k8s/check-charts/harbor/templates/registry/registry-cm.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: "{{ template "harbor.registry" . }}"
  labels:
{{ include "harbor.labels" . | indent 4 }}
data:
  config.yml: |+
    version: 0.1
    log:
      {{- if eq .Values.logLevel "warning" }}
      level: warn
      {{- else if eq .Values.logLevel "fatal" }}
      level: error
      {{- else }}
      level: {{ .Values.logLevel }}
      {{- end }}
      fields:
        service: registry
    storage:
      {{- $storage := .Values.persistence.imageChartStorage }}
      {{- $type := $storage.type }}
      {{- if eq $type "filesystem" }}
      filesystem:
        rootdirectory: {{ $storage.filesystem.rootdirectory }}
        {{- if $storage.filesystem.maxthreads }}
        maxthreads: {{ $storage.filesystem.maxthreads }}
        {{- end }}
      {{- else if eq $type "azure" }}
      azure:
        accountname: {{ $storage.azure.accountname }}
        container: {{ $storage.azure.container }}
        {{- if $storage.azure.realm }}
        realm: {{ $storage.azure.realm }}
        {{- end }}
      {{- else if eq $type "gcs" }}
      gcs:
        bucket: {{ $storage.gcs.bucket }}
        {{- if not .Values.persistence.imageChartStorage.gcs.useWorkloadIdentity }}
        keyfile: /etc/registry/gcs-key.json
        {{- end }}
        {{- if $storage.gcs.rootdirectory }}
        rootdirectory: {{ $storage.gcs.rootdirectory }}
        {{- end }}
        {{- if $storage.gcs.chunksize }}
        chunksize: {{ $storage.gcs.chunksize }}
        {{- end }}
      {{- else if eq $type "s3" }}
      s3:
        region: {{ $storage.s3.region }}
        bucket: {{ $storage.s3.bucket }}
        {{- if $storage.s3.regionendpoint }}
        regionendpoint: {{ $storage.s3.regionendpoint }}
        {{- end }}
        {{- if $storage.s3.encrypt }}
        encrypt: {{ $storage.s3.encrypt }}
        {{- end }}
        {{- if $storage.s3.keyid }}
        keyid: {{ $storage.s3.keyid }}
        {{- end }}
        {{- if $storage.s3.secure }}
        secure: {{ $storage.s3.secure }}
        {{- end }}
        {{- if and $storage.s3.secure $storage.s3.skipverify }}
        skipverify: {{ $storage.s3.skipverify }}
        {{- end }}
        {{- if $storage.s3.v4auth }}
        v4auth: {{ $storage.s3.v4auth }}
        {{- end }}
        {{- if $storage.s3.chunksize }}
        chunksize: {{ $storage.s3.chunksize }}
        {{- end }}
        {{- if $storage.s3.rootdirectory }}
        rootdirectory: {{ $storage.s3.rootdirectory }}
        {{- end }}
        {{- if $storage.s3.storageclass }}
        storageclass: {{ $storage.s3.storageclass }}
        {{- end }}
        {{- if $storage.s3.multipartcopychunksize }}
        multipartcopychunksize: {{ $storage.s3.multipartcopychunksize }}
        {{- end }}
        {{- if $storage.s3.multipartcopymaxconcurrency }}
        multipartcopymaxconcurrency: {{ $storage.s3.multipartcopymaxconcurrency }}
        {{- end }}
        {{- if $storage.s3.multipartcopythresholdsize }}
        multipartcopythresholdsize: {{ $storage.s3.multipartcopythresholdsize }}
        {{- end }}
      {{- else if eq $type "swift" }}
      swift:
        authurl: {{ $storage.swift.authurl }}
        username: {{ $storage.swift.username }}
        container: {{ $storage.swift.container }}
