mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-16 04:31:22 +01:00
commit
10f0654230
28
Makefile
28
Makefile
@ -76,7 +76,6 @@ REGISTRYSERVER=
|
|||||||
REGISTRYPROJECTNAME=goharbor
|
REGISTRYPROJECTNAME=goharbor
|
||||||
DEVFLAG=true
|
DEVFLAG=true
|
||||||
NOTARYFLAG=false
|
NOTARYFLAG=false
|
||||||
CLAIRFLAG=false
|
|
||||||
TRIVYFLAG=false
|
TRIVYFLAG=false
|
||||||
HTTPPROXY=
|
HTTPPROXY=
|
||||||
BUILDBIN=false
|
BUILDBIN=false
|
||||||
@ -101,9 +100,7 @@ PREPARE_VERSION_NAME=versions
|
|||||||
#versions
|
#versions
|
||||||
REGISTRYVERSION=v2.7.1-patch-2819-2553-redis
|
REGISTRYVERSION=v2.7.1-patch-2819-2553-redis
|
||||||
NOTARYVERSION=v0.6.1
|
NOTARYVERSION=v0.6.1
|
||||||
CLAIRVERSION=v2.1.6
|
|
||||||
NOTARYMIGRATEVERSION=v3.5.4
|
NOTARYMIGRATEVERSION=v3.5.4
|
||||||
CLAIRADAPTERVERSION=v1.1.1
|
|
||||||
TRIVYVERSION=v0.9.2
|
TRIVYVERSION=v0.9.2
|
||||||
TRIVYADAPTERVERSION=v0.14.1
|
TRIVYADAPTERVERSION=v0.14.1
|
||||||
|
|
||||||
@ -117,11 +114,9 @@ CHARTMUSEUM_SRC_TAG=v0.12.0
|
|||||||
REGISTRY_SRC_TAG=v2.7.1
|
REGISTRY_SRC_TAG=v2.7.1
|
||||||
|
|
||||||
# dependency binaries
|
# dependency binaries
|
||||||
CLAIRURL=https://storage.googleapis.com/harbor-builds/bin/clair/release2.0-${CLAIRVERSION}/clair
|
|
||||||
CHARTURL=https://storage.googleapis.com/harbor-builds/bin/chartmuseum/release-${CHARTMUSEUMVERSION}/chartm
|
CHARTURL=https://storage.googleapis.com/harbor-builds/bin/chartmuseum/release-${CHARTMUSEUMVERSION}/chartm
|
||||||
NORARYURL=https://storage.googleapis.com/harbor-builds/bin/notary/release-${NOTARYVERSION}/binary-bundle.tgz
|
NORARYURL=https://storage.googleapis.com/harbor-builds/bin/notary/release-${NOTARYVERSION}/binary-bundle.tgz
|
||||||
REGISTRYURL=https://storage.googleapis.com/harbor-builds/bin/registry/release-${REGISTRYVERSION}/registry
|
REGISTRYURL=https://storage.googleapis.com/harbor-builds/bin/registry/release-${REGISTRYVERSION}/registry
|
||||||
CLAIR_ADAPTER_DOWNLOAD_URL=https://github.com/goharbor/harbor-scanner-clair/releases/download/$(CLAIRADAPTERVERSION)/harbor-scanner-clair_$(CLAIRADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz
|
|
||||||
TRIVY_DOWNLOAD_URL=https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz
|
TRIVY_DOWNLOAD_URL=https://github.com/aquasecurity/trivy/releases/download/$(TRIVYVERSION)/trivy_$(TRIVYVERSION:v%=%)_Linux-64bit.tar.gz
|
||||||
TRIVY_ADAPTER_DOWNLOAD_URL=https://github.com/aquasecurity/harbor-scanner-trivy/releases/download/$(TRIVYADAPTERVERSION)/harbor-scanner-trivy_$(TRIVYADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz
|
TRIVY_ADAPTER_DOWNLOAD_URL=https://github.com/aquasecurity/harbor-scanner-trivy/releases/download/$(TRIVYADAPTERVERSION)/harbor-scanner-trivy_$(TRIVYADAPTERVERSION:v%=%)_Linux_x86_64.tar.gz
