diff --git a/chart/templates/harbor/gitrepository.yaml b/chart/templates/harbor/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..84f173dffb54f261da140d5c5ca4e2206de7ad07
--- /dev/null
+++ b/chart/templates/harbor/gitrepository.yaml
@@ -0,0 +1,15 @@
+{{- $pkg := "harbor" }}
+{{- if and (eq (get .Values.addons $pkg).sourceType "git") (not .Values.offline) (get .Values.addons $pkg).enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: {{ $pkg }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ (get .Values.addons $pkg).git.repo }}
+ ref:
+ {{- include "validRef" (get .Values.addons $pkg).git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/harbor/helmrelease.yaml b/chart/templates/harbor/helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9a36c0252bcd624b6f4109d782dfe52af920c514
--- /dev/null
+++ b/chart/templates/harbor/helmrelease.yaml
@@ -0,0 +1,67 @@
+{{- $pkg := "harbor" }}
+{{- $fluxSettingsHarbor := merge (get .Values.addons $pkg).flux .Values.flux -}}
+{{- if (get .Values.addons $pkg).enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: {{ $pkg }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: {{ $pkg }}
+ {{- include "commonLabels" . | nindent 4}}
+ annotations:
+ checksum/bigbang-values: {{ include (print $.Template.BasePath "/harbor/values.yaml") . | sha256sum }}
+spec:
+ releaseName: {{ $pkg }}
+ targetNamespace: {{ $pkg }}
+ chart:
+ spec:
+ {{- if eq (get .Values.addons $pkg).sourceType "git" }}
+ chart: {{ (get .Values.addons $pkg).git.path }}
+ sourceRef:
+ kind: GitRepository
+ name: harbor
+ namespace: {{ .Release.Namespace }}
+ {{- else }}
+ chart: {{ (get .Values.addons $pkg).helmRepo.chartName }}
+ version: {{ (get .Values.addons $pkg).helmRepo.tag }}
+ sourceRef:
+ kind: HelmRepository
+ name: {{ (get .Values.addons $pkg).helmRepo.repoName }}
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ interval: 5m
+
+ {{- toYaml $fluxSettingsHarbor | nindent 2 }}
+
+ {{- if (get .Values.addons $pkg).postRenderers }}
+ postRenderers:
+ {{ toYaml (get .Values.addons $pkg).postRenderers | nindent 4 }}
+ {{- end }}
+ valuesFrom:
+ - name: {{ .Release.Name }}-{{ $pkg }}-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-{{ $pkg }}-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-{{ $pkg }}-values
+ kind: Secret
+ valuesKey: "overlays"
+
+ {{- if or .Values.istio.enabled .Values.kyvernoPolicies.enabled .Values.monitoring.enabled }}
+ dependsOn:
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.kyvernoPolicies.enabled }}
+ - name: kyverno-policies
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.monitoring.enabled }}
+ - name: monitoring
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/harbor/imagepullsecret.yaml b/chart/templates/harbor/imagepullsecret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0cf06bf36652e7f67f8195b5d9e6c57bbce57daf
--- /dev/null
+++ b/chart/templates/harbor/imagepullsecret.yaml
@@ -0,0 +1,14 @@
+{{- $pkg := "harbor" }}
+{{- if and (get .Values.addons $pkg).enabled ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: private-registry
+ namespace: {{ $pkg }}
+ labels:
+ app.kubernetes.io/name: {{ $pkg }}
+ {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
diff --git a/chart/templates/harbor/namespace.yaml b/chart/templates/harbor/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c673cd20d7d165f3aadb5bc5068ee64e520e9e0e
--- /dev/null
+++ b/chart/templates/harbor/namespace.yaml
@@ -0,0 +1,14 @@
+{{- $pkg := "harbor" }}
+{{- if (get .Values.addons $pkg).enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ $pkg }}
+ labels:
+ {{- if .Values.istio.enabled }}
+ istio-injection: enabled
+ {{- end }}
+ app.kubernetes.io/name: {{ $pkg }}
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/harbor/values.yaml b/chart/templates/harbor/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..de4af612194426681648d28aab88ec62136743b7
--- /dev/null
+++ b/chart/templates/harbor/values.yaml
@@ -0,0 +1,38 @@
+{{- $pkg := "harbor" }}
+
+{{- /* Create secret */ -}}
+{{- if (get .Values.addons $pkg).enabled }}
+{{- include "values-secret" (dict "root" $ "package" (get .Values.addons $pkg) "name" $pkg "defaults" (include (printf "bigbang.defaults.%s" $pkg) .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.harbor" -}}
+
+imagePullSecrets:
+- name: private-registry
+imagePullPolicy: {{ .Values.imagePullPolicy }}
+
+externalURL: https://harbor.{{ .Values.domain }}
+
+domain: {{ .Values.domain }}
+
+istio:
+ enabled: {{ .Values.istio.enabled }}
+ harbor:
+ gateways:
+ - istio-system/{{ default "public" .Values.addons.harbor.ingress.gateway }}
+
+networkPolicies:
+ enabled: {{ .Values.networkPolicies.enabled }}
+ controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
+ ingressLabels:
+ {{- $gateway := default "public" .Values.addons.harbor.ingress.gateway }}
+ {{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
+ {{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
+
+monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
+
+sso:
