bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

harbor: add image automation

Browse Source
This commit is contained in:
Brad Stein 2025-12-17 03:21:35 -03:00
parent 8d04f6c6c7
commit f28d5680f2
5 changed files with 202 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
clusters/atlas/flux-system/applications/harbor/image-automation.yaml Normal file
View File

@ -0,0 +1,20 @@
# clusters/atlas/flux-system/applications/harbor/image-automation.yaml
apiVersion: image.toolkit.fluxcd.io/v1beta1
kind: ImageUpdateAutomation
metadata:
name: harbor
namespace: flux-system
spec:
interval: 5m0s
sourceRef:
kind: GitRepository
name: flux-system
git:
commit:
author:
email: ops@bstein.dev
name: flux-bot
messageTemplate: "chore(harbor): update images to {{range .Updated.Images}}{{.}}{{end}}"
update:
strategy: Setters
path: ./services/harbor

1
clusters/atlas/flux-system/applications/kustomization.yaml
View File

@ -10,6 +10,7 @@ resources:
- pegasus/kustomization.yaml - pegasus/kustomization.yaml
- pegasus/image-automation.yaml - pegasus/image-automation.yaml
- harbor/kustomization.yaml - harbor/kustomization.yaml
- harbor/image-automation.yaml
- jellyfin/kustomization.yaml - jellyfin/kustomization.yaml
- xmr-miner/kustomization.yaml - xmr-miner/kustomization.yaml
- sui-metrics/kustomization.yaml - sui-metrics/kustomization.yaml

66
services/harbor/helmrelease.yaml
View File

@ -75,14 +75,15 @@ spec:
internal: internal:
image: image:
repository: registry.bstein.dev/infra/harbor-redis repository: registry.bstein.dev/infra/harbor-redis
tag: v2.14.1-arm64 tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-redis"}
nodeSelector:
kubernetes.io/hostname: titan-05
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: hardware
operator: In
values: [ "rpi4", "rpi5" ]
- key: kubernetes.io/arch - key: kubernetes.io/arch
operator: In operator: In
values: [ "arm64" ] values: [ "arm64" ]
@ -92,13 +93,13 @@ spec:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi5" ] values: [ "rpi4" ]
- weight: 50 - weight: 50
preference: preference:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi4" ] values: [ "rpi5" ]
trivy: trivy:
enabled: false enabled: false
metrics: metrics:
@ -111,9 +112,7 @@ spec:
core: core:
image: image:
repository: registry.bstein.dev/infra/harbor-core repository: registry.bstein.dev/infra/harbor-core
tag: v2.14.1-arm64 tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-core"}
nodeSelector:
kubernetes.io/hostname: titan-05
existingSecret: harbor-core existingSecret: harbor-core
existingXsrfSecret: harbor-core existingXsrfSecret: harbor-core
existingXsrfSecretKey: CSRF_KEY existingXsrfSecretKey: CSRF_KEY
@ -122,6 +121,9 @@ spec:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: hardware
operator: In
values: [ "rpi4", "rpi5" ]
- key: kubernetes.io/arch - key: kubernetes.io/arch
operator: In operator: In
values: [ "arm64" ] values: [ "arm64" ]
@ -131,24 +133,25 @@ spec:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi5" ] values: [ "rpi4" ]
- weight: 50 - weight: 50
preference: preference:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi4" ] values: [ "rpi5" ]
jobservice: jobservice:
image: image:
repository: registry.bstein.dev/infra/harbor-jobservice repository: registry.bstein.dev/infra/harbor-jobservice
tag: v2.14.1-arm64 tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-jobservice"}
nodeSelector:
kubernetes.io/hostname: titan-05
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: hardware
operator: In
values: [ "rpi4", "rpi5" ]
- key: kubernetes.io/arch - key: kubernetes.io/arch
operator: In operator: In
values: [ "arm64" ] values: [ "arm64" ]
@ -158,24 +161,25 @@ spec:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi5" ] values: [ "rpi4" ]
- weight: 50 - weight: 50
preference: preference:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi4" ] values: [ "rpi5" ]
portal: portal:
image: image:
repository: registry.bstein.dev/infra/harbor-portal repository: registry.bstein.dev/infra/harbor-portal
tag: v2.14.1-arm64 tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-portal"}
nodeSelector:
kubernetes.io/hostname: titan-05
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: hardware
operator: In
values: [ "rpi4", "rpi5" ]
- key: kubernetes.io/arch - key: kubernetes.io/arch
operator: In operator: In
values: [ "arm64" ] values: [ "arm64" ]
@ -185,29 +189,30 @@ spec:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi5" ] values: [ "rpi4" ]
- weight: 50 - weight: 50
preference: preference:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi4" ] values: [ "rpi5" ]
registry: registry:
registry: registry:
image: image:
repository: registry.bstein.dev/infra/harbor-registry repository: registry.bstein.dev/infra/harbor-registry
tag: v2.14.1-arm64 tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-registry"}
controller: controller:
image: image:
repository: registry.bstein.dev/infra/harbor-registryctl repository: registry.bstein.dev/infra/harbor-registryctl
tag: v2.14.1-arm64 tag: v2.14.1-arm64 # {"$imagepolicy": "harbor:harbor-registryctl"}
nodeSelector:
kubernetes.io/hostname: titan-05
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: hardware
operator: In
values: [ "rpi4", "rpi5" ]
- key: kubernetes.io/arch - key: kubernetes.io/arch
operator: In operator: In
values: [ "arm64" ] values: [ "arm64" ]
@ -217,24 +222,25 @@ spec:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi5" ] values: [ "rpi4" ]
- weight: 50 - weight: 50
preference: preference:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi4" ] values: [ "rpi5" ]
nginx: nginx:
image: image:
repository: registry.bstein.dev/infra/harbor-nginx repository: registry.bstein.dev/infra/harbor-nginx
tag: v2.14.1-arm64 tag: v2.14.1-arm64
nodeSelector:
kubernetes.io/hostname: titan-05
affinity: affinity:
nodeAffinity: nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms: nodeSelectorTerms:
- matchExpressions: - matchExpressions:
- key: hardware
operator: In
values: [ "rpi4", "rpi5" ]
- key: kubernetes.io/arch - key: kubernetes.io/arch
operator: In operator: In
values: [ "arm64" ] values: [ "arm64" ]
@ -244,13 +250,13 @@ spec:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi5" ] values: [ "rpi4" ]
- weight: 50 - weight: 50
preference: preference:
matchExpressions: matchExpressions:
- key: hardware - key: hardware
operator: In operator: In
values: [ "rpi4" ] values: [ "rpi5" ]
prepare: prepare:
image: image:
repository: registry.bstein.dev/infra/harbor-prepare repository: registry.bstein.dev/infra/harbor-prepare

