diff --git a/contrib/helm/harbor/requirements.lock b/contrib/helm/harbor/requirements.lock index ae47367a5..5b47e924a 100644 --- a/contrib/helm/harbor/requirements.lock +++ b/contrib/helm/harbor/requirements.lock @@ -1,7 +1,4 @@ dependencies: -- name: postgresql - repository: https://kubernetes-charts.storage.googleapis.com - version: 0.9.1 - name: redis repository: https://kubernetes-charts.storage.googleapis.com version: 3.2.5 diff --git a/contrib/helm/harbor/requirements.yaml b/contrib/helm/harbor/requirements.yaml index fefd85d11..ba4799613 100644 --- a/contrib/helm/harbor/requirements.yaml +++ b/contrib/helm/harbor/requirements.yaml @@ -1,7 +1,4 @@ dependencies: -- name: postgresql - version: 0.9.1 - repository: https://kubernetes-charts.storage.googleapis.com - name: redis version: 3.2.5 repository: https://kubernetes-charts.storage.googleapis.com diff --git a/contrib/helm/harbor/templates/_helpers.tpl b/contrib/helm/harbor/templates/_helpers.tpl index 7e10948be..4dd6a0db7 100644 --- a/contrib/helm/harbor/templates/_helpers.tpl +++ b/contrib/helm/harbor/templates/_helpers.tpl @@ -57,3 +57,87 @@ so it can match Harbor service FQDN and Notary service FQDN. {{- define "harbor.notaryServiceName" -}} {{- printf "%s-notary-server" (include "harbor.fullname" .) -}} {{- end -}} + +{{- define "harbor.database.host" -}} + {{- if eq .Values.database.type "internal" -}} + {{- template "harbor.fullname" . }}-database + {{- else -}} + {{- .Values.database.external.host -}} + {{- end -}} +{{- end -}} + +{{- define "harbor.database.port" -}} + {{- if eq .Values.database.type "internal" -}} + {{- printf "%s" "5432" -}} + {{- else -}} + {{- .Values.database.external.port -}} + {{- end -}} +{{- end -}} + +{{- define "harbor.database.username" -}} + {{- if eq .Values.database.type "internal" -}} + {{- printf "%s" "postgres" -}} + {{- else -}} + {{- .Values.database.external.username -}} + {{- end -}} +{{- end -}} + +{{- define "harbor.database.password" -}} + {{- if eq .Values.database.type "internal" -}} + {{- .Values.database.internal.password | b64enc | quote -}} + {{- else -}} + {{- .Values.database.external.password | b64enc | quote -}} + {{- end -}} +{{- end -}} + +{{- define "harbor.database.rawPassword" -}} + {{- if eq .Values.database.type "internal" -}} + {{- .Values.database.internal.password -}} + {{- else -}} + {{- .Values.database.external.password -}} + {{- end -}} +{{- end -}} + +{{- define "harbor.database.coreDatabase" -}} + {{- if eq .Values.database.type "internal" -}} + {{- printf "%s" "registry" -}} + {{- else -}} + {{- .Values.database.external.coreDatabase -}} + {{- end -}} +{{- end -}} + +{{- define "harbor.database.clairDatabase" -}} + {{- if eq .Values.database.type "internal" -}} + {{- printf "%s" "postgres" -}} + {{- else -}} + {{- .Values.database.external.clairDatabase -}} + {{- end -}} +{{- end -}} + +{{- define "harbor.database.notaryServerDatabase" -}} + {{- if eq .Values.database.type "internal" -}} + {{- printf "%s" "notaryserver" -}} + {{- else -}} + {{- .Values.database.external.notaryServerDatabase -}} + {{- end -}} +{{- end -}} + +{{- define "harbor.database.notarySignerDatabase" -}} + {{- if eq .Values.database.type "internal" -}} + {{- printf "%s" "notarysigner" -}} + {{- else -}} + {{- .Values.database.external.notarySignerDatabase -}} + {{- end -}} +{{- end -}} + +{{- define "harbor.database.clair" -}} +postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.clairDatabase" . }}?sslmode=disable +{{- end -}} + +{{- define "harbor.database.notaryServer" -}} +postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notaryServerDatabase" . }}?sslmode=disable +{{- end -}} + +{{- define "harbor.database.notarySigner" -}} +postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notarySignerDatabase" . }}?sslmode=disable +{{- end -}} diff --git