feat(harbor): add manual bucket config (#3140)

services/harbor/1.16.2/defaults/harbor.yaml

@@ -67,7 +67,7 @@ data:
     registry:
       priorityClassName: dkp-critical-priority
       podAnnotations:
-        secret.reloader.stakater.com/reload: harbor-tls-registry
+        secret.reloader.stakater.com/reload: "harbor-tls-registry,harbor-s3-credentials"
     jobservice:
       priorityClassName: dkp-high-priority
       podAnnotations:
@@ -121,3 +121,13 @@ data:
           enabled: true
           cmName: harbor-cosi-overrides
           cmNamespace: ${releaseNamespace}
+  harbor-copy-secret-values.yaml: |
+    ---
+    harborCopySecret:
+      enabled: false
+      sourceSecretName: "harbor-s3-credentials"
+      targetNamespace: "ncr-system"
+      targetSecretName: "harbor-s3-credentials"
+      reloader: true
+
+      kubectlImage: ${kubetoolsImageRepository:=bitnami/kubectl}:${kubetoolsImageTag:=1.31.4}

services/harbor/1.16.2/kustomization.yaml

@@ -3,6 +3,7 @@ kind: Kustomization
 resources:
   - release.yaml
   - cosi-storage.yaml
+  - manual-storage.yaml
   - ncr-system-namespace.yaml
   - pre-install.yaml
   - database.yaml

services/harbor/1.16.2/manual-storage.yaml

@@ -0,0 +1,28 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: harbor-manual-storage
+  namespace: ${releaseNamespace}
+spec:
+  force: false
+  prune: true
+  wait: true
+  interval: 6h
+  retryInterval: 1m
+  path: ./services/harbor/1.16.2/manual-storage
+  dependsOn:
+    - name: ncr-system-namespace
+  sourceRef:
+    kind: GitRepository
+    name: management
+    namespace: kommander-flux
+  timeout: 1m
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: substitution-vars
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2
+      kind: HelmRelease
+      name: harbor-copy-secret
+      namespace: ${releaseNamespace}

services/harbor/1.16.2/manual-storage/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - manual-bucket.yaml

services/harbor/1.16.2/manual-storage/manual-bucket.yaml

@@ -0,0 +1,35 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: harbor-copy-secret
+  namespace: ${releaseNamespace}
+spec:
+  chart:
+    spec:
+      chart: harbor-copy-secret
+      sourceRef:
+        kind: HelmRepository
+        name: mesosphere.github.io-charts-stable
+        namespace: kommander-flux
+      version: 0.1.0
+  interval: 15s
+  install:
+    crds: CreateReplace
+    remediation:
+      retries: 30
+    createNamespace: true
+  upgrade:
+    crds: CreateReplace
+    remediation:
+      retries: 30
+  releaseName: harbor-copy-secret
+  targetNamespace: ${releaseNamespace}
+  valuesFrom:
+    - kind: ConfigMap
+      name: harbor-1.16.2-d2iq-defaults
+      valuesKey: harbor-copy-secret-values.yaml
+      optional: true
+    - kind: ConfigMap
+      name: harbor-overrides
+      optional: true

services/harbor/1.16.2/pre-install/secrets.yaml

@@ -16,3 +16,12 @@ metadata:
   annotations:
     kustomize.toolkit.fluxcd.io/ssa: Merge
 type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: harbor-s3-credentials
+  namespace: ncr-system
+  annotations:
+    kustomize.toolkit.fluxcd.io/ssa: Merge
+type: Opaque

services/harbor/1.16.2/release.yaml

@@ -16,6 +16,7 @@ spec:
     - name: harbor-database
     - name: harbor-valkey
     - name: harbor-cosi-storage
+    - name: harbor-manual-storage
   sourceRef:
     kind: GitRepository
     name: management