{- if .Values.chartmuseum.enabled }} +{{- $persistence := .Values.persistence -}} +{{- if $persistence.enabled }} +{{- $chartmuseum := $persistence.persistentVolumeClaim.chartmuseum -}} +{{- if and (not $chartmuseum.existingClaim) (eq $persistence.imageChartStorage.type "filesystem") }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "harbor.chartmuseum" . }} + {{- if eq $persistence.resourcePolicy "keep" }} + annotations: + helm.sh/resource-policy: keep + {{- end }} + labels: + {{ include "harbor.labels" . | nindent 4 }} + app.kubernetes.io/component: chartmuseum +spec: + accessModes: + - {{ $chartmuseum.accessMode }} + resources: + requests: + storage: {{ $chartmuseum.size }} + {{- if $chartmuseum.storageClass }} + {{- if eq "-" $chartmuseum.storageClass }} + storageClassName: "" + {{- else }} + storageClassName: {{ $chartmuseum.storageClass }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml new file mode 100644 index 0000000000..bad913af09 --- /dev/null +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml @@ -0,0 +1,37 @@ +{{- if .Values.chartmuseum.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ template "harbor.chartmuseum" . }}-secret" + labels: + {{ include "harbor.labels" . | nindent 4 }} +type: Opaque +data: + {{- if and .Values.chartmuseum.useRedisCache }} + CACHE_REDIS_PASSWORD: {{ include "harbor.redis.rawPassword" . | b64enc | quote }} + {{- end }} + {{- $storage := .Values.persistence.imageChartStorage }} + {{- $storageType := $storage.type }} + {{- if eq $storageType "azure" }} + AZURE_STORAGE_ACCESS_KEY: {{ $storage.azure.accountkey | b64enc | quote }} + {{- else if eq $storageType "gcs" }} + GCS_KEY_DATA: {{ $storage.gcs.encodedkey | b64enc | quote }} + {{- else if eq $storageType "s3" }} + {{- if $storage.s3.secretkey }} + AWS_SECRET_ACCESS_KEY: {{ $storage.s3.secretkey | b64enc | quote }} + {{- end }} + {{- else if eq $storageType "swift" }} + OS_PASSWORD: {{ $storage.swift.password | b64enc | quote }} + {{- else if eq $storageType "oss" }} + ALIBABA_CLOUD_ACCESS_KEY_SECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }} + {{- end }} + {{- if and .Values.chartmuseum.basicAuth.enabled ( eq .Values.chartmuseum.basicAuth.basicAuthPass "" ) }} + BASIC_AUTH_PASS: {{ randAlphaNum 10 | b64enc | quote }} + {{- else if .Values.chartmuseum.basicAuth.enabled }} + BASIC_AUTH_PASS: {{ .Values.chartmuseum.basicAuth.basicAuthPass | b64enc | quote }} + {{- end }} + {{- if .Values.chartmuseum.enableTLS }} + TLS_CERT: {{ .Files.Get "cert/tls.crt" | b64enc }} + TLS_KEY: {{ .Files.Get "cert/tls.key" | b64enc }} + {{- end }} +{{- end }} diff --git a/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml b/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml new file mode 100644 index 0000000000..fbd8965df7 --- /dev/null +++ b/bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml @@ -0,0 +1,17 @@ +{{- if .Values.chartmuseum.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: "{{ template "harbor.chartmuseum" . }}" + labels: + {{ include "harbor.labels" . | nindent 4 }} + app.kubernetes.io/component: chartmuseum-service +spec: + ports: + - port: 80 + name: http + targetPort: 8080 + selector: + {{ include "harbor.matchLabels" . | nindent 4 }} + component: chartmuseum +{{- end }} diff --git a/bitnami/harbor/values-production.yaml b/bitnami/harbor/values-production.yaml index 41ce625a31..3c8c2d5b34 100644 --- a/bitnami/harbor/values-production.yaml +++ b/bitnami/harbor/values-production.yaml @@ -1,3 +1,4 @@ + ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry and imagePullSecrets @@ -79,6 +80,30 @@ jobserviceImage: ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false +## Bitnami ChartMuseum image +## ref: https://hub.docker.com/r/bitnami/chartmuseum/tags/ +## +chartMuseumImage: + registry: docker.io + repository: bitnami/chartmuseum + tag: latest + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + ## Bitnami Harbor Registry image ## ref: https://hub.docker.com/r/bitnami/harbor-registry/tags/ ## @@ -397,6 +422,14 @@ persistence: subPath: "" accessMode: ReadWriteOnce size: 1Gi + + chartmuseum: + existingClaim: "" + storageClass: "" + subPath: "" + accessMode: ReadWriteOnce + size: 5Gi + # Define which storage backend is used for registry and chartmuseum to store # images and charts. Refer to # https://github.com/docker/distribution/blob/master/docs/configuration.md#storage @@ -424,7 +457,7 @@ persistence: #realm: core.windows.net gcs: bucket: bucketname - # The base64 encoded json file which contains the key + # The base64 encoded json file