a/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml b/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml index fc943687c..af278e7b1 100644 --- a/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml +++ b/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml @@ -6,14 +6,10 @@ metadata: {{ include "harbor.labels" . | indent 4 }} component: adminserver data: - {{ if .Values.mysql.host -}} - MYSQL_HOST: "{{ .Values.mysql.host }}" - {{ else -}} - MYSQL_HOST: "{{ template "harbor.fullname" . }}-mysql" - {{ end -}} - MYSQL_PORT: "{{ .Values.mysql.port }}" - MYSQL_USR: "{{ .Values.mysql.user }}" - MYSQL_DATABASE: "{{ .Values.mysql.database }}" + POSTGRESQL_HOST: "{{ template "harbor.database.host" . }}" + POSTGRESQL_PORT: "{{ template "harbor.database.port" . }}" + POSTGRESQL_USERNAME: "{{ template "harbor.database.username" . }}" + POSTGRESQL_DATABASE: "{{ template "harbor.database.coreDatabase" . }}" EMAIL_HOST: "{{ .Values.adminserver.emailHost }}" EMAIL_PORT: "{{ .Values.adminserver.emailPort }}" EMAIL_USR: "{{ .Values.adminserver.emailUser }}" @@ -40,7 +36,7 @@ data: LDAP_SCOPE: "{{ .Values.adminserver.ldap.scope }}" LDAP_TIMEOUT: "{{ .Values.adminserver.ldap.timeout }}" LDAP_VERIFY_CERT: "{{ .Values.adminserver.ldap.verifyCert }}" - DATABASE_TYPE: "mysql" + DATABASE_TYPE: "postgresql" PROJECT_CREATION_RESTRICTION: "everyone" VERIFY_REMOTE_CERT: "off" MAX_JOB_WORKERS: "3" @@ -50,10 +46,10 @@ data: ADMIRAL_URL: "NA" RESET: "false" WITH_CLAIR: "{{ .Values.clair.enabled }}" - CLAIR_DB_HOST: "{{ .Release.Name }}-postgresql" - CLAIR_DB_PORT: "5432" - CLAIR_DB: "{{ .Values.clair.postgresDatabase }}" - CLAIR_DB_USERNAME: "{{ .Values.clair.postgresUser }}" + CLAIR_DB_HOST: "{{ template "harbor.database.host" . }}" + CLAIR_DB_PORT: "{{ template "harbor.database.port" . }}" + CLAIR_DB_USERNAME: "{{ template "harbor.database.username" . }}" + CLAIR_DB: "{{ template "harbor.database.clairDatabase" . }}" CLAIR_URL: "http://{{ template "harbor.fullname" . }}-clair:6060" UAA_ENDPOINT: "" UAA_CLIENTID: "" diff --git a/contrib/helm/harbor/templates/adminserver/adminserver-secrets.yaml b/contrib/helm/harbor/templates/adminserver/adminserver-secrets.yaml index da5169228..be9ff1627 100644 --- a/contrib/helm/harbor/templates/adminserver/adminserver-secrets.yaml +++ b/contrib/helm/harbor/templates/adminserver/adminserver-secrets.yaml @@ -10,12 +10,12 @@ data: secretKey: {{ .Values.secretKey | b64enc | quote }} EMAIL_PWD: {{ .Values.adminserver.emailPwd | b64enc | quote }} HARBOR_ADMIN_PASSWORD: {{ .Values.adminserver.adminPassword | b64enc | quote }} - MYSQL_PWD: {{ .Values.mysql.pass | b64enc | quote }} + POSTGRESQL_PASSWORD: {{ template "harbor.database.password" . }} JOBSERVICE_SECRET: {{ .Values.jobservice.secret | b64enc | quote }} UI_SECRET: {{ .Values.ui.secret | b64enc | quote }} {{- if eq .Values.adminserver.authenticationMode "ldap_auth" }} LDAP_SEARCH_PWD: {{ .Values.adminserver.ldap.searchPwd | b64enc | quote }} {{- end }} {{ if .Values.clair.enabled }} - CLAIR_DB_PASSWORD: {{ .Values.clair.postgresPassword | b64enc | quote }} + CLAIR_DB_PASSWORD: {{ template "harbor.database.password" . }} {{ end }} diff --git a/contrib/helm/harbor/templates/clair/clair-cm.yaml b/contrib/helm/harbor/templates/clair/clair-cm.yaml index e04bf2526..8d223f42c 100644 --- a/contrib/helm/harbor/templates/clair/clair-cm.yaml +++ b/contrib/helm/harbor/templates/clair/clair-cm.yaml @@ -12,7 +12,7 @@ data: database: type: pgsql options: - source: "postgresql://{{ .Values.clair.postgresUser }}:{{ .Values.clair.postgresPassword }}@{{ .Release.Name }}-postgresql:5432/{{ .Values.clair.postgresDatabase }}?sslmode=disable" + source: "{{ template "harbor.database.clair" . }}" # Number of elements kept in the cache # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database. cachesize: 16384 diff --git a/contrib/helm/harbor/templates/database/database-secret.yaml