Update k8s manifests
This commit is contained in:
ansible
parent
94ac489c21
commit
f2d7f02ca1
@ -60,5 +60,19 @@ spec:
|
|||||||
redis:
|
redis:
|
||||||
type: internal
|
type: internal
|
||||||
existingSecretSecretKey: harbor-secret-key
|
existingSecretSecretKey: harbor-secret-key
|
||||||
|
core:
|
||||||
|
configureUserSettings: |
|
||||||
|
{
|
||||||
|
"auth_mode": "oidc_auth",
|
||||||
|
"oidc_name": "Keycloak",
|
||||||
|
"oidc_endpoint": "https://keycloak.n0ball.tw/realms/homelab",
|
||||||
|
"oidc_client_id": "harbor",
|
||||||
|
"oidc_client_secret": "3YuRQxgMI3j0CG/Gb95c2AvksYD8dOCV",
|
||||||
|
"oidc_groups_claim": "groups",
|
||||||
|
"oidc_scope": "openid,profile,email,groups",
|
||||||
|
"oidc_auto_onboard": true,
|
||||||
|
"oidc_admin_group": "harbor-admins",
|
||||||
|
"self_registration": false
|
||||||
|
}
|
||||||
trivy:
|
trivy:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|||||||
27
k8s/infrastructure/sops/harbor-oidc-secret.yaml
Normal file
27
k8s/infrastructure/sops/harbor-oidc-secret.yaml
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: harbor-oidc-secret
|
||||||
|
namespace: harbor
|
||||||
|
stringData:
|
||||||
|
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:k3VLmTOyFwX/kPmCGNyYmr4BWcONaOB1MwP4eProFdU=,iv:BY/dWLF3gwhA+ejbuc11Wnq6ZYoJChgmUnRI+pS84Fk=,tag:ITGGmvfNNUTOMmzc4/u1xQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1y5rw08wm2s2hemapzf43c0l4xass7fhc55qh3n4cxtuxzrj8q3cqtydy7m
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZEZsTXJNdW1WcW9zYXUx
|
||||||
|
cWlSNVdKM3QrMk50Rmo4WlNCVVA1SXViQ0dvCjlMQXJqc1E4TVlieDB4M09kd2RF
|
||||||
|
bTlUZ3pLcXZWSlBCUXY2R0o2MFVlQ3MKLS0tIDh2WkZLNE9ydS9XdTA1TlNOS3Nj
|
||||||
|
emM5R1dhalVKM1lHMU1CY2hFcEhSRWMKP/w144h4aXdDg2MKTs3oqJfWNaGhS6yc
|
||||||
|
kltiq64WKts2xxVqko9M7hRmWKGye1EPObu8JTT2h4Pu6Gmsew+/XQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2026-03-10T15:15:40Z"
|
||||||
|
mac: ENC[AES256_GCM,data:/iMQtm2l7ktzERpTeeShLZzu7gnA73WUE+3X1N3YIrBH2qrhfEOZSgwNWMly6RQmYccze7+8AK90v8hHjFaTJZM1VXzDFRinHVZH6FXkONX+stHRmtexJQHdmHiaSu/NHN02RGgIQxi8yL5gMUVuenbr29QmgDdC4fjKzyWbWNg=,iv:M2B3QDKQaPd3VZhRuEqY/t06UXGi++n7vJxtmU5N64M=,tag:+0RnnleQ3x+DsR8bs0eD9Q==,type:str]
|
||||||
|
pgp: []
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.9.4
|
||||||
@ -15,3 +15,4 @@ resources:
|
|||||||
- harbor-admin-secret.yaml
|
- harbor-admin-secret.yaml
|
||||||
- harbor-db-secret.yaml
|
- harbor-db-secret.yaml
|
||||||
- harbor-secret-key.yaml
|
- harbor-secret-key.yaml
|
||||||
|
- harbor-oidc-secret.yaml
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user