which contains the gcs key (file's content) encodedkey: base64-encoded-json-key-file #rootdirectory: /gcs/object/name/prefix #chunksize: "5242880" @@ -692,9 +725,65 @@ registry: # Must be a string of 16 chars. secret: "" -# Enable Chartmuseum is not supported yet. chartmuseum: - enabled: false + enabled: true + replicas: 1 + port: 8080 + + ## Set the use of the Redis cache. + useRedisCache: true + + ## Set the absolute URL to access the chartmuseum repository and the + ## endpoint where it will be available. + absoluteUrl: false + chartRepoName: "chartsRepo" + + ## Configure basic authentication to access the ChartMuseum server. + basicAuth: + enabled: true + basicAuthUser: "chart_controller" + basicAuthPass: "password" + + depth: 1 + logJson: false + disableMetrics: false + disableApi: false + disableStatefiles: false + allowOverwrite: true + anonymousGet: false + + ## Optional parameters for ChartMuseum not used by default. + # contextPath: "" + # indexLimit: 0 + # chartPostFormFieldName: "chart" + # provPostFormFieldName: "prov" + + ## Enable the TLS access to the ChartMuseum server. + enableTLS: true + + ## An array to add extra env vars to chartmuseum + ## For example: + ## extraEnvVars: + ## - name: BEARER_AUTH + ## value: true + + ## Configure extra options for liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 20 + failureThreshold: 10 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 20 + failureThreshold: 10 + successThreshold: 1 clair: enabled: true diff --git a/bitnami/harbor/values.yaml b/bitnami/harbor/values.yaml index b2d80a3a3e..da978b8bba 100644 --- a/bitnami/harbor/values.yaml +++ b/bitnami/harbor/values.yaml @@ -1,3 +1,4 @@ + ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry and imagePullSecrets @@ -79,6 +80,30 @@ jobserviceImage: ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false +## Bitnami ChartMuseum image +## ref: https://hub.docker.com/r/bitnami/chartmuseum/tags/ +## +chartMuseumImage: + registry: docker.io + repository: bitnami/chartmuseum + tag: 0.9.0-debian-9-r6 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + ## Bitnami Harbor Registry image ## ref: https://hub.docker.com/r/bitnami/harbor-registry/tags/ ## @@ -231,7 +256,7 @@ nginxImage: ## # fullnameOverride: - ## Init containers parameters: +## Init containers parameters: ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. ## volumePermissions: @@ -397,6 +422,14 @@ persistence: subPath: "" accessMode: ReadWriteOnce size: 1Gi + + chartmuseum: + existingClaim: "" + storageClass: "" + subPath: "" + accessMode: ReadWriteOnce + size: 5Gi + # Define which storage backend is used for registry and chartmuseum to store # images and charts. Refer to # https://github.com/docker/distribution/blob/master/docs/configuration.md#storage @@ -421,10 +454,11 @@ persistence: accountname: accountname accountkey: base64encodedaccountkey container: containername + storagePrefix: "/azure/harbor/charts" #realm: core.windows.net gcs: bucket: bucketname - # The base64 encoded json file which contains the key + # The base64 encoded json file which contains the gcs key (file's content) encodedkey: base64-encoded-json-key-file #rootdirectory: /gcs/object/name/prefix #chunksize: "5242880" @@ -692,9 +726,65 @@ registry: # Must be a string of 16 chars. secret: "" -# Enable Chartmuseum is not supported yet. chartmuseum: - enabled: false + enabled: true + replicas: 1 + port: 8080 + + ## Set the use of the Redis cache. + useRedisCache: true + + ## Set the absolute URL to access the chartmuseum repository and the + ## endpoint where it will be available. + absoluteUrl: false + chartRepoName: "chartsRepo" + + ## Configure basic authentication to access the ChartMuseum server. + basicAuth: + enabled: true + basicAuthUser: "chart_controller" + basicAuthPass: "" + + depth: 0 + logJson: false + disableMetrics: false + disableApi: false + disableStatefiles: false + allowOverwrite: true + anonymousGet: false + + ## Optional parameters for ChartMuseum not used by default. + # contextPath: "" + # indexLimit: 0 + # chartPostFormFieldName: "chart" + # provPostFormFieldName: "prov" + + ## Enable the TLS access to the ChartMuseum server. + enableTLS: false + + ## An array to add extra env vars to chartmuseum + ## For example: + ## extraEnvVars: + ## - name: BEARER_AUTH + ## value: true + + ## Configure extra options for liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 20 + failureThreshold: 10 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 20 + failureThreshold: 10 + successThreshold: 1 clair: enabled: true