harbor/contrib/helm/harbor/templates/notary/notary-cm.yaml

{{ if .Values.notary.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "harbor.fullname" . }}-notary-db
  labels:
{{ include "harbor.labels" . | indent 4 }}
    component: notary-db
data:
  initial-notaryserver.sql: |
    CREATE DATABASE IF NOT EXISTS `notaryserver`;
    CREATE USER "server"@"%" IDENTIFIED BY "{{ .Values.notary.db.password }}";
    GRANT ALL PRIVILEGES ON `notaryserver`.* TO "server"@"%"    
  initial-notarysigner.sql: |
    CREATE DATABASE IF NOT EXISTS `notarysigner`;
    CREATE USER "signer"@"%" IDENTIFIED BY "{{ .Values.notary.db.password }}";
    GRANT ALL PRIVILEGES ON `notarysigner`.* TO "signer"@"%";    

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "harbor.fullname" . }}-notary
  labels:
{{ include "harbor.labels" . | indent 4 }}
    component: notary
data:
  {{ $ca := genCA "harbor-notary-ca" 3650 }}
  {{ $cert := genSignedCert (printf "%s-notary-signer" (include "harbor.fullname" .)) nil nil 3650 $ca }}
  notary-signer-ca.crt: |
{{ .Values.notary.signer.caCrt  | default $ca.Cert   | indent 4 }}
  notary-signer.crt: |
{{ .Values.notary.signer.tlsCrt | default $cert.Cert | indent 4 }}
  notary-signer.key: |
{{ .Values.notary.signer.tlsKey | default $cert.Key  | indent 4 }}
  server-config.json: |
    {
      "server": {
        "http_addr": ":4443"
      },
      "trust_service": {
        "type": "remote",
        "hostname": "{{ template "harbor.fullname" . }}-notary-signer",
        "port": "7899",
        "tls_ca_file": "./notary-signer-ca.crt",
        "key_algorithm": "ecdsa"
      },
      "logging": {
        "level": "debug"
      },
      "storage": {
        "backend": "mysql",
        "db_url": "server:{{ .Values.notary.db.password }}@tcp({{ template "harbor.fullname" . }}-notary-db:3306)/notaryserver?parseTime=True"
      },
      "auth": {
          "type": "token",
          "options": {
              "realm": "https://{{ template "harbor.externalURL" . }}/service/token",
              "service": "harbor-notary",
              "issuer": "harbor-token-issuer",
              "rootcertbundle": "/root.crt"
          }
      }
    }    
  signer-config.json: |
    {
      "server": {
        "grpc_addr": ":7899",
        "tls_cert_file": "./notary-signer.crt",
        "tls_key_file": "./notary-signer.key"
      },
      "logging": {
        "level": "debug"
      },
      "storage": {
        "backend": "mysql",
        "db_url": "signer:{{ .Values.notary.db.password }}@tcp({{ template "harbor.fullname" . }}-notary-db:3306)/notarysigner?parseTime=True",
        "default_alias": "defaultalias"
      }
    }    
{{ end }}