Skip to content

Add common annotations for resources created by this chart #2298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dmbuck32 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add common annotations for resources created by this chart #2298

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
827395d
feat: add common annotations for resources created by this chart
dmbuck32 Jan 21, 2026
4952980
Fix space in output.
dmbuck32 Jan 21, 2026
864f422
Add annotations for PodDisruptionBudget.
dmbuck32 Jan 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,7 @@ The following table lists the configurable parameters of the Harbor chart and th
| `persistence.imageChartStorage.gcs.useWorkloadIdentity` | A boolean to allow the use of workloadidentity in a GKE cluster. To use it, create a kubernetes service account and set the name in the key `serviceAccountName` of each component, then allow automounting the service account. | `false` |
| **General** | | |
| `externalURL` | The external URL for Harbor core service | `https://core.harbor.domain` |
| `commonAnnotations` | A set of common annotations to apply to each resource generated by this chart. | |
| `caBundleSecretName` | The custom CA bundle secret name, the secret must contain key named "ca.crt" which will be injected into the trust store for core, jobservice, registry, trivy components. | |
| `uaaSecretName` | If using external UAA auth which has a self signed cert, you can provide a pre-created secret containing it under the key `ca.crt`. | |
| `imagePullPolicy` | The image pull policy | |
Expand Down Expand Up @@ -425,7 +426,7 @@ The following table lists the configurable parameters of the Harbor chart and th

### Harbor Kubernetes Version Compatibility Matrix

The following is a list of the Test Kubernetes versions for each Harbor version. Generally, Harbor supporting Kubernetes version above v1.20+ . However we only test against 3 Kubernetes minor versions for each Harbor minor release.
The following is a list of the Test Kubernetes versions for each Harbor version. Generally, Harbor supporting Kubernetes version above v1.20+ . However we only test against 3 Kubernetes minor versions for each Harbor minor release.

| Harbor-Helm Version | Harbor App Version | Tested on Kubernetes version |
|---------------------|--------------------|-------------------------------|
Expand Down
8 changes: 6 additions & 2 deletions templates/core/core-cm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
data:
app.conf: |+
appname = Harbor
Expand Down Expand Up @@ -41,7 +45,7 @@ data:
{{- end }}
{{- if or (and (eq .Values.redis.type "internal") .Values.redis.internal.cacheLayerDatabaseIndex) (and (eq .Values.redis.type "external") .Values.redis.external.cacheLayerDatabaseIndex) }}
_REDIS_URL_CACHE_LAYER: "{{ template "harbor.redis.urlForCache" . }}"
{{- end }}
{{- end }}
PORTAL_URL: "{{ template "harbor.portalURL" . }}"
REGISTRY_CONTROLLER_URL: "{{ template "harbor.registryControllerURL" . }}"
REGISTRY_CREDENTIAL_USERNAME: "{{ .Values.registry.credentials.username }}"
Expand Down Expand Up @@ -86,7 +90,7 @@ data:
CACHE_ENABLED: "true"
CACHE_EXPIRE_HOURS: "{{ .Values.cache.expireHours }}"
{{- end }}