b/contrib/helm/harbor/templates/database/database-secret.yaml new file mode 100644 index 000000000..0e2e2fec2 --- /dev/null +++ b/contrib/helm/harbor/templates/database/database-secret.yaml @@ -0,0 +1,11 @@ +{{- if eq .Values.database.type "internal" -}} +apiVersion: v1 +kind: Secret +metadata: + name: "{{ template "harbor.fullname" . }}-database" + labels: +{{ include "harbor.labels" . | indent 4 }} +type: Opaque +data: + POSTGRES_PASSWORD: {{ template "harbor.database.password" . }} +{{- end -}} diff --git a/contrib/helm/harbor/templates/database/database-ss.yaml b/contrib/helm/harbor/templates/database/database-ss.yaml new file mode 100644 index 000000000..63e5325bc --- /dev/null +++ b/contrib/helm/harbor/templates/database/database-ss.yaml @@ -0,0 +1,70 @@ +{{- if eq .Values.database.type "internal" -}} +apiVersion: apps/v1beta2 +kind: StatefulSet +metadata: + name: "{{ template "harbor.fullname" . }}-database" + labels: +{{ include "harbor.labels" . | indent 4 }} + component: database +spec: + replicas: 1 + serviceName: "{{ template "harbor.fullname" . }}-database" + selector: + matchLabels: +{{ include "harbor.matchLabels" . | indent 6 }} + component: database + template: + metadata: + labels: +{{ include "harbor.labels" . | indent 8 }} + component: database + spec: + containers: + - name: database + image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }} + imagePullPolicy: {{ .Values.database.internal.image.pullPolicy }} + resources: +{{ toYaml .Values.database.internal.resources | indent 10 }} + envFrom: + - secretRef: + name: "{{ template "harbor.fullname" . }}-database" + volumeMounts: + - name: database-data + mountPath: /var/lib/postgresql/data + {{- if not .Values.persistence.enabled }} + volumes: + - name: "database-data" + emptyDir: {} + {{- end -}} + {{- with .Values.database.internal.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.database.internal.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.database.internal.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: "database-data" + labels: +{{ include "harbor.labels" . | indent 8 }} + spec: + accessModes: [{{ .Values.database.internal.volumes.data.accessMode | quote }}] + {{- if .Values.database.internal.volumes.data.storageClass }} + {{- if (eq "-" .Values.database.internal.volumes.data.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.database.internal.volumes.data.storageClass }}" + {{- end }} + {{- end }} + resources: + requests: + storage: {{ .Values.database.internal.volumes.data.size | quote }} + {{- end -}} + {{- end -}} diff --git a/contrib/helm/harbor/templates/mysql/mysql-svc.yaml b/contrib/helm/harbor/templates/database/database-svc.yaml similarity index 52% rename from contrib/helm/harbor/templates/mysql/mysql-svc.yaml rename to contrib/helm/harbor/templates/database/database-svc.yaml index ca18dd836..900d329dd 100644 --- a/contrib/helm/harbor/templates/mysql/mysql-svc.yaml +++ b/contrib/helm/harbor/templates/database/database-svc.yaml @@ -1,12 +1,14 @@ +{{- if eq .Values.database.type "internal" -}} apiVersion: v1 kind: Service metadata: - name: "{{ template "harbor.fullname" . }}-mysql" + name: "{{ template "harbor.fullname" . }}-database" labels: {{ include "harbor.labels" . | indent 4 }} spec: ports: - - port: 3306 + - port: 5432 selector: {{ include "harbor.matchLabels" . | indent 4 }} - component: mysql \ No newline at end of file + component: database +{{- end -}} \ No newline at end of file diff --git a/contrib/helm/harbor/templates/mysql/mysql-secret.yaml b/contrib/helm/harbor/templates/mysql/mysql-secret.yaml deleted file mode 100644 index a7cebd12d..000000000 --- a/contrib/helm/harbor/templates/mysql/mysql-secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: "{{ template "harbor.fullname" . }}-mysql" - labels: -{{ include "harbor.labels" . | indent 4 }} -type: Opaque -data: - mysqlRootPassword: {{ .Values.mysql.pass | b64enc | quote }} diff --git a/contrib/helm/harbor/templates/mysql/mysql-ss.yaml b/contrib/helm/harbor/templates/mysql/mysql-ss.yaml deleted file mode 100644 index 6a06b92b8..000000000 --- a/contrib/helm/harbor/templates/mysql/mysql-ss.