diff --git a/.github/auto-assignees.yaml b/.github/auto-assignees.yaml deleted file mode 100644 index d7b95a61a..000000000 --- a/.github/auto-assignees.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# This assigns a PR to its author -addAssignees: true - -addReviewers: false - -reviewers: - - holyhope - - sguyennet - - jMonsinjon - - steven-zou - - mhurtrel - - heww - - bitsf - - wangcanfengxs - - Ghostbaby - - soulseen - - chlins - - XavierDuthil - - cndoit18 - - lubronzhan - - yxxhero - - wy65701436 - - MarcelMue - - thcdrt - -options: - ignore_draft: true - ignored_keywords: - - WIP - - wip - - DO NOT MERGE - enable_group_assignment: true - number_of_reviewers: 2 diff --git a/.github/workflows/auto-assign-prs.yaml b/.github/workflows/auto-assign-prs.yaml deleted file mode 100644 index d11983c9d..000000000 --- a/.github/workflows/auto-assign-prs.yaml +++ /dev/null @@ -1,17 +0,0 @@ -name: "Auto Assign" - -# pull_request_target means that this will run on pull requests, but in -# the context of the base repo. This should mean PRs from forks are supported. -on: - pull_request_target: - types: [opened, reopened, ready_for_review] - -jobs: - # Automatically assigns reviewers and owner - add-reviews: - runs-on: ubuntu-latest - steps: - - name: Set the author of a PR as the assignee - uses: kentaro-m/auto-assign-action@v1.2.4 - with: - configuration-path: ".github/auto-assignees.yaml" diff --git a/.github/workflows/build-dev.yml b/.github/workflows/build-dev.yml index ea718fb05..4acfbc302 100644 --- a/.github/workflows/build-dev.yml +++ b/.github/workflows/build-dev.yml @@ -3,7 +3,7 @@ name: Dev Image on: push: branches: - - master + - main - release-* jobs: diff --git a/.github/workflows/chart-tests.yml b/.github/workflows/chart-tests.yml new file mode 100644 index 000000000..d46f50509 --- /dev/null +++ b/.github/workflows/chart-tests.yml @@ -0,0 +1,203 @@ +name: Chart Tests + +on: + push: + branches: + - '**' + pull_request: + branches: + - main + - release-* + - feature/* + +jobs: + chart-tests: + runs-on: ubuntu-latest + name: chart K8S v${{ matrix.k8sVersion }} (CM v${{ matrix.certManager }}) + env: + USE_EXISTING_CLUSTER: true + operatorNamespace: harbor-operator-ns + dockerImage: harbor-operator:dev_test + + strategy: + fail-fast: false + matrix: + # https://github.com/jetstack/cert-manager/tags + certManager: + - "1.9.1" + + # https://snapcraft.io/microk8s + k8sVersion: + - "1.21.12" + - "1.23.6" + - "1.24.0" + + # https://github.com/kubernetes/ingress-nginx/tags + ingress: + - "1.3.0" + + steps: + - uses: actions/checkout@v2 + + - uses: actions/setup-go@v2 + with: + go-version: 1.18 + + - uses: azure/setup-kubectl@v3 + with: + version: 'latest' + + - name: Cache go mod + uses: actions/cache@v2 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + + - name: Prepare memory storage for etcd of kind cluster + run: | + # Use memory storage for etcd of the kind cluster, see https://github.com/kubernetes-sigs/kind/issues/845 for more info + mkdir -p /tmp/lib/etcd + sudo mount -t tmpfs tmpfs /tmp/lib/etcd + + - name: Install Kubernetes v${{ matrix.k8sVersion }} + uses: helm/kind-action@v1.3.0 + with: + version: v0.14.0 + node_image: kindest/node:v${{ matrix.k8sVersion }} + cluster_name: harbor + config: .github/kind.yaml + + - name: Install CertManager v${{ matrix.certManager }} + run: | + kubectl apply -f "https://github.com/jetstack/cert-manager/releases/download/v${{ matrix.certManager }}/cert-manager.yaml" + sleep 5 + time kubectl -n cert-manager wait --for=condition=Available deployment --all --timeout 300s + + - name: Install Ingress + run: | + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v${{ matrix.ingress }}/deploy/static/provider/kind/deploy.yaml + time kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s + + - name: build harbor-operator + run: | + make manifests docker-build IMG=${dockerImage} + kind load docker-image ${dockerImage} --name harbor + + - name: install harbor-operator + run: | + set -ex + make kustomize + + ./bin/kustomize build --reorder legacy config/helm/crds | kubectl create -f - + + make helm-install NAMESPACE="${operatorNamespace}" IMG=${dockerImage} + kubectl -n "${operatorNamespace}" wait --for=condition=Available deployment --all --timeout 300s + + if ! time kubectl -n ${operatorNamespace} wait --for=condition=Available deployment --all --timeout 300s; then + kubectl get all -n ${operatorNamespace} + exit 1 + fi + + - name: install harbor + run: | + export GITHUB_TOKEN=xxx + set -ex + IP=`hostname -I | awk '{print $1}'` + echo "IP=$IP" >> $GITHUB_ENV + CORE_HOST=core.$IP.nip.io + NOTARY_HOST=notary.$IP.nip.io + echo "CORE_HOST=$CORE_HOST" >> $GITHUB_ENV + echo "NOTARY_HOST=$NOTARY_HOST" >> $GITHUB_ENV + sed -i "s/core.harbor.domain/$CORE_HOST/g" config/samples/harborcluster-minimal/*.yaml + sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" config/samples/harborcluster-minimal/*.yaml + sed -i "s/core.harbor.domain/$CORE_HOST/g" config/samples/harborcluster-standard/*.yaml + sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" config/samples/harborcluster-standard/*.yaml + + make sample-harborcluster-standard + + for i in $(seq 1 7);do + sleep 30 + echo $i + kubectl get all + done + if ! time kubectl wait --for=condition=Ready -l job-type!=minio-init pod --all --timeout 600s && ! time kubectl wait --for=condition=Ready -l job-type!=minio-init pod --all --timeout 60s; then + echo install harbor failed + kubectl get all + + for n in $(kubectl get po |grep -v Running|grep -v NAME|awk '{print $1}');do + echo describe $n + kubectl describe pod $n + echo show log $n + kubectl logs --tail 100 $n || true + done + kubectl logs -l control-plane=harbor-operator -n ${operatorNamespace} --tail 100 + free -h + exit 1 + else + kubectl get all + kubectl get harbor -o wide + kubectl get harborcluster -o wide + fi + free -h + + - name: test harbor + run: | + set -ex + curl https://$CORE_HOST/api/v2.0/systeminfo -i -k -f + sudo mkdir -p /etc/docker/certs.d/$CORE_HOST + kubectl get secret sample-public-certificate -o jsonpath='{.data.ca\.crt}' \ + | base64 --decode \ + | sudo tee /etc/docker/certs.d/$CORE_HOST/harbor_ca.crt + # docker login, create image, docker push, docker pull + docker login $CORE_HOST -u admin -p Harbor12345 || (kubectl get po;kubectl logs -l goharbor.io/operator-controller=core;exit 1) + docker run busybox dd if=/dev/urandom of=test count=10 bs=1MB + DOCKERID=`docker ps -l -q` + docker commit $DOCKERID $CORE_HOST/library/busybox:test + docker push $CORE_HOST/library/busybox:test + docker pull $CORE_HOST/library/busybox:test + + - name: apidb test + run: bash .github/scripts/apidb_test.sh + env: + DOCKER_USER: ${{ secrets.DOCKER_USER }} + DOCKER_PWD: ${{ secrets.DOCKER_TOKEN }} + CORE_DEPLOYMENT: sample-harbor-harbor-core + + - name: fetch harbor logs + if: ${{ failure() }} + run: | + mkdir -p /tmp/harbor + for name in core jobservice registry registryctl trivy chartmuseum notaryserver notarysigner portal; do \ + kubectl logs -l "goharbor.io/operator-controller=$name" --all-containers > /tmp/harbor/$name.log ; \ + done + kubectl logs -l "app.kubernetes.io/instance=harbor-database" --all-containers > /tmp/harbor/db.log + kubectl logs -l "release=harbor-redis" --all-containers > /tmp/harbor/redis.log + ls -l /tmp/harbor + + - uses: actions/upload-artifact@v2 + if: ${{ failure() }} + with: + name: harbor_chart + path: /tmp/harbor + + - name: fetch logs + if: ${{ failure() }} + run: | + mkdir -p /tmp/logs + kind export logs --name harbor /tmp/logs + ls -l /tmp/logs + + - uses: actions/upload-artifact@v2 + if: ${{ failure() }} + with: + name: kind_chart + path: /tmp/logs + + - name: Get logs for debug + if: ${{ failure() }} + run: | + set -x + kubectl get all -n "${operatorNamespace}" -o wide + kubectl logs -n "${operatorNamespace}" -l 'control-plane=harbor-operator' --all-containers --tail=1000 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e50635d7e..c81df1b12 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -13,10 +13,10 @@ name: "CodeQL" on: push: - branches: [ master, 0.5.0, 0.5.1, 0.5.2, release-* ] + branches: [ main, 0.5.0, 0.5.1, 0.5.2, release-* ] pull_request: # The branches below must be a subset of the branches above - branches: [ master ] + branches: [ main ] schedule: - cron: '34 9 * * 3' diff --git a/.github/workflows/contour-tests.yml b/.github/workflows/contour-tests.yml new file mode 100644 index 000000000..46c09d3f3 --- /dev/null +++ b/.github/workflows/contour-tests.yml @@ -0,0 +1,225 @@ +name: Contour Tests + +on: + push: + branches: + - '**' + pull_request: + branches: + - main + - release-* + - feature/* + +jobs: + harbor-contour: + runs-on: ubuntu-latest + name: contour K8S v${{ matrix.k8sVersion }} (CM v${{ matrix.certManager }} ${{ matrix.samples }}) + env: + USE_EXISTING_CLUSTER: true + operatorNamespace: harbor-operator-ns + dockerImage: harbor-operator:dev_test + + strategy: + fail-fast: false + matrix: + # https://github.com/jetstack/cert-manager/tags + certManager: + - "1.8.2" + + # https://github.com/projectcontour/contour/tags + contour: + - "1.22.0" + + k8sVersion: + - "1.21.12" + - "1.23.6" + - "1.24.0" + + samples: + - "full_stack.yaml" + + steps: + - uses: actions/checkout@v2 + + - uses: actions/setup-go@v2 + with: + go-version: 1.18 + + - uses: azure/setup-kubectl@v3 + with: + version: 'v1.25.4' + + - name: Cache go mod + uses: actions/cache@v2 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + + - name: Prepare memory storage for etcd of kind cluster + run: | + # Use memory storage for etcd of the kind cluster, see https://github.com/kubernetes-sigs/kind/issues/845 for more info + mkdir -p /tmp/lib/etcd + sudo mount -t tmpfs tmpfs /tmp/lib/etcd + + - name: Install Kubernetes v${{ matrix.k8sVersion }} + uses: helm/kind-action@v1.3.0 + with: + version: v0.14.0 + node_image: kindest/node:v${{ matrix.k8sVersion }} + cluster_name: harbor + config: .github/kind.yaml + + - name: Install CertManager v${{ matrix.certManager }} + run: | + kubectl apply -f "https://github.com/jetstack/cert-manager/releases/download/v${{ matrix.certManager }}/cert-manager.yaml" + sleep 5 + time kubectl -n cert-manager wait --for=condition=Available deployment --all --timeout 300s + + - name: Install Contour + run: | + kubectl apply -f https://github.com/projectcontour/contour/raw/v${{ matrix.contour }}/examples/render/contour.yaml + sleep 5 + kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"},"tolerations":[{"key":"node-role.kubernetes.io/master","operator":"Equal","effect":"NoSchedule"}, {"key":"node-role.kubernetes.io/control-plane","operator":"Equal","effect":"NoSchedule"}]}}}}' + sleep 5 + kubectl get all -n projectcontour + time kubectl wait --namespace projectcontour --for=condition=ready pod --selector=app=envoy --timeout=100s || kubectl get all -n projectcontour + time kubectl wait --namespace projectcontour --for=condition=ready pod --selector=app=envoy --timeout=100s + + - name: build harbor-operator + run: | + make manifests docker-build IMG=${dockerImage} GIT_COMMIT=${{ github.sha }} + kind load docker-image ${dockerImage} --name harbor + + - name: install harbor-operator + run: | + make kustomize + + cd manifests/cluster + kustomize edit add secret github-token --disableNameSuffixHash --from-literal=GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} + kustomize edit add patch --path patch/github-token.yaml + kustomize edit set image goharbor/harbor-operator=${dockerImage} + ../../bin/kustomize build --reorder legacy | kubectl create -f - + + if ! time kubectl -n ${operatorNamespace} wait --for=condition=Available deployment --all --timeout 300s; then + kubectl get all -n ${operatorNamespace} + exit 1 + fi + + - name: install harbor + run: | + set -ex + IP=`hostname -I | awk '{print $1}'` + echo "IP=$IP" >> $GITHUB_ENV + CORE_HOST=core.$IP.nip.io + NOTARY_HOST=notary.$IP.nip.io + MINIO_HOST=minio.$IP.nip.io + echo "CORE_HOST=$CORE_HOST" >> $GITHUB_ENV + echo "NOTARY_HOST=$NOTARY_HOST" >> $GITHUB_ENV + echo "MINIO_HOST=$MINIO_HOST" >> $GITHUB_ENV + samplefile=${{ matrix.samples }} + sed -i "s/core.harbor.domain/$CORE_HOST/g" manifests/samples/$samplefile + sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" manifests/samples/$samplefile + sed -i "s/minio.harbor.domain/$MINIO_HOST/g" manifests/samples/$samplefile + sed -i "s/controller: default/controller: contour/g" manifests/samples/$samplefile + sed -i "s/logLevel: info/logLevel: debug/g" manifests/samples/$samplefile + + kubectl apply -f manifests/samples/$samplefile + for i in $(seq 1 7);do + sleep 30 + echo $i + kubectl -n cluster-sample-ns get all + done + + function wait-for-condition () { + time kubectl -n cluster-sample-ns wait --for=condition=$1 harborcluster harborcluster-sample --timeout $2 + } + + if ! wait-for-condition InProgress=False 600s && ! wait-for-condition Failed=False 60s; then + echo install harbor failed + kubectl describe harborcluster -n cluster-sample-ns + kubectl describe harbor -n cluster-sample-ns + kubectl get all -n cluster-sample-ns + + for n in $(kubectl -n cluster-sample-ns get po |grep -v Running|grep -v NAME|awk '{print $1}');do + echo describe $n + kubectl -n cluster-sample-ns describe pod $n + echo show log $n + kubectl -n cluster-sample-ns logs --tail 100 $n || true + done + kubectl logs -l control-plane=harbor-operator -n ${operatorNamespace} --tail 100 + free -h + exit 1 + else + kubectl -n cluster-sample-ns get all -o wide + kubectl get harbor -n cluster-sample-ns -o wide + kubectl get harborcluster -n cluster-sample-ns -o wide + fi + free -h + df -h + + - name: test harbor + run: | + set -ex + free -h + df -h + curl https://$CORE_HOST/api/v2.0/systeminfo -i -k -f + sudo mkdir -p /etc/docker/certs.d/$CORE_HOST + kubectl -n cluster-sample-ns get secret sample-public-certificate -o jsonpath='{.data.ca\.crt}' \ + | base64 --decode \ + | sudo tee /etc/docker/certs.d/$CORE_HOST/harbor_ca.crt + # docker login, create image, docker push, docker pull + docker login $CORE_HOST -u admin -p Harbor12345 || (kubectl -n cluster-sample-ns get po;kubectl -n cluster-sample-ns logs -l goharbor.io/operator-controller=core;exit 1) + docker run busybox dd if=/dev/urandom of=test count=10 bs=1MB + DOCKERID=`docker ps -l -q` + docker commit $DOCKERID $CORE_HOST/library/busybox:test + docker push $CORE_HOST/library/busybox:test + docker pull $CORE_HOST/library/busybox:test + + - name: apidb test + run: bash .github/scripts/apidb_test.sh + env: + DOCKER_USER: ${{ secrets.DOCKER_USER }} + DOCKER_PWD: ${{ secrets.DOCKER_TOKEN }} + CORE_DEPLOYMENT: harborcluster-sample-harbor-harbor-core + NAMESPACE: cluster-sample-ns + + - name: fetch harbor logs + if: ${{ failure() }} + run: | + df -h + free -m + mkdir -p /tmp/harbor + for name in core jobservice registry registryctl trivy chartmuseum notaryserver notarysigner portal; do \ + kubectl -n cluster-sample-ns logs -l "goharbor.io/operator-controller=$name" --all-containers > /tmp/harbor/$name.log ; \ + done + kubectl -n cluster-sample-ns logs -l "application=spilo" --all-containers > /tmp/harbor/db.log + kubectl -n cluster-sample-ns logs -l "app.kubernetes.io/component=redis" --all-containers > /tmp/harbor/redis.log + ls -l /tmp/harbor + + - uses: actions/upload-artifact@v2 + if: ${{ failure() }} + with: + name: contour_harbor_v${{ matrix.k8sVersion }}_v${{ matrix.certManager }}_${{ matrix.samples }} + path: /tmp/harbor + + - name: fetch logs + if: ${{ failure() }} + run: | + mkdir -p /tmp/logs + kind export logs --name harbor /tmp/logs + ls -l /tmp/logs + + - uses: actions/upload-artifact@v2 + if: ${{ failure() }} + with: + name: contour_kind_v${{ matrix.k8sVersion }}_v${{ matrix.certManager }}_${{ matrix.samples }} + path: /tmp/logs + + - name: Get logs for debug + if: ${{ failure() }} + run: | + set -x + kubectl get all -n "${operatorNamespace}" -o wide + kubectl logs -n "${operatorNamespace}" -l 'control-plane=harbor-operator' --all-containers --tail=1000 diff --git a/.github/workflows/harbor-e2e-tests.yml b/.github/workflows/harbor-e2e-tests.yml new file mode 100644 index 000000000..490319432 --- /dev/null +++ b/.github/workflows/harbor-e2e-tests.yml @@ -0,0 +1,228 @@ +name: Harbor E2E Tests + +on: + push: + branches: + - '**' + pull_request: + branches: + - main + - release-* + - feature/* + +jobs: + harbor-tests: + runs-on: ubuntu-latest + name: K8S v${{ matrix.k8sVersion }} (CM v${{ matrix.certManager }} ${{ matrix.samples }}) + env: + USE_EXISTING_CLUSTER: true + operatorNamespace: harbor-operator-ns + dockerImage: harbor-operator:dev_test + + strategy: + fail-fast: false + matrix: + # https://github.com/jetstack/cert-manager/tags + certManager: + - "1.6.3" + - "1.9.1" + + # https://github.com/kubernetes-sigs/kind/releases + k8sVersion: + - "1.21.12" + - "1.23.6" + - "1.24.0" + + # https://github.com/kubernetes/ingress-nginx/tags + ingress: + - "1.3.0" + + samples: + - "full_stack.yaml" + - "standard_stack_fs.yaml" + + steps: + - uses: actions/checkout@v2 + + - uses: actions/setup-go@v2 + with: + go-version: 1.18 + + - uses: azure/setup-kubectl@v3 + with: + version: 'latest' + + - name: Cache go mod + uses: actions/cache@v2 + with: + path: ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + + - name: Prepare memory storage for etcd of kind cluster + run: | + # Use memory storage for etcd of the kind cluster, see https://github.com/kubernetes-sigs/kind/issues/845 for more info + mkdir -p /tmp/lib/etcd + sudo mount -t tmpfs tmpfs /tmp/lib/etcd + + - name: Install Kubernetes v${{ matrix.k8sVersion }} + uses: helm/kind-action@v1.3.0 + with: + version: v0.14.0 + node_image: kindest/node:v${{ matrix.k8sVersion }} + cluster_name: harbor + config: .github/kind_permission.yaml + + - name: Install CertManager v${{ matrix.certManager }} + run: | + kubectl apply -f "https://github.com/jetstack/cert-manager/releases/download/v${{ matrix.certManager }}/cert-manager.yaml" + sleep 5 + time kubectl -n cert-manager wait --for=condition=Available deployment --all --timeout 300s + + - name: Install Ingress + run: | + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v${{ matrix.ingress }}/deploy/static/provider/kind/deploy.yaml + time kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s + + - name: build harbor-operator + run: | + docker buildx create --use + make generate docker-build IMG=${dockerImage} GIT_COMMIT=${{ github.sha }} + kind load docker-image ${dockerImage} --name harbor + + - name: install harbor-operator + run: | + make kustomize + + cd manifests/cluster + kustomize edit add secret github-token --disableNameSuffixHash --from-literal=GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} + kustomize edit add patch --path patch/github-token.yaml + kustomize edit set image goharbor/harbor-operator=${dockerImage} + ../../bin/kustomize build --reorder legacy | kubectl create -f - + + if ! time kubectl -n ${operatorNamespace} wait --for=condition=Available deployment --all --timeout 300s; then + kubectl get all -n ${operatorNamespace} + exit 1 + fi + + kubectl get all -n ${operatorNamespace} + + sleep 10 + + - name: install harbor + run: | + set -ex + IP=`hostname -I | awk '{print $1}'` + echo "IP=$IP" >> $GITHUB_ENV + CORE_HOST=core.$IP.nip.io + NOTARY_HOST=notary.$IP.nip.io + MINIO_HOST=minio.$IP.nip.io + echo "CORE_HOST=$CORE_HOST" >> $GITHUB_ENV + echo "NOTARY_HOST=$NOTARY_HOST" >> $GITHUB_ENV + echo "MINIO_HOST=$MINIO_HOST" >> $GITHUB_ENV + samplefile=${{ matrix.samples }} + sed -i "s/core.harbor.domain/$CORE_HOST/g" manifests/samples/$samplefile + sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" manifests/samples/$samplefile + sed -i "s/minio.harbor.domain/$MINIO_HOST/g" manifests/samples/$samplefile + sed -i "s/logLevel: info/logLevel: debug/g" manifests/samples/$samplefile + + kubectl apply -f manifests/samples/$samplefile + for i in $(seq 1 7);do + sleep 30 + echo $i + kubectl -n cluster-sample-ns get all + done + + function wait-for-condition () { + time kubectl -n cluster-sample-ns wait --for=condition=$1 harborcluster harborcluster-sample --timeout $2 + } + + if ! wait-for-condition InProgress=False 600s && ! wait-for-condition Failed=False 60s; then + echo install harbor failed + kubectl describe harborcluster -n cluster-sample-ns + kubectl describe harbor -n cluster-sample-ns + kubectl get all -n cluster-sample-ns + + for n in $(kubectl -n cluster-sample-ns get po |grep -v Running|grep -v NAME|awk '{print $1}');do + echo describe $n + kubectl -n cluster-sample-ns describe pod $n + echo show log $n + kubectl -n cluster-sample-ns logs --tail 100 $n || true + done + kubectl logs -l control-plane=harbor-operator -n ${operatorNamespace} --tail 100 + free -h + exit 1 + else + kubectl -n cluster-sample-ns get all -o wide + kubectl get harbor -n cluster-sample-ns -o wide + kubectl get harborcluster -n cluster-sample-ns -o wide + kubectl get all -n ${operatorNamespace} + fi + free -h + df -h + + - name: test harbor + run: | + set -ex + free -h + df -h + curl https://$CORE_HOST/api/v2.0/systeminfo -i -k -f + sudo mkdir -p /etc/docker/certs.d/$CORE_HOST + kubectl -n cluster-sample-ns get secret sample-public-certificate -o jsonpath='{.data.ca\.crt}' \ + | base64 --decode \ + | sudo tee /etc/docker/certs.d/$CORE_HOST/harbor_ca.crt + # docker login, create image, docker push, docker pull + docker login $CORE_HOST -u admin -p Harbor12345 || (kubectl -n cluster-sample-ns get po;kubectl -n cluster-sample-ns logs -l goharbor.io/operator-controller=core;exit 1) + docker run busybox dd if=/dev/urandom of=test count=10 bs=1MB + DOCKERID=`docker ps -l -q` + docker commit $DOCKERID $CORE_HOST/library/busybox:test + docker push $CORE_HOST/library/busybox:test + docker pull $CORE_HOST/library/busybox:test + + - name: apidb test + run: bash .github/scripts/apidb_test.sh + env: + DOCKER_USER: ${{ secrets.DOCKER_USER }} + DOCKER_PWD: ${{ secrets.DOCKER_TOKEN }} + CORE_DEPLOYMENT: harborcluster-sample-harbor-harbor-core + NAMESPACE: cluster-sample-ns + + - name: fetch harbor logs + if: ${{ failure() }} + run: | + df -h + free -m + mkdir -p /tmp/harbor + for name in core jobservice registry registryctl trivy chartmuseum notaryserver notarysigner portal; do \ + kubectl -n cluster-sample-ns logs -l "goharbor.io/operator-controller=$name" --all-containers > /tmp/harbor/$name.log ; \ + done + kubectl -n cluster-sample-ns logs -l "application=spilo" --all-containers > /tmp/harbor/db.log + kubectl -n cluster-sample-ns logs -l "app.kubernetes.io/component=redis" --all-containers > /tmp/harbor/redis.log + ls -l /tmp/harbor + + - uses: actions/upload-artifact@v2 + if: ${{ failure() }} + with: + name: harbor_v${{ matrix.k8sVersion }}_v${{ matrix.certManager }}_${{ matrix.samples }} + path: /tmp/harbor + + - name: fetch logs + if: ${{ failure() }} + run: | + mkdir -p /tmp/logs + kind export logs --name harbor /tmp/logs + ls -l /tmp/logs + + - uses: actions/upload-artifact@v2 + if: ${{ failure() }} + with: + name: kind_v${{ matrix.k8sVersion }}_v${{ matrix.certManager }}_${{ matrix.samples }} + path: /tmp/logs + + - name: Get logs for debug + if: ${{ failure() }} + run: | + set -x + kubectl get all -n "${operatorNamespace}" -o wide + kubectl logs -n "${operatorNamespace}" -l 'control-plane=harbor-operator' --all-containers --tail=1000 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e2fbcf735..7466a8611 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -6,7 +6,7 @@ on: - '**' pull_request: branches: - - master + - main - release-* - feature/* @@ -122,622 +122,6 @@ jobs: name: kind_go-tests path: /tmp/logs - harbor-tests: - runs-on: ubuntu-latest - name: K8S v${{ matrix.k8sVersion }} (CM v${{ matrix.certManager }} ${{ matrix.samples }}) - env: - USE_EXISTING_CLUSTER: true - operatorNamespace: harbor-operator-ns - dockerImage: harbor-operator:dev_test - - strategy: - fail-fast: false - matrix: - # https://github.com/jetstack/cert-manager/tags - certManager: - - "1.6.3" - - "1.9.1" - - # https://github.com/kubernetes-sigs/kind/releases - k8sVersion: - - "1.21.12" - - "1.23.6" - - "1.24.0" - - # https://github.com/kubernetes/ingress-nginx/tags - ingress: - - "1.3.0" - - samples: - - "full_stack.yaml" - - "standard_stack_fs.yaml" - - steps: - - uses: actions/checkout@v2 - - - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - - uses: azure/setup-kubectl@v3 - with: - version: 'latest' - - - name: Cache go mod - uses: actions/cache@v2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - - name: Prepare memory storage for etcd of kind cluster - run: | - # Use memory storage for etcd of the kind cluster, see https://github.com/kubernetes-sigs/kind/issues/845 for more info - mkdir -p /tmp/lib/etcd - sudo mount -t tmpfs tmpfs /tmp/lib/etcd - - - name: Install Kubernetes v${{ matrix.k8sVersion }} - uses: helm/kind-action@v1.3.0 - with: - version: v0.14.0 - node_image: kindest/node:v${{ matrix.k8sVersion }} - cluster_name: harbor - config: .github/kind_permission.yaml - - - name: Install CertManager v${{ matrix.certManager }} - run: | - kubectl apply -f "https://github.com/jetstack/cert-manager/releases/download/v${{ matrix.certManager }}/cert-manager.yaml" - sleep 5 - time kubectl -n cert-manager wait --for=condition=Available deployment --all --timeout 300s - - - name: Install Ingress - run: | - kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v${{ matrix.ingress }}/deploy/static/provider/kind/deploy.yaml - time kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s - - - name: build harbor-operator - run: | - docker buildx create --use - make generate docker-build IMG=${dockerImage} GIT_COMMIT=${{ github.sha }} - kind load docker-image ${dockerImage} --name harbor - - - name: install harbor-operator - run: | - make kustomize - - cd manifests/cluster - kustomize edit add secret github-token --disableNameSuffixHash --from-literal=GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} - kustomize edit add patch --path patch/github-token.yaml - kustomize edit set image goharbor/harbor-operator=${dockerImage} - ../../bin/kustomize build --reorder legacy | kubectl create -f - - - if ! time kubectl -n ${operatorNamespace} wait --for=condition=Available deployment --all --timeout 300s; then - kubectl get all -n ${operatorNamespace} - exit 1 - fi - - kubectl get all -n ${operatorNamespace} - - sleep 10 - - - name: install harbor - run: | - set -ex - IP=`hostname -I | awk '{print $1}'` - echo "IP=$IP" >> $GITHUB_ENV - CORE_HOST=core.$IP.nip.io - NOTARY_HOST=notary.$IP.nip.io - MINIO_HOST=minio.$IP.nip.io - echo "CORE_HOST=$CORE_HOST" >> $GITHUB_ENV - echo "NOTARY_HOST=$NOTARY_HOST" >> $GITHUB_ENV - echo "MINIO_HOST=$MINIO_HOST" >> $GITHUB_ENV - samplefile=${{ matrix.samples }} - sed -i "s/core.harbor.domain/$CORE_HOST/g" manifests/samples/$samplefile - sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" manifests/samples/$samplefile - sed -i "s/minio.harbor.domain/$MINIO_HOST/g" manifests/samples/$samplefile - sed -i "s/logLevel: info/logLevel: debug/g" manifests/samples/$samplefile - - kubectl apply -f manifests/samples/$samplefile - for i in $(seq 1 7);do - sleep 30 - echo $i - kubectl -n cluster-sample-ns get all - done - - function wait-for-condition () { - time kubectl -n cluster-sample-ns wait --for=condition=$1 harborcluster harborcluster-sample --timeout $2 - } - - if ! wait-for-condition InProgress=False 600s && ! wait-for-condition Failed=False 60s; then - echo install harbor failed - kubectl describe harborcluster -n cluster-sample-ns - kubectl describe harbor -n cluster-sample-ns - kubectl get all -n cluster-sample-ns - - for n in $(kubectl -n cluster-sample-ns get po |grep -v Running|grep -v NAME|awk '{print $1}');do - echo describe $n - kubectl -n cluster-sample-ns describe pod $n - echo show log $n - kubectl -n cluster-sample-ns logs --tail 100 $n || true - done - kubectl logs -l control-plane=harbor-operator -n ${operatorNamespace} --tail 100 - free -h - exit 1 - else - kubectl -n cluster-sample-ns get all -o wide - kubectl get harbor -n cluster-sample-ns -o wide - kubectl get harborcluster -n cluster-sample-ns -o wide - kubectl get all -n ${operatorNamespace} - fi - free -h - df -h - - - name: test harbor - run: | - set -ex - free -h - df -h - curl https://$CORE_HOST/api/v2.0/systeminfo -i -k -f - sudo mkdir -p /etc/docker/certs.d/$CORE_HOST - kubectl -n cluster-sample-ns get secret sample-public-certificate -o jsonpath='{.data.ca\.crt}' \ - | base64 --decode \ - | sudo tee /etc/docker/certs.d/$CORE_HOST/harbor_ca.crt - # docker login, create image, docker push, docker pull - docker login $CORE_HOST -u admin -p Harbor12345 || (kubectl -n cluster-sample-ns get po;kubectl -n cluster-sample-ns logs -l goharbor.io/operator-controller=core;exit 1) - docker run busybox dd if=/dev/urandom of=test count=10 bs=1MB - DOCKERID=`docker ps -l -q` - docker commit $DOCKERID $CORE_HOST/library/busybox:test - docker push $CORE_HOST/library/busybox:test - docker pull $CORE_HOST/library/busybox:test - - - name: apidb test - run: bash .github/scripts/apidb_test.sh - env: - DOCKER_USER: ${{ secrets.DOCKER_USER }} - DOCKER_PWD: ${{ secrets.DOCKER_TOKEN }} - CORE_DEPLOYMENT: harborcluster-sample-harbor-harbor-core - NAMESPACE: cluster-sample-ns - - - name: fetch harbor logs - if: ${{ failure() }} - run: | - df -h - free -m - mkdir -p /tmp/harbor - for name in core jobservice registry registryctl trivy chartmuseum notaryserver notarysigner portal; do \ - kubectl -n cluster-sample-ns logs -l "goharbor.io/operator-controller=$name" --all-containers > /tmp/harbor/$name.log ; \ - done - kubectl -n cluster-sample-ns logs -l "application=spilo" --all-containers > /tmp/harbor/db.log - kubectl -n cluster-sample-ns logs -l "app.kubernetes.io/component=redis" --all-containers > /tmp/harbor/redis.log - ls -l /tmp/harbor - - - uses: actions/upload-artifact@v2 - if: ${{ failure() }} - with: - name: harbor_v${{ matrix.k8sVersion }}_v${{ matrix.certManager }}_${{ matrix.samples }} - path: /tmp/harbor - - - name: fetch logs - if: ${{ failure() }} - run: | - mkdir -p /tmp/logs - kind export logs --name harbor /tmp/logs - ls -l /tmp/logs - - - uses: actions/upload-artifact@v2 - if: ${{ failure() }} - with: - name: kind_v${{ matrix.k8sVersion }}_v${{ matrix.certManager }}_${{ matrix.samples }} - path: /tmp/logs - - - name: Get logs for debug - if: ${{ failure() }} - run: | - set -x - kubectl get all -n "${operatorNamespace}" -o wide - kubectl logs -n "${operatorNamespace}" -l 'control-plane=harbor-operator' --all-containers --tail=1000 - - harbor-contour: - runs-on: ubuntu-latest - name: contour K8S v${{ matrix.k8sVersion }} (CM v${{ matrix.certManager }} ${{ matrix.samples }}) - env: - USE_EXISTING_CLUSTER: true - operatorNamespace: harbor-operator-ns - dockerImage: harbor-operator:dev_test - - strategy: - fail-fast: false - matrix: - # https://github.com/jetstack/cert-manager/tags - certManager: - - "1.8.2" - - # https://github.com/projectcontour/contour/tags - contour: - - "1.22.0" - - k8sVersion: - - "1.21.12" - - "1.23.6" - - "1.24.0" - - samples: - - "full_stack.yaml" - - steps: - - uses: actions/checkout@v2 - - - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - - uses: azure/setup-kubectl@v3 - with: - version: 'v1.25.4' - - - name: Cache go mod - uses: actions/cache@v2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - - name: Prepare memory storage for etcd of kind cluster - run: | - # Use memory storage for etcd of the kind cluster, see https://github.com/kubernetes-sigs/kind/issues/845 for more info - mkdir -p /tmp/lib/etcd - sudo mount -t tmpfs tmpfs /tmp/lib/etcd - - - name: Install Kubernetes v${{ matrix.k8sVersion }} - uses: helm/kind-action@v1.3.0 - with: - version: v0.14.0 - node_image: kindest/node:v${{ matrix.k8sVersion }} - cluster_name: harbor - config: .github/kind.yaml - - - name: Install CertManager v${{ matrix.certManager }} - run: | - kubectl apply -f "https://github.com/jetstack/cert-manager/releases/download/v${{ matrix.certManager }}/cert-manager.yaml" - sleep 5 - time kubectl -n cert-manager wait --for=condition=Available deployment --all --timeout 300s - - - name: Install Contour - run: | - kubectl apply -f https://github.com/projectcontour/contour/raw/v${{ matrix.contour }}/examples/render/contour.yaml - sleep 5 - kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"},"tolerations":[{"key":"node-role.kubernetes.io/master","operator":"Equal","effect":"NoSchedule"}, {"key":"node-role.kubernetes.io/control-plane","operator":"Equal","effect":"NoSchedule"}]}}}}' - sleep 5 - kubectl get all -n projectcontour - time kubectl wait --namespace projectcontour --for=condition=ready pod --selector=app=envoy --timeout=100s || kubectl get all -n projectcontour - time kubectl wait --namespace projectcontour --for=condition=ready pod --selector=app=envoy --timeout=100s - - - name: build harbor-operator - run: | - make manifests docker-build IMG=${dockerImage} GIT_COMMIT=${{ github.sha }} - kind load docker-image ${dockerImage} --name harbor - - - name: install harbor-operator - run: | - make kustomize - - cd manifests/cluster - kustomize edit add secret github-token --disableNameSuffixHash --from-literal=GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} - kustomize edit add patch --path patch/github-token.yaml - kustomize edit set image goharbor/harbor-operator=${dockerImage} - ../../bin/kustomize build --reorder legacy | kubectl create -f - - - if ! time kubectl -n ${operatorNamespace} wait --for=condition=Available deployment --all --timeout 300s; then - kubectl get all -n ${operatorNamespace} - exit 1 - fi - - - name: install harbor - run: | - set -ex - IP=`hostname -I | awk '{print $1}'` - echo "IP=$IP" >> $GITHUB_ENV - CORE_HOST=core.