|
||||||
|
|
||||||
@ -129,8 +124,6 @@ define VERSIONS_FOR_PREPARE
|
|||||||
VERSION_TAG: $(VERSIONTAG)
|
VERSION_TAG: $(VERSIONTAG)
|
||||||
REGISTRY_VERSION: $(REGISTRYVERSION)
|
REGISTRY_VERSION: $(REGISTRYVERSION)
|
||||||
NOTARY_VERSION: $(NOTARYVERSION)
|
NOTARY_VERSION: $(NOTARYVERSION)
|
||||||
CLAIR_VERSION: $(CLAIRVERSION)
|
|
||||||
CLAIR_ADAPTER_VERSION: $(CLAIRADAPTERVERSION)
|
|
||||||
TRIVY_VERSION: $(TRIVYVERSION)
|
TRIVY_VERSION: $(TRIVYVERSION)
|
||||||
TRIVY_ADAPTER_VERSION: $(TRIVYADAPTERVERSION)
|
TRIVY_ADAPTER_VERSION: $(TRIVYADAPTERVERSION)
|
||||||
CHARTMUSEUM_VERSION: $(CHARTMUSEUMVERSION)
|
CHARTMUSEUM_VERSION: $(CHARTMUSEUMVERSION)
|
||||||
@ -210,9 +203,6 @@ PREPARECMD_PARA=--conf $(INSIDE_CONFIGPATH)/$(CONFIGFILE)
|
|||||||
ifeq ($(NOTARYFLAG), true)
|
ifeq ($(NOTARYFLAG), true)
|
||||||
PREPARECMD_PARA+= --with-notary
|
PREPARECMD_PARA+= --with-notary
|
||||||
endif
|
endif
|
||||||
ifeq ($(CLAIRFLAG), true)
|
|
||||||
PREPARECMD_PARA+= --with-clair
|
|
||||||
endif
|
|
||||||
ifeq ($(TRIVYFLAG), true)
|
ifeq ($(TRIVYFLAG), true)
|
||||||
PREPARECMD_PARA+= --with-trivy
|
PREPARECMD_PARA+= --with-trivy
|
||||||
endif
|
endif
|
||||||
@ -239,14 +229,7 @@ DOCKERIMAGENAME_REGCTL=goharbor/harbor-registryctl
|
|||||||
|
|
||||||
# docker-compose files
|
# docker-compose files
|
||||||
DOCKERCOMPOSEFILEPATH=$(MAKEPATH)
|
DOCKERCOMPOSEFILEPATH=$(MAKEPATH)
|
||||||
DOCKERCOMPOSETPLFILENAME=docker-compose.tpl
|
|
||||||
DOCKERCOMPOSEFILENAME=docker-compose.yml
|
DOCKERCOMPOSEFILENAME=docker-compose.yml
|
||||||
DOCKERCOMPOSENOTARYTPLFILENAME=docker-compose.notary.tpl
|
|
||||||
DOCKERCOMPOSENOTARYFILENAME=docker-compose.notary.yml
|
|
||||||
DOCKERCOMPOSECLAIRTPLFILENAME=docker-compose.clair.tpl
|
|
||||||
DOCKERCOMPOSECLAIRFILENAME=docker-compose.clair.yml
|
|
||||||
DOCKERCOMPOSECHARTMUSEUMTPLFILENAME=docker-compose.chartmuseum.tpl
|
|
||||||
DOCKERCOMPOSECHARTMUSEUMFILENAME=docker-compose.chartmuseum.yml
|
|
||||||
|
|
||||||
SEDCMD=$(shell which sed)
|
SEDCMD=$(shell which sed)
|
||||||
SEDCMDI=$(SEDCMD) -i
|
SEDCMDI=$(SEDCMD) -i
|
||||||
@ -297,9 +280,6 @@ DOCKERCOMPOSE_FILE_OPT=-f $(DOCKERCOMPOSEFILEPATH)/$(DOCKERCOMPOSEFILENAME)
|
|||||||
ifeq ($(NOTARYFLAG), true)
|
ifeq ($(NOTARYFLAG), true)
|
||||||
DOCKERSAVE_PARA+= goharbor/notary-server-photon:$(VERSIONTAG) goharbor/notary-signer-photon:$(VERSIONTAG)
|
DOCKERSAVE_PARA+= goharbor/notary-server-photon:$(VERSIONTAG) goharbor/notary-signer-photon:$(VERSIONTAG)
|
||||||
endif
|
endif
|
||||||
ifeq ($(CLAIRFLAG), true)
|
|
||||||
DOCKERSAVE_PARA+= goharbor/clair-photon:$(VERSIONTAG) goharbor/clair-adapter-photon:$(VERSIONTAG)
|
|
||||||
endif
|
|
||||||
ifeq ($(TRIVYFLAG), true)
|
