Skip to content

Commit

Permalink
Merge pull request #549 from Smana/feat_harbor_oidc
Browse files Browse the repository at this point in the history 
feat(harbor): configure oidc auth with zitadel
  • Loading branch information
@Smana
Smana authored Nov 9, 2024
2 parents 1abecef + c846f5d commit 36652f6
Show file tree
Hide file tree
Showing 23 changed files with 69 additions and 83 deletions.
3 changes: 0 additions & 3 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ jobs:
verb: call
module: github.com/Smana/daggerverse/pre-commit-tf@pre-commit-tf/v0.1.1
args: run --dir "." --tf-binary="tofu"
# cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}

kubernetes-validation:
name: Kubernetes validation ☸
Expand All @@ -44,7 +43,6 @@ jobs:
verb: call
module: github.com/Smana/daggerverse/kubeconform@kubeconform/v0.1.0
args: validate --manifests "./clusters" --catalog
# cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}

- name: Validate Kubernetes manifests (Kustomize directories)
uses: dagger/dagger-for-github@v7
Expand All @@ -53,4 +51,3 @@ jobs:
verb: call
module: github.com/Smana/daggerverse/kubeconform@kubeconform/v0.1.0
args: validate --manifests "." --kustomize --flux --env="cluster_name:foobar,region:eu-west-3,domain_name:example.com" --catalog --crds https://github.com/kubernetes-sigs/gateway-api/tree/main/config/crd/experimental,https://raw.githubusercontent.com/grafana/grafana-operator/master/config/crd/bases/grafana.integreatly.org_grafanadashboards.yaml # These are CRDs that are not supported yet by the datree catalog
# cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ Additionally, I have put a constraint on the resources the controllers can manag
The Harbor installation follows best practices for high availability. It leverages recent Crossplane features such as `Composition functions`:

- External RDS database
- Redis cluster using the Bitnami Helm chart
- Valkey cluster using the Bitnami Helm chart
- Storing artifacts in S3

🏷️ Related blog post: [Going Further with Crossplane: Compositions and Functions](https://blog.ogenki.io/post/crossplane_composition_functions/)
Expand Down
2 changes: 1 addition & 1 deletion dagger.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "cloud-native-ref",
"engineVersion": "v0.13.7",
"engineVersion": "v0.14.0",
"sdk": "go",
"dependencies": [
{
Expand Down
34 changes: 17 additions & 17 deletions dagger/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ toolchain go1.23.2
require github.com/aws/aws-sdk-go v1.55.5