$IP.nip.io - NOTARY_HOST=notary.$IP.nip.io - MINIO_HOST=minio.$IP.nip.io - echo "CORE_HOST=$CORE_HOST" >> $GITHUB_ENV - echo "NOTARY_HOST=$NOTARY_HOST" >> $GITHUB_ENV - echo "MINIO_HOST=$MINIO_HOST" >> $GITHUB_ENV - samplefile=${{ matrix.samples }} - sed -i "s/core.harbor.domain/$CORE_HOST/g" manifests/samples/$samplefile - sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" manifests/samples/$samplefile - sed -i "s/minio.harbor.domain/$MINIO_HOST/g" manifests/samples/$samplefile - sed -i "s/controller: default/controller: contour/g" manifests/samples/$samplefile - sed -i "s/logLevel: info/logLevel: debug/g" manifests/samples/$samplefile - - kubectl apply -f manifests/samples/$samplefile - for i in $(seq 1 7);do - sleep 30 - echo $i - kubectl -n cluster-sample-ns get all - done - - function wait-for-condition () { - time kubectl -n cluster-sample-ns wait --for=condition=$1 harborcluster harborcluster-sample --timeout $2 - } - - if ! wait-for-condition InProgress=False 600s && ! wait-for-condition Failed=False 60s; then - echo install harbor failed - kubectl describe harborcluster -n cluster-sample-ns - kubectl describe harbor -n cluster-sample-ns - kubectl get all -n cluster-sample-ns - - for n in $(kubectl -n cluster-sample-ns get po |grep -v Running|grep -v NAME|awk '{print $1}');do - echo describe $n - kubectl -n cluster-sample-ns describe pod $n - echo show log $n - kubectl -n cluster-sample-ns logs --tail 100 $n || true - done - kubectl logs -l control-plane=harbor-operator -n ${operatorNamespace} --tail 100 - free -h - exit 1 - else - kubectl -n cluster-sample-ns get all -o wide - kubectl get harbor -n cluster-sample-ns -o wide - kubectl get harborcluster -n cluster-sample-ns -o wide - fi - free -h - df -h - - - name: test harbor - run: | - set -ex - free -h - df -h - curl https://$CORE_HOST/api/v2.0/systeminfo -i -k -f - sudo mkdir -p /etc/docker/certs.d/$CORE_HOST - kubectl -n cluster-sample-ns get secret sample-public-certificate -o jsonpath='{.data.ca\.crt}' \ - | base64 --decode \ - | sudo tee /etc/docker/certs.d/$CORE_HOST/harbor_ca.crt - # docker login, create image, docker push, docker pull - docker login $CORE_HOST -u admin -p Harbor12345 || (kubectl -n cluster-sample-ns get po;kubectl -n cluster-sample-ns logs -l goharbor.io/operator-controller=core;exit 1) - docker run busybox dd if=/dev/urandom of=test count=10 bs=1MB - DOCKERID=`docker ps -l -q` - docker commit $DOCKERID $CORE_HOST/library/busybox:test - docker push $CORE_HOST/library/busybox:test - docker pull $CORE_HOST/library/busybox:test - - - name: apidb test - run: bash .github/scripts/apidb_test.sh - env: - DOCKER_USER: ${{ secrets.DOCKER_USER }} - DOCKER_PWD: ${{ secrets.DOCKER_TOKEN }} - CORE_DEPLOYMENT: harborcluster-sample-harbor-harbor-core - NAMESPACE: cluster-sample-ns - - - name: fetch harbor logs - if: ${{ failure() }} - run: | - df -h - free -m - mkdir -p /tmp/harbor - for name in core jobservice registry registryctl trivy chartmuseum notaryserver notarysigner portal; do \ - kubectl -n cluster-sample-ns logs -l "goharbor.io/operator-controller=$name" --all-containers > /tmp/harbor/$name.log ; \ - done - kubectl -n cluster-sample-ns logs -l "application=spilo" --all-containers > /tmp/harbor/db.log - kubectl -n cluster-sample-ns logs -l "app.kubernetes.io/component=redis" --all-containers > /tmp/harbor/redis.log - ls -l /tmp/harbor - - - uses: actions/upload-artifact@v2 - if: ${{ failure() }} - with: - name: contour_harbor_v${{ matrix.k8sVersion }}_v${{ matrix.certManager }}_${{ matrix.samples }} - path: /tmp/harbor - - - name: fetch logs - if: ${{ failure() }} - run: | - mkdir -p /tmp/logs - kind export logs --name harbor /tmp/logs - ls -l /tmp/logs - - - uses: actions/upload-artifact@v2 - if: ${{ failure() }} - with: - name: contour_kind_v${{ matrix.k8sVersion }}_v${{ matrix.certManager }}_${{ matrix.samples }} - path: /tmp/logs - - - name: Get logs for debug - if: ${{ failure() }} - run: | - set -x - kubectl get all -n "${operatorNamespace}" -o wide - kubectl logs -n "${operatorNamespace}" -l 'control-plane=harbor-operator' --all-containers --tail=1000 - - chart-tests: - runs-on: ubuntu-latest - name: chart K8S v${{ matrix.k8sVersion }} (CM v${{ matrix.certManager }}) - env: - USE_EXISTING_CLUSTER: true - operatorNamespace: harbor-operator-ns - dockerImage: harbor-operator:dev_test - - strategy: - fail-fast: false - matrix: - # https://github.com/jetstack/cert-manager/tags - certManager: - - "1.9.1" - - # https://snapcraft.io/microk8s - k8sVersion: - - "1.21.12" - - "1.23.6" - - "1.24.0" - - # https://github.com/kubernetes/ingress-nginx/tags - ingress: - - "1.3.0" - - steps: - - uses: actions/checkout@v2 - - - uses: actions/setup-go@v2 - with: - go-version: 1.18 - - - uses: azure/setup-kubectl@v3 - with: - version: 'latest' - - - name: Cache go mod - uses: actions/cache@v2 - with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- - - - name: Prepare memory storage for etcd of kind cluster - run: | - # Use memory storage for etcd of the kind cluster, see https://github.com/kubernetes-sigs/kind/issues/845 for more info - mkdir -p /tmp/lib/etcd - sudo mount -t tmpfs tmpfs /tmp/lib/etcd - - - name: Install Kubernetes v${{ matrix.k8sVersion }} - uses: helm/kind-action@v1.3.0 - with: - version: v0.14.0 - node_image: kindest/node:v${{ matrix.k8sVersion }} - cluster_name: harbor - config: .github/kind.yaml - - - name: Install CertManager v${{ matrix.certManager }} - run: | - kubectl apply -f "https://github.com/jetstack/cert-manager/releases/download/v${{ matrix.certManager }}/cert-manager.yaml" - sleep 5 - time kubectl -n cert-manager wait --for=condition=Available deployment --all --timeout 300s - - - name: Install Ingress - run: | - kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v${{ matrix.ingress }}/deploy/static/provider/kind/deploy.yaml - time kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=300s - - - name: build harbor-operator - run: | - make manifests docker-build IMG=${dockerImage} - kind load docker-image ${dockerImage} --name harbor - - - name: install harbor-operator - run: | - set -ex - make helm-install NAMESPACE="${operatorNamespace}" IMG=${dockerImage} - kubectl -n "${operatorNamespace}" wait --for=condition=Available deployment --all --timeout 300s - - if ! time kubectl -n ${operatorNamespace} wait --for=condition=Available deployment --all --timeout 300s; then - kubectl get all -n ${operatorNamespace} - exit 1 - fi - - - name: install harbor - run: | - export GITHUB_TOKEN=xxx - set -ex - IP=`hostname -I | awk '{print $1}'` - echo "IP=$IP" >> $GITHUB_ENV - CORE_HOST=core.$IP.nip.io - NOTARY_HOST=notary.$IP.nip.io - echo "CORE_HOST=$CORE_HOST" >> $GITHUB_ENV - echo "NOTARY_HOST=$NOTARY_HOST" >> $GITHUB_ENV - sed -i "s/core.harbor.domain/$CORE_HOST/g" config/samples/harborcluster-minimal/*.yaml - sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" config/samples/harborcluster-minimal/*.yaml - sed -i "s/core.harbor.domain/$CORE_HOST/g" config/samples/harborcluster-standard/*.yaml - sed -i "s/notary.harbor.domain/$NOTARY_HOST/g" config/samples/harborcluster-standard/*.yaml - - make sample-harborcluster-standard - - for i in $(seq 1 7);do - sleep 30 - echo $i - kubectl get all - done - if ! time kubectl wait --for=condition=Ready -l job-type!=minio-init pod --all --timeout 600s && ! time kubectl wait --for=condition=Ready -l job-type!=minio-init pod --all --timeout 60s; then - echo install harbor failed - kubectl get all - - for n in $(kubectl get po |grep -v Running|grep -v NAME|awk '{print $1}');do - echo describe $n - kubectl describe pod $n - echo show log $n - kubectl logs --tail 100 $n || true - done - kubectl logs -l control-plane=harbor-operator -n ${operatorNamespace} --tail 100 - free -h - exit 1 - else - kubectl get all - kubectl get harbor -o wide - kubectl get harborcluster -o wide - fi - free -h - - - name: test harbor - run: | - set -ex - curl https://$CORE_HOST/api/v2.0/systeminfo -i -k -f - sudo mkdir -p /etc/docker/certs.d/$CORE_HOST - kubectl get secret sample-public-certificate -o jsonpath='{.data.ca\.crt}' \ - | base64 --decode \ - | sudo tee /etc/docker/certs.d/$CORE_HOST/harbor_ca.crt - # docker login, create image, docker push, docker pull - docker login $CORE_HOST -u admin -p Harbor12345 || (kubectl get po;kubectl logs -l goharbor.io/operator-controller=core;exit 1) - docker run busybox dd if=/dev/urandom of=test count=10 bs=1MB - DOCKERID=`docker ps -l -q` - docker commit $DOCKERID $CORE_HOST/library/busybox:test - docker push $CORE_HOST/library/busybox:test - docker pull $CORE_HOST/library/busybox:test - - - name: apidb test - run: bash .github/scripts/apidb_test.sh - env: - DOCKER_USER: ${{ secrets.DOCKER_USER }} - DOCKER_PWD: ${{ secrets.DOCKER_TOKEN }} - CORE_DEPLOYMENT: sample-harbor-harbor-core - - - name: fetch harbor logs - if: ${{ failure() }} - run: | - mkdir -p /tmp/harbor - for name in core jobservice registry registryctl trivy chartmuseum notaryserver notarysigner portal; do \ - kubectl logs -l "goharbor.io/operator-controller=$name" --all-containers > /tmp/harbor/$name.log ; \ - done - kubectl logs -l "app.kubernetes.io/instance=harbor-database" --all-containers > /tmp/harbor/db.log - kubectl logs -l "release=harbor-redis" --all-containers > /tmp/harbor/redis.log - ls -l /tmp/harbor - - - uses: actions/upload-artifact@v2 - if: ${{ failure() }} - with: - name: harbor_chart - path: /tmp/harbor - - - name: fetch logs - if: ${{ failure() }} - run: | - mkdir -p /tmp/logs - kind export logs --name harbor /tmp/logs - ls -l /tmp/logs - - - uses: actions/upload-artifact@v2 - if: ${{ failure() }} - with: - name: kind_chart - path: /tmp/logs - - - name: Get logs for debug - if: ${{ failure() }} - run: | - set -x - kubectl get all -n "${operatorNamespace}" -o wide - kubectl logs -n "${operatorNamespace}" -l 'control-plane=harbor-operator' --all-containers --tail=1000 - # Kubernetes crd-kubernetes-resources: runs-on: ubuntu-latest diff --git a/MAINTAINERS b/MAINTAINERS deleted file mode 100644 index b1428a6d0..000000000 --- a/MAINTAINERS +++ /dev/null @@ -1,29 +0,0 @@ -# This is the official list of the project maintainers. -# This is mostly useful for contributors that want to push -# significant pull requests or for project management issues. -# -# -# Names should be added to this file like so: -# Individual's name , GitHub ID , Affiliation -# Individual's name , GitHub ID , Affiliation -# -# Please keep the list sorted. -# - -Pierre PÉRONNET , holyhope , DataDog -Simon Guyennet , sguyennet , OVHcloud -Jérémie MONSINJON , jMonsinjon , OVHcloud -Steven Zou , steven-zou , VMware -Maxime , mhurtrel , OVHcloud -Weiwei He , heww, VMware -Ziming Zhang , bitsf , VMware -Canfeng Wang , wangcanfengxs , Netease -Huijun Zhu , Ghostbaby , Yunmanman -Xiaoyang Zhu , soulseen , Shoppee -Chengyu Zhang , chlins , VMware -Xavier Duthil , XavierDuthil , OVHcloud -Yinan Li , cndoit18 , Qihu360 -Lubron Zhan , lubronzhan , VMware -Xiongxiong Yuan , yxxhero , Qunar -Marcel Mueller , MarcelMue , Giant Swarm -Thomas Coudert , thcdrt , OVHcloud diff --git a/Makefile b/Makefile index e4713adc7..1e8145e5e 100644 --- a/Makefile +++ b/Makefile @@ -288,7 +288,7 @@ CHART_TEMPLATE_PATH := $(CHART_HARBOR_OPERATOR)/templates CRD_GROUP := goharbor.io -$(CHARTS_DIRECTORY)/harbor-operator-$(RELEASE_VERSION).tgz: $(CHART_HARBOR_OPERATOR)/README.md $(CHART_HARBOR_OPERATOR)/templates/crds.yaml \ +$(CHARTS_DIRECTORY)/harbor-operator-$(RELEASE_VERSION).tgz: $(CHART_HARBOR_OPERATOR)/README.md \ $(CHART_HARBOR_OPERATOR)/assets $(wildcard $(CHART_HARBOR_OPERATOR)/assets/*) \ $(CHART_HARBOR_OPERATOR)/Chart.lock \ $(CHART_TEMPLATE_PATH)/role.yaml $(CHART_TEMPLATE_PATH)/clusterrole.yaml \ @@ -302,13 +302,6 @@ $(CHARTS_DIRECTORY)/harbor-operator-$(RELEASE_VERSION).tgz: $(CHART_HARBOR_OPERA --app-version $(RELEASE_VERSION) \ --destination $(CHARTS_DIRECTORY) -$(CHART_HARBOR_OPERATOR)/templates/crds.yaml: kustomize config/crd/bases - echo '{{- /* $(DO_NOT_EDIT) */ -}}' > '$@' - echo '{{- if .Values.installCRDs }}' >> '$@' - $(KUSTOMIZE) build config/helm/crds/ | \ - sed "s/'\({{[^}}]*}}\)'/\1/g">> '$@' - echo '{{- end -}}' >> '$@' - $(CHART_HARBOR_OPERATOR)/assets: rm -f '$@' ln -vs ../../config/config/assets '$@' diff --git a/PROJECT b/PROJECT index 3ae479992..523a146b3 100644 --- a/PROJECT +++ b/PROJECT @@ -68,6 +68,9 @@ resources: - group: goharbor kind: HarborCluster version: v1beta1 +- group: goharbor + kind: HarborProject + version: v1beta1 - group: goharbor kind: HarborServerConfiguration version: v1alpha1 diff --git a/README.md b/README.md index 973309c2f..d563b6367 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ [![Codacy Badge](https://app.codacy.com/project/badge/Grade/bb3adb454b424e66ae3b9bdf2ab2fce1)](https://www.codacy.com/gh/goharbor/harbor-operator/dashboard?utm_source=github.com&utm_medium=referral&utm_content=goharbor/harbor-operator&utm_campaign=Badge_Grade) [![Go Reference](https://pkg.go.dev/badge/github.com/goharbor/harbor-operator.svg)](https://pkg.go.dev/github.com/goharbor/harbor-operator) -> **ATTENTIONS:** THE `MASTER` BRANCH MAY BE IN AN UNSTABLE OR EVEN BROKEN STATE DURING DEVELOPMENT. +> **ATTENTIONS:** THE `main` BRANCH MAY BE IN AN UNSTABLE OR EVEN BROKEN STATE DURING DEVELOPMENT. [Harbor](https://github.com/goharbor/harbor/) is a CNCF hosted open source trusted cloud-native registry project that stores, signs, and scans content. Harbor is composed on numerous stateful and stateless components and dependencies that may be deployed, updated, healed, backuped or scaled respecting some constraints. @@ -45,7 +45,6 @@ Harbor deployment stack is controlled by a custom Harbor resource `HarborCluster * Certification auto injection * Manage Harbor resources with the declaration way * Robot account - * Project * and more * [Auto-scaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) for each component. * Backup/restore data (registry layer, chartmuseum data, databases content). @@ -53,7 +52,6 @@ Harbor deployment stack is controlled by a custom Harbor resource `HarborCluster ## Release plans -* [Release 1.3](https://github.com/goharbor/harbor-operator/projects/9) * [Release 1.4](https://github.com/goharbor/harbor-operator/projects/12) ## Getting started @@ -103,9 +101,9 @@ Harbor operator exposes the frontend service with ingress (CRD version: `v1beta1 **NOTES:** - :heavy_check_mark: : support - :heavy_multiplication_x: : not support - :o: : not verified (probably support) + :heavy_check_mark: : supported + :heavy_multiplication_x: : not supported + :o: : not verified (probably supported) ## Documentation @@ -116,6 +114,7 @@ Harbor operator exposes the frontend service with ingress (CRD version: `v1beta1 * [Customize storage, database and cache services](./docs/installation/customize-storage-db-redis.md) * [Customize images](./docs/customize-images.md) * [Day2 configurations](docs/day2/day2-configurations.md) +* [Day2 manage Harbor projects](docs/day2/day2-harborprojects.md) * [Upgrade Harbor cluster](./docs/LCM/upgrade-cluster.md) * [Delete Harbor cluster](./docs/LCM/cluster-deletion.md) * [Backup data](./docs/LCM/backup-data.md) @@ -127,16 +126,17 @@ Harbor operator exposes the frontend service with ingress (CRD version: `v1beta1 ## Contributions -Harbor operator project is developed and maintained by the [Harbor operator workgroup](https://github.com/goharbor/community/blob/master/workgroups/wg-operator/README.md). If you're willing to join the group and do contributions to operator project, welcome to [contact us](#community). Follow the [Development guide](https://github.com/goharbor/harbor-operator/blob/master/docs/development.md) to start on the project. +Harbor operator project is developed and maintained by the [Harbor operator workgroup](https://github.com/goharbor/community/blob/main/workgroups/wg-operator/README.md). If you're willing to join the group and do contributions to operator project, welcome to [contact us](#community). Follow the [Development guide](https://github.com/goharbor/harbor-operator/blob/main/docs/development.md) to start on the project. Special thanks to the [contributors](./MAINTAINERS) who did significant contributions ([see feature area](./docs/feature-areas.md)). ## Community -* **Slack:** channel `#harbor-operator-dev` at [CNCF Workspace](https://slack.cncf.io) -* **Mail group:** send mail to Harbor dev mail group: harbor-dev@lists.cncf.io -* **Twitter:** [@project_harbor](https://twitter.com/project_harbor) -* **Community meeting:** attend [bi-weekly community meeting](https://github.com/goharbor/community/blob/master/MEETING_SCHEDULE.md) for Q&A +* **Twitter:** [@project_harbor](https://twitter.com/project_harbor) +* **User Group:** Join Harbor user email group: [harbor-users@lists.cncf.io](https://lists.cncf.io/g/harbor-users) to get update of Harbor's news, features, releases, or to provide suggestion and feedback. +* **Developer Group:** Join Harbor developer group: [harbor-dev@lists.cncf.io](https://lists.cncf.io/g/harbor-dev) for discussion on Harbor development and contribution. +* **Slack:** Join Harbor's community for discussion and ask questions: [Cloud Native Computing Foundation](https://slack.cncf.io/), channel: [#harbor-operator-dev](https://cloud-native.slack.com/messages/harbor-operator-dev/) +* **Community meeting:** attend [bi-weekly community meeting](https://github.com/goharbor/community/blob/main/MEETING_SCHEDULE.md) for Q&A ## Additional references @@ -150,7 +150,7 @@ Special thanks to the [contributors](./MAINTAINERS) who did significant contribu ## Related links -* Contribute: +* Contribute: * Report bugs: * Get latest version: @@ -162,4 +162,4 @@ OVHcloud uses the operator at scale to operate part of its private registry serv ## License -See [LICENSE](https://github.com/goharbor/harbor-operator/blob/master/LICENSE) for licensing details. +See [LICENSE](https://github.com/goharbor/harbor-operator/blob/main/LICENSE) for licensing details. diff --git a/apis/goharbor.io/v1alpha3/core_types.go b/apis/goharbor.io/v1alpha3/core_types.go index 78be5b203..ad588befe 100644 --- a/apis/goharbor.io/v1alpha3/core_types.go +++ b/apis/goharbor.io/v1alpha3/core_types.go @@ -38,7 +38,7 @@ type CoreList struct { type CoreSpec struct { harbormetav1.ComponentSpec `json:",inline"` - // https://github.com/goharbor/harbor/blob/master/src/lib/config/metadata/metadatalist.go#L62 + // https://github.com/goharbor/harbor/blob/main/src/lib/config/metadata/metadatalist.go#L62 CoreConfig `json:",inline"` CertificateInjection `json:",inline"` diff --git a/apis/goharbor.io/v1beta1/core_types.go b/apis/goharbor.io/v1beta1/core_types.go index 5f71f42a5..80b8de349 100644 --- a/apis/goharbor.io/v1beta1/core_types.go +++ b/apis/goharbor.io/v1beta1/core_types.go @@ -39,7 +39,7 @@ type CoreList struct { type CoreSpec struct { harbormetav1.ComponentSpec `json:",inline"` - // https://github.com/goharbor/harbor/blob/master/src/lib/config/metadata/metadatalist.go#L62 + // https://github.com/goharbor/harbor/blob/main/src/lib/config/metadata/metadatalist.go#L62 CoreConfig `json:",inline"` CertificateInjection `json:",inline"` diff --git a/apis/goharbor.io/v1beta1/harbor_types.go b/apis/goharbor.io/v1beta1/harbor_types.go index 2f314c00d..2f2e2643c 100644 --- a/apis/goharbor.io/v1beta1/harbor_types.go +++ b/apis/goharbor.io/v1beta1/harbor_types.go @@ -374,6 +374,16 @@ type CoreComponentSpec struct { // +kubebuilder:validation:Optional Metrics *harbormetav1.MetricsSpec `json:"metrics,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:default=50 + MaxIdleConnections *int32 `json:"maxIdleConnections,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:default=1000 + MaxOpenConnections *int32 `json:"maxOpenConnections,omitempty"` } type JobServiceComponentSpec struct { diff --git a/apis/goharbor.io/v1beta1/harborcluster_types.go b/apis/goharbor.io/v1beta1/harborcluster_types.go index cf1c0a0b2..31e0bf7ec 100644 --- a/apis/goharbor.io/v1beta1/harborcluster_types.go +++ b/apis/goharbor.io/v1beta1/harborcluster_types.go @@ -179,6 +179,10 @@ type RedisServer struct { // +kubebuilder:validation:Optional // Storage is the size of the redis storage. Storage string `json:"storage,omitempty"` + + // +kubebuilder:validation:Optional + // ServiceAccountName is the service account name of the redis server. + ServiceAccountName string `json:"serviceAccountName,omitempty"` } type Database struct { diff --git a/apis/goharbor.io/v1beta1/harborproject_types.go b/apis/goharbor.io/v1beta1/harborproject_types.go new file mode 100644 index 000000000..0d9365b80 --- /dev/null +++ b/apis/goharbor.io/v1beta1/harborproject_types.go @@ -0,0 +1,155 @@ +package v1beta1 + +import ( + goyaml "gopkg.in/yaml.v2" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + k8syaml "sigs.k8s.io/yaml" +) + +// +genclient + +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +k8s:openapi-gen=true +// +resource:path=harborproject +// +kubebuilder:subresource:status +// +kubebuilder:resource:categories="goharbor",shortName="hp" +// +kubebuilder:printcolumn:name="ProjectName",type=string,JSONPath=`.spec.projectName`,description="Project name in Harbor" +// +kubebuilder:printcolumn:name="HarborServerConfig",type=string,JSONPath=`.spec.harborServerConfig`,description="HarborServerConfiguration name" +// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.status`,description="HarborProject status" +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC." +// HarborProject is the Schema for the harbors projects. +type HarborProject struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec HarborProjectSpec `json:"spec,omitempty"` + + Status HarborProjectStatus `json:"status,omitempty"` +} + +// HarborProjectSpec defines the spec of HarborProject. +type HarborProjectSpec struct { + // The name of the harbor project. Has to match harbor's naming rules. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern="^[a-z0-9]+(?:[._-][a-z0-9]+)*$" + // +kubebuilder:validation:MaxLength=255 + // +kubebuilder:validation:MinLength=1 + ProjectName string `json:"projectName" yaml:"project_name"` + // The CVE allowlist for the project. + // +kubebuilder:validation:Optional + CveAllowList []string `json:"cveAllowList" yaml:"cve_allow_list_items"` + // The project's storage quota in human-readable format, like in Kubernetes memory requests/limits (Ti, Gi, Mi, Ki). The Harbor's default value is used if empty. + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Pattern="^[1-9][0-9]*(Ti|Gi|Mi|Ki)$" + StorageQuota string `json:"storageQuota" yaml:"storage_quota"` + // HarborProjectMetadata related configurations. + // +kubebuilder:validation:Optional + HarborProjectMetadata *HarborProjectMetadata `json:"metadata" yaml:"metadata"` + // Group or user memberships of the project. + // +kubebuilder:validation:Optional + HarborProjectMemberships []*HarborProjectMember `json:"memberships" yaml:"memberships"` + // HarborServerConfig contains the name of a HarborServerConfig resource describing the harbor instance to manage. + // +kubebuilder:validation:Required + HarborServerConfig string `json:"harborServerConfig"` +} + +// ToJSON converts project spec to json payload. +func (h HarborProjectSpec) ToJSON() ([]byte, error) { + data, err := goyaml.Marshal(h) + if err != nil { + return nil, err + } + + // convert yaml to json + return k8syaml.YAMLToJSON(data) +} + +// HarborProjectMetadata defines the project related metadata. +type HarborProjectMetadata struct { + // Whether content trust is enabled or not. If enabled, user can't pull unsigned images from this project. + // +kubebuilder:validation:Optional + EnableContentTrust *bool `json:"enableContentTrust,omitempty" yaml:"enable_content_trust,omitempty"` + // Whether cosign content trust is enabled or not. Similar to enableContentTrust, but using cosign. + // +kubebuilder:validation:Optional + EnableContentTrustCosign *bool `json:"enableContentTrustCosign,omitempty" yaml:"enable_content_trust_cosign,omitempty"` + // Whether to scan images automatically after pushing. + // +kubebuilder:validation:Optional + AutoScan *bool `json:"autoScan,omitempty" yaml:"auto_scan,omitempty"` + // If an image's vulnerablilities are higher than the severity defined here, the image can't be pulled. Can be either `none`, `low`, `medium`, `high` or `critical`. + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Enum=none;low;medium;high;critical + Severity string `json:"severity,omitempty" yaml:"severity,omitempty"` + // Whether to prevent vulnerable images from running. + // +kubebuilder:validation:Optional + PreventVulnerable *bool `json:"preventVulnerable,omitempty" yaml:"prevent_vulnerable,omitempty"` + // The flag to indicate whether the project should be public or not. + // +kubebuilder:validation:Optional + Public *bool `json:"public,omitempty" yaml:"public,omitempty"` + // Whether this project reuses the system level CVE allowlist for itself. If this is set to `true`, the actual allowlist associated with this project will be ignored. + // +kubebuilder:validation:Optional + ReuseSysCveAllowlist *bool `json:"reuseSysCveAllowlist,omitempty" yaml:"reuse_sys_cve_allowlist,omitempty"` +} + +// HarborProjectMember is a member of a HarborProject. Can be a user or group. +type HarborProjectMember struct { + // Type of the member, group or user + // +kubebuilder:validation:Enum="group";"user" + Type string `json:"type" yaml:"type"` + // Name of the member. Has to match with a existing user or group + Name string `json:"name" yaml:"name"` + // Role of the member in the Project. This controls the member's permissions on the project. + // +kubebuilder:validation:Enum="projectAdmin";"developer";"guest";"maintainer" + Role string `json:"role" yaml:"role"` +} + +// HarborProjectStatusType defines the status type of project. +type HarborProjectStatusType string + +const ( + // HarborProjectPhaseReady represents ready status. + HarborProjectStatusReady HarborProjectStatusType = "Success" + // HarborProjectPhaseFail represents fail status. + HarborProjectStatusFail HarborProjectStatusType = "Fail" + // HarborProjectPhaseError represents unknown status. + HarborProjectStatusUnknown HarborProjectStatusType = "Unknown" +) + +// HarborProjectStatus defines the status of HarborProject. +type HarborProjectStatus struct { + // Status represents harbor project status. + // +kubebuilder:validation:Optional + Status HarborProjectStatusType `json:"status,omitempty"` + // ProjectID represents ID of the managed project. + // +kubebuilder:validation:Optional + ProjectID int32 `json:"projectID,omitempty"` + // QuotaID is the ID of the project's quota. Used to be able to update it. + // +kubebuilder:validation:Optional + QuotaID int64 `json:"quotaID,omitempty"` + // MembershipHash provides a way to quickly notice changes in project membership. + // +kubebuilder:validation:Optional + MembershipHash string `json:"membershipHash,omitempty"` + // Reason represents status reason. + // +kubebuilder:validation:Optional + Reason string `json:"reason,omitempty"` + // Message provides human-readable message. + // +kubebuilder:validation:Optional + Message string `json:"message,omitempty"` + // LastApplyTime represents the last apply configuration time. + // +kubebuilder:validation:Optional + LastApplyTime *metav1.Time `json:"lastApplyTime,omitempty"` +} + +// +kubebuilder:object:root=true +// HarborProjectList contains a list of HarborProjects. +type HarborProjectList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []HarborProject `json:"items"` +} + +func init() { //nolint:gochecknoinits + SchemeBuilder.Register(&HarborProject{}, &HarborProjectList{}) +} diff --git a/apis/goharbor.io/v1beta1/harborproject_webhook.go b/apis/goharbor.io/v1beta1/harborproject_webhook.go new file mode 100644 index 000000000..2dbcfe2b2 --- /dev/null +++ b/apis/goharbor.io/v1beta1/harborproject_webhook.go @@ -0,0 +1,73 @@ +package v1beta1 + +import ( + "context" + + "github.com/pkg/errors" + apierrors "k8s.io/apimachinery/pkg/api/errors" + runtime "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/validation/field" + ctrl "sigs.k8s.io/controller-runtime" + logf "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/webhook" +) + +// log is for logging in this package. +var hplog = logf.Log.WithName("harborproject-resource") + +func (hp *HarborProject) SetupWebhookWithManager(_ context.Context, mgr ctrl.Manager) error { + return ctrl.NewWebhookManagedBy(mgr). + For(hp). + Complete() +} + +// +kubebuilder:webhook:verbs=create;update,path=/validate-goharbor-io-v1beta1-harborproject,mutating=false,failurePolicy=fail,groups=goharbor.io,resources=harborprojects,versions=v1beta1,name=vharborproject.kb.io,admissionReviewVersions={"v1beta1","v1"},sideEffects=None + +var _ webhook.Validator = &HarborProject{} + +// ValidateCreate implements webhook.Validator so a webhook will be registered for the type. +func (hp *HarborProject) ValidateCreate() error { + hplog.Info("validate create", "name", hp.Name) + + return hp.Validate(nil) +} + +// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. +func (hp *HarborProject) ValidateUpdate(old runtime.Object) error { + hplog.Info("validate update", "name", hp.Name) + + obj, ok := old.