ifeq ($(TRIVYFLAG), true)
|
||||||
DOCKERSAVE_PARA+= goharbor/trivy-adapter-photon:$(VERSIONTAG)
|
DOCKERSAVE_PARA+= goharbor/trivy-adapter-photon:$(VERSIONTAG)
|
||||||
endif
|
endif
|
||||||
@ -409,18 +389,18 @@ build:
|
|||||||
-e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \
|
-e REGISTRYVERSION=$(REGISTRYVERSION) -e REGISTRY_SRC_TAG=$(REGISTRY_SRC_TAG) \
|
||||||
-e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \
|
-e NOTARYVERSION=$(NOTARYVERSION) -e NOTARYMIGRATEVERSION=$(NOTARYMIGRATEVERSION) \
|
||||||
-e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \
|
-e TRIVYVERSION=$(TRIVYVERSION) -e TRIVYADAPTERVERSION=$(TRIVYADAPTERVERSION) \
|
||||||
-e CLAIRVERSION=$(CLAIRVERSION) -e CLAIRADAPTERVERSION=$(CLAIRADAPTERVERSION) -e VERSIONTAG=$(VERSIONTAG) \
|
-e VERSIONTAG=$(VERSIONTAG) \
|
||||||
-e BUILDBIN=$(BUILDBIN) \
|
-e BUILDBIN=$(BUILDBIN) \
|
||||||
-e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e CHARTMUSEUM_SRC_TAG=$(CHARTMUSEUM_SRC_TAG) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) \
|
-e CHARTMUSEUMVERSION=$(CHARTMUSEUMVERSION) -e CHARTMUSEUM_SRC_TAG=$(CHARTMUSEUM_SRC_TAG) -e DOCKERIMAGENAME_CHART_SERVER=$(DOCKERIMAGENAME_CHART_SERVER) \
|
||||||
-e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \
|
-e NPM_REGISTRY=$(NPM_REGISTRY) -e BASEIMAGETAG=$(BASEIMAGETAG) -e BASEIMAGENAMESPACE=$(BASEIMAGENAMESPACE) \
|
||||||
-e CLAIRURL=$(CLAIRURL) -e CHARTURL=$(CHARTURL) -e NORARYURL=$(NORARYURL) -e REGISTRYURL=$(REGISTRYURL) -e CLAIR_ADAPTER_DOWNLOAD_URL=$(CLAIR_ADAPTER_DOWNLOAD_URL) \
|
-e CHARTURL=$(CHARTURL) -e NORARYURL=$(NORARYURL) -e REGISTRYURL=$(REGISTRYURL) \
|
||||||
-e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL)
|
-e TRIVY_DOWNLOAD_URL=$(TRIVY_DOWNLOAD_URL) -e TRIVY_ADAPTER_DOWNLOAD_URL=$(TRIVY_ADAPTER_DOWNLOAD_URL)
|
||||||
|
|
||||||
build_standalone_db_migrator: compile_standalone_db_migrator
|
build_standalone_db_migrator: compile_standalone_db_migrator
|
||||||
make -f $(MAKEFILEPATH_PHOTON)/Makefile _build_standalone_db_migrator -e BASEIMAGETAG=$(BASEIMAGETAG) -e VERSIONTAG=$(VERSIONTAG)
|
make -f $(MAKEFILEPATH_PHOTON)/Makefile _build_standalone_db_migrator -e BASEIMAGETAG=$(BASEIMAGETAG) -e VERSIONTAG=$(VERSIONTAG)
|
||||||
|
|
||||||
build_base_docker:
|
build_base_docker:
|
||||||
@for name in chartserver clair clair-adapter trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
|
@for name in chartserver trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
|
||||||
echo $$name ; \
|
echo $$name ; \
|
||||||
$(DOCKERBUILD) --pull --no-cache -f $(MAKEFILEPATH_PHOTON)/$$name/Dockerfile.base -t $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) --label base-build-date=$(date +"%Y%m%d") . && \
|
