-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathkustomization.yaml
145 lines (141 loc) · 3.83 KB
/
kustomization.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: registry
bases:
- ../../katalog/harbor/distributions/full-harbor
configMapGenerator:
# ChartMuseum overwritable configuration
- name: chartmuseum
behavior: merge
literals:
- CACHE_REDIS_ADDR=redis:6379
- CACHE_REDIS_DB=3
- BASIC_AUTH_USER=chart_controller
- DEBUG=false
# Core overwritable configuration
- name: core
behavior: merge
files:
- app.conf=config/core/app.conf
literals:
- POSTGRESQL_HOST=database
- POSTGRESQL_PORT=5432
- POSTGRESQL_USERNAME=postgres
- POSTGRESQL_DATABASE=registry
- POSTGRESQL_SSLMODE=disable
- EXT_ENDPOINT=https://harbor.%YOUR_DOMAIN%:%YOUR_PORT%
- LOG_LEVEL=debug
- _REDIS_URL=redis:6379
- _REDIS_URL_REG=redis://redis:6379/2
- HTTP_PROXY=
- HTTPS_PROXY=
# JobService overwritable configuration
- name: jobservice
behavior: merge
files:
- config.yml=config/jobservice/config.yml
literals:
- LOG_LEVEL=debug
- HTTP_PROXY=
- HTTPS_PROXY=
# Registry overwritable configuration
- name: registry
behavior: merge
files:
- config.yml=config/registry/config.yml
- ctl-config.yml=config/registry/ctl-config.yml
# trivy overwritable configuration
- name: trivy
behavior: merge
literals:
- HTTP_PROXY=
- HTTPS_PROXY=
- SCANNER_LOG_LEVEL=debug
- SCANNER_TRIVY_DEBUG_MODE=true
- SCANNER_TRIVY_VULN_TYPE="os,library"
- SCANNER_TRIVY_SEVERITY="UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
- SCANNER_TRIVY_IGNORE_UNFIXED="false"
secretGenerator:
# ChartMuseum overwritable configuration
- name: chartmuseum
behavior: merge
literals:
- CACHE_REDIS_PASSWORD=""
# Core overwritable configuration
- name: core
behavior: merge
literals:
- secretKey=not-a-secure-key
- secret=P447FhxLeLwjDMYU
- HARBOR_ADMIN_PASSWORD=Harbor12345
- POSTGRESQL_PASSWORD=changeit
# Database overwritable configuration
- name: database
behavior: merge
literals:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=changeit
# JobService overwritable configuration
- name: jobservice
behavior: merge
literals:
- secret=Gx6IsNtY4NdWoK0u
# Notary overwritable configuration
- name: notary-server
behavior: merge
files:
- server.json=secrets/notary/server.json
literals:
- DB_URL=postgres://postgres:changeit@database:5432/notaryserver?sslmode=disable
- name: notary-signer
behavior: merge
files:
- signer.json=secrets/notary/signer.json
literals:
- DB_URL=postgres://postgres:changeit@database:5432/notarysigner?sslmode=disable
# Registry overwritable configuration
- name: registry
behavior: merge
literals:
- REGISTRY_HTTP_SECRET=Z6HTqCsLzHMmgr9W
- REGISTRY_REDIS_PASSWORD=""
# trivy overwritable configuration
- name: trivy
behavior: merge
literals:
- SCANNER_TRIVY_GITHUB_TOKEN=
patchesJson6902:
- target:
group: ""
version: v1
kind: PersistentVolumeClaim
name: pvc-chartmuseum
path: patch/chartmuseum.yml
- target:
group: apps
version: v1
kind: StatefulSet
name: database
path: patch/database.yml
- target:
group: apps
version: v1
kind: StatefulSet
name: redis
path: patch/redis.yml
- target:
group: ""
version: v1
kind: PersistentVolumeClaim
name: registry
path: patch/registry.yml
- target:
group: networking.k8s.io
version: v1
kind: Ingress
name: harbor-ingress
path: patch/ingress.yml