(*HarborProject) + if !ok { + return errors.Errorf("failed type assertion on kind: %s", old.GetObjectKind().GroupVersionKind().String()) + } + + return hp.Validate(obj) +} + +// ValidateDelete implements webhook.Validator so a webhook will be registered for the type. +func (hp *HarborProject) ValidateDelete() error { + hplog.Info("validate delete", "name", hp.Name) + + return nil +} + +func (hp *HarborProject) Validate(old *HarborProject) error { + var allErrs field.ErrorList + + if old != nil { // update harborproject resource + if hp.Spec.ProjectName != old.Spec.ProjectName { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("projectName"), hp.Spec.ProjectName, "field cannot be changed after initial creation")) + } + + if hp.Spec.HarborServerConfig != old.Spec.HarborServerConfig { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec").Child("harborServerConfig"), hp.Spec.HarborServerConfig, "field cannot be changed after initial creation")) + } + } + + if len(allErrs) == 0 { + return nil + } + + return apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "HarborProject"}, hp.Name, allErrs) +} diff --git a/apis/goharbor.io/v1beta1/zz_generated.deepcopy.go b/apis/goharbor.io/v1beta1/zz_generated.deepcopy.go index 230b1946f..d59259fcd 100644 --- a/apis/goharbor.io/v1beta1/zz_generated.deepcopy.go +++ b/apis/goharbor.io/v1beta1/zz_generated.deepcopy.go @@ -630,6 +630,16 @@ func (in *CoreComponentSpec) DeepCopyInto(out *CoreComponentSpec) { *out = new(v1alpha1.MetricsSpec) **out = **in } + if in.MaxIdleConnections != nil { + in, out := &in.MaxIdleConnections, &out.MaxIdleConnections + *out = new(int32) + **out = **in + } + if in.MaxOpenConnections != nil { + in, out := &in.MaxOpenConnections, &out.MaxOpenConnections + *out = new(int32) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CoreComponentSpec. @@ -1987,6 +1997,180 @@ func (in *HarborList) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HarborProject) DeepCopyInto(out *HarborProject) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HarborProject. +func (in *HarborProject) DeepCopy() *HarborProject { + if in == nil { + return nil + } + out := new(HarborProject) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HarborProject) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HarborProjectList) DeepCopyInto(out *HarborProjectList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]HarborProject, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HarborProjectList. +func (in *HarborProjectList) DeepCopy() *HarborProjectList { + if in == nil { + return nil + } + out := new(HarborProjectList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HarborProjectList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HarborProjectMember) DeepCopyInto(out *HarborProjectMember) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HarborProjectMember. +func (in *HarborProjectMember) DeepCopy() *HarborProjectMember { + if in == nil { + return nil + } + out := new(HarborProjectMember) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HarborProjectMetadata) DeepCopyInto(out *HarborProjectMetadata) { + *out = *in + if in.EnableContentTrust != nil { + in, out := &in.EnableContentTrust, &out.EnableContentTrust + *out = new(bool) + **out = **in + } + if in.EnableContentTrustCosign != nil { + in, out := &in.EnableContentTrustCosign, &out.EnableContentTrustCosign + *out = new(bool) + **out = **in + } + if in.AutoScan != nil { + in, out := &in.AutoScan, &out.AutoScan + *out = new(bool) + **out = **in + } + if in.PreventVulnerable != nil { + in, out := &in.PreventVulnerable, &out.PreventVulnerable + *out = new(bool) + **out = **in + } + if in.Public != nil { + in, out := &in.Public, &out.Public + *out = new(bool) + **out = **in + } + if in.ReuseSysCveAllowlist != nil { + in, out := &in.ReuseSysCveAllowlist, &out.ReuseSysCveAllowlist + *out = new(bool) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HarborProjectMetadata. +func (in *HarborProjectMetadata) DeepCopy() *HarborProjectMetadata { + if in == nil { + return nil + } + out := new(HarborProjectMetadata) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HarborProjectSpec) DeepCopyInto(out *HarborProjectSpec) { + *out = *in + if in.CveAllowList != nil { + in, out := &in.CveAllowList, &out.CveAllowList + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.HarborProjectMetadata != nil { + in, out := &in.HarborProjectMetadata, &out.HarborProjectMetadata + *out = new(HarborProjectMetadata) + (*in).DeepCopyInto(*out) + } + if in.HarborProjectMemberships != nil { + in, out := &in.HarborProjectMemberships, &out.HarborProjectMemberships + *out = make([]*HarborProjectMember, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(HarborProjectMember) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HarborProjectSpec. +func (in *HarborProjectSpec) DeepCopy() *HarborProjectSpec { + if in == nil { + return nil + } + out := new(HarborProjectSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HarborProjectStatus) DeepCopyInto(out *HarborProjectStatus) { + *out = *in + if in.LastApplyTime != nil { + in, out := &in.LastApplyTime, &out.LastApplyTime + *out = (*in).DeepCopy() + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HarborProjectStatus. +func (in *HarborProjectStatus) DeepCopy() *HarborProjectStatus { + if in == nil { + return nil + } + out := new(HarborProjectStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HarborProxySpec) DeepCopyInto(out *HarborProxySpec) { *out = *in diff --git a/apis/meta/v1alpha1/component.go b/apis/meta/v1alpha1/component.go index c210fe7d4..2ad238b09 100644 --- a/apis/meta/v1alpha1/component.go +++ b/apis/meta/v1alpha1/component.go @@ -71,6 +71,10 @@ type ComponentSpec struct { // Custom annotations to be added into the pods TemplateAnnotations map[string]string `json:"templateAnnotations,omitempty"` + // +kubebuilder:validation:Optional + // Custom Labels to be added into the pods + TemplateLabels map[string]string `json:"templateLabels,omitempty"` + ImageSpec `json:",inline"` // +kubebuilder:validation:Optional @@ -116,6 +120,10 @@ func (c *ComponentSpec) ApplyToDeployment(deploy *appsv1.Deployment) { deploy.Spec.Template.Spec.Containers[i].Resources = c.Resources } + for k, v := range c.TemplateLabels { + deploy.Spec.Template.Labels[k] = v + } + deploy.Spec.Template.Spec.ImagePullSecrets = c.ImagePullSecrets deploy.Spec.Template.Spec.NodeSelector = c.NodeSelector deploy.Spec.Template.Spec.Tolerations = c.Tolerations diff --git a/apis/meta/v1alpha1/zz_generated.deepcopy.go b/apis/meta/v1alpha1/zz_generated.deepcopy.go index e8a1d0f32..72cbf8a07 100644 --- a/apis/meta/v1alpha1/zz_generated.deepcopy.go +++ b/apis/meta/v1alpha1/zz_generated.deepcopy.go @@ -19,6 +19,13 @@ func (in *ComponentSpec) DeepCopyInto(out *ComponentSpec) { (*out)[key] = val } } + if in.TemplateLabels != nil { + in, out := &in.TemplateLabels, &out.TemplateLabels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } in.ImageSpec.DeepCopyInto(&out.ImageSpec) if in.Replicas != nil { in, out := &in.Replicas, &out.Replicas diff --git a/charts/harbor-operator/README.md b/charts/harbor-operator/README.md index f8cf072bc..6a6f5e0ad 100644 --- a/charts/harbor-operator/README.md +++ b/charts/harbor-operator/README.md @@ -24,6 +24,8 @@ Deploy Harbor Operator | controllers.core.maxReconcile | int | `1` | Max parallel reconciliation for Core controller | | controllers.harbor.maxReconcile | int | `1` | Max parallel reconciliation for Harbor controller | | controllers.harborConfiguration.maxReconcile | int | `1` | Max parallel reconciliation for HarborConfiguration controller | +| controllers.harborProject.maxReconcile | int | `1` | Max parallel reconciliation for HarborProject controller | +| controllers.harborProject.requeueAfterMinutes | int | `5` | How often to reconcile HarborProjects | | controllers.harborcluster.maxReconcile | int | `1` | Max parallel reconciliation for HarborCluster controller | | controllers.jobservice.maxReconcile | int | `1` | Max parallel reconciliation for JobService controller | | controllers.notaryserver.maxReconcile | int | `1` | Max parallel reconciliation for NotaryServer controller | @@ -36,8 +38,9 @@ Deploy Harbor Operator | fullnameOverride | string | `""` | | | harborClass | string | `""` | Class name of the Harbor operator | | image.pullPolicy | string | `"IfNotPresent"` | The image pull policy for the controller. | +| image.registry | string | `"docker.io"` | The image registry whose default is docker.io. | | image.repository | string | `"goharbor/harbor-operator"` | The image repository whose default is the chart appVersion. | -| image.tag | string | `"dev_master"` | The image tag whose default is the chart appVersion. | +| image.tag | string | `"dev"` | The image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Reference to one or more secrets to be used when pulling images For example: `[ {"name":"image-pull-secret"} ]` | | installCRDs | bool | `false` | If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED | | leaderElection.namespace | string | `"kube-system"` | The namespace used to store the ConfigMap for leader election | diff --git a/charts/harbor-operator/templates/NOTES.txt b/charts/harbor-operator/templates/NOTES.txt index cb26dbe48..770670cf1 100644 --- a/charts/harbor-operator/templates/NOTES.txt +++ b/charts/harbor-operator/templates/NOTES.txt @@ -3,4 +3,4 @@ export NS={{ .Release.Namespace }} kubectl get po $POD_NAME -n $NS -2. Apply CRD to create harbor instance, referring to the document: https://github.com/goharbor/harbor-operator/blob/master/docs/CRD/custom-resource-definition.md +2. Apply CRD to create harbor instance, referring to the document: https://github.com/goharbor/harbor-operator/blob/main/docs/CRD/custom-resource-definition.md diff --git a/charts/harbor-operator/templates/clusterrole.yaml b/charts/harbor-operator/templates/clusterrole.yaml index 166ae1c1e..2b80d1f85 100644 --- a/charts/harbor-operator/templates/clusterrole.yaml +++ b/charts/harbor-operator/templates/clusterrole.yaml @@ -394,6 +394,42 @@ rules: - patch - update - watch +- apiGroups: + - goharbor.io + resources: + - harborprojects + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - goharbor.io + resources: + - harborprojects/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - goharbor.io + resources: + - harborprojects/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - goharbor.io resources: diff --git a/charts/harbor-operator/templates/configmap.yaml b/charts/harbor-operator/templates/configmap.yaml index d1a3ece52..971e9a4cb 100644 --- a/charts/harbor-operator/templates/configmap.yaml +++ b/charts/harbor-operator/templates/configmap.yaml @@ -42,6 +42,18 @@ data: value: {{ . | quote }} {{- end}} + harborproject-ctrl.yaml: |- + {{- with .Values.controllers.harborProject.maxReconcile }} + - key: max-reconcile + priority: 200 + value: {{ . | quote }} + {{- end}} + {{- with .Values.controllers.harborProject.requeueAfterMinutes }} + - key: requeue-after-minutes + priority: 200 + value: {{ . | quote }} + {{- end}} + core-ctrl.yaml: |- {{- with .Values.controllers.core.maxReconcile }} - key: max-reconcile diff --git a/charts/harbor-operator/templates/crds.yaml b/charts/harbor-operator/templates/crds.yaml deleted file mode 100644 index f3357e34d..000000000 --- a/charts/harbor-operator/templates/crds.yaml +++ /dev/null @@ -1,23998 +0,0 @@ -{{- /* Code generated by make. DO NOT EDIT. */ -}} -{{- if .Values.installCRDs }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: chartmuseums.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: ChartMuseum - listKind: ChartMuseumList - plural: chartmuseums - singular: chartmuseum - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authentication: - properties: - anonymousGet: - default: false - type: boolean - basicAuthRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - bearer: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - realm: - type: string - service: - type: string - required: - - certificateRef - - realm - - service - type: object - type: object - cache: - properties: - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - type: object - certificateRefs: - items: - type: string - type: array - chart: - properties: - allowOverwrite: - default: true - type: boolean - index: - properties: - parallelLimit: - format: int32 - minimum: 0 - type: integer - storageTimestampTolerance: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - onlySemver2: - default: false - type: boolean - postFormFieldName: - properties: - chart: - default: chart - minLength: 1 - type: string - provenance: - default: prov - minLength: 1 - type: string - type: object - repo: - properties: - depth: - default: 1 - format: int32 - minimum: 0 - type: integer - depthDynamic: - default: false - type: boolean - type: object - storage: - properties: - amazon: - properties: - accessKeyID: - type: string - accessSecretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - bucket: - type: string - endpoint: - type: string - prefix: - type: string - region: - type: string - serverSideEncryption: - type: string - required: - - bucket - type: object - filesystem: - properties: - prefix: - type: string - volumeSource: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - required: - - volumeSource - type: object - maxStorageObject: - format: int64 - minimum: 0 - type: integer - openstack: - properties: - authenticationURL: - type: string - container: - type: string - domain: - type: string - domainID: - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - region: - type: string - tenant: - type: string - tenantID: - type: string - userid: - type: string - username: - type: string - required: - - authenticationURL - - container - type: object - type: object - url: - pattern: https?://.* - type: string - required: - - storage - type: object - disable: - properties: - api: - default: false - type: boolean - delete: - default: false - type: boolean - forceOverwrite: - default: false - type: boolean - metrics: - default: false - type: boolean - statefiles: - default: false - type: boolean - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - properties: - debug: - default: false - type: boolean - health: - default: false - type: boolean - json: - default: false - type: boolean - latencyInteger: - default: true - type: boolean - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - server: - properties: - corsAllowOrigin: - type: string - maxUploadSize: - default: 20971520 - format: int64 - minimum: 0 - type: integer - readTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - writeTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - chart - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authentication: - properties: - anonymousGet: - default: false - type: boolean - basicAuthRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - bearer: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - realm: - type: string - service: - type: string - required: - - certificateRef - - realm - - service - type: object - type: object - cache: - properties: - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - type: object - certificateRefs: - items: - type: string - type: array - chart: - properties: - allowOverwrite: - default: true - type: boolean - index: - properties: - parallelLimit: - format: int32 - minimum: 0 - type: integer - storageTimestampTolerance: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - onlySemver2: - default: false - type: boolean - postFormFieldName: - properties: - chart: - default: chart - minLength: 1 - type: string - provenance: - default: prov - minLength: 1 - type: string - type: object - repo: - properties: - depth: - default: 1 - format: int32 - minimum: 0 - type: integer - depthDynamic: - default: false - type: boolean - type: object - storage: - properties: - amazon: - properties: - accessKeyID: - type: string - accessSecretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - bucket: - type: string - endpoint: - type: string - prefix: - type: string - region: - type: string - serverSideEncryption: - type: string - required: - - bucket - type: object - azure: - properties: - accountkeyRef: - type: string - accountname: - type: string - baseURL: - default: core.windows.net - type: string - container: - type: string - pathPrefix: - default: /azure/harbor/charts - type: string - type: object - filesystem: - properties: - prefix: - type: string - volumeSource: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - required: - - volumeSource - type: object - gcs: - properties: - bucket: - type: string - chunksize: - type: string - keyDataSecretRef: - type: string - pathPrefix: - type: string - required: - - bucket - - keyDataSecretRef - type: object - maxStorageObject: - format: int64 - minimum: 0 - type: integer - openstack: - properties: - authenticationURL: - type: string - container: - type: string - domain: - type: string - domainID: - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - region: - type: string - tenant: - type: string - tenantID: - type: string - userid: - type: string - username: - type: string - required: - - authenticationURL - - container - type: object - oss: - properties: - accessKeyID: - type: string - accessSecretRef: - type: string - bucket: - type: string - endpoint: - type: string - pathPrefix: - type: string - required: - - accessKeyID - - accessSecretRef - - bucket - - endpoint - type: object - type: object - url: - pattern: https?://.* - type: string - required: - - storage - type: object - disable: - properties: - api: - default: false - type: boolean - delete: - default: false - type: boolean - forceOverwrite: - default: false - type: boolean - metrics: - default: false - type: boolean - statefiles: - default: false - type: boolean - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - properties: - debug: - default: false - type: boolean - health: - default: false - type: boolean - json: - default: false - type: boolean - latencyInteger: - default: true - type: boolean - type: object - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - server: - properties: - corsAllowOrigin: - type: string - maxUploadSize: - default: 20971520 - format: int64 - minimum: 0 - type: integer - readTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - writeTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - chart - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: cores.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: Core - listKind: CoreList - plural: cores - singular: core - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - adminInitialPasswordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - authMode: - default: db_auth - enum: - - db_auth - type: string - certificateRefs: - items: - type: string - type: array - components: - properties: - chartRepository: - properties: - absoluteURL: - default: false - type: boolean - cacheDriver: - default: redis - enum: - - redis - type: string - url: - pattern: https?://.+ - type: string - required: - - url - type: object - jobService: - properties: - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - url: - pattern: https?://.+ - type: string - required: - - secretRef - - url - type: object - notaryServer: - properties: - url: - pattern: https?://.+ - type: string - required: - - url - type: object - portal: - properties: - url: - pattern: https?://.+ - type: string - required: - - url - type: object - registry: - properties: - controllerURL: - pattern: https?://.+ - type: string - credentials: - properties: - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - type: string - required: - - passwordRef - - username - type: object - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - storageProviderName: - minLength: 1 - type: string - sync: - default: false - type: boolean - url: - pattern: https?://.+ - type: string - required: - - controllerURL - - credentials - - url - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tokenService: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - url: - pattern: https?://.+ - type: string - required: - - certificateRef - - url - type: object - trivy: - properties: - adapterURL: - pattern: https?://.+ - type: string - url: - pattern: https?://.+ - type: string - required: - - adapterURL - - url - type: object - required: - - jobService - - portal - - registry - - tokenService - type: object - configExpiration: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - csrfKeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - properties: - database: - minLength: 1 - type: string - encryptionKeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - maxIdleConnections: - default: 50 - format: int32 - minimum: 0 - type: integer - maxOpenConnections: - default: 1000 - format: int32 - minimum: 0 - type: integer - parameters: - additionalProperties: - type: string - type: object - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - minLength: 1 - type: string - required: - - encryptionKeyRef - type: object - externalEndpoint: - pattern: https?://.+ - type: string - http: - properties: - enableGzip: - default: true - type: boolean - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - properties: - level: - default: info - enum: - - debug - - info - - warn - - error - type: string - type: object - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - proxy: - properties: - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - publicCertificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - idleTimeout: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - adminInitialPasswordRef - - components - - csrfKeyRef - - database - - externalEndpoint - - redis - - secretRef - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - adminInitialPasswordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - authMode: - default: db_auth - enum: - - db_auth - type: string - certificateRefs: - items: - type: string - type: array - components: - properties: - chartRepository: - properties: - absoluteURL: - default: false - type: boolean - cacheDriver: - default: redis - enum: - - redis - type: string - url: - pattern: https?://.+ - type: string - required: - - url - type: object - jobService: - properties: - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - url: - pattern: https?://.+ - type: string - required: - - secretRef - - url - type: object - notaryServer: - properties: - url: - pattern: https?://.+ - type: string - required: - - url - type: object - portal: - properties: - url: - pattern: https?://.+ - type: string - required: - - url - type: object - registry: - properties: - controllerURL: - pattern: https?://.+ - type: string - credentials: - properties: - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - type: string - required: - - passwordRef - - username - type: object - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - storageProviderName: - minLength: 1 - type: string - sync: - default: false - type: boolean - url: - pattern: https?://.+ - type: string - required: - - controllerURL - - credentials - - url - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tokenService: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - url: - pattern: https?://.+ - type: string - required: - - certificateRef - - url - type: object - trivy: - properties: - adapterURL: - pattern: https?://.+ - type: string - url: - pattern: https?://.+ - type: string - required: - - adapterURL - - url - type: object - required: - - jobService - - portal - - registry - - tokenService - type: object - configExpiration: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - csrfKeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - properties: - database: - minLength: 1 - type: string - encryptionKeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - maxIdleConnections: - default: 50 - format: int32 - minimum: 0 - type: integer - maxOpenConnections: - default: 1000 - format: int32 - minimum: 0 - type: integer - parameters: - additionalProperties: - type: string - type: object - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - minLength: 1 - type: string - required: - - encryptionKeyRef - type: object - externalEndpoint: - pattern: https?://.+ - type: string - http: - properties: - enableGzip: - default: true - type: boolean - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - properties: - level: - default: info - enum: - - debug - - info - - warn - - error - type: string - type: object - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - proxy: - properties: - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - publicCertificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - idleTimeout: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - trace: - properties: - attributes: - additionalProperties: - type: string - type: object - enabled: - default: false - type: boolean - jaeger: - properties: - agent: - properties: - host: - type: string - port: - type: integer - type: object - collector: - properties: - endpoint: - type: string - passwordRef: - type: string - username: - type: string - required: - - endpoint - type: object - mode: - enum: - - collector - - agent - type: string - required: - - mode - type: object - namespace: - type: string - otel: - properties: - compression: - type: boolean - endpoint: - type: string - insecure: - type: boolean - timeout: - default: 10s - type: string - urlPath: - type: string - required: - - endpoint - - urlPath - type: object - provider: - enum: - - jaeger - - otel - type: string - sampleRate: - default: 1 - type: integer - required: - - provider - type: object - required: - - adminInitialPasswordRef - - components - - csrfKeyRef - - database - - externalEndpoint - - redis - - secretRef - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: exporters.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: Exporter - listKind: ExporterList - plural: exporters - singular: exporter - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - cache: - properties: - cleanInterval: - default: 4h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - duration: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - type: object - core: - properties: - url: - pattern: https?://.+ - type: string - required: - - url - type: object - database: - properties: - database: - minLength: 1 - type: string - encryptionKeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - maxIdleConnections: - default: 50 - format: int32 - minimum: 0 - type: integer - maxOpenConnections: - default: 1000 - format: int32 - minimum: 0 - type: integer - parameters: - additionalProperties: - type: string - type: object - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - minLength: 1 - type: string - required: - - encryptionKeyRef - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - properties: - level: - default: info - enum: - - debug - - info - - warning - - error - - panic - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - core - - database - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - cache: - properties: - cleanInterval: - default: 4h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - duration: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - type: object - core: - properties: - url: - pattern: https?://.+ - type: string - required: - - url - type: object - database: - properties: - database: - minLength: 1 - type: string - encryptionKeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - maxIdleConnections: - default: 50 - format: int32 - minimum: 0 - type: integer - maxOpenConnections: - default: 1000 - format: int32 - minimum: 0 - type: integer - parameters: - additionalProperties: - type: string - type: object - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - minLength: 1 - type: string - required: - - encryptionKeyRef - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - jobservice: - properties: - redisPool: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - idleTimeout: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - namespace: - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - type: object - log: - properties: - level: - default: info - enum: - - debug - - info - - warning - - error - - panic - type: string - type: object - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - core - - database - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: harborclusters.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - kind: HarborCluster - listKind: HarborClusterList - plural: harborclusters - singular: harborcluster - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The public URL to the Harbor application - jsonPath: .spec.externalURL - name: Public URL - type: string - - description: The version to the Harbor application - jsonPath: .spec.version - name: Version - type: string - - description: The overall status of the Harbor cluster - jsonPath: .status.status - name: Status - type: string - - description: 'The operator version ' - jsonPath: .status.operator.controllerVersion - name: Operator Version - priority: 30 - type: string - - description: The operator git commit - jsonPath: .status.operator.controllerGitCommit - name: Operator Git Commit - priority: 30 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - chartmuseum: - properties: - absoluteUrl: - default: false - type: boolean - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - core: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tokenIssuer: - properties: - group: - type: string - kind: - type: string - name: - type: string - required: - - name - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - database: - properties: - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - sslMode: - enum: - - disable - - allow - - prefer - - require - - verify-ca - - verify-full - type: string - username: - minLength: 1 - type: string - required: - - hosts - type: object - exporter: - properties: - cache: - properties: - cleanInterval: - default: 4h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - duration: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - expose: - properties: - core: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - notary: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - required: - - core - type: object - externalURL: - pattern: https?://.* - type: string - harborAdminPasswordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - imageChartStorage: - properties: - filesystem: - properties: - chartPersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - registryPersistentVolume: - properties: - claimName: - type: string - maxthreads: - default: 100 - format: int32 - minimum: 25 - type: integer - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - required: - - registryPersistentVolume - type: object - redirect: - properties: - disable: - default: false - type: boolean - type: object - s3: - properties: - accesskey: - type: string - bucket: - type: string - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - encrypt: - default: false - type: boolean - keyid: - type: string - region: - type: string - regionendpoint: - type: string - rootdirectory: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - secure: - default: true - type: boolean - skipverify: - default: false - type: boolean - storageclass: - default: STANDARD - type: string - v4auth: - default: true - type: boolean - required: - - bucket - - region - type: object - swift: - properties: - accesskey: - type: string - authurl: - type: string - authversion: - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - container: - type: string - domain: - type: string - domainID: - type: string - endpointtype: - default: public - enum: - - public - - internal - - admin - type: string - insecureskipverify: - default: false - type: boolean - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - region: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - tenant: - type: string - tenantID: - type: string - trustid: - type: string - username: - type: string - required: - - authurl - - container - type: object - type: object - imageSource: - properties: - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - repository: - type: string - tagSuffix: - type: string - type: object - inClusterCache: - properties: - kind: - enum: - - Redis - type: string - redisSpec: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - sentinel: - properties: - replicas: - default: 1 - type: integer - type: object - server: - properties: - replicas: - default: 1 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - storage: - type: string - storageClassName: - type: string - type: object - type: object - required: - - kind - - redisSpec - type: object - inClusterDatabase: - properties: - kind: - enum: - - PostgresSQL - type: string - postgresSqlSpec: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - replicas: - minimum: 1 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - storage: - type: string - storageClassName: - type: string - type: object - required: - - kind - - postgresSqlSpec - type: object - inClusterStorage: - properties: - kind: - enum: - - MinIO - type: string - minIOSpec: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - mc: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - type: object - redirect: - properties: - enable: - default: true - type: boolean - expose: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - required: - - enable - type: object - replicas: - format: int32 - minimum: 1 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - volumeClaimTemplate: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - status: - properties: - accessModes: - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - conditions: - items: - properties: - lastProbeTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - phase: - type: string - resizeStatus: - type: string - type: object - type: object - volumesPerServer: - format: int32 - minimum: 1 - type: integer - required: - - redirect - - replicas - - volumesPerServer - type: object - required: - - kind - type: object - internalTLS: - properties: - enabled: - default: false - type: boolean - type: object - jobservice: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - workerCount: - default: 10 - format: int32 - minimum: 1 - type: integer - type: object - logLevel: - default: info - enum: - - debug - - info - - warning - - error - - fatal - type: string - notary: - properties: - migrationEnabled: - default: true - type: boolean - server: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - signer: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - type: object - portal: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - proxy: - properties: - components: - default: - - core - - jobservice - - trivy - items: - type: string - type: array - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - host: - minLength: 1 - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - registry: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - relativeURLs: - default: true - type: boolean - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storageMiddlewares: - items: - properties: - name: - type: string - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - name - type: object - type: array - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - registryctl: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - trivy: - properties: - certificateRefs: - items: - type: string - type: array - githubTokenRef: - type: string - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - skipUpdate: - default: false - type: boolean - storage: - properties: - cachePersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - reportsPersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - storage - type: object - updateStrategyType: - default: RollingUpdate - type: string - version: - pattern: '[0-9]+\.