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: apps/v1beta2 -kind: StatefulSet -metadata: - name: "{{ template "harbor.fullname" . }}-mysql" - labels: -{{ include "harbor.labels" . | indent 4 }} - component: mysql -spec: - replicas: 1 - serviceName: "{{ template "harbor.fullname" . }}-mysql" - selector: - matchLabels: -{{ include "harbor.matchLabels" . | indent 6 }} - component: mysql - template: - metadata: - labels: -{{ include "harbor.labels" . | indent 8 }} - component: mysql - spec: - containers: - - name: mysql - image: {{ .Values.mysql.image.repository }}:{{ .Values.mysql.image.tag }} - imagePullPolicy: {{ .Values.mysql.image.pullPolicy }} - resources: -{{ toYaml .Values.mysql.resources | indent 10 }} - env: - - name: MYSQL_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: "{{ template "harbor.fullname" . }}-mysql" - key: mysqlRootPassword - volumeMounts: - - name: mysql-data - mountPath: /var/lib/mysql - {{- if not .Values.persistence.enabled }} - volumes: - - name: "mysql-data" - emptyDir: {} - {{- end -}} - {{- with .Values.mysql.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.mysql.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.mysql.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: "mysql-data" - labels: -{{ include "harbor.labels" . | indent 8 }} - spec: - accessModes: [{{ .Values.mysql.volumes.data.accessMode | quote }}] - {{- if .Values.mysql.volumes.data.storageClass }} - {{- if (eq "-" .Values.mysql.volumes.data.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.mysql.volumes.data.storageClass }}" - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.mysql.volumes.data.size | quote }} - {{- end -}} diff --git a/contrib/helm/harbor/templates/notary/notary-cm.yaml b/contrib/helm/harbor/templates/notary/notary-cm.yaml index 9b76ce02a..b098320e5 100644 --- a/contrib/helm/harbor/templates/notary/notary-cm.yaml +++ b/contrib/helm/harbor/templates/notary/notary-cm.yaml @@ -1,23 +1,4 @@ {{ if .Values.notary.enabled }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "harbor.fullname" . }}-notary-db - labels: -{{ include "harbor.labels" . | indent 4 }} - component: notary-db -data: - initial-notaryserver.sql: | - CREATE DATABASE IF NOT EXISTS `notaryserver`; - CREATE USER "server"@"%" IDENTIFIED BY "{{ .Values.notary.db.password }}"; - GRANT ALL PRIVILEGES ON `notaryserver`.* TO "server"@"%" - initial-notarysigner.sql: | - CREATE DATABASE IF NOT EXISTS `notarysigner`; - CREATE USER "signer"@"%" IDENTIFIED BY "{{ .Values.notary.db.password }}"; - GRANT ALL PRIVILEGES ON `notarysigner`.* TO "signer"@"%"; - ---- apiVersion: v1 kind: ConfigMap metadata: @@ -34,7 +15,7 @@ data: {{ .Values.notary.signer.tlsCrt | default $cert.Cert | indent 4 }} notary-signer.key: | {{ .Values.notary.signer.tlsKey | default $cert.Key | indent 4 }} - server-config.json: | + server-config.postgres.json: | { "server": { "http_addr": ":4443" @@ -50,8 +31,8 @@ data: "level": "debug" }, "storage": { - "backend": "mysql", - "db_url": "server:{{ .Values.notary.db.password }}@tcp({{ template "harbor.fullname" . }}-notary-db:3306)/notaryserver?parseTime=True" + "backend": "postgres", + "db_url": "{{ template "harbor.database.notaryServer" . }}" }, "auth": { "type": "token", @@ -63,7 +44,7 @@ data: } } } - signer-config.json: | + signer-config.postgres.json: | { "server": { "grpc_addr": ":7899", @@ -74,8 +55,8 @@ data: "level": "debug" }, "storage": { - "backend": "mysql", - "db_url": "signer:{{ .Values.notary.db.password }}@tcp({{ template "harbor.fullname" . }}-notary-db:3306)/notarysigner?parseTime=True", + "backend": "postgres", + "db_url": "{{ template "harbor.database.notarySigner" . }}", "default_alias": "defaultalias" } } diff --git a/contrib/helm/harbor/templates/notary/notary-db.yaml b/contrib/helm/harbor/templates/notary/notary-db.yaml deleted file mode 100644 index 039cea725..000000000 --- a/contrib/helm/harbor/templates/notary/notary-db.yaml +++ /dev/null @@ -1,83 +0,0 @@ -{{ if .Values.notary.enabled }} -apiVersion: apps/v1beta2 -kind: StatefulSet -metadata: - name: {{ template "harbor.fullname" . }}-notary-db - labels: -{{ include "harbor.labels" . | indent 4 }} - component: notary-db -spec: - replicas: 1 - serviceName: "{{ template "harbor.fullname" . }}-notary-db" - selector: - matchLabels: -{{ include "harbor.matchLabels" . | indent 6 }} - component: notary-db - template: - metadata: - labels: -{{ include "harbor.labels" . | indent 8 }} - component: notary-db - spec: - initContainers: - - name: move-init-scripts - image: alpine:3.6 - imagePullPolicy: IfNotPresent - command: [ - "sh", - "-ce", - "ls -l /configmap/docker-entrypoint-initdb.d/* && - cp -L /configmap/docker-entrypoint-initdb.d/* /docker-entrypoint-initdb.d/" - ] - volumeMounts: - - name: notary-db-config - mountPath: /configmap/docker-entrypoint-initdb.d - - name: notary-db-init - mountPath: /docker-entrypoint-initdb.d - containers: - - name: notary-db - image: {{ .Values.notary.db.image.repository }}:{{ .Values.notary.db.image.tag }} - imagePullPolicy: {{ .Values.notary.db.image.pullPolicy }} - args: ["--innodb_file_per_table"] - env: - - name: TERM - value: "dumb" - - name: MYSQL_ALLOW_EMPTY_PASSWORD - value: "true" - resources: -{{ toYaml .Values.notary.db.resources | indent 10 }} - volumeMounts: - - name: notary-db-config - mountPath: /configmap/docker-entrypoint-initdb.d - - name: notary-db-init - mountPath: /docker-entrypoint-initdb.d - - name: notary-db-data - mountPath: /var/lib/mysql - volumes: - - name: notary-db-config - configMap: - name: "{{ template "harbor.fullname" . }}-notary-db" - - name: notary-db-init - emptyDir: {} - {{- if not .Values.persistence.enabled }} - - name: notary-db-data - emptyDir: {} - {{- end -}} - {{- if .Values.persistence.enabled }} - volumeClaimTemplates: - - metadata: - name: notary-db-data - spec: - accessModes: [{{ .Values.notary.db.volumes.data.accessMode | quote }}] - {{- if .Values.notary.db.volumes.data.storageClass }} - {{- if (eq "-" .Values.notary.db.volumes.data.storageClass) }} - storageClassName: "" - {{- else }} - storageClassName: "{{ .Values.notary.db.volumes.data.storageClass }}" - {{- end }} - {{- end }} - resources: - requests: - storage: {{ .Values.notary.db.volumes.data.size | quote }} - {{- end -}} -{{ end }} diff --git a/contrib/helm/harbor/templates/notary/notary-server.yaml b/contrib/helm/harbor/templates/notary/notary-server.yaml index 04227c72e..058cd1f48 100644 --- a/contrib/helm/harbor/templates/notary/notary-server.yaml +++ b/contrib/helm/harbor/templates/notary/notary-server.yaml @@ -25,8 +25,10 @@ spec: resources: {{ toYaml .Values.notary.server.resources | indent 10 }} env: + - name: MIGRATIONS_PATH + value: migrations/server/postgresql - name: DB_URL - value: "mysql://server:{{ .Values.notary.db.password }}@tcp({{ template "harbor.fullname" . }}-notary-db:3306)/notaryserver?parseTime=True" + value: {{ template "harbor.database.notaryServer" . }} volumeMounts: - name: notary-config mountPath: /etc/notary diff --git a/contrib/helm/harbor/templates/notary/notary-signer.yaml b/contrib/helm/harbor/templates/notary/notary-signer.yaml index 245c98a1e..1fedd705c 100644 --- a/contrib/helm/harbor/templates/notary/notary-signer.yaml +++ b/contrib/helm/harbor/templates/notary/notary-signer.yaml @@ -25,8 +25,10 @@ spec: resources: {{ toYaml .Values.notary.signer.resources | indent 10 }} env: + - name: MIGRATIONS_PATH + value: migrations/signer/postgresql - name: DB_URL - value: "mysql://signer:{{ .Values.notary.db.password }}@tcp({{ template "harbor.fullname" . }}-notary-db:3306)/notarysigner?parseTime=True" + value: {{ template "harbor.database.notarySigner" . }} - name: NOTARY_SIGNER_DEFAULTALIAS value: {{ .Values.notary.signer.env.NOTARY_SIGNER_DEFAULTALIAS }} volumeMounts: diff --git a/contrib/helm/harbor/templates/notary/notary-svc.yaml b/contrib/helm/harbor/templates/notary/notary-svc.yaml index 27164ec11..613ede94d 100644 --- a/contrib/helm/harbor/templates/notary/notary-svc.yaml +++ b/contrib/helm/harbor/templates/notary/notary-svc.yaml @@ -1,19 +1,4 @@ {{ if .Values.notary.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "harbor.fullname" . }}-notary-db - labels: -{{ include "harbor.labels" . | indent 4 }} -spec: - ports: - - port: 3306 - selector: -{{ include "harbor.matchLabels" . | indent 4 }} - component: notary-db - ---- apiVersion: v1 kind: Service metadata: diff --git a/contrib/helm/harbor/values.yaml b/contrib/helm/harbor/values.yaml index 59f5c461b..339d742b0 100644 --- a/contrib/helm/harbor/values.yaml +++ b/contrib/helm/harbor/values.yaml @@ -182,33 +182,39 @@ ui: tolerations: [] affinity: {} -## MySQL Settings. Currently Harbor does not support an external -## MySQL server, only their own image. Until this is fixed, do not -## Change the settings below. -# -mysql: - image: - repository: vmware/harbor-db - tag: *harbor_image_tag - pullPolicy: IfNotPresent - # If left blank will use the included mysql service name. - host: ~ - port: 3306 - user: "root" - pass: "registry" - database: "registry" - volumes: - data: - # storageClass: "-" - accessMode: ReadWriteOnce - size: 1Gi - # resources: - # requests: - # memory: 256Mi - # cpu: 100m - nodeSelector: {} - tolerations: [] - affinity: {} +database: + # if external database is used, set "type" to "external" + # and fill the connection informations in "external" section + type: internal + internal: + image: + repository: vmware/harbor-db + tag: *harbor_image_tag + pullPolicy: IfNotPresent + # the superuser password of database + password: "changeit" + volumes: + data: + # storageClass: "-" + accessMode: ReadWriteOnce + size: 1Gi + # resources: + # requests: + # memory: 256Mi + # cpu: 100m + nodeSelector: {} + tolerations: [] + affinity: {} + external: + host: "192.168.0.1" + port: "5432" + username: "user" + password: "password" + coreDatabase: "registry" + clairDatabase: "clair" + notaryServerDatabase: "notary_server" + notarySignerDatabase: "notary_signer" + registry: image: @@ -283,15 +289,9 @@ registry: clair: enabled: true image: - repository: vmware/clair-photon + repository: ywk253100/clair-photon tag: v2.0.1-v1.5.0-chart-patch pullPolicy: IfNotPresent -## The following needs to match the credentials -## in the `postgresql` configuration under the -## `postgresql` namespace below. - postgresPassword: not-a-secure-password - postgresUser: clair - postgresDatabase: clair # resources: # requests: # memory: 256Mi @@ -313,16 +313,6 @@ clair: tolerations: [] affinity: {} -## Settings for postgresql dependency. -## see https://github.com/kubernetes/charts/tree/master/stable/postgresql -## for further configurables. -postgresql: - postgresUser: clair - postgresPassword: not-a-secure-password - postgresDatabase: clair - persistence: - enabled: false - ## Settings for redis dependency. ## see https://github.com/kubernetes/charts/tree/master/stable/redis ## for further configurables. @@ -355,21 +345,6 @@ notary: caCrt: tlsCrt: tlsKey: - db: - image: - repository: vmware/mariadb-photon - tag: *harbor_image_tag - pullPolicy: IfNotPresent - password: not-a-secure-password - volumes: - data: - # storageClass: "-" - accessMode: ReadWriteOnce - size: 1Gi - # resources: - # requests: - # memory: 256Mi - # cpu: 100m nodeSelector: {} tolerations: [] affinity: {}