npm - @vaharoni/devops - Versions diffs - 1.2.13 → 1.2.14 - Mend

@vaharoni/devops 1.2.13 → 1.2.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (323) hide show

package/dist/src/target-templates/cluster-resource-options/postgres/production/configurations/07-SGObjectStorage.yaml ADDED Viewed

@@ -0,0 +1,18 @@
+apiVersion: stackgres.io/v1beta1
+kind: SGObjectStorage
+metadata:
+  namespace: db-production
+  name: backupconfig
+spec:
+  type: s3Compatible
+  s3Compatible:
+    bucket: $PROJECT_NAME-backups
+    endpoint: https://hel1.your-objectstorage.com
+    awsCredentials:
+      secretKeySelectors:
+        accessKeyId:
+          name: s3-backup-bucket-secret
+          key: accessKey
+        secretAccessKey:
+          name: s3-backup-bucket-secret
+          key: secretKey

package/dist/src/target-templates/cluster-resource-options/postgres/production/configurations/08-SGScript.yaml ADDED Viewed

@@ -0,0 +1,12 @@
+apiVersion: stackgres.io/v1
+kind: SGScript
+metadata:
+  name: create-db-script
+  namespace: db-production
+spec:
+  managedVersions: true
+  continueOnError: false
+  scripts:
+  - name: create-database
+    script: |
+      CREATE DATABASE $PROJECT_NAME WITH OWNER postgres;

package/dist/src/target-templates/cluster-resource-options/postgres/stackgres-ui-ingress.yaml ADDED Viewed

@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: stackgres-ui-workaround-svc
+  labels:
+    app: stackgres
+  namespace: stackgres
+spec:
+  selector:
+    stackgres.io/restapi: "true"
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 9080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: stackgres-ui
+  namespace: stackgres
+  labels:
+    app: stackgres
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: db.$APEX_DOMAIN
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: stackgres-ui-workaround-svc
+                port:
+                  number: 80

package/dist/src/target-templates/cluster-resource-options/postgres/staging/cluster/SGCluster.yaml ADDED Viewed

@@ -0,0 +1,42 @@
+apiVersion: stackgres.io/v1
+kind: SGCluster
+metadata:
+  namespace: db-staging
+  name: db-staging
+spec:
+  postgres:
+    version: '17.4'
+    extensions:
+    # - name: 'pg_repack'
+    - name: 'pg_trgm'  # required for prefect
+  instances: 1
+  # sgInstanceProfile: 'size-m'
+  profile: 'testing'
+  pods:
+    persistentVolume:
+      size: '10Gi'
+      storageClass: 'hcloud-volumes-retain'
+    scheduling:
+      tolerations:
+        - key: "stackgres"
+          operator: "Exists"
+          effect: "NoSchedule"
+  configurations:
+    # sgPostgresConfig: 'pgconfig'
+    # sgPoolingConfig: 'poolconfig'
+    backups:
+    - sgObjectStorage: 'backupconfig'
+      # cronSchedule: '30 02 */4 * *'
+      cronSchedule: '30 02 * * *'
+      retention: 4
+  # distributedLogs:
+  #   sgDistributedLogs: 'distributedlogs'
+  managedSql:
+    scripts:
+      - sgScript: create-db-script
+  postgresServices:
+    primary:
+      type: ClusterIP
+    replicas:
+      type: ClusterIP
+  prometheusAutobind: true

package/dist/src/target-templates/cluster-resource-options/postgres/staging/configurations/07-SGObjectStorage.yaml ADDED Viewed

@@ -0,0 +1,18 @@
+apiVersion: stackgres.io/v1beta1
+kind: SGObjectStorage
+metadata:
+  namespace: db-staging
+  name: backupconfig
+spec:
+  type: s3Compatible
+  s3Compatible:
+    bucket: $PROJECT_NAME-backups
+    endpoint: https://hel1.your-objectstorage.com
+    awsCredentials:
+      secretKeySelectors:
+        accessKeyId:
+          name: s3-backup-bucket-secret
+          key: accessKey
+        secretAccessKey:
+          name: s3-backup-bucket-secret
+          key: secretKey

package/dist/src/target-templates/cluster-resource-options/postgres/staging/configurations/08-SGScript.yaml ADDED Viewed