{{- if .Values.core.quotaUpdateProvider }}
QUOTA_UPDATE_PROVIDER: "{{ .Values.core.quotaUpdateProvider }}"
{{- end }}
7 changes: 7 additions & 0 deletions templates/core/core-dpl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
component: core
app.kubernetes.io/component: core
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.core.replicas }}
revisionHistoryLimit: {{ .Values.core.revisionHistoryLimit }}
Expand Down Expand Up @@ -34,6 +38,9 @@ spec:
{{- end }}
{{- if .Values.core.podAnnotations }}
{{ toYaml .Values.core.podAnnotations | indent 8 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{ toYaml .Values.commonAnnotations | indent 8 }}
{{- end }}
spec:
securityContext:
Expand Down
4 changes: 4 additions & 0 deletions templates/core/core-pdb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ metadata:
name: {{ template "harbor.core" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.core.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.core.podDisruptionBudget.minAvailable }}
Expand Down
9 changes: 8 additions & 1 deletion templates/core/core-pre-upgrade-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,19 @@ metadata:
# job is considered part of the release.
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-5"
{{- if .Values.commonAnnotations }}
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
spec:
template:
metadata:
labels:
{{ include "harbor.matchLabels" . | indent 8 }}
component: migrator
{{- if .Values.commonAnnotations -}}
annotations:
{{ toYaml .Values.commonAnnotations | indent 8 }}
{{- end }}
spec:
restartPolicy: Never
securityContext:
Expand Down Expand Up @@ -51,7 +58,7 @@ spec:
{{- end }}
{{- if not (empty .Values.containerSecurityContext) }}
securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }}
{{- end }}
{{- end }}
volumeMounts:
- name: config
mountPath: /etc/core/app.conf
Expand Down
4 changes: 4 additions & 0 deletions templates/core/core-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
type: Opaque
data:
{{- if not .Values.existingSecretSecretKey }}
Expand Down
7 changes: 6 additions & 1 deletion templates/core/core-svc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,14 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- with .Values.core.serviceAnnotations }}
{{- if or .Values.core.serviceAnnotations .Values.commonAnnotations }}
annotations:
{{- with .Values.core.serviceAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.commonAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
spec:
{{- if or (eq .Values.expose.ingress.controller "gce") (eq .Values.expose.ingress.controller "alb") (eq .Values.expose.ingress.controller "f5-bigip") }}
Expand Down
4 changes: 4 additions & 0 deletions templates/core/core-tls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
Expand Down
4 changes: 4 additions & 0 deletions templates/database/database-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
type: Opaque
data:
POSTGRES_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
Expand Down
10 changes: 10 additions & 0 deletions templates/database/database-ss.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
component: database
app.kubernetes.io/component: database
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
spec:
replicas: 1
serviceName: "{{ template "harbor.database" . }}"
Expand All @@ -29,6 +33,9 @@ spec:
checksum/secret: {{ include (print $.Template.BasePath "/database/database-secret.yaml") . | sha256sum }}
{{- if .Values.database.podAnnotations }}
{{ toYaml .Values.database.podAnnotations | indent 8 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{ toYaml .Values.commonAnnotations | indent 8 }}
{{- end }}
spec:
securityContext:
Expand Down Expand Up @@ -149,6 +156,9 @@ spec:
{{- range $key, $value := $database.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{ toYaml .Values.commonAnnotations | indent 8 }}
{{- end }}
spec:
accessModes: [{{ $database.accessMode | quote }}]
{{- if $database.storageClass }}
Expand Down
4 changes: 4 additions & 0 deletions templates/database/database-svc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.ipFamily.policy }}
ipFamilyPolicy: {{ .Values.ipFamily.policy }}
Expand Down
4 changes: 4 additions & 0 deletions templates/exporter/exporter-cm-env.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
data:
{{- if has "jobservice" .Values.proxy.components }}
HTTP_PROXY: "{{ .Values.proxy.httpProxy }}"
Expand Down
7 changes: 7 additions & 0 deletions templates/exporter/exporter-dpl.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
component: exporter
app.kubernetes.io/component: exporter
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.exporter.replicas }}
revisionHistoryLimit: {{ .Values.exporter.revisionHistoryLimit }}
Expand All @@ -34,6 +38,9 @@ spec:
{{- end }}
{{- if .Values.exporter.podAnnotations }}
{{ toYaml .Values.exporter.podAnnotations | indent 8 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{ toYaml .Values.commonAnnotations | indent 8 }}
{{- end }}
spec:
securityContext:
Expand Down
4 changes: 4 additions & 0 deletions templates/exporter/exporter-pdb.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ metadata:
name: {{ template "harbor.exporter" . }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.exporter.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.exporter.podDisruptionBudget.minAvailable }}
Expand Down
4 changes: 4 additions & 0 deletions templates/exporter/exporter-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
type: Opaque
data:
{{- if not .Values.existingSecretAdminPassword }}
Expand Down
4 changes: 4 additions & 0 deletions templates/exporter/exporter-svc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
spec:
{{- if .Values.ipFamily.policy }}
ipFamilyPolicy: {{ .Values.ipFamily.policy }}
Expand Down
9 changes: 7 additions & 2 deletions templates/gateway-apis/route.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,19 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
{{ toYaml $route.labels | indent 4 }}
{{- end }}
{{- if $route.annotations }}
{{- if or $route.annotations .Values.commonAnnotations }}
annotations:
{{- if $route.annotations }}
{{ toYaml $route.annotations | indent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
{{- end }}
spec:
parentRefs:
{{- toYaml $route.parentRefs | nindent 2 }}
hostnames:
hostnames:
{{- toYaml $route.hosts | nindent 2 }}
rules:
- matches:
Expand Down
3 changes: 3 additions & 0 deletions templates/ingress/ingress.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ metadata:
{{- end }}
annotations:
{{ toYaml $ingress.annotations | indent 4 }}
{{- if .Values.commonAnnotations }}
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
{{- if .Values.internalTLS.enabled }}
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
{{- end }}
Expand Down
4 changes: 4 additions & 0 deletions templates/ingress/secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ $cert.Cert | b64enc | quote }}
Expand Down
20 changes: 20 additions & 0 deletions templates/internal/auto-tls.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
Expand All @@ -31,6 +35,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
Expand All @@ -45,6 +53,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
Expand All @@ -59,6 +71,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
Expand All @@ -76,6 +92,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
ca.crt: {{ $ca.Cert | b64enc | quote }}
Expand Down
6 changes: 5 additions & 1 deletion templates/jobservice/jobservice-cm-env.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
data:
CORE_URL: "{{ template "harbor.coreURL" . }}"
TOKEN_SERVICE_URL: "{{ template "harbor.tokenServiceURL" . }}"
Expand All @@ -16,7 +20,7 @@ data:
JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "{{ .Values.jobservice.notification.webhook_job_http_client_timeout }}"

LOG_LEVEL: "{{ .Values.logLevel }}"

{{- if has "jobservice" .Values.proxy.components }}
HTTP_PROXY: "{{ .Values.proxy.httpProxy }}"
HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}"
Expand Down
4 changes: 4 additions & 0 deletions templates/jobservice/jobservice-cm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ metadata:
namespace: {{ .Release.Namespace | quote }}
labels:
{{ include "harbor.labels" . | indent 4 }}
{{- if .Values.commonAnnotations }}
annotations:
{{ toYaml .Values.commonAnnotations | indent 4 }}
{{- end }}
data:
config.yml: |+
#Server listening port
Expand Down
Loading