goharbor
/
harbor-helm
mirror of https://github.com/goharbor/harbor-helm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: goharbor:v1.15.1
Branches Tags
goharbor:main
goharbor:chart-repository
goharbor:1.17.0
goharbor:bump-helm-1.17.2
goharbor:1.16.0
goharbor:bump-helm-1.17.1
goharbor:debug-1.16.0-e2e
goharbor:1.15.0
goharbor:revert-1864-chart-repository
goharbor:1.14.0
goharbor:1.13.0
goharbor:contrib/configurable-ingress
goharbor:1.12.0
goharbor:curl-wget
goharbor:1.11.0
goharbor:update-Jenkinsfile
goharbor:1.3.0
goharbor:1.10.0
goharbor:1.9.0
goharbor:1.8.0
goharbor:1.7.0
goharbor:1.6.0
goharbor:1.5.0
goharbor:1.4.0
goharbor:1.2.0
goharbor:1.1.0
goharbor:1.0.0
goharbor:0.3.0
goharbor:stable
goharbor:v1.16.4
goharbor:v1.17.1
goharbor:v1.16.3
goharbor:v1.17.0
goharbor:v1.16.2
goharbor:v1.16.1
goharbor:v1.15.2
goharbor:v1.16.0
goharbor:v1.15.1
goharbor:v1.14.3
goharbor:v1.13.5
goharbor:v1.15.0
goharbor:v1.12.6
goharbor:v1.13.4
goharbor:v1.14.2
goharbor:v1.14.1
goharbor:v1.13.3
goharbor:v1.12.5
goharbor:v1.13.2
goharbor:v1.14.0
goharbor:v1.11.4
goharbor:v1.13.1
goharbor:v1.11.3
goharbor:v1.13.0
goharbor:v1.12.4
goharbor:v1.12.3
goharbor:v1.3.19
goharbor:v1.12.2
goharbor:v1.12.1
goharbor:1.3.19-rc2
goharbor:v1.11.2
goharbor:v1.3.19-rc1
goharbor:v1.12.0
goharbor:v1.3.18
goharbor:v1.3.18-rc1
goharbor:v1.9.6
goharbor:v1.10.4
goharbor:v1.3.17
goharbor:v1.11.1
goharbor:v1.3.16
goharbor:v1.3.16-rc1
goharbor:v1.9.5
goharbor:v1.10.3
goharbor:v1.11.0
goharbor:v1.3.15
goharbor:v1.10.2
goharbor:v1.10.1
goharbor:v1.3.14
goharbor:v1.3.14-rc2
goharbor:v1.3.14-rc1
goharbor:v1.9.4
goharbor:v1.10.0
goharbor:v1.3.13
goharbor:v1.3.13-rc2
goharbor:v1.3.13-rc1
goharbor:v1.3.12
goharbor:v1.8.3
goharbor:v1.3.12-rc1
goharbor:v1.9.3
goharbor:v1.9.2
goharbor:v1.9.1
goharbor:v1.3.11
goharbor:v1.3.11-rc1
goharbor:v1.9.0
goharbor:v1.8.2
goharbor:v1.3.10
goharbor:v1.8.1
goharbor:v1.7.5
goharbor:v1.7.4
goharbor:v1.8.0
goharbor:v1.3.9
goharbor:v1.6.4
goharbor:v1.7.3
goharbor:v1.7.2
goharbor:1.7.1
goharbor:1.5.6
goharbor:v1.6.3
goharbor:v1.3.8
goharbor:v1.7.0
goharbor:v1.3.7
goharbor:v1.6.2
goharbor:v1.5.5
goharbor:v1.6.1
goharbor:v1.5.4
goharbor:v1.6.0
goharbor:v1.4.6
goharbor:v1.5.3
goharbor:v1.5.2
goharbor:v1.4.5
goharbor:v1.4.4
goharbor:v1.3.6
goharbor:v1.5.1
goharbor:v1.4.3
goharbor:v1.5.0
goharbor:v1.3.5
goharbor:v1.4.2
goharbor:v1.3.4
goharbor:v1.4.1
goharbor:v1.3.3
goharbor:v1.4.0
goharbor:v1.3.2
goharbor:v1.3.1
goharbor:v1.2.4
goharbor:v1.2.4-rc1
goharbor:v1.3.0
goharbor:v1.1.6
goharbor:v1.2.3
goharbor:v1.1.5
goharbor:v1.2.2
goharbor:v1.2.1
goharbor:v1.1.4
goharbor:v1.2.0
goharbor:v1.1.3
goharbor:v1.1.2
goharbor:v1.1.1
goharbor:v1.1.0
goharbor:v1.0.1
goharbor:v1.0.0
...
compare: goharbor:main
Branches Tags
goharbor:chart-repository
goharbor:1.17.0
goharbor:bump-helm-1.17.2
goharbor:main
goharbor:1.16.0
goharbor:bump-helm-1.17.1
goharbor:debug-1.16.0-e2e
goharbor:1.15.0
goharbor:revert-1864-chart-repository
goharbor:1.14.0
goharbor:1.13.0
goharbor:contrib/configurable-ingress
goharbor:1.12.0
goharbor:curl-wget
goharbor:1.11.0
goharbor:update-Jenkinsfile
goharbor:1.3.0
goharbor:1.10.0
goharbor:1.9.0
goharbor:1.8.0
goharbor:1.7.0
goharbor:1.6.0
goharbor:1.5.0
goharbor:1.4.0
goharbor:1.2.0
goharbor:1.1.0
goharbor:1.0.0
goharbor:0.3.0
goharbor:stable
goharbor:v1.16.4
goharbor:v1.17.1
goharbor:v1.16.3
goharbor:v1.17.0
goharbor:v1.16.2
goharbor:v1.16.1
goharbor:v1.15.2
goharbor:v1.16.0
goharbor:v1.15.1
goharbor:v1.14.3
goharbor:v1.13.5
goharbor:v1.15.0
goharbor:v1.12.6
goharbor:v1.13.4
goharbor:v1.14.2
goharbor:v1.14.1
goharbor:v1.13.3
goharbor:v1.12.5
goharbor:v1.13.2
goharbor:v1.14.0
goharbor:v1.11.4
goharbor:v1.13.1
goharbor:v1.11.3
goharbor:v1.13.0
goharbor:v1.12.4
goharbor:v1.12.3
goharbor:v1.3.19
goharbor:v1.12.2
goharbor:v1.12.1
goharbor:1.3.19-rc2
goharbor:v1.11.2
goharbor:v1.3.19-rc1
goharbor:v1.12.0
goharbor:v1.3.18
goharbor:v1.3.18-rc1
goharbor:v1.9.6
goharbor:v1.10.4
goharbor:v1.3.17
goharbor:v1.11.1
goharbor:v1.3.16
goharbor:v1.3.16-rc1
goharbor:v1.9.5
goharbor:v1.10.3
goharbor:v1.11.0
goharbor:v1.3.15
goharbor:v1.10.2
goharbor:v1.10.1
goharbor:v1.3.14
goharbor:v1.3.14-rc2
goharbor:v1.3.14-rc1
goharbor:v1.9.4
goharbor:v1.10.0
goharbor:v1.3.13
goharbor:v1.3.13-rc2
goharbor:v1.3.13-rc1
goharbor:v1.3.12
goharbor:v1.8.3
goharbor:v1.3.12-rc1
goharbor:v1.9.3
goharbor:v1.9.2
goharbor:v1.9.1
goharbor:v1.3.11
goharbor:v1.3.11-rc1
goharbor:v1.9.0
goharbor:v1.8.2
goharbor:v1.3.10
goharbor:v1.8.1
goharbor:v1.7.5
goharbor:v1.7.4
goharbor:v1.8.0
goharbor:v1.3.9
goharbor:v1.6.4
goharbor:v1.7.3
goharbor:v1.7.2
goharbor:1.7.1
goharbor:1.5.6
goharbor:v1.6.3
goharbor:v1.3.8
goharbor:v1.7.0
goharbor:v1.3.7
goharbor:v1.6.2
goharbor:v1.5.5
goharbor:v1.6.1
goharbor:v1.5.4
goharbor:v1.6.0
goharbor:v1.4.6
goharbor:v1.5.3
goharbor:v1.5.2
goharbor:v1.4.5
goharbor:v1.4.4
goharbor:v1.3.6
goharbor:v1.5.1
goharbor:v1.4.3
goharbor:v1.5.0
goharbor:v1.3.5
goharbor:v1.4.2
goharbor:v1.3.4
goharbor:v1.4.1
goharbor:v1.3.3
goharbor:v1.4.0
goharbor:v1.3.2
goharbor:v1.3.1
goharbor:v1.2.4
goharbor:v1.2.4-rc1
goharbor:v1.3.0
goharbor:v1.1.6
goharbor:v1.2.3
goharbor:v1.1.5
goharbor:v1.2.2
goharbor:v1.2.1
goharbor:v1.1.4
goharbor:v1.2.0
goharbor:v1.1.3
goharbor:v1.1.2
goharbor:v1.1.1
goharbor:v1.1.0
goharbor:v1.0.1
goharbor:v1.0.0