$(DOCKERBUILD) --pull --no-cache -f $(MAKEFILEPATH_PHOTON)/$$name/Dockerfile.base -t $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) --label base-build-date=$(date +"%Y%m%d") . && \
|
||||||
if [ -n "$(PUSHBASEIMAGE)" ] ; then \
|
if [ -n "$(PUSHBASEIMAGE)" ] ; then \
|
||||||
@ -429,7 +409,7 @@ build_base_docker:
|
|||||||
done
|
done
|
||||||
|
|
||||||
pull_base_docker:
|
pull_base_docker:
|
||||||
@for name in chartserver clair clair-adapter trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
|
@for name in chartserver trivy-adapter core db jobservice log nginx notary-server notary-signer portal prepare redis registry registryctl; do \
|
||||||
echo $$name ; \
|
echo $$name ; \
|
||||||
$(DOCKERPULL) $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) ; \
|
$(DOCKERPULL) $(BASEIMAGENAMESPACE)/harbor-$$name-base:$(BASEIMAGETAG) ; \
|
||||||
done
|
done
|
||||||
|
@ -61,11 +61,6 @@ data_volume: /data
|
|||||||
# redirect:
|
# redirect:
|
||||||
# disabled: false
|
# disabled: false
|
||||||
|
|
||||||
# Clair configuration
|
|
||||||
clair:
|
|
||||||
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
|
|
||||||
updaters_interval: 12
|
|
||||||
|
|
||||||
# Trivy configuration
|
# Trivy configuration
|
||||||
#
|
#
|
||||||
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
|
# Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
|
||||||
@ -147,13 +142,6 @@ _version: 2.0.0
|
|||||||
# ssl_mode: disable
|
# ssl_mode: disable
|
||||||
# max_idle_conns: 2
|
# max_idle_conns: 2
|
||||||
# max_open_conns: 0
|
# max_open_conns: 0
|
||||||
# clair:
|
|
||||||
# host: clair_db_host
|
|
||||||
# port: clair_db_port
|
|
||||||
# db_name: clair_db_name
|
|
||||||
# username: clair_db_username
|
|
||||||
# password: clair_db_password
|
|
||||||
# ssl_mode: disable
|
|
||||||
# notary_signer:
|
# notary_signer:
|
||||||
# host: notary_signer_db_host
|
# host: notary_signer_db_host
|
||||||
# port: notary_signer_db_port
|
# port: notary_signer_db_port
|
||||||
@ -206,7 +194,6 @@ proxy:
|
|||||||
components:
|
components:
|
||||||
- core
|
- core
|
||||||
- jobservice
|
- jobservice
|
||||||
- clair
|
|
||||||
- trivy
|
- trivy
|
||||||
|
|
||||||
# metric:
|
# metric:
|
||||||
|
@ -9,14 +9,13 @@ set +o noglob
|
|||||||
|
|
||||||
usage=$'Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
|
usage=$'Please set hostname and other necessary attributes in harbor.yml first. DO NOT use localhost or 127.0.0.1 for hostname, because Harbor needs to be accessed by external clients.
|
||||||
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https.
|
Please set --with-notary if needs enable Notary in Harbor, and set ui_url_protocol/ssl_cert/ssl_cert_key in harbor.yml bacause notary must run under https.