        {{- if $storage.swift.region }}
        region: {{ $storage.swift.region }}
        {{- end }}
        {{- if $storage.swift.tenant }}
        tenant: {{ $storage.swift.tenant }}
        {{- end }}
        {{- if $storage.swift.tenantid }}
        tenantid: {{ $storage.swift.tenantid }}
        {{- end }}
        {{- if $storage.swift.domain }}
        domain: {{ $storage.swift.domain }}
        {{- end }}
        {{- if $storage.swift.domainid }}
        domainid: {{ $storage.swift.domainid }}
        {{- end }}
        {{- if $storage.swift.trustid }}
        trustid: {{ $storage.swift.trustid }}
        {{- end }}
        {{- if $storage.swift.insecureskipverify }}
        insecureskipverify: {{ $storage.swift.insecureskipverify }}
        {{- end }}
        {{- if $storage.swift.chunksize }}
        chunksize: {{ $storage.swift.chunksize }}
        {{- end }}
        {{- if $storage.swift.prefix }}
        prefix: {{ $storage.swift.prefix }}
        {{- end }}
        {{- if $storage.swift.authversion }}
        authversion: {{ $storage.swift.authversion }}
        {{- end }}
        {{- if $storage.swift.endpointtype }}
        endpointtype: {{ $storage.swift.endpointtype }}
        {{- end }}
        {{- if $storage.swift.tempurlcontainerkey }}
        tempurlcontainerkey: {{ $storage.swift.tempurlcontainerkey }}
        {{- end }}
        {{- if $storage.swift.tempurlmethods }}
        tempurlmethods: {{ $storage.swift.tempurlmethods }}
        {{- end }}
      {{- else if eq $type "oss" }}
      oss:
        accesskeyid: {{ $storage.oss.accesskeyid }}
        region: {{ $storage.oss.region }}
        bucket: {{ $storage.oss.bucket }}
        {{- if $storage.oss.endpoint }}
        endpoint: {{ $storage.oss.bucket }}.{{ $storage.oss.endpoint }}
        {{- end }}
        {{- if $storage.oss.internal }}
        internal: {{ $storage.oss.internal }}
        {{- end }}
        {{- if $storage.oss.encrypt }}
        encrypt: {{ $storage.oss.encrypt }}
        {{- end }}
        {{- if $storage.oss.secure }}
        secure: {{ $storage.oss.secure }}
        {{- end }}
        {{- if $storage.oss.chunksize }}
        chunksize: {{ $storage.oss.chunksize }}
        {{- end }}
        {{- if $storage.oss.rootdirectory }}
        rootdirectory: {{ $storage.oss.rootdirectory }}
        {{- end }}
      {{- end }}
      cache:
        layerinfo: redis
      maintenance:
        uploadpurging:
          {{- if .Values.registry.upload_purging.enabled }}
          enabled: true
          age: {{ .Values.registry.upload_purging.age }}
          interval: {{ .Values.registry.upload_purging.interval }}
          dryrun: {{ .Values.registry.upload_purging.dryrun }}
          {{- else }}
          enabled: false
          {{- end }}
      delete:
        enabled: true
      redirect:
        disable: {{ $storage.disableredirect }}
    redis:
      addr: {{ template "harbor.redis.addr" . }}
      {{- if eq "redis+sentinel" (include "harbor.redis.scheme" .) }}
      sentinelMasterSet: {{ template "harbor.redis.masterSet" . }}
      {{- end }}
      db: {{ template "harbor.redis.dbForRegistry" . }}
      {{- if not (eq (include "harbor.redis.password" .) "") }}
      password: {{ template "harbor.redis.password" . }}
      {{- end }}
      readtimeout: 10s
      writetimeout: 10s