26 Commits
v1.15.1 ... main

Author SHA1 Message Date
miner e2167b6923
add proxy timeout for nginx https config (#2202) 
Signed-off-by: my036811 <miner.yang@broadcom.com>
 2025-06-09 15:07:37 +08:00
rkthtrifork ac65d7b4d6
added existingSecretAdminPassword to the values.yaml file (#2180) 
Signed-off-by: rkthtrifork <rkth@trifork.com>
 2025-05-06 15:49:31 +08:00
SoohwanKim ba600bc14f
Fix: fix bug where log level configuration was not applied (#2167) 
Signed-off-by: SooHwan <soowh91@gmail.com>
Signed-off-by: SooHwan Kim <soowh91@gmail.com>
Co-authored-by: soowh91 <soowh91@uracle.co.kr>
 2025-04-15 14:20:56 +08:00
miner 834dd74b2c
rendering config for redis tls (#2145) 
Signed-off-by: yminer <miner.yang@broadcom.com>

update ut

Co-authored-by: yminer <miner.yang@broadcom.com>
 2025-02-26 16:22:23 +08:00
miner 6c342ac9ef
Set proxy registry to bypass 429 issue (#1903) (#1911) 
Signed-off-by: yminer <miner.yang@broadcom.com>
Co-authored-by: yminer <miner.yang@broadcom.com>
 2025-01-13 14:25:48 +08:00
Carlos Vega 94cd10c5d5
Add unittests for exporter (#1893) 
Signed-off-by: Carlos Vega <carlos.vega@dynatrace.com>
 2024-12-23 17:23:32 +08:00
miner cccbc3f3c2
add comment for CSRF key setting (#1868) 
Signed-off-by: yminer <miner.yang@broadcom.com>
Co-authored-by: yminer <miner.yang@broadcom.com>
 2024-11-21 00:21:00 +08:00
Pramod Valavala 5715130289
Add entry for `ingress.className` in README (#1832) 
Signed-off-by: Pramod Valavala <saip92@gmail.com>
 2024-11-20 19:25:23 +08:00
Wang Yan b6b92d6684
Merge pull request #1852 from MinerYang/remove-chartrepo-from-ingress 
remove chart repo path from ingress template
 2024-11-04 19:30:06 +08:00
yminer e48fd73484 remove chart repo path from ingress template 
Signed-off-by: yminer <miner.yang@broadcom.com>
 2024-11-04 05:18:07 +00:00
Wang Yan b1d0b09431
Merge pull request #1843 from reasonerjt/rm-chartrepo-nginx 
Remove chartrepo location for nginx configmap
 2024-10-17 15:31:28 +08:00
Daniel Jiang 778849a6f6 Remove chartrepo location for nginx configmap 
The chunk should be removed b/c it used to serve chart museum and it has
been removed from Harbor

Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com>
 2024-10-17 14:56:33 +08:00
Wang Yan 8b7db8dd84
Merge pull request #1842 from wy65701436/ci-fix 
fix ci failure
 2024-10-16 12:41:28 +08:00
wang yan 52f42c34fc fix ci failure 
update versions of
1, kind & kind-action
2, actions/checkout & upload-artifacts
3, ingress-controller
4, golang
5, kubernetes

Signed-off-by: wang yan <wangyan@vmware.com>
 2024-10-16 12:26:19 +08:00
Daniel Jiang e0ef69c3d5
Merge pull request #1817 from torrefatto/main 
Fix issue #1620
 2024-09-23 17:03:38 +08:00
Leonardo Barcaroli d0d2cd7f45
Fix issue #1620 
Signed-off-by: Leonardo Barcaroli <leonardo@koyeb.com>
 2024-08-28 12:01:19 +02:00
miner 44f6a8ffd6
Merge pull request #1812 from aznashwan/remove-registry-args 
Remove ineffective 'args' from registry-dpl template.
 2024-08-27 14:13:47 +08:00
Shengwen YU 0fe524dde1
Merge pull request #1809 from vitaliytv/patch-1 
DOCS: missing link to distribution
 2024-08-19 10:30:44 +08:00
vitaliytv b4ff8f4061 DOCS: missing link to distribution 
Signed-off-by: vitaliytv <v@nitra.ai>
 2024-08-18 20:00:17 +03:00
Nashwan Azhari c1a4b04629
Remove ineffective 'args' from registry-dpl template. 
This patch removes the 'args' field from the 'registry-dpl' Deployment
template, as is was completely ignored by the upstream registry-photon
image's entrypoint.sh script which does not accept/process any
arguments in any way.

Fixes: https://github.com/goharbor/harbor-helm/issues/1801

Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
 2024-08-13 13:02:31 +03:00
Shengwen YU 499b55daff
Merge pull request #1787 from cvegagimenez/feat/add-core-tests 
Create unit tests for Core
 2024-08-09 10:17:17 +08:00
Carlos Vega 74326eded0
Fixed comments 
- Remove duplicated test PodAnnotations
- Rename test ArtifactPullAsyncFlushDuration

Signed-off-by: Carlos Vega <carlos.vega@dynatrace.com>
 2024-08-07 14:03:42 +02:00
Shengwen YU 618295199a
Merge pull request #1779 from Kellen275/kgsappington/resource-namespaces 
Fix ArgoCD integration by adding `metadata.namespace` to all templates
 2024-07-31 10:19:51 +08:00
Shengwen YU cad54ba3c3
fix: update maintainers info and comment of trivy config (#1792) 
Signed-off-by: Shengwen Yu <yshengwen@vmware.com>
 2024-07-28 13:58:29 +02:00
Kellen Sappington 0be9b1a89f Fix ArgoCD integration by adding metadata.namespace to all templates 
Signed-off-by: Kellen Sappington <kellen275@gmail.com>
 2024-07-26 06:43:01 -04:00
Carlos Vega 1da7ed5a66
Create unit tests for Core 
- Migrate `go test` to `helm unittest`
- Migrate Trivy existing unit tests to `helm unittest`
- Add unit tests for Core

Signed-off-by: Carlos Vega <carlos.vega@dynatrace.com>
 2024-07-09 17:45:04 +02:00
66 changed files with 1873 additions and 276 deletions
Show Stats Expand all files Collapse all files

22
.github/workflows/integration.yaml vendored
View File

@ -9,31 +9,31 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
k8s_version: [v1.25.3, v1.24.7, v1.23.13]
k8s_version: [v1.31.1, v1.30.4, v1.29.8]
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Create kind cluster
uses: helm/kind-action@v1.1.0
uses: helm/kind-action@v1.10.0
with:
version: v0.17.0
version: v0.24.0
node_image: kindest/node:${{ matrix.k8s_version }}
cluster_name: kind-cluster-${{ matrix.k8s_version }}
config: test/integration/kind-cluster.yaml
- name: Install Nginx ingress controller
run: |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.9.0/deploy/static/provider/kind/deploy.yaml
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.2/deploy/static/provider/kind/deploy.yaml
kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=120s
- name: Set up Go 1.19
uses: actions/setup-go@v2
- name: Set up Go 1.23
uses: actions/setup-go@v5
with:
go-version: "1.19"
go-version: "1.23"
- name: Cache go mod
uses: actions/cache@v2
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@ -59,7 +59,7 @@ jobs:
kubectl -n default logs -l "component=$name" --all-containers > /tmp/harbor/$name.log ; \
done
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v4
if: failure()
with:
name: harbor_${{ matrix.k8s_version }}_${{ runner.os }}
@ -71,7 +71,7 @@ jobs:
mkdir -p /tmp/logs
kind export logs --name kind-cluster-${{ matrix.k8s_version }} /tmp/logs
- uses: actions/upload-artifact@v2
- uses: actions/upload-artifact@v4
if: failure()
with:
name: kind_v${{ matrix.k8s_version }}

18
.github/workflows/unittest.yaml vendored
View File

@ -16,20 +16,10 @@ jobs:
with:
version: '3.11.1'
- name: Set up Go 1.19
uses: actions/setup-go@v2
with:
go-version: 1.19
- name: Cache go mod
uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Install Helm Unit Test Plugin
run: |
helm plugin install https://github.com/helm-unittest/helm-unittest --version v0.4.4
- name: Run unit tests
working-directory: ./test
run:
go test -v github.com/goharbor/harbor-helm/unittest
helm unittest -f 'test/unittest/*/*.yaml' .

10
Chart.yaml
View File

@ -13,10 +13,12 @@ sources:
- https://github.com/goharbor/harbor
- https://github.com/goharbor/harbor-helm
maintainers:
- name: Yan Wang
email: yan-yw.wang@broadcom.com
- name: Wenkai Yin
email: yinw@vmware.com
- name: Weiwei He
email: hweiwei@vmware.com
email: wenkai.yin@broadcom.com
- name: Miner Yang
email: miner.yang@broadcom.com
- name: Shengwen Yu
email: yshengwen@vmware.com
email: shengwen.yu@broadcom.com
engine: gotpl

3
README.md
View File

@ -86,6 +86,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `expose.ingress.hosts.core` | The host of Harbor core service in ingress rule | `core.harbor.domain` |
| `expose.ingress.controller` | The ingress controller type. Currently supports `default`, `gce`, `alb`, `f5-bigip` and `ncp` | `default` |
| `expose.ingress.kubeVersionOverride` | Allows the ability to override the kubernetes version used while templating the ingress | |
| `expose.ingress.className` | Specify the `ingressClassName` used to implement the Ingress (Kubernetes 1.18+) | |
| `expose.ingress.annotations` | The annotations used commonly for ingresses | |
| `expose.ingress.labels` | The labels specific to ingress | {} |
| `expose.clusterIP.name` | The name of ClusterIP service | `harbor` |
@ -307,7 +308,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `trivy.skipUpdate` | The flag to disable [Trivy DB][trivy-db] downloads from GitHub | `false` |
| `trivy.skipJavaDBUpdate` | If the flag is enabled you have to manually download the `trivy-java.db` file [Trivy Java DB][trivy-java-db] and mount it in the `/home/scanner/.cache/trivy/java-db/trivy-java.db` path | `false` |
| `trivy.offlineScan` | The flag prevents Trivy from sending API requests to identify dependencies. | `false` |
| `trivy.securityCheck` | Comma-separated list of what security issues to detect. Possible values are `vuln`, `config` and `secret`. | `vuln` |
| `trivy.securityCheck` | Comma-separated list of what security issues to detect. | `vuln` |
| `trivy.timeout` | The duration to wait for scan completion | `5m0s` |
| `trivy.gitHubToken` | The GitHub access token to download [Trivy DB][trivy-db] (see [GitHub rate limiting][trivy-rate-limiting]) | |
| `trivy.priorityClassName` | The priority class to run the pod as | |