|
||||||
Please set --with-clair if needs enable Clair in Harbor
|
|
||||||
Please set --with-trivy if needs enable Trivy in Harbor
|
Please set --with-trivy if needs enable Trivy in Harbor
|
||||||
Please set --with-chartmuseum if needs enable Chartmuseum in Harbor'
|
Please set --with-chartmuseum if needs enable Chartmuseum in Harbor'
|
||||||
item=0
|
item=0
|
||||||
|
|
||||||
# notary is not enabled by default
|
# notary is not enabled by default
|
||||||
with_notary=$false
|
with_notary=$false
|
||||||
# clair is not enabled by default
|
# clair is deprecated
|
||||||
with_clair=$false
|
with_clair=$false
|
||||||
# trivy is not enabled by default
|
# trivy is not enabled by default
|
||||||
with_trivy=$false
|
with_trivy=$false
|
||||||
@ -43,6 +42,12 @@ while [ $# -gt 0 ]; do
|
|||||||
shift || true
|
shift || true
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [ $with_clair ]
|
||||||
|
then
|
||||||
|
error "Clair is deprecated please remove it from installation arguments !!!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
workdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||||
cd $workdir
|
cd $workdir
|
||||||
|
|
||||||
@ -71,10 +76,6 @@ if [ $with_notary ]
|
|||||||
then
|
then
|
||||||
prepare_para="${prepare_para} --with-notary"
|
prepare_para="${prepare_para} --with-notary"
|
||||||
fi
|
fi
|
||||||
if [ $with_clair ]
|
|
||||||
then
|
|
||||||
prepare_para="${prepare_para} --with-clair"
|
|
||||||
fi
|
|
||||||
if [ $with_trivy ]
|
if [ $with_trivy ]
|
||||||
then
|
then
|
||||||
prepare_para="${prepare_para} --with-trivy"
|
prepare_para="${prepare_para} --with-trivy"
|
||||||
|
@ -59,14 +59,6 @@ DOCKERFILEPATH_POSTGRESQL=$(DOCKERFILEPATH)/postgresql
|
|||||||
DOCKERFILENAME_POSTGRESQL=Dockerfile
|
DOCKERFILENAME_POSTGRESQL=Dockerfile
|
||||||
DOCKERIMAGENAME_POSTGRESQL=goharbor/postgresql-photon
|
DOCKERIMAGENAME_POSTGRESQL=goharbor/postgresql-photon
|
||||||
|
|
||||||
DOCKERFILEPATH_CLAIR=$(DOCKERFILEPATH)/clair
|
|
||||||
DOCKERFILENAME_CLAIR=Dockerfile
|
|
||||||
DOCKERIMAGENAME_CLAIR=goharbor/clair-photon
|
|
||||||
|
|
||||||
DOCKERFILEPATH_CLAIR_ADAPTER=$(DOCKERFILEPATH)/clair-adapter
|
|
||||||
DOCKERFILENAME_CLAIR_ADAPTER=Dockerfile
|
|
||||||
DOCKERIMAGENAME_CLAIR_ADAPTER=goharbor/clair-adapter-photon
|
|
||||||
|
|
||||||
DOCKERFILEPATH_TRIVY_ADAPTER=$(DOCKERFILEPATH)/trivy-adapter
|
DOCKERFILEPATH_TRIVY_ADAPTER=$(DOCKERFILEPATH)/trivy-adapter
|
||||||
DOCKERFILENAME_TRIVY_ADAPTER=Dockerfile
|
DOCKERFILENAME_TRIVY_ADAPTER=Dockerfile
|
||||||
DOCKERIMAGENAME_TRIVY_ADAPTER=goharbor/trivy-adapter-photon
|
DOCKERIMAGENAME_TRIVY_ADAPTER=goharbor/trivy-adapter-photon
|
||||||
@ -137,38 +129,6 @@ _build_log:
|
|||||||
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_LOG)/$(DOCKERFILENAME_LOG) -t $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) .
|
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_LOG)/$(DOCKERFILENAME_LOG) -t $(DOCKERIMAGENAME_LOG):$(VERSIONTAG) .
|
||||||
@echo "Done."
|
@echo "Done."
