feat: add valkey to harbor

common/helm-repositories/bitnamicharts-oci.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: bitnamicharts-oci
+  namespace: kommander-flux
+spec:
+  interval: 10m
+  timeout: 1m
+  type: oci
+  url: "${helmMirrorURL:=oci://registry-1.docker.io/bitnamicharts}"

common/helm-repositories/kustomization.yaml

@@ -3,6 +3,7 @@ kind: Kustomization
 resources:
   - ai-navigator-repos.yaml
   - bitnami.yaml
+  - bitnamicharts-oci.yaml
   - cert-manager.yaml
   - cloudnative-pg.yaml
   - dashboard.yaml

services/harbor/1.16.0/defaults/harbor.yaml

@@ -26,7 +26,23 @@ data:
           traefik.ingress.kubernetes.io/router.tls: "true"
 
     redis:
-      type: internal
+      type: external
+      external:
+        addr: "harbor-valkey:26379"
+        sentinelMasterSet: harbor
+        # The "coreDatabaseIndex" must be "0" as the library Harbor
+        # used doesn't support configuring it
+        # harborDatabaseIndex defaults to "0", but it can be configured to "6", this config is optional
+        # cacheLayerDatabaseIndex defaults to "0", but it can be configured to "7", this config is optional
+        coreDatabaseIndex: "0"
+        jobserviceDatabaseIndex: "1"
+        registryDatabaseIndex: "2"
+        trivyAdapterIndex: "5"
+        # harborDatabaseIndex: "6"
+        # cacheLayerDatabaseIndex: "7"
+        # username field can be an empty string, and it will be authenticated against the default user
+        username: ""
+        existingSecret: harbor-valkey-password
 
     database:
       type: external

services/harbor/1.16.0/defaults/kustomization.yaml

@@ -4,3 +4,4 @@ resources:
   - harbor.yaml
   - database.yaml
   - cloudnative-pg.yaml
+  - valkey.yaml

services/harbor/1.16.0/defaults/valkey.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: harbor-valkey-2.2.3-d2iq-defaults
+  namespace: ${releaseNamespace}
+data:
+  values.yaml: |
+    ---
+    sentinel:
+      enabled: true
+      primarySet: harbor
+    auth:
+      enabled: true
+      sentinel: false
+      existingSecret: harbor-valkey-password
+      # This key is required by Harbor helm chart
+      existingSecretPasswordKey: REDIS_PASSWORD

services/harbor/1.16.0/kustomization.yaml

@@ -6,3 +6,4 @@ resources:
   - pre-install.yaml
   - cloudnative-pg.yaml
   - database.yaml
+  - valkey.yaml

services/harbor/1.16.0/pre-install/pre-install-jobs.yaml

@@ -68,7 +68,7 @@ spec:
       restartPolicy: OnFailure
       priorityClassName: dkp-high-priority
       containers:
-        - name: generate-admin-password
+        - name: generate-harbor-admin-password
           image: "${kubetoolsImageRepository:=bitnami/kubectl}:${kubetoolsImageTag:=1.30.5}"
           command:
             - bash
@@ -85,9 +85,32 @@ spec:
               SECRET_NAME="harbor-admin-password"
 
               if kubectl get secret -n ncr-system "$SECRET_NAME" ; then
-                echo "harbor-admin-password secret exists"
+                echo "$SECRET_NAME secret exists"
                 exit 0
               fi
 
               kubectl create secret generic -n ncr-system "$SECRET_NAME" -oyaml --dry-run=client --save-config \
                 --from-literal=HARBOR_ADMIN_PASSWORD=$(tr -dc 'A-Za-z0-9!?%=' < /dev/urandom | head -c 20) | kubectl apply -f -
+        - name: generate-valkey-password
+          image: "${kubetoolsImageRepository:=bitnami/kubectl}:${kubetoolsImageTag:=1.30.5}"
+          command:
+            - bash
+            - -c
+            - |
+              set -o nounset
+              set -o errexit
+              set -o pipefail
+
+              echo() {
+                command echo $(date) "$@"
+              }
+
+              SECRET_NAME="harbor-valkey-password"
+
+              if kubectl get secret -n ncr-system "$SECRET_NAME" ; then
+                echo "$SECRET_NAME secret exists"
+                exit 0
+              fi
+
+              kubectl create secret generic -n ncr-system "$SECRET_NAME" -oyaml --dry-run=client --save-config \
+                --from-literal=REDIS_PASSWORD=$(tr -dc 'A-Za-z0-9!?%=' < /dev/urandom | head -c 20) | kubectl apply -f -

services/harbor/1.16.0/release.yaml

@@ -14,6 +14,7 @@ spec:
     - name: ncr-system-namespace
     - name: harbor-pre-install
     - name: harbor-database
+    - name: harbor-valkey
   sourceRef:
     kind: GitRepository
     name: management

services/harbor/1.16.0/valkey.yaml

@@ -0,0 +1,29 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: harbor-valkey
+  namespace: ${releaseNamespace}
+spec:
+  force: false
+  prune: true
+  wait: true
+  interval: 6h
+  retryInterval: 1m
+  path: ./services/harbor/1.16.0/valkey
+  dependsOn:
+    - name: ncr-system-namespace
+    - name: harbor-pre-install
+  sourceRef:
+    kind: GitRepository
+    name: management
+    namespace: kommander-flux
+  timeout: 1m
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: substitution-vars
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2
+      kind: HelmRelease
+      name: harbor-valkey
+      namespace: ${releaseNamespace}

services/harbor/1.16.0/valkey/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - valkey.yaml

services/harbor/1.16.0/valkey/valkey.yaml

@@ -0,0 +1,33 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: harbor-valkey
+  namespace: ${releaseNamespace}
+spec:
+  chart:
+    spec:
+      chart: valkey
+      sourceRef:
+        kind: HelmRepository
+        name: bitnamicharts-oci
+        namespace: kommander-flux
+      version: 2.2.3
+  interval: 15s
+  install:
+    crds: CreateReplace
+    remediation:
+      retries: 30
+  upgrade:
+    crds: CreateReplace
+    remediation:
+      retries: 30
+  timeout: 5m0s
+  releaseName: harbor-valkey
+  targetNamespace: ncr-system
+  valuesFrom:
+    - kind: ConfigMap
+      name: harbor-valkey-2.2.3-d2iq-defaults
+    - kind: ConfigMap
+      name: harbor-valkey-overrides
+      optional: true