forked from bomoko/lagoon
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.lagoon.harbor-secrets.yaml
116 lines (116 loc) · 3.45 KB
/
.lagoon.harbor-secrets.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
apiVersion: v1
kind: Template
metadata:
creationTimestamp: null
name: lagoon-secret-environment-template
parameters:
- name: HARBOR_CORE_SECRET
description: The secret used to connect to harbor's core service
generate: expression
from: "[a-zA-Z0-9]{16}"
- name: HARBOR_JOBSERVICE_SECRET
description: The secret used to connect to harbor's jobservice service
generate: expression
from: "[a-zA-Z0-9]{16}"
- name: HARBOR_REGISTRY_SECRET
description: The secret used to connect to harbor's registry service
generate: expression
from: "[a-zA-Z0-9]{16}"
- name: HARBOR_ADMIN_PASSWORD
description: Harbor's admin password
generate: expression
from: "[a-zA-Z0-9]{32}"
- name: CLAIR_DB_PASSWORD
description: The password clair should use to talk to the postgres db
generate: expression
from: "[a-zA-Z0-9]{32}"
- name: SAFE_BRANCH
description: Which branch this belongs to, special chars replaced with dashes
required: true
- name: SAFE_PROJECT
description: Which project this belongs to, special chars replaced with dashes
required: true
- name: BRANCH
description: Which branch this belongs to, original value
required: true
- name: PROJECT
description: Which project this belongs to, original value
required: true
- name: LAGOON_GIT_SHA
description: git hash sha of the current deployment
required: true
- name: OPENSHIFT_PROJECT
description: Name of the Project that this service is in
required: true
objects:
- kind: Secret
apiVersion: v1
metadata:
name: harbor-core-secret
stringData:
HARBOR_CORE_SECRET: ${HARBOR_CORE_SECRET}
- kind: Secret
apiVersion: v1
metadata:
name: harbor-jobservice-secret
stringData:
HARBOR_JOBSERVICE_SECRET: ${HARBOR_JOBSERVICE_SECRET}
- kind: Secret
apiVersion: v1
metadata:
name: harborregistry-secret
stringData:
HARBOR_REGISTRY_SECRET: ${HARBOR_REGISTRY_SECRET}
- kind: Secret
apiVersion: v1
metadata:
name: harbor-admin-password
stringData:
HARBOR_ADMIN_PASSWORD: ${HARBOR_ADMIN_PASSWORD}
- kind: Secret
apiVersion: v1
metadata:
name: clair-db-password
stringData:
CLAIR_DB_PASSWORD: ${CLAIR_DB_PASSWORD}
- kind: Secret
apiVersion: v1
metadata:
name: postgresql-password
stringData:
POSTGRESQL_PASSWORD: ${CLAIR_DB_PASSWORD}
- kind: Secret
apiVersion: v1
metadata:
name: notary-db-url
stringData:
NOTARY_DB_URL: postgres://postgres:${CLAIR_DB_PASSWORD}@harbor-database:5432/notaryserver?sslmode=disable
- apiVersion: v1
kind: ConfigMap
metadata:
name: harborclair
labels:
service: harborclair
branch: ${SAFE_BRANCH}
project: ${SAFE_PROJECT}
type: Opaque
data:
config.yaml: |
clair:
database:
type: pgsql
options:
source: "postgres://postgres:${CLAIR_DB_PASSWORD}@harbor-database:5432/postgres?sslmode=disable"
# Number of elements kept in the cache
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
cachesize: 16384
api:
# API server port
port: 6060
healthport: 6061
# Deadline before an API request will respond with a 503
timeout: 300s
updater:
interval: 1h
redis: "redis://harbor-redis:6379/4"
database: "postgres://postgres:${CLAIR_DB_PASSWORD}@harbor-database:5432/postgres?sslmode=disable"