|
||||||
|
|
||||||
_build_clair:
|
|
||||||
@if [ "$(CLAIRFLAG)" = "true" ] ; then \
|
|
||||||
if [ "$(BUILDBIN)" != "true" ] ; then \
|
|
||||||
rm -rf $(DOCKERFILEPATH_CLAIR)/binary && mkdir -p $(DOCKERFILEPATH_CLAIR)/binary && \
|
|
||||||
$(call _get_binary, $(CLAIRURL), $(DOCKERFILEPATH_CLAIR)/binary/clair); \
|
|
||||||
else \
|
|
||||||
cd $(DOCKERFILEPATH_CLAIR) && $(DOCKERFILEPATH_CLAIR)/builder $(CLAIRVERSION) && cd - ; \
|
|
||||||
fi ; \
|
|
||||||
echo "building clair container for photon..." ; \
|
|
||||||
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) --build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) -f $(DOCKERFILEPATH_CLAIR)/$(DOCKERFILENAME_CLAIR) -t $(DOCKERIMAGENAME_CLAIR):$(VERSIONTAG) . ; \
|
|
||||||
rm -rf $(DOCKERFILEPATH_CLAIR)/binary; \
|
|
||||||
echo "Done." ; \
|
|
||||||
fi
|
|
||||||
|
|
||||||
_build_clair_adapter:
|
|
||||||
@if [ "$(CLAIRFLAG)" = "true" ] ; then \
|
|
||||||
if [ "$(BUILDBIN)" != "true" ] ; then \
|
|
||||||
rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary && \
|
|
||||||
$(call _extract_archive, $(CLAIR_ADAPTER_DOWNLOAD_URL), $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/) && \
|
|
||||||
mv $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/scanner-clair $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary/harbor-scanner-clair; \
|
|
||||||
else \
|
|
||||||
cd $(DOCKERFILEPATH_CLAIR_ADAPTER) && $(DOCKERFILEPATH_CLAIR_ADAPTER)/builder.sh $(CLAIRADAPTERVERSION) && cd - ; \
|
|
||||||
fi ; \
|
|
||||||
echo "Building Clair adapter container for photon..." ; \
|
|
||||||
$(DOCKERBUILD) --build-arg harbor_base_image_version=$(BASEIMAGETAG) \
|
|
||||||
--build-arg harbor_base_namespace=$(BASEIMAGENAMESPACE) \
|
|
||||||
-f $(DOCKERFILEPATH_CLAIR_ADAPTER)/$(DOCKERFILENAME_CLAIR_ADAPTER) \
|
|
||||||
-t $(DOCKERIMAGENAME_CLAIR_ADAPTER):$(VERSIONTAG) . ; \
|
|
||||||
rm -rf $(DOCKERFILEPATH_CLAIR_ADAPTER)/binary; \
|
|
||||||
echo "Done." ; \
|
|
||||||
fi
|
|
||||||
|
|
||||||
_build_trivy_adapter:
|
_build_trivy_adapter:
|
||||||
@if [ "$(TRIVYFLAG)" = "true" ] ; then \
|
@if [ "$(TRIVYFLAG)" = "true" ] ; then \
|
||||||
rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
|
rm -rf $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary && mkdir -p $(DOCKERFILEPATH_TRIVY_ADAPTER)/binary ; \
|
||||||
@ -263,7 +223,7 @@ define _get_binary
|
|||||||
$(CURL) --connect-timeout 30 -f -k -L $1 -o $2 || exit 1
|
$(CURL) --connect-timeout 30 -f -k -L $1 -o $2 || exit 1
|
||||||
endef
|
endef
|
||||||
|
|
||||||
build: _build_prepare _build_db _build_portal _build_core _build_jobservice _build_log _build_nginx _build_registry _build_registryctl _build_notary _build_clair _build_clair_adapter _build_trivy_adapter _build_redis _build_chart_server
|
build: _build_prepare _build_db _build_portal _build_core _build_jobservice _build_log _build_nginx _build_registry _build_registryctl _build_notary _build_trivy_adapter _build_redis _build_chart_server
|
||||||
|
|
||||||
cleanimage:
|
cleanimage:
|
||||||
@echo "cleaning image for photon..."
|
@echo "cleaning image for photon..."
|
||||||
|
@ -1,18 +0,0 @@
|
|||||||
ARG harbor_base_image_version
|
|
||||||
ARG harbor_base_namespace
|
|
||||||
FROM ${harbor_base_namespace}/harbor-clair-adapter-base:${harbor_base_image_version}
|
|
||||||
|
|
||||||
COPY ./make/photon/common/install_cert.sh /home/clair-adapter
|
|
||||||
COPY ./make/photon/clair-adapter/entrypoint.sh /home/clair-adapter
|
|
||||||
COPY ./make/photon/clair-adapter/binary/harbor-scanner-clair /clair-adapter/clair-adapter
|
|
||||||