18
templates/_helpers.tpl
View File

@ -148,7 +148,21 @@ app: "{{ template "harbor.name" . }}"
{{- define "harbor.redis.scheme" -}}
{{- with .Values.redis }}
{{- ternary "redis+sentinel" "redis" (and (eq .type "external" ) (not (not .external.sentinelMasterSet))) }}
{{- if eq .type "external" -}}
{{- if not (not .external.sentinelMasterSet) -}}
{{- ternary "rediss+sentinel" "redis+sentinel" (.external.tlsOptions.enable) }}
{{- else -}}
{{- ternary "rediss" "redis" (.external.tlsOptions.enable) }}
{{- end -}}
{{- else -}}
{{ print "redis" }}
{{- end -}}
{{- end }}
{{- end -}}
{{- define "harbor.redis.enableTLS" -}}
{{- with .Values.redis }}
{{- ternary "true" "false" (and ( eq .type "external") (.external.tlsOptions.enable)) }}
{{- end }}
{{- end -}}
@ -161,7 +175,7 @@ app: "{{ template "harbor.name" . }}"
{{- define "harbor.redis.masterSet" -}}
{{- with .Values.redis }}
{{- ternary .external.sentinelMasterSet "" (eq "redis+sentinel" (include "harbor.redis.scheme" $)) }}
{{- ternary .external.sentinelMasterSet "" (contains "+sentinel" (include "harbor.redis.scheme" $)) }}
{{- end }}
{{- end -}}

3
templates/core/core-cm.yaml
View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "harbor.core" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
data:
@ -87,4 +88,4 @@ data:
{{- if .Values.core.quotaUpdateProvider }}
QUOTA_UPDATE_PROVIDER: "{{ .Values.core.quotaUpdateProvider }}"
{{- end }}
{{- end }}

1
templates/core/core-dpl.yaml
View File

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "harbor.core" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: core

3
templates/core/core-pre-upgrade-job.yaml
View File

@ -3,6 +3,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: migration-job
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: migrator
@ -74,4 +75,4 @@ spec:
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- end }}
{{- end }}

1
templates/core/core-secret.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ template "harbor.core" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque

1
templates/core/core-svc.yaml
View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "harbor.core" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- with .Values.core.serviceAnnotations }}

3
templates/core/core-tls.yaml
View File

@ -4,6 +4,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.core.secretName" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
@ -12,4 +13,4 @@ data:
tls.crt: {{ (required "The \"internalTLS.core.crt\" is required!" .Values.internalTLS.core.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.core.key\" is required!" .Values.internalTLS.core.key) | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

1
templates/database/database-secret.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.database" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque

1
templates/database/database-ss.yaml
View File

@ -4,6 +4,7 @@ apiVersion: apps/v1
kind: StatefulSet
metadata:
name: "{{ template "harbor.database" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: database

3
templates/database/database-svc.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.database" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
@ -11,4 +12,4 @@ spec:
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: database
{{- end -}}
{{- end -}}

3
templates/exporter/exporter-cm-env.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.exporter" . }}-env"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
data:
@ -32,4 +33,4 @@ data:
HARBOR_DATABASE_SSLMODE: "{{ template "harbor.database.sslmode" . }}"
HARBOR_DATABASE_MAX_IDLE_CONNS: "{{ .Values.database.maxIdleConns }}"
HARBOR_DATABASE_MAX_OPEN_CONNS: "{{ .Values.database.maxOpenConns }}"
{{- end}}
{{- end}}

1
templates/exporter/exporter-dpl.yaml
View File

@ -3,6 +3,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "harbor.exporter" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: exporter

1
templates/exporter/exporter-secret.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ template "harbor.exporter" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque

1
templates/exporter/exporter-svc.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.exporter" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:

28
templates/ingress/ingress.yaml
View File

@ -2,25 +2,25 @@
{{- $ingress := .Values.expose.ingress -}}
{{- $tls := .Values.expose.tls -}}
{{- if eq .Values.expose.ingress.controller "gce" }}
{{- $_ := set . "path_type" "ImplementationSpecific" -}}
{{- $_ := set . "portal_path" "/*" -}}
{{- $_ := set . "api_path" "/api/*" -}}
{{- $_ := set . "service_path" "/service/*" -}}
{{- $_ := set . "v2_path" "/v2/*" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/*" -}}
{{- $_ := set . "controller_path" "/c/*" -}}
{{- else if eq .Values.expose.ingress.controller "ncp" }}
{{- $_ := set . "path_type" "Prefix" -}}
{{- $_ := set . "portal_path" "/.*" -}}
{{- $_ := set . "api_path" "/api/.*" -}}
{{- $_ := set . "service_path" "/service/.*" -}}
{{- $_ := set . "v2_path" "/v2/.*" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/.*" -}}
{{- $_ := set . "controller_path" "/c/.*" -}}
{{- else }}
{{- $_ := set . "path_type" "Prefix" -}}
{{- $_ := set . "portal_path" "/" -}}
{{- $_ := set . "api_path" "/api/" -}}
{{- $_ := set . "service_path" "/service/" -}}
{{- $_ := set . "v2_path" "/v2/" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/" -}}
{{- $_ := set . "controller_path" "/c/" -}}
{{- end }}
@ -35,6 +35,7 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: "{{ template "harbor.ingress" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if $ingress.labels }}
@ -79,10 +80,6 @@ spec:
backend:
serviceName: {{ template "harbor.core" . }}
servicePort: {{ template "harbor.core.servicePort" . }}
- path: {{ .chartrepo_path }}
backend:
serviceName: {{ template "harbor.core" . }}
servicePort: {{ template "harbor.core.servicePort" . }}
- path: {{ .controller_path }}
backend:
serviceName: {{ template "harbor.core" . }}
@ -93,42 +90,35 @@ spec:
servicePort: {{ template "harbor.portal.servicePort" . }}
{{- else }}
- path: {{ .api_path }}
pathType: Prefix
pathType: {{ .path_type }}
backend:
service:
name: {{ template "harbor.core" . }}
port:
number: {{ template "harbor.core.servicePort" . }}
- path: {{ .service_path }}
pathType: Prefix
pathType: {{ .path_type }}
backend:
service:
name: {{ template "harbor.core" . }}
port:
number: {{ template "harbor.core.servicePort" . }}
- path: {{ .v2_path }}
pathType: Prefix
backend:
service:
name: {{ template "harbor.core" . }}
port:
number: {{ template "harbor.core.servicePort" . }}
- path: {{ .chartrepo_path }}
pathType: Prefix
pathType: {{ .path_type }}
backend:
service:
name: {{ template "harbor.core" . }}
port:
number: {{ template "harbor.core.servicePort" . }}
- path: {{ .controller_path }}
pathType: Prefix
pathType: {{ .path_type }}
backend:
service:
name: {{ template "harbor.core" . }}
port:
number: {{ template "harbor.core.servicePort" . }}
- path: {{ .portal_path }}
pathType: Prefix
pathType: {{ .path_type }}
backend:
service:
name: {{ template "harbor.portal" . }}

3
templates/ingress/secret.yaml
View File

@ -5,6 +5,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.ingress" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
@ -12,4 +13,4 @@ data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
{{- end }}
{{- end }}

7
templates/internal/auto-tls.yaml
View File

@ -14,6 +14,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.core.secretName" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
@ -27,6 +28,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.jobservice.secretName" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
@ -40,6 +42,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.registry.secretName" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
@ -53,6 +56,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.portal.secretName" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
@ -69,6 +73,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.trivy.secretName" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
@ -78,4 +83,4 @@ data:
tls.key: {{ $trivyCrt.Key | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

3
templates/jobservice/jobservice-cm-env.yaml
View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.jobservice" . }}-env"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
data:
@ -14,6 +15,8 @@ data:
JOBSERVICE_WEBHOOK_JOB_MAX_RETRY: "{{ .Values.jobservice.notification.webhook_job_max_retry }}"
JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "{{ .Values.jobservice.notification.webhook_job_http_client_timeout }}"
LOG_LEVEL: "{{ .Values.logLevel }}"
{{- if has "jobservice" .Values.proxy.components }}
HTTP_PROXY: "{{ .Values.proxy.httpProxy }}"
HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}"

1
templates/jobservice/jobservice-cm.yaml
View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.jobservice" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
data:

1
templates/jobservice/jobservice-dpl.yaml
View File

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ template "harbor.jobservice" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: jobservice

1
templates/jobservice/jobservice-pvc.yaml
View File

@ -4,6 +4,7 @@ kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "harbor.jobservice" . }}
namespace: {{ .Release.Namespace | quote }}
annotations:
{{- range $key, $value := $jobLog.annotations }}
{{ $key }}: {{ $value | quote }}

1
templates/jobservice/jobservice-secrets.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.jobservice" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque

1
templates/jobservice/jobservice-svc.yaml
View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.jobservice" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:

3
templates/jobservice/jobservice-tls.yaml
View File

@ -4,6 +4,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.jobservice.secretName" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
@ -12,4 +13,4 @@ data:
tls.crt: {{ (required "The \"internalTLS.jobservice.crt\" is required!" .Values.internalTLS.jobservice.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.jobservice.key\" is required!" .Values.internalTLS.jobservice.key) | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

1
templates/metrics/metrics-svcmon.yaml
View File

@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "harbor.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{ include "harbor.labels" . | nindent 4 }}
{{- if .Values.metrics.serviceMonitor.additionalLabels }}
{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }}

16
templates/nginx/configmap-http.yaml
View File

@ -4,6 +4,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "harbor.nginx" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
data:
@ -89,21 +90,6 @@ data:
proxy_request_buffering off;
}
location /chartrepo/ {
proxy_pass {{ $scheme }}://core/chartrepo/;
{{- if and .Values.internalTLS.enabled }}
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
{{- end }}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
proxy_buffering off;
proxy_request_buffering off;
}
location /c/ {
proxy_pass {{ $scheme }}://core/c/;
proxy_set_header Host $host;