[0-9]+\.[0-9]+' - type: string - required: - - expose - - externalURL - - harborAdminPasswordRef - - version - type: object - status: - properties: - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - revision: - format: int64 - type: integer - status: - type: string - required: - - revision - - status - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The public URL to the Harbor application - jsonPath: .spec.externalURL - name: Public URL - type: string - - description: The overall status of the Harbor cluster - jsonPath: .status.status - name: Status - type: string - - description: 'The operator version ' - jsonPath: .status.operator.controllerVersion - name: Operator Version - priority: 30 - type: string - - description: The operator git commit - jsonPath: .status.operator.controllerGitCommit - name: Operator Git Commit - priority: 30 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - cache: - properties: - kind: - enum: - - Redis - - RedisFailover - type: string - spec: - properties: - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - host: - minLength: 1 - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - redisFailover: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - operatorVersion: - type: string - sentinel: - properties: - replicas: - default: 1 - type: integer - type: object - server: - properties: - replicas: - default: 1 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - storage: - type: string - storageClassName: - type: string - type: object - required: - - operatorVersion - type: object - type: object - required: - - kind - - spec - type: object - chartmuseum: - properties: - absoluteUrl: - default: false - type: boolean - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - core: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tokenIssuer: - properties: - group: - type: string - kind: - type: string - name: - type: string - required: - - name - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - tokenIssuer - type: object - database: - properties: - kind: - enum: - - PostgreSQL - - Zlando/PostgreSQL - type: string - spec: - properties: - postgresql: - properties: - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - sslMode: - enum: - - disable - - allow - - prefer - - require - - verify-ca - - verify-full - type: string - username: - minLength: 1 - type: string - required: - - hosts - type: object - zlandoPostgreSql: - properties: - connectTimeout: - type: integer - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - operatorVersion: - type: string - replicas: - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - sslConfig: - type: string - storage: - type: string - storageClassName: - type: string - required: - - operatorVersion - type: object - type: object - required: - - kind - - spec - type: object - exporter: - properties: - cache: - properties: - cleanInterval: - default: 4h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - duration: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - expose: - properties: - core: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - ingressClassName: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - notary: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - ingressClassName: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - required: - - core - type: object - externalURL: - pattern: https?://.* - type: string - harborAdminPasswordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - imageSource: - properties: - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - repository: - type: string - tagSuffix: - type: string - type: object - internalTLS: - properties: - enabled: - default: false - type: boolean - type: object - jobservice: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storage: - properties: - scanDataExportsPersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - workerCount: - default: 10 - format: int32 - minimum: 1 - type: integer - type: object - logLevel: - default: info - enum: - - debug - - info - - warning - - error - - fatal - type: string - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - notary: - properties: - migrationEnabled: - default: true - type: boolean - server: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - signer: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - type: object - portal: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - proxy: - properties: - components: - default: - - core - - jobservice - - trivy - items: - type: string - type: array - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - registry: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - relativeURLs: - default: true - type: boolean - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storageMiddlewares: - items: - properties: - name: - type: string - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - name - type: object - type: array - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - registryctl: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - storage: - properties: - kind: - enum: - - MinIO - - S3 - - Swift - - FileSystem - - Azure - - Gcs - - Oss - type: string - spec: - properties: - azure: - properties: - accountkeyRef: - type: string - accountname: - type: string - baseURL: - default: core.windows.net - type: string - container: - type: string - pathPrefix: - default: /azure/harbor/charts - type: string - type: object - fileSystem: - properties: - chartPersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - registryPersistentVolume: - properties: - claimName: - type: string - maxthreads: - default: 100 - format: int32 - minimum: 25 - type: integer - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - required: - - registryPersistentVolume - type: object - gcs: - properties: - bucket: - type: string - chunkSize: - type: string - keyDataRef: - type: string - pathPrefix: - type: string - type: object - minIO: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - mc: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - type: object - operatorVersion: - default: 4.0.6 - type: string - redirect: - properties: - enable: - default: true - type: boolean - expose: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - ingressClassName: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - required: - - enable - type: object - replicas: - format: int32 - minimum: 1 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - volumeClaimTemplate: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - status: - properties: - accessModes: - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - conditions: - items: - properties: - lastProbeTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - phase: - type: string - resizeStatus: - type: string - type: object - type: object - volumesPerServer: - format: int32 - minimum: 1 - type: integer - required: - - operatorVersion - - replicas - - volumesPerServer - type: object - oss: - properties: - accessKeyID: - type: string - accessSecretRef: - type: string - bucket: - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - encrypt: - default: false - type: boolean - endpoint: - type: string - internal: - default: false - type: boolean - pathPrefix: - type: string - region: - pattern: oss-.* - type: string - secure: - default: true - type: boolean - required: - - accessKeyID - - accessSecretRef - - bucket - - region - type: object - redirect: - properties: - enable: - default: true - type: boolean - expose: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - ingressClassName: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - required: - - enable - type: object - s3: - properties: - accesskey: - type: string - bucket: - type: string - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - encrypt: - default: false - type: boolean - keyid: - type: string - multipartcopychunksize: - format: int64 - type: integer - multipartcopymaxconcurrency: - format: int64 - type: integer - multipartcopythresholdsize: - format: int64 - type: integer - region: - type: string - regionendpoint: - type: string - rootdirectory: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - secure: - default: true - type: boolean - skipverify: - default: false - type: boolean - storageclass: - default: STANDARD - type: string - v4auth: - default: true - type: boolean - required: - - bucket - - region - type: object - swift: - properties: - accesskey: - type: string - authurl: - type: string - authversion: - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - container: - type: string - domain: - type: string - domainID: - type: string - endpointtype: - default: public - enum: - - public - - internal - - admin - type: string - insecureskipverify: - default: false - type: boolean - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - region: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - tenant: - type: string - tenantID: - type: string - trustid: - type: string - username: - type: string - required: - - authurl - - container - type: object - type: object - required: - - kind - - spec - type: object - trace: - properties: - attributes: - additionalProperties: - type: string - type: object - enabled: - default: false - type: boolean - jaeger: - properties: - agent: - properties: - host: - type: string - port: - type: integer - type: object - collector: - properties: - endpoint: - type: string - passwordRef: - type: string - username: - type: string - required: - - endpoint - type: object - mode: - enum: - - collector - - agent - type: string - required: - - mode - type: object - namespace: - type: string - otel: - properties: - compression: - type: boolean - endpoint: - type: string - insecure: - type: boolean - timeout: - default: 10s - type: string - urlPath: - type: string - required: - - endpoint - - urlPath - type: object - provider: - enum: - - jaeger - - otel - type: string - sampleRate: - default: 1 - type: integer - required: - - provider - type: object - trivy: - properties: - certificateRefs: - items: - type: string - type: array - githubTokenRef: - type: string - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - offlineScan: - default: false - type: boolean - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - skipUpdate: - default: false - type: boolean - storage: - properties: - cachePersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - reportsPersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - storage - type: object - updateStrategyType: - default: RollingUpdate - type: string - version: - pattern: '[0-9]+\.[0-9]+\.[0-9]+' - type: string - required: - - cache - - database - - expose - - externalURL - - harborAdminPasswordRef - - storage - - version - type: object - status: - properties: - conditions: - items: - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - revision: - format: int64 - type: integer - status: - type: string - required: - - revision - - status - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: harborconfigurations.goharbor.io -spec: - group: goharbor.io - names: - categories: - - goharbor - kind: HarborConfiguration - listKind: HarborConfigurationList - plural: harborconfigurations - shortNames: - - hc - singular: harborconfiguration - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: HarborCluster name - jsonPath: .spec.harborClusterRef - name: HarborCluster - type: string - - description: HarborConfiguration status - jsonPath: .status.status - name: Status - type: string - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - configuration: - properties: - authMode: - type: string - emailFrom: - type: string - emailHost: - type: string - emailIdentity: - type: string - emailInsecure: - type: boolean - emailPassword: - type: string - emailPort: - type: integer - emailSsl: - type: boolean - emailUsername: - type: string - httpAuthproxyAdminGroups: - type: string - httpAuthproxyAdminUsernames: - type: string - httpAuthproxyEndpoint: - type: string - httpAuthproxyServerCertificate: - type: boolean - httpAuthproxySkipSearch: - type: boolean - httpAuthproxyTokenreviewEndpoint: - type: string - httpAuthproxyVerifyCert: - type: boolean - ldapBaseDn: - type: string - ldapFilter: - type: string - ldapGroupAdminDn: - type: string - ldapGroupAttributeName: - type: string - ldapGroupBaseDn: - type: string - ldapGroupMembershipAttribute: - type: string - ldapGroupSearchFilter: - type: string - ldapGroupSearchScope: - type: integer - ldapScope: - type: integer - ldapSearchDn: - type: string - ldapSearchPassword: - type: string - ldapTimeout: - type: integer - ldapUid: - type: string - ldapUrl: - type: string - ldapVerifyCert: - type: boolean - notificationEnable: - type: boolean - oidcAdminGroup: - type: string - oidcAutoOnboard: - type: boolean - oidcClientId: - type: string - oidcClientSecret: - type: string - oidcEndpoint: - type: string - oidcExtraRedirectParms: - type: string - oidcGroupsClaim: - type: string - oidcName: - type: string - oidcScope: - type: string - oidcUserClaim: - type: string - oidcVerifyCert: - type: boolean - projectCreationRestriction: - type: string - quotaPerProjectEnable: - type: boolean - readOnly: - type: boolean - robotNamePrefix: - type: string - robotTokenDuration: - type: integer - selfRegistration: - type: boolean - storagePerProject: - type: integer - tokenExpiration: - type: integer - uaaClientId: - type: string - uaaClientSecret: - type: string - uaaEndpoint: - type: string - uaaVerifyCert: - type: boolean - type: object - harborClusterRef: - type: string - type: object - status: - properties: - lastApplyTime: - format: date-time - type: string - lastConfiguration: - properties: - configuration: - properties: - authMode: - type: string - emailFrom: - type: string - emailHost: - type: string - emailIdentity: - type: string - emailInsecure: - type: boolean - emailPassword: - type: string - emailPort: - type: integer - emailSsl: - type: boolean - emailUsername: - type: string - httpAuthproxyAdminGroups: - type: string - httpAuthproxyAdminUsernames: - type: string - httpAuthproxyEndpoint: - type: string - httpAuthproxyServerCertificate: - type: boolean - httpAuthproxySkipSearch: - type: boolean - httpAuthproxyTokenreviewEndpoint: - type: string - httpAuthproxyVerifyCert: - type: boolean - ldapBaseDn: - type: string - ldapFilter: - type: string - ldapGroupAdminDn: - type: string - ldapGroupAttributeName: - type: string - ldapGroupBaseDn: - type: string - ldapGroupMembershipAttribute: - type: string - ldapGroupSearchFilter: - type: string - ldapGroupSearchScope: - type: integer - ldapScope: - type: integer - ldapSearchDn: - type: string - ldapSearchPassword: - type: string - ldapTimeout: - type: integer - ldapUid: - type: string - ldapUrl: - type: string - ldapVerifyCert: - type: boolean - notificationEnable: - type: boolean - oidcAdminGroup: - type: string - oidcAutoOnboard: - type: boolean - oidcClientId: - type: string - oidcClientSecret: - type: string - oidcEndpoint: - type: string - oidcExtraRedirectParms: - type: string - oidcGroupsClaim: - type: string - oidcName: - type: string - oidcScope: - type: string - oidcUserClaim: - type: string - oidcVerifyCert: - type: boolean - projectCreationRestriction: - type: string - quotaPerProjectEnable: - type: boolean - readOnly: - type: boolean - robotNamePrefix: - type: string - robotTokenDuration: - type: integer - selfRegistration: - type: boolean - storagePerProject: - type: integer - tokenExpiration: - type: integer - uaaClientId: - type: string - uaaClientSecret: - type: string - uaaEndpoint: - type: string - uaaVerifyCert: - type: boolean - type: object - harborClusterRef: - type: string - type: object - message: - type: string - reason: - type: string - status: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: harbors.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: Harbor - listKind: HarborList - plural: harbors - shortNames: - - h - singular: harbor - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The public URL to the Harbor application - jsonPath: .spec.externalURL - name: Public URL - priority: 5 - type: string - - description: The version to the Harbor application - jsonPath: .spec.version - name: Version - priority: 5 - type: string - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - chartmuseum: - properties: - absoluteUrl: - default: false - type: boolean - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - core: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tokenIssuer: - properties: - group: - type: string - kind: - type: string - name: - type: string - required: - - name - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - database: - properties: - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - sslMode: - enum: - - disable - - allow - - prefer - - require - - verify-ca - - verify-full - type: string - username: - minLength: 1 - type: string - required: - - hosts - type: object - exporter: - properties: - cache: - properties: - cleanInterval: - default: 4h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - duration: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - expose: - properties: - core: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - notary: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - required: - - core - type: object - externalURL: - pattern: https?://.* - type: string - harborAdminPasswordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - imageChartStorage: - properties: - filesystem: - properties: - chartPersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - registryPersistentVolume: - properties: - claimName: - type: string - maxthreads: - default: 100 - format: int32 - minimum: 25 - type: integer - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - required: - - registryPersistentVolume - type: object - redirect: - properties: - disable: - default: false - type: boolean - type: object - s3: - properties: - accesskey: - type: string - bucket: - type: string - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - encrypt: - default: false - type: boolean - keyid: - type: string - region: - type: string - regionendpoint: - type: string - rootdirectory: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - secure: - default: true - type: boolean - skipverify: - default: false - type: boolean - storageclass: - default: STANDARD - type: string - v4auth: - default: true - type: boolean - required: - - bucket - - region - type: object - swift: - properties: - accesskey: - type: string - authurl: - type: string - authversion: - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - container: - type: string - domain: - type: string - domainID: - type: string - endpointtype: - default: public - enum: - - public - - internal - - admin - type: string - insecureskipverify: - default: false - type: boolean - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - region: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - tenant: - type: string - tenantID: - type: string - trustid: - type: string - username: - type: string - required: - - authurl - - container - type: object - type: object - imageSource: - properties: - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - repository: - type: string - tagSuffix: - type: string - type: object - internalTLS: - properties: - enabled: - default: false - type: boolean - type: object - jobservice: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - workerCount: - default: 10 - format: int32 - minimum: 1 - type: integer - type: object - logLevel: - default: info - enum: - - debug - - info - - warning - - error - - fatal - type: string - notary: - properties: - migrationEnabled: - default: true - type: boolean - server: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - signer: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - type: object - portal: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - proxy: - properties: - components: - default: - - core - - jobservice - - trivy - items: - type: string - type: array - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - host: - minLength: 1 - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - registry: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - relativeURLs: - default: true - type: boolean - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storageMiddlewares: - items: - properties: - name: - type: string - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - name - type: object - type: array - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - registryctl: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - trivy: - properties: - certificateRefs: - items: - type: string - type: array - githubTokenRef: - type: string - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - skipUpdate: - default: false - type: boolean - storage: - properties: - cachePersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - reportsPersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - storage - type: object - updateStrategyType: - default: RollingUpdate - type: string - version: - pattern: '[0-9]+\.[0-9]+\.[0-9]+' - type: string - required: - - expose - - externalURL - - harborAdminPasswordRef - - version - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: The public URL to the Harbor application - jsonPath: .spec.externalURL - name: Public URL - priority: 5 - type: string - - description: The version to the Harbor application - jsonPath: .spec.version - name: Version - priority: 5 - type: string - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - chartmuseum: - properties: - absoluteUrl: - default: false - type: boolean - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - core: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tokenIssuer: - properties: - group: - type: string - kind: - type: string - name: - type: string - required: - - name - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - tokenIssuer - type: object - database: - properties: - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - sslMode: - enum: - - disable - - allow - - prefer - - require - - verify-ca - - verify-full - type: string - username: - minLength: 1 - type: string - required: - - hosts - type: object - exporter: - properties: - cache: - properties: - cleanInterval: - default: 4h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - duration: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)? - type: string - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - expose: - properties: - core: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - ingressClassName: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - notary: - properties: - ingress: - properties: - annotations: - additionalProperties: - type: string - type: object - controller: - default: default - enum: - - default - - gce - - ncp - - contour - type: string - host: - type: string - ingressClassName: - type: string - required: - - host - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - required: - - core - type: object - externalURL: - pattern: https?://.* - type: string - harborAdminPasswordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - imageChartStorage: - properties: - azure: - properties: - accountkeyRef: - type: string - accountname: - type: string - baseURL: - default: core.windows.net - type: string - container: - type: string - pathPrefix: - default: /azure/harbor/charts - type: string - type: object - filesystem: - properties: - chartPersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - registryPersistentVolume: - properties: - claimName: - type: string - maxthreads: - default: 100 - format: int32 - minimum: 25 - type: integer - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - required: - - registryPersistentVolume - type: object - gcs: - properties: - bucket: - type: string - chunkSize: - type: string - keyDataRef: - type: string - pathPrefix: - type: string - type: object - oss: - properties: - accessKeyID: - type: string - accessSecretRef: - type: string - bucket: - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - encrypt: - default: false - type: boolean - endpoint: - type: string - internal: - default: false - type: boolean - pathPrefix: - type: string - region: - pattern: oss-.* - type: string - secure: - default: true - type: boolean - required: - - accessKeyID - - accessSecretRef - - bucket - - region - type: object - redirect: - properties: - disable: - default: false - type: boolean - type: object - s3: - properties: - accesskey: - type: string - bucket: - type: string - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - encrypt: - default: false - type: boolean - keyid: - type: string - multipartcopychunksize: - format: int64 - type: integer - multipartcopymaxconcurrency: - format: int64 - type: integer - multipartcopythresholdsize: - format: int64 - type: integer - region: - type: string - regionendpoint: - type: string - rootdirectory: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - secure: - default: true - type: boolean - skipverify: - default: false - type: boolean - storageclass: - default: STANDARD - type: string - v4auth: - default: true - type: boolean - required: - - bucket - - region - type: object - swift: - properties: - accesskey: - type: string - authurl: - type: string - authversion: - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - container: - type: string - domain: - type: string - domainID: - type: string - endpointtype: - default: public - enum: - - public - - internal - - admin - type: string - insecureskipverify: - default: false - type: boolean - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - region: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - tenant: - type: string - tenantID: - type: string - trustid: - type: string - username: - type: string - required: - - authurl - - container - type: object - type: object - imageSource: - properties: - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - repository: - type: string - tagSuffix: - type: string - type: object - internalTLS: - properties: - enabled: - default: false - type: boolean - type: object - jobservice: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storage: - properties: - scanDataExportsPersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - workerCount: - default: 10 - format: int32 - minimum: 1 - type: integer - type: object - logLevel: - default: info - enum: - - debug - - info - - warning - - error - - fatal - type: string - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - notary: - properties: - migrationEnabled: - default: true - type: boolean - server: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - signer: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - type: object - portal: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - proxy: - properties: - components: - default: - - core - - jobservice - - trivy - items: - type: string - type: array - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - host: - minLength: 1 - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - registry: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - nodeSelector: - additionalProperties: - type: string - type: object - relativeURLs: - default: true - type: boolean - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storageMiddlewares: - items: - properties: - name: - type: string - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - name - type: object - type: array - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - registryctl: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - trace: - properties: - attributes: - additionalProperties: - type: string - type: object - enabled: - default: false - type: boolean - jaeger: - properties: - agent: - properties: - host: - type: string - port: - type: integer - type: object - collector: - properties: - endpoint: - type: string - passwordRef: - type: string - username: - type: string - required: - - endpoint - type: object - mode: - enum: - - collector - - agent - type: string - required: - - mode - type: object - namespace: - type: string - otel: - properties: - compression: - type: boolean - endpoint: - type: string - insecure: - type: boolean - timeout: - default: 10s - type: string - urlPath: - type: string - required: - - endpoint - - urlPath - type: object - provider: - enum: - - jaeger - - otel - type: string - sampleRate: - default: 1 - type: integer - required: - - provider - type: object - trivy: - properties: - certificateRefs: - items: - type: string - type: array - githubTokenRef: - type: string - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - nodeSelector: - additionalProperties: - type: string - type: object - offlineScan: - default: false - type: boolean - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - skipUpdate: - default: false - type: boolean - storage: - properties: - cachePersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - reportsPersistentVolume: - properties: - claimName: - type: string - prefix: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - storage - type: object - updateStrategyType: - default: RollingUpdate - type: string - version: - pattern: '[0-9]+\.[0-9]+\.[0-9]+' - type: string - required: - - database - - expose - - externalURL - - harborAdminPasswordRef - - imageChartStorage - - redis - - version - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: harborserverconfigurations.goharbor.io -spec: - group: goharbor.io - names: - categories: - - goharbor - kind: HarborServerConfiguration - listKind: HarborServerConfigurationList - plural: harborserverconfigurations - shortNames: - - hsc - singular: harborserverconfiguration - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The public URL to the Harbor server - jsonPath: .spec.serverURL - name: Harbor Server - type: string - - description: The status of the Harbor server - jsonPath: .status.status - name: Status - type: string - - description: The version of the Harbor server - jsonPath: .spec.version - name: Version - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - accessCredential: - properties: - accessSecretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - namespace: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - accessSecretRef - - namespace - type: object - default: - type: boolean - insecure: - type: boolean - namespaceSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - rules: - items: - type: string - type: array - serverURL: - pattern: (?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|^https?://(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)+([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9]) - type: string - version: - pattern: (0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))? - type: string - required: - - accessCredential - - serverURL - - version - type: object - status: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: jobservices.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: JobService - listKind: JobServiceList - plural: jobservices - singular: jobservice - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - certificateRefs: - items: - type: string - type: array - core: - properties: - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - url: - pattern: https?://.