bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

harbor: fix vault env templates

Browse Source
This commit is contained in:
Brad Stein 2026-01-14 22:07:51 -03:00
parent 9652d9d3cf
commit 71f533ca1f
1 changed files with 30 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
services/harbor/helmrelease.yaml
View File

@ -127,26 +127,24 @@ spec:
vault.hashicorp.com/role: "harbor" vault.hashicorp.com/role: "harbor"
vault.hashicorp.com/agent-inject-secret-harbor-core-env.sh: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-secret-harbor-core-env.sh: "kv/data/atlas/harbor/harbor-core"
vault.hashicorp.com/agent-inject-template-harbor-core-env.sh: | vault.hashicorp.com/agent-inject-template-harbor-core-env.sh: |
{{- with secret "kv/data/atlas/harbor/harbor-core" -}} {{ with secret "kv/data/atlas/harbor/harbor-core" }}
export CORE_SECRET="{{ .Data.data.secret }}" export CORE_SECRET="{{ .Data.data.secret }}"
export CSRF_KEY="{{ .Data.data.CSRF_KEY }}" export CSRF_KEY="{{ .Data.data.CSRF_KEY }}"
export HARBOR_ADMIN_PASSWORD="{{ .Data.data.harbor_admin_password }}" export HARBOR_ADMIN_PASSWORD="{{ .Data.data.harbor_admin_password }}"
export REGISTRY_CREDENTIAL_PASSWORD="{{ .Data.data.REGISTRY_CREDENTIAL_PASSWORD }}" export REGISTRY_CREDENTIAL_PASSWORD="{{ .Data.data.REGISTRY_CREDENTIAL_PASSWORD }}"
{{- end }} {{ end }}
{{- with secret "kv/data/atlas/harbor/harbor-jobservice" -}} {{ with secret "kv/data/atlas/harbor/harbor-jobservice" }}
export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}" export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}"
{{- end }} {{ end }}
{{- with secret "kv/data/atlas/harbor/harbor-db" -}} {{ with secret "kv/data/atlas/harbor/harbor-db" }}
export POSTGRESQL_PASSWORD="{{ .Data.data.password }}" export POSTGRESQL_PASSWORD="{{ .Data.data.password }}"
{{- end }} {{ end }}
{{- with secret "kv/data/atlas/harbor/harbor-oidc" -}} {{ with secret "kv/data/atlas/harbor/harbor-oidc" }}
export CONFIG_OVERWRITE_JSON='{{ .Data.data.CONFIG_OVERWRITE_JSON }}' export CONFIG_OVERWRITE_JSON='{{ .Data.data.CONFIG_OVERWRITE_JSON }}'
{{- end }} {{ end }}
vault.hashicorp.com/agent-inject-secret-harbor-core-secretKey: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-secret-harbor-core-secretKey: "kv/data/atlas/harbor/harbor-core"
vault.hashicorp.com/agent-inject-template-harbor-core-secretKey: | vault.hashicorp.com/agent-inject-template-harbor-core-secretKey: |
{{- with secret "kv/data/atlas/harbor/harbor-core" -}} {{- with secret "kv/data/atlas/harbor/harbor-core" -}}{{ .Data.data.secretKey }}{{- end -}}
{{ .Data.data.secretKey }}
{{- end }}
vault.hashicorp.com/agent-inject-secret-harbor-core-tls-key: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-secret-harbor-core-tls-key: "kv/data/atlas/harbor/harbor-core"
vault.hashicorp.com/agent-inject-template-harbor-core-tls-key: | vault.hashicorp.com/agent-inject-template-harbor-core-tls-key: |
{{- with secret "kv/data/atlas/harbor/harbor-core" -}} {{- with secret "kv/data/atlas/harbor/harbor-core" -}}
@ -187,13 +185,13 @@ spec:
vault.hashicorp.com/role: "harbor" vault.hashicorp.com/role: "harbor"
