Make Helm Chart support Harbor 1.5.0

Update the helm chart of Harbor to use 1.5 image.  Specifically
`1.5.0-chart-patch` to include the fix to #4496 (for integration reason
this fix will not be merge to release branch).
Verified against kubenetes v1.10.0

contrib/helm/harbor/Chart.yaml

@@ -1,6 +1,6 @@
 name: harbor
-version: 0.1.2
-appVersion: 1.4.0
+version: 0.2.0
+appVersion: 1.5.0
 description: An Enterprise-class Docker Registry by VMware
 keywords:
 - vmware

contrib/helm/harbor/requirements.lock

@@ -2,5 +2,8 @@ dependencies:
 - name: postgresql
   repository: https://kubernetes-charts.storage.googleapis.com
   version: 0.9.1
-digest: sha256:e89ecacdca0cc0414763a586832bf7ca3d57bd25ac8e1a08e41080b610eb5a7d
-generated: 2018-03-09T15:34:27.167977722-06:00
+- name: redis
+  repository: https://kubernetes-charts.storage.googleapis.com
+  version: 3.2.5
+digest: sha256:e0f18247038eaab8d8e88ebb4abf4ea59778a8654528957957534adf6337915b
+generated: 2018-05-16T11:34:09.070799886+08:00

contrib/helm/harbor/requirements.yaml

@@ -2,3 +2,6 @@ dependencies:
 - name: postgresql
   version: 0.9.1
   repository: https://kubernetes-charts.storage.googleapis.com
+- name: redis
+  version: 3.2.5
+  repository: https://kubernetes-charts.storage.googleapis.com

contrib/helm/harbor/templates/_helpers.tpl

@@ -46,12 +46,6 @@ so it can match Harbor service FQDN and Notary service FQDN.
 {{- printf "notary-%s" .Values.externalDomain -}}
 {{- end -}}
 
-{{/*
-The internal service name of Notary server.
-notary-server hostname is not configurable in Harbor 1.4.0.
-Once Harbor 1.5.x is released, use this instead:
-  {{- printf "%s-notary-server" (include "harbor.fullname") -}}
-*/}}
 {{- define "harbor.notaryServiceName" -}}
-{{- printf "%s" "notary-server" -}}
-{{- end -}}
+{{- printf "%s-notary-server" (include "harbor.fullname" .) -}}
+{{- end -}}

contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml

@@ -54,6 +54,7 @@ data:
   CLAIR_DB_PORT: "5432"
   CLAIR_DB: "{{ .Values.clair.postgresDatabase }}"
   CLAIR_DB_USERNAME: "{{ .Values.clair.postgresUser }}"
+  CLAIR_URL: "http://{{ template "harbor.fullname" . }}-clair:6060"
   UAA_ENDPOINT: ""
   UAA_CLIENTID: ""
   UAA_CLIENTSECRET: ""

contrib/helm/harbor/templates/adminserver/adminserver-ss.yaml

@@ -72,4 +72,4 @@ spec:
       resources:
         requests:
           storage: {{ .Values.adminserver.volumes.config.size | quote }}
-  {{- end -}}
+  {{- end -}}

contrib/helm/harbor/templates/clair/clair-dpl.yaml

@@ -22,14 +22,14 @@ spec:
       - name: clair
         image: {{ .Values.clair.image.repository }}:{{ .Values.clair.image.tag }}
         imagePullPolicy: {{ .Values.clair.image.pullPolicy }}
-        args: ["-insecure-tls", "-config", "/config/config.yaml"]
+        args: ["-insecure-tls", "-config", "/etc/clair/config.yaml"]
         resources:
 {{ toYaml .Values.clair.resources | indent 10 }}
         ports:
         - containerPort: 6060
         volumeMounts:
         - name: clair-config
-          mountPath: /config/config.yaml
+          mountPath: /etc/clair/config.yaml
           subPath: config.yaml
       volumes:
       - name: clair-config
@@ -38,4 +38,4 @@ spec:
           items:
             - key: config.yaml
               path: config.yaml
-{{ end }}
+{{ end }}

contrib/helm/harbor/templates/clair/clair-svc.yaml

@@ -5,7 +5,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: clair
+  name: "{{ template "harbor.fullname" . }}-clair"
   labels:
 {{ include "harbor.labels" . | indent 4 }}
 spec:
@@ -14,4 +14,4 @@ spec:
   selector:
 {{ include "harbor.matchLabels" . | indent 4 }}
     component: clair
-{{ end }}
+{{ end }}

contrib/helm/harbor/templates/jobservice/jobservice-cm.yaml

@@ -5,9 +5,17 @@ metadata:
   labels:
 {{ include "harbor.labels" . | indent 4 }}
 data:
-  app.conf: |+
-    appname = jobservice
-    runmode = prod
-
-    [prod]
-    httpport = 8080
+  config.yml: |+
+    protocol: "http"
+    port: 8080
+    worker_pool:
+      workers: {{ .Values.jobservice.maxWorkers }}
+      backend: "redis"
+      redis_pool:
+        redis_url: "{{ .Release.Name }}-redis-master:{{ .Values.redis.master.port }}"
+        namespace: "harbor_job_service_namespace"
+    logger:
+      path: "/var/log/jobs"
+      level: "INFO"
+      archive_period: 14 #days
+    admin_server: "http://{{ template "harbor.fullname" . }}-adminserver"

contrib/helm/harbor/templates/jobservice/jobservice-dpl.yaml

@@ -29,32 +29,19 @@ spec:
         env:
           - name: LOG_LEVEL
             value: debug
-          - name: CONFIG_PATH
-            value: /etc/jobservice/app.conf
           - name: GODEBUG
             value: netdns=cgo
-          - name: ADMINSERVER_URL
-            value: "http://{{ template "harbor.fullname" . }}-adminserver"
         ports:
         - containerPort: 8080
         volumeMounts:
         - name: jobservice-config
-          mountPath: /etc/jobservice/app.conf
-          subPath: app.conf
-        - name: jobservice-secrets
-          mountPath: /etc/jobservice/key
-          subPath: key
+          mountPath: /etc/jobservice/config.yml
+          subPath: config.yml
         - name: job-logs
           mountPath: /var/log/jobs
       volumes:
       - name: jobservice-config
         configMap:
           name: "{{ template "harbor.fullname" . }}-jobservice"
-      - name: jobservice-secrets
-        secret:
-          secretName: "{{ template "harbor.fullname" . }}-jobservice"
-          items:
-            - key: secretKey
-              path: key
       - name: job-logs
         emptyDir: {}

contrib/helm/harbor/templates/notary/notary-cm.yaml

@@ -43,7 +43,7 @@ data:
         "type": "remote",
         "hostname": "{{ template "harbor.fullname" . }}-notary-signer",
         "port": "7899",
-        "tls_ca_file": "/config/notary-signer-ca.crt",
+        "tls_ca_file": "./notary-signer-ca.crt",
         "key_algorithm": "ecdsa"
       },
       "logging": {

contrib/helm/harbor/templates/notary/notary-db.yaml

@@ -19,6 +19,21 @@ spec:
 {{ include "harbor.labels" . | indent 8 }}
         component: notary-db
     spec:
+      initContainers: 
+      - name: move-init-scripts
+        image: alpine:3.6
+        imagePullPolicy: IfNotPresent
+        command: [
+          "sh",
+          "-ce",
+          "ls -l /configmap/docker-entrypoint-initdb.d/* &&
+           cp -L /configmap/docker-entrypoint-initdb.d/* /docker-entrypoint-initdb.d/"
+        ]
+        volumeMounts:
+        - name: notary-db-config
+          mountPath: /configmap/docker-entrypoint-initdb.d
+        - name: notary-db-init
+          mountPath: /docker-entrypoint-initdb.d
       containers:
       - name: notary-db
         image: {{ .Values.notary.db.image.repository }}:{{ .Values.notary.db.image.tag }}
@@ -33,30 +48,36 @@ spec:
 {{ toYaml .Values.notary.db.resources | indent 10 }}
         volumeMounts:
         - name: notary-db-config
+          mountPath: /configmap/docker-entrypoint-initdb.d
+        - name: notary-db-init
           mountPath: /docker-entrypoint-initdb.d
-        - name: notary-db
+        - name: notary-db-data
           mountPath: /var/lib/mysql
       volumes:
       - name: notary-db-config
         configMap:
           name: "{{ template "harbor.fullname" . }}-notary-db"
+      - name: notary-db-init
+        emptyDir: {}
       {{- if not .Values.persistence.enabled }}
-      - name: notary-db
+      - name: notary-db-data
         emptyDir: {}
       {{- end -}}
   {{- if .Values.persistence.enabled }}
   volumeClaimTemplates:
   - metadata:
-      name: notary-db
+      name: notary-db-data
     spec:
       accessModes: [{{ .Values.notary.db.volumes.data.accessMode | quote }}]
+      {{- if .Values.notary.db.volumes.data.storageClass }}
       {{- if (eq "-" .Values.notary.db.volumes.data.storageClass) }}
       storageClassName: ""
       {{- else }}
       storageClassName: "{{ .Values.notary.db.volumes.data.storageClass }}"
       {{- end }}
+      {{- end }}
       resources:
         requests:
-          storage: {{ .Values.adminserver.volumes.data.size | quote }}
+          storage: {{ .Values.notary.db.volumes.data.size | quote }}
   {{- end -}}
-{{ end }}
+{{ end }}

