From 065fbfa1a1e0cb4cce47f73d3102f62eff073e7f Mon Sep 17 00:00:00 2001 From: Tan Jiang Date: Fri, 18 May 2018 11:27:52 +0800 Subject: [PATCH] Make Helm Chart support Harbor 1.5.0 Update the helm chart of Harbor to use 1.5 image. Specifically `1.5.0-chart-patch` to include the fix to #4496 (for integration reason this fix will not be merge to release branch). Verified against kubenetes v1.10.0 --- contrib/helm/harbor/Chart.yaml | 4 +-- contrib/helm/harbor/requirements.lock | 7 +++-- contrib/helm/harbor/requirements.yaml | 3 ++ contrib/helm/harbor/templates/_helpers.tpl | 10 ++---- .../templates/adminserver/adminserver-cm.yaml | 1 + .../templates/adminserver/adminserver-ss.yaml | 2 +- .../harbor/templates/clair/clair-dpl.yaml | 6 ++-- .../harbor/templates/clair/clair-svc.yaml | 4 +-- .../templates/jobservice/jobservice-cm.yaml | 20 ++++++++---- .../templates/jobservice/jobservice-dpl.yaml | 17 ++-------- .../harbor/templates/notary/notary-cm.yaml | 2 +- .../harbor/templates/notary/notary-db.yaml | 31 ++++++++++++++++--- .../templates/notary/notary-server.yaml | 2 +- .../templates/notary/notary-signer.yaml | 4 +-- .../templates/registry/registry-ss.yaml | 4 +-- contrib/helm/harbor/templates/ui/ui-dpl.yaml | 2 -- contrib/helm/harbor/values.yaml | 27 ++++++++++++---- 17 files changed, 88 insertions(+), 58 deletions(-) diff --git a/contrib/helm/harbor/Chart.yaml b/contrib/helm/harbor/Chart.yaml index b6eef963a..56fec4473 100644 --- a/contrib/helm/harbor/Chart.yaml +++ b/contrib/helm/harbor/Chart.yaml @@ -1,6 +1,6 @@ name: harbor -version: 0.1.2 -appVersion: 1.4.0 +version: 0.2.0 +appVersion: 1.5.0 description: An Enterprise-class Docker Registry by VMware keywords: - vmware diff --git a/contrib/helm/harbor/requirements.lock b/contrib/helm/harbor/requirements.lock index fa6b0c773..ae47367a5 100644 --- a/contrib/helm/harbor/requirements.lock +++ b/contrib/helm/harbor/requirements.lock @@ -2,5 +2,8 @@ dependencies: - name: postgresql repository: https://kubernetes-charts.storage.googleapis.com version: 0.9.1 -digest: sha256:e89ecacdca0cc0414763a586832bf7ca3d57bd25ac8e1a08e41080b610eb5a7d -generated: 2018-03-09T15:34:27.167977722-06:00 +- name: redis + repository: https://kubernetes-charts.storage.googleapis.com + version: 3.2.5 +digest: sha256:e0f18247038eaab8d8e88ebb4abf4ea59778a8654528957957534adf6337915b +generated: 2018-05-16T11:34:09.070799886+08:00 diff --git a/contrib/helm/harbor/requirements.yaml b/contrib/helm/harbor/requirements.yaml index a6a999960..fefd85d11 100644 --- a/contrib/helm/harbor/requirements.yaml +++ b/contrib/helm/harbor/requirements.yaml @@ -2,3 +2,6 @@ dependencies: - name: postgresql version: 0.9.1 repository: https://kubernetes-charts.storage.googleapis.com +- name: redis + version: 3.2.5 + repository: https://kubernetes-charts.storage.googleapis.com diff --git a/contrib/helm/harbor/templates/_helpers.tpl b/contrib/helm/harbor/templates/_helpers.tpl index 5f57537cb..b6ecef0b0 100644 --- a/contrib/helm/harbor/templates/_helpers.tpl +++ b/contrib/helm/harbor/templates/_helpers.tpl @@ -46,12 +46,6 @@ so it can match Harbor service FQDN and Notary service FQDN. {{- printf "notary-%s" .Values.externalDomain -}} {{- end -}} -{{/* -The internal service name of Notary server. -notary-server hostname is not configurable in Harbor 1.4.0. -Once Harbor 1.5.x is released, use this instead: - {{- printf "%s-notary-server" (include "harbor.fullname") -}} -*/}} {{- define "harbor.notaryServiceName" -}} -{{- printf "%s" "notary-server" -}} -{{- end -}} \ No newline at end of file +{{- printf "%s-notary-server" (include "harbor.fullname" .) -}} +{{- end -}} diff --git a/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml b/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml index 55ed1b71a..fc943687c 100644 --- a/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml +++ b/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml @@ -54,6 +54,7 @@ data: CLAIR_DB_PORT: "5432" CLAIR_DB: "{{ .Values.clair.postgresDatabase }}" CLAIR_DB_USERNAME: "{{ .Values.clair.postgresUser }}" + CLAIR_URL: "http://{{ template "harbor.fullname" . }}-clair:6060" UAA_ENDPOINT: "" UAA_CLIENTID: "" UAA_CLIENTSECRET: "" diff --git a/contrib/helm/harbor/templates/adminserver/adminserver-ss.yaml b/contrib/helm/harbor/templates/adminserver/adminserver-ss.yaml index 89b5062ab..6815b20d9 100644 --- a/contrib/helm/harbor/templates/adminserver/adminserver-ss.yaml +++ b/contrib/helm/harbor/templates/adminserver/adminserver-ss.yaml @@ -72,4 +72,4 @@ spec: resources: requests: storage: {{ .Values.adminserver.volumes.config.size | quote }} - {{- end -}} \ No newline at end of file + {{- end -}} diff --git a/contrib/helm/harbor/templates/clair/clair-dpl.yaml b/contrib/helm/harbor/templates/clair/clair-dpl.yaml index 60905e58a..ac6ac014b 100644 --- a/contrib/helm/harbor/templates/clair/clair-dpl.yaml +++ b/contrib/helm/harbor/templates/clair/clair-dpl.yaml @@ -22,14 +22,14 @@ spec: - name: clair image: {{ .Values.clair.image.repository }}:{{ .Values.clair.image.tag }} imagePullPolicy: {{ .Values.clair.image.pullPolicy }} - args: ["-insecure-tls", "-config", "/config/config.yaml"] + args: ["-insecure-tls", "-config", "/etc/clair/config.yaml"] resources: {{ toYaml .Values.clair.resources | indent 10 }} ports: - containerPort: 6060 volumeMounts: - name: clair-config - mountPath: /config/config.yaml + mountPath: /etc/clair/config.yaml subPath: config.yaml volumes: - name: clair-config @@ -38,4 +38,4 @@ spec: items: - key: config.yaml path: config.yaml -{{ end }} \ No newline at end of file +{{ end }} diff --git a/contrib/helm/harbor/templates/clair/clair-svc.yaml b/contrib/helm/harbor/templates/clair/clair-svc.yaml index 439673fb9..5b305a367 100644 --- a/contrib/helm/harbor/templates/clair/clair-svc.yaml +++ b/contrib/helm/harbor/templates/clair/clair-svc.yaml @@ -5,7 +5,7 @@ apiVersion: v1 kind: Service metadata: - name: clair + name: "{{ template "harbor.fullname" . }}-clair" labels: {{ include "harbor.labels" . | indent 4 }} spec: @@ -14,4 +14,4 @@ spec: selector: {{ include "harbor.matchLabels" . | indent 4 }} component: clair -{{ end }} \ No newline at end of file +{{ end }} diff --git a/contrib/helm/harbor/templates/jobservice/jobservice-cm.yaml b/contrib/helm/harbor/templates/jobservice/jobservice-cm.yaml index b605f4019..6a21537bf 100644 --- a/contrib/helm/harbor/templates/jobservice/jobservice-cm.yaml +++ b/contrib/helm/harbor/templates/jobservice/jobservice-cm.yaml @@ -5,9 +5,17 @@ metadata: labels: {{ include "harbor.labels" . | indent 4 }} data: - app.conf: |+ - appname = jobservice - runmode = prod - - [prod] - httpport = 8080 + config.yml: |+ + protocol: "http" + port: 8080 + worker_pool: + workers: {{ .Values.jobservice.maxWorkers }} + backend: "redis" + redis_pool: + redis_url: "{{ .Release.Name }}-redis-master:{{ .Values.redis.master.port }}" + namespace: "harbor_job_service_namespace" + logger: + path: "/var/log/jobs" + level: "INFO" + archive_period: 14 #days + admin_server: "http://{{ template "harbor.fullname" . }}-adminserver" diff --git a/contrib/helm/harbor/templates/jobservice/jobservice-dpl.yaml b/contrib/helm/harbor/templates/jobservice/jobservice-dpl.yaml index effa9bbda..44929fd43 100644 --- a/contrib/helm/harbor/templates/jobservice/jobservice-dpl.yaml +++ b/contrib/helm/harbor/templates/jobservice/jobservice-dpl.yaml @@ -29,32 +29,19 @@ spec: env: - name: LOG_LEVEL value: debug - - name: CONFIG_PATH - value: /etc/jobservice/app.conf - name: GODEBUG value: netdns=cgo - - name: ADMINSERVER_URL - value: "http://{{ template "harbor.fullname" . }}-adminserver" ports: - containerPort: 8080 volumeMounts: - name: jobservice-config - mountPath: /etc/jobservice/app.conf - subPath: app.conf - - name: jobservice-secrets - mountPath: /etc/jobservice/key - subPath: key + mountPath: /etc/jobservice/config.yml + subPath: config.yml - name: job-logs mountPath: /var/log/jobs volumes: - name: jobservice-config configMap: name: "{{ template "harbor.fullname" . }}-jobservice" - - name: jobservice-secrets - secret: - secretName: "{{ template "harbor.fullname" . }}-jobservice" - items: - - key: secretKey - path: key - name: job-logs emptyDir: {} diff --git a/contrib/helm/harbor/templates/notary/notary-cm.yaml b/contrib/helm/harbor/templates/notary/notary-cm.yaml index 13c983992..c5b5c3aea 100644 --- a/contrib/helm/harbor/templates/notary/notary-cm.yaml +++ b/contrib/helm/harbor/templates/notary/notary-cm.yaml @@ -43,7 +43,7 @@ data: "type": "remote", "hostname": "{{ template "harbor.fullname" . }}-notary-signer", "port": "7899", - "tls_ca_file": "/config/notary-signer-ca.crt", + "tls_ca_file": "./notary-signer-ca.crt", "key_algorithm": "ecdsa" }, "logging": { diff --git a/contrib/helm/harbor/templates/notary/notary-db.yaml b/contrib/helm/harbor/templates/notary/notary-db.yaml index 16e19dd7f..039cea725 100644 --- a/contrib/helm/harbor/templates/notary/notary-db.yaml +++ b/contrib/helm/harbor/templates/notary/notary-db.yaml @@ -19,6 +19,21 @@ spec: {{ include "harbor.labels" . | indent 8 }} component: notary-db spec: + initContainers: + - name: move-init-scripts + image: alpine:3.6 + imagePullPolicy: IfNotPresent + command: [ + "sh", + "-ce", + "ls -l /configmap/docker-entrypoint-initdb.d/* && + cp -L /configmap/docker-entrypoint-initdb.d/* /docker-entrypoint-initdb.d/" + ] + volumeMounts: + - name: notary-db-config + mountPath: /configmap/docker-entrypoint-initdb.d + - name: notary-db-init + mountPath: /docker-entrypoint-initdb.d containers: - name: notary-db image: {{ .Values.notary.db.image.repository }}:{{ .Values.notary.db.image.tag }} @@ -33,30 +48,36 @@ spec: {{ toYaml .Values.notary.db.resources | indent 10 }} volumeMounts: - name: notary-db-config + mountPath: /configmap/docker-entrypoint-initdb.d + - name: notary-db-init mountPath: /docker-entrypoint-initdb.d - - name: notary-db + - name: notary-db-data mountPath: /var/lib/mysql volumes: - name: notary-db-config configMap: name: "{{ template "harbor.fullname" . }}-notary-db" + - name: notary-db-init + emptyDir: {} {{- if not .Values.persistence.enabled }} - - name: notary-db + - name: notary-db-data emptyDir: {} {{- end -}} {{- if .Values.persistence.enabled }} volumeClaimTemplates: - metadata: - name: notary-db + name: notary-db-data spec: accessModes: [{{ .Values.notary.db.volumes.data.accessMode | quote }}] + {{- if .Values.notary.db.volumes.data.storageClass }} {{- if (eq "-" .Values.notary.db.volumes.data.storageClass) }} storageClassName: "" {{- else }} storageClassName: "{{ .Values.notary.db.volumes.data.storageClass }}" {{- end }} + {{- end }} resources: requests: - storage: {{ .Values.adminserver.volumes.data.size | quote }} + storage: {{ .Values.notary.db.volumes.data.size | quote }} {{- end -}} -{{ end }} \ No newline at end of file +{{ end }} diff --git a/contrib/helm/harbor/templates/notary/notary-server.yaml b/contrib/helm/harbor/templates/notary/notary-server.yaml index 5deb5b6fd..a1e078634 100644 --- a/contrib/helm/harbor/templates/notary/notary-server.yaml +++ b/contrib/helm/harbor/templates/notary/notary-server.yaml @@ -29,7 +29,7 @@ spec: value: "mysql://server:{{ .Values.notary.db.password }}@tcp({{ template "harbor.fullname" . }}-notary-db:3306)/notaryserver?parseTime=True" volumeMounts: - name: notary-config - mountPath: /config + mountPath: /etc/notary - name: root-certificate mountPath: /root.crt subPath: root.crt diff --git a/contrib/helm/harbor/templates/notary/notary-signer.yaml