      dialtimeout: 10s
      pool:
        maxidle: 100
        maxactive: 500
        idletimeout: 60s
    http:
      addr: :{{ template "harbor.registry.containerPort" . }}
      relativeurls: {{ .Values.registry.relativeurls }}
      {{- if .Values.internalTLS.enabled }}
      tls:
        certificate: /etc/harbor/ssl/registry/tls.crt
        key: /etc/harbor/ssl/registry/tls.key
        minimumtls: tls1.2
      {{- end }}
      # set via environment variable
      # secret: placeholder
      debug:
      {{- if .Values.metrics.enabled}}
        addr: :{{ .Values.metrics.registry.port }}
        prometheus:
          enabled: true
          path: {{ .Values.metrics.registry.path }}
      {{- else }}
        addr: localhost:5001
      {{- end }}
    auth:
      htpasswd:
        realm: harbor-registry-basic-realm
        path: /etc/registry/passwd
    validation:
      disabled: true
    compatibility:
      schema1:
        enabled: true

    {{- if .Values.registry.middleware.enabled }}
    {{- $middleware := .Values.registry.middleware }}
    {{- $middlewareType := $middleware.type }}
    {{- if eq $middlewareType "cloudFront" }}
    middleware:
      storage:
        - name: cloudfront
          options:
            baseurl: {{ $middleware.cloudFront.baseurl }}
            privatekey: /etc/registry/pk.pem
            keypairid: {{ $middleware.cloudFront.keypairid }}
            duration: {{ $middleware.cloudFront.duration }}
            ipfilteredby: {{ $middleware.cloudFront.ipfilteredby }}
    {{- end }}
    {{- end }}
  ctl-config.yml: |+
    ---
    {{- if .Values.internalTLS.enabled }}
    protocol: "https"
    port: 8443
    https_config:
      cert: "/etc/harbor/ssl/registry/tls.crt"
      key: "/etc/harbor/ssl/registry/tls.key"
    {{- else }}
    protocol: "http"
    port: 8080
    {{- end }}
    log_level: {{ .Values.logLevel }}
    registry_config: "/etc/registry/config.yml"
new way of doin 2023-11-16 19:42:02 +10:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: "{{ template "harbor.registry" . }}"`
			`labels:`
			`{{ include "harbor.labels" . \| indent 4 }}`
			`data:`
			`config.yml: \|+`
			`version: 0.1`
			`log:`
			`{{- if eq .Values.logLevel "warning" }}`
			`level: warn`
			`{{- else if eq .Values.logLevel "fatal" }}`
			`level: error`
			`{{- else }}`
			`level: {{ .Values.logLevel }}`
			`{{- end }}`
			`fields:`
			`service: registry`
			`storage:`
			`{{- $storage := .Values.persistence.imageChartStorage }}`
			`{{- $type := $storage.type }}`
			`{{- if eq $type "filesystem" }}`
			`filesystem:`
			`rootdirectory: {{ $storage.filesystem.rootdirectory }}`
			`{{- if $storage.filesystem.maxthreads }}`
			`maxthreads: {{ $storage.filesystem.maxthreads }}`
			`{{- end }}`
			`{{- else if eq $type "azure" }}`
			`azure:`
			`accountname: {{ $storage.azure.accountname }}`
			`container: {{ $storage.azure.container }}`
			`{{- if $storage.azure.realm }}`
			`realm: {{ $storage.azure.realm }}`
			`{{- end }}`
			`{{- else if eq $type "gcs" }}`
			`gcs:`
			`bucket: {{ $storage.gcs.bucket }}`
			`{{- if not .Values.persistence.imageChartStorage.gcs.useWorkloadIdentity }}`
			`keyfile: /etc/registry/gcs-key.json`
			`{{- end }}`
			`{{- if $storage.gcs.rootdirectory }}`
			`rootdirectory: {{ $storage.gcs.rootdirectory }}`
			`{{- end }}`
