diff --git a/.gitignore b/.gitignore index 8c706776f0..582d5c2dd2 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,5 @@ chart/otomi/README.md workflow/ *.new .envrc -otomi.cpuprofile \ No newline at end of file +otomi.cpuprofile +/.idea/ diff --git a/helmfile.d/helmfile-04.databases.yaml b/helmfile.d/helmfile-04.databases.yaml index 0312ff1dbe..dade0e8e7e 100644 --- a/helmfile.d/helmfile-04.databases.yaml +++ b/helmfile.d/helmfile-04.databases.yaml @@ -11,18 +11,20 @@ bases: {{- $v := .Values }} {{- $a := $v.apps }} {{- $h := $a.harbor }} +{{- $hdb := $v.databases.harbor }} +{{- $kdb := $v.databases.keycloak }} {{- $k := $a.keycloak }} releases: - name: harbor-otomi-db - installed: {{ and ($h | get "enabled") (or (eq $h.database.type "external") $h.database.importHarborDb) }} + installed: {{ ($h | get "enabled") }} namespace: harbor labels: pkg: harbor <<: *otomiDb - name: keycloak-otomi-db - installed: {{ or $v.databases.keycloak.useOtomiDB $v.databases.keycloak.imported }} + installed: true namespace: keycloak labels: pkg: keycloak - <<: *otomiDb \ No newline at end of file + <<: *otomiDb diff --git a/helmfile.d/snippets/defaults.yaml b/helmfile.d/snippets/defaults.yaml index d27c39a78c..ab07dd6dc7 100644 --- a/helmfile.d/snippets/defaults.yaml +++ b/helmfile.d/snippets/defaults.yaml @@ -214,13 +214,6 @@ environments: registry: credentials: username: otomi-admin - database: - type: external - size: '5Gi' - name: harbor-otomi-db - user: harbor - coreDatabase: registry - importHarborDb: false resources: trivy: requests: @@ -756,7 +749,6 @@ environments: memory: 512Mi databases: keycloak: - useOtomiDB: true imported: false size: '5Gi' replicas: 2 @@ -767,6 +759,10 @@ environments: requests: cpu: 50m memory: 256Mi + harbor: + size: '5Gi' + replicas: 2 + coreDatabase: registry platformBackups: database: harbor: diff --git a/tests/fixtures/env/apps/harbor.yaml b/tests/fixtures/env/apps/harbor.yaml index c1f1225f86..cca20a4c18 100644 --- a/tests/fixtures/env/apps/harbor.yaml +++ b/tests/fixtures/env/apps/harbor.yaml @@ -1,9 +1,6 @@ apps: harbor: enabled: true - database: - type: internal - importHarborDb: true persistence: imageChartStorage: gcs: diff --git a/tests/fixtures/env/apps/secrets.harbor.yaml b/tests/fixtures/env/apps/secrets.harbor.yaml index 9cbd92bdc4..0a142da368 100644 --- a/tests/fixtures/env/apps/secrets.harbor.yaml +++ b/tests/fixtures/env/apps/secrets.harbor.yaml @@ -1,7 +1,6 @@ apps: harbor: adminPassword: harborsomesecretvalue - databasePassword: somesecretvalue persistence: imageChartStorage: gcs: diff --git a/tests/fixtures/env/databases/harbor.yaml b/tests/fixtures/env/databases/harbor.yaml new file mode 100644 index 0000000000..b930d17bc7 --- /dev/null +++ b/tests/fixtures/env/databases/harbor.yaml @@ -0,0 +1,3 @@ +databases: + harbor: + replicas: 3 diff --git a/tests/fixtures/env/databases/keycloak.yaml b/tests/fixtures/env/databases/keycloak.yaml index 74012e8b07..d992cbc659 100644 --- a/tests/fixtures/env/databases/keycloak.yaml +++ b/tests/fixtures/env/databases/keycloak.yaml @@ -1,4 +1,3 @@ databases: keycloak: - useOtomiDB: false imported: false diff --git a/values-changes.yaml b/values-changes.yaml index 35b562555e..b1f852df23 100644 --- a/values-changes.yaml +++ b/values-changes.yaml @@ -129,3 +129,17 @@ changes: deletions: - 'apps.loki.storage.gcs.project' - 'apps.loki.storage.gcs.instance' + - version: 