+ - type: string - required: - - secretRef - - url - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - jobLoggers: - default: - files: - - level: INFO - sweeper: 720h - volume: - emptyDir: - sizeLimit: 100Mi - stdout: - level: INFO - properties: - database: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - sweeper: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - files: - items: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - sweeper: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - volume: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - type: object - nullable: true - type: array - stdout: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - type: object - type: object - loggers: - default: - stdout: - level: INFO - properties: - database: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - sweeper: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - files: - items: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - sweeper: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - volume: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - type: object - nullable: true - type: array - stdout: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - type: object - type: object - nodeSelector: - additionalProperties: - type: string - type: object - proxy: - properties: - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - registry: - properties: - controllerURL: - pattern: https?://.+ - type: string - credentials: - properties: - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - type: string - required: - - passwordRef - - username - type: object - url: - pattern: https?://.+ - type: string - required: - - controllerURL - - credentials - - url - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tokenService: - properties: - url: - pattern: https?://.+ - type: string - required: - - url - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - workerPool: - properties: - backend: - default: redis - enum: - - redis - minLength: 1 - type: string - redisPool: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - idleTimeout: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - namespace: - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - workers: - default: 10 - format: int32 - minimum: 1 - type: integer - type: object - required: - - core - - registry - - secretRef - - tokenService - - workerPool - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - certificateRefs: - items: - type: string - type: array - core: - properties: - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - url: - pattern: https?://.+ - type: string - required: - - secretRef - - url - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - jobLoggers: - default: - files: - - level: INFO - sweeper: 720h - volume: - emptyDir: - sizeLimit: 100Mi - stdout: - level: INFO - properties: - database: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - sweeper: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - files: - items: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - sweeper: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - volume: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - type: object - nullable: true - type: array - stdout: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - type: object - type: object - loggers: - default: - stdout: - level: INFO - properties: - database: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - sweeper: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - files: - items: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - sweeper: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - volume: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - type: object - nullable: true - type: array - stdout: - properties: - level: - default: INFO - enum: - - DEBUG - - INFO - - WARNING - - ERROR - - FATAL - type: string - type: object - type: object - metrics: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - pattern: /.+ - type: string - port: - default: 8001 - format: int32 - minimum: 1 - type: integer - type: object - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - proxy: - properties: - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - registry: - properties: - controllerURL: - pattern: https?://.+ - type: string - credentials: - properties: - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - type: string - required: - - passwordRef - - username - type: object - url: - pattern: https?://.+ - type: string - required: - - controllerURL - - credentials - - url - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - serviceAccountName: - type: string - storage: - properties: - scanDataExports: - properties: - prefix: - type: string - volumeSource: - default: - emptyDir: - sizeLimit: 1Gi - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - type: object - required: - - scanDataExports - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tokenService: - properties: - url: - pattern: https?://.+ - type: string - required: - - url - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - trace: - properties: - attributes: - additionalProperties: - type: string - type: object - enabled: - default: false - type: boolean - jaeger: - properties: - agent: - properties: - host: - type: string - port: - type: integer - type: object - collector: - properties: - endpoint: - type: string - passwordRef: - type: string - username: - type: string - required: - - endpoint - type: object - mode: - enum: - - collector - - agent - type: string - required: - - mode - type: object - namespace: - type: string - otel: - properties: - compression: - type: boolean - endpoint: - type: string - insecure: - type: boolean - timeout: - default: 10s - type: string - urlPath: - type: string - required: - - endpoint - - urlPath - type: object - provider: - enum: - - jaeger - - otel - type: string - sampleRate: - default: 1 - type: integer - required: - - provider - type: object - updateStrategyType: - default: RollingUpdate - type: string - workerPool: - properties: - backend: - default: redis - enum: - - redis - minLength: 1 - type: string - redisPool: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - idleTimeout: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - namespace: - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - workers: - default: 10 - format: int32 - minimum: 1 - type: integer - type: object - required: - - core - - registry - - secretRef - - tokenService - - workerPool - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: notaryservers.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: NotaryServer - listKind: NotaryServerList - plural: notaryservers - singular: notaryserver - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authentication: - properties: - token: - properties: - autoredirect: - default: true - type: boolean - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - issuer: - type: string - realm: - type: string - service: - type: string - required: - - certificateRef - - issuer - - realm - - service - type: object - required: - - token - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - logging: - properties: - level: - default: info - enum: - - debug - - info - - warning - - error - - fatal - - panic - type: string - type: object - migrationEnabled: - type: boolean - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storage: - properties: - postgres: - properties: - database: - minLength: 1 - type: string - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - parameters: - additionalProperties: - type: string - type: object - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - minLength: 1 - type: string - type: object - required: - - postgres - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - trustService: - properties: - remote: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - host: - type: string - keyAlgorithm: - default: ecdsa - enum: - - ecdsa - - rsa - - ed25519 - type: string - port: - default: 443 - exclusiveMinimum: true - format: int64 - minimum: 0 - type: integer - required: - - host - type: object - type: object - required: - - trustService - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authentication: - properties: - token: - properties: - autoredirect: - default: true - type: boolean - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - issuer: - type: string - realm: - type: string - service: - type: string - required: - - certificateRef - - issuer - - realm - - service - type: object - required: - - token - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - logging: - properties: - level: - default: info - enum: - - debug - - info - - warning - - error - - fatal - - panic - type: string - type: object - migrationEnabled: - type: boolean - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storage: - properties: - postgres: - properties: - database: - minLength: 1 - type: string - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - parameters: - additionalProperties: - type: string - type: object - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - minLength: 1 - type: string - type: object - required: - - postgres - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - trustService: - properties: - remote: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - host: - type: string - keyAlgorithm: - default: ecdsa - enum: - - ecdsa - - rsa - - ed25519 - type: string - port: - default: 443 - exclusiveMinimum: true - format: int64 - minimum: 0 - type: integer - required: - - host - type: object - type: object - required: - - trustService - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: notarysigners.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: NotarySigner - listKind: NotarySignerList - plural: notarysigners - singular: notarysigner - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authentatication: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - certificateRef - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - logging: - properties: - level: - default: info - enum: - - debug - - info - - warning - - error - - fatal - - panic - type: string - type: object - migrationEnabled: - type: boolean - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storage: - properties: - aliasesRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - postgres: - properties: - database: - minLength: 1 - type: string - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - parameters: - additionalProperties: - type: string - type: object - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - minLength: 1 - type: string - type: object - required: - - aliasesRef - - postgres - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - authentatication - - storage - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authentatication: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - certificateRef - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - logging: - properties: - level: - default: info - enum: - - debug - - info - - warning - - error - - fatal - - panic - type: string - type: object - migrationEnabled: - type: boolean - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storage: - properties: - aliasesRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - postgres: - properties: - database: - minLength: 1 - type: string - hosts: - items: - properties: - host: - minLength: 1 - type: string - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - required: - - host - type: object - minItems: 1 - type: array - parameters: - additionalProperties: - type: string - type: object - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - username: - minLength: 1 - type: string - type: object - required: - - aliasesRef - - postgres - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - authentatication - - storage - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: portals.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: Portal - listKind: PortalList - plural: portals - singular: portal - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - maxConnections: - default: 1024 - format: int32 - minimum: 0 - type: integer - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - maxConnections: - default: 1024 - format: int32 - minimum: 0 - type: integer - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: pullsecretbindings.goharbor.io -spec: - group: goharbor.io - names: - categories: - - goharbor - kind: PullSecretBinding - listKind: PullSecretBindingList - plural: pullsecretbindings - shortNames: - - psb - singular: pullsecretbinding - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The Harbor server configuration CR reference - jsonPath: .spec.harborServerConfig - name: Harbor Server - type: string - - description: The service account binding the pull secret - jsonPath: .spec.serviceAccount - name: Service Account - type: string - - description: The status of the Harbor server - jsonPath: .status.status - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - harborServerConfig: - type: string - projectId: - type: string - robotId: - type: string - serviceAccount: - type: string - required: - - harborServerConfig - - projectId - - robotId - - serviceAccount - type: object - status: - properties: - message: - type: string - reason: - type: string - status: - type: string - required: - - status - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: registries.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: Registry - listKind: RegistryList - plural: registries - singular: registry - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authentication: - properties: - htPasswd: - properties: - realm: - type: string - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - realm - - secretRef - type: object - silly: - properties: - realm: - type: string - service: - type: string - required: - - realm - - service - type: object - token: - properties: - autoredirect: - type: boolean - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - issuer: - type: string - realm: - type: string - service: - type: string - required: - - certificateRef - - issuer - - realm - - service - type: object - type: object - certificateRefs: - items: - type: string - type: array - compatibility: - properties: - schema1: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - enabled: - default: false - type: boolean - type: object - type: object - health: - properties: - file: - items: - properties: - interval: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - path: - type: string - required: - - path - type: object - type: array - http: - items: - properties: - headers: - additionalProperties: - items: - type: string - type: array - type: object - interval: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - statuscode: - default: 200 - format: int32 - minimum: 0 - type: integer - threshold: - default: 3 - format: int32 - minimum: 0 - type: integer - timeout: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - uri: - pattern: https?://.+ - type: string - required: - - uri - type: object - type: array - storageDriver: - properties: - enabled: - default: true - type: boolean - interval: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - threshold: - default: 3 - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - type: object - tcp: - items: - properties: - address: - type: string - interval: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - threshold: - default: 3 - format: int32 - minimum: 0 - type: integer - timeout: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - required: - - address - type: object - type: array - type: object - http: - properties: - debug: - properties: - port: - default: 5001 - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - prometheus: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - type: string - type: object - type: object - drainTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - headers: - additionalProperties: - items: - type: string - type: array - default: - X-Content-Type-Options: - - nosniff - type: object - host: - type: string - http2: - properties: - disabled: - default: false - type: boolean - type: object - net: - default: tcp - enum: - - unix - - tcp - type: string - prefix: - pattern: (/(.+/)?)? - type: string - relativeURLs: - default: true - type: boolean - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - default: - formatter: text - level: info - properties: - accessLog: - properties: - disabled: - default: false - type: boolean - type: object - fields: - additionalProperties: - type: string - type: object - formatter: - default: text - enum: - - text - - json - - logstash - type: string - hooks: - items: - properties: - levels: - items: - type: string - type: array - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: - type: string - required: - - levels - - optionsRef - - type - type: object - type: array - level: - default: info - enum: - - debug - - info - - warning - - error - type: string - type: object - middlewares: - properties: - registry: - items: - properties: - name: - type: string - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - name - type: object - type: array - repository: - items: - properties: - name: - type: string - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - name - type: object - type: array - storage: - items: - properties: - name: - type: string - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - name - type: object - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - notifications: - default: {} - properties: - endpoints: - items: - properties: - backoff: - default: 10s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - disabled: - default: false - type: boolean - headers: - additionalProperties: - items: - type: string - type: array - type: object - ignore: - properties: - actions: - items: - type: string - type: array - mediaTypes: - items: - type: string - type: array - type: object - ignoredMediaTypes: - items: - type: string - type: array - name: - type: string - threshold: - default: 3 - format: int32 - minimum: 0 - type: integer - timeout: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - url: - pattern: https?://.+ - type: string - required: - - name - - url - type: object - type: array - events: - default: {} - properties: - includeReferences: - default: true - type: boolean - type: object - type: object - proxy: - properties: - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - dialTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - host: - minLength: 1 - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - pool: - properties: - idleTimeout: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - maxActive: - default: 5 - format: int32 - minimum: 0 - type: integer - maxIdle: - default: 3 - format: int32 - minimum: 0 - type: integer - type: object - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - readTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - sentinelMasterSet: - type: string - writeTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - required: - - host - type: object - replicas: - format: int32 - minimum: 0 - type: integer - reporting: - additionalProperties: - type: string - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storage: - properties: - cache: - properties: - blobdescriptor: - enum: - - inmemory - - redis - type: string - type: object - delete: - properties: - enabled: - default: true - type: boolean - type: object - driver: - properties: - filesystem: - properties: - maxthreads: - default: 100 - format: int32 - minimum: 25 - type: integer - prefix: - type: string - volumeSource: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - required: - - volumeSource - type: object - inmemory: - type: object - s3: - properties: - accesskey: - type: string - bucket: - type: string - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - encrypt: - default: false - type: boolean - keyid: - type: string - region: - type: string - regionendpoint: - type: string - rootdirectory: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - secure: - default: true - type: boolean - skipverify: - default: false - type: boolean - storageclass: - default: STANDARD - type: string - v4auth: - default: true - type: boolean - required: - - bucket - - region - type: object - swift: - properties: - accesskey: - type: string - authurl: - type: string - authversion: - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - container: - type: string - domain: - type: string - domainID: - type: string - endpointtype: - default: public - enum: - - public - - internal - - admin - type: string - insecureskipverify: - default: false - type: boolean - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - region: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - tenant: - type: string - tenantID: - type: string - trustid: - type: string - username: - type: string - required: - - authurl - - container - type: object - type: object - maintenance: - properties: - readOnly: - properties: - enabled: - default: false - type: boolean - type: object - uploadPurging: - properties: - age: - default: 168h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - dryRun: - default: false - type: boolean - enabled: - default: false - type: boolean - interval: - default: 24h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - type: object - redirect: - properties: - disable: - default: false - type: boolean - type: object - required: - - driver - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - validation: - properties: - disabled: - type: boolean - manifests: - properties: - urls: - properties: - allow: - items: - type: string - type: array - deny: - items: - type: string - type: array - type: object - type: object - type: object - required: - - storage - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - required: - - metadata - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authentication: - properties: - htPasswd: - properties: - realm: - type: string - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - realm - - secretRef - type: object - silly: - properties: - realm: - type: string - service: - type: string - required: - - realm - - service - type: object - token: - properties: - autoredirect: - type: boolean - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - issuer: - type: string - realm: - type: string - service: - type: string - required: - - certificateRef - - issuer - - realm - - service - type: object - type: object - certificateRefs: - items: - type: string - type: array - compatibility: - properties: - schema1: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - enabled: - default: false - type: boolean - type: object - type: object - health: - properties: - file: - items: - properties: - interval: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - path: - type: string - required: - - path - type: object - type: array - http: - items: - properties: - headers: - additionalProperties: - items: - type: string - type: array - type: object - interval: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - statuscode: - default: 200 - format: int32 - minimum: 0 - type: integer - threshold: - default: 3 - format: int32 - minimum: 0 - type: integer - timeout: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - uri: - pattern: https?://.+ - type: string - required: - - uri - type: object - type: array - storageDriver: - properties: - enabled: - default: true - type: boolean - interval: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - threshold: - default: 3 - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - type: object - tcp: - items: - properties: - address: - type: string - interval: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - threshold: - default: 3 - format: int32 - minimum: 0 - type: integer - timeout: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - required: - - address - type: object - type: array - type: object - http: - properties: - debug: - properties: - port: - default: 5001 - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - prometheus: - properties: - enabled: - default: false - type: boolean - path: - default: /metrics - type: string - type: object - type: object - drainTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - headers: - additionalProperties: - items: - type: string - type: array - default: - X-Content-Type-Options: - - nosniff - type: object - host: - type: string - http2: - properties: - disabled: - default: false - type: boolean - type: object - net: - default: tcp - enum: - - unix - - tcp - type: string - prefix: - pattern: (/(.+/)?)? - type: string - relativeURLs: - default: true - type: boolean - secretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - default: - formatter: text - level: info - properties: - accessLog: - properties: - disabled: - default: false - type: boolean - type: object - fields: - additionalProperties: - type: string - type: object - formatter: - default: text - enum: - - text - - json - - logstash - type: string - hooks: - items: - properties: - levels: - items: - type: string - type: array - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: - type: string - required: - - levels - - optionsRef - - type - type: object - type: array - level: - default: info - enum: - - debug - - info - - warning - - error - type: string - type: object - middlewares: - properties: - registry: - items: - properties: - name: - type: string - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - name - type: object - type: array - repository: - items: - properties: - name: - type: string - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - name - type: object - type: array - storage: - items: - properties: - name: - type: string - optionsRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - required: - - name - type: object - type: array - type: object - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - notifications: - default: {} - properties: - endpoints: - items: - properties: - backoff: - default: 10s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - disabled: - default: false - type: boolean - headers: - additionalProperties: - items: - type: string - type: array - type: object - ignore: - properties: - actions: - items: - type: string - type: array - mediaTypes: - items: - type: string - type: array - type: object - ignoredMediaTypes: - items: - type: string - type: array - name: - type: string - threshold: - default: 3 - format: int32 - minimum: 0 - type: integer - timeout: - default: 5s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - url: - pattern: https?://.+ - type: string - required: - - name - - url - type: object - type: array - events: - default: {} - properties: - includeReferences: - default: true - type: boolean - type: object - type: object - proxy: - properties: - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - dialTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - host: - minLength: 1 - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - pool: - properties: - idleTimeout: - default: 30s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - maxActive: - default: 5 - format: int32 - minimum: 0 - type: integer - maxIdle: - default: 3 - format: int32 - minimum: 0 - type: integer - type: object - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - readTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - sentinelMasterSet: - type: string - writeTimeout: - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - required: - - host - type: object - replicas: - format: int32 - minimum: 0 - type: integer - reporting: - additionalProperties: - type: string - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - storage: - properties: - cache: - properties: - blobdescriptor: - enum: - - inmemory - - redis - type: string - type: object - delete: - properties: - enabled: - default: true - type: boolean - type: object - driver: - properties: - azure: - properties: - accountkeyRef: - type: string - accountname: - type: string - baseURL: - default: core.windows.net - type: string - container: - type: string - pathPrefix: - default: /azure/harbor/charts - type: string - type: object - filesystem: - properties: - maxthreads: - default: 100 - format: int32 - minimum: 25 - type: integer - prefix: - type: string - volumeSource: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - required: - - volumeSource - type: object - gcs: - properties: - bucket: - type: string - chunkSize: - type: string - keyDataRef: - type: string - pathPrefix: - type: string - type: object - inmemory: - type: object - oss: - properties: - accessKeyID: - type: string - accessSecretRef: - type: string - bucket: - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - encrypt: - default: false - type: boolean - endpoint: - type: string - internal: - default: false - type: boolean - pathPrefix: - type: string - region: - pattern: oss-.* - type: string - secure: - default: true - type: boolean - required: - - accessKeyID - - accessSecretRef - - bucket - - region - type: object - s3: - properties: - accesskey: - type: string - bucket: - type: string - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - encrypt: - default: false - type: boolean - keyid: - type: string - multipartcopychunksize: - format: int64 - type: integer - multipartcopymaxconcurrency: - format: int64 - type: integer - multipartcopythresholdsize: - format: int64 - type: integer - region: - type: string - regionendpoint: - type: string - rootdirectory: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - secure: - default: true - type: boolean - skipverify: - default: false - type: boolean - storageclass: - default: STANDARD - type: string - v4auth: - default: true - type: boolean - required: - - bucket - - region - type: object - swift: - properties: - accesskey: - type: string - authurl: - type: string - authversion: - type: string - chunksize: - format: int64 - minimum: 5242880 - type: integer - container: - type: string - domain: - type: string - domainID: - type: string - endpointtype: - default: public - enum: - - public - - internal - - admin - type: string - insecureskipverify: - default: false - type: boolean - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - prefix: - type: string - region: - type: string - secretkeyRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - tenant: - type: string - tenantID: - type: string - trustid: - type: string - username: - type: string - required: - - authurl - - container - type: object - type: object - maintenance: - properties: - readOnly: - properties: - enabled: - default: false - type: boolean - type: object - uploadPurging: - properties: - age: - default: 168h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - dryRun: - default: false - type: boolean - enabled: - default: false - type: boolean - interval: - default: 24h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - type: object - redirect: - properties: - disable: - default: false - type: boolean - type: object - required: - - driver - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - trace: - properties: - attributes: - additionalProperties: - type: string - type: object - enabled: - default: false - type: boolean - jaeger: - properties: - agent: - properties: - host: - type: string - port: - type: integer - type: object - collector: - properties: - endpoint: - type: string - passwordRef: - type: string - username: - type: string - required: - - endpoint - type: object - mode: - enum: - - collector - - agent - type: string - required: - - mode - type: object - namespace: - type: string - otel: - properties: - compression: - type: boolean - endpoint: - type: string - insecure: - type: boolean - timeout: - default: 10s - type: string - urlPath: - type: string - required: - - endpoint - - urlPath - type: object - provider: - enum: - - jaeger - - otel - type: string - sampleRate: - default: 1 - type: integer - required: - - provider - type: object - updateStrategyType: - default: RollingUpdate - type: string - validation: - properties: - disabled: - type: boolean - manifests: - properties: - urls: - properties: - allow: - items: - type: string - type: array - deny: - items: - type: string - type: array - type: object - type: object - type: object - required: - - storage - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - required: - - metadata - type: object - served: true - storage: true - subresources: - scale: - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: registrycontrollers.