			`{{- if $storage.gcs.chunksize }}`
			`chunksize: {{ $storage.gcs.chunksize }}`
			`{{- end }}`
			`{{- else if eq $type "s3" }}`
			`s3:`
			`region: {{ $storage.s3.region }}`
			`bucket: {{ $storage.s3.bucket }}`
			`{{- if $storage.s3.regionendpoint }}`
			`regionendpoint: {{ $storage.s3.regionendpoint }}`
			`{{- end }}`
			`{{- if $storage.s3.encrypt }}`
			`encrypt: {{ $storage.s3.encrypt }}`
			`{{- end }}`
			`{{- if $storage.s3.keyid }}`
			`keyid: {{ $storage.s3.keyid }}`
			`{{- end }}`
			`{{- if $storage.s3.secure }}`
			`secure: {{ $storage.s3.secure }}`
			`{{- end }}`
			`{{- if and $storage.s3.secure $storage.s3.skipverify }}`
			`skipverify: {{ $storage.s3.skipverify }}`
			`{{- end }}`
			`{{- if $storage.s3.v4auth }}`
			`v4auth: {{ $storage.s3.v4auth }}`
			`{{- end }}`
			`{{- if $storage.s3.chunksize }}`
			`chunksize: {{ $storage.s3.chunksize }}`
			`{{- end }}`
			`{{- if $storage.s3.rootdirectory }}`
			`rootdirectory: {{ $storage.s3.rootdirectory }}`
			`{{- end }}`
			`{{- if $storage.s3.storageclass }}`
			`storageclass: {{ $storage.s3.storageclass }}`
			`{{- end }}`
			`{{- if $storage.s3.multipartcopychunksize }}`
			`multipartcopychunksize: {{ $storage.s3.multipartcopychunksize }}`
			`{{- end }}`
			`{{- if $storage.s3.multipartcopymaxconcurrency }}`
			`multipartcopymaxconcurrency: {{ $storage.s3.multipartcopymaxconcurrency }}`
			`{{- end }}`
			`{{- if $storage.s3.multipartcopythresholdsize }}`
			`multipartcopythresholdsize: {{ $storage.s3.multipartcopythresholdsize }}`
			`{{- end }}`
			`{{- else if eq $type "swift" }}`
			`swift:`
			`authurl: {{ $storage.swift.authurl }}`
			`username: {{ $storage.swift.username }}`
			`container: {{ $storage.swift.container }}`
			`{{- if $storage.swift.region }}`
			`region: {{ $storage.swift.region }}`
			`{{- end }}`
			`{{- if $storage.swift.tenant }}`
			`tenant: {{ $storage.swift.tenant }}`
			`{{- end }}`
			`{{- if $storage.swift.tenantid }}`
			`tenantid: {{ $storage.swift.tenantid }}`
			`{{- end }}`
			`{{- if $storage.swift.domain }}`
			`domain: {{ $storage.swift.domain }}`
			`{{- end }}`
			`{{- if $storage.swift.domainid }}`
			`domainid: {{ $storage.swift.domainid }}`
			`{{- end }}`
			`{{- if $storage.swift.trustid }}`
			`trustid: {{ $storage.swift.trustid }}`
			`{{- end }}`
			`{{- if $storage.swift.insecureskipverify }}`
			`insecureskipverify: {{ $storage.swift.insecureskipverify }}`
			`{{- end }}`
			`{{- if $storage.swift.chunksize }}`
			`chunksize: {{ $storage.swift.chunksize }}`
			`{{- end }}`
			`{{- if $storage.swift.prefix }}`
			`prefix: {{ $storage.swift.prefix }}`
			`{{- end }}`
			`{{- if $storage.swift.authversion }}`
			`authversion: {{ $storage.swift.authversion }}`
			`{{- end }}`
			`{{- if $storage.swift.endpointtype }}`
			`endpointtype: {{ $storage.swift.endpointtype }}`
			`{{- end }}`
			`{{- if $storage.swift.tempurlcontainerkey }}`
			`tempurlcontainerkey: {{ $storage.swift.tempurlcontainerkey }}`
			`{{- end }}`
			`{{- if $storage.swift.tempurlmethods }}`
			`tempurlmethods: {{ $storage.swift.tempurlmethods }}`
			`{{- end }}`
			`{{- else if eq $type "oss" }}`
			`oss:`
			`accesskeyid: {{ $storage.oss.accesskeyid }}`
			`region: {{ $storage.oss.region }}`
			`bucket: {{ $storage.oss.bucket }}`
			`{{- if $storage.oss.endpoint }}`