21 + deletions: + - 'apps.harbor.databasePassword' + - 'apps.harbor.database.type' + - 'apps.harbor.database.importHarborDb' + - 'apps.harbor.database.name' + - 'apps.harbor.database.user' + - 'apps.harbor.database' + - 'databases.keycloak.useOtomiDB' + additions: + - databases.harbor.replicas: 2 + relocations: + - 'apps.harbor.database.size': 'databases.harbor.size' + - 'apps.harbor.resources.database': 'databases.harbor.resources' diff --git a/values-schema.yaml b/values-schema.yaml index 677f083431..8eaa539e80 100644 --- a/values-schema.yaml +++ b/values-schema.yaml @@ -2092,10 +2092,6 @@ properties: adminPassword: type: string x-secret: '' - databasePassword: - type: string - description: Once set and deployed it cannot be changed with manual intervention. - x-secret: '{{ randAlphaNum 20 }}' core: properties: secret: @@ -2196,23 +2192,6 @@ properties: required: - secret - credentials - database: - properties: - size: - type: string - type: - type: string - description: Internal is a database provided by the community chart. The external is database provided by the cloudnative-pg. - enum: - - internal - - external - name: - type: string - user: - type: string - importHarborDb: - description: Indicate if an existing database should be importend. (Once set to true you must not change it back) - type: boolean image: $ref: '#/definitions/imageSimple' resources: @@ -2222,8 +2201,6 @@ properties: $ref: '#/definitions/resources' core: $ref: '#/definitions/resources' - database: - $ref: '#/definitions/resources' jobservice: $ref: '#/definitions/resources' portal: @@ -2239,8 +2216,6 @@ properties: secretKey: type: string x-secret: '{{ randAlpha 16 }}' - required: - - databasePassword httpbin: description: The famous httpbin application. properties: @@ -4096,9 +4071,6 @@ properties: keycloak: title: Keycloak properties: - useOtomiDB: - type: boolean - default: false size: type: string resources: @@ -4109,6 +4081,17 @@ properties: imported: type: boolean default: false + harbor: + title: Harbor + properties: + size: + type: string + resources: + $ref: '#/definitions/resources' + replicas: + type: integer + default: 2 + teamConfig: additionalProperties: false patternProperties: diff --git a/values/harbor/harbor-otomi-db.gotmpl b/values/harbor/harbor-otomi-db.gotmpl index 0eb4884898..5c12838c5d 100644 --- a/values/harbor/harbor-otomi-db.gotmpl +++ b/values/harbor/harbor-otomi-db.gotmpl @@ -1,12 +1,13 @@ {{- $v := .Values }} -{{- $h := $v.apps.harbor }} +{{- $hdb := $v.databases.harbor }} {{- $cnpg := $v.apps.cnpg }} {{- $sp := $cnpg.storage }} {{- $b := $v.platformBackups.database.harbor }} -name: {{ $h.database.name }} +name: harbor-otomi-db storage: - size: {{ $h.database.size }} + size: {{ $hdb.size }} +instances: {{ $hdb.replicas }} {{- if $b.enabled }} backup: @@ -30,42 +31,16 @@ backup: {{- end }} {{- end }} - -{{- if $h.database.importHarborDb }} clusterSpec: bootstrap: initdb: - database: {{ $h.database.coreDatabase }} - owner: {{ $h.database.user }} - import: - type: microservice - databases: - - {{ $h.database.coreDatabase }} - source: - externalCluster: harbor-database - externalClusters: - - name: harbor-database - connectionParameters: - host: harbor-database.harbor.svc.cluster.local - user: postgres - dbname: {{ $h.database.coreDatabase }} - sslmode: disable - password: - name: harbor-database - key: POSTGRES_PASSWORD -{{- else }} -clusterSpec: - bootstrap: - initdb: - database: {{ $h.database.coreDatabase }} - owner: {{ $h.database.user }} + database: {{ $hdb.coreDatabase }} + owner: harbor localeCollate: 'en_US.UTF-8' localeCType: 'en_US.UTF-8' -{{- end }} - resources: - {{- with $h | get "resources.database" nil }} + {{- with $hdb | get "resources" nil }} {{- toYaml . | nindent 6 }} {{- else }} limits: diff --git a/values/harbor/harbor.gotmpl b/values/harbor/harbor.gotmpl index 340c4863f9..8d888868ad 100644 --- a/values/harbor/harbor.gotmpl +++ b/values/harbor/harbor.gotmpl @@ -1,5 +1,6 @@ {{- $v := .Values }} {{- $h := $v.apps.harbor }} +{{- $db := $v.databases.harbor }} {{- $hp := $h | get "persistence" dict }} {{- $harborDomain := printf "harbor.%s" $v.cluster.domainSuffix }} {{- $notaryDomain := printf "notary.%s" $v.cluster.domainSuffix }} @@ -8,8 +9,6 @@ {{- $externalUrl := printf "https://%s" $harborDomain }} {{- $tag := $h | get "image.tag" "v2.6.4" }} {{/*The cloudNativeDb operator is responsible for creating the secret*/}} -{{- $databaseExistingSecret := printf "%s-app" $h.database.name }} -{{- $databaseHost := printf "%s-rw.harbor.svc.cluster.local" $h.database.name }} externalURL: {{ $externalUrl }} fullnameOverride: harbor @@ -64,50 +63,14 @@ core: xsrfKey: {{ $h | get "core.xsrfKey" nil }} database: - type: {{ $h.database.type }} - {{- if eq $h.database.type "internal" }} - internal: - priorityClassName: otomi-critical - image: - tag: {{ $tag }} - initContainer: - migrator: - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 50m - memory: 256Mi - permissions: - resources: - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 50m - memory: 256Mi - resources: - {{- with $h | get "resources.database" nil }} - {{- toYaml . | nindent 6 }} - {{- else }} - limits: - cpu: 100m - memory: 512Mi - requests: - cpu: 50m - memory: 256Mi - {{- end }} - password: {{ $h.databasePassword }} - {{- else }} + type: external external: # erase default password value from the Harbor Helm chart password: null - coreDatbase: {{ $h.database.coreDatabase }} - username: {{ $h.database.user }} - host: {{ $databaseHost }} - existingSecret: {{ $databaseExistingSecret }} - {{- end }} + coreDatabase: {{ $db.coreDatabase }} + username: harbor + host: harbor-otomi-db-rw.harbor.svc.cluster.local + existingSecret: harbor-otomi-db-app podAnnotations: # this exception allows the chmod fix to pass, which needs root access: policy.otomi.io/ignore.data-migrator: psp-allowed-users diff --git a/values/jobs/harbor-backup.gotmpl b/values/jobs/harbor-backup.gotmpl deleted file mode 100644 index 38726fc0ab..0000000000 --- a/values/jobs/harbor-backup.gotmpl +++ /dev/null @@ -1,26 +0,0 @@ -{{- $v := .Values }} -{{- $h := $v.apps.harbor }} - -type: CronJob -nativeSecrets: - AWS_ACCESS_KEY_ID: "otomi-admin" - AWS_SECRET_ACCESS_KEY: {{ $v.otomi.adminPassword }} - PGUSER: "postgres" - PGPASSWORD: {{ $h.databasePassword }} -env: - LABELS: "app=harbor" - NS: harbor - BUCKET: "harbor" - POSTFIX: "registry" - PGDATABASE: "registry" - PGHOST: "harbor-database.harbor.svc.cluster.local" - ENDPOINT: "http://minio.minio.svc.cluster.local:9000" -name: backup-backup -image: - registry: docker.io - repository: otomi/tools-db - tag: v0.0.2 -schedule: {{ $h.backup.schedule }} -script: | - {{- readFile "scripts/backup-db.sh" | nindent 6 }} -runPolicy: Always