templates/notary/notary-cm.yaml

{{ if .Values.notary.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ template "harbor.notary-server" . }}
  labels:
{{ include "harbor.labels" . | indent 4 }}
    component: notary
data:
  {{ $ca := genCA "harbor-notary-ca" 365 }}
  {{ $cert := genSignedCert (include "harbor.notary-signer" .) nil nil 365 $ca }}
  notary-signer-ca.crt: |
{{ $ca.Cert   | indent 4 }}
  notary-signer.crt: |
{{ $cert.Cert | indent 4 }}
  notary-signer.key: |
{{ $cert.Key  | indent 4 }}
  server-config.postgres.json: |
    {
      "server": {
        "http_addr": ":4443"
      },
      "trust_service": {
        "type": "remote",
        "hostname": "{{ template "harbor.notary-signer" . }}",
        "port": "7899",
        "tls_ca_file": "./notary-signer-ca.crt",
        "key_algorithm": "ecdsa"
      },
      "logging": {
        "level": "{{ .Values.logLevel }}"
      },
      "storage": {
        "backend": "postgres",
        "db_url": "{{ template "harbor.database.notaryServer" . }}"
      },
      "auth": {
          "type": "token",
          "options": {
              "realm": "{{ .Values.externalURL }}/service/token",
              "service": "harbor-notary",
              "issuer": "harbor-token-issuer",
              "rootcertbundle": "/root.crt"
          }
      }
    }
  signer-config.postgres.json: |
    {
      "server": {
        "grpc_addr": ":7899",
        "tls_cert_file": "./notary-signer.crt",
        "tls_key_file": "./notary-signer.key"
      },
      "logging": {
        "level": "{{ .Values.logLevel }}"
      },
      "storage": {
        "backend": "postgres",
        "db_url": "{{ template "harbor.database.notarySigner" . }}",
        "default_alias": "defaultalias"
      }
    }
{{ end }}