diff --git a/clusters/atlas/flux-system/applications/harbor/image-automation.yaml b/clusters/atlas/flux-system/applications/harbor/image-automation.yaml new file mode 100644 index 0000000..0040c6f --- /dev/null +++ b/clusters/atlas/flux-system/applications/harbor/image-automation.yaml @@ -0,0 +1,20 @@ +# clusters/atlas/flux-system/applications/harbor/image-automation.yaml +apiVersion: image.toolkit.fluxcd.io/v1beta1 +kind: ImageUpdateAutomation +metadata: + name: harbor + namespace: flux-system +spec: + interval: 5m0s + sourceRef: + kind: GitRepository + name: flux-system + git: + commit: + author: + email: ops@bstein.dev + name: flux-bot + messageTemplate: "chore(harbor): update images to {{range .Updated.Images}}{{.}}{{end}}" + update: + strategy: Setters + path: ./services/harbor diff --git a/clusters/atlas/flux-system/applications/kustomization.yaml b/clusters/atlas/flux-system/applications/kustomization.yaml index 93e10bf..50ca611 100644 --- a/clusters/atlas/flux-system/applications/kustomization.yaml +++ b/clusters/atlas/flux-system/applications/kustomization.yaml @@ -10,6 +10,7 @@ resources: - pegasus/kustomization.yaml - pegasus/image-automation.yaml - harbor/kustomization.yaml + - harbor/image-automation.yaml - jellyfin/kustomization.yaml - xmr-miner/kustomization.yaml - sui-metrics/kustomization.yaml diff --git a/services/harbor/helmrelease.yaml b/services/harbor/helmrelease.yaml index 8af9f46..0ccf82c 100644 --- a/services/harbor/helmrelease.yaml +++ b/services/harbor/helmrelease.yaml @@ -75,14 +75,15 @@ spec: internal: image: repository: registry.bstein.dev/infra/harbor-redis - tag: v2.14.1-arm64 - nodeSelector: - kubernetes.io/hostname: titan-05 + tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-redis"} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: + - key: hardware + operator: In + values: [ "rpi4", "rpi5" ] - key: kubernetes.io/arch operator: In values: [ "arm64" ] @@ -92,13 +93,13 @@ spec: matchExpressions: - key: hardware operator: In - values: [ "rpi5" ] + values: [ "rpi4" ] - weight: 50 preference: matchExpressions: - key: hardware operator: In - values: [ "rpi4" ] + values: [ "rpi5" ] trivy: enabled: false metrics: @@ -111,9 +112,7 @@ spec: core: image: repository: registry.bstein.dev/infra/harbor-core - tag: v2.14.1-arm64 - nodeSelector: - kubernetes.io/hostname: titan-05 + tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-core"} existingSecret: harbor-core existingXsrfSecret: harbor-core existingXsrfSecretKey: CSRF_KEY @@ -122,6 +121,9 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: + - key: hardware + operator: In + values: [ "rpi4", "rpi5" ] - key: kubernetes.io/arch operator: In values: [ "arm64" ] @@ -131,24 +133,25 @@ spec: matchExpressions: - key: hardware operator: In - values: [ "rpi5" ] + values: [ "rpi4" ] - weight: 50 preference: matchExpressions: - key: hardware operator: In - values: [ "rpi4" ] + values: [ "rpi5" ] jobservice: image: repository: registry.bstein.dev/infra/harbor-jobservice - tag: v2.14.1-arm64 - nodeSelector: - kubernetes.io/hostname: titan-05 + tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-jobservice"} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: + - key: hardware + operator: In + values: [ "rpi4", "rpi5" ] - key: kubernetes.io/arch operator: In values: [ "arm64" ] @@ -158,24 +161,25 @@ spec: matchExpressions: - key: hardware operator: In - values: [ "rpi5" ] + values: [ "rpi4" ] - weight: 50 preference: matchExpressions: - key: hardware operator: In - values: [ "rpi4" ] + values: [ "rpi5" ] portal: image: repository: registry.bstein.dev/infra/harbor-portal - tag: v2.14.1-arm64 - nodeSelector: - kubernetes.io/hostname: titan-05 + tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-portal"} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: + - key: hardware + operator: In + values: [ "rpi4", "rpi5" ] - key: kubernetes.io/arch operator: In values: [ "arm64" ] @@ -185,29 +189,30 @@ spec: matchExpressions: - key: hardware operator: In - values: [ "rpi5" ] + values: [ "rpi4" ] - weight: 50 preference: matchExpressions: - key: hardware operator: In - values: [ "rpi4" ] + values: [ "rpi5" ] registry: registry: image: repository: registry.bstein.dev/infra/harbor-registry - tag: v2.14.1-arm64 + tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-registry"} controller: image: repository: registry.bstein.dev/infra/harbor-registryctl - tag: v2.14.1-arm64 - nodeSelector: - kubernetes.io/hostname: titan-05 + tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-registryctl"} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: + - key: hardware + operator: In + values: [ "rpi4", "rpi5" ] - key: kubernetes.io/arch operator: In values: [ "arm64" ] @@ -217,24 +222,25 @@ spec: matchExpressions: - key: hardware operator: In - values: [ "rpi5" ] + values: [ "rpi4" ] - weight: 50 preference: matchExpressions: - key: hardware operator: In - values: [ "rpi4" ] + values: [ "rpi5" ] nginx: image: repository: registry.bstein.dev/infra/harbor-nginx tag: v2.14.1-arm64 - nodeSelector: - kubernetes.io/hostname: titan-05 affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: + - key: hardware + operator: In + values: [ "rpi4", "rpi5" ] - key: kubernetes.io/arch operator: In values: [ "arm64" ] @@ -244,13 +250,13 @@ spec: matchExpressions: - key: hardware operator: In - values: [ "rpi5" ] + values: [ "rpi4" ] - weight: 50 preference: matchExpressions: - key: hardware operator: In - values: [ "rpi4" ] + values: [ "rpi5" ] prepare: image: repository: registry.bstein.dev/infra/harbor-prepare diff --git a/services/harbor/image.yaml b/services/harbor/image.yaml new file mode 100644 index 0000000..732f9e1 --- /dev/null +++ b/services/harbor/image.yaml @@ -0,0 +1,144 @@ +# services/harbor/image.yaml +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: harbor-core + namespace: harbor +spec: + image: registry.bstein.dev/infra/harbor-core + interval: 5m0s +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: harbor-core + namespace: harbor +spec: + imageRepositoryRef: + name: harbor-core + filterTags: + pattern: '^v(?P\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$' + extract: '$version' + policy: + semver: + range: ">=2.14.0-0 <2.15.0-0" +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: harbor-jobservice + namespace: harbor +spec: + image: registry.bstein.dev/infra/harbor-jobservice + interval: 5m0s +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: harbor-jobservice + namespace: harbor +spec: + imageRepositoryRef: + name: harbor-jobservice + filterTags: + pattern: '^v(?P\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$' + extract: '$version' + policy: + semver: + range: ">=2.14.0-0 <2.15.0-0" +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: harbor-portal + namespace: harbor +spec: + image: registry.bstein.dev/infra/harbor-portal + interval: 5m0s +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: harbor-portal + namespace: harbor +spec: + imageRepositoryRef: + name: harbor-portal + filterTags: + pattern: '^v(?P\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$' + extract: '$version' + policy: + semver: + range: ">=2.14.0-0 <2.15.0-0" +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: harbor-registry + namespace: harbor +spec: + image: registry.bstein.dev/infra/harbor-registry + interval: 5m0s +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: harbor-registry + namespace: harbor +spec: + imageRepositoryRef: + name: harbor-registry + filterTags: + pattern: '^v(?P\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$' + extract: '$version' + policy: + semver: + range: ">=2.14.0-0 <2.15.0-0" +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: harbor-registryctl + namespace: harbor +spec: + image: registry.bstein.dev/infra/harbor-registryctl + interval: 5m0s +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: harbor-registryctl + namespace: harbor +spec: + imageRepositoryRef: + name: harbor-registryctl + filterTags: + pattern: '^v(?P\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$' + extract: '$version' + policy: + semver: + range: ">=2.14.0-0 <2.15.0-0" +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImageRepository +metadata: + name: harbor-redis + namespace: harbor +spec: + image: registry.bstein.dev/infra/harbor-redis + interval: 5m0s +--- +apiVersion: image.toolkit.fluxcd.io/v1beta2 +kind: ImagePolicy +metadata: + name: harbor-redis + namespace: harbor +spec: + imageRepositoryRef: + name: harbor-redis + filterTags: + pattern: '^v(?P\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$' + extract: '$version' + policy: + semver: + range: ">=2.14.0-0 <2.15.0-0" diff --git a/services/harbor/kustomization.yaml b/services/harbor/kustomization.yaml index eb27a25..7da3d50 100644 --- a/services/harbor/kustomization.yaml +++ b/services/harbor/kustomization.yaml @@ -7,3 +7,4 @@ resources: - pvc.yaml - certificate.yaml - helmrelease.yaml + - image.yaml