gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4004b34b64'
${ noResults }
hetzner-ansible/roles/harbor/defaults/main.yml

122 lines
3.6 KiB
YAML
Raw Blame History

---
harbor_version: v2.4.1
harbor_hostname: '{{ stage_server_domain }}'
harbor_external_url: 'https://{{ stage_server_domain }}'
harbor_id: '{{ inventory_hostname }}-harbor'
harbor_dockercompose_customized:
services:
core:
extra_hosts:
- '{{ shared_service_keycloak_hostname }}:{{ shared_service_keycloak_ip }}'
- '{{ shared_service_mail_hostname }}:{{ shared_service_mail_ip }}'
proxy:
networks:
- harbor
- front-tier
ports: [] # not exposing ports - already used by traefik
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.{{ harbor_id }}.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.{{ harbor_id }}.service={{ harbor_id }}"
- "traefik.http.routers.{{ harbor_id }}.rule=Host(`{{ harbor_hostname }}`)"
- "traefik.http.routers.{{ harbor_id }}.entrypoints=websecure"
- "traefik.http.routers.{{ harbor_id }}.tls=true"
- "traefik.http.routers.{{ harbor_id }}.tls.certresolver=letsencrypt"
- "traefik.http.services.{{ harbor_id }}.loadbalancer.server.port=8080"
- "traefik.http.middlewares.{{ harbor_id }}-monitor.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.{{ harbor_id }}-monitor.service={{ harbor_id }}-monitor"
- "traefik.http.routers.{{ harbor_id }}-monitor.rule=Host(`{{ harbor_hostname }}`)"
- "traefik.http.routers.{{ harbor_id }}-monitor.entrypoints=monitoring-harbor"
- "traefik.http.routers.{{ harbor_id }}-monitor.tls=true"
- "traefik.http.routers.{{ harbor_id }}-monitor.tls.certresolver=letsencrypt"
- "traefik.http.services.{{ harbor_id }}-monitor.loadbalancer.server.port=9090"
networks:
front-tier:
external: true
harbor_base_configuration:
email_host: '{{ shared_service_mail_hostname }}'
email_port: 25
email_from: '{{ harbor_id }}@{{ domain }}'
email_password: ''
email_username: ''
email_insecure: true
auth_mode: oidc_auth
oidc_name: "{{ harbor_oidc_realm }}"
oidc_endpoint: 'https://{{ shared_service_keycloak_hostname }}/auth/realms/docker'
oidc_client_id: "{{ harbor_oidc_client_id }}"
oidc_groups_claim: groups
oidc_scope: openid
oidc_verify_cert: true
oidc_auto_onboard: true
oidc_admin_group: '/admin'
scan_all_policy:
parameter:
daily_time: 0
project_object_template:
project_attributes:
project_name: '{{ elem }}'
meta_data:
auto_scan: true
project_state: present
members:
-
group_name: '/{{ elem }}'
group_type: oidc
role: projectadmin
harbor_projects_smardigo_default:
- awx
- sensw
- smardigo
harbor_projects: []
harbor_robot_tokens:
-
# secret_refresh: True
# token_state: present
name: ansible
level: system
description: 'smardigo docker pull credentials'
secret: '{{ harbor_token }}'
disable: false
duration: -1
editable: true
expires_at: -1
permissions:
- access:
- action: push
resource: repository
- action: pull
resource: repository
- action: delete
resource: artifact
- action: read
resource: helm-chart
- action: create
resource: helm-chart-version
- action: delete
resource: helm-chart-version
- action: create
resource: tag
- action: delete
resource: tag
- action: create
resource: artifact-label
- action: create
resource: scan
kind: project
namespace: "*"
harbor_scanall:
-
schedule:
cron: 0 0 1 * * *
type: Custom
Reference in New Issue View Git Blame Copy Permalink