From 4b5c5854ed9cdc477c8c211374d8bd5d268054be Mon Sep 17 00:00:00 2001
From: Peter Kurfer <peter@icb4dc0.de>
Date: Thu, 6 Mar 2025 20:08:22 +0100
Subject: [PATCH] feat: deploy harbor

---
 harbor/.gitattributes              |  1 +
 harbor/config/secret.s3.yaml       |  8 +++++++
 harbor/config/values.harbor.yaml   | 34 ++++++++++++++++++++++++++++++
 harbor/kustomization.yaml          | 26 +++++++++++++++++++++++
 harbor/resources/db/db.yaml        |  8 +++++++
 harbor/resources/db/user.yaml      | 12 +++++++++++
 harbor/resources/dragonfly/db.yaml | 20 ++++++++++++++++++
 harbor/resources/ns.yaml           |  7 ++++++
 8 files changed, 116 insertions(+)
 create mode 100644 harbor/.gitattributes
 create mode 100644 harbor/config/secret.s3.yaml
 create mode 100644 harbor/config/values.harbor.yaml
 create mode 100644 harbor/kustomization.yaml
 create mode 100644 harbor/resources/db/db.yaml
 create mode 100644 harbor/resources/db/user.yaml
 create mode 100644 harbor/resources/dragonfly/db.yaml
 create mode 100644 harbor/resources/ns.yaml

diff --git a/harbor/.gitattributes b/harbor/.gitattributes
new file mode 100644
index 0000000..341daa9
--- /dev/null
+++ b/harbor/.gitattributes
@@ -0,0 +1 @@
+config/secret.*.y*ml filter=age diff=age merge=age -text
diff --git a/harbor/config/secret.s3.yaml b/harbor/config/secret.s3.yaml
new file mode 100644
index 0000000..8ca9381
--- /dev/null
+++ b/harbor/config/secret.s3.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3-credentials-harbor
+type: Opaque
+stringData:
+  REGISTRY_STORAGE_S3_ACCESSKEY: YTGU36XCHWZKCHWFLSXZ
+  REGISTRY_STORAGE_S3_SECRETKEY: 8RDIRSalXaFkQ9tNH8GifmeicZQKcCdyiB4gysob
diff --git a/harbor/config/values.harbor.yaml b/harbor/config/values.harbor.yaml
new file mode 100644
index 0000000..10cc0bd
--- /dev/null
+++ b/harbor/config/values.harbor.yaml
@@ -0,0 +1,34 @@
+externalURL: https://registry.icb4dc0.de
+
+database:
+  type: external
+  external:
+    host: app-cluster-pooler-rw.postgres.svc
+    username: harbor-twpkvp
+    coreDatabase: harbor
+    existingSecret: db-credentials-harbor
+
+redis:
+  type: external
+  external:
+    addr: harbor-cache.harbor.svc
+    port: 6379
+
+expose:
+  type: clusterIP
+  tls:
+    enabled: false
+
+persistence:
+  imageChartStorage:
+    disableredirect: true
+    type: s3
+    s3:
+      existingSecret: "s3-credentials-harbor"
+      region: hel1
+      bucket: 1661580-harbor
+      regionendpoint: https://hel1.your-objectstorage.com
+
+jobservice:
+  jobLoggers:
+    - database
diff --git a/harbor/kustomization.yaml b/harbor/kustomization.yaml
new file mode 100644
index 0000000..f9d355f
--- /dev/null
+++ b/harbor/kustomization.yaml
@@ -0,0 +1,26 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: harbor
+
+resources:
+  - resources/ns.yaml
+  - config/secret.s3.yaml
+  - resources/db/db.yaml
+  - resources/db/user.yaml
+  - resources/dragonfly/db.yaml
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/managed-by: kustomize
+      app.kubernetes.io/part-of: harbor
+
+helmCharts:
+  - name: harbor
+    repo: https://helm.goharbor.io
+    releaseName: harbor
+    namespace: harbor
+    version: "1.16.2"
+    valuesFile: config/values.harbor.yaml
+    skipTests: true
diff --git a/harbor/resources/db/db.yaml b/harbor/resources/db/db.yaml
new file mode 100644
index 0000000..9c71d17
--- /dev/null
+++ b/harbor/resources/db/db.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: db.movetokube.com/v1alpha1
+kind: Postgres
+metadata:
+  name: harbor
+spec:
+  database: harbor
+  dropOnDelete: false
diff --git a/harbor/resources/db/user.yaml b/harbor/resources/db/user.yaml
new file mode 100644
index 0000000..543bc4d
--- /dev/null
+++ b/harbor/resources/db/user.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: db.movetokube.com/v1alpha1
+kind: PostgresUser
+metadata:
+  name: harbor
+spec:
+  role: harbor
+  database: harbor
+  secretName: db-credentials
+  privileges: OWNER
+  secretTemplate:
+    password: "{{ .Password }}"
diff --git a/harbor/resources/dragonfly/db.yaml b/harbor/resources/dragonfly/db.yaml
new file mode 100644
index 0000000..f48d88c
--- /dev/null
+++ b/harbor/resources/dragonfly/db.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: dragonflydb.io/v1alpha1
+kind: Dragonfly
+metadata:
+  name: harbor-cache
+  labels:
+    app.kubernetes.io/name: harbor-cache
+    app.kubernetes.io/instance: harbor
+    app.kubernetes.io/part-of: harbor
+spec:
+  replicas: 2
+  nodeSelector:
+    kubernetes.io/arch: arm64
+  resources:
+    requests:
+      cpu: 100m
+      memory: 350Mi
+    limits:
+      cpu: 100m
+      memory: 350Mi
diff --git a/harbor/resources/ns.yaml b/harbor/resources/ns.yaml
new file mode 100644
index 0000000..b0e4abc
--- /dev/null
+++ b/harbor/resources/ns.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: harbor
+  labels:
+    prometheus: default