@@ -0,0 +1,12 @@
+apiVersion: stackgres.io/v1
+kind: SGScript
+metadata:
+  name: create-db-script
+  namespace: db-staging
+spec:
+  managedVersions: true
+  continueOnError: false
+  scripts:
+  - name: create-database
+    script: |
+      CREATE DATABASE $PROJECT_NAME WITH OWNER postgres;

package/dist/src/target-templates/cluster-resource-options/prefect/production/prefect-values.yaml ADDED Viewed

@@ -0,0 +1,14 @@
+ingress:
+  enabled: true
+  host:
+    hostname: "prefect-production.staging.com"
+server:
+  uiConfig:
+    prefectUiApiUrl: "https://prefect-production.staging.com/api"
+# We use the environment's stackgres postgres instance
+postgresql:
+  enabled: false
+secret:
+  create: false
+  name: prefect-server-postgresql-connection

package/dist/src/target-templates/cluster-resource-options/prefect/staging/prefect-values.yaml ADDED Viewed

@@ -0,0 +1,14 @@
+ingress:
+  enabled: true
+  host:
+    hostname: "prefect-staging.staging.com"
+server:
+  uiConfig:
+    prefectUiApiUrl: "https://prefect-staging.staging.com/api"
+# We use the environment's stackgres postgres instance
+postgresql:
+  enabled: false
+secret:
+  create: false
+  name: prefect-server-postgresql-connection

package/dist/src/target-templates/cluster-resource-options/redis/production/redis-values.yaml ADDED Viewed

@@ -0,0 +1,20 @@
+architecture: replication
+global:
+  defaultStorageClass: hcloud-volumes-retain
+master:
+  resources:
+    requests:
+      cpu: 1
+      memory: 256Mi
+    limits:
+      cpu: 3
+      memory: 1024Mi
+replica:
+  replicaCount: 1
+  resources:
+    requests:
+      cpu: 1
+      memory: 256Mi
+    limits:
+      cpu: 3
+      memory: 1024Mi

package/dist/src/target-templates/cluster-resource-options/redis/staging/redis-values.yaml ADDED Viewed

@@ -0,0 +1,8 @@
+architecture: standalone
+global:
+  defaultStorageClass: hcloud-volumes-retain
+master:
+  resources:
+    limits:
+      cpu: 1
+      memory: 256Mi

package/dist/src/target-templates/infra-variants/README.md ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ During `./devops init`, the user is asked to select an infra variant.
2	+ The files under the selected `$OPTION` are copied under the root project folder.

package/dist/src/target-templates/infra-variants/digitalocean/.devops/config/constants.yaml ADDED Viewed

@@ -0,0 +1,18 @@
+# These will be used when generating kubernetes entities
+project-name: $PROJECT_NAME
+# Supported: hetzner, digitalocean, or gcloud
+infra: digitalocean
+# Only relevant for Digital Ocean. Determines the number of versions to keep for each docker image.
+image-versions-to-keep: 5
+registry-base-url: registry.digitalocean.com
+# What comes before <image-name>:<tag>. Can be empty.
+registry-image-path-prefix: $REGISTRY_IMAGE_PATH_PREFIX
+# production and staging are supported by default
+extra-remote-environments: []
+# development and test are supported by default
+extra-local-environments: []

package/dist/src/target-templates/infra-variants/digitalocean/.github/workflows/k8s-build.yaml ADDED Viewed

@@ -0,0 +1,91 @@
+name: "Monorepo Build and Deploy"
+on:
+  push:
+    branches:
+      - staging
+      - production
+permissions:
+  contents: read
+  packages: read
+  # For deploying images to Cloud Run
+  # id-token: write
+jobs:
+  build_images:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - image_name: main-node
+          - image_name: main-python
+            cache_path: /root/.cache/uv
+    steps:
+      # Fetch the last 50 commits so that devops affected works
+      - name: Checkout repo and history
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 50
+      - name: Setup prerequesites
+        uses: ./.github/actions/setup-prereq@v1
+      - name: Connect to Digital Ocean
+        uses: ./.github/actions/connect-to-digital-ocean@v1
+        with:
+          access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+          cluster_name: ${{ secrets.DIGITALOCEAN_CLUSTER_NAME }}
+      # For deploying images to Cloud Run
+      # - name: Connect to Cloud Run
+      #   uses: ./.github/actions/connect-to-cloud-run@v1
+      #   with:
+      #     project_id: ${{ vars.GCP_PROJECT_ID }}
+      #     project_number: ${{ vars.GCP_PROJECT_NUMBER }}
+      #     region: ${{ vars.GCP_ARTIFACT_REGISTRY_REGION }}
+      - name: Build image
+        uses: ./.github/actions/build-image@v1
+        with:
+          image_name: ${{ matrix.image_name }}
+          cache_path: ${{ matrix.cache_path || '/root/.bun/install/cache' }}
+  db_migrate_and_deploy:
+    needs: [build_images]
+    runs-on: ubuntu-latest
+    steps:
+      # Fetch the last 50 commits so that devops affected works
+      - name: Checkout repo and history
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 50
+      - name: Setup prerequesites
+        uses: ./.github/actions/setup-prereq@v1
+      - name: Connect to Digital Ocean
+        uses: ./.github/actions/connect-to-digital-ocean@v1
+        with:
+          access_token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
+          cluster_name: ${{ secrets.DIGITALOCEAN_CLUSTER_NAME }}
+      # For deploying images to Cloud Run
+      # - name: Connect to Cloud Run
+      #   uses: ./.github/actions/connect-to-cloud-run@v1
+      #   with:
+      #     project_id: ${{ vars.GCP_PROJECT_ID }}
+      #     project_number: ${{ vars.GCP_PROJECT_NUMBER }}
+      #     region: ${{ vars.GCP_ARTIFACT_REGISTRY_REGION }}
+      - name: Run DB Migrate
+        uses: ./.github/actions/db-migrate@v1
+      # Repeat per image (it checks if the image is affected and deploys it if it is)
+      - name: Deploy main node
+        uses: ./.github/actions/deploy-image-k8s@v1
+        with: { "image_name": "main-node" }
+      - name: Deploy main python
+        uses: ./.github/actions/deploy-image-k8s@v1
+        with: { "image_name": "main-python" }

package/dist/src/target-templates/infra-variants/gcloud/.devops/config/constants.yaml ADDED Viewed

@@ -0,0 +1,15 @@
+# These will be used when generating kubernetes entities
+project-name: $PROJECT_NAME
+# Supported: hetzner, digitalocean, or gcloud
+infra: gcloud
+registry-base-url: gcr.io
+# What comes before <image-name>:<tag>. Can be empty.
+registry-image-path-prefix: $GCLOUD_PROJECT_ID
+# production and staging are supported by default
+extra-remote-environments: []
+# development and test are supported by default
+extra-local-environments: []

package/dist/src/target-templates/infra-variants/gcloud/.devops/manifests/ingress.yaml.hb ADDED Viewed

@@ -0,0 +1,22 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{app_name}}
+  namespace: {{namespace}}
+  labels:
+    app: {{app_name}}
+    env: {{monorepo_env}}
+  annotations:
+    kubernetes.io/ingress.class: "gce"
+spec:
+  rules:
+    - host: {{subdomain}}.{{domain_name}}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{service_name}}
+                port:
+                  number: 80

package/dist/src/target-templates/infra-variants/gcloud/.github/workflows/k8s-build.yaml ADDED Viewed