vault.hashicorp.com/agent-inject-secret-harbor-jobservice-env.sh: "kv/data/atlas/harbor/harbor-jobservice" vault.hashicorp.com/agent-inject-secret-harbor-jobservice-env.sh: "kv/data/atlas/harbor/harbor-jobservice"
vault.hashicorp.com/agent-inject-template-harbor-jobservice-env.sh: | vault.hashicorp.com/agent-inject-template-harbor-jobservice-env.sh: |
{{- with secret "kv/data/atlas/harbor/harbor-core" -}} {{ with secret "kv/data/atlas/harbor/harbor-core" }}
export CORE_SECRET="{{ .Data.data.secret }}" export CORE_SECRET="{{ .Data.data.secret }}"
{{- end }} {{ end }}
{{- with secret "kv/data/atlas/harbor/harbor-jobservice" -}} {{ with secret "kv/data/atlas/harbor/harbor-jobservice" }}
export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}" export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}"
export REGISTRY_CREDENTIAL_PASSWORD="{{ .Data.data.REGISTRY_CREDENTIAL_PASSWORD }}" export REGISTRY_CREDENTIAL_PASSWORD="{{ .Data.data.REGISTRY_CREDENTIAL_PASSWORD }}"
{{- end }} {{ end }}
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
@ -261,22 +259,22 @@ spec:
vault.hashicorp.com/role: "harbor" vault.hashicorp.com/role: "harbor"
vault.hashicorp.com/agent-inject-secret-harbor-registry-env.sh: "kv/data/atlas/harbor/harbor-registry" vault.hashicorp.com/agent-inject-secret-harbor-registry-env.sh: "kv/data/atlas/harbor/harbor-registry"
vault.hashicorp.com/agent-inject-template-harbor-registry-env.sh: | vault.hashicorp.com/agent-inject-template-harbor-registry-env.sh: |
{{- with secret "kv/data/atlas/harbor/harbor-registry" -}} {{ with secret "kv/data/atlas/harbor/harbor-registry" }}
export REGISTRY_HTTP_SECRET="{{ .Data.data.REGISTRY_HTTP_SECRET }}" export REGISTRY_HTTP_SECRET="{{ .Data.data.REGISTRY_HTTP_SECRET }}"
export REGISTRY_REDIS_PASSWORD="{{ .Data.data.REGISTRY_REDIS_PASSWORD }}" export REGISTRY_REDIS_PASSWORD="{{ .Data.data.REGISTRY_REDIS_PASSWORD }}"
{{- end }} {{ end }}
vault.hashicorp.com/agent-inject-secret-harbor-registryctl-env.sh: "kv/data/atlas/harbor/harbor-registry" vault.hashicorp.com/agent-inject-secret-harbor-registryctl-env.sh: "kv/data/atlas/harbor/harbor-registry"
vault.hashicorp.com/agent-inject-template-harbor-registryctl-env.sh: | vault.hashicorp.com/agent-inject-template-harbor-registryctl-env.sh: |
{{- with secret "kv/data/atlas/harbor/harbor-core" -}} {{ with secret "kv/data/atlas/harbor/harbor-core" }}
export CORE_SECRET="{{ .Data.data.secret }}" export CORE_SECRET="{{ .Data.data.secret }}"
{{- end }} {{ end }}
{{- with secret "kv/data/atlas/harbor/harbor-jobservice" -}} {{ with secret "kv/data/atlas/harbor/harbor-jobservice" }}
export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}" export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}"
{{- end }} {{ end }}
{{- with secret "kv/data/atlas/harbor/harbor-registry" -}} {{ with secret "kv/data/atlas/harbor/harbor-registry" }}
export REGISTRY_HTTP_SECRET="{{ .Data.data.REGISTRY_HTTP_SECRET }}" export REGISTRY_HTTP_SECRET="{{ .Data.data.REGISTRY_HTTP_SECRET }}"
export REGISTRY_REDIS_PASSWORD="{{ .Data.data.REGISTRY_REDIS_PASSWORD }}" export REGISTRY_REDIS_PASSWORD="{{ .Data.data.REGISTRY_REDIS_PASSWORD }}"
{{- end }} {{ end }}