require (
github.com/99designs/gqlgen v0.17.55
github.com/99designs/gqlgen v0.17.56
github.com/Khan/genqlient v0.7.0
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/go-logr/logr v1.4.2 // indirect
Expand All @@ -18,23 +18,23 @@ require (
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
github.com/sosodev/duration v1.3.1 // indirect
github.com/vektah/gqlparser/v2 v2.5.19
go.opentelemetry.io/otel v1.31.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.7.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.7.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.31.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.31.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.31.0
go.opentelemetry.io/otel/log v0.7.0
go.opentelemetry.io/otel/metric v1.31.0
go.opentelemetry.io/otel/sdk v1.31.0
go.opentelemetry.io/otel/sdk/log v0.7.0
go.opentelemetry.io/otel/sdk/metric v1.31.0
go.opentelemetry.io/otel/trace v1.31.0
go.opentelemetry.io/otel v1.32.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0
go.opentelemetry.io/otel/log v0.8.0
go.opentelemetry.io/otel/metric v1.32.0
go.opentelemetry.io/otel/sdk v1.32.0
go.opentelemetry.io/otel/sdk/log v0.8.0
go.opentelemetry.io/otel/sdk/metric v1.32.0
go.opentelemetry.io/otel/trace v1.32.0
go.opentelemetry.io/proto/otlp v1.3.1
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
golang.org/x/net v0.30.0 // indirect
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f
golang.org/x/net v0.31.0 // indirect
golang.org/x/sync v0.9.0
golang.org/x/sys v0.27.0 // indirect
golang.org/x/text v0.20.0 // indirect
Expand Down
52 changes: 26 additions & 26 deletions dagger/go.sum
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
github.com/99designs/gqlgen v0.17.55 h1:3vzrNWYyzSZjGDFo68e5j9sSauLxfKvLp+6ioRokVtM=
github.com/99designs/gqlgen v0.17.55/go.mod h1:3Bq768f8hgVPGZxL8aY9MaYmbxa6llPM/qu1IGH1EJo=
github.com/99designs/gqlgen v0.17.56 h1:+J42ARAHvnysH6klO9Wq+tCsGF32cpAgU3SyF0VRJtI=
github.com/99designs/gqlgen v0.17.56/go.mod h1:rmB6vLvtL8uf9F9w0/irJ5alBkD8DJvj35ET31BKbtY=
github.com/Khan/genqlient v0.7.0 h1:GZ1meyRnzcDTK48EjqB8t3bcfYvHArCUUvgOwpz1D4w=
github.com/Khan/genqlient v0.7.0/go.mod h1:HNyy3wZvuYwmW3Y7mkoQLZsa/R5n5yIRajS1kPBvSFM=
github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
Expand Down Expand Up @@ -43,42 +43,42 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/vektah/gqlparser/v2 v2.5.19 h1:bhCPCX1D4WWzCDvkPl4+TP1N8/kLrWnp43egplt7iSg=
github.com/vektah/gqlparser/v2 v2.5.19/go.mod h1:y7kvl5bBlDeuWIvLtA9849ncyvx6/lj06RsMrEjVy3U=
go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.0.0-20240518090000-14441aefdf88 h1:oM0GTNKGlc5qHctWeIGTVyda4iFFalOzMZ3Ehj5rwB4=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.0.0-20240518090000-14441aefdf88/go.mod h1:JGG8ebaMO5nXOPnvKEl+DiA4MGwFjCbjsxT1WHIEBPY=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.3.0 h1:ccBrA8nCY5mM0y5uO7FT0ze4S0TuFcWdDB2FxGMTjkI=
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.3.0/go.mod h1:/9pb6634zi2Lk8LYg9Q0X8Ar6jka4dkFOylBLbVQPCE=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.31.0 h1:FZ6ei8GFW7kyPYdxJaV2rgI6M+4tvZzhYsQ2wgyVC08=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.31.0/go.mod h1:MdEu/mC6j3D+tTEfvI15b5Ci2Fn7NneJ71YMoiS3tpI=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.31.0 h1:ZsXq73BERAiNuuFXYqP4MR5hBrjXfMGSO+Cx7qoOZiM=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.31.0/go.mod h1:hg1zaDMpyZJuUzjFxFsRYBoccE86tM9Uf4IqNMUxvrY=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0 h1:K0XaT3DwHAcV4nKLzcQvwAgSyisUghWoY20I7huthMk=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0/go.mod h1:B5Ki776z/MBnVha1Nzwp5arlzBbE3+1jk+pGmaP5HME=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0 h1:FFeLy03iVTXP6ffeN2iXrxfGsZGCjVx0/4KlizjyBwU=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0/go.mod h1:TMu73/k1CP8nBUpDLc71Wj/Kf7ZS9FK5b53VapRsP9o=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.31.0 h1:lUsI2TYsQw2r1IASwoROaCnjdj2cvC2+Jbxvk6nHnWU=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.31.0/go.mod h1:2HpZxxQurfGxJlJDblybejHB6RX6pmExPNe517hREw4=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7ZSD+5yn+lo3sGV69nW04rRR0jhYnBwjuX3r0HvnK0=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU=
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0 h1:IJFEoHiytixx8cMiVAO+GmHR6Frwu+u5Ur8njpFO6Ac=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.32.0/go.mod h1:3rHrKNtLIoS0oZwkY2vxi+oJcwFRWdtUyRII+so45p8=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0 h1:9kV11HXBHZAvuPUZxmMWrH8hZn/6UnHX4K0mu36vNsU=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.32.0/go.mod h1:JyA0FHXe22E1NeNiHmVp7kFHglnexDQ7uRWDiiJ1hKQ=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0 h1:cMyu9O88joYEaI47CnQkxO1XZdpoTF9fEnW2duIddhw=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.32.0/go.mod h1:6Am3rn7P9TVVeXYG+wtcGE7IE1tsQ+bP3AuWcKt/gOI=
go.opentelemetry.io/otel/log v0.3.0 h1:kJRFkpUFYtny37NQzL386WbznUByZx186DpEMKhEGZs=
go.opentelemetry.io/otel/log v0.3.0/go.mod h1:ziCwqZr9soYDwGNbIL+6kAvQC+ANvjgG367HVcyR/ys=
go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk=
go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0=
go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4=
go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU=
go.opentelemetry.io/otel/sdk/log v0.3.0 h1:GEjJ8iftz2l+XO1GF2856r7yYVh74URiF9JMcAacr5U=
go.opentelemetry.io/otel/sdk/log v0.3.0/go.mod h1:BwCxtmux6ACLuys1wlbc0+vGBd+xytjmjajwqqIul2g=
go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc=
go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8=
go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU=
go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ=
go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
Expand Down
2 changes: 1 addition & 1 deletion infrastructure/base/crossplane/configuration/kcl/cnpginstance/kcl.mod
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
[package]
name = "cnpginstance"
edition = "v0.10.7"
version = "0.0.27"
version = "0.0.28"
2 changes: 1 addition & 1 deletion infrastructure/base/crossplane/configuration/kcl/cnpginstance/main.k
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ if oxr.spec.cnpg:
primaryUpdateStrategy = oxr.spec.cnpg.primaryUpdateStrategy
if oxr.spec.cnpg?.createSuperuser:
enableSuperuserAccess = True
if oxr.spec.cnpg?.initSQL or oxr.spec.cnpg?.databases or oxr.spec.cnpg?.objectStoreRecovery:
if oxr.spec.cnpg?.initSQL or oxr.spec.databases or oxr.spec.cnpg?.objectStoreRecovery:
bootstrap = {
if oxr.spec.cnpg.objectStoreRecovery:
recovery: {
Expand Down
2 changes: 1 addition & 1 deletion infrastructure/base/crossplane/configuration/sql-instance-composition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ spec:
kind: KCLRun
spec:
target: Resources
source: oci://ttl.sh/ogenki-cnref/cnpginstance:v0.0.27-24h
source: oci://ttl.sh/ogenki-cnref/cnpginstance:v0.0.28-24h