144
services/harbor/image.yaml Normal file
View File

@ -0,0 +1,144 @@
# services/harbor/image.yaml
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: harbor-core
namespace: harbor
spec:
image: registry.bstein.dev/infra/harbor-core
interval: 5m0s
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: harbor-core
namespace: harbor
spec:
imageRepositoryRef:
name: harbor-core
filterTags:
pattern: '^v(?P<version>\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$'
extract: '$version'
policy:
semver:
range: ">=2.14.0-0 <2.15.0-0"
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: harbor-jobservice
namespace: harbor
spec:
image: registry.bstein.dev/infra/harbor-jobservice
interval: 5m0s
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: harbor-jobservice
namespace: harbor
spec:
imageRepositoryRef:
name: harbor-jobservice
filterTags:
pattern: '^v(?P<version>\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$'
extract: '$version'
policy:
semver:
range: ">=2.14.0-0 <2.15.0-0"
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: harbor-portal
namespace: harbor
spec:
image: registry.bstein.dev/infra/harbor-portal
interval: 5m0s
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: harbor-portal
namespace: harbor
spec:
imageRepositoryRef:
name: harbor-portal
filterTags:
pattern: '^v(?P<version>\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$'
extract: '$version'
policy:
semver:
range: ">=2.14.0-0 <2.15.0-0"
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: harbor-registry
namespace: harbor
spec:
image: registry.bstein.dev/infra/harbor-registry
interval: 5m0s
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: harbor-registry
namespace: harbor
spec:
imageRepositoryRef:
name: harbor-registry
filterTags:
pattern: '^v(?P<version>\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$'
extract: '$version'
policy:
semver:
range: ">=2.14.0-0 <2.15.0-0"
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: harbor-registryctl
namespace: harbor
spec:
image: registry.bstein.dev/infra/harbor-registryctl
interval: 5m0s
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: harbor-registryctl
namespace: harbor
spec:
imageRepositoryRef:
name: harbor-registryctl
filterTags:
pattern: '^v(?P<version>\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$'
extract: '$version'
policy:
semver:
range: ">=2.14.0-0 <2.15.0-0"
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
name: harbor-redis
namespace: harbor
spec:
image: registry.bstein.dev/infra/harbor-redis
interval: 5m0s
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
name: harbor-redis
namespace: harbor
spec:
imageRepositoryRef:
name: harbor-redis
filterTags:
pattern: '^v(?P<version>\\d+\\.\\d+\\.\\d+-arm64(\\.\\d+)?)$'
extract: '$version'
policy:
semver:
range: ">=2.14.0-0 <2.15.0-0"

1
services/harbor/kustomization.yaml
View File

@ -7,3 +7,4 @@ resources:
- pvc.yaml - pvc.yaml
- certificate.yaml - certificate.yaml
- helmrelease.yaml - helmrelease.yaml
- image.yaml