magnificent-scientist-71902
05/20/2021, 6:10 PMimport * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
let pulumiConfig = new pulumi.Config();
export type LagoonCoreConfig = {
kubeconfig: any;
gitlab: {
token: pulumi.Output<string>;
}
elasticsearch: {
install: boolean;
adminUsername: string;
adminPassword: pulumi.Output<string>;
}
kibana: {
install: boolean;
externalHost: pulumi.Output<string>;
accountUsername: string;
accountPassword: pulumi.Output<string>;
},
registry: {
hostname: pulumi.Output<string>;
harborAdminPassword: pulumi.Output<string>;
},
dnsBaseName: any;
}
const clusterStackRef = new pulumi.StackReference(pulumiConfig.require("clusterStackRef"));
const dnsBaseName = pulumiConfig.get("dnsBaseName") || clusterStackRef.getOutput("clusterDnsName");
export const lagoonconfig: LagoonCoreConfig = {
// Infrastructure / Networking
kubeconfig: clusterStackRef.getOutput("kubeconfig"),
gitlab: {
token: pulumiConfig.requireSecret("gitlabToken"),
},
elasticsearch: {
install: true,
adminUsername: 'admin',
adminPassword: pulumiConfig.requireSecret("elasticsearchAdminPassword")
},
kibana: {
install: true,
externalHost: pulumi.interpolate `kibana.${dnsBaseName}`,
accountUsername: "kibanaserver",
accountPassword: pulumiConfig.requireSecret("kibanaPassword")
},
registry: {
hostname: pulumi.interpolate `registry.${dnsBaseName}`,
harborAdminPassword: pulumiConfig.requireSecret("harborAdminPassword")
},
dnsBaseName: dnsBaseName
};
// Create the k8s provider with the kubeconfig.
export const k8sProvider = new k8s.Provider("k8sProvider", { kubeconfig: lagoonconfig.kubeconfig });
export default lagoonconfig;
And the file that deploys the chart for Harbor below. Every time I so a pulumi up, the secret in the 'harborAdminPassword' is different.
import * as k8s from "@pulumi/kubernetes";
import { k8sProvider, lagoonconfig } from "../config";
const hostname = lagoonconfig.registry.hostname;
const url = `https://${hostname}`;
export type HarborOutput = {
chart: k8s.helm.v3.Chart;
registryUrl: string;
};
const ns = new k8s.core.v1.Namespace("registry", {
metadata: { name: "registry" },
}, { provider: k8sProvider })
export const createRegistry = (): HarborOutput => {
const registryChart = new k8s.helm.v3.Chart("registry",
{
namespace: ns.metadata.name,
chart: "harbor",
version: "1.5.2",
fetchOpts: { repo: "<https://helm.goharbor.io>" },
values: {
harborAdminPassword: lagoonconfig.registry.harborAdminPassword,
expose: {
tls: {
enabled: true,
certSource: "secret",
secret: {
secretName: "registry-harbor-tls",
}
},
ingress: {
annotations: {
"<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>": "nginx",
"<http://kubernetes.io/tls-acme|kubernetes.io/tls-acme>": "true"
},
hosts: {
core: lagoonconfig.registry.hostname
}
}
},
externalUrl: url,
clair: {
enabled: false
},
notary: {
enabled: false
},
trivy: {
enabled: true
}
},
},
{providers: {kubernetes: k8sProvider}},
);
return {
chart: registryChart,
registryUrl: url
};
};