Add chartmuseum to Harbor chart

This commit integrates the chartmuseum to Harbor chart to enable the feature for storing chart in Harbor

contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml

@@ -56,3 +56,5 @@ data:
   UAA_CLIENTSECRET: ""
   UAA_VERIFY_CERT: "True"
   REGISTRY_STORAGE_PROVIDER_NAME: "{{ .Values.registry.storage.type }}"
+  WITH_CHARTMUSEUM: "{{ .Values.chartmuseum.enabled }}"
+  CHART_REPOSITORY_URL: "http://{{ template "harbor.fullname" . }}-chartmuseum"

contrib/helm/harbor/templates/chartmuseum/chartmuseum-cm.yaml

@@ -0,0 +1,33 @@
+{{- if .Values.chartmuseum.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ template "harbor.fullname" . }}-chartmuseum"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+data:
+  PORT: "9999"
+  CACHE: "redis"
+  CACHE_REDIS_ADDR: "{{ template "harbor.redis.host" }}:{{ template "harbor.redis.port" }}"
+  CACHE_REDIS_DB: "{{ template "harbor.redis.databaseIndex" }}"
+  BASIC_AUTH_USER: "chart_controller"
+  DEPTH: "1"
+  STORAGE: "local"
+  STORAGE_LOCAL_ROOTDIR: "/chart_storage"
+  DEBUG: "false"
+  LOG_JSON: "true"
+  DISABLE_METRICS: "false"
+  DISABLE_API: "false"
+  DISABLE_STATEFILES: "false"
+  ALLOW_OVERWRITE: "true"
+  CHART_URL:
+  AUTH_ANONYMOUS_GET: "false"
+  TLS_CERT:
+  TLS_KEY:
+  CONTEXT_PATH:
+  INDEX_LIMIT: "0"
+  MAX_STORAGE_OBJECTS: "0"
+  MAX_UPLOAD_SIZE: "20971520"
+  CHART_POST_FORM_FIELD_NAME: "chart"
+  PROV_POST_FORM_FIELD_NAME: "prov"
+{{- end }}

contrib/helm/harbor/templates/chartmuseum/chartmuseum-secret.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.chartmuseum.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ template "harbor.fullname" . }}-chartmuseum"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+type: Opaque
+data:
+  CACHE_REDIS_PASSWORD: "{{ template "harbor.redis.password" }}"
+  BASIC_AUTH_PASS: {{ .Values.ui.secret | b64enc | quote }}
+{{- end }}

contrib/helm/harbor/templates/chartmuseum/chartmuseum-ss.yaml

@@ -0,0 +1,72 @@
+{{- if .Values.chartmuseum.enabled }}
+apiVersion: apps/v1beta2
+kind: StatefulSet
+metadata:
+  name: "{{ template "harbor.fullname" . }}-chartmuseum"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: chartmuseum
+spec:
+  replicas: 1
+  serviceName: "{{ template "harbor.fullname" . }}-chartmuseum"
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: chartmuseum
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: chartmuseum
+    spec:
+      containers:
+      - name: chartmuseum
+        image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
+        imagePullPolicy: {{ .Values.chartmuseum.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.chartmuseum.resources | indent 10 }}
+        envFrom:
+        - configMapRef:
+            name: "{{ template "harbor.fullname" . }}-chartmuseum"
+        - secretRef:
+            name: "{{ template "harbor.fullname" . }}-chartmuseum"
+        ports:
+        - containerPort: 9999
+        # TODO: update it after moving the storage out of registry scope
+        {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }}
+        volumeMounts:
+        - name: chartmuseum-data
+          mountPath: /chart_storage
+        {{- end }}
+      {{- with .Values.chartmuseum.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.chartmuseum.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.chartmuseum.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+  {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }}
+  volumeClaimTemplates:
+  - metadata:
+      name: chartmuseum-data
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+    spec:
+      accessModes: [{{ .Values.chartmuseum.volumes.data.accessMode | quote }}]
+      {{- if .Values.chartmuseum.volumes.data.storageClass }}
+      {{- if (eq "-" .Values.chartmuseum.volumes.data.storageClass) }}
+      storageClassName: ""
+      {{- else }}
+      storageClassName: "{{ .Values.chartmuseum.volumes.data.storageClass }}"
+      {{- end }}
+      {{- end }}
+      resources:
+        requests:
+          storage: {{ .Values.chartmuseum.volumes.data.size | quote }}
+  {{- end -}}
+{{- end }}

contrib/helm/harbor/templates/chartmuseum/chartmuseum-svc.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.chartmuseum.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "harbor.fullname" . }}-chartmuseum"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+    - port: 80
+      targetPort: 9999
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: chartmuseum
+{{- end }}

contrib/helm/harbor/templates/ui/ui-dpl.yaml

@@ -40,6 +40,8 @@ spec:
             value: "1"
           - name: ADMINSERVER_URL
             value: "http://{{ template "harbor.fullname" . }}-adminserver"
+          - name: CHART_CACHE_DRIVER
+            value: "redis"
         ports:
         - containerPort: 8080
         volumeMounts:

contrib/helm/harbor/values.yaml

@@ -214,6 +214,25 @@ registry:
   tolerations: []
   affinity: {}
 
+chartmuseum:
+  enabled: true
+  image:
+    repository: vmware/chartmuseum-photon
+    tag: dev
+    pullPolicy: IfNotPresent
+  volumes:
+    data:
+      # storageClass: "-"
+      accessMode: ReadWriteOnce
+      size: 5Gi
+  # resources:
+  #  requests:
+  #    memory: 256Mi
+  #    cpu: 100m
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
 clair:
   enabled: true
   image: