From 08ae5f2f3765257120ced25de30365e960d3a478 Mon Sep 17 00:00:00 2001 From: Yan Date: Tue, 16 Oct 2018 18:34:36 +0800 Subject: [PATCH] Limit dns search in harbor containers (#6057) This commit is to set dns search to null in the harbor containers, that means the dns search domains of docker host doesn't impact the network IO in the containers. If do not set this, Harbor notary-server and notary-signer are resolving the "mysql" alias to the resolv.conf search path instead of to "mysql." for the notary-db bridge IP, see #6031. Signed-off-by: wang yan --- make/docker-compose.chartmuseum.tpl | 1 + make/docker-compose.clair.tpl | 1 + make/docker-compose.notary.tpl | 2 ++ make/docker-compose.tpl | 10 ++++++++++ 4 files changed, 14 insertions(+) diff --git a/make/docker-compose.chartmuseum.tpl b/make/docker-compose.chartmuseum.tpl index 1d540bacc..9e10a392b 100644 --- a/make/docker-compose.chartmuseum.tpl +++ b/make/docker-compose.chartmuseum.tpl @@ -16,6 +16,7 @@ services: restart: always networks: - harbor-chartmuseum + dns_search: "" depends_on: - redis volumes: diff --git a/make/docker-compose.clair.tpl b/make/docker-compose.clair.tpl index e1a938c89..9c000a9bd 100644 --- a/make/docker-compose.clair.tpl +++ b/make/docker-compose.clair.tpl @@ -23,6 +23,7 @@ services: image: goharbor/clair-photon:__clair_version__ restart: always cpu_quota: 50000 + dns_search: "" depends_on: - postgresql volumes: diff --git a/make/docker-compose.notary.tpl b/make/docker-compose.notary.tpl index 100a33e27..0bc33b0b0 100644 --- a/make/docker-compose.notary.tpl +++ b/make/docker-compose.notary.tpl @@ -18,6 +18,7 @@ services: networks: - notary-sig - harbor-notary + dns_search: "" volumes: - ./common/config/notary:/etc/notary:z env_file: @@ -39,6 +40,7 @@ services: notary-sig: aliases: - notarysigner + dns_search: "" volumes: - ./common/config/notary:/etc/notary:z env_file: diff --git a/make/docker-compose.tpl b/make/docker-compose.tpl index d56df3fa3..60608c693 100644 --- a/make/docker-compose.tpl +++ b/make/docker-compose.tpl @@ -4,6 +4,7 @@ services: image: goharbor/harbor-log:__version__ container_name: harbor-log restart: always + dns_search: "" volumes: - /var/log/harbor/:/var/log/docker/:z - ./common/config/log/:/etc/logrotate.d/:z @@ -20,6 +21,7 @@ services: - ./common/config/registry/:/etc/registry/:z networks: - harbor + dns_search: "" environment: - GODEBUG=netdns=cgo depends_on: @@ -41,6 +43,7 @@ services: - ./common/config/registryctl/config.yml:/etc/registryctl/config.yml:z networks: - harbor + dns_search: "" environment: - GODEBUG=netdns=cgo depends_on: @@ -58,6 +61,7 @@ services: - /data/database:/var/lib/postgresql/data:z networks: - harbor + dns_search: "" env_file: - ./common/config/db/env depends_on: @@ -79,6 +83,7 @@ services: - /data/:/data/:z networks: - harbor + dns_search: "" depends_on: - log logging: @@ -101,6 +106,7 @@ services: - /data/psc/:/etc/core/token/:z networks: - harbor + dns_search: "" depends_on: - log - adminserver @@ -116,6 +122,7 @@ services: restart: always networks: - harbor + dns_search: "" depends_on: - log - core @@ -136,6 +143,7 @@ services: - ./common/config/jobservice/config.yml:/etc/jobservice/config.yml:z networks: - harbor + dns_search: "" depends_on: - redis - core @@ -153,6 +161,7 @@ services: - /data/redis:/var/lib/redis networks: - harbor + dns_search: "" depends_on: - log logging: @@ -168,6 +177,7 @@ services: - ./common/config/nginx:/etc/nginx:z networks: - harbor + dns_search: "" ports: - 80:80 - 443:443