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: RegistryController - listKind: RegistryControllerList - plural: registrycontrollers - singular: registrycontroller - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authentication: - properties: - coreSecretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - jobServiceSecretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - properties: - level: - default: info - enum: - - debug - - info - - warning - - error - - fatal - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - registryRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - authentication - - registryRef - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authentication: - properties: - coreSecretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - jobServiceSecretRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - properties: - level: - default: info - enum: - - debug - - info - - warning - - error - - fatal - type: string - type: object - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - registryRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - serviceAccountName: - type: string - templateAnnotations: - additionalProperties: - type: string - type: object - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - required: - - authentication - - registryRef - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 - name: trivies.goharbor.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: {{ include "chart.fullname" . | quote }} - namespace: {{ .Release.Namespace }} - path: /convert - conversionReviewVersions: - - v1 - group: goharbor.io - names: - categories: - - goharbor - kind: Trivy - listKind: TrivyList - plural: trivies - singular: trivy - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1alpha3 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - default: - level: info - properties: - level: - default: info - enum: - - debug - - info - - warning - - error - - fatal - - panic - type: string - type: object - nodeSelector: - additionalProperties: - type: string - type: object - proxy: - properties: - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - jobs: - properties: - Namespace: - default: harbor.scanner.trivy:job-queue - type: string - scanTTL: - default: 1h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - namespace: - default: harbor.scanner.trivy:store - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - pool: - properties: - connectionTimeout: - default: 1s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - idleTimeout: - default: 5m - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - maxActive: - default: 5 - minimum: 0 - type: integer - maxIdle: - default: 5 - minimum: 0 - type: integer - readTimeout: - default: 1s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - writeTimeout: - default: 1s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - server: - properties: - clientCertificateAuthorityRefs: - items: - type: string - type: array - debugMode: - default: false - type: boolean - idleTimeout: - default: 60s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - ignoreUnfixed: - default: false - type: boolean - insecure: - default: false - type: boolean - proxy: - properties: - URL: - pattern: https?://.+ - type: string - noProxy: - items: - type: string - type: array - required: - - URL - type: object - readTimeout: - default: 15s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tokenServiceCertificateAuthorityRefs: - items: - type: string - type: array - writeTimeout: - default: 15s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - serviceAccountName: - type: string - severities: - default: - - UNKNOWN - - LOW - - MEDIUM - - HIGH - - CRITICAL - items: - enum: - - UNKNOWN - - LOW - - MEDIUM - - HIGH - - CRITICAL - type: string - type: array - storage: - properties: - cache: - properties: - prefix: - type: string - volumeSource: - default: - emptyDir: - sizeLimit: 1Gi - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - type: object - reports: - properties: - prefix: - type: string - volumeSource: - default: - emptyDir: - sizeLimit: 1Gi - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - type: object - required: - - cache - - reports - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - update: - properties: - githubTokenRef: - type: string - skip: - default: false - type: boolean - type: object - vulnerabilityTypes: - default: - - os - - library - items: - enum: - - os - - library - type: string - type: array - required: - - server - - storage - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - description: Timestamp representing the server time when this object was created. - It is not guaranteed to be set in happens-before order across separate operations. - Clients may not set this value. It is represented in RFC3339 form and is in - UTC. - jsonPath: .metadata.creationTimestamp - name: Age - priority: 1 - type: date - - description: Human readable message describing the failure - jsonPath: .status.conditions[?(@.type=="Failed")].message - name: Failure - priority: 5 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - certificateRefs: - items: - type: string - type: array - image: - type: string - imagePullPolicy: - enum: - - Always - - Never - - IfNotPresent - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - type: array - log: - default: - level: info - properties: - level: - default: info - enum: - - debug - - info - - warning - - error - - fatal - - panic - type: string - type: object - network: - properties: - ipFamilies: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: - type: string - type: object - offlineScan: - default: false - type: boolean - proxy: - properties: - httpProxy: - pattern: https?://.+ - type: string - httpsProxy: - pattern: https?://.+ - type: string - noProxy: - default: - - 127.0.0.1 - - localhost - - .local - - .internal - items: - type: string - type: array - type: object - redis: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - database: - default: 0 - format: int32 - maximum: 8 - minimum: 0 - type: integer - host: - minLength: 1 - type: string - jobs: - properties: - Namespace: - default: harbor.scanner.trivy:job-queue - type: string - scanTTL: - default: 1h - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - namespace: - default: harbor.scanner.trivy:store - type: string - passwordRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - pool: - properties: - connectionTimeout: - default: 1s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - idleTimeout: - default: 5m - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - maxActive: - default: 5 - minimum: 0 - type: integer - maxIdle: - default: 5 - minimum: 0 - type: integer - readTimeout: - default: 1s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - writeTimeout: - default: 1s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - port: - exclusiveMinimum: true - format: int32 - minimum: 0 - type: integer - sentinelMasterSet: - type: string - required: - - host - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - server: - properties: - clientCertificateAuthorityRefs: - items: - type: string - type: array - debugMode: - default: false - type: boolean - idleTimeout: - default: 60s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - ignoreUnfixed: - default: false - type: boolean - insecure: - default: false - type: boolean - proxy: - properties: - URL: - pattern: https?://.+ - type: string - noProxy: - items: - type: string - type: array - required: - - URL - type: object - readTimeout: - default: 15s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - tls: - properties: - certificateRef: - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - type: object - tokenServiceCertificateAuthorityRefs: - items: - type: string - type: array - writeTimeout: - default: 15s - pattern: ([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)? - type: string - type: object - serviceAccountName: - type: string - severities: - default: - - UNKNOWN - - LOW - - MEDIUM - - HIGH - - CRITICAL - items: - enum: - - UNKNOWN - - LOW - - MEDIUM - - HIGH - - CRITICAL - type: string - type: array - storage: - properties: - cache: - properties: - prefix: - type: string - volumeSource: - default: - emptyDir: - sizeLimit: 1Gi - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - type: object - reports: - properties: - prefix: - type: string - volumeSource: - default: - emptyDir: - sizeLimit: 1Gi - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - kind - - name - type: object - resources: - properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - type: object - type: object - required: - - cache - - reports - type: object - templateAnnotations: - additionalProperties: - type: string - type: object - timeout: - default: 5m0s - type: string - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - update: - properties: - githubTokenRef: - type: string - skip: - default: false - type: boolean - type: object - vulnerabilityTypes: - default: - - os - - library - items: - enum: - - os - - library - type: string - type: array - required: - - server - - storage - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - operator: - properties: - controllerGitCommit: - minLength: 1 - type: string - controllerName: - minLength: 1 - type: string - controllerVersion: - minLength: 1 - type: string - type: object - replicas: - format: int32 - minimum: 0 - type: integer - required: - - conditions - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end -}} diff --git a/charts/harbor-operator/templates/deployment.yaml b/charts/harbor-operator/templates/deployment.yaml index c8fb1e34e..7ba20688d 100644 --- a/charts/harbor-operator/templates/deployment.yaml +++ b/charts/harbor-operator/templates/deployment.yaml @@ -33,7 +33,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: '{{.Values.image.repository}}:{{.Values.image.tag|default .Chart.AppVersion}}' + image: '{{.Values.image.registry}}/{{.Values.image.repository}}:{{.Values.image.tag|default .Chart.AppVersion}}' imagePullPolicy: {{ .Values.image.pullPolicy | quote }} livenessProbe: httpGet: diff --git a/charts/harbor-operator/templates/validatingwebhookconfiguration.yaml b/charts/harbor-operator/templates/validatingwebhookconfiguration.yaml index a1a5564da..538b0d579 100644 --- a/charts/harbor-operator/templates/validatingwebhookconfiguration.yaml +++ b/charts/harbor-operator/templates/validatingwebhookconfiguration.yaml @@ -94,6 +94,28 @@ webhooks: resources: - harborclusters sideEffects: None +- admissionReviewVersions: + - v1beta1 + - v1 + clientConfig: + service: + name: {{ include "chart.fullname" . | quote }} + namespace: {{ .Release.Namespace | quote }} + path: /validate-goharbor-io-v1beta1-harborproject + port: {{ .Values.service.port }} + failurePolicy: Fail + name: vharborproject.kb.io + rules: + - apiGroups: + - goharbor.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - harborprojects + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: diff --git a/charts/harbor-operator/values.yaml b/charts/harbor-operator/values.yaml index cba44af9e..851f9291a 100644 --- a/charts/harbor-operator/values.yaml +++ b/charts/harbor-operator/values.yaml @@ -1,10 +1,12 @@ image: + # image.registry -- The image registry whose default is docker.io. + registry: docker.io # image.repository -- The image repository whose default is the chart appVersion. repository: goharbor/harbor-operator # image.pullPolicy -- The image pull policy for the controller. pullPolicy: IfNotPresent # image.tag -- The image tag whose default is the chart appVersion. - tag: "dev_master" + tag: "dev" # installCRDs -- If true, CRD resources will be installed as part of the Helm chart. If enabled, when uninstalling CRD resources will be deleted causing all installed custom resources to be DELETED installCRDs: false @@ -78,6 +80,12 @@ controllers: # controllers.harborConfiguration.maxReconcile -- Max parallel reconciliation for HarborConfiguration controller maxReconcile: 1 + harborProject: + # controllers.harborProject.maxReconcile -- Max parallel reconciliation for HarborProject controller + maxReconcile: 1 + # controllers.harborProject.requeueAfterMinutes -- How often to reconcile HarborProjects + requeueAfterMinutes: 5 + core: # controllers.core.maxReconcile -- Max parallel reconciliation for Core controller maxReconcile: 1 diff --git a/config/config/assets/jobservice-config.yaml.tmpl b/config/config/assets/jobservice-config.yaml.tmpl index e16852d87..6cb5d3368 100644 --- a/config/config/assets/jobservice-config.yaml.tmpl +++ b/config/config/assets/jobservice-config.yaml.tmpl @@ -1,6 +1,6 @@ {{/* - https://github.com/goharbor/harbor/blob/master/make/photon/prepare/templates/jobservice/config.yml.jinja - https://github.com/goharbor/harbor/blob/master/src/jobservice/config/config.go#L63 + https://github.com/goharbor/harbor/blob/main/make/photon/prepare/templates/jobservice/config.yml.jinja + https://github.com/goharbor/harbor/blob/main/src/jobservice/config/config.go#L63 */}} {{- if .Spec.TLS.Enabled }} protocol: "https" diff --git a/config/config/controllers/harborproject-ctrl.yaml b/config/config/controllers/harborproject-ctrl.yaml new file mode 100644 index 000000000..c90bbe748 --- /dev/null +++ b/config/config/controllers/harborproject-ctrl.yaml @@ -0,0 +1,6 @@ +- key: max-reconcile + priority: 200 + value: "1" +- key: requeue-after-minutes + priority: 200 + value: "5" diff --git a/config/config/kustomization.yaml b/config/config/kustomization.yaml index 72bc65dac..8c23e2904 100644 --- a/config/config/kustomization.yaml +++ b/config/config/kustomization.yaml @@ -26,6 +26,7 @@ configMapGenerator: - controllers/harbor-ctrl.yaml - controllers/harborcluster-ctrl.yaml - controllers/harborconfiguration-ctrl.yaml + - controllers/harborproject-ctrl.yaml - controllers/jobservice-ctrl.yaml - controllers/notaryserver-ctrl.yaml - controllers/notarysigner-ctrl.yaml diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index fc9fd71dd..c8f5d6017 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -15,6 +15,7 @@ resources: - bases/goharbor.io_trivies.yaml - bases/goharbor.io_harborclusters.yaml - bases/goharbor.io_harborconfigurations.yaml + - bases/goharbor.io_harborprojects.yaml - bases/goharbor.io_harborserverconfigurations.yaml - bases/goharbor.io_pullsecretbindings.yaml # +kubebuilder:scaffold:crdkustomizeresource diff --git a/config/helm/crds/kustomization.yaml b/config/helm/crds/kustomization.yaml index b1c647779..48ae06283 100644 --- a/config/helm/crds/kustomization.yaml +++ b/config/helm/crds/kustomization.yaml @@ -1,12 +1,12 @@ -namePrefix: '{{ include "chart.fullname" . }}-' +namePrefix: 'harbor-operator-' -namespace: '{{ .Release.Namespace }}' +namespace: 'harbor-operator-ns' generatorOptions: disableNameSuffixHash: true commonAnnotations: - cert-manager.io/inject-ca-from: '{{.Release.Namespace}}/{{. | include "chart.fullname"}}-serving-cert' + cert-manager.io/inject-ca-from: 'harbor-operator-ns/harbor-operator-serving-cert' patchesStrategicMerge: - patches/chartmuseums_service.yaml diff --git a/config/helm/crds/patches/chartmuseums_service.yaml b/config/helm/crds/patches/chartmuseums_service.yaml index fee7c5c1a..d153c77b5 100644 --- a/config/helm/crds/patches/chartmuseums_service.yaml +++ b/config/helm/crds/patches/chartmuseums_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/cores_service.yaml b/config/helm/crds/patches/cores_service.yaml index 5a346afdc..2fc9cf880 100644 --- a/config/helm/crds/patches/cores_service.yaml +++ b/config/helm/crds/patches/cores_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/exporters_service.yaml b/config/helm/crds/patches/exporters_service.yaml index a08c46c7c..70f8d10ae 100644 --- a/config/helm/crds/patches/exporters_service.yaml +++ b/config/helm/crds/patches/exporters_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/harborclusters_service.yaml b/config/helm/crds/patches/harborclusters_service.yaml index 183fe45bd..3b84cd38a 100644 --- a/config/helm/crds/patches/harborclusters_service.yaml +++ b/config/helm/crds/patches/harborclusters_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/harbors_service.yaml b/config/helm/crds/patches/harbors_service.yaml index 2e3aa6807..e7231f86c 100644 --- a/config/helm/crds/patches/harbors_service.yaml +++ b/config/helm/crds/patches/harbors_service.yaml @@ -17,5 +17,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/jobservices_service.yaml b/config/helm/crds/patches/jobservices_service.yaml index 3c020fe83..dd320b1b4 100644 --- a/config/helm/crds/patches/jobservices_service.yaml +++ b/config/helm/crds/patches/jobservices_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/notaryservers_service.yaml b/config/helm/crds/patches/notaryservers_service.yaml index 9abc7f598..b941cc3c2 100644 --- a/config/helm/crds/patches/notaryservers_service.yaml +++ b/config/helm/crds/patches/notaryservers_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/notarysigners_service.yaml b/config/helm/crds/patches/notarysigners_service.yaml index 97036c69e..a0fab46ba 100644 --- a/config/helm/crds/patches/notarysigners_service.yaml +++ b/config/helm/crds/patches/notarysigners_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/portals_service.yaml b/config/helm/crds/patches/portals_service.yaml index 1f77af31d..629d33556 100644 --- a/config/helm/crds/patches/portals_service.yaml +++ b/config/helm/crds/patches/portals_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/registries_service.yaml b/config/helm/crds/patches/registries_service.yaml index 47734a32a..70f4f3c68 100644 --- a/config/helm/crds/patches/registries_service.yaml +++ b/config/helm/crds/patches/registries_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/registrycontrollers_service.yaml b/config/helm/crds/patches/registrycontrollers_service.yaml index b30b146b3..35e485d18 100644 --- a/config/helm/crds/patches/registrycontrollers_service.yaml +++ b/config/helm/crds/patches/registrycontrollers_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/crds/patches/trivies_service.yaml b/config/helm/crds/patches/trivies_service.yaml index 930d710d4..5391686f3 100644 --- a/config/helm/crds/patches/trivies_service.yaml +++ b/config/helm/crds/patches/trivies_service.yaml @@ -16,5 +16,5 @@ spec: caBundle: Cg== service: namespace: system - name: '{{ include "chart.fullname" . | quote }}' + name: 'harbor-operator' path: /convert diff --git a/config/helm/deployment/kustomization.yaml b/config/helm/deployment/kustomization.yaml index f7b00aebb..c75c1221b 100644 --- a/config/helm/deployment/kustomization.yaml +++ b/config/helm/deployment/kustomization.yaml @@ -7,7 +7,7 @@ generatorOptions: images: - name: goharbor/harbor-operator:dev - newName: '{{.Values.image.repository}}' + newName: '{{.Values.image.registry}}/{{.Values.image.repository}}' newTag: '{{.Values.image.tag|default .Chart.AppVersion}}' patches: diff --git a/config/helm/webhook/validatingwebhook_endpoint_patch.yaml b/config/helm/webhook/validatingwebhook_endpoint_patch.yaml index 6aa9ae13a..dd05cf4a1 100644 --- a/config/helm/webhook/validatingwebhook_endpoint_patch.yaml +++ b/config/helm/webhook/validatingwebhook_endpoint_patch.yaml @@ -28,6 +28,12 @@ webhooks: name: '{{ include "chart.fullname" . | quote }}' namespace: '{{ .Release.Namespace | quote }}' port: '{{ .Values.service.port }}' +- name: vharborproject.kb.io + clientConfig: + service: + name: '{{ include "chart.fullname" . | quote }}' + namespace: '{{ .Release.Namespace | quote }}' + port: '{{ .Values.service.port }}' - name: hsc.goharbor.io clientConfig: service: diff --git a/controllers/controller_string.go b/controllers/controller_string.go index 293fd907c..481516306 100644 --- a/controllers/controller_string.go +++ b/controllers/controller_string.go @@ -22,14 +22,15 @@ func _() { _ = x[HarborCluster-11] _ = x[HarborConfigurationCm-12] _ = x[HarborConfiguration-13] - _ = x[HarborServerConfiguration-14] - _ = x[PullSecretBinding-15] - _ = x[Namespace-16] + _ = x[HarborProject-14] + _ = x[HarborServerConfiguration-15] + _ = x[PullSecretBinding-16] + _ = x[Namespace-17] } -const _Controller_name = "corejobserviceportalregistryregistryctlchartmuseumexporternotaryservernotarysignertrivyharborharborclusterharborconfigurationcmharborconfigurationharborserverconfigurationpullsecretbindingnamespace" +const _Controller_name = "corejobserviceportalregistryregistryctlchartmuseumexporternotaryservernotarysignertrivyharborharborclusterharborconfigurationcmharborconfigurationharborprojectharborserverconfigurationpullsecretbindingnamespace" -var _Controller_index = [...]uint8{0, 4, 14, 20, 28, 39, 50, 58, 70, 82, 87, 93, 106, 127, 146, 171, 188, 197} +var _Controller_index = [...]uint8{0, 4, 14, 20, 28, 39, 50, 58, 70, 82, 87, 93, 106, 127, 146, 159, 184, 201, 210} func (i Controller) String() string { if i < 0 || i >= Controller(len(_Controller_index)-1) { diff --git a/controllers/controllers.go b/controllers/controllers.go index b9eb56bf2..5a903cb98 100644 --- a/controllers/controllers.go +++ b/controllers/controllers.go @@ -25,6 +25,7 @@ const ( HarborCluster // harborcluster HarborConfigurationCm // harborconfigurationcm HarborConfiguration // harborconfiguration + HarborProject // harborproject HarborServerConfiguration // harborserverconfiguration PullSecretBinding // pullsecretbinding Namespace // namespace diff --git a/controllers/goharbor/core/deployments.go b/controllers/goharbor/core/deployments.go index 53bf07710..1948aafe2 100644 --- a/controllers/goharbor/core/deployments.go +++ b/controllers/goharbor/core/deployments.go @@ -65,6 +65,7 @@ func getDefaultAllowedRegistryTypesForProxyCache() string { registry.RegistryTypeHarbor, registry.RegistryTypeAzureAcr, registry.RegistryTypeAwsEcr, + registry.RegistryTypeGithubCR, registry.RegistryTypeGoogleGcr, registry.RegistryTypeQuay, registry.RegistryTypeDockerRegistry, @@ -485,7 +486,7 @@ func (r *Reconciler) GetDeployment(ctx context.Context, core *goharborv1.Core) ( Name: controllers.Core.String(), Image: image, Ports: containerPorts, - // https://github.com/goharbor/harbor/blob/master/make/photon/prepare/templates/core/env.jinja + // https://github.com/goharbor/harbor/blob/main/make/photon/prepare/templates/core/env.jinja Env: envs, LivenessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ diff --git a/controllers/goharbor/core/secrets.go b/controllers/goharbor/core/secrets.go index b56ede81a..42ee70071 100644 --- a/controllers/goharbor/core/secrets.go +++ b/controllers/goharbor/core/secrets.go @@ -3,6 +3,7 @@ package core import ( "context" "fmt" + "net/url" goharborv1 "github.com/plotly/harbor-operator/apis/goharbor.io/v1beta1" harbormetav1 "github.com/plotly/harbor-operator/apis/meta/v1alpha1" @@ -41,8 +42,8 @@ func (r *Reconciler) GetSecret(ctx context.Context, core *goharborv1.Core) (*cor redisPassword = string(password) } - - coreCacheDSN := core.Spec.Redis.GetDSNStringWithRawPassword(redisPassword) + // support redis password contains special character by using url.QueryEscape + coreCacheDSN := core.Spec.Redis.GetDSNStringWithRawPassword(url.QueryEscape(redisPassword)) var registryPassword string @@ -64,8 +65,8 @@ func (r *Reconciler) GetSecret(ctx context.Context, core *goharborv1.Core) (*cor registryPassword = string(password) } - - registryCacheDSN := core.Spec.Components.Registry.Redis.GetDSNStringWithRawPassword(registryPassword) + // support redis password contains special character by using url.QueryEscape + registryCacheDSN := core.Spec.Components.Registry.Redis.GetDSNStringWithRawPassword(url.QueryEscape(registryPassword)) return &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ diff --git a/controllers/goharbor/exporter/deployments.go b/controllers/goharbor/exporter/deployments.go index 4a65e29d7..52d0ddc89 100644 --- a/controllers/goharbor/exporter/deployments.go +++ b/controllers/goharbor/exporter/deployments.go @@ -275,8 +275,8 @@ func (r *Reconciler) getJobServiceRedisURL(ctx context.Context, exporter *goharb if redisPassword == "" { logger.Get(ctx).Info("redis password secret of jobservice not found", "secret", exporter.Spec.JobService.Redis.PasswordRef) } - - return exporter.Spec.JobService.Redis.GetDSNStringWithRawPassword(redisPassword), nil + // support redis password contains special character by using url.QueryEscape + return exporter.Spec.JobService.Redis.GetDSNStringWithRawPassword(url.QueryEscape(redisPassword)), nil } func (r *Reconciler) getValueFromSecret(ctx context.Context, namespace, name, key string) (string, error) { diff --git a/controllers/goharbor/harbor/core.go b/controllers/goharbor/harbor/core.go index f2709c58e..9badfaf29 100644 --- a/controllers/goharbor/harbor/core.go +++ b/controllers/goharbor/harbor/core.go @@ -454,6 +454,8 @@ func (r *Reconciler) GetCore(ctx context.Context, harbor *goharborv1.Harbor) (*g CSRFKeyRef: csrfRef, Database: goharborv1.CoreDatabaseSpec{ PostgresConnectionWithParameters: *storage, + MaxIdleConnections: harbor.Spec.Core.MaxIdleConnections, + MaxOpenConnections: harbor.Spec.Core.MaxOpenConnections, EncryptionKeyRef: encryptionKeyRef, }, ExternalEndpoint: harbor.Spec.ExternalURL, diff --git a/controllers/goharbor/harbor/registry.go b/controllers/goharbor/harbor/registry.go index f870e7b41..ae54dd005 100644 --- a/controllers/goharbor/harbor/registry.go +++ b/controllers/goharbor/harbor/registry.go @@ -122,7 +122,7 @@ func (r *Reconciler) AddRegistryInternalCertificate(ctx context.Context, harbor } const ( - // https://github.com/goharbor/harbor/blob/master/make/photon/prepare/utils/configs.py#L14 + // https://github.com/goharbor/harbor/blob/main/make/photon/prepare/utils/configs.py#L14 RegistryAuthenticationUsername = "harbor_registry_user" RegistryAuthenticationPasswordLength = 32 diff --git a/controllers/goharbor/harbor_test.go b/controllers/goharbor/harbor_test.go index 02988d7df..aadb9a8d9 100644 --- a/controllers/goharbor/harbor_test.go +++ b/controllers/goharbor/harbor_test.go @@ -138,6 +138,10 @@ func setupValidHarbor(ctx context.Context, ns string) (Resource, client.ObjectKe Host: "the.dns", } + var maxIdleConnections int32 = 50 + + var maxOpenConnections int32 = 100 + harbor := &goharborv1.Harbor{ ObjectMeta: metav1.ObjectMeta{ Name: name, @@ -168,6 +172,8 @@ func setupValidHarbor(ctx context.Context, ns string) (Resource, client.ObjectKe TokenIssuer: cmmeta.ObjectReference{ Name: tokenIssuerName, }, + MaxIdleConnections: &maxIdleConnections, + MaxOpenConnections: &maxOpenConnections, }, Database: &goharborv1.HarborDatabaseSpec{ PostgresCredentials: database.PostgresCredentials, diff --git a/controllers/goharbor/harborcluster/ctrl_setup.go b/controllers/goharbor/harborcluster/ctrl_setup.go index 855256e7a..62583ba6d 100644 --- a/controllers/goharbor/harborcluster/ctrl_setup.go +++ b/controllers/goharbor/harborcluster/ctrl_setup.go @@ -69,6 +69,7 @@ type Reconciler struct { // +kubebuilder:rbac:groups=goharbor.io,resources=harbors/finalizers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=goharbor.io,resources=harborclusters/finalizers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=goharbor.io,resources=harborconfigurations/finalizers,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=goharbor.io,resources=harborprojects/finalizers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=goharbor.io,resources=chartmuseums/finalizers;cores/finalizers;exporters/finalizers;jobservices/finalizers;notaryservers/finalizers;notarysigners/finalizers;portals/finalizers;registries/finalizers;registrycontrollers/finalizers;trivies/finalizers,verbs=get;list;watch;create;update;patch;delete func (r *Reconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error { diff --git a/controllers/goharbor/jobservice/deployments.go b/controllers/goharbor/jobservice/deployments.go index 9e7d260d8..a048ef409 100644 --- a/controllers/goharbor/jobservice/deployments.go +++ b/controllers/goharbor/jobservice/deployments.go @@ -329,7 +329,7 @@ func (r *Reconciler) GetDeployment(ctx context.Context, jobservice *goharborv1.J Image: image, Ports: containerPorts, - // https://github.com/goharbor/harbor/blob/master/make/photon/prepare/templates/jobservice/env.jinja + // https://github.com/goharbor/harbor/blob/main/make/photon/prepare/templates/jobservice/env.jinja Env: envs, LivenessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ diff --git a/controllers/goharbor/namespace/namespace.go b/controllers/goharbor/namespace/namespace.go index 79cc888de..f284cb2b0 100644 --- a/controllers/goharbor/namespace/namespace.go +++ b/controllers/goharbor/namespace/namespace.go @@ -202,7 +202,7 @@ func (r *Reconciler) validateProject(projectName string) (string, error) { err error ) - if proj, err = r.Harbor.GetProject(projectName); err != nil { + if proj, err = r.Harbor.GetProjectByName(projectName); err != nil { return "", err } diff --git a/controllers/goharbor/project/ctrl_setup.go b/controllers/goharbor/project/ctrl_setup.go new file mode 100644 index 000000000..99cad98ae --- /dev/null +++ b/controllers/goharbor/project/ctrl_setup.go @@ -0,0 +1,76 @@ +package project + +import ( + "context" + + "github.com/ovh/configstore" + "github.com/pkg/errors" + goharborv1 "github.com/plotly/harbor-operator/apis/goharbor.io/v1beta1" + "github.com/plotly/harbor-operator/controllers" + "github.com/plotly/harbor-operator/pkg/builder" + "github.com/plotly/harbor-operator/pkg/config" + commonCtrl "github.com/plotly/harbor-operator/pkg/controller" + v2 "github.com/plotly/harbor-operator/pkg/rest/v2" + "github.com/plotly/harbor-operator/pkg/utils/strings" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/controller" + "sigs.k8s.io/controller-runtime/pkg/predicate" +) + +const ( + finalizerID string = "harborproject.goharbor.io/finalizer" + defaultRequeueAfterMinutes int = 5 + requeueAfterMinutesConfigKey string = "requeue-after-minutes" +) + +// New HarborProject reconciler. +func New(ctx context.Context, configStore *configstore.Store) (commonCtrl.Reconciler, error) { + r := &Reconciler{} + r.Controller = commonCtrl.NewController(ctx, controllers.HarborProject, nil, configStore) + + return r, nil +} + +// Reconciler reconciles a project cr. +type Reconciler struct { + *commonCtrl.Controller + Scheme *runtime.Scheme + Harbor *v2.Client + RequeueAfterMinutes int +} + +// +kubebuilder:rbac:groups=goharbor.io,resources=harborprojects,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=goharbor.io,resources=harborprojects/status,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=goharbor.io,resources=harborprojects/finalizers,verbs=update +// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete + +func (r *Reconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error { + concurrentReconcile, err := config.GetInt(r.ConfigStore, config.ReconciliationKey, config.DefaultConcurrentReconcile) + if err != nil { + return errors.Wrap(err, "cannot get concurrent reconcile") + } + + requeueAfterMinutes, err := config.GetInt(r.ConfigStore, requeueAfterMinutesConfigKey, defaultRequeueAfterMinutes) + if err != nil { + return errors.Wrap(err, "cannot get requeue after config value") + } + + r.RequeueAfterMinutes = requeueAfterMinutes + r.Client = mgr.GetClient() + r.Scheme = mgr.GetScheme() + + return builder.ControllerManagedBy(mgr). + For(&goharborv1.HarborProject{}). + WithOptions(controller.Options{ + MaxConcurrentReconciles: concurrentReconcile, + }). + WithEventFilter(predicate.GenerationChangedPredicate{}). + Complete(r) +} + +func (r *Reconciler) NormalizeName(ctx context.Context, name string, suffixes ...string) string { + suffixes = append([]string{"HarborProject"}, suffixes...) + + return strings.NormalizeName(name, suffixes...) +} diff --git a/controllers/goharbor/project/harborproject.go b/controllers/goharbor/project/harborproject.go new file mode 100644 index 000000000..9493902f7 --- /dev/null +++ b/controllers/goharbor/project/harborproject.go @@ -0,0 +1,190 @@ +package project + +import ( + "context" + "fmt" + "time" + + "github.com/pkg/errors" + goharborv1beta1 "github.com/plotly/harbor-operator/apis/goharbor.io/v1beta1" + harborClient "github.com/plotly/harbor-operator/pkg/rest" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" +) + +var ( + ErrHarborCfgNotFound = errors.New("harbor server configuration not found") + ErrUnexpectedHarborCfgStatus = errors.New("status of Harbor server referred in configuration %s is unexpected") +) + +// Reconcile does project reconcile. +func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.Result, err error) { //nolint:funlen + log := r.Log.WithValues("resource", req.NamespacedName) + log.Info("Start