			`endpoint: {{ $storage.oss.bucket }}.{{ $storage.oss.endpoint }}`
			`{{- end }}`
			`{{- if $storage.oss.internal }}`
			`internal: {{ $storage.oss.internal }}`
			`{{- end }}`
			`{{- if $storage.oss.encrypt }}`
			`encrypt: {{ $storage.oss.encrypt }}`
			`{{- end }}`
			`{{- if $storage.oss.secure }}`
			`secure: {{ $storage.oss.secure }}`
			`{{- end }}`
			`{{- if $storage.oss.chunksize }}`
			`chunksize: {{ $storage.oss.chunksize }}`
			`{{- end }}`
			`{{- if $storage.oss.rootdirectory }}`
			`rootdirectory: {{ $storage.oss.rootdirectory }}`
			`{{- end }}`
			`{{- end }}`
			`cache:`
			`layerinfo: redis`
			`maintenance:`
			`uploadpurging:`
			`{{- if .Values.registry.upload_purging.enabled }}`
			`enabled: true`
			`age: {{ .Values.registry.upload_purging.age }}`
			`interval: {{ .Values.registry.upload_purging.interval }}`
			`dryrun: {{ .Values.registry.upload_purging.dryrun }}`
			`{{- else }}`
			`enabled: false`
			`{{- end }}`
			`delete:`
			`enabled: true`
			`redirect:`
			`disable: {{ $storage.disableredirect }}`
			`redis:`
			`addr: {{ template "harbor.redis.addr" . }}`
			`{{- if eq "redis+sentinel" (include "harbor.redis.scheme" .) }}`
			`sentinelMasterSet: {{ template "harbor.redis.masterSet" . }}`
			`{{- end }}`
			`db: {{ template "harbor.redis.dbForRegistry" . }}`
			`{{- if not (eq (include "harbor.redis.password" .) "") }}`
			`password: {{ template "harbor.redis.password" . }}`
			`{{- end }}`
			`readtimeout: 10s`
			`writetimeout: 10s`
			`dialtimeout: 10s`
			`pool:`
			`maxidle: 100`
			`maxactive: 500`
			`idletimeout: 60s`
			`http:`
			`addr: :{{ template "harbor.registry.containerPort" . }}`
			`relativeurls: {{ .Values.registry.relativeurls }}`
			`{{- if .Values.internalTLS.enabled }}`
			`tls:`
			`certificate: /etc/harbor/ssl/registry/tls.crt`
			`key: /etc/harbor/ssl/registry/tls.key`
			`minimumtls: tls1.2`
			`{{- end }}`
			`# set via environment variable`
			`# secret: placeholder`
			`debug:`
			`{{- if .Values.metrics.enabled}}`
			`addr: :{{ .Values.metrics.registry.port }}`
			`prometheus:`
			`enabled: true`
			`path: {{ .Values.metrics.registry.path }}`
			`{{- else }}`
			`addr: localhost:5001`
			`{{- end }}`
			`auth:`
			`htpasswd:`
			`realm: harbor-registry-basic-realm`
			`path: /etc/registry/passwd`
			`validation:`
			`disabled: true`
			`compatibility:`
			`schema1:`
			`enabled: true`

			`{{- if .Values.registry.middleware.enabled }}`
			`{{- $middleware := .Values.registry.middleware }}`
			`{{- $middlewareType := $middleware.type }}`
			`{{- if eq $middlewareType "cloudFront" }}`
			`middleware:`
			`storage:`
			`- name: cloudfront`
			`options:`
			`baseurl: {{ $middleware.cloudFront.baseurl }}`
			`privatekey: /etc/registry/pk.pem`
			`keypairid: {{ $middleware.cloudFront.keypairid }}`
			`duration: {{ $middleware.cloudFront.duration }}`
			`ipfilteredby: {{ $middleware.cloudFront.ipfilteredby }}`
			`{{- end }}`
			`{{- end }}`
			`ctl-config.yml: \|+`
			`---`
			`{{- if .Values.internalTLS.enabled }}`
			`protocol: "https"`
			`port: 8443`
			`https_config:`
			`cert: "/etc/harbor/ssl/registry/tls.crt"`
			`key: "/etc/harbor/ssl/registry/tls.key"`
			`{{- else }}`
			`protocol: "http"`
			`port: 8080`
			`{{- end }}`
			`log_level: {{ .Values.logLevel }}`
			`registry_config: "/etc/registry/config.yml"`