+ enabled: {{ .Values.addons.harbor.sso.enabled }}
+
+{{- end }}
diff --git a/chart/values.schema.json b/chart/values.schema.json
index fee043ea305329502e5a01919a380dbeb61ede47..d5d33a5df04e5ff98e62a0297c4fbb1e261679cc 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -1045,6 +1045,13 @@
"$ref": "#/$defs/values"
}
}
+ },
+ "harbor": {
+ "allOf": [
+ {
+ "$ref": "#/$defs/basePackage"
+ }
+ ]
}
}
},
diff --git a/chart/values.yaml b/chart/values.yaml
index 5187abd28640ee023f14b8a54aedc1f23f2ec2e1..7db27564a9214bb949e51c3d7c5f38202eaf43aa 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1798,6 +1798,49 @@ addons:
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
+ # ----------------------------------------------------------------------------------------------------------------------
+ # Harbor
+ #
+ harbor:
+ # -- Toggle deployment of harbor
+ enabled: false
+
+ # -- Choose source type of "git" or "helmRepo"
+ sourceType: "git"
+
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/harbor.git
+ tag: "1.12.2-bb.5"
+ path: "./chart"
+ helmRepo:
+ repoName: "registry1"
+ chartName: "harbor"
+ tag: "1.12.2-bb.5"
+
+ # -- Flux reconciliation overrides specifically for the Jaeger Package
+ flux: {}
+
+ # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
+ ingress:
+ gateway: ""
+
+ sso:
+ # -- Toggle SSO for Harbor on and off
+ enabled: false
+
+ # -- OIDC Client ID to use for Harbor
+ client_id: ""
+
+ # -- OIDC Client Secret to use for Harbor
+ client_secret: ""
+
+ # -- Values to pass through to Habor chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/harbor.git
+ values: {}
+
+ # -- Post Renderers. See docs/postrenders.md
+ postRenderers: []
+
+
# -- Wrapper chart for integrating Big Bang components alongside a package
wrapper:
# -- Choose source type of "git" or "helmRepo"
diff --git a/tests/test-values.yaml b/tests/test-values.yaml
index f4213c100f4219c397364d3ea302e72221af2675..75525b7c6eb18dce45dfcd254c38d82f1dfbc772 100644
--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -174,6 +174,7 @@ gatekeeper:
- logging/loki-cypress-test
- twistlock/twistlock-cypress-test
- sonarqube/sonarqube-cypress-test
+ - harbor/harbor-cypress-test
- logging/elasticsearch-kibana-cypress-test
- tempo/tempo-cypress-test
- argocd/argocd-cypress-test
@@ -307,6 +308,7 @@ gatekeeper:
- logging/loki-cypress-test
- twistlock/twistlock-cypress-test
- sonarqube/sonarqube-cypress-test
+ - harbor/harbor-cypress-test
- logging/elasticsearch-kibana-cypress-test
- tempo/tempo-cypress-test
- argocd/argocd-cypress-test
@@ -463,6 +465,7 @@ kyvernoPolicies:
- argocd
- minio
- neuvector
+ - harbor
names:
- "*-cypress-test*"
parameters:
@@ -496,6 +499,7 @@ kyvernoPolicies:
- argocd
- minio
- neuvector
+ - harbor
names:
- "*-cypress-test*"
parameters:
@@ -539,6 +543,7 @@ kyvernoPolicies:
- argocd
- minio
- neuvector
+ - harbor
names:
- "*-cypress-test*"
update-image-pull-policy:
@@ -1689,3 +1694,166 @@ addons:
bbtests:
enabled: true
+ # ----------------------------------------------------------------------------------------------------------------------
+ # Harbor
+ #
+ harbor:
+ # -- Toggle deployment of harbor
+ enabled: false
+
+ # -- Values to pass through to Habor chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/harbor.git
+ values:
+ redis:
+ external:
+ addr: "harbor-redis-bb-headless:6379"
+ expose:
+ type: clusterIP
+ tls:
+ enabled: false
+ internalTLS:
+ enabled: false
+ externalURL: https://harbor.bigbang.dev
+ nginx:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ portal:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ core:
+ secretName: "ci-only"
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ jobservice:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ registry:
+ registry:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ controller:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ chartmuseum:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ trivy:
+ resources:
+ requests:
+ cpu: 80m
+ memory: 200Mi
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ notary:
+ server:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ signer:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ database:
+ type: external
+ internal:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ initContainer:
+ migrator: {}
+ resources:
+ requests:
+ memory: 100Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 100Mi
+ permissions: {}
+ resources:
+ requests:
+ memory: 100Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 100Mi
+ postgresql:
+ resources:
+ requests:
+ cpu: "200m"
+ memory: "200Mi"
+ limits:
+ cpu: "200m"
+ memory: "200Mi"
+ redis:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ memory: 200Mi
+ cpu: 80m
+ exporter:
+ resources:
+ requests:
+ memory: 200Mi
+ cpu: 80m
+ limits:
+ cpu: 80m
+ memory: 200Mi
+ bbtests:
+ enabled: true
+ cypress:
+ artifacts: true
+ envs:
+ cypress_url: "https://harbor.bigbang.dev"
+ scripts:
+ image: "registry1.dso.mil/bigbang-ci/gitlab-tester:0.0.4"
+ envs:
+ HARBOR_REGISTRY: "harbor.bigbang.dev"