From 71f533ca1f2aa7c1df3d97fc2d84ef2bbf9046e6 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Wed, 14 Jan 2026 22:07:51 -0300 Subject: [PATCH] harbor: fix vault env templates --- services/harbor/helmrelease.yaml | 64 +++++++++++++++----------------- 1 file changed, 30 insertions(+), 34 deletions(-) diff --git a/services/harbor/helmrelease.yaml b/services/harbor/helmrelease.yaml index 9c74f7c..b0cbdbd 100644 --- a/services/harbor/helmrelease.yaml +++ b/services/harbor/helmrelease.yaml @@ -127,26 +127,24 @@ spec: vault.hashicorp.com/role: "harbor" vault.hashicorp.com/agent-inject-secret-harbor-core-env.sh: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-template-harbor-core-env.sh: | - {{- with secret "kv/data/atlas/harbor/harbor-core" -}} + {{ with secret "kv/data/atlas/harbor/harbor-core" }} export CORE_SECRET="{{ .Data.data.secret }}" export CSRF_KEY="{{ .Data.data.CSRF_KEY }}" export HARBOR_ADMIN_PASSWORD="{{ .Data.data.harbor_admin_password }}" export REGISTRY_CREDENTIAL_PASSWORD="{{ .Data.data.REGISTRY_CREDENTIAL_PASSWORD }}" - {{- end }} - {{- with secret "kv/data/atlas/harbor/harbor-jobservice" -}} + {{ end }} + {{ with secret "kv/data/atlas/harbor/harbor-jobservice" }} export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}" - {{- end }} - {{- with secret "kv/data/atlas/harbor/harbor-db" -}} + {{ end }} + {{ with secret "kv/data/atlas/harbor/harbor-db" }} export POSTGRESQL_PASSWORD="{{ .Data.data.password }}" - {{- end }} - {{- with secret "kv/data/atlas/harbor/harbor-oidc" -}} + {{ end }} + {{ with secret "kv/data/atlas/harbor/harbor-oidc" }} export CONFIG_OVERWRITE_JSON='{{ .Data.data.CONFIG_OVERWRITE_JSON }}' - {{- end }} + {{ end }} vault.hashicorp.com/agent-inject-secret-harbor-core-secretKey: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-template-harbor-core-secretKey: | - {{- with secret "kv/data/atlas/harbor/harbor-core" -}} - {{ .Data.data.secretKey }} - {{- end }} + {{- with secret "kv/data/atlas/harbor/harbor-core" -}}{{ .Data.data.secretKey }}{{- end -}} vault.hashicorp.com/agent-inject-secret-harbor-core-tls-key: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-template-harbor-core-tls-key: | {{- with secret "kv/data/atlas/harbor/harbor-core" -}} @@ -187,13 +185,13 @@ spec: vault.hashicorp.com/role: "harbor" vault.hashicorp.com/agent-inject-secret-harbor-jobservice-env.sh: "kv/data/atlas/harbor/harbor-jobservice" vault.hashicorp.com/agent-inject-template-harbor-jobservice-env.sh: | - {{- with secret "kv/data/atlas/harbor/harbor-core" -}} + {{ with secret "kv/data/atlas/harbor/harbor-core" }} export CORE_SECRET="{{ .Data.data.secret }}" - {{- end }} - {{- with secret "kv/data/atlas/harbor/harbor-jobservice" -}} + {{ end }} + {{ with secret "kv/data/atlas/harbor/harbor-jobservice" }} export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}" export REGISTRY_CREDENTIAL_PASSWORD="{{ .Data.data.REGISTRY_CREDENTIAL_PASSWORD }}" - {{- end }} + {{ end }} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -261,22 +259,22 @@ spec: vault.hashicorp.com/role: "harbor" vault.hashicorp.com/agent-inject-secret-harbor-registry-env.sh: "kv/data/atlas/harbor/harbor-registry" vault.hashicorp.com/agent-inject-template-harbor-registry-env.sh: | - {{- with secret "kv/data/atlas/harbor/harbor-registry" -}} + {{ with secret "kv/data/atlas/harbor/harbor-registry" }} export REGISTRY_HTTP_SECRET="{{ .Data.data.REGISTRY_HTTP_SECRET }}" export REGISTRY_REDIS_PASSWORD="{{ .Data.data.REGISTRY_REDIS_PASSWORD }}" - {{- end }} + {{ end }} vault.hashicorp.com/agent-inject-secret-harbor-registryctl-env.sh: "kv/data/atlas/harbor/harbor-registry" vault.hashicorp.com/agent-inject-template-harbor-registryctl-env.sh: | - {{- with secret "kv/data/atlas/harbor/harbor-core" -}} + {{ with secret "kv/data/atlas/harbor/harbor-core" }} export CORE_SECRET="{{ .Data.data.secret }}" - {{- end }} - {{- with secret "kv/data/atlas/harbor/harbor-jobservice" -}} + {{ end }} + {{ with secret "kv/data/atlas/harbor/harbor-jobservice" }} export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}" - {{- end }} - {{- with secret "kv/data/atlas/harbor/harbor-registry" -}} + {{ end }} + {{ with secret "kv/data/atlas/harbor/harbor-registry" }} export REGISTRY_HTTP_SECRET="{{ .Data.data.REGISTRY_HTTP_SECRET }}" export REGISTRY_REDIS_PASSWORD="{{ .Data.data.REGISTRY_REDIS_PASSWORD }}" - {{- end }} + {{ end }} vault.hashicorp.com/agent-inject-secret-harbor-registry-htpasswd: "kv/data/atlas/harbor/harbor-registry-htpasswd" vault.hashicorp.com/agent-inject-template-harbor-registry-htpasswd: | {{- with secret "kv/data/atlas/harbor/harbor-registry-htpasswd" -}} @@ -521,26 +519,24 @@ spec: vault.hashicorp.com/role: "harbor" vault.hashicorp.com/agent-inject-secret-harbor-core-env.sh: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-template-harbor-core-env.sh: | - {{- with secret "kv/data/atlas/harbor/harbor-core" -}} + {{ with secret "kv/data/atlas/harbor/harbor-core" }} export CORE_SECRET="{{ .Data.data.secret }}" export CSRF_KEY="{{ .Data.data.CSRF_KEY }}" export HARBOR_ADMIN_PASSWORD="{{ .Data.data.harbor_admin_password }}" export REGISTRY_CREDENTIAL_PASSWORD="{{ .Data.data.REGISTRY_CREDENTIAL_PASSWORD }}" - {{- end }} - {{- with secret "kv/data/atlas/harbor/harbor-jobservice" -}} + {{ end }} + {{ with secret "kv/data/atlas/harbor/harbor-jobservice" }} export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}" - {{- end }} - {{- with secret "kv/data/atlas/harbor/harbor-db" -}} + {{ end }} + {{ with secret "kv/data/atlas/harbor/harbor-db" }} export POSTGRESQL_PASSWORD="{{ .Data.data.password }}" - {{- end }} - {{- with secret "kv/data/atlas/harbor/harbor-oidc" -}} + {{ end }} + {{ with secret "kv/data/atlas/harbor/harbor-oidc" }} export CONFIG_OVERWRITE_JSON='{{ .Data.data.CONFIG_OVERWRITE_JSON }}' - {{- end }} + {{ end }} vault.hashicorp.com/agent-inject-secret-harbor-core-secretKey: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-template-harbor-core-secretKey: | - {{- with secret "kv/data/atlas/harbor/harbor-core" -}} - {{ .Data.data.secretKey }} - {{- end }} + {{- with secret "kv/data/atlas/harbor/harbor-core" -}}{{ .Data.data.secretKey }}{{- end -}} vault.hashicorp.com/agent-inject-secret-harbor-core-tls-key: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-template-harbor-core-tls-key: | {{- with secret "kv/data/atlas/harbor/harbor-core" -}}