trying out the harbour and the vault charts

9bafc804 · entlein · bdc5c1e4 · 9bafc804 · 9bafc804
Commit 9bafc804 authored 3 years ago by entlein
--- a/roles/rke2/templates/manifests/deploy-harbour.j2
+++ b/roles/rke2/templates/manifests/deploy-harbour.j2
+---
+
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: harbor
+
+---
+
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: harbor
+  namespace: kube-system
+spec:
+  repo: {{ item.value.repo | default("https://helm.goharbor.io") }}
+  chart: harbor
+  version: {{ item.value.version | default("1.10.1") }}
+  targetNamespace: harbor
+  valuesContent: |-
+    expose:
+      ingress:
+        annotations:
+          ingress.kubernetes.io/proxy-body-size: '0'
+          ingress.kubernetes.io/ssl-redirect: 'true'
+          nginx.ingress.kubernetes.io/proxy-body-size: '0'
+          nginx.ingress.kubernetes.io/ssl-redirect: 'true'
+          cert-manager.io/cluster-issuer: {{ item.value.certissuer }}
+          nginx.ingress.kubernetes.io/auth-signin: https://oauth.{{ item.value.hostname }}/oauth2/start?rd=https://$host$request_uri
+          nginx.ingress.kubernetes.io/auth-url: https://oauth.{{ item.value.hostname }}/oauth2/auth
+        className: nginx
+        controller: default
+    harbor:
+      annotations: {}
+      labels: {}
+    hosts:
+      core: core.harbor.{{ item.value.hostname }}/
+      notary: notary.harbor.{{ item.value.hostname }}/
+    externalURL: https://core.harbor.{{ item.value.hostname }}/
+    harborAdminPassword: Harbor12345 
+    notary:
+      enabled: false
+    
+
+
+
+
--- a/roles/rke2/templates/manifests/deploy-vault.j2
+++ b/roles/rke2/templates/manifests/deploy-vault.j2
+---
+
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: vault
+
+---
+
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: vault
+  namespace: kube-system
+spec:
+  repo: {{ item.value.repo | default("https://helm.releases.hashicorp.com") }}
+  chart: vault
+  version: {{ item.value.version | default("0.22.1") }}
+  targetNamespace: vault
+  valuesContent: |-
+    global:
+      psp:
+        enable: true
+    metrics:
+      enabled: true 
+    ingress:
+      enabled: true
+      annotations:
+        cert-manager.io/cluster-issuer: {{ item.value.certissuer }}
+        nginx.ingress.kubernetes.io/auth-signin: https://oauth.{{ item.value.hostname }}/oauth2/start?rd=https://$host$request_uri
+        nginx.ingress.kubernetes.io/auth-url: https://oauth.{{ item.value.hostname }}/oauth2/auth
+      ingressClassName: nginx
+      tls:
+      - hosts:
+        - {{ item.value.hostname }}
+        secretName: oidc-ingress-tls
+    ui:
+      enabled: true
+    
+
+
+
+