From c73054158b56c56574e9f61562705cc0b30b3aa9 Mon Sep 17 00:00:00 2001
From: Martin Hrabovcin <martin.hrabovcin@nutanix.com>
Date: Wed, 12 Feb 2025 12:44:06 +0000
Subject: [PATCH] feat(harbor): add manual bucket config

---
 services/harbor/1.16.2/defaults/harbor.yaml   | 12 ++++++-
 services/harbor/1.16.2/kustomization.yaml     |  1 +
 services/harbor/1.16.2/manual-storage.yaml    | 28 +++++++++++++++
 .../1.16.2/manual-storage/kustomization.yaml  |  4 +++
 .../1.16.2/manual-storage/manual-bucket.yaml  | 35 +++++++++++++++++++
 .../harbor/1.16.2/pre-install/secrets.yaml    |  9 +++++
 services/harbor/1.16.2/release.yaml           |  1 +
 7 files changed, 89 insertions(+), 1 deletion(-)
 create mode 100644 services/harbor/1.16.2/manual-storage.yaml
 create mode 100644 services/harbor/1.16.2/manual-storage/kustomization.yaml
 create mode 100644 services/harbor/1.16.2/manual-storage/manual-bucket.yaml

diff --git a/services/harbor/1.16.2/defaults/harbor.yaml b/services/harbor/1.16.2/defaults/harbor.yaml
index 412719ada9..313cab9c2b 100644
--- a/services/harbor/1.16.2/defaults/harbor.yaml
+++ b/services/harbor/1.16.2/defaults/harbor.yaml
@@ -67,7 +67,7 @@ data:
     registry:
       priorityClassName: dkp-critical-priority
       podAnnotations:
-        secret.reloader.stakater.com/reload: harbor-tls-registry
+        secret.reloader.stakater.com/reload: "harbor-tls-registry,harbor-s3-credentials"
     jobservice:
       priorityClassName: dkp-high-priority
       podAnnotations:
@@ -121,3 +121,13 @@ data:
           enabled: true
           cmName: harbor-cosi-overrides
           cmNamespace: ${releaseNamespace}
+  harbor-copy-secret-values.yaml: |
+    ---
+    harborCopySecret:
+      enabled: false
+      sourceSecretName: "harbor-s3-credentials"
+      targetNamespace: "ncr-system"
+      targetSecretName: "harbor-s3-credentials"
+      reloader: true
+
+      kubectlImage: ${kubetoolsImageRepository:=bitnami/kubectl}:${kubetoolsImageTag:=1.31.4}
diff --git a/services/harbor/1.16.2/kustomization.yaml b/services/harbor/1.16.2/kustomization.yaml
index 6057f91fea..b999645940 100644
--- a/services/harbor/1.16.2/kustomization.yaml
+++ b/services/harbor/1.16.2/kustomization.yaml
@@ -3,6 +3,7 @@ kind: Kustomization
 resources:
   - release.yaml
   - cosi-storage.yaml
+  - manual-storage.yaml
   - ncr-system-namespace.yaml
   - pre-install.yaml
   - database.yaml
diff --git a/services/harbor/1.16.2/manual-storage.yaml b/services/harbor/1.16.2/manual-storage.yaml
new file mode 100644
index 0000000000..907a361c64
--- /dev/null
+++ b/services/harbor/1.16.2/manual-storage.yaml
@@ -0,0 +1,28 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: harbor-manual-storage
+  namespace: ${releaseNamespace}
+spec:
+  force: false
+  prune: true
+  wait: true
+  interval: 6h
+  retryInterval: 1m
+  path: ./services/harbor/1.16.2/manual-storage
+  dependsOn:
+    - name: ncr-system-namespace
+  sourceRef:
+    kind: GitRepository
+    name: management
+    namespace: kommander-flux
+  timeout: 1m
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: substitution-vars
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2
+      kind: HelmRelease
+      name: harbor-copy-secret
+      namespace: ${releaseNamespace}
diff --git a/services/harbor/1.16.2/manual-storage/kustomization.yaml b/services/harbor/1.16.2/manual-storage/kustomization.yaml
new file mode 100644
index 0000000000..eed732b8e5
--- /dev/null
+++ b/services/harbor/1.16.2/manual-storage/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - manual-bucket.yaml
diff --git a/services/harbor/1.16.2/manual-storage/manual-bucket.yaml b/services/harbor/1.16.2/manual-storage/manual-bucket.yaml
new file mode 100644
index 0000000000..f630e8ac9a
--- /dev/null
+++ b/services/harbor/1.16.2/manual-storage/manual-bucket.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: harbor-copy-secret
+  namespace: ${releaseNamespace}
+spec:
+  chart:
+    spec:
+      chart: harbor-copy-secret
+      sourceRef:
+        kind: HelmRepository
+        name: mesosphere.github.io-charts-stable
+        namespace: kommander-flux
+      version: 0.1.0
+  interval: 15s
+  install:
+    crds: CreateReplace
+    remediation:
+      retries: 30
+    createNamespace: true
+  upgrade:
+    crds: CreateReplace
+    remediation:
+      retries: 30
+  releaseName: harbor-copy-secret
+  targetNamespace: ${releaseNamespace}
+  valuesFrom:
+    - kind: ConfigMap
+      name: harbor-1.16.2-d2iq-defaults
+      valuesKey: harbor-copy-secret-values.yaml
+      optional: true
+    - kind: ConfigMap
+      name: harbor-overrides
+      optional: true
diff --git a/services/harbor/1.16.2/pre-install/secrets.yaml b/services/harbor/1.16.2/pre-install/secrets.yaml
index 5620f8c650..183d39d3ef 100644
--- a/services/harbor/1.16.2/pre-install/secrets.yaml
+++ b/services/harbor/1.16.2/pre-install/secrets.yaml
@@ -16,3 +16,12 @@ metadata:
   annotations:
     kustomize.toolkit.fluxcd.io/ssa: Merge
 type: Opaque
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: harbor-s3-credentials
+  namespace: ncr-system
+  annotations:
+    kustomize.toolkit.fluxcd.io/ssa: Merge
+type: Opaque
diff --git a/services/harbor/1.16.2/release.yaml b/services/harbor/1.16.2/release.yaml
index 240cc9f917..a5d576260c 100644
--- a/services/harbor/1.16.2/release.yaml
+++ b/services/harbor/1.16.2/release.yaml
@@ -16,6 +16,7 @@ spec:
     - name: harbor-database
     - name: harbor-valkey
     - name: harbor-cosi-storage
+    - name: harbor-manual-storage
   sourceRef:
     kind: GitRepository
     name: management