https://pulumi.com logo
Title
m

magnificent-scientist-71902

05/20/2021, 6:10 PM
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

let pulumiConfig = new pulumi.Config();

export type LagoonCoreConfig = {
    kubeconfig: any;
    gitlab: {
        token: pulumi.Output<string>;
    }
    elasticsearch: {
        install: boolean;
        adminUsername: string;
        adminPassword: pulumi.Output<string>; 
    }
    kibana: {
        install: boolean;
        externalHost: pulumi.Output<string>;
        accountUsername: string;
        accountPassword: pulumi.Output<string>;
    },
    registry: {
        hostname: pulumi.Output<string>;
        harborAdminPassword: pulumi.Output<string>;
    },
    dnsBaseName: any;
}

const clusterStackRef = new pulumi.StackReference(pulumiConfig.require("clusterStackRef"));

const dnsBaseName = pulumiConfig.get("dnsBaseName") || clusterStackRef.getOutput("clusterDnsName");


export const lagoonconfig: LagoonCoreConfig = {
    // Infrastructure / Networking
    kubeconfig: clusterStackRef.getOutput("kubeconfig"),
    gitlab: {
        token: pulumiConfig.requireSecret("gitlabToken"),
    },
    elasticsearch: {
        install: true,
        adminUsername: 'admin',
        adminPassword: pulumiConfig.requireSecret("elasticsearchAdminPassword")
    },
    kibana: {
        install: true,
        externalHost: pulumi.interpolate `kibana.${dnsBaseName}`,
        accountUsername: "kibanaserver",
        accountPassword: pulumiConfig.requireSecret("kibanaPassword")
    },
    registry: {
        hostname: pulumi.interpolate `registry.${dnsBaseName}`,
        harborAdminPassword: pulumiConfig.requireSecret("harborAdminPassword")
    },
    dnsBaseName: dnsBaseName
};

// Create the k8s provider with the kubeconfig.
export const k8sProvider = new k8s.Provider("k8sProvider", { kubeconfig: lagoonconfig.kubeconfig });


export default lagoonconfig;
And the file that deploys the chart for Harbor below. Every time I so a pulumi up, the secret in the 'harborAdminPassword' is different.
import * as k8s from "@pulumi/kubernetes";
import { k8sProvider, lagoonconfig } from "../config";

const hostname = lagoonconfig.registry.hostname;
const url = `https://${hostname}`;

export type HarborOutput = {
    chart: k8s.helm.v3.Chart;
    registryUrl: string;
};

const ns = new k8s.core.v1.Namespace("registry", {
    metadata: { name: "registry" },
}, { provider: k8sProvider })

export const createRegistry = (): HarborOutput  =>  {
    const registryChart = new k8s.helm.v3.Chart("registry",
        {
            namespace: ns.metadata.name,
            chart: "harbor",
            version: "1.5.2",
            fetchOpts: { repo: "<https://helm.goharbor.io>" },
            values: {
                harborAdminPassword: lagoonconfig.registry.harborAdminPassword,
                expose: {
                    tls: {
                        enabled: true,
                        certSource: "secret",
                        secret: {
                            secretName: "registry-harbor-tls",
                        }
                    },
                    ingress: {
                        annotations: {
                            "<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "nginx",
                            "<http://kubernetes.io/tls-acme|kubernetes.io/tls-acme>": "true"
                        },
                        hosts: {
                            core: lagoonconfig.registry.hostname
                        }
                    }
                },
                externalUrl: url,
                clair: {
                    enabled: false
                },
                notary: {
                    enabled: false
                },
                trivy: {
                    enabled: true
                }

            },
        },
        {providers: {kubernetes: k8sProvider}},
    );

    return {
        chart: registryChart,
        registryUrl: url
    };

};