@@ -0,0 +1,95 @@
+name: "Monorepo Build and Deploy"
+on:
+  push:
+    branches:
+      - staging
+      - production
+permissions:
+  contents: read
+  packages: read
+  # For deploying images to Cloud Run
+  # id-token: write
+jobs:
+  build_images:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - image_name: main-node
+          - image_name: main-python
+            cache_path: /root/.cache/uv
+    steps:
+      # Fetch the last 50 commits so that devops affected works
+      - name: Checkout repo and history
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 50
+      - name: Setup prerequesites
+        uses: ./.github/actions/setup-prereq@v1
+      - name: Connect to Google Cloud GKE
+        uses: ./.github/actions/connect-to-gke@v1
+        with:
+          project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
+          zone: ${{ secrets.GCLOUD_ZONE }}
+          cluster_name: ${{ secrets.GCLOUD_CLUSTER_NAME }}
+          service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
+      # For deploying images to Cloud Run
+      # - name: Connect to Cloud Run
+      #   uses: ./.github/actions/connect-to-cloud-run@v1
+      #   with:
+      #     project_id: ${{ vars.GCP_PROJECT_ID }}
+      #     project_number: ${{ vars.GCP_PROJECT_NUMBER }}
+      #     region: ${{ vars.GCP_ARTIFACT_REGISTRY_REGION }}
+      - name: Build image
+        uses: ./.github/actions/build-image@v1
+        with:
+          image_name: ${{ matrix.image_name }}
+          cache_path: ${{ matrix.cache_path || '/root/.bun/install/cache' }}
+  db_migrate_and_deploy:
+    needs: [build_images]
+    runs-on: ubuntu-latest
+    steps:
+      # Fetch the last 50 commits so that devops affected works
+      - name: Checkout repo and history
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 50
+      - name: Setup prerequesites
+        uses: ./.github/actions/setup-prereq@v1
+      - name: Connect to Google Cloud GKE
+        uses: ./.github/actions/connect-to-gke@v1
+        with:
+          project_id: ${{ secrets.GCLOUD_PROJECT_ID }}
+          zone: ${{ secrets.GCLOUD_ZONE }}
+          cluster_name: ${{ secrets.GCLOUD_CLUSTER_NAME }}
+          service_account_key: ${{ secrets.GCLOUD_SA_KEY }}
+      # For deploying images to Cloud Run
+      # - name: Connect to Cloud Run
+      #   uses: ./.github/actions/connect-to-cloud-run@v1
+      #   with:
+      #     project_id: ${{ vars.GCP_PROJECT_ID }}
+      #     project_number: ${{ vars.GCP_PROJECT_NUMBER }}
+      #     region: ${{ vars.GCP_ARTIFACT_REGISTRY_REGION }}
+      - name: Run DB Migrate
+        uses: ./.github/actions/db-migrate@v1
+      # Repeat per image (it checks if the image is affected and deploys it if it is)
+      - name: Deploy main node
+        uses: ./.github/actions/deploy-image-k8s@v1
+        with: { "image_name": "main-node" }
+      - name: Deploy main python
+        uses: ./.github/actions/deploy-image-k8s@v1
+        with: { "image_name": "main-python" }

package/dist/src/target-templates/infra-variants/hetzner/.devops/config/constants.yaml ADDED Viewed

@@ -0,0 +1,18 @@
+# These will be used when generating kubernetes entities
+project-name: $PROJECT_NAME
+# Supported: hetzner, digitalocean, or gcloud
+infra: hetzner
+# Only relevant for Digital Ocean. Determines the number of versions to keep for each docker image.
+image-versions-to-keep: 5
+registry-base-url: $REGISTRY_BASE_URL
+# What comes before <image-name>:<tag>. Can be empty.
+registry-image-path-prefix: $PROJECT_NAME
+# production and staging are supported by default
+extra-remote-environments: []
+# development and test are supported by default
+extra-local-environments: []

package/dist/src/target-templates/infra-variants/hetzner/.devops/infra/hetzner/abandoned/harbor-values.yaml ADDED Viewed