20
templates/nginx/configmap-https.yaml
View File

@ -4,6 +4,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "harbor.nginx" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
data:
@ -112,23 +113,6 @@ data:
proxy_request_buffering off;
}
location /chartrepo/ {
proxy_pass {{ $scheme }}://core/chartrepo/;
{{- if and .Values.internalTLS.enabled }}
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
{{- end }}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
proxy_cookie_path / "/; Secure";
proxy_buffering off;
proxy_request_buffering off;
}
location /c/ {
proxy_pass {{ $scheme }}://core/c/;
proxy_set_header Host $host;
@ -154,6 +138,8 @@ data:
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
proxy_buffering off;
proxy_request_buffering off;
proxy_send_timeout 900;
proxy_read_timeout 900;
}
location /service/ {

1
templates/nginx/deployment.yaml
View File

@ -3,6 +3,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "harbor.nginx" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: nginx

3
templates/nginx/secret.yaml
View File

@ -5,6 +5,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ template "harbor.nginx" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
@ -20,4 +21,4 @@ data:
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

1
templates/nginx/service.yaml
View File

@ -5,6 +5,7 @@ metadata:
{{- if eq .Values.expose.type "clusterIP" }}
{{- $clusterIP := .Values.expose.clusterIP }}
name: {{ $clusterIP.name }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.expose.clusterIP.labels }}

1
templates/portal/configmap.yaml
View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.portal" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
data:

1
templates/portal/deployment.yaml
View File

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ template "harbor.portal" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: portal

1
templates/portal/service.yaml
View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.portal" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- with .Values.portal.serviceAnnotations }}

1
templates/portal/tls.yaml
View File

@ -4,6 +4,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.portal.secretName" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls

3
templates/redis/service.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: {{ template "harbor.redis" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
@ -11,4 +12,4 @@ spec:
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: redis
{{- end -}}
{{- end -}}

1
templates/redis/statefulset.yaml
View File

@ -4,6 +4,7 @@ apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "harbor.redis" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: redis

2
templates/registry/registry-cm.yaml
View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.registry" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
data:
@ -181,6 +182,7 @@ data:
readtimeout: 10s
writetimeout: 10s
dialtimeout: 10s
enableTLS: {{ template "harbor.redis.enableTLS" . }}
pool:
maxidle: 100
maxactive: 500

2
templates/registry/registry-dpl.yaml
View File

@ -4,6 +4,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ template "harbor.registry" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: registry
@ -95,7 +96,6 @@ spec:
{{- if not (empty .Values.containerSecurityContext) }}
securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }}
{{- end }}
args: ["serve", "/etc/registry/config.yml"]
envFrom:
- secretRef:
name: "{{ template "harbor.registry" . }}"

3
templates/registry/registry-pvc.yaml
View File

@ -5,6 +5,7 @@ kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "harbor.registry" . }}
namespace: {{ .Release.Namespace | quote }}
annotations:
{{- range $key, $value := $registry.annotations }}
{{ $key }}: {{ $value | quote }}
@ -30,4 +31,4 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

2
templates/registry/registry-secret.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.registry" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
@ -43,6 +44,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.registry" . }}-htpasswd"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque

3
templates/registry/registry-svc.yaml
View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.registry" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
@ -17,4 +18,4 @@ spec:
{{- end }}
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: registry
component: registry

3
templates/registry/registry-tls.yaml
View File

@ -4,6 +4,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.registry.secretName" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
@ -12,4 +13,4 @@ data:
tls.crt: {{ (required "The \"internalTLS.registry.crt\" is required!" .Values.internalTLS.registry.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.registry.key\" is required!" .Values.internalTLS.registry.key) | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

1
templates/registry/registryctl-cm.yaml
View File

@ -2,6 +2,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.registryCtl" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
data:

3
templates/registry/registryctl-secret.yaml
View File

@ -2,8 +2,9 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.registryCtl" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
{{- template "harbor.traceJaegerPassword" . }}
{{- template "harbor.traceJaegerPassword" . }}

1
templates/trivy/trivy-secret.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ template "harbor.trivy" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque

1
templates/trivy/trivy-sts.yaml
View File

@ -4,6 +4,7 @@ apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "harbor.trivy" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: trivy

1
templates/trivy/trivy-svc.yaml
View File

@ -3,6 +3,7 @@ apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.trivy" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:

1
templates/trivy/trivy-tls.yaml
View File

@ -4,6 +4,7 @@ apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.trivy.secretName" . }}"
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls

17
test/e2e/Jenkinsfile vendored
View File

@ -22,8 +22,21 @@ class HarborChartFreshInstallPipelineExecutor extends FreshInstallPipelineExecut
script.file(credentialsId: "kubeconfig", variable: "KUBE_CONFIG_FILE_PATH"),
script.usernamePassword(credentialsId: "79e9fd98-cdf5-4f55-81fa-ecba01365534", usernameVariable: "DOCKER_HUB_USERNAME", passwordVariable: "DOCKER_HUB_PASSWORD")]) {
script.sh """
# login Docker Hub to avoid the pull limit
docker login -u \${DOCKER_HUB_USERNAME} -p \${DOCKER_HUB_PASSWORD}
# Set proxy registry or docker credential to bypass Docker Hub rate limit
echo "PROXY_REGISTRY is \${PROXY_REGISTRY}"
if [ "\${PROXY_REGISTRY}" != "" ]; then
# set deafult registry to a proxy registry
echo '{
"registry-mirrors": ["'"\${PROXY_REGISTRY}"'"]
}' | sudo tee /etc/docker/daemon.json > /dev/null
# Restart Docker to apply the changes
sudo systemctl reset-failed docker.service
sudo systemctl restart docker
else
docker login -u \${DOCKER_HUB_USERNAME} -p \${DOCKER_HUB_PASSWORD}
fi
# build the image
docker build -t deployer:dev -f test/e2e/Dockerfile test/e2e
# clean up the namespace

195
test/unittest/core/core_configmap_test.yaml Normal file
View File

@ -0,0 +1,195 @@
suite: CoreConfigMap
tests:
- it: witTrivy
set:
trivy:
enabled: true
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.WITH_TRIVY
value: "true"
- it: RedisUrlHarborInternal
set:
redis:
internal:
harborDatabaseIndex: test-index
type: internal
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data._REDIS_URL_HARBOR
value: redis://RELEASE-NAME-harbor-redis:6379/test-index?idle_timeout_seconds=30
- it: RedisUrlHarborExternal
set:
redis:
external:
harborDatabaseIndex: test-index
type: external
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data._REDIS_URL_HARBOR
value: redis://192.168.0.2:6379/test-index?idle_timeout_seconds=30
- it: RedisSentinelUrlHarborExternalTLS
set:
redis:
external:
harborDatabaseIndex: test-index
tlsOptions:
enable: true
sentinelMasterSet: "mymaster"
type: external
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data._REDIS_URL_HARBOR
value: rediss+sentinel://192.168.0.2:6379/mymaster/test-index?idle_timeout_seconds=30
- it: CacheLayerDatabaseIndex
set:
redis:
internal:
cacheLayerDatabaseIndex: test-index
type: internal
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data._REDIS_URL_CACHE_LAYER
value: redis://RELEASE-NAME-harbor-redis:6379/test-index?idle_timeout_seconds=30
- it: RegsitryCredentialUsername
set:
registry:
credentials:
username: test-username
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.REGISTRY_CREDENTIAL_USERNAME
value: test-username
- it: UaaSecretName
set:
uaaSecretName: true
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.UAA_CA_ROOT
value: /etc/core/auth-ca/auth-ca.crt
- it: MetricEnabled
set:
metrics:
enabled: true
core:
path: /customMetrics
port: 8080
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.METRIC_ENABLE
value: "true"
- equal:
path: data.METRIC_PATH
value: /customMetrics
- equal:
path: data.METRIC_PORT
value: "8080"
- equal:
path: data.METRIC_NAMESPACE
value: harbor
- equal:
path: data.METRIC_SUBSYSTEM
value: core
- it: GcTimeWindowHours
set:
core:
gcTimeWindowHours: 2
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.GC_TIME_WINDOW_HOURS
value: "2"
- it: ArtifactPullAsyncFlushDuration
set:
core:
artifactPullAsyncFlushDuration: 30
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.ARTIFACT_PULL_ASYNC_FLUSH_DURATION
value: "30"
- it: GdprDeleteUser
set:
core:
gdpr:
deleteUser: true
auditLogsCompliant: false
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.GDPR_DELETE_USER
value: "true"
- notExists:
path: data.GDPR_AUDIT_LOGS
- it: GdprAuditLogsCompliant
set:
core:
gdpr:
deleteUser: false
auditLogsCompliant: true
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.GDPR_AUDIT_LOGS
value: "true"
- notExists:
path: data.GDPR_DELETE_USER
- it: GdprDeleteUserAuditLogsCompliant
set:
core:
gdpr:
deleteUser: true
auditLogsCompliant: true
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.GDPR_DELETE_USER
value: "true"
- equal:
path: data.GDPR_AUDIT_LOGS
value: "true"
- it: CacheEnabled
set:
cache:
enabled: true
expireHours: 3
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.CACHE_ENABLED
value: "true"
- equal:
path: data.CACHE_EXPIRE_HOURS
value: "3"
- it: QuotaUpdate
set:
core:
quotaUpdateProvider: 3
template: templates/core/core-cm.yaml
asserts:
- equal:
path: data.QUOTA_UPDATE_PROVIDER
value: "3"