- step: ready
functionRef:
Expand Down
2 changes: 1 addition & 1 deletion infrastructure/base/crossplane/configuration/sql-instance-definition.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ spec:
createSuperuser:
description: Create a superuser for the Postgres cluster.
type: boolean
default: true
default: false
objectStoreRecovery:
type: object
properties:
Expand Down
2 changes: 1 addition & 1 deletion security/base/cert-manager/vault-clusterissuer.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
auth:
appRole:
path: approle
roleId: 1cbd33c7-b022-408e-fe4a-c7c55dc80e76 # !! This value changes each time I recreate the whole platform
roleId: cbfb2f59-f08f-fee6-e364-be12ff4b4a9f # !! This value changes each time I recreate the whole platform
secretRef:
name: cert-manager-vault-approle
key: secret_id
1 change: 1 addition & 0 deletions security/base/zitadel/certificate.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ spec:
commonName: zitadel.priv.${domain_name}
dnsNames:
- zitadel.priv.${domain_name}
- sso.priv.${domain_name}
issuerRef:
name: vault
kind: ClusterIssuer
Expand Down
2 changes: 1 addition & 1 deletion security/base/zitadel/gateway.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
service.beta.kubernetes.io/aws-load-balancer-scheme: "internal"
service.beta.kubernetes.io/aws-load-balancer-type: "external"
external-dns.alpha.kubernetes.io/hostname: "zitadel.priv.${domain_name}"
external-dns.alpha.kubernetes.io/hostname: "zitadel.priv.${domain_name},sso.priv.${domain_name}"
listeners:
- name: http
hostname: "*.priv.${domain_name}"
Expand Down
2 changes: 1 addition & 1 deletion security/base/zitadel/sqlinstance.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
createSuperuser: true
objectStoreRecovery:
bucketName: "eu-west-3-ogenki-cnpg-backups"
path: "zitadel-basebackup-20241106"
path: "zitadel-20241109"
backup:
schedule: "0 0 * * *"
bucketName: "eu-west-3-ogenki-cnpg-backups"
Expand Down
1 change: 0 additions & 1 deletion tooling/base/harbor/externalsecret-admin-password.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: admin-password
namespace: tooling
spec:
dataFrom:
- extract:
Expand Down
7 changes: 3 additions & 4 deletions .../externalsecret-sqlinstance-password.yaml → .../externalsecret-cnpg-harbor-registry.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,17 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: sqlinstance-password
namespace: tooling
name: xplane-harbor-cnpg-registry
spec:
dataFrom:
- extract:
conversionStrategy: Default
key: harbor/sqlinstance/masterpassword
key: cnpg/xplane-harbor/registry
refreshInterval: 20m
secretStoreRef:
kind: ClusterSecretStore
name: clustersecretstore
target:
creationPolicy: Owner
deletionPolicy: Retain
name: harbor-pg-masterpassword
name: xplane-harbor-cnpg-registry
1 change: 0 additions & 1 deletion tooling/base/harbor/externalsecret-valkey-password.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: harbor-valkey-password
namespace: tooling
spec:
dataFrom:
- extract:
Expand Down
5 changes: 2 additions & 3 deletions tooling/base/harbor/helmrelease-harbor.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: harbor
namespace: tooling
spec:
releaseName: harbor
driftDetection:
Expand Down Expand Up @@ -68,11 +67,11 @@ spec:
database:
type: external
external:
host: "xplane-harbor-rds-service"
host: "xplane-harbor-cnpg-cluster-rw"
port: "5432"
username: "harbor"
coreDatabase: "registry"
existingSecret: "xplane-harbor-owner-harbor"
existingSecret: "xplane-harbor-cnpg-registry"
sslmode: "require"

redis:
Expand Down
1 change: 0 additions & 1 deletion tooling/base/harbor/helmrelease-valkey.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: harbor-valkey
namespace: tooling
spec:
releaseName: harbor-valkey
driftDetection:
Expand Down
1 change: 0 additions & 1 deletion tooling/base/harbor/httproute.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: harbor
namespace: tooling
spec:
parentRefs:
- name: platform-private
Expand Down
3 changes: 2 additions & 1 deletion tooling/base/harbor/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: tooling

resources:
- externalsecret-admin-password.yaml
- externalsecret-sqlinstance-password.yaml
- externalsecret-cnpg-harbor-registry.yaml
- externalsecret-valkey-password.yaml
- helmrelease-harbor.yaml
- serviceaccount-harbor.yaml
Expand Down
1 change: 0 additions & 1 deletion tooling/base/harbor/s3-bucket.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ apiVersion: s3.aws.upbound.io/v1beta1
kind: Bucket
metadata:
name: harbor
namespace: tooling
annotations:
crossplane.io/external-name: ${region}-ogenki-harbor
spec:
Expand Down
1 change: 0 additions & 1 deletion tooling/base/harbor/serviceaccount-harbor.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,3 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: harbor
namespace: tooling
23 changes: 9 additions & 14 deletions tooling/base/harbor/sqlinstance.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,16 @@ apiVersion: cloud.ogenki.io/v1alpha1
kind: SQLInstance
metadata:
name: xplane-harbor
namespace: tooling
spec:
databases:
- owner: harbor
name: registry
size: small
size: "small"
storageGB: 20
rds:
engine: postgres
engineVersion: "16"
passwordSecretRef:
namespace: tooling
name: harbor-pg-masterpassword
key: password
cnpg:
instances: 1
objectStoreRecovery:
bucketName: "eu-west-3-ogenki-cnpg-backups"
path: "harbor-20241109"
backup:
schedule: "0 1 * * *"
bucketName: "eu-west-3-ogenki-cnpg-backups"
compositionRef:
name: xsqlinstances.cloud.ogenki.io
writeConnectionSecretToRef:
name: xplane-harbor-rds

0 comments on commit 36652f6

Please sign in to comment.