{"id":20126483,"url":"https://github.com/sovereigncloudstack/k8s-harbor","last_synced_at":"2025-11-28T21:05:46.004Z","repository":{"id":42617486,"uuid":"285814955","full_name":"SovereignCloudStack/k8s-harbor","owner":"SovereignCloudStack","description":"Deployment manifests for Harbor","archived":false,"fork":false,"pushed_at":"2024-03-20T17:35:13.000Z","size":223,"stargazers_count":2,"open_issues_count":3,"forks_count":0,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-04-13T09:12:53.723Z","etag":null,"topics":["k8s"],"latest_commit_sha":null,"homepage":"https://scs.community/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SovereignCloudStack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-08-07T11:40:36.000Z","updated_at":"2024-04-15T11:30:55.396Z","dependencies_parsed_at":"2024-04-15T11:30:50.662Z","dependency_job_id":"164e219d-2c18-43ed-9561-2f165c91d5c5","html_url":"https://github.com/SovereignCloudStack/k8s-harbor","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fk8s-harbor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fk8s-harbor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fk8s-harbor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SovereignCloudStack%2Fk8s-harbor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SovereignCloudStack","download_url":"https://codeload.github.com/SovereignCloudStack/k8s-harbor/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241570919,"owners_count":19984002,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["k8s"],"created_at":"2024-11-13T20:16:17.170Z","updated_at":"2025-11-28T21:05:45.927Z","avatar_url":"https://github.com/SovereignCloudStack.png","language":"Shell","readme":"# Deployment manifests for Harbor\n\n![Smoke test](https://github.com/SovereignCloudStack/k8s-harbor/workflows/CI/badge.svg)\n\n## Repository content\n\nThis repository is intended to include all relevant configuration\nand Kubernetes manifests for the deployment of Harbor inside SCS.\n\n## Repository layout\n\nThis repository contains kustomize bases which may be referenced by\nkustomize overlays which in turn define the deployment of whole\nenvironments/clusters.\n\nAlso, usually flux2 resources are used for e.g. Helm, so flux2 controllers need to be installed in any destination cluster.\n\nRepository structure:\n- `base`\n  - Contains Harbor base configuration and base helm release definition\n  - Can be deployed as follows `kubectl apply -k base/`\n    - In this case harbor is deployed via clusterIP and without additional services and persistence\n    - Run `kubectl port-forward svc/harbor 8080:80` and access harbor at http://localhost:8080\n  - Can be referenced by kustomize overlays, see e.g. `envs/public/`\n    - To override base config use *harbor-config* configmap, see e.g. [harbor-config.yaml](envs/dev/harbor-config.yaml)\n- `operators`\n  - Contains helm release definitions for cert-manager, ingress-nginx, postgres-operator and redis-operator\n  - All operators can be deployed at once using `kubectl apply -k operators/`\n  - Separate operators can be deployed using e.g. `kubectl apply -k operators/redis/`\n- `postgres`\n  - Contains CR `postgresql` - postgresql cluster with basic configuration\n  - Postgres-operator has to be installed first, and then postgresql cluster can be deployed by `kubectl apply -k postgres/`\n- `redis`\n  - Contains CR `RedisFailover` - redis sentinel with basic configuration\n  - Redis-operator has to be installed first, and then redis sentinel cluster can be deployed by `kubectl apply -k redis/`\n- `envs`\n  - Contains kustomize overlays, e.g. `envs/public/`\n  - Each subdirectory define deployment of Harbor\n    - refers to `base`\n    - adds *harbor-config* configmap\n    - It can contain patches and other kustomizations, like `envs/public-ha/redis/`\n\n## Documentation\n\nExplore the documentation stored in the [docs](./docs) directory or view the rendered version online at https://docs.scs.community/docs/container/.\n\n## Public environment threat model\n\nWe define the threat model to generally trust the network. It is mainly based on the fact, that all the services live\nin the same k8s cluster, so services can communicate with each other without certificate verification because\nwe do not expect MITM attacks in the Kubernetes private network. In the case of HA databases (`envs/public-ha`), they are external to Harbor\n, but they are still running in the same k8s cluster, so just basic auth is enabled here (it is easy to do).\nWe use TLS (with server certificate verification) only for external traffic (ingress, swift). Which seems sufficient\nfor now. There is tracking [issue](https://github.com/SovereignCloudStack/k8s-harbor/issues/27), where all the details can be found.\n\n## Automated smoke tests\n\nIn order to ensure that every component inside of SCS behaves as\nexpected, there should be simple smoke tests.\nThese tests are implemented using GitHub Actions/Workflows.\n\n## Further information\n\nHarbor website: https://goharbor.io/\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsovereigncloudstack%2Fk8s-harbor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsovereigncloudstack%2Fk8s-harbor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsovereigncloudstack%2Fk8s-harbor/lists"}