diff --git a/contrib/helm/harbor/templates/notary/notary-server.yaml b/contrib/helm/harbor/templates/notary/notary-server.yaml index 058cd1f48..db5e28696 100644 --- a/contrib/helm/harbor/templates/notary/notary-server.yaml +++ b/contrib/helm/harbor/templates/notary/notary-server.yaml @@ -34,14 +34,14 @@ spec: mountPath: /etc/notary - name: root-certificate mountPath: /root.crt - subPath: root.crt + subPath: tokenServiceRootCertBundle volumes: - name: notary-config configMap: name: "{{ template "harbor.fullname" . }}-notary" - name: root-certificate secret: - secretName: "{{ template "harbor.fullname" . }}-registry" + secretName: "{{ template "harbor.fullname" . }}-ui" {{- with .Values.notary.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/contrib/helm/harbor/templates/registry/registry-secret.yaml b/contrib/helm/harbor/templates/registry/registry-secret.yaml index 614211b8e..e13dbfdbf 100644 --- a/contrib/helm/harbor/templates/registry/registry-secret.yaml +++ b/contrib/helm/harbor/templates/registry/registry-secret.yaml @@ -7,7 +7,6 @@ metadata: type: Opaque data: httpSecret: {{ .Values.registry.httpSecret | b64enc | quote }} - root.crt: {{ .Values.registry.rootCrt | b64enc | quote }} {{- $storage := .Values.registry.storage }} {{- $type := $storage.type }} {{- if eq $type "azure" }} diff --git a/contrib/helm/harbor/templates/registry/registry-ss.yaml b/contrib/helm/harbor/templates/registry/registry-ss.yaml index 100b78eaa..3f47313a1 100644 --- a/contrib/helm/harbor/templates/registry/registry-ss.yaml +++ b/contrib/helm/harbor/templates/registry/registry-ss.yaml @@ -91,14 +91,14 @@ spec: {{- end }} - name: registry-root-certificate mountPath: /etc/registry/root.crt - subPath: root.crt + subPath: tokenServiceRootCertBundle - name: registry-config mountPath: /etc/registry/config.yml subPath: config.yml volumes: - name: registry-root-certificate secret: - secretName: "{{ template "harbor.fullname" . }}-registry" + secretName: "{{ template "harbor.fullname" . }}-ui" - name: registry-config configMap: name: "{{ template "harbor.fullname" . }}-registry" diff --git a/contrib/helm/harbor/templates/ui/ui-dpl.yaml b/contrib/helm/harbor/templates/ui/ui-dpl.yaml index 43cc007de..284fac48b 100644 --- a/contrib/helm/harbor/templates/ui/ui-dpl.yaml +++ b/contrib/helm/harbor/templates/ui/ui-dpl.yaml @@ -51,7 +51,7 @@ spec: subPath: key - name: ui-secrets-private-key mountPath: /etc/ui/private_key.pem - subPath: private_key.pem + subPath: tokenServicePrivateKey {{- if eq .Values.externalProtocol "https" }} {{- if .Values.ingress.enabled }} {{- if eq .Values.ingress.tls.secretName "" }} @@ -76,9 +76,6 @@ spec: - name: ui-secrets-private-key secret: secretName: "{{ template "harbor.fullname" . }}-ui" - items: - - key: private_key.pem - path: private_key.pem {{- if eq .Values.externalProtocol "https" }} {{- if .Values.ingress.enabled }} {{- if eq .Values.ingress.tls.secretName "" }} diff --git a/contrib/helm/harbor/templates/ui/ui-secrets.yaml b/contrib/helm/harbor/templates/ui/ui-secrets.yaml index b0c070338..743354398 100644 --- a/contrib/helm/harbor/templates/ui/ui-secrets.yaml +++ b/contrib/helm/harbor/templates/ui/ui-secrets.yaml @@ -1,3 +1,4 @@ +{{- $cert := genSelfSignedCert "harbor" nil nil 365 }} apiVersion: v1 kind: Secret metadata: @@ -8,5 +9,7 @@ type: Opaque data: secretKey: {{ .Values.secretKey | b64enc | quote }} secret: {{ .Values.ui.secret | b64enc | quote }} - private_key.pem: {{ .Values.ui.privateKeyPem | b64enc | quote }} - jobserviceSecret: {{ .Values.jobservice.secret | b64enc | quote }} \ No newline at end of file + jobserviceSecret: {{ .Values.jobservice.secret | b64enc | quote }} + tokenServiceRootCertBundle: {{ $cert.Cert | b64enc | quote }} + tokenServicePrivateKey: {{ $cert.Key | b64enc | quote }} + \ No newline at end of file diff --git a/contrib/helm/harbor/values.yaml b/contrib/helm/harbor/values.yaml index 8dd928a8d..1a8eb73a1 100644 --- a/contrib/helm/harbor/values.yaml +++ b/contrib/helm/harbor/values.yaml @@ -89,58 +89,6 @@ ui: tag: *harbor_image_tag pullPolicy: IfNotPresent secret: not-a-secure-secret - privateKeyPem: | - -----BEGIN RSA PRIVATE KEY----- - MIIJKAIBAAKCAgEA4WYbxdrFGG6RnfyYKlHYML3lEqtA9cYWWOynE9BeaEr/cMnM - bBr1dd91/Nm6RiYhQvTDU2Kc6NejqjdliW5B9xUoVKayri8OU81a8ViXeNgKwCPR - AiTTla1zoX5DnvoxpO9G3lxyNvTKXc0cw8NjQDAXpaDbzJYLkshCeuyD9bco8R96 - /zrpBEX8tADN3+3yA3fMcZzVXsBm4BTpHJRk/qBpHYEPSHzxyH3iGMNKk3vMUBZz - e0EYkK8NCA2CuEKMnC3acx9IdRwkx10abGvHQCLRCVY7rGoak+b0oZ99RJIRQ9Iq - YXsn8fsMBQly6xxvSeY5XuSP7Xb6JKDt3y8Spi4gR1M/5aEzhuOyu201rMna7Rs/ - GPfaKjBlbX0jiLDa7v4zjsBPsPaf/c4uooz3ICLsdukaom+E538R0EiOkXt/wyw2 - 2YmaWNCsYlEpke7cVC33e/0dPBq4IHsVflawSF9OWS23ikVAs/n+76KjuucEDmbT - aKUYAJjvAmZL14j+EKc/CoplhCe6pKhavjmNIOfCSdlreIPBhOVbf1f817wKoSIZ - qVyCA1AYNkI9RYS00axtJGBGMlKbdQqCNpLL58c6To2awmckIZCEcATKOp++NoGm - Ib0bhdSasdGB5VCtwZVluN8bLl13zBKoxTGjNlEatUGDRnDAnLdZbXXffjsCAwEA - AQKCAgBEUigO8/4UJse6xKr3APHv7E94NjKtjMqPT8RhDCLhqAH/lRuClTVb8k0Y - RILi6oHggsKGDvkS1vJEESCU5LfYBjDAX/r/M0I7gp6TU1AukAXKMdETvkfoMbg/ - 9j7W/G152hF4KztvjwmcHyUd7aay+SDh0n1taPm/FzaXfgONwmQFmo40uQ2SfwhX - I3tD6iMWjASLV4eRfe5w88WpJQ3r5IGYMNuKFF1RcV7MNL3xMHBAwl1kudmRWY4w - p6+83Gc0m+2AQbY70TkQuRbeUFkIBsWn99yEqXC+7h2us+JLm57iGN1ByQvVnEwL - Zs7Pl0Hge4leSxeZWhv+aE1R/jm/VdG4dglInuhED0ug8WAJg58IkDYfMKOOALHx - +0CNHE02XqqUIFwboZJSYTjMYvFL1i14L30FWnqH/0kDs4whXHbnGWhVustsMSK9 - iyIGepuGhMnvtUF1wa/SrBd12qfDj68QHDXsKKbs6eTNYHfn3QL9uisrfMIa5HAt - nX2YOsAVxg+yvxkWD6n1DU+a/+pAu6iAgiwyxSZiyn6vJUE2zO6pJNbk1kJW6jU3 - A69srtbO4jQn4EM859XYSqdqwXgJL+XJEYNbBcHalmiIOvRg9CCvDSKS7M5rJ0M1 - L7oCzl6EW+zUb4JHkSO7V5uxIZu2sEduw5gofQ3OT9L/qDhDIQKCAQEA8T/8okF2 - Q7SOj3su6KKX6H/ab31SvHECf/oeJtH8ZfLBYL55Yof0pZwq8iXQ26d8cH7FPKBo - hz0RZ9i2S3bYkzEVCPv9ISFg1NACxL3dU0PMBnmbmg2vPhMzEuQI2JOUu6ILOXEN - mImvfjZXps/b8OjQgzicH0skBBcbUlXT3a4fF52ktC8FiXgBG9JYg5CsXmfPRxci - ITa4w4ZLEuECmtJieS0MdKXPLwUVv3e2BlNS6c1JzXyp6EyX/euJ8cCe3n/GHbTY - 2j1OO+xTQfQJVf6S9f2mSzjdHe9KZwWKgyxQ9dZ9Qtho2z/gUN9/UkL52fdljjlw - ++b/z9Ppcl9K0QKCAQEA7y4Fv8dPFLLnr0R/S7eoAKa0S95xVe97EJHVUhWyOI09 - K9VdZHp6be8W0Yd9h/Ks8Zi4EPRiTTaF3yA3iADwdKFeZt49jGzeM+Gl7Q2Ll98W - I5gOdJkHSVAP2uK7qSjZ8lPCu4iUYRsae+Psam7Yd6X17RP0M966PlUFj1nnrJjQ - EN4zeh/m01q9vqebB9C1W/ZiJ6rpt6VVHAcOQQ69F/lKdTif4XCvbMIhIXTYNifk - 1oIv2qTDnfzzv+bgrlvpBJPpPYR0Oc7WoEpyd1Y9IzienLZi8RnujV//FXEmJ45E - F9GE1HOmoERdEWA1bMYhOO5OfRY1HSMuFMA4+5ojSwKCAQEAmwubio/1uMemw3HQ - kPRGGsdolDR/4tniWGtfy2UzCDY+r7Vaf8eOpIy8UQmatEBsykO+8RrKcvf9Yrc1 - WUSVJevqb+67HPq9p6fTz6uSPXwZ+KNZLGXVFVjzfxWM1dvrP7eB7TXKHhmG7t9v - 76Yw3SBTObI9LCN3jyVmisDcO+E23E+VVbPOpC260K2b81ocXUPsQ+0LIztu/UIm - p4hyyxug6+3WznTttXNYKch+9IvCgr5Ly0NuUvw+xpMFAZjgwXBu3BKpN4Ek8YAN - dhqnkVveCTguErQF78IlGBbIkUr+8TAbKsW4hggEWxV4V17yAnJsEz65bTtldqTj - qHyzsQKCAQBGhv6g/2d9Rgf1cbBLpns+vel6Wbx3x6c1SptpmgY0kMlR7JeeclM5 - qX/EBzzn4pJGp27XaQi3lfVBxyE41HYTHiZVFQF3L/8Rs18XGKBqBxljI4pXrWwt - nRMfyy3lAqvJvhM082A1hiV4FMx40fi4x1JON00SIoIusSlzjOI4zdLEtpDdWRza - g+5hktCvLEbeODfXVJmYUoNXQWldm7f8osDm8eyLMIw5+MCGOgsrZPYgnsD3qxAX - vSgvFSh5oZaDiA4F2tHe3fQBzhIUyHQ8t4xlz447ZBcozv7L1tKWZWgE0f5mGzgu - GBqNbh4y1fWj8Plp/ytoTSBgdBIZdukjAoIBAELJPSVFnlf/gv6OWRCHyKxquGjv - fEn/E8bw5WSqMcj/7wiSJozr0Y8oyWjtWXObliLRQXcEhC8w3lLMjNqnFzQOAI7s - Oa6BQPigqyXZPXG5GK+V0TlUYvZQn9sfCq4YCxUBNtQ4GHbKKl3FGQL3rJiuFr6G - fVcetuDFNCiIGYbUF+giJ2cEN3a/Q+7fR6V4xC7VDdL+BqM09wZ6R98G48XzCKKp - ekNpEfmvJiuk9tFFQwDPWcQ6uyHqesK/Wiweo5nh5y2ZPipwcb0uBoYOQH60NqEL - 6MXRVNdtKujjl1XZkG053Nvcz/YfF6lFjDekwgfd9m49b/s0EGTrl7z9z8Y= - -----END RSA PRIVATE KEY----- # resources: # requests: # memory: 256Mi @@ -252,35 +200,6 @@ registry: #secure: true #chunksize: 10M #rootdirectory: rootdirectory - rootCrt: | - -----BEGIN CERTIFICATE----- - MIIE0zCCArugAwIBAgIJAIgs3S+hsjhmMA0GCSqGSIb3DQEBCwUAMAAwHhcNMTcx - MTA5MTcyNzQ5WhcNMjcxMTA3MTcyNzQ5WjAAMIICIjANBgkqhkiG9w0BAQEFAAOC - Ag8AMIICCgKCAgEA4WYbxdrFGG6RnfyYKlHYML3lEqtA9cYWWOynE9BeaEr/cMnM - bBr1dd91/Nm6RiYhQvTDU2Kc6NejqjdliW5B9xUoVKayri8OU81a8ViXeNgKwCPR - AiTTla1zoX5DnvoxpO9G3lxyNvTKXc0cw8NjQDAXpaDbzJYLkshCeuyD9bco8R96 - /zrpBEX8tADN3+3yA3fMcZzVXsBm4BTpHJRk/qBpHYEPSHzxyH3iGMNKk3vMUBZz - e0EYkK8NCA2CuEKMnC3acx9IdRwkx10abGvHQCLRCVY7rGoak+b0oZ99RJIRQ9Iq - YXsn8fsMBQly6xxvSeY5XuSP7Xb6JKDt3y8Spi4gR1M/5aEzhuOyu201rMna7Rs/ - GPfaKjBlbX0jiLDa7v4zjsBPsPaf/c4uooz3ICLsdukaom+E538R0EiOkXt/wyw2 - 2YmaWNCsYlEpke7cVC33e/0dPBq4IHsVflawSF9OWS23ikVAs/n+76KjuucEDmbT - aKUYAJjvAmZL14j+EKc/CoplhCe6pKhavjmNIOfCSdlreIPBhOVbf1f817wKoSIZ - qVyCA1AYNkI9RYS00axtJGBGMlKbdQqCNpLL58c6To2awmckIZCEcATKOp++NoGm - Ib0bhdSasdGB5VCtwZVluN8bLl13zBKoxTGjNlEatUGDRnDAnLdZbXXffjsCAwEA - AaNQME4wHQYDVR0OBBYEFCMYYMOL0E/Uyj5wseDfIl7o4ELsMB8GA1UdIwQYMBaA - FCMYYMOL0E/Uyj5wseDfIl7o4ELsMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL - BQADggIBABG8fPvrrR+erpwQFuB/56j2i6sO+qoOJPpAMYwkzICrT0eerWAavwoy - f0UAKN7cUeEJXjIR7s7CogGFijWdaWaQsXUD0zJq5aotLYZLimEc1O0uAmJEsfYC - v7mG07eU6ge22sSo5hxhVplGt52hnXnT0DdgSRZpq2mvgd9lcopAidM+KHlaasXk - IecHKM99KX9D8smr0AcQ6M/Ygbf2qjO9YRmpBIjyQWEake4y/4LWm+3+v08ecg4B - g+iMC0Rw1QcPqgwaGaWu71RtYhyTg7SnAknb5nBcHIbLb0hdLgQTa3ZdtXgqchIi - GuFlEBmHFZP6bLJORRUQ0ari5wpXIsYfrB4T8PybTzva3OCMlEsMjuysFr9ewhzM - 9UGLiSQNDyKA10J8WwlzbeD0AAW944hW4Dbg6SWv4gAo51T+6AukRdup5y6lfQ5a - h4Lbo6pzaA369IsJBntvKvia6hUf/SghnbG7pCHX/AEilcgTb13HndF/G+7aZgKR - mi9qvNRSDsE/BrgZawovp81+j6aL4y6UtXYspHr+SuWsKYsaH7pl5HspNCyJ5vV6 - dpJAwosFBqSEnI333wAunpMYmi/jKHH/j4WqjLnCInp0/wouzYu42l8Pmz591BSp - Jag500bEBxqI2RLELgMt/bUdjp4N2M7mrxdrN+2579HTzb6Hviu9 - -----END CERTIFICATE----- ## Persist data to a persistent volume volumes: data: