added harbor

2025-08-10 20:40:22 -05:00 · 2025-08-10 20:40:22 -05:00 · 9d336dc0b7
commit 9d336dc0b7
parent e8a2141762
8 changed files with 1227 additions and 0 deletions
--- a/infrastructure/flux-system/kustomization-harbor.yaml
+++ b/infrastructure/flux-system/kustomization-harbor.yaml
@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: harbor
+  namespace: flux-system
+spec:
+  interval: 10m
+  path: ./services/harbor
+  targetNamespace: harbor
+  createNamespace: true
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  wait: true
--- a/infrastructure/flux-system/kustomization.yaml
+++ b/infrastructure/flux-system/kustomization.yaml
@ -4,3 +4,4 @@ resources:
 - gotk-components.yaml
 - gotk-sync.yaml
 - kustomization-gitea.yaml
+- kustomization-harbor.yaml
--- a/scripts/monero_wallet_setup.fish
+++ b/scripts/monero_wallet_setup.fish
--- a/services/harbor/certificate.yaml
+++ b/services/harbor/certificate.yaml
@ -0,0 +1,12 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: harbor-tls
+  namespace: harbor
+spec:
+  secretName: harbor-tls
+  issuerRef:
+    kind: ClusterIssuer
+    name: letsencrypt-prod
+  dnsNames:
+  - registry.bstein.dev
--- a/services/harbor/helmrelease.yaml
+++ b/services/harbor/helmrelease.yaml
@ -0,0 +1,69 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: harbor
+  namespace: flux-system
+spec:
+  interval: 15m
+  targetNamespace: harbor
+  install:
+    createNamespace: false
+  chart:
+    spec:
+      chart: harbor
+      version: 1.17.1
+      sourceRef:
+        kind: HelmRepository
+        name: harbor
+        namespace: flux-system
+  values:
+    expose:
+      type: ingress
+      ingress:
+        className: traefik
+        hosts:
+          core: registry.bstein.dev
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+      tls:
+        enabled: true
+        certSource: secret
+        secret:
+          secretName: harbor-tls
+    externalURL: https://registry.bstein.dev
+    notary:
+      enabled: false
+    harborAdminPassword: "ENCRYPT-ME-WITH-SOPS"
+    database:
+      type: external
+      external:
+        host: postgres-service.postgres.svc.cluster.local
+        port: 5432
+        username: harbor
+        password: "ENCRYPT-ME-WITH-SOPS"
+        sslmode: disable
+      coreDatabase: harbor
+    redis:
+      type: internal
+    persistence:
+      persistentVolumeClaim:
+        registry:
+          storageClass: astreae
+          accessMode: ReadWriteOnce
+          size: 100Gi
+        jobservice:
+          storageClass: astreae
+          accessMode: ReadWriteOnce
+          size: 5Gi
+        redis:
+          storageClass: astreae
+          accessMode: ReadWriteOnce
+          size: 2Gi
+        trivy:
+          storageClass: astreae
+          accessMode: ReadWriteOnce
+          size: 5Gi
+      chartmuseum:
+        enabled: false
+    trivy:
+      enabled: true
--- a/services/harbor/helmrepository.yaml
+++ b/services/harbor/helmrepository.yaml
@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: harbor
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://helm.goharbor.io
--- a/services/harbor/kustomization.yaml
+++ b/services/harbor/kustomization.yaml
@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - certificate.yaml
+  - helmrepository.yaml
+  - helmrelease.yaml
--- a/services/harbor/namespace.yaml
+++ b/services/harbor/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: harbor