536
test/unittest/core/core_deployment_test.yaml Normal file
View File

@ -0,0 +1,536 @@
suite: CoreDeployment
tests:
- it: PodLabels
set:
core:
podLabels:
test.label: test-label
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.metadata.labels["test.label"]
value: test-label
- it: PodAnnotations
set:
core:
podAnnotations:
test.annotation: test-annotation
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.metadata.annotations["test.annotation"]
value: test-annotation
- it: NoReplicas
set:
core:
replicas: 0
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.replicas
value: 0
- it: MultipleReplicas
set:
core:
replicas: 2
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.replicas
value: 2
- it: ServiceAccounts
set:
core:
serviceAccountName: testServiceAccount
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.spec.serviceAccountName
value: testServiceAccount
- it: ImagePullSecrets
set:
imagePullSecrets:
- name: test-secret-1
- name: test-secret-2
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.imagePullSecrets
count: 2
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: test-secret-1
- name: test-secret-2
- it: TopologySpreadConstraints
set:
core:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.topologySpreadConstraints
count: 1
- contains:
path: spec.template.spec.topologySpreadConstraints
content:
labelSelector:
matchLabels:
app: harbor
component: core
release: RELEASE-NAME
maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
- it: InitContainers
set:
core:
initContainers:
- name: test
image: busybox
command: ["sh", "-c", "sleep 20"]
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.initContainers
count: 1
- equal:
path: spec.template.spec.initContainers
value:
- name: test
image: busybox
command:
- sh
- "-c"
- sleep 20
- it: ContainerImage
set:
core:
image:
repository: test-repository/test-image
tag: 1.0.0
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: test-repository/test-image:1.0.0
- it: StartupProbe
set:
core:
startupProbe:
enabled: true
initialDelaySeconds: 10
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].startupProbe.httpGet.path
value: /api/v2.0/ping
- equal:
path: spec.template.spec.containers[0].startupProbe.httpGet.scheme
value: HTTP
- equal:
path: spec.template.spec.containers[0].startupProbe.httpGet.port
value: 8080
- equal:
path: spec.template.spec.containers[0].startupProbe.failureThreshold
value: 360
- equal:
path: spec.template.spec.containers[0].startupProbe.initialDelaySeconds
value: 10
- equal:
path: spec.template.spec.containers[0].startupProbe.periodSeconds
value: 10
- it: StartupProbeInternalTLS
set:
core:
startupProbe:
enabled: true
initialDelaySeconds: 10
internalTLS:
enabled: true
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].startupProbe.httpGet.path
value: /api/v2.0/ping
- equal:
path: spec.template.spec.containers[0].startupProbe.httpGet.scheme
value: HTTPS
- equal:
path: spec.template.spec.containers[0].startupProbe.httpGet.port
value: 8443
- equal:
path: spec.template.spec.containers[0].startupProbe.failureThreshold
value: 360
- equal:
path: spec.template.spec.containers[0].startupProbe.initialDelaySeconds
value: 10
- equal:
path: spec.template.spec.containers[0].startupProbe.periodSeconds
value: 10
- it: ExistingSecretAdminPassword
set:
existingSecretAdminPassword: HARBOR_ADMIN_PASSWORD
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].env
count: 3
- equal:
path: spec.template.spec.containers[0].env[2].name
value: HARBOR_ADMIN_PASSWORD
- equal:
path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name
value: HARBOR_ADMIN_PASSWORD
- equal:
path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.key
value: HARBOR_ADMIN_PASSWORD
- it: InternalTLS
set:
internalTLS:
enabled: true
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].env
count: 6
- equal:
path: spec.template.spec.containers[0].env[2].name
value: INTERNAL_TLS_ENABLED
- equal:
path: spec.template.spec.containers[0].env[2].value
value: "true"
- equal:
path: spec.template.spec.containers[0].env[3].name
value: INTERNAL_TLS_KEY_PATH
- equal:
path: spec.template.spec.containers[0].env[3].value
value: /etc/harbor/ssl/core/tls.key
- equal:
path: spec.template.spec.containers[0].env[4].name
value: INTERNAL_TLS_CERT_PATH
- equal:
path: spec.template.spec.containers[0].env[4].value
value: /etc/harbor/ssl/core/tls.crt
- equal:
path: spec.template.spec.containers[0].env[5].name
value: INTERNAL_TLS_TRUST_CA_PATH
- equal:
path: spec.template.spec.containers[0].env[5].value
value: /etc/harbor/ssl/core/ca.crt
- equal:
path: spec.template.spec.containers[0].volumeMounts[4].name
value: core-internal-certs
- equal:
path: spec.template.spec.containers[0].volumeMounts[4].mountPath
value: /etc/harbor/ssl/core
- it: DBCredentials
set:
database:
external:
existingSecret: db-secret-name
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].env
count: 3
- equal:
path: spec.template.spec.containers[0].env[2].name
value: POSTGRESQL_PASSWORD
- equal:
path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name
value: db-secret-name
- equal:
path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.key
value: password
- it: RegistryCredentials
set:
registry:
credentials:
existingSecret: registry-secret-name
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].env
count: 3
- equal:
path: spec.template.spec.containers[0].env[2].name
value: REGISTRY_CREDENTIAL_PASSWORD
- equal:
path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name
value: registry-secret-name
- equal:
path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.key
value: REGISTRY_PASSWD
- it: XsrfCredentials
set:
core:
existingXsrfSecret: xsrf-secret-name
existingXsrfSecretKey: xsrf-secret-key
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].env
count: 3
- equal:
path: spec.template.spec.containers[0].env[2].name
value: CSRF_KEY
- equal:
path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.name
value: xsrf-secret-name
- equal:
path: spec.template.spec.containers[0].env[2].valueFrom.secretKeyRef.key
value: xsrf-secret-key
- it: ExtraEnvVars
set:
core:
extraEnvVars:
- name: ENVVAR_NAME
value: envvar_value
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].env
count: 3
- equal:
path: spec.template.spec.containers[0].env[2].name
value: ENVVAR_NAME
- equal:
path: spec.template.spec.containers[0].env[2].value
value: envvar_value
- it: MultipleExtraEnvVars
set:
core:
extraEnvVars:
- name: ENVVAR_NAME_1
value: envvar_value_1
- name: ENVVAR_NAME_2
value: envvar_value_2
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].env
count: 4
- equal:
path: spec.template.spec.containers[0].env[2].name
value: ENVVAR_NAME_1
- equal:
path: spec.template.spec.containers[0].env[2].value
value: envvar_value_1
- equal:
path: spec.template.spec.containers[0].env[3].name
value: ENVVAR_NAME_2
- equal:
path: spec.template.spec.containers[0].env[3].value
value: envvar_value_2
- it: ContainerSecurityContext
set:
containerSecurityContext:
privileged: true
allowPrivilegeEscalation: true
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
capabilities:
drop:
- All
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.privileged
value: true
- equal:
path: spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation
value: true
- equal:
path: spec.template.spec.containers[0].securityContext.seccompProfile.type
value: RuntimeDefault
- equal:
path: spec.template.spec.containers[0].securityContext.runAsNonRoot
value: true
- equal:
path: spec.template.spec.containers[0].securityContext.capabilities.drop[0]
value: All
- it: ExposeTLSEnabled
set:
expose:
tls:
enabled: true
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].volumeMounts
count: 5
- equal:
path: spec.template.spec.containers[0].volumeMounts[3].name
value: ca-download
- equal:
path: spec.template.spec.containers[0].volumeMounts[3].mountPath
value: /etc/core/ca
- it: UaaSecretName
set:
uaaSecretName: uaa-secret-name
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].volumeMounts
count: 6
- lengthEqual:
path: spec.template.spec.volumes
count: 6
- equal:
path: spec.template.spec.volumes[4].name
value: auth-ca-cert
- equal:
path: spec.template.spec.volumes[4].secret.secretName
value: uaa-secret-name
- equal:
path: spec.template.spec.volumes[4].secret.items[0].key
value: ca.crt
- equal:
path: spec.template.spec.volumes[4].secret.items[0].path
value: auth-ca.crt
- equal:
path: spec.template.spec.containers[0].volumeMounts[4].mountPath
value: /etc/core/auth-ca/auth-ca.crt
- equal:
path: spec.template.spec.containers[0].volumeMounts[4].subPath
value: auth-ca.crt
- it: Resources
set:
core:
resources:
requests:
memory: 256Mi
cpu: 100m
limits:
memory: 500Mi
cpu: 200m
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].resources.requests.cpu
value: 100m
- equal:
path: spec.template.spec.containers[0].resources.requests.memory
value: 256Mi
- equal:
path: spec.template.spec.containers[0].resources.limits.cpu
value: 200m
- equal:
path: spec.template.spec.containers[0].resources.limits.memory
value: 500Mi
- it: CASecretName
set:
caSecretName: ca-secret-name
template: templates/core/core-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].volumeMounts
count: 5
- equal:
path: spec.template.spec.containers[0].volumeMounts[3].name
value: ca-download
- equal:
path: spec.template.spec.containers[0].volumeMounts[3].mountPath
value: /etc/core/ca
- equal:
path: spec.template.spec.volumes[3].name
value: ca-download
- equal:
path: spec.template.spec.volumes[3].secret.secretName
value: ca-secret-name
- it: NodeSelector
set:
core:
nodeSelector:
node.selector/tier: test-node-selector
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.spec.nodeSelector["node.selector/tier"]
value: test-node-selector
- it: Affinity
set:
core:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: test-affinity
operator: In
values:
- S1
topologyKey: topology.kubernetes.io/zone
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].key
value: test-affinity
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].operator
value: In
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].values[0]
value: S1
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].topologyKey
value: topology.kubernetes.io/zone
- it: Tolerations
set:
core:
tolerations:
- effect: NoSchedule
key: test-label
value: test
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.spec.tolerations[0].effect
value: NoSchedule
- equal:
path: spec.template.spec.tolerations[0].key
value: test-label
- equal:
path: spec.template.spec.tolerations[0].value
value: test
- it: PriorityClassName
set:
core:
priorityClassName: test-priority
template: templates/core/core-dpl.yaml
asserts:
- equal:
path: spec.template.spec.priorityClassName
value: test-priority