contrib/helm/harbor/templates/notary/notary-server.yaml

@@ -29,7 +29,7 @@ spec:
           value: "mysql://server:{{ .Values.notary.db.password }}@tcp({{ template "harbor.fullname" . }}-notary-db:3306)/notaryserver?parseTime=True"
         volumeMounts:
         - name: notary-config
-          mountPath: /config
+          mountPath: /etc/notary
         - name: root-certificate
           mountPath: /root.crt
           subPath: root.crt

contrib/helm/harbor/templates/notary/notary-signer.yaml

@@ -31,9 +31,9 @@ spec:
           value: {{ .Values.notary.signer.env.NOTARY_SIGNER_DEFAULTALIAS }}
         volumeMounts:
         - name: notary-config
-          mountPath: /config
+          mountPath: /etc/notary
       volumes:
       - name: notary-config
         configMap:
           name: "{{ template "harbor.fullname" . }}-notary"
-{{ end }}
+{{ end }}

contrib/helm/harbor/templates/registry/registry-ss.yaml

@@ -23,7 +23,7 @@ spec:
         image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }}
         imagePullPolicy: {{ .Values.registry.image.pullPolicy }}
         resources:
-{{ toYaml .Values.mysql.resources | indent 10 }}
+{{ toYaml .Values.registry.resources | indent 10 }}
         args: ["serve", "/etc/registry/config.yml"]
         env:
           - name: REGISTRY_HTTP_SECRET
@@ -55,7 +55,7 @@ spec:
   {{- if and (not .Values.registry.objectStorage) .Values.persistence.enabled }}
   volumeClaimTemplates:
   - metadata:
-      name: "registry-data"
+      name: registry-data
       labels:
 {{ include "harbor.labels" . | indent 8 }}
     spec:

contrib/helm/harbor/templates/ui/ui-dpl.yaml

@@ -38,8 +38,6 @@ spec:
             value: "1"
           - name: ADMINSERVER_URL
             value: "http://{{ template "harbor.fullname" . }}-adminserver"
-          - name: CLAIR_DB_HOST
-            value: "{{ template "harbor.fullname" . }}-clair-pg"
         ports:
         - containerPort: 8080
         volumeMounts:

contrib/helm/harbor/values.yaml

@@ -26,10 +26,10 @@
 #       cpu: 100m
 
 persistence:
-  enabled: false
+  enabled: true
 
 # The tag for Harbor docker images.
-harborImageTag: &harbor_image_tag v1.4.0
+harborImageTag: &harbor_image_tag v1.5.0-chart-patch
 
 # The FQDN for Harbor service.
 externalDomain: harbor.my.domain
@@ -98,6 +98,7 @@ jobservice:
     tag: *harbor_image_tag
     pullPolicy: IfNotPresent
   secret: not-a-secure-secret
+  maxWorkers: 50
 # resources:
 #   requests:
 #     memory: 256Mi
@@ -196,7 +197,7 @@ mysql:
 registry:
   image:
     repository: vmware/registry-photon
-    tag: v2.6.2-v1.4.0
+    tag: v2.6.2-v1.5.0-chart-patch
     pullPolicy: IfNotPresent
   httpSecret: not-a-secure-secret
   logLevel: info
@@ -265,7 +266,7 @@ clair:
   enabled: true
   image:
     repository: vmware/clair-photon
-    tag: v2.0.1-v1.4.0
+    tag: v2.0.1-v1.5.0-chart-patch
     pullPolicy: IfNotPresent
 ## The following needs to match the credentials
 ## in the `postgresql` configuration under the
@@ -301,17 +302,31 @@ postgresql:
   persistence:
     enabled: false
 
+## Settings for redis dependency.
+## see https://github.com/kubernetes/charts/tree/master/stable/redis
+## for further configurables.
+redis:
+# Update needed in the cm that defines redis_url if usePassword is set to true.
+  usePassword: false
+  cluster:
+    enabled: false
+  master:
+    persistence:
+# TODO: There is a perm issue: Can't open the append-only file: Permission denied
+# TODO: Setting it to false is a temp workaround.  Will re-visit this problem.
+      enabled: false
+
 notary:
   enabled: true
   server:
     image:
       repository: vmware/notary-server-photon
-      tag: v0.5.1-v1.4.0
+      tag: v0.5.1-v1.5.0-chart-patch
       pullPolicy: IfNotPresent
   signer:
     image:
       repository: vmware/notary-signer-photon
-      tag: v0.5.1-v1.4.0
+      tag: v0.5.1-v1.5.0-chart-patch
       pullPolicy: IfNotPresent
     env:
       NOTARY_SIGNER_DEFAULTALIAS: defaultalias