reconciling") + + // get HarborProject k8s resource from API + hp := &goharborv1beta1.HarborProject{} + if err = r.Client.Get(ctx, req.NamespacedName, hp); err != nil { + if apierrors.IsNotFound(err) { + // The resource may have be deleted after reconcile request coming in + // Reconcile is done + return ctrl.Result{}, nil + } + + hp.Status.Reason = "HarborProjectError" + + return ctrl.Result{}, errors.Wrapf(err, "error get harbor project %v", req) + } + + hp.Status.Status = goharborv1beta1.HarborProjectStatusUnknown + + defer func() { + if err != nil { + hp.Status.Status = goharborv1beta1.HarborProjectStatusFail + hp.Status.Message = err.Error() + } else { + hp.Status.Status = goharborv1beta1.HarborProjectStatusReady + hp.Status.Reason = "" + hp.Status.Message = "" + now := metav1.Now() + hp.Status.LastApplyTime = &now + } + + log.Info("Reconcile end", "result", res, "error", err, "updateStatusError", r.Client.Status().Update(ctx, hp)) + }() + + // set harbor client + err = r.setHarborClient(ctx, hp.Spec.HarborServerConfig) + if err != nil { + err = errors.Wrapf(err, "error get harbor client") + hp.Status.Reason = "HarborClientError" + + return + } + + if !hp.ObjectMeta.DeletionTimestamp.IsZero() { //nolint:nestif + // The object is being deleted + if controllerutil.ContainsFinalizer(hp, finalizerID) { + // our finalizer is present, so lets handle any external dependency + if err := r.Harbor.DeleteProject(hp.Spec.ProjectName); err != nil { + hp.Status.Reason = "DeleteProjectError" + // if fail to delete the external dependency here, return with error + // so that it can be retried + return ctrl.Result{}, err + } + + // remove our finalizer from the list and update it. + controllerutil.RemoveFinalizer(hp, finalizerID) + + if err := r.Update(ctx, hp); err != nil { + return ctrl.Result{}, err + } + } + + return ctrl.Result{}, nil + } + + if !controllerutil.ContainsFinalizer(hp, finalizerID) { + controllerutil.AddFinalizer(hp, finalizerID) + + if err := r.Update(ctx, hp); err != nil { + return ctrl.Result{}, err + } + } + + projectExists, err := r.Harbor.ProjectExists(hp.Spec.ProjectName) + if err != nil { + err = errors.Wrapf(err, "error finding existing harbor project") + hp.Status.Reason = "FindProjectError" + + return ctrl.Result{}, err + } + + if projectExists { + // update project + if err = r.Harbor.UpdateProject(hp.Spec.ProjectName, hp); err != nil { + err = errors.Wrapf(err, "error update harbor project") + hp.Status.Reason = "UpdateProjectError" + + return ctrl.Result{}, err + } + } else { + // create project + id, err := r.Harbor.CreateProject(hp) + if err != nil { + err = errors.Wrapf(err, "error apply harbor project") + hp.Status.Reason = "ApplyProjectError" + + return ctrl.Result{}, err + } + hp.Status.ProjectID = id + } + + // reconcile project quota + if err = r.reconcileQuota(hp, log); err != nil { + err = errors.Wrapf(err, "error updating harbor project quota") + hp.Status.Reason = "UpdateProjectQuotaError" + + return ctrl.Result{}, err + } + + // reconcile project user/group memberships + if err = r.reconcileMembership(hp, log); err != nil { + err = errors.Wrapf(err, "error updating harbor project memberships") + hp.Status.Reason = "UpdateProjectMembersError" + + return ctrl.Result{}, err + } + + r.Log.Info("Reconcile is completed") + + return ctrl.Result{RequeueAfter: time.Minute * time.Duration(r.RequeueAfterMinutes)}, nil +} + +// setHarborClient sets harbor client. +func (r *Reconciler) setHarborClient(ctx context.Context, harborServerConfigName string) error { + harborCfg, err := r.getHarborServerConfig(ctx, harborServerConfigName) + if err != nil { + return fmt.Errorf("error finding harborCfg: %w", err) + } + + if harborCfg == nil { + // Not exist + return fmt.Errorf("%w: %s", ErrHarborCfgNotFound, harborServerConfigName) + } + + if harborCfg.Status.Status == goharborv1beta1.HarborServerConfigurationStatusUnknown || harborCfg.Status.Status == goharborv1beta1.HarborServerConfigurationStatusFail { + return fmt.Errorf("%w harborCfg %s with %s", ErrUnexpectedHarborCfgStatus, harborCfg.Name, harborCfg.Status.Status) + } + + // Create harbor client + harborv2, err := harborClient.CreateHarborV2Client(ctx, r.Client, harborCfg) + if err != nil { + return err + } + + r.Harbor = harborv2.WithContext(ctx) + + return nil +} + +func (r *Reconciler) getHarborServerConfig(ctx context.Context, name string) (*goharborv1beta1.HarborServerConfiguration, error) { + hsc := &goharborv1beta1.HarborServerConfiguration{} + // HarborServerConfiguration is cluster scoped resource + namespacedName := types.NamespacedName{ + Name: name, + } + if err := r.Client.Get(ctx, namespacedName, hsc); err != nil { + // Explicitly check not found error + if apierrors.IsNotFound(err) { + return nil, nil + } + + return nil, err + } + + return hsc, nil +} diff --git a/controllers/goharbor/project/memberships.go b/controllers/goharbor/project/memberships.go new file mode 100644 index 000000000..013f0687c --- /dev/null +++ b/controllers/goharbor/project/memberships.go @@ -0,0 +1,251 @@ +package project + +import ( + "crypto/sha256" + "encoding/hex" + "encoding/json" + "sort" + + "github.com/go-logr/logr" + "github.com/goharbor/go-client/pkg/sdk/v2.0/models" + "github.com/pkg/errors" + goharborv1 "github.com/plotly/harbor-operator/apis/goharbor.io/v1beta1" +) + +type memberUpdate struct { + desired *models.ProjectMember + current *models.ProjectMemberEntity +} + +type memberDifferences struct { + update []memberUpdate + create []*models.ProjectMember + delete []*models.ProjectMemberEntity +} + +const ( + harborAPIProjectAdminRole int = 1 + harborAPIDeveloperRole int = 2 + harborAPIGuestRole int = 3 + harborAPIMaintainerRole int = 4 +) + +// map string role mappings from CRD to int for Harbor API. +var memberRoleMapping = map[string]int{ + "projectAdmin": harborAPIProjectAdminRole, + "developer": harborAPIDeveloperRole, + "guest": harborAPIGuestRole, + "maintainer": harborAPIMaintainerRole, +} + +func (r *Reconciler) reconcileMembership(hp *goharborv1.HarborProject, log logr.Logger) (err error) { //nolint:funlen + // get current project members from Harbor API + currentMemberships, err := r.Harbor.GetProjectMembers(hp) + if err != nil { + return err + } + + // detect changes via hash from status field to skip unnecessary list comparisons + previousHash := hp.Status.MembershipHash + + currentHash, err := generateHash(currentMemberships, hp.Spec.HarborProjectMemberships) + if err != nil { + return err + } + + if previousHash == currentHash { + // no changes, finish reconcile + return nil + } + + log.Info("reconcile membership, changes detected.", "previousHash", previousHash, "currentHash", currentHash) + + // create Harbor API objects for desired memberships defined in custom resource + desiredMemberships, err := createDesiredMemberships(hp.Spec.HarborProjectMemberships) + if err != nil { + return err + } + + // check length of current/desired member arrays, end reconcile if both are empty. + currentMembershipsCnt := len(currentMemberships) + desiredMembershipsCnt := len(desiredMemberships) + + if currentMembershipsCnt == 0 && desiredMembershipsCnt == 0 { + log.Info("Nothing to do.", "current members", currentMembershipsCnt, "desired members", desiredMembershipsCnt) + + return nil + } + + log.Info("Start reconcile", "current members", currentMembershipsCnt, "desired members", desiredMembershipsCnt) + + // find differences between current and desired members. + differences := findDifferences(currentMemberships, desiredMemberships, log) + + err = r.updateMemberships(hp, differences, log) + if err != nil { + return err + } + + // update hash a final time + currentMemberships, err = r.Harbor.GetProjectMembers(hp) + if err != nil { + return err + } + + hp.Status.MembershipHash, err = generateHash(currentMemberships, hp.Spec.HarborProjectMemberships) + if err != nil { + return err + } + + log.Info("Membership reconcile complete.", "project", hp.Spec.ProjectName) + + return nil +} + +func findDifferences(currentMemberships []*models.ProjectMemberEntity, desiredMemberships []models.ProjectMember, log logr.Logger) *memberDifferences { + differences := memberDifferences{ + update: []memberUpdate{}, + create: []*models.ProjectMember{}, + delete: []*models.ProjectMemberEntity{}, + } + + desiredMembershipsCnt := len(desiredMemberships) + currentMembershipsCnt := len(currentMemberships) + + // first, sort member slices for binary search + sort.Slice(currentMemberships, func(i, j int) bool { + return currentMemberships[i].EntityName < currentMemberships[j].EntityName + }) + sort.Slice(desiredMemberships, func(i, j int) bool { + return getProjectMemberName(&desiredMemberships[i]) < getProjectMemberName(&desiredMemberships[j]) + }) + + // search all currentMembers in desiredMembers. If found, mark for update or deletion if necessary. + for _, currentMember := range currentMemberships { + idx := sort.Search(desiredMembershipsCnt, func(i int) bool { + return getProjectMemberName(&desiredMemberships[i]) >= currentMember.EntityName + }) + if idx < desiredMembershipsCnt && areMembersEqual(currentMember, &desiredMemberships[idx]) && currentMember.RoleID != desiredMemberships[idx].RoleID { + log.Info("found matching members with differences, mark for update", "member", currentMember.EntityName) + + differences.update = append(differences.update, memberUpdate{desired: &desiredMemberships[idx], current: currentMember}) + } else if idx == desiredMembershipsCnt || getProjectMemberName(&desiredMemberships[idx]) != currentMember.EntityName { + log.Info("currentMember was not found in desiredMemberships, mark for deletion.", "member", currentMember.EntityName) + + differences.delete = append(differences.delete, currentMember) + } + } + + // search all desiredMembers in currentMembers. If not found, mark for creation. + for i := range desiredMemberships { + desiredMemberName := getProjectMemberName(&desiredMemberships[i]) + + idx := sort.Search(currentMembershipsCnt, func(i int) bool { + return currentMemberships[i].EntityName >= desiredMemberName + }) + + if idx == currentMembershipsCnt || currentMemberships[idx].EntityName != desiredMemberName { + log.Info("desiredMember was not found in currentMemberships, mark for creation.", "member", desiredMemberName) + + differences.create = append(differences.create, &desiredMemberships[i]) + } + } + + log.Info("finished planning project member reconcile.", "create", len(differences.create), "update", len(differences.update), "delete", len(differences.delete)) + + return &differences +} + +func (r *Reconciler) updateMemberships(p *goharborv1.HarborProject, differences *memberDifferences, log logr.Logger) error { + // delete all members marked for deletion + for _, delMember := range differences.delete { + log.Info("delete project member", "member", delMember.EntityName) + + err := r.Harbor.DeleteProjectMember(p.Spec.ProjectName, delMember.ID) + if err != nil { + return err + } + } + + // create all members marked for creation + for _, createMember := range differences.create { + name := getProjectMemberName(createMember) + + log.Info("create project member", "member", name) + + err := r.Harbor.CreateProjectMember(p.Spec.ProjectName, createMember) + if err != nil { + return err + } + } + + // update all members marked for updating + for _, updateMember := range differences.update { + log.Info("update project member", "member", updateMember.current.EntityName) + + err := r.Harbor.UpdateProjectMember(p.Spec.ProjectName, updateMember.current.ID, &models.RoleRequest{RoleID: updateMember.desired.RoleID}) + if err != nil { + return err + } + } + + return nil +} + +func areMembersEqual(harborMember *models.ProjectMemberEntity, k8sMember *models.ProjectMember) bool { + return harborMember.EntityType == "g" && k8sMember.MemberGroup != nil && k8sMember.MemberGroup.GroupName == harborMember.EntityName || + harborMember.EntityType == "u" && k8sMember.MemberUser != nil && k8sMember.MemberUser.Username == harborMember.EntityName +} + +func getProjectMemberName(member *models.ProjectMember) (name string) { + switch { + case member.MemberGroup != nil: + return member.MemberGroup.GroupName + case member.MemberUser != nil: + return member.MemberUser.Username + default: + return "" + } +} + +func createDesiredMemberships(definedMemberships []*goharborv1.HarborProjectMember) ([]models.ProjectMember, error) { + desiredMembers := []models.ProjectMember{} + + for _, definedMember := range definedMemberships { + newMember := models.ProjectMember{} + + switch definedMember.Type { + case "group": + newMember.MemberGroup = &models.UserGroup{GroupName: definedMember.Name} + case "user": + newMember.MemberUser = &models.UserEntity{Username: definedMember.Name} + default: + return nil, errors.Errorf("unexpected member type \"%s\" for member \"%s\"", definedMember.Type, definedMember.Name) + } + + newMember.RoleID = int64(memberRoleMapping[definedMember.Role]) + desiredMembers = append(desiredMembers, newMember) + } + + return desiredMembers, nil +} + +// marshal all current and desired memberships into json and hash them. +// this hash is used to efficiently find differences later on. +func generateHash(currentMemberships []*models.ProjectMemberEntity, desiredMemberships []*goharborv1.HarborProjectMember) (string, error) { + type membershipComp struct { + CurrentMemberships []*models.ProjectMemberEntity + DesiredMemberships []*goharborv1.HarborProjectMember + } + + membershipByteArr, err := json.Marshal(membershipComp{CurrentMemberships: currentMemberships, DesiredMemberships: desiredMemberships}) + if err != nil { + err = errors.Wrap(err, "error marshaling memberships for comparison") + + return "", err + } + + currentHashArr := sha256.Sum256(membershipByteArr) + + return hex.EncodeToString(currentHashArr[:]), nil +} diff --git a/controllers/goharbor/project/quota.go b/controllers/goharbor/project/quota.go new file mode 100644 index 000000000..145ca6324 --- /dev/null +++ b/controllers/goharbor/project/quota.go @@ -0,0 +1,64 @@ +package project + +import ( + "strings" + + "github.com/go-logr/logr" + "github.com/goharbor/go-client/pkg/sdk/v2.0/models" + "github.com/pkg/errors" + goharborv1 "github.com/plotly/harbor-operator/apis/goharbor.io/v1beta1" +) + +const errorStatus string = "GetProjectQuotaError" + +func (r *Reconciler) reconcileQuota(hp *goharborv1.HarborProject, log logr.Logger) error { + projectRequest, err := r.Harbor.GetProjectRequest(hp) + if err != nil { + return errors.Wrapf(err, "error getting harbor project request") + } + + var projectQuota *models.Quota + + if hp.Status.QuotaID == 0 { //nolint:nestif + // QuotaID in custom resource still undefined. Get Quota via ProjectID + quota, err := r.Harbor.GetQuotaByProjectID(hp.Status.ProjectID) + if err != nil { + err = errors.Wrapf(err, "error getting quota of harbor project") + hp.Status.Reason = errorStatus + + return err + } + // set QuotaID field in custom resource and save quota for further usage + hp.Status.QuotaID = quota.ID + projectQuota = quota + } else { + quota, err := r.Harbor.GetQuotaByID(hp.Status.QuotaID) + if err != nil { + // reset cached quota ID if its not found + if strings.Contains(err.Error(), "getQuotaNotFound") { + hp.Status.QuotaID = 0 + } + + err = errors.Wrapf(err, "error getting quota of harbor project") + hp.Status.Reason = errorStatus + + return err + } + projectQuota = quota + } + + // update quota if it was changed + if *projectRequest.StorageLimit != projectQuota.Hard["storage"] { + log.Info("quota changed", "oldQuota", projectQuota.Hard["storage"], "newQuota", *projectRequest.StorageLimit) + + err := r.Harbor.UpdateProjectQuota(projectQuota.ID, *projectRequest.StorageLimit) + if err != nil { + err = errors.Wrapf(err, "error updating quota of harbor project") + hp.Status.Reason = "UpdateProjectQuotaError" + + return err + } + } + + return nil +} diff --git a/docs/day2/day2-harborprojects.md b/docs/day2/day2-harborprojects.md new file mode 100644 index 000000000..f740a803c --- /dev/null +++ b/docs/day2/day2-harborprojects.md @@ -0,0 +1,121 @@ +# HarborProject Day2 Operations + +Harbor Operator is capable of managing the projects of a Harbor instance. + +The following operations involving projects are currently supported: + +* Create, update and delete projects +* Manage group and user memberships of projects +* Update a projects storage quota + +By default, the operator reconciles all `HarborProject` resources every 5 minutes. Changes applied manually to operator-managed projects will be overwritten. The reconciliation interval can be configured using the key `controllers.harborProject.requeueAfterMinutes` in the operator's `values.yaml`. + +## The `HarborProject` CustomResourceDefinition + +Harbor projects can be managed by deploying a `HarborProject` resource to your Kubernetes cluster. + +### `spec` + +* `cveAllowList`: List of CVE-strings. This sets the CVE allow list of the project. +* `harborServerConfig`: Name of a `HarborServerConfig` resource containing the reference and configurations for the harbor instance to manage. +* `memberships`: List of members. Members are defined as follows: + * `name`: Name of the member. Has to match with a existing user or group in the harbor instance. + * `role`: Role of the member in the project. This controls the member's permissions on the project. Can be either `projectAdmin`, `developer`, `guest` or `maintainer`. See the [Harbor Docs](https://goharbor.io/docs/latest/administration/managing-users/user-permissions-by-role/) for further info on member permissions. + * `type`: Type of the member, can be `group` or `user`. +* `metadata`: Miscellaneous project metadata. + * `autoScan`: Boolean. Whether to scan images automatically after pushing. + * `enableContentTrust`: Boolean. Whether content trust is enabled or not. If enabled, user can't pull unsigned images from this project. + * `enableContentTrustCosign`: Boolean. Whether cosign content trust is enabled or not. Similar to enableContentTrust, but using cosign. + * `preventVulnerable`: Boolean. Whether to prevent vulnerable images from running. + * `public`: Boolean. Whether the project should be public or not. + * `reuseSysCveAllowlist`: Boolean. Whether this project reuses the system level CVE allowlist for itself. If this is set to `true`, the actual allowlist associated with this project will be ignored. + * `severity`: If an image's vulnerablilities are higher than the severity defined here, the image can't be pulled. Can be either `none`, `low`, `medium`, `high` or `critical`. +* `projectName`: The name of the harbor project. Has to match harbor's naming rules. +* `storageQuota`: The project's storage quota in human-readable format, like in Kubernetes memory requests/limits (Ti, Gi, Mi, Ki). The Harbor's default value is used if empty. + +## Examples + +### Metadata + +```yaml +apiVersion: goharbor.io/v1beta1 +kind: HarborProject +metadata: + name: metadata-enabled +spec: + harborServerConfig: harborcluster + metadata: + autoScan: true + enableContentTrust: true + enableContentTrustCosign: true + preventVulnerable: true + public: true + reuseSysCveAllowlist: true + severity: "critical" + projectName: metadata-enabled + storageQuota: 10Gi +``` + +### Users and groups + +```yaml +apiVersion: goharbor.io/v1beta1 +kind: HarborProject +metadata: + name: users-and-groups +spec: + harborServerConfig: harborcluster + memberships: + - name: admin + role: projectAdmin + type: user + - name: testgroupA + role: maintainer + type: group + - name: testgroupB + role: developer + type: group + - name: testgroupC + role: guest + type: group + projectName: users-and-groups + storageQuota: 10Gi +``` + +### CVE allowlist + +```yaml +apiVersion: goharbor.io/v1beta1 +kind: HarborProject +metadata: + name: cve-allowlist +spec: + cveAllowList: + - CVE-2021-3121 + - CVE-2021-43816 + - CVE-2022-31836 + - CVE-2023-25173 + harborServerConfig: harborcluster + metadata: + reuseSysCveAllowlist: false + projectName: cve-allowlist + storageQuota: 10Gi +``` + +```yaml +apiVersion: goharbor.io/v1beta1 +kind: HarborProject +metadata: + name: cve-allowlist-syscve +spec: + cveAllowList: + - CVE-2021-3121 + - CVE-2021-43816 + - CVE-2022-31836 + - CVE-2023-25173 + harborServerConfig: harborcluster + metadata: + reuseSysCveAllowlist: true # will overwrite project cveAllowlist if set + projectName: cve-allowlist-syscve + storageQuota: 10Gi +``` diff --git a/docs/development.md b/docs/development.md index 7934fcceb..a199a42df 100644 --- a/docs/development.md +++ b/docs/development.md @@ -7,9 +7,9 @@ git clone https://github.com/goharbor/harbor-operator.git cd harbor-operator ``` -You developped a new cool feature? Fixed an annoying bug? We would be happy to hear from you! +You developed a new cool feature? Fixed an annoying bug? We would be happy to hear from you! -Have a look in [CONTRIBUTING.md](https://github.com/goharbor/harbor-operator/blob/master/CONTRIBUTING.md) +Have a look in [CONTRIBUTING.md](https://github.com/goharbor/harbor-operator/blob/main/CONTRIBUTING.md) ## Dependencies diff --git a/docs/installation/by-helm-chart.md b/docs/installation/by-helm-chart.md index 5397ba425..465949529 100644 --- a/docs/installation/by-helm-chart.md +++ b/docs/installation/by-helm-chart.md @@ -116,7 +116,7 @@ you can check the additional references listed below. Besides, you can also enable the operators of the dependent services in `charts/harbor-operator/values.yaml` to deploy full stack Harbor more efficient. -* Find the configuration items of the dependent operators charts from [here](https://github.com/goharbor/harbor-operator/blob/master/charts/harbor-operator/values.yaml#L252) +* Find the configuration items of the dependent operators charts from [here](https://github.com/goharbor/harbor-operator/blob/main/charts/harbor-operator/values.yaml#L252) ## What's next diff --git a/docs/installation/kustomization-all-in-one.md b/docs/installation/kustomization-all-in-one.md index 42822b022..c97367982 100644 --- a/docs/installation/kustomization-all-in-one.md +++ b/docs/installation/kustomization-all-in-one.md @@ -18,7 +18,7 @@ The installation guide documented here help you deploy Harbor operator stack wit Directly apply the all-in-one deployment manifest to your Kubernetes cluster: ```shell -kubectl apply -f https://raw.githubusercontent.com/goharbor/harbor-operator/master/manifests/cluster/deployment.yaml +kubectl apply -f https://raw.githubusercontent.com/goharbor/harbor-operator/main/manifests/cluster/deployment.yaml ``` >NOTES: Here we use the deployment manifest in the `main` branch as an example, for deploying the released versions, you can get the deployment manifest in the GitHub release page or find it in the corresponding code branch such as `release-1.3.0`. @@ -81,7 +81,7 @@ kubectl apply -f customized_deployment.yaml Delete the harbor operator stack by the deployment manifest: ```shell -kubectl delete -f https://raw.githubusercontent.com/goharbor/harbor-operator/master/manifests/cluster/deployment.yaml +kubectl delete -f https://raw.githubusercontent.com/goharbor/harbor-operator/main/manifests/cluster/deployment.yaml ``` Or delete the harbor operator stack by the kustomization template: diff --git a/docs/installation/kustomization-custom.md b/docs/installation/kustomization-custom.md index be634ae03..2c86fea15 100644 --- a/docs/installation/kustomization-custom.md +++ b/docs/installation/kustomization-custom.md @@ -103,7 +103,7 @@ kustomize build | kubectl delete -f - Deploy the Harbor operator with the deployment manifest: ```shell -kubectl apply -f https://raw.githubusercontent.com/goharbor/harbor-operator/master/manifests/harbor/deployment.yaml +kubectl apply -f https://raw.githubusercontent.com/goharbor/harbor-operator/main/manifests/harbor/deployment.yaml ``` Check the Harbor operator status (by default it's deployed into the `harbor-operator-ns` namespace): @@ -122,7 +122,7 @@ harbor-operator-76c44d8ddd-z7rgx 1/1 Running 0 80s For deleting the Harbor operator, call ```shell -kubectl delete -f https://raw.githubusercontent.com/goharbor/harbor-operator/master/manifests/harbor/deployment.yaml +kubectl delete -f https://raw.githubusercontent.com/goharbor/harbor-operator/main/manifests/harbor/deployment.yaml ``` Of course, you can clone the codebase into your computer and then customize and deploy with the kustomization template: diff --git a/docs/tutorial.md b/docs/tutorial.md index 83fb3f09e..8e6b12f0f 100644 --- a/docs/tutorial.md +++ b/docs/tutorial.md @@ -279,7 +279,7 @@ status: operator: controllerGitCommit: 35056b427665e9ee6331e7b3ddede8c26b86dbc5 controllerName: harborcluster - controllerVersion: dev_master + controllerVersion: dev revision: 1642500151584677122 status: healthy ``` diff --git a/go.mod b/go.mod index 193ae4cf9..027a1345a 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/go-logr/logr v1.2.4 github.com/go-openapi/runtime v0.21.0 github.com/go-redis/redis v6.15.9+incompatible - github.com/goharbor/go-client v0.25.0 + github.com/goharbor/go-client v0.26.2 github.com/goharbor/harbor/src v0.0.0-20220526154154-b0506782b47d github.com/jaegertracing/jaeger-lib v2.2.0+incompatible github.com/jetstack/cert-manager v1.1.0 @@ -55,7 +55,7 @@ require ( github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/docker/distribution v2.8.2-beta.1+incompatible // indirect + github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/go v0.0.0-20160303222718-d30aec9fd63c // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect diff --git a/go.sum b/go.sum index 42d2f4f40..a9e10e5a1 100644 --- a/go.sum +++ b/go.sum @@ -347,8 +347,8 @@ github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyG github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/distribution v2.8.2-beta.1+incompatible h1:gILO60VLD2v28ozemv4aAwDb8ds5U2O/vD/sBXbd7Rw= -github.com/docker/distribution v2.8.2-beta.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= +github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.8+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= @@ -604,8 +604,8 @@ github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/goharbor/go-client v0.25.0 h1:VDfikJyEe6ejnm4VurAaVi+tDLC2yWhuzMQJkOhUiVo= -github.com/goharbor/go-client v0.25.0/go.mod h1:XMWHucuHU9VTRx6U6wYwbRuyCVhE6ffJGRjaeo0nvwo= +github.com/goharbor/go-client v0.26.2 h1:pu79j/vmrsR7HF5YztHJqUU/Ki2VLJo+c4pMUvdjJmg= +github.com/goharbor/go-client v0.26.2/go.mod h1:XMWHucuHU9VTRx6U6wYwbRuyCVhE6ffJGRjaeo0nvwo= github.com/goharbor/harbor/src v0.0.0-20220526154154-b0506782b47d h1:MOwBwJi3VIoPls3O8jZrLHRbgw6l3rhIQQmZVAPL/t0= github.com/goharbor/harbor/src v0.0.0-20220526154154-b0506782b47d/go.mod h1:ud/eT8hR+/hRtF/35KTuXSJFT/CMmaF/W30u03AgSqI= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= diff --git a/manifests/cluster/deployment.yaml b/manifests/cluster/deployment.yaml index d302ef859..a525602ea 100644 --- a/manifests/cluster/deployment.yaml +++ b/manifests/cluster/deployment.yaml @@ -1052,6 +1052,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -2183,6 +2187,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -2662,6 +2670,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -3121,6 +3133,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -3465,6 +3481,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -3753,6 +3773,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -3960,6 +3984,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -4059,6 +4087,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tokenIssuer: properties: group: @@ -4208,6 +4240,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -4945,6 +4981,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5044,6 +5084,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5124,6 +5168,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5205,6 +5253,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5366,6 +5418,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5446,6 +5502,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5560,6 +5620,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5764,6 +5828,8 @@ spec: x-kubernetes-int-or-string: true type: object type: object + serviceAccountName: + type: string storage: type: string storageClassName: @@ -5847,6 +5913,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5886,6 +5956,16 @@ spec: type: object x-kubernetes-map-type: atomic type: array + maxIdleConnections: + default: 50 + format: int32 + minimum: 0 + type: integer + maxOpenConnections: + default: 1000 + format: int32 + minimum: 0 + type: integer metrics: properties: enabled: @@ -5946,6 +6026,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tokenIssuer: properties: group: @@ -6175,6 +6259,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6386,6 +6474,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6492,6 +6584,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6572,6 +6668,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6653,6 +6753,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6793,6 +6897,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6873,6 +6981,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -7586,6 +7698,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -7975,6 +8091,150 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + goharbor.io/deploy-engine: Kustomization + goharbor.io/deploy-mode: cluster + goharbor.io/operator-version: v1.3.0 + name: harborprojects.goharbor.io +spec: + group: goharbor.io + names: + categories: + - goharbor + kind: HarborProject + listKind: HarborProjectList + plural: harborprojects + shortNames: + - hp + singular: harborproject + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Project name in Harbor + jsonPath: .spec.projectName + name: ProjectName + type: string + - description: HarborServerConfiguration name + jsonPath: .spec.harborServerConfig + name: HarborServerConfig + type: string + - description: HarborProject status + jsonPath: .status.status + name: Status + type: string + - description: Timestamp representing the server time when this object was created. + It is not guaranteed to be set in happens-before order across separate operations. + Clients may not set this value. It is represented in RFC3339 form and is in + UTC. + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + cveAllowList: + items: + type: string + type: array + harborServerConfig: + type: string + memberships: + items: + properties: + name: + type: string + role: + enum: + - projectAdmin + - developer + - guest + - maintainer + type: string + type: + enum: + - group + - user + type: string + required: + - name + - role + - type + type: object + type: array + metadata: + properties: + autoScan: + type: boolean + enableContentTrust: + type: boolean + enableContentTrustCosign: + type: boolean + preventVulnerable: + type: boolean + public: + type: boolean + reuseSysCveAllowlist: + type: boolean + severity: + enum: + - none + - low + - medium + - high + - critical + type: string + type: object + projectName: + maxLength: 255 + minLength: 1 + pattern: ^[a-z0-9]+(?:[._-][a-z0-9]+)*$ + type: string + storageQuota: + pattern: ^[1-9][0-9]*(Ti|Gi|Mi|Ki)$ + type: string + required: + - harborServerConfig + - projectName + type: object + status: + properties: + lastApplyTime: + format: date-time + type: string + membershipHash: + type: string + message: + type: string + projectID: + format: int32 + type: integer + quotaID: + format: int64 + type: integer + reason: + type: string + status: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: harbor-operator-ns/serving-cert @@ -8113,6 +8373,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -8212,6 +8476,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tokenIssuer: properties: group: @@ -8361,6 +8629,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -8673,6 +8945,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -8772,6 +9048,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -8852,6 +9132,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -8933,6 +9217,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -9094,6 +9382,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -9174,6 +9466,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -9288,6 +9584,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -9470,6 +9770,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -9509,6 +9813,16 @@ spec: type: object x-kubernetes-map-type: atomic type: array + maxIdleConnections: + default: 50 + format: int32 + minimum: 0 + type: integer + maxOpenConnections: + default: 1000 + format: int32 + minimum: 0 + type: integer metrics: properties: enabled: @@ -9569,6 +9883,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tokenIssuer: properties: group: @@ -9720,6 +10038,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10134,6 +10456,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10240,6 +10566,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10320,6 +10650,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10401,6 +10735,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10562,6 +10900,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10642,6 +10984,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10826,6 +11172,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -12722,6 +13072,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -15257,6 +15611,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -15653,6 +16011,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -15920,6 +16282,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -16200,6 +16566,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -16423,6 +16793,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -16613,6 +16987,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -16780,6 +17158,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -30745,6 +31127,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -32292,6 +32678,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -32594,6 +32984,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -32783,6 +33177,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -43451,6 +43849,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -45233,6 +45635,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object timeout: default: 5m0s type: string @@ -45788,6 +46194,42 @@ rules: - patch - update - watch +- apiGroups: + - goharbor.io + resources: + - harborprojects + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - goharbor.io + resources: + - harborprojects/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - goharbor.io + resources: + - harborprojects/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - goharbor.io resources: @@ -46564,6 +47006,13 @@ data: - key: max-reconcile priority: 200 value: "1" + harborproject-ctrl.yaml: | + - key: max-reconcile + priority: 200 + value: "1" + - key: requeue-after-minutes + priority: 200 + value: "5" jobservice-ctrl.yaml: | - key: max-reconcile priority: 200 @@ -46690,8 +47139,8 @@ data: httpport = 8080 jobservice-config.yaml.tmpl: | {{/* - https://github.com/goharbor/harbor/blob/master/make/photon/prepare/templates/jobservice/config.yml.jinja - https://github.com/goharbor/harbor/blob/master/src/jobservice/config/config.go#L63 + https://github.com/goharbor/harbor/blob/main/make/photon/prepare/templates/jobservice/config.yml.jinja + https://github.com/goharbor/harbor/blob/main/src/jobservice/config/config.go#L63 */}} {{- if .Spec.TLS.Enabled }} protocol: "https" @@ -47287,7 +47736,7 @@ spec: fieldPath: metadata.namespace - name: CONFIGURATION_FROM value: env,file:/etc/harbor-operator/config.yaml - image: ghcr.io/goharbor/harbor-operator:dev_master + image: ghcr.io/goharbor/harbor-operator:dev livenessProbe: httpGet: path: /healthz @@ -47628,6 +48077,27 @@ webhooks: resources: - harborclusters sideEffects: None +- admissionReviewVersions: + - v1beta1 + - v1 + clientConfig: + service: + name: webhook-service + namespace: harbor-operator-ns + path: /validate-goharbor-io-v1beta1-harborproject + failurePolicy: Fail + name: vharborproject.kb.io + rules: + - apiGroups: + - goharbor.