b/contrib/helm/harbor/templates/notary/notary-signer.yaml index e782467db..245c98a1e 100644 --- a/contrib/helm/harbor/templates/notary/notary-signer.yaml +++ b/contrib/helm/harbor/templates/notary/notary-signer.yaml @@ -31,9 +31,9 @@ spec: value: {{ .Values.notary.signer.env.NOTARY_SIGNER_DEFAULTALIAS }} volumeMounts: - name: notary-config - mountPath: /config + mountPath: /etc/notary volumes: - name: notary-config configMap: name: "{{ template "harbor.fullname" . }}-notary" -{{ end }} \ No newline at end of file +{{ end }} diff --git a/contrib/helm/harbor/templates/registry/registry-ss.yaml b/contrib/helm/harbor/templates/registry/registry-ss.yaml index 7231c4834..c3624ccf9 100644 --- a/contrib/helm/harbor/templates/registry/registry-ss.yaml +++ b/contrib/helm/harbor/templates/registry/registry-ss.yaml @@ -23,7 +23,7 @@ spec: image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }} imagePullPolicy: {{ .Values.registry.image.pullPolicy }} resources: -{{ toYaml .Values.mysql.resources | indent 10 }} +{{ toYaml .Values.registry.resources | indent 10 }} args: ["serve", "/etc/registry/config.yml"] env: - name: REGISTRY_HTTP_SECRET @@ -55,7 +55,7 @@ spec: {{- if and (not .Values.registry.objectStorage) .Values.persistence.enabled }} volumeClaimTemplates: - metadata: - name: "registry-data" + name: registry-data labels: {{ include "harbor.labels" . | indent 8 }} spec: diff --git a/contrib/helm/harbor/templates/ui/ui-dpl.yaml b/contrib/helm/harbor/templates/ui/ui-dpl.yaml index d6be078af..8e5a533ac 100644 --- a/contrib/helm/harbor/templates/ui/ui-dpl.yaml +++ b/contrib/helm/harbor/templates/ui/ui-dpl.yaml @@ -38,8 +38,6 @@ spec: value: "1" - name: ADMINSERVER_URL value: "http://{{ template "harbor.fullname" . }}-adminserver" - - name: CLAIR_DB_HOST - value: "{{ template "harbor.fullname" . }}-clair-pg" ports: - containerPort: 8080 volumeMounts: diff --git a/contrib/helm/harbor/values.yaml b/contrib/helm/harbor/values.yaml index 91897a8e9..73e0f249a 100644 --- a/contrib/helm/harbor/values.yaml +++ b/contrib/helm/harbor/values.yaml @@ -26,10 +26,10 @@ # cpu: 100m persistence: - enabled: false + enabled: true # The tag for Harbor docker images. -harborImageTag: &harbor_image_tag v1.4.0 +harborImageTag: &harbor_image_tag v1.5.0-chart-patch # The FQDN for Harbor service. externalDomain: harbor.my.domain @@ -98,6 +98,7 @@ jobservice: tag: *harbor_image_tag pullPolicy: IfNotPresent secret: not-a-secure-secret + maxWorkers: 50 # resources: # requests: # memory: 256Mi @@ -196,7 +197,7 @@ mysql: registry: image: repository: vmware/registry-photon - tag: v2.6.2-v1.4.0 + tag: v2.6.2-v1.5.0-chart-patch pullPolicy: IfNotPresent httpSecret: not-a-secure-secret logLevel: info @@ -265,7 +266,7 @@ clair: enabled: true image: repository: vmware/clair-photon - tag: v2.0.1-v1.4.0 + tag: v2.0.1-v1.5.0-chart-patch pullPolicy: IfNotPresent ## The following needs to match the credentials ## in the `postgresql` configuration under the @@ -301,17 +302,31 @@ postgresql: persistence: enabled: false +## Settings for redis dependency. +## see https://github.com/kubernetes/charts/tree/master/stable/redis +## for further configurables. +redis: +# Update needed in the cm that defines redis_url if usePassword is set to true. + usePassword: false + cluster: + enabled: false + master: + persistence: +# TODO: There is a perm issue: Can't open the append-only file: Permission denied +# TODO: Setting it to false is a temp workaround. Will re-visit this problem. + enabled: false + notary: enabled: true server: image: repository: vmware/notary-server-photon - tag: v0.5.1-v1.4.0 + tag: v0.5.1-v1.5.0-chart-patch pullPolicy: IfNotPresent signer: image: repository: vmware/notary-signer-photon - tag: v0.5.1-v1.4.0 + tag: v0.5.1-v1.5.0-chart-patch pullPolicy: IfNotPresent env: NOTARY_SIGNER_DEFAULTALIAS: defaultalias