mirror of https://github.com/goharbor/harbor.git
64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
{{ if .Values.notary.enabled }}
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: {{ template "harbor.fullname" . }}-notary
|
|
labels:
|
|
{{ include "harbor.labels" . | indent 4 }}
|
|
component: notary
|
|
data:
|
|
{{ $ca := genCA "harbor-notary-ca" 3650 }}
|
|
{{ $cert := genSignedCert (printf "%s-notary-signer" (include "harbor.fullname" .)) nil nil 3650 $ca }}
|
|
notary-signer-ca.crt: |
|
|
{{ .Values.notary.signer.caCrt | default $ca.Cert | indent 4 }}
|
|
notary-signer.crt: |
|
|
{{ .Values.notary.signer.tlsCrt | default $cert.Cert | indent 4 }}
|
|
notary-signer.key: |
|
|
{{ .Values.notary.signer.tlsKey | default $cert.Key | indent 4 }}
|
|
server-config.postgres.json: |
|
|
{
|
|
"server": {
|
|
"http_addr": ":4443"
|
|
},
|
|
"trust_service": {
|
|
"type": "remote",
|
|
"hostname": "{{ template "harbor.fullname" . }}-notary-signer",
|
|
"port": "7899",
|
|
"tls_ca_file": "./notary-signer-ca.crt",
|
|
"key_algorithm": "ecdsa"
|
|
},
|
|
"logging": {
|
|
"level": "debug"
|
|
},
|
|
"storage": {
|
|
"backend": "postgres",
|
|
"db_url": "{{ template "harbor.database.notaryServer" . }}"
|
|
},
|
|
"auth": {
|
|
"type": "token",
|
|
"options": {
|
|
"realm": "{{ template "harbor.externalURL" . }}/service/token",
|
|
"service": "harbor-notary",
|
|
"issuer": "harbor-token-issuer",
|
|
"rootcertbundle": "/root.crt"
|
|
}
|
|
}
|
|
}
|
|
signer-config.postgres.json: |
|
|
{
|
|
"server": {
|
|
"grpc_addr": ":7899",
|
|
"tls_cert_file": "./notary-signer.crt",
|
|
"tls_key_file": "./notary-signer.key"
|
|
},
|
|
"logging": {
|
|
"level": "debug"
|
|
},
|
|
"storage": {
|
|
"backend": "postgres",
|
|
"db_url": "{{ template "harbor.database.notarySigner" . }}",
|
|
"default_alias": "defaultalias"
|
|
}
|
|
}
|
|
{{ end }}
|