vault.hashicorp.com/agent-inject-secret-harbor-registry-htpasswd: "kv/data/atlas/harbor/harbor-registry-htpasswd" vault.hashicorp.com/agent-inject-secret-harbor-registry-htpasswd: "kv/data/atlas/harbor/harbor-registry-htpasswd"
vault.hashicorp.com/agent-inject-template-harbor-registry-htpasswd: | vault.hashicorp.com/agent-inject-template-harbor-registry-htpasswd: |
{{- with secret "kv/data/atlas/harbor/harbor-registry-htpasswd" -}} {{- with secret "kv/data/atlas/harbor/harbor-registry-htpasswd" -}}
@ -521,26 +519,24 @@ spec:
vault.hashicorp.com/role: "harbor" vault.hashicorp.com/role: "harbor"
vault.hashicorp.com/agent-inject-secret-harbor-core-env.sh: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-secret-harbor-core-env.sh: "kv/data/atlas/harbor/harbor-core"
vault.hashicorp.com/agent-inject-template-harbor-core-env.sh: | vault.hashicorp.com/agent-inject-template-harbor-core-env.sh: |
{{- with secret "kv/data/atlas/harbor/harbor-core" -}} {{ with secret "kv/data/atlas/harbor/harbor-core" }}
export CORE_SECRET="{{ .Data.data.secret }}" export CORE_SECRET="{{ .Data.data.secret }}"
export CSRF_KEY="{{ .Data.data.CSRF_KEY }}" export CSRF_KEY="{{ .Data.data.CSRF_KEY }}"
export HARBOR_ADMIN_PASSWORD="{{ .Data.data.harbor_admin_password }}" export HARBOR_ADMIN_PASSWORD="{{ .Data.data.harbor_admin_password }}"
export REGISTRY_CREDENTIAL_PASSWORD="{{ .Data.data.REGISTRY_CREDENTIAL_PASSWORD }}" export REGISTRY_CREDENTIAL_PASSWORD="{{ .Data.data.REGISTRY_CREDENTIAL_PASSWORD }}"
{{- end }} {{ end }}
{{- with secret "kv/data/atlas/harbor/harbor-jobservice" -}} {{ with secret "kv/data/atlas/harbor/harbor-jobservice" }}
export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}" export JOBSERVICE_SECRET="{{ .Data.data.JOBSERVICE_SECRET }}"
{{- end }} {{ end }}
{{- with secret "kv/data/atlas/harbor/harbor-db" -}} {{ with secret "kv/data/atlas/harbor/harbor-db" }}
export POSTGRESQL_PASSWORD="{{ .Data.data.password }}" export POSTGRESQL_PASSWORD="{{ .Data.data.password }}"
{{- end }} {{ end }}
{{- with secret "kv/data/atlas/harbor/harbor-oidc" -}} {{ with secret "kv/data/atlas/harbor/harbor-oidc" }}
export CONFIG_OVERWRITE_JSON='{{ .Data.data.CONFIG_OVERWRITE_JSON }}' export CONFIG_OVERWRITE_JSON='{{ .Data.data.CONFIG_OVERWRITE_JSON }}'
{{- end }} {{ end }}
vault.hashicorp.com/agent-inject-secret-harbor-core-secretKey: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-secret-harbor-core-secretKey: "kv/data/atlas/harbor/harbor-core"
vault.hashicorp.com/agent-inject-template-harbor-core-secretKey: | vault.hashicorp.com/agent-inject-template-harbor-core-secretKey: |
{{- with secret "kv/data/atlas/harbor/harbor-core" -}} {{- with secret "kv/data/atlas/harbor/harbor-core" -}}{{ .Data.data.secretKey }}{{- end -}}
{{ .Data.data.secretKey }}
{{- end }}
vault.hashicorp.com/agent-inject-secret-harbor-core-tls-key: "kv/data/atlas/harbor/harbor-core" vault.hashicorp.com/agent-inject-secret-harbor-core-tls-key: "kv/data/atlas/harbor/harbor-core"
vault.hashicorp.com/agent-inject-template-harbor-core-tls-key: | vault.hashicorp.com/agent-inject-template-harbor-core-tls-key: |
{{- with secret "kv/data/atlas/harbor/harbor-core" -}} {{- with secret "kv/data/atlas/harbor/harbor-core" -}}