@@ -0,0 +1,30 @@
+# While this works when setting Cloudflare TLS encryption mode to "full", it fails when too big layers are attempted to be pushed
+expose:
+  type: ingress
+  ingress:
+    hosts:
+      core: $REGISTRY_BASE_URL
+    className: "nginx"
+    annotations:
+      nginx.ingress.kubernetes.io/ssl-redirect: "false"
+      nginx.ingress.kubernetes.io/proxy-body-size: "0"
+      ingress.kubernetes.io/ssl-redirect: "false"
+      ingress.kubernetes.io/proxy-body-size: "0"
+  tls:
+    enabled: false
+externalURL: https://$REGISTRY_BASE_URL
+persistence:
+  enabled: true
+  persistentVolumeClaim:
+    registry:
+      storageClass: "hcloud-volumes"
+      accessMode: ReadWriteOnce
+      size: 20Gi
+    jobservice:
+      storageClass: "hcloud-volumes"
+      accessMode: ReadWriteOnce
+      size: 5Gi
+    chartmuseum:
+      storageClass: "hcloud-volumes"
+      accessMode: ReadWriteOnce
+      size: 5Gi

package/dist/src/target-templates/infra-variants/hetzner/.devops/infra/hetzner/abandoned/hcloud-config.yaml ADDED Viewed