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - harborprojects + sideEffects: None - admissionReviewVersions: - v1beta1 - v1 diff --git a/manifests/cluster/kustomization.yaml b/manifests/cluster/kustomization.yaml index 41fc4f28f..162fdcd1d 100644 --- a/manifests/cluster/kustomization.yaml +++ b/manifests/cluster/kustomization.yaml @@ -47,4 +47,4 @@ images: newName: ghcr.io/goharbor/postgres-operator - name: goharbor/harbor-operator newName: ghcr.io/goharbor/harbor-operator - newTag: dev_master + newTag: dev diff --git a/manifests/harbor/deployment.yaml b/manifests/harbor/deployment.yaml index 6af3a74cc..3693ca4d2 100644 --- a/manifests/harbor/deployment.yaml +++ b/manifests/harbor/deployment.yaml @@ -1052,6 +1052,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -2183,6 +2187,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -2662,6 +2670,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -3121,6 +3133,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -3465,6 +3481,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -3753,6 +3773,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -3960,6 +3984,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -4059,6 +4087,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tokenIssuer: properties: group: @@ -4208,6 +4240,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -4945,6 +4981,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5044,6 +5084,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5124,6 +5168,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5205,6 +5253,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5366,6 +5418,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5446,6 +5502,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5560,6 +5620,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5764,6 +5828,8 @@ spec: x-kubernetes-int-or-string: true type: object type: object + serviceAccountName: + type: string storage: type: string storageClassName: @@ -5847,6 +5913,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -5886,6 +5956,16 @@ spec: type: object x-kubernetes-map-type: atomic type: array + maxIdleConnections: + default: 50 + format: int32 + minimum: 0 + type: integer + maxOpenConnections: + default: 1000 + format: int32 + minimum: 0 + type: integer metrics: properties: enabled: @@ -5946,6 +6026,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tokenIssuer: properties: group: @@ -6175,6 +6259,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6386,6 +6474,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6492,6 +6584,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6572,6 +6668,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6653,6 +6753,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6793,6 +6897,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -6873,6 +6981,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -7586,6 +7698,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -7975,6 +8091,150 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + goharbor.io/deploy-engine: Kustomization + goharbor.io/deploy-mode: harbor + goharbor.io/operator-version: v1.3.0 + name: harborprojects.goharbor.io +spec: + group: goharbor.io + names: + categories: + - goharbor + kind: HarborProject + listKind: HarborProjectList + plural: harborprojects + shortNames: + - hp + singular: harborproject + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Project name in Harbor + jsonPath: .spec.projectName + name: ProjectName + type: string + - description: HarborServerConfiguration name + jsonPath: .spec.harborServerConfig + name: HarborServerConfig + type: string + - description: HarborProject status + jsonPath: .status.status + name: Status + type: string + - description: Timestamp representing the server time when this object was created. + It is not guaranteed to be set in happens-before order across separate operations. + Clients may not set this value. It is represented in RFC3339 form and is in + UTC. + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + cveAllowList: + items: + type: string + type: array + harborServerConfig: + type: string + memberships: + items: + properties: + name: + type: string + role: + enum: + - projectAdmin + - developer + - guest + - maintainer + type: string + type: + enum: + - group + - user + type: string + required: + - name + - role + - type + type: object + type: array + metadata: + properties: + autoScan: + type: boolean + enableContentTrust: + type: boolean + enableContentTrustCosign: + type: boolean + preventVulnerable: + type: boolean + public: + type: boolean + reuseSysCveAllowlist: + type: boolean + severity: + enum: + - none + - low + - medium + - high + - critical + type: string + type: object + projectName: + maxLength: 255 + minLength: 1 + pattern: ^[a-z0-9]+(?:[._-][a-z0-9]+)*$ + type: string + storageQuota: + pattern: ^[1-9][0-9]*(Ti|Gi|Mi|Ki)$ + type: string + required: + - harborServerConfig + - projectName + type: object + status: + properties: + lastApplyTime: + format: date-time + type: string + membershipHash: + type: string + message: + type: string + projectID: + format: int32 + type: integer + quotaID: + format: int64 + type: integer + reason: + type: string + status: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: harbor-operator-ns/serving-cert @@ -8113,6 +8373,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -8212,6 +8476,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tokenIssuer: properties: group: @@ -8361,6 +8629,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -8673,6 +8945,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -8772,6 +9048,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -8852,6 +9132,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -8933,6 +9217,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -9094,6 +9382,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -9174,6 +9466,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -9288,6 +9584,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -9470,6 +9770,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -9509,6 +9813,16 @@ spec: type: object x-kubernetes-map-type: atomic type: array + maxIdleConnections: + default: 50 + format: int32 + minimum: 0 + type: integer + maxOpenConnections: + default: 1000 + format: int32 + minimum: 0 + type: integer metrics: properties: enabled: @@ -9569,6 +9883,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tokenIssuer: properties: group: @@ -9720,6 +10038,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10134,6 +10456,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10240,6 +10566,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10320,6 +10650,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10401,6 +10735,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10562,6 +10900,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10642,6 +10984,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -10826,6 +11172,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -12722,6 +13072,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -15257,6 +15611,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -15653,6 +16011,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -15920,6 +16282,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -16200,6 +16566,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -16423,6 +16793,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -16613,6 +16987,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -16780,6 +17158,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -18345,6 +18727,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -19892,6 +20278,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -20194,6 +20584,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -20383,6 +20777,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tls: properties: certificateRef: @@ -22176,6 +22574,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object tolerations: items: properties: @@ -23958,6 +24360,10 @@ spec: additionalProperties: type: string type: object + templateLabels: + additionalProperties: + type: string + type: object timeout: default: 5m0s type: string @@ -24480,6 +24886,42 @@ rules: - patch - update - watch +- apiGroups: + - goharbor.io + resources: + - harborprojects + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - goharbor.io + resources: + - harborprojects/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - goharbor.io + resources: + - harborprojects/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - goharbor.io resources: @@ -24784,6 +25226,13 @@ data: - key: max-reconcile priority: 200 value: "1" + harborproject-ctrl.yaml: | + - key: max-reconcile + priority: 200 + value: "1" + - key: requeue-after-minutes + priority: 200 + value: "5" jobservice-ctrl.yaml: | - key: max-reconcile priority: 200 @@ -24910,8 +25359,8 @@ data: httpport = 8080 jobservice-config.yaml.tmpl: | {{/* - https://github.com/goharbor/harbor/blob/master/make/photon/prepare/templates/jobservice/config.yml.jinja - https://github.com/goharbor/harbor/blob/master/src/jobservice/config/config.go#L63 + https://github.com/goharbor/harbor/blob/main/make/photon/prepare/templates/jobservice/config.yml.jinja + https://github.com/goharbor/harbor/blob/main/src/jobservice/config/config.go#L63 */}} {{- if .Spec.TLS.Enabled }} protocol: "https" @@ -25386,7 +25835,7 @@ spec: fieldPath: metadata.namespace - name: CONFIGURATION_FROM value: env,file:/etc/harbor-operator/config.yaml - image: ghcr.io/goharbor/harbor-operator:dev_master + image: ghcr.io/goharbor/harbor-operator:dev livenessProbe: httpGet: path: /healthz @@ -25580,6 +26029,27 @@ webhooks: resources: - harborclusters sideEffects: None +- admissionReviewVersions: + - v1beta1 + - v1 + clientConfig: + service: + name: webhook-service + namespace: harbor-operator-ns + path: /validate-goharbor-io-v1beta1-harborproject + failurePolicy: Fail + name: vharborproject.kb.io + rules: + - apiGroups: + - goharbor.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - harborprojects + sideEffects: None - admissionReviewVersions: - v1beta1 - v1 diff --git a/manifests/harbor/kustomization.yaml b/manifests/harbor/kustomization.yaml index 66919a530..1d86c1c25 100644 --- a/manifests/harbor/kustomization.yaml +++ b/manifests/harbor/kustomization.yaml @@ -23,4 +23,4 @@ resources: images: - name: goharbor/harbor-operator newName: ghcr.io/goharbor/harbor-operator - newTag: dev_master \ No newline at end of file + newTag: dev \ No newline at end of file diff --git a/pkg/cluster/controllers/cache/resource_manager.go b/pkg/cluster/controllers/cache/resource_manager.go index d2688fe75..c59bef99c 100644 --- a/pkg/cluster/controllers/cache/resource_manager.go +++ b/pkg/cluster/controllers/cache/resource_manager.go @@ -107,9 +107,10 @@ func (rm *redisResourceManager) GetCacheCR(ctx context.Context, harborcluster *g Spec: pvc.Spec, }, }, - Image: image, - ImagePullPolicy: rm.getImagePullPolicy(ctx, harborcluster), - ImagePullSecrets: rm.getImagePullSecrets(ctx, harborcluster), + Image: image, + ImagePullPolicy: rm.getImagePullPolicy(ctx, harborcluster), + ImagePullSecrets: rm.getImagePullSecrets(ctx, harborcluster), + ServiceAccountName: rm.getServiceAccountName(ctx, harborcluster), }, Sentinel: redisOp.SentinelSettings{ Replicas: int32(rm.GetClusterServerReplica()), @@ -242,3 +243,11 @@ func (rm *redisResourceManager) getImagePullSecrets(_ context.Context, harborclu return nil } + +func (rm *redisResourceManager) getServiceAccountName(_ context.Context, harborcluster *goharborv1.HarborCluster) string { + if rm.cluster.Spec.Cache.Spec.RedisFailover != nil && rm.cluster.Spec.Cache.Spec.RedisFailover.Server != nil { + return harborcluster.Spec.Cache.Spec.RedisFailover.Server.ServiceAccountName + } + + return "" +} diff --git a/pkg/cluster/controllers/database/update.go b/pkg/cluster/controllers/database/update.go index 69120fe47..bf2fea567 100644 --- a/pkg/cluster/controllers/database/update.go +++ b/pkg/cluster/controllers/database/update.go @@ -36,6 +36,8 @@ func (p *PostgreSQLController) Update(ctx context.Context, harborcluster *goharb return databaseNotReadyStatus(DefaultUnstructuredConverterError, err.Error()), err } + expectCR.SetOwnerReferences(actualCR.GetOwnerReferences()) + if !common.Equals(ctx, p.Scheme, harborcluster, &actualCR) { p.Log.Info( "Update Database resource", diff --git a/pkg/rest/v2/client.go b/pkg/rest/v2/client.go index a2aba1d6f..045ad37bc 100644 --- a/pkg/rest/v2/client.go +++ b/pkg/rest/v2/client.go @@ -3,12 +3,10 @@ package v2 import ( "context" "fmt" - "strings" "time" "github.com/go-logr/logr" "github.com/goharbor/go-client/pkg/sdk/v2.0/client/health" - "github.com/goharbor/go-client/pkg/sdk/v2.0/client/project" "github.com/goharbor/go-client/pkg/sdk/v2.0/client/robotv1" "github.com/goharbor/go-client/pkg/sdk/v2.0/models" "github.com/plotly/harbor-operator/pkg/rest/model" @@ -71,102 +69,6 @@ func (c *Client) WithTimeout(timeout time.Duration) *Client { return c } -// EnsureProject ensures the specified project is on the harbor server -// If project with name is existing, then error will be nil. -func (c *Client) EnsureProject(name string) (int64, error) { - if len(name) == 0 { - return -1, errors.New("project name is empty") - } - - if c.harborClient == nil { - return -1, errors.New("nil harbor client") - } - - // Check existence first - p, err := c.GetProject(name) - if err == nil { - return int64(p.ProjectID), nil - } - - if err != nil { - if !strings.Contains(err.Error(), "no project with name") { - return 0, errors.Errorf("error when getting project %s: %s", name, err) - } - } - - fmt.Println("creating project since target project doesn't exist") - - // Create one when the project does not exist - cparams := project.NewCreateProjectParamsWithContext(c.context). - WithTimeout(c.timeout). - WithProject(&models.ProjectReq{ - ProjectName: name, - Metadata: &models.ProjectMetadata{ - Public: "false", - }, - }) - - cp, err := c.harborClient.Client.Project.CreateProject(c.context, cparams) - if err != nil { - return -1, fmt.Errorf("ensure project error: %w", err) - } - - return utilstring.ExtractID(cp.Location) -} - -// GetProject gets the project data. -func (c *Client) GetProject(name string) (*models.Project, error) { - if len(name) == 0 { - return nil, errors.New("project name is empty") - } - - if c.harborClient == nil { - return nil, errors.New("nil harbor client") - } - // Use listProject endpoint since getProject requires project id query key - params := project.NewListProjectsParamsWithContext(c.context). - WithTimeout(c.timeout). - WithName(&name) - - res, err := c.harborClient.Client.Project.ListProjects(c.context, params) - if err != nil { - return nil, fmt.Errorf("get project error: %w", err) - } - - if len(res.Payload) < 1 { - return nil, errors.Errorf("no project with name %s exists", name) - } - - return res.Payload[0], nil -} - -// DeleteProject deletes project. -func (c *Client) DeleteProject(name string) error { - if len(name) == 0 { - return errors.New("project name is empty") - } - - if c.harborClient == nil { - return errors.New("nil harbor client") - } - - // Get ID first - p, err := c.GetProject(name) - if err != nil { - return fmt.Errorf("delete project error: %w", err) - } - - params := project.NewDeleteProjectParamsWithContext(c.context). - WithTimeout(c.timeout). - WithProjectNameOrID(string(p.ProjectID)) - - if _, err = c.harborClient.Client.Project.DeleteProject(c.context, params); err != nil { - return err - } - - return nil -} - func (c *Client) CheckHealth() (*models.OverallHealthStatus, error) { params := health.NewGetHealthParams(). WithTimeout(c.timeout) diff --git a/pkg/rest/v2/project.go b/pkg/rest/v2/project.go new file mode 100644 index 000000000..7bffbad58 --- /dev/null +++ b/pkg/rest/v2/project.go @@ -0,0 +1,369 @@ +package v2 + +import ( + "fmt" + "math" + "strconv" + "strings" + + "github.com/goharbor/go-client/pkg/sdk/v2.0/client/member" + "github.com/goharbor/go-client/pkg/sdk/v2.0/client/project" + "github.com/goharbor/go-client/pkg/sdk/v2.0/client/quota" + "github.com/goharbor/go-client/pkg/sdk/v2.0/models" + "github.com/pkg/errors" + goharborv1beta1 "github.com/plotly/harbor-operator/apis/goharbor.io/v1beta1" + utilstring "github.com/plotly/harbor-operator/pkg/utils/strings" + "github.com/spotahome/redis-operator/log" + "k8s.io/apimachinery/pkg/api/resource" +) + +const ( + paginationSize int64 = 25 + baseInt10 int = 10 +) + +// EnsureProject ensures the specified project is on the harbor server +// If project with name is existing, then error will be nil. +func (c *Client) EnsureProject(name string) (int64, error) { + if len(name) == 0 { + return -1, errors.New("project name is empty") + } + + if c.harborClient == nil { + return -1, errors.New("nil harbor client") + } + + // Check existence first + p, err := c.GetProjectByName(name) + if err == nil { + return int64(p.ProjectID), nil + } + + if !strings.Contains(err.Error(), "no project with name") { + return 0, errors.Errorf("error when getting project %s: %s", name, err) + } + + fmt.Println("creating project since target project doesn't exist") + + // Create one when the project does not exist + cparams := project.NewCreateProjectParamsWithContext(c.context). + WithTimeout(c.timeout). + WithProject(&models.ProjectReq{ + ProjectName: name, + Metadata: &models.ProjectMetadata{ + Public: "false", + }, + }) + + cp, err := c.harborClient.Client.Project.CreateProject(c.context, cparams) + if err != nil { + return -1, fmt.Errorf("ensure project error: %w", err) + } + + return utilstring.ExtractID(cp.Location) +} + +func (c *Client) ProjectExists(name string) (bool, error) { + headProjectOK, err := c.harborClient.Client.Project.HeadProject(c.context, project.NewHeadProjectParams().WithProjectName(name)) + // headProjectNotFound error is expected when project does not exist, throw all other errors + if err != nil && strings.Contains(err.Error(), "headProjectNotFound") { + err = nil + } + + return headProjectOK != nil, err +} + +// GetProjectByName gets the project data. +func (c *Client) GetProjectByName(name string) (*models.Project, error) { + if len(name) == 0 { + return nil, errors.New("project name is empty") + } + + if c.harborClient == nil { + return nil, errors.New("nil harbor client") + } + // Use listProject endpoint since getProject requires project id query key + params := project.NewListProjectsParamsWithContext(c.context). + WithTimeout(c.timeout). + WithName(&name) + + res, err := c.harborClient.Client.Project.ListProjects(c.context, params) + if err != nil { + return nil, fmt.Errorf("get project error: %w", err) + } + + if len(res.Payload) < 1 { + return nil, errors.Errorf("no project with name %s exists", name) + } + + return res.Payload[0], nil +} + +func (c *Client) GetProjectByID(id int32) (*models.Project, error) { + if id < 1 { + return nil, errors.New("project id is < 1") + } + + if c.harborClient == nil { + return nil, errors.New("nil harbor client") + } + + params := project.NewGetProjectParamsWithContext(c.context).WithProjectNameOrID(strconv.Itoa(int(id))) + + res, err := c.harborClient.Client.Project.GetProject(c.context, params) + if err != nil { + return nil, fmt.Errorf("get project by ID error: %w", err) + } + + return res.Payload, nil +} + +func (c *Client) CreateProject(hp *goharborv1beta1.HarborProject) (int32, error) { + if c.harborClient == nil { + return -1, errors.New("nil harbor client") + } + + projectRequest, err := c.GetProjectRequest(hp) + if err != nil { + return -1, fmt.Errorf("create project error: %w", err) + } + + params := project.NewCreateProjectParams().WithProject(projectRequest) + + res, err := c.harborClient.Client.Project.CreateProject(c.context, params) + if err != nil { + return -1, fmt.Errorf("create project error: %w", err) + } + + rid, err := utilstring.ExtractID(res.Location) + if err != nil { + // ignore this error that should never happen + c.log.Error(err, "location", res.Location) + } + + if rid > 0 && rid <= math.MaxInt32 { + return int32(rid), nil + } + + return -1, errors.New("out of bounds project ID") +} + +func (c *Client) UpdateProject(projectName string, hp *goharborv1beta1.HarborProject) error { + if c.harborClient == nil { + return errors.New("nil harbor client") + } + + projectRequest, err := c.GetProjectRequest(hp) + if err != nil { + return fmt.Errorf("update project error: %w", err) + } + + params := project.NewUpdateProjectParams(). + WithTimeout(c.timeout). + WithProjectNameOrID(projectName). + WithProject(projectRequest) + + _, err = c.harborClient.Client.Project.UpdateProject(c.context, params) + if err != nil { + return fmt.Errorf("update project error: %w", err) + } + + return nil +} + +// DeleteProject deletes project. +func (c *Client) DeleteProject(name string) error { + if len(name) == 0 { + return errors.New("project name is empty") + } + + if c.harborClient == nil { + return errors.New("nil harbor client") + } + + exists, err := c.ProjectExists(name) + if err != nil { + return fmt.Errorf("delete project error: %w", err) + } + + if !exists { + return nil + } + + // Get ID first + p, err := c.GetProjectByName(name) + if err != nil { + return fmt.Errorf("error while deleting project \"%s\" (%d): %w", name, p.ProjectID, err) + } + + params := project.NewDeleteProjectParamsWithContext(c.context). + WithTimeout(c.timeout). + WithProjectNameOrID(strconv.FormatInt(int64(p.ProjectID), baseInt10)) + + if _, err = c.harborClient.Client.Project.DeleteProject(c.context, params); err != nil { + return fmt.Errorf("error while deleting project \"%s\" (%d): %w", name, p.ProjectID, err) + } + + return nil +} + +func (c *Client) GetQuotaByProjectID(projectID int32) (*models.Quota, error) { + id := strconv.Itoa(int(projectID)) + + quotas, err := c.harborClient.Client.Quota.ListQuotas(c.context, quota.NewListQuotasParams().WithReferenceID(&id)) + if err != nil { + return nil, err + } + // We only expect one quota per project. + if quotas.XTotalCount != 1 { + return nil, errors.Errorf("unexpected quota payload length %d", quotas.XTotalCount) + } + + return quotas.GetPayload()[0], nil +} + +func (c *Client) GetQuotaByID(quotaID int64) (*models.Quota, error) { + _quota, err := c.harborClient.Client.Quota.GetQuota(c.context, quota.NewGetQuotaParams().WithID(quotaID)) + if err != nil { + return nil, err + } + + return _quota.GetPayload(), nil +} + +func (c *Client) UpdateProjectQuota(quotaID int64, storageLimit int64) error { + params := quota.NewUpdateQuotaParams(). + WithID(quotaID). + WithHard(&models.QuotaUpdateReq{ + Hard: models.ResourceList{ + "storage": storageLimit, + }, + }) + + _, err := c.harborClient.Client.Quota.UpdateQuota(c.context, params) + if err != nil { + return fmt.Errorf("update project quota error: %w", err) + } + + return nil +} + +func (c *Client) GetProjectMembers(hp *goharborv1beta1.HarborProject) ([]*models.ProjectMemberEntity, error) { + var currentMemberships []*models.ProjectMemberEntity + // handle pagination for listing current project members + pageSize := paginationSize + page := int64(1) + params := member.NewListProjectMembersParams(). + WithProjectNameOrID(hp.Spec.ProjectName). + WithPageSize(&pageSize). + WithPage(&page) + + for { + listResponse, err := c.harborClient.Client.Member.ListProjectMembers(c.context, params) + if err != nil { + return nil, err + } + + if page == 1 { + currentMemberships = listResponse.GetPayload() + } else { + currentMemberships = append(currentMemberships, listResponse.GetPayload()...) + } + + currentMembershipsLen := len(currentMemberships) + + if currentMembershipsLen < int(listResponse.XTotalCount) { + log.Info("handle membership pagination", "currentCount", currentMembershipsLen, "totalCount", listResponse.XTotalCount) + page++ + } else { + break + } + } + + return currentMemberships, nil +} + +func (c *Client) CreateProjectMember(projectName string, newMember *models.ProjectMember) error { + params := member.NewCreateProjectMemberParams(). + WithProjectMember(newMember). + WithProjectNameOrID(projectName) + + _, err := c.harborClient.Client.Member.CreateProjectMember(c.context, params) + if err != nil { + return fmt.Errorf("create project member error: %w", err) + } + + return nil +} + +func (c *Client) UpdateProjectMember(projectName string, memberID int64, role *models.RoleRequest) error { + params := member.NewUpdateProjectMemberParams(). + WithProjectNameOrID(projectName). + WithMid(memberID). + WithRole(role) + + _, err := c.harborClient.Client.Member.UpdateProjectMember(c.context, params) + if err != nil { + return fmt.Errorf("update project member error: %w", err) + } + + return nil +} + +func (c *Client) DeleteProjectMember(projectName string, memberID int64) error { + params := member.NewDeleteProjectMemberParams(). + WithProjectNameOrID(projectName). + WithMid(memberID) + + _, err := c.harborClient.Client.Member.DeleteProjectMember(c.context, params) + if err != nil { + return fmt.Errorf("delete project member error: %w", err) + } + + return nil +} + +func (c *Client) GetProjectRequest(hp *goharborv1beta1.HarborProject) (*models.ProjectReq, error) { + if hp.Spec.HarborProjectMetadata == nil { + hp.Spec.HarborProjectMetadata = &goharborv1beta1.HarborProjectMetadata{} + } + + projectReq := &models.ProjectReq{ + ProjectName: hp.Spec.ProjectName, + CVEAllowlist: &models.CVEAllowlist{}, + Metadata: &models.ProjectMetadata{ + AutoScan: utilstring.Bool2Str(hp.Spec.HarborProjectMetadata.AutoScan), + EnableContentTrust: utilstring.Bool2Str(hp.Spec.HarborProjectMetadata.EnableContentTrust), + EnableContentTrustCosign: utilstring.Bool2Str(hp.Spec.HarborProjectMetadata.EnableContentTrustCosign), + PreventVul: utilstring.Bool2Str(hp.Spec.HarborProjectMetadata.PreventVulnerable), + Public: *utilstring.Bool2Str(hp.Spec.HarborProjectMetadata.Public), + Severity: &hp.Spec.HarborProjectMetadata.Severity, + }, + } + + // create objects for Harbor API from CVE List in Custom Resource + for _, cve := range hp.Spec.CveAllowList { + projectReq.CVEAllowlist.Items = append(projectReq.CVEAllowlist.Items, &models.CVEAllowlistItem{CVEID: cve}) + } + + // if ReuseSysCveAllowlist is not explicitly set, set it depending on if project cve allow list is configured + if hp.Spec.HarborProjectMetadata.ReuseSysCveAllowlist == nil { + reuse := len(hp.Spec.CveAllowList) == 0 + projectReq.Metadata.ReuseSysCVEAllowlist = utilstring.Bool2Str(&reuse) + } else { + projectReq.Metadata.ReuseSysCVEAllowlist = utilstring.Bool2Str(hp.Spec.HarborProjectMetadata.ReuseSysCveAllowlist) + } + + // if set, parse human readable storage quota (e.g. "10Gi") into byte int64 for Harbor API + if hp.Spec.StorageQuota != "" { + parsedQuota, err := resource.ParseQuantity(hp.Spec.StorageQuota) + if err != nil { + return nil, err + } + + value := parsedQuota.Value() + projectReq.StorageLimit = &value + } + + return projectReq, nil +} diff --git a/pkg/setup/controllers.go b/pkg/setup/controllers.go index ffd5f5705..f9ab49c6f 100644 --- a/pkg/setup/controllers.go +++ b/pkg/setup/controllers.go @@ -19,6 +19,7 @@ import ( "github.com/plotly/harbor-operator/controllers/goharbor/notaryserver" "github.com/plotly/harbor-operator/controllers/goharbor/notarysigner" "github.com/plotly/harbor-operator/controllers/goharbor/portal" + "github.com/plotly/harbor-operator/controllers/goharbor/project" "github.com/plotly/harbor-operator/controllers/goharbor/pullsecretbinding" "github.com/plotly/harbor-operator/controllers/goharbor/registry" "github.com/plotly/harbor-operator/controllers/goharbor/trivy" @@ -53,6 +54,7 @@ var controllersBuilder = map[controllers.Controller]func(context.Context, *confi controllers.HarborServerConfiguration: harborserverconfiguration.New, controllers.PullSecretBinding: pullsecretbinding.New, controllers.Namespace: namespace.New, + controllers.HarborProject: project.New, } type ControllerFactory func(context.Context, string, string, *configstore.Store) (commonCtrl.Reconciler, error) diff --git a/pkg/setup/webhooks.go b/pkg/setup/webhooks.go index 5a22a86f3..45a5c5779 100644 --- a/pkg/setup/webhooks.go +++ b/pkg/setup/webhooks.go @@ -28,6 +28,7 @@ var webhooksBuilder = map[controllers.Controller][]WebHook{ controllers.NotaryServer: {&goharborv1.NotaryServer{}}, controllers.NotarySigner: {&goharborv1.NotarySigner{}}, controllers.HarborCluster: {&goharborv1.HarborCluster{}}, + controllers.HarborProject: {&goharborv1.HarborProject{}}, } type WebHook interface { diff --git a/pkg/utils/strings/strings.go b/pkg/utils/strings/strings.go index a7c249f9a..1a9ef2fba 100644 --- a/pkg/utils/strings/strings.go +++ b/pkg/utils/strings/strings.go @@ -23,3 +23,12 @@ func RemoveString(slice []string, s string) (result []string) { return } + +func Bool2Str(boolean *bool) *string { + str := "false" + if boolean != nil && *boolean { + str = "true" + } + + return &str +}