198
test/unittest/core/core_job_test.yaml Normal file
View File

@ -0,0 +1,198 @@
suite: CoreJob
tests:
- it: JobDefault
set:
enableMigrateHelmHook: true
template: templates/core/core-pre-upgrade-job.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers
count: 1
- lengthEqual:
path: spec.template.spec.containers[0].volumeMounts
count: 1
- lengthEqual:
path: spec.template.spec.volumes
count: 1
- equal:
path: metadata.name
value: migration-job
- equal:
path: spec.template.spec.containers[0].name
value: core-job
- equal:
path: spec.template.spec.containers[0].volumeMounts[0].name
value: config
- equal:
path: spec.template.spec.volumes[0].name
value: config
- equal:
path: spec.template.spec.containers[0].command
value: ["/harbor/harbor_core", "-mode=migrate"]
- it: ServiceAccount
set:
enableMigrateHelmHook: true
core:
serviceAccountName: test-service-account
template: templates/core/core-pre-upgrade-job.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers
count: 1
- lengthEqual:
path: spec.template.spec.containers[0].volumeMounts
count: 1
- lengthEqual:
path: spec.template.spec.volumes
count: 1
- equal:
path: metadata.name
value: migration-job
- equal:
path: spec.template.spec.containers[0].name
value: core-job
- equal:
path: spec.template.spec.containers[0].volumeMounts[0].name
value: config
- equal:
path: spec.template.spec.volumes[0].name
value: config
- equal:
path: spec.template.spec.serviceAccountName
value: test-service-account
- equal:
path: spec.template.spec.containers[0].command
value: ["/harbor/harbor_core", "-mode=migrate"]
- it: NodeSelector
set:
enableMigrateHelmHook: true
core:
nodeSelector:
node.selector/tier: test-node-selector
template: templates/core/core-pre-upgrade-job.yaml
asserts:
- equal:
path: spec.template.spec.nodeSelector["node.selector/tier"]
value: test-node-selector
- lengthEqual:
path: spec.template.spec.containers
count: 1
- lengthEqual:
path: spec.template.spec.containers[0].volumeMounts
count: 1
- lengthEqual:
path: spec.template.spec.volumes
count: 1
- equal:
path: metadata.name
value: migration-job
- equal:
path: spec.template.spec.containers[0].name
value: core-job
- equal:
path: spec.template.spec.containers[0].volumeMounts[0].name
value: config
- equal:
path: spec.template.spec.volumes[0].name
value: config
- equal:
path: spec.template.spec.containers[0].command
value: ["/harbor/harbor_core", "-mode=migrate"]
- it: Affinity
set:
enableMigrateHelmHook: true
core:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: test-affinity
operator: In
values:
- S1
topologyKey: topology.kubernetes.io/zone
template: templates/core/core-pre-upgrade-job.yaml
asserts:
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].key
value: test-affinity
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].operator
value: In
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].values[0]
value: S1
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].topologyKey
value: topology.kubernetes.io/zone
- lengthEqual:
path: spec.template.spec.containers
count: 1
- lengthEqual:
path: spec.template.spec.containers[0].volumeMounts
count: 1
- lengthEqual:
path: spec.template.spec.volumes
count: 1
- equal:
path: metadata.name
value: migration-job
- equal:
path: spec.template.spec.containers[0].name
value: core-job
- equal:
path: spec.template.spec.containers[0].volumeMounts[0].name
value: config
- equal:
path: spec.template.spec.volumes[0].name
value: config
- equal:
path: spec.template.spec.containers[0].command
value: ["/harbor/harbor_core", "-mode=migrate"]
- it: Tolerations
set:
enableMigrateHelmHook: true
core:
tolerations:
- effect: NoSchedule
key: test-label
value: test
template: templates/core/core-pre-upgrade-job.yaml
asserts:
- equal:
path: spec.template.spec.tolerations[0].effect
value: NoSchedule
- equal:
path: spec.template.spec.tolerations[0].key
value: test-label
- equal:
path: spec.template.spec.tolerations[0].value
value: test
- lengthEqual:
path: spec.template.spec.containers
count: 1
- lengthEqual:
path: spec.template.spec.containers[0].volumeMounts
count: 1
- lengthEqual:
path: spec.template.spec.volumes
count: 1
- equal:
path: metadata.name
value: migration-job
- equal:
path: spec.template.spec.containers[0].name
value: core-job
- equal:
path: spec.template.spec.containers[0].volumeMounts[0].name
value: config
- equal:
path: spec.template.spec.volumes[0].name
value: config
- equal:
path: spec.template.spec.containers[0].command
value: ["/harbor/harbor_core", "-mode=migrate"]

97
test/unittest/core/core_secret_test.yaml Normal file
View File

@ -0,0 +1,97 @@
suite: CoreSecret
tests:
- it: Secret
set:
secretKey: test-secret
harborAdminPassword: test-admin-password
registry:
credentials:
password: test-registry-secret
core:
secret: test-secret-defined
xsrfKey: xsrf-key
configureUserSettings: "{\"test\": \"test\"}"
template: templates/core/core-secret.yaml
asserts:
- equal:
path: data.secretKey
value: "dGVzdC1zZWNyZXQ="
- equal:
path: data.secret
value: "dGVzdC1zZWNyZXQtZGVmaW5lZA=="
- exists:
path: data["tls.key"]
- exists:
path: data["tls.crt"]
- equal:
path: data.HARBOR_ADMIN_PASSWORD
value: "dGVzdC1hZG1pbi1wYXNzd29yZA=="
- equal:
path: data.CONFIG_OVERWRITE_JSON
value: "eyJ0ZXN0IjogInRlc3QifQ=="
- it: ExistingSecretSecretKey
set:
existingSecretSecretKey: test-secret
template: templates/core/core-secret.yaml
asserts:
- notExists:
path: data.secretKey
- it: ExistingCoreSecret
set:
core:
existingSecret: test-secret
template: templates/core/core-secret.yaml
asserts:
- notExists:
path: data.secret
- it: ExistingTLSSecret
set:
core:
secretName: test-secret
template: templates/core/core-secret.yaml
asserts:
- notExists:
path: data["tls.key"]
- notExists:
path: data["tls.crt"]
- it: ExistingAdminSecret
set:
existingSecretAdminPassword: test-password
template: templates/core/core-secret.yaml
asserts:
- notExists:
path: data.HARBOR_ADMIN_PASSWORD
- it: ExistingExternalDBSecret
set:
database:
external:
existingSecret: test-db-secret
template: templates/core/core-secret.yaml
asserts:
- notExists:
path: data.POSTGRESQL_PASSWORD
- it: ExistingRegistrySecret
set:
registry:
credentials:
existingSecret: test-registry-secret
template: templates/core/core-secret.yaml
asserts:
- notExists:
path: data.REGISTRY_CREDENTIAL_PASSWORD
- it: ExistingRegistrySecret
set:
core:
existingXsrfSecret: test-xsrf-secret
template: templates/core/core-secret.yaml
asserts:
- notExists:
path: data.CSRF_KEY

84
test/unittest/core/core_svc_test.yaml Normal file
View File

@ -0,0 +1,84 @@
suite: CoreSvc
tests:
- it: Annotation
set:
core:
serviceAnnotations:
test.annotation: test-annotation
template: templates/core/core-svc.yaml
asserts:
- equal:
path: metadata.annotations["test.annotation"]
value: test-annotation
- it: TypeGce
set:
expose:
ingress:
controller: gce
template: templates/core/core-svc.yaml
asserts:
- equal:
path: spec.type
value: NodePort
- it: TypeAlb
set:
expose:
ingress:
controller: alb
template: templates/core/core-svc.yaml
asserts:
- equal:
path: spec.type
value: NodePort
- it: TypeF5
set:
expose:
ingress:
controller: f5-bigip
template: templates/core/core-svc.yaml
asserts:
- equal:
path: spec.type
value: NodePort
- it: NotType
template: templates/core/core-svc.yaml
asserts:
- notExists:
path: spec.type
- it: InternalTLSEnabled
set:
internalTLS:
enabled: true
template: templates/core/core-svc.yaml
asserts:
- equal:
path: spec.ports[0].name
value: https-web
- it: InternalTLSDisabled
set:
internalTLS:
enabled: false
template: templates/core/core-svc.yaml
asserts:
- equal:
path: spec.ports[0].name
value: http-web
- it: ExposeMetricsPort
set:
metrics:
enabled: true
core:
port: 1111
template: templates/core/core-svc.yaml
asserts:
- equal:
path: spec.ports[1].port
value: 1111

38
test/unittest/core/core_tls_test.yaml Normal file
View File

@ -0,0 +1,38 @@
suite: CoreTls
tests:
- it: TLSExists
set:
trivy:
enabled: false
internalTLS:
enabled: true
trustCa: testCa
certSource: manual
core:
crt: testCrt
key: testKey
registry:
crt: testCrt
key: testKey
portal:
crt: testCrt
key: testKey
jobservice:
crt: testCrt
key: testKey
template: templates/core/core-tls.yaml
asserts:
- exists:
path: metadata.name
- exists:
path: apiVersion
- equal:
path: data["ca.crt"]
value: "dGVzdENh"
- equal:
path: data["tls.crt"]
value: "dGVzdENydA=="
- equal:
path: data["tls.key"]
value: "dGVzdEtleQ=="

