From 1339e04f5f02c237dcd42eaab00187363a34f6b7 Mon Sep 17 00:00:00 2001 From: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com> Date: Thu, 17 Apr 2025 00:51:02 +0000 Subject: [PATCH] chore(chart-deps): update harbor to version 1.17.0 --- chart/chart-index/Chart.yaml | 2 +- charts/harbor/Chart.yaml | 10 +++--- charts/harbor/README.md | 1 + charts/harbor/index.yaml | 3 ++ charts/harbor/templates/_helpers.tpl | 18 +++++++++-- .../jobservice/jobservice-cm-env.yaml | 2 ++ .../templates/registry/registry-cm.yaml | 1 + charts/harbor/values.yaml | 32 ++++++++++++------- 8 files changed, 51 insertions(+), 18 deletions(-) create mode 100644 charts/harbor/index.yaml diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index a916cb0b19..c4c84dc08a 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -27,7 +27,7 @@ dependencies: version: 5.0.0 repository: https://dl.gitea.io/charts - name: harbor - version: 1.16.2 + version: 1.17.0 repository: https://helm.goharbor.io - name: ingress-nginx version: 4.11.5 diff --git a/charts/harbor/Chart.yaml b/charts/harbor/Chart.yaml index 93920ce51a..fd1195a199 100644 --- a/charts/harbor/Chart.yaml +++ b/charts/harbor/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 2.12.2 +appVersion: 2.13.0 description: An open source trusted cloud native registry that stores, signs, and scans content home: https://goharbor.io @@ -11,12 +11,14 @@ keywords: maintainers: - email: yan-yw.wang@broadcom.com name: Yan Wang -- email: stone.zhang@broadcom.com - name: Stone Zhang +- email: wenkai.yin@broadcom.com + name: Wenkai Yin - email: miner.yang@broadcom.com name: Miner Yang +- email: shengwen.yu@broadcom.com + name: Shengwen Yu name: harbor sources: - https://github.com/goharbor/harbor - https://github.com/goharbor/harbor-helm -version: 1.16.2 +version: 1.17.0 diff --git a/charts/harbor/README.md b/charts/harbor/README.md index ec394b84a2..39b880c07e 100644 --- a/charts/harbor/README.md +++ b/charts/harbor/README.md @@ -86,6 +86,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `expose.ingress.hosts.core` | The host of Harbor core service in ingress rule | `core.harbor.domain` | | `expose.ingress.controller` | The ingress controller type. Currently supports `default`, `gce`, `alb`, `f5-bigip` and `ncp` | `default` | | `expose.ingress.kubeVersionOverride` | Allows the ability to override the kubernetes version used while templating the ingress | | +| `expose.ingress.className` | Specify the `ingressClassName` used to implement the Ingress (Kubernetes 1.18+) | | | `expose.ingress.annotations` | The annotations used commonly for ingresses | | | `expose.ingress.labels` | The labels specific to ingress | {} | | `expose.clusterIP.name` | The name of ClusterIP service | `harbor` | diff --git a/charts/harbor/index.yaml b/charts/harbor/index.yaml new file mode 100644 index 0000000000..4200549aec --- /dev/null +++ b/charts/harbor/index.yaml @@ -0,0 +1,3 @@ +apiVersion: v1 +entries: {} +generated: "2025-04-15T06:42:47.301127596Z" diff --git a/charts/harbor/templates/_helpers.tpl b/charts/harbor/templates/_helpers.tpl index f6249b3993..9a1a22f41f 100644 --- a/charts/harbor/templates/_helpers.tpl +++ b/charts/harbor/templates/_helpers.tpl @@ -148,7 +148,21 @@ app: "{{ template "harbor.name" . }}" {{- define "harbor.redis.scheme" -}} {{- with .Values.redis }} - {{- ternary "redis+sentinel" "redis" (and (eq .type "external" ) (not (not .external.sentinelMasterSet))) }} + {{- if eq .type "external" -}} + {{- if not (not .external.sentinelMasterSet) -}} + {{- ternary "rediss+sentinel" "redis+sentinel" (.external.tlsOptions.enable) }} + {{- else -}} + {{- ternary "rediss" "redis" (.external.tlsOptions.enable) }} + {{- end -}} + {{- else -}} + {{ print "redis" }} + {{- end -}} + {{- end }} +{{- end -}} + +{{- define "harbor.redis.enableTLS" -}} + {{- with .Values.redis }} + {{- ternary "true" "false" (and ( eq .type "external") (.external.tlsOptions.enable)) }} {{- end }} {{- end -}} @@ -161,7 +175,7 @@ app: "{{ template "harbor.name" . }}" {{- define "harbor.redis.masterSet" -}} {{- with .Values.redis }} - {{- ternary .external.sentinelMasterSet "" (eq "redis+sentinel" (include "harbor.redis.scheme" $)) }} + {{- ternary .external.sentinelMasterSet "" (contains "+sentinel" (include "harbor.redis.scheme" $)) }} {{- end }} {{- end -}} diff --git a/charts/harbor/templates/jobservice/jobservice-cm-env.yaml b/charts/harbor/templates/jobservice/jobservice-cm-env.yaml index 2b9307455b..f1359131a4 100644 --- a/charts/harbor/templates/jobservice/jobservice-cm-env.yaml +++ b/charts/harbor/templates/jobservice/jobservice-cm-env.yaml @@ -15,6 +15,8 @@ data: JOBSERVICE_WEBHOOK_JOB_MAX_RETRY: "{{ .Values.jobservice.notification.webhook_job_max_retry }}" JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "{{ .Values.jobservice.notification.webhook_job_http_client_timeout }}" + LOG_LEVEL: "{{ .Values.logLevel }}" + {{- if has "jobservice" .Values.proxy.components }} HTTP_PROXY: "{{ .Values.proxy.httpProxy }}" HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}" diff --git a/charts/harbor/templates/registry/registry-cm.yaml b/charts/harbor/templates/registry/registry-cm.yaml index 26e3fc9153..2ef398ed65 100644 --- a/charts/harbor/templates/registry/registry-cm.yaml +++ b/charts/harbor/templates/registry/registry-cm.yaml @@ -182,6 +182,7 @@ data: readtimeout: 10s writetimeout: 10s dialtimeout: 10s + enableTLS: {{ template "harbor.redis.enableTLS" . }} pool: maxidle: 100 maxactive: 500 diff --git a/charts/harbor/values.yaml b/charts/harbor/values.yaml index 1171cff21d..232f1bc1cf 100644 --- a/charts/harbor/values.yaml +++ b/charts/harbor/values.yaml @@ -483,7 +483,7 @@ containerSecurityContext: nginx: image: repository: goharbor/nginx-photon - tag: v2.12.2 + tag: v2.13.0 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -514,7 +514,7 @@ nginx: portal: image: repository: goharbor/harbor-portal - tag: v2.12.2 + tag: v2.13.0 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -554,7 +554,7 @@ portal: core: image: repository: goharbor/harbor-core - tag: v2.12.2 + tag: v2.13.0 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -625,6 +625,8 @@ core: # If tokenKey is set, the value of tokenCert must be set as a PEM-encoded certificate signed by tokenKey, and supplied as a multiline string, indented one more than tokenCert on the following line. tokenCert: | # The XSRF key. Will be generated automatically if it isn't specified + # While you specified, Please make sure it is 32 characters, otherwise would have validation issue at the harbor-core runtime + # https://github.com/goharbor/harbor/pull/21154 xsrfKey: "" # If using existingSecret, the key is defined by core.existingXsrfSecretKey existingXsrfSecret: "" @@ -641,7 +643,7 @@ core: jobservice: image: repository: goharbor/harbor-jobservice - tag: v2.12.2 + tag: v2.13.0 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -704,7 +706,7 @@ registry: registry: image: repository: goharbor/registry-photon - tag: v2.12.2 + tag: v2.13.0 # resources: # requests: # memory: 256Mi @@ -713,7 +715,7 @@ registry: controller: image: repository: goharbor/harbor-registryctl - tag: v2.12.2 + tag: v2.13.0 # resources: # requests: # memory: 256Mi @@ -794,7 +796,7 @@ trivy: # repository the repository for Trivy adapter image repository: goharbor/trivy-adapter-photon # tag the tag for Trivy adapter image - tag: v2.12.2 + tag: v2.13.0 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -852,7 +854,7 @@ trivy: # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult - # https://developer.github.com/v3/#rate-limiting + # https://v2.13.0eloper.github.com/v3/#rate-limiting # # You can create a GitHub token by following the instructions in # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line @@ -887,7 +889,7 @@ database: internal: image: repository: goharbor/harbor-db - tag: v2.12.2 + tag: v2.13.0 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -967,7 +969,7 @@ redis: internal: image: repository: goharbor/redis-photon - tag: v2.12.2 + tag: v2.13.0 # set the service account to be used, default if left empty serviceAccountName: "" # mount the service account token @@ -1006,6 +1008,14 @@ redis: addr: "192.168.0.2:6379" # The name of the set of Redis instances to monitor, it must be set to support redis+sentinel sentinelMasterSet: "" + # TLS configuration for redis connection + # only server-authentication is supported, mTLS for redis connection is not supported + # tls connection will be disable by default + # Once `tlsOptions.enable` set as true, tls/ssl connection will be used for redis + # Please set the `caBundleSecretName` in this configuration file which conatins redis server rootCA if it is self-signed. + # The secret must contain keys named "ca.crt" which will be injected into the trust store + tlsOptions: + enable: false # The "coreDatabaseIndex" must be "0" as the library Harbor # used doesn't support configuring it # harborDatabaseIndex defaults to "0", but it can be configured to "6", this config is optional @@ -1029,7 +1039,7 @@ redis: exporter: image: repository: goharbor/harbor-exporter - tag: v2.12.2 + tag: v2.13.0 serviceAccountName: "" # mount the service account token automountServiceAccountToken: false