@@ -0,0 +1,134 @@
+---
+cluster_name: $PROJECT_NAME
+kubeconfig_path: "./kubeconfig"
+k3s_version: v1.32.2+k3s1
+networking:
+  ssh:
+    port: 22
+    use_agent: false # set to true if your key has a passphrase
+    public_key_path: "~/.ssh/id_hcloud.pub"
+    private_key_path: "~/.ssh/id_hcloud"
+  allowed_networks:
+    ssh:
+      - 0.0.0.0/0
+    api: # this will firewall port 6443 on the nodes
+      - 0.0.0.0/0
+  public_network:
+    ipv4: false
+    ipv6: false
+  private_network:
+    enabled: true
+    subnet: 10.0.0.0/16
+    existing_network_name: "cluster-network"
+  cni:
+    enabled: true
+    encryption: false
+    mode: flannel
+  # cluster_cidr: 10.244.0.0/16 # optional: a custom IPv4/IPv6 network CIDR to use for pod IPs
+  # service_cidr: 10.43.0.0/16 # optional: a custom IPv4/IPv6 network CIDR to use for service IPs. Warning, if you change this, you should also change cluster_dns!
+  # cluster_dns: 10.43.0.10 # optional: IPv4 Cluster IP for coredns service. Needs to be an address from the service_cidr range
+# manifests:
+#   cloud_controller_manager_manifest_url: "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/v1.23.0/ccm-networks.yaml"
+#   csi_driver_manifest_url: "https://raw.githubusercontent.com/hetznercloud/csi-driver/v2.12.0/deploy/kubernetes/hcloud-csi.yml"
+#   system_upgrade_controller_deployment_manifest_url: "https://github.com/rancher/system-upgrade-controller/releases/download/v0.14.2/system-upgrade-controller.yaml"
+#   system_upgrade_controller_crd_manifest_url: "https://github.com/rancher/system-upgrade-controller/releases/download/v0.14.2/crd.yaml"
+#   cluster_autoscaler_manifest_url: "https://raw.githubusercontent.com/kubernetes/autoscaler/master/cluster-autoscaler/cloudprovider/hetzner/examples/cluster-autoscaler-run-on-master.yaml"
+#   cluster_autoscaler_container_image_tag: "v1.32.0"
+# datastore:
+#   mode: etcd # etcd (default) or external
+#   external_datastore_endpoint: postgres://....
+schedule_workloads_on_masters: false
+# image: rocky-9 # optional: default is ubuntu-24.04
+# autoscaling_image: 103908130 # optional, defaults to the `image` setting
+# snapshot_os: microos # optional: specified the os type when using a custom snapshot
+masters_pool:
+  instance_type: cpx21
+  instance_count: 1 # for HA; you can also create a single master cluster for dev and testing (not recommended for production)
+  locations: # You can choose a single location for single master clusters or if you prefer to have all masters in the same location. For regional clusters (which are only available in the eu-central network zone), each master needs to be placed in a separate location.
+    # - fsn1
+    # - hel1
+    - nbg1
+worker_node_pools:
+- name: small-static
+  instance_type: cpx21
+  instance_count: 2
+  location: nbg1
+  # image: debian-11
+  # labels:
+  #   - key: purpose
+  #     value: blah
+  # taints:
+  #   - key: something
+  #     value: value1:NoSchedule
+# - name: medium-autoscaled
+#   instance_type: cpx31
+#   location: fsn1
+#   autoscaling:
+#     enabled: true
+#     min_instances: 0
+#     max_instances: 3
+embedded_registry_mirror:
+  enabled: false # Enables fast p2p distribution of container images between nodes for faster pod startup. Check if your k3s version is compatible before enabling this option. You can find more information at https://docs.k3s.io/installation/registry-mirror
+protect_against_deletion: true
+create_load_balancer_for_the_kubernetes_api: false # Just a heads up: right now, we can’t limit access to the load balancer by IP through the firewall. This feature hasn’t been added by Hetzner yet.
+# See https://github.com/vitobotta/hetzner-k3s/blob/main/docs/Private_clusters_with_public_network_interface_disabled.md
+post_create_commands:
+- apt update
+- apt upgrade -y
+- apt install ifupdown resolvconf -y
+- apt autoremove -y hc-utils
+- apt purge -y hc-utils
+- echo "auto enp7s0" > /etc/network/interfaces.d/60-private
+- echo "iface enp7s0 inet dhcp" >> /etc/network/interfaces.d/60-private
+- echo "    post-up ip route add default via 10.0.0.1"  >> /etc/network/interfaces.d/60-private
+- echo "[Resolve]" > /etc/systemd/resolved.conf
+- echo "DNS=1.1.1.1 1.0.0.1" >> /etc/systemd/resolved.conf
+- ifdown enp7s0
+- ifup enp7s0
+- systemctl start resolvconf
+- systemctl enable resolvconf
+- echo "nameserver 1.1.1.1" >> /etc/resolvconf/resolv.conf.d/head
+- echo "nameserver 1.0.0.1" >> /etc/resolvconf/resolv.conf.d/head
+- resolvconf --enable-updates
+- resolvconf -u
+# additional_packages:
+# - somepackage
+# post_create_commands:
+# - apt update
+# - apt upgrade -y
+# - apt autoremove -y
+# kube_api_server_args:
+# - arg1
+# - ...
+# kube_scheduler_args:
+# - arg1
+# - ...
+# kube_controller_manager_args:
+# - arg1
+# - ...
+# kube_cloud_controller_manager_args:
+# - arg1
+# - ...
+# kubelet_args:
+# - arg1
+# - ...
+# kube_proxy_args:
+# - arg1
+# - ...
+# api_server_hostname: k8s.example.com # optional: DNS for the k8s API LoadBalancer. After the script has run, create a DNS record with the address of the API LoadBalancer.

package/dist/src/target-templates/infra-variants/hetzner/.devops/infra/hetzner/cert-manager.yaml ADDED Viewed

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-api-token-secret
+  namespace: cert-manager
+type: Opaque
+stringData:
+  api-token: $CLOUDFLARE_API_TOKEN
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-dns01
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: $EMAIL_ADDRESS
+    privateKeySecretRef:
+      name: letsencrypt-dns01-private-key
+    solvers:
+    - dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token

package/dist/src/target-templates/infra-variants/hetzner/.devops/infra/hetzner/harbor-cert.yaml ADDED Viewed

@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: tls-secret
+  namespace: harbor
+spec:
+  secretName: tls-secret
+  issuerRef:
+    name: letsencrypt-dns01
+    kind: ClusterIssuer
+  commonName: $REGISTRY_BASE_URL
+  dnsNames:
+  - $REGISTRY_BASE_URL