117
test/unittest/exporter/exporter_configmap_test.yaml Normal file
View File

@ -0,0 +1,117 @@
suite: ExporterConfigMap
tests:
- it: ProxyJobservice
set:
metrics:
enabled: true
proxy:
httpProxy: 1.1.1.1
httpsProxy: 2.2.2.2
noProxy: 127.0.0.1,localhost,.local,.internal
components:
- jobservice
template: templates/exporter/exporter-cm-env.yaml
asserts:
- equal:
path: data.HTTP_PROXY
value: 1.1.1.1
- equal:
path: data.HTTPS_PROXY
value: 2.2.2.2
- equal:
path: data.NO_PROXY
value: RELEASE-NAME-harbor-core,RELEASE-NAME-harbor-jobservice,RELEASE-NAME-harbor-database,RELEASE-NAME-harbor-registry,RELEASE-NAME-harbor-portal,RELEASE-NAME-harbor-trivy,RELEASE-NAME-harbor-exporter,127.0.0.1,localhost,.local,.internal
- it: ProxyNoJobservice
set:
metrics:
enabled: true
proxy:
httpProxy: 1.1.1.1
httpsProxy: 2.2.2.2
noProxy: 127.0.0.1,localhost,.local,.internal
components:
- testComponent
template: templates/exporter/exporter-cm-env.yaml
asserts:
- notExists:
path: data.HTTP_PROXY
- notExists:
path: data.HTTPS_PROXY
- notExists:
path: data.NO_PROXY
- it: FullSecrets
set:
metrics:
enabled: true
exporter:
path: /testEndpoint
port: 1111
exporter:
cacheDuration: 30
cacheCleanInterval: 1000
logLevel: debug
database:
maxIdleConns: 100
maxOpenConns: 50
template: templates/exporter/exporter-cm-env.yaml
asserts:
- equal:
path: data.LOG_LEVEL
value: debug
- equal:
path: data.HARBOR_EXPORTER_PORT
value: "1111"
- equal:
path: data.HARBOR_EXPORTER_METRICS_PATH
value: /testEndpoint
- equal:
path: data.HARBOR_EXPORTER_METRICS_ENABLED
value: "true"
- equal:
path: data.HARBOR_EXPORTER_CACHE_TIME
value: "30"
- equal:
path: data.HARBOR_EXPORTER_CACHE_CLEAN_INTERVAL
value: "1000"
- equal:
path: data.HARBOR_REDIS_URL
value: redis://RELEASE-NAME-harbor-redis:6379/1
- equal:
path: data.HARBOR_REDIS_NAMESPACE
value: harbor_job_service_namespace
- equal:
path: data.HARBOR_REDIS_TIMEOUT
value: "3600"
- equal:
path: data.HARBOR_SERVICE_SCHEME
value: http
- equal:
path: data.HARBOR_SERVICE_HOST
value: RELEASE-NAME-harbor-core
- equal:
path: data.HARBOR_SERVICE_PORT
value: "80"
- equal:
path: data.HARBOR_DATABASE_HOST
value: RELEASE-NAME-harbor-database
- equal:
path: data.HARBOR_DATABASE_PORT
value: "5432"
- equal:
path: data.HARBOR_DATABASE_USERNAME
value: postgres
- equal:
path: data.HARBOR_DATABASE_DBNAME
value: registry
- equal:
path: data.HARBOR_DATABASE_SSLMODE
value: disable
- equal:
path: data.HARBOR_DATABASE_MAX_IDLE_CONNS
value: "100"
- equal:
path: data.HARBOR_DATABASE_MAX_OPEN_CONNS
value: "50"

313
test/unittest/exporter/exporter_deployment_test.yaml Normal file
View File

@ -0,0 +1,313 @@
suite: ExporterDeployment
tests:
- it: PodLabels
set:
metrics:
enabled: true
exporter:
podLabels:
test.label: test-label
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.metadata.labels["test.label"]
value: test-label
- it: PodAnnotations
set:
metrics:
enabled: true
exporter:
podAnnotations:
test.annotation: test-annotation
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.metadata.annotations["test.annotation"]
value: test-annotation
- it: NoReplicas
set:
metrics:
enabled: true
exporter:
replicas: 0
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.replicas
value: 0
- it: MultipleReplicas
set:
metrics:
enabled: true
exporter:
replicas: 2
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.replicas
value: 2
- it: ServiceAccounts
set:
metrics:
enabled: true
exporter:
serviceAccountName: testServiceAccount
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.spec.serviceAccountName
value: testServiceAccount
- it: ImagePullSecrets
set:
metrics:
enabled: true
imagePullSecrets:
- name: test-secret-1
- name: test-secret-2
template: templates/exporter/exporter-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.imagePullSecrets
count: 2
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: test-secret-1
- name: test-secret-2
- it: TopologySpreadConstraints
set:
metrics:
enabled: true
exporter:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
template: templates/exporter/exporter-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.topologySpreadConstraints
count: 1
- contains:
path: spec.template.spec.topologySpreadConstraints
content:
labelSelector:
matchLabels:
app: harbor
component: exporter
release: RELEASE-NAME
maxSkew: 1
topologyKey: topology.kubernetes.io/zone
whenUnsatisfiable: ScheduleAnyway
- it: ContainerImage
set:
metrics:
enabled: true
exporter:
image:
repository: test-repository/test-image
tag: 1.0.0
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].image
value: test-repository/test-image:1.0.0
- it: ExistingSecretAdminPassword
set:
metrics:
enabled: true
existingSecretAdminPassword: HARBOR_ADMIN_PASSWORD
template: templates/exporter/exporter-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].env
count: 1
- equal:
path: spec.template.spec.containers[0].env[0].name
value: HARBOR_ADMIN_PASSWORD
- equal:
path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name
value: HARBOR_ADMIN_PASSWORD
- equal:
path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.key
value: HARBOR_ADMIN_PASSWORD
- it: InternalTLS
set:
metrics:
enabled: true
internalTLS:
enabled: true
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].volumeMounts[0].name
value: core-internal-certs
- equal:
path: spec.template.spec.containers[0].volumeMounts[0].mountPath
value: /etc/harbor/ssl/core
- it: DBCredentials
set:
metrics:
enabled: true
database:
external:
existingSecret: db-secret-name
template: templates/exporter/exporter-dpl.yaml
asserts:
- lengthEqual:
path: spec.template.spec.containers[0].env
count: 1
- equal:
path: spec.template.spec.containers[0].env[0].name
value: HARBOR_DATABASE_PASSWORD
- equal:
path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.name
value: db-secret-name
- equal:
path: spec.template.spec.containers[0].env[0].valueFrom.secretKeyRef.key
value: password
- it: ContainerSecurityContext
set:
metrics:
enabled: true
containerSecurityContext:
privileged: true
allowPrivilegeEscalation: true
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
capabilities:
drop:
- All
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.privileged
value: true
- equal:
path: spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation
value: true
- equal:
path: spec.template.spec.containers[0].securityContext.seccompProfile.type
value: RuntimeDefault
- equal:
path: spec.template.spec.containers[0].securityContext.runAsNonRoot
value: true
- equal:
path: spec.template.spec.containers[0].securityContext.capabilities.drop[0]
value: All
- it: Resources
set:
metrics:
enabled: true
exporter:
resources:
requests:
memory: 256Mi
cpu: 100m
limits:
memory: 500Mi
cpu: 200m
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.spec.containers[0].resources.requests.cpu
value: 100m
- equal:
path: spec.template.spec.containers[0].resources.requests.memory
value: 256Mi
- equal:
path: spec.template.spec.containers[0].resources.limits.cpu
value: 200m
- equal:
path: spec.template.spec.containers[0].resources.limits.memory
value: 500Mi
- it: NodeSelector
set:
metrics:
enabled: true
exporter:
nodeSelector:
node.selector/tier: test-node-selector
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.spec.nodeSelector["node.selector/tier"]
value: test-node-selector
- it: Affinity
set:
metrics:
enabled: true
exporter:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: test-affinity
operator: In
values:
- S1
topologyKey: topology.kubernetes.io/zone
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].key
value: test-affinity
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].operator
value: In
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].labelSelector.matchExpressions[0].values[0]
value: S1
- equal:
path: spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[0].topologyKey
value: topology.kubernetes.io/zone
- it: Tolerations
set:
metrics:
enabled: true
exporter:
tolerations:
- effect: NoSchedule
key: test-label
value: test
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.spec.tolerations[0].effect
value: NoSchedule
- equal:
path: spec.template.spec.tolerations[0].key
value: test-label
- equal:
path: spec.template.spec.tolerations[0].value
value: test
- it: PriorityClassName
set:
metrics:
enabled: true
exporter:
priorityClassName: test-priority
template: templates/exporter/exporter-dpl.yaml
asserts:
- equal:
path: spec.template.spec.priorityClassName
value: test-priority

36
test/unittest/exporter/exporter_secret_test.yaml Normal file
View File

@ -0,0 +1,36 @@
suite: ExporterSecret
tests:
- it: Secret
set:
metrics:
enabled: true
template: templates/exporter/exporter-secret.yaml
asserts:
- equal:
path: data.HARBOR_ADMIN_PASSWORD
value: "SGFyYm9yMTIzNDU="
- exists:
path: data.HARBOR_DATABASE_PASSWORD
- it: ExistingAdminSecret
set:
metrics:
enabled: true
existingSecretAdminPassword: test-password
template: templates/exporter/exporter-secret.yaml
asserts:
- notExists:
path: data.HARBOR_ADMIN_PASSWORD
- it: ExistingExternalDBSecret
set:
metrics:
enabled: true
database:
external:
existingSecret: test-db-secret
template: templates/exporter/exporter-secret.yaml
asserts:
- notExists:
path: data.POSTGRESQL_PASSWORD

14
test/unittest/exporter/exporter_svc_test.yaml Normal file
View File

@ -0,0 +1,14 @@
suite: ExporterSvc
tests:
- it: ExposeMetricsPort
set:
metrics:
enabled: true
exporter:
port: 1111
template: templates/exporter/exporter-svc.yaml
asserts:
- equal:
path: spec.ports[0].port
value: 1111

97
test/unittest/trivy/trivy_statefulset_test.yaml Normal file
View File

@ -0,0 +1,97 @@
suite: TrivyStatefulSet
tests:
- it: PersistenceDisabled
set:
persistence:
enabled: false
persistentVolumeClaim:
trivy:
existingClaim: trivy-data
template: templates/trivy/trivy-sts.yaml
asserts:
- lengthEqual:
path: spec.template.spec.volumes
count: 1
- notExists:
path: spec.volumeClaimTemplates
- exists:
path: spec.template.spec.volumes[0].emptyDir
- it: PersistenceEnabled
set:
persistence:
enabled: true
template: templates/trivy/trivy-sts.yaml
asserts:
- notExists:
path: spec.template.spec.volumes
- lengthEqual:
path: spec.volumeClaimTemplates
count: 1
- it: ExistingClaim
set:
persistence:
enabled: true
persistentVolumeClaim:
trivy:
existingClaim: trivy-data
template: templates/trivy/trivy-sts.yaml
asserts:
- lengthEqual:
path: spec.template.spec.volumes
count: 1
- notExists:
path: spec.volumeClaimTemplates
- exists:
path: spec.template.spec.volumes[0].persistentVolumeClaim
- equal:
path: spec.template.spec.volumes[0].persistentVolumeClaim.claimName
value: trivy-data
- it: InternalTLSEnabledWithoutPersistence
set:
internalTLS:
enabled: true
persistence:
enabled: false
template: templates/trivy/trivy-sts.yaml
asserts:
- lengthEqual:
path: spec.template.spec.volumes
count: 2
- notExists:
path: spec.volumeClaimTemplates
- it: InternalTLSEnabledWithPersistence
set:
internalTLS:
enabled: true
persistence:
enabled: true
template: templates/trivy/trivy-sts.yaml
asserts:
- lengthEqual:
path: spec.template.spec.volumes
count: 1
- lengthEqual:
path: spec.template.spec.volumes
count: 1
- it: InternalTLSEnabledWithPersistenceExistigClaim
set:
internalTLS:
enabled: true
persistence:
enabled: true
persistentVolumeClaim:
trivy:
existingClaim: trivy-data
template: templates/trivy/trivy-sts.yaml
asserts:
- lengthEqual:
path: spec.template.spec.volumes
count: 2
- notExists:
path: spec.volumeClaimTemplates

171
test/unittest/trivy_stateful_set_test.go
View File

@ -1,171 +0,0 @@
package unittest
import (
"os"
"testing"
"github.com/gruntwork-io/terratest/modules/helm"
"github.com/gruntwork-io/terratest/modules/logger"
"github.com/stretchr/testify/suite"
appsV1 "k8s.io/api/apps/v1"
)
type TrivyStatefulSetTestSuite struct {
suite.Suite
}
func (suite *TrivyStatefulSetTestSuite) render(values map[string]string) *appsV1.StatefulSet {
helmChartPath := "../../"
options := &helm.Options{
SetValues: values,
}
debug := os.Getenv("debug")
if debug != "true" {
options.Logger = logger.Discard
}
output := helm.RenderTemplate(suite.T(), options, helmChartPath, "harbor", []string{"templates/trivy/trivy-sts.yaml"})
var ss appsV1.StatefulSet
helm.UnmarshalK8SYaml(suite.T(), output, &ss)
return &ss
}
func (suite *TrivyStatefulSetTestSuite) TestPersistenceDisabled() {
values := map[string]string{
"persistence.enabled": "false",
"persistence.persistentVolumeClaim.trivy.existingClaim": "trivy-data",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 1)
suite.NotNil(ss.Spec.Template.Spec.Volumes[0].EmptyDir)
suite.Len(ss.Spec.VolumeClaimTemplates, 0)
}
func (suite *TrivyStatefulSetTestSuite) TestPersistenceEnabled() {
values := map[string]string{
"persistence.enabled": "true",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 0)
suite.Len(ss.Spec.VolumeClaimTemplates, 1)
}
func (suite *TrivyStatefulSetTestSuite) TestExistingClaim() {
values := map[string]string{
"persistence.enabled": "true",
"persistence.persistentVolumeClaim.trivy.existingClaim": "trivy-data",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 1)
suite.NotNil(ss.Spec.Template.Spec.Volumes[0].PersistentVolumeClaim)
suite.Equal("trivy-data", ss.Spec.Template.Spec.Volumes[0].PersistentVolumeClaim.ClaimName)
suite.Len(ss.Spec.VolumeClaimTemplates, 0)
}
func (suite *TrivyStatefulSetTestSuite) TestInternalTLSEnabled() {
{
values := map[string]string{
"internalTLS.enabled": "true",
"persistence.enabled": "false",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 2)
suite.Len(ss.Spec.VolumeClaimTemplates, 0)
}
{
values := map[string]string{
"internalTLS.enabled": "true",
"persistence.enabled": "true",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 1)
suite.Len(ss.Spec.VolumeClaimTemplates, 1)
}
{
values := map[string]string{
"internalTLS.enabled": "true",
"persistence.enabled": "true",
"persistence.persistentVolumeClaim.trivy.existingClaim": "trivy-data",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 2)
suite.Len(ss.Spec.VolumeClaimTemplates, 0)
}
}
func (suite *TrivyStatefulSetTestSuite) TestCustomCA() {
{
values := map[string]string{
"caBundleSecretName": "ca-bundle-secret",
"persistence.enabled": "false",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 2)
suite.Len(ss.Spec.VolumeClaimTemplates, 0)
}
{
values := map[string]string{
"caBundleSecretName": "ca-bundle-secret",
"internalTLS.enabled": "true",
"persistence.enabled": "false",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 3)
suite.Len(ss.Spec.VolumeClaimTemplates, 0)
}
{
values := map[string]string{
"caBundleSecretName": "ca-bundle-secret",
"internalTLS.enabled": "true",
"persistence.enabled": "true",
"persistence.persistentVolumeClaim.trivy.existingClaim": "trivy-data",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 3)
suite.Len(ss.Spec.VolumeClaimTemplates, 0)
}
{
values := map[string]string{
"caBundleSecretName": "ca-bundle-secret",
"persistence.enabled": "true",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 1)
suite.Len(ss.Spec.VolumeClaimTemplates, 1)
}
{
values := map[string]string{
"caBundleSecretName": "ca-bundle-secret",
"persistence.enabled": "true",
"persistence.persistentVolumeClaim.trivy.existingClaim": "trivy-data",
}
ss := suite.render(values)
suite.Len(ss.Spec.Template.Spec.Volumes, 2)
suite.Len(ss.Spec.VolumeClaimTemplates, 0)
}
}
func TestTrivyStatefulSetTestSuite(t *testing.T) {
suite.Run(t, &TrivyStatefulSetTestSuite{})
}

20
values.yaml
View File

@ -173,14 +173,14 @@ persistence:
annotations: {}
# Define which storage backend is used for registry to store
# images and charts. Refer to
# https://github.com/distribution/distribution/blob/main/docs/content/about/configuration.md#storage
# https://github.com/distribution/distribution/blob/release/2.8/docs/configuration.md#storage
# for the detail.
imageChartStorage:
# Specify whether to disable `redirect` for images and chart storage, for
# backends which not supported it (such as using minio for `s3` storage type), please disable
# it. To disable redirects, simply set `disableredirect` to `true` instead.
# Refer to
# https://github.com/distribution/distribution/blob/main/docs/configuration.md#redirect
# https://github.com/distribution/distribution/blob/release/2.8/docs/configuration.md#redirect
# for the detail.
disableredirect: false
# Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
@ -270,7 +270,7 @@ persistence:
# The initial password of Harbor admin. Change it from portal after launching Harbor
# or give an existing secret for it
# key in secret is given via (default to HARBOR_ADMIN_PASSWORD)
# existingSecretAdminPassword:
existingSecretAdminPassword: ""
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
harborAdminPassword: "Harbor12345"
@ -625,6 +625,8 @@ core:
# If tokenKey is set, the value of tokenCert must be set as a PEM-encoded certificate signed by tokenKey, and supplied as a multiline string, indented one more than tokenCert on the following line.
tokenCert: |
# The XSRF key. Will be generated automatically if it isn't specified
# While you specified, Please make sure it is 32 characters, otherwise would have validation issue at the harbor-core runtime
# https://github.com/goharbor/harbor/pull/21154
xsrfKey: ""
# If using existingSecret, the key is defined by core.existingXsrfSecretKey
existingXsrfSecret: ""
@ -749,7 +751,7 @@ registry:
# command: [ 'sh', '-c', "sleep 20" ]
# Secret is used to secure the upload state from client
# and registry storage backend.
# See: https://github.com/distribution/distribution/blob/main/docs/configuration.md#http
# See: https://github.com/distribution/distribution/blob/release/2.8/docs/configuration.md#http
# If a secret key is not specified, Helm will generate one.
# Must be a string of 16 chars.
secret: ""
@ -875,7 +877,7 @@ trivy:
# It would work if all the dependencies are in local.
# This option doesnt affect DB download. You need to specify skipUpdate as well as offlineScan in an air-gapped environment.
offlineScan: false
# Comma-separated list of what security issues to detect. Possible values are `vuln`, `config` and `secret`. Defaults to `vuln`.
# Comma-separated list of what security issues to detect. Defaults to `vuln`.
securityCheck: "vuln"
# The duration to wait for scan completion
timeout: 5m0s
@ -1006,6 +1008,14 @@ redis:
addr: "192.168.0.2:6379"
# The name of the set of Redis instances to monitor, it must be set to support redis+sentinel
sentinelMasterSet: ""
# TLS configuration for redis connection
# only server-authentication is supported, mTLS for redis connection is not supported
# tls connection will be disable by default
# Once `tlsOptions.enable` set as true, tls/ssl connection will be used for redis
# Please set the `caBundleSecretName` in this configuration file which conatins redis server rootCA if it is self-signed.
# The secret must contain keys named "ca.crt" which will be injected into the trust store
tlsOptions:
enable: false
# The "coreDatabaseIndex" must be "0" as the library Harbor
# used doesn't support configuring it
# harborDatabaseIndex defaults to "0", but it can be configured to "6", this config is optional