|
|
||||||
RUN chown -R clair-adapter:clair-adapter /etc/pki/tls/certs \
|
|
||||||
&& chown -R clair-adapter:clair-adapter /clair-adapter && chmod u+x /clair-adapter/clair-adapter \
|
|
||||||
&& chown clair-adapter:clair-adapter /home/clair-adapter/entrypoint.sh && chmod u+x /home/clair-adapter/entrypoint.sh \
|
|
||||||
&& chown clair-adapter:clair-adapter /home/clair-adapter/install_cert.sh && chmod u+x /home/clair-adapter/install_cert.sh
|
|
||||||
|
|
||||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:8080/probe/healthy || curl -k -sS https://127.0.0.1:8443/probe/healthy || exit 1
|
|
||||||
|
|
||||||
USER clair-adapter
|
|
||||||
|
|
||||||
ENTRYPOINT ["/home/clair-adapter/entrypoint.sh"]
|
|
@ -1,7 +0,0 @@
|
|||||||
FROM photon:2.0
|
|
||||||
|
|
||||||
RUN tdnf install -y shadow >> /dev/null \
|
|
||||||
&& tdnf clean all \
|
|
||||||
&& mkdir /clair-adapter/ \
|
|
||||||
&& groupadd -r -g 10000 clair-adapter \
|
|
||||||
&& useradd --no-log-init -m -r -g 10000 -u 10000 clair-adapter
|
|
@ -1,11 +0,0 @@
|
|||||||
FROM golang:1.14.7
|
|
||||||
|
|
||||||
ARG VERSION
|
|
||||||
ARG COMMIT
|
|
||||||
|
|
||||||
ADD . /go/src/github.com/goharbor/harbor-scanner-clair/
|
|
||||||
WORKDIR /go/src/github.com/goharbor/harbor-scanner-clair/
|
|
||||||
|
|
||||||
RUN export GOFLAGS=-mod=vendor GOOS=linux GO111MODULE=on CGO_ENABLED=0 && \
|
|
||||||
go build -ldflags "-X main.version=$VERSION -X main.commit=$COMMIT -X main.date=`date -u --iso-8601=seconds`" \
|
|
||||||
-o harbor-scanner-clair cmd/harbor-scanner-clair/main.go
|
|
@ -1,39 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set +e
|
|
||||||
|
|
||||||
if [ -z $1 ]; then
|
|
||||||
error "Please set the 'version' variable"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
VERSION="$1"
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# the temp folder to store binary file...
|
|
||||||
mkdir -p binary
|
|
||||||
rm -rf binary/harbor-scanner-clair || true
|
|
||||||
|
|
||||||
cd $(dirname $0)
|
|
||||||
cur=$PWD
|
|
||||||
|
|
||||||
# The temporary directory to clone Clair adapter source code
|
|
||||||
TEMP=$(mktemp -d ${TMPDIR-/tmp}/clair-adapter.XXXXXX)
|
|
||||||
git clone https://github.com/goharbor/harbor-scanner-clair.git $TEMP
|
|
||||||
cd $TEMP; git checkout $VERSION; export COMMIT=$(git rev-list -1 HEAD); cd -
|
|
||||||
|
|
||||||
echo "Building Clair adapter binary based on golang:1.14.7..."
|
|
||||||
cp Dockerfile.binary $TEMP
|
|
||||||
docker build --build-arg VERSION=${VERSION} --build-arg COMMIT=${COMMIT} -f $TEMP/Dockerfile.binary -t clair-adapter-golang $TEMP
|
|
||||||
|
|
||||||
echo "Copying Clair adapter binary from the container to the local directory..."
|
|
||||||
ID=$(docker create clair-adapter-golang)
|
|
||||||
docker cp $ID:/go/src/github.com/goharbor/harbor-scanner-clair/harbor-scanner-clair binary
|
|
||||||
|
|
||||||
docker rm -f $ID
|
|
||||||
docker rmi -f clair-adapter-golang
|
|
||||||
|
|
||||||
echo "Building Clair adapter binary finished successfully"
|
|
||||||
cd $cur
|
|
||||||
rm -rf $TEMP
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
/home/clair-adapter/install_cert.sh
|
|
||||||
|
|
||||||
/clair-adapter/clair-adapter
|
|
@ -1,22 +0,0 @@
|
|||||||
ARG harbor_base_image_version
|
|
||||||
ARG harbor_base_namespace
|
|
||||||
FROM ${harbor_base_namespace}/harbor-clair-base:${harbor_base_image_version}
|
|
||||||
|
|
||||||
COPY ./make/photon/clair/binary/clair /home/clair/
|
|
||||||
COPY ./make/photon/clair/docker-entrypoint.sh /home/clair/
|
|
||||||
COPY ./make/photon/clair/dumb-init /home/clair/
|
|
||||||
COPY ./make/photon/common/install_cert.sh /home/clair/
|
|
||||||
|
|
||||||
VOLUME /config
|
|
||||||
|
|
||||||
RUN chown -R clair:clair /etc/pki/tls/certs && chown -R clair:clair /home/clair \
|
|
||||||
&& chmod u+x /home/clair/clair \
|
|
||||||
&& chmod u+x /home/clair/docker-entrypoint.sh \
|
|
||||||
&& chmod u+x /home/clair/install_cert.sh \
|
|
||||||
&& chmod +x /home/clair/dumb-init
|
|
||||||
|
|
||||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:6061/health || exit 1
|
|
||||||
|
|
||||||
WORKDIR /home/clair
|
|
||||||
USER clair
|
|
||||||
ENTRYPOINT ["./docker-entrypoint.sh"]
|
|
@ -1,6 +0,0 @@
|
|||||||
FROM photon:2.0
|
|
||||||
|
|
||||||
RUN tdnf install -y git shadow rpm xz python-xml >>/dev/null\
|
|
||||||
&& tdnf clean all \
|
|
||||||
&& groupadd -r -g 10000 clair \
|
|
||||||
&& useradd --no-log-init -m -g 10000 -u 10000 clair
|
|
@ -1,7 +0,0 @@
|
|||||||
FROM golang:1.14.7
|
|
||||||
|
|
||||||
ADD . /go/src/github.com/quay/clair/
|
|
||||||
WORKDIR /go/src/github.com/quay/clair/
|
|
||||||
|
|
||||||
RUN export CLAIR_VERSION=$(git describe --tag --always --dirty) GO111MODULE=on && \
|
|
||||||
go build -ldflags "-X github.com/quay/clair/pkg/version.Version=$CLAIR_VERSION" ./cmd/clair
|
|
@ -1,38 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set +e
|
|
||||||
|
|
||||||
if [ -z $1 ]; then
|
|
||||||
error "Please set the 'version' variable"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
VERSION="$1"
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# the temp folder to store binary file...
|
|
||||||
mkdir -p binary
|
|
||||||
rm -rf binary/clair || true
|
|
||||||
|
|
||||||
cd `dirname $0`
|
|
||||||
cur=$PWD
|
|
||||||
|
|
||||||
# the temp folder to store distribution source code...
|
|
||||||
TEMP=`mktemp -d /$TMPDIR/clair.XXXXXX`
|
|
||||||
git clone -b $VERSION --single-branch https://github.com/quay/clair.git $TEMP
|
|
||||||
|
|
||||||
echo 'build the clair binary bases on the golang:1.14.7'
|
|
||||||
cp Dockerfile.binary $TEMP
|
|
||||||
docker build -f $TEMP/Dockerfile.binary -t clair-golang $TEMP
|
|
||||||
|
|
||||||
echo 'copy the clair binary to local...'
|
|
||||||
ID=$(docker create clair-golang)
|
|
||||||
docker cp $ID:/go/src/github.com/quay/clair/clair binary
|
|
||||||
|
|
||||||
docker rm -f $ID
|
|
||||||
docker rmi -f clair-golang
|
|
||||||
|
|
||||||
echo "Build clair binary success, then to build photon image..."
|
|
||||||
cd $cur
|
|
||||||
rm -rf $TEMP
|
|
@ -1,7 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -e
|
|
||||||
|
|
||||||
/home/clair/install_cert.sh
|
|
||||||
/home/clair/dumb-init -- /home/clair/clair -config /etc/clair/config.yaml $*
|
|
||||||
|
|
||||||
set +e
|
|
Binary file not shown.
@ -15,8 +15,6 @@ from utils.registry_ctl import prepare_registry_ctl
|
|||||||
from utils.core import prepare_core
|
from utils.core import prepare_core
|
||||||
from utils.notary import prepare_notary
|
from utils.notary import prepare_notary
|
||||||
from utils.log import prepare_log_configs
|
from utils.log import prepare_log_configs
|
||||||
from utils.clair import prepare_clair
|
|
||||||
from utils.clair_adapter import prepare_clair_adapter
|
|
||||||
from utils.chart import prepare_chartmuseum
|
from utils.chart import prepare_chartmuseum
|
||||||
from utils.docker_compose import prepare_docker_compose
|
from utils.docker_compose import prepare_docker_compose
|
||||||
from utils.nginx import prepare_nginx, nginx_confd_dir
|
from utils.nginx import prepare_nginx, nginx_confd_dir
|
||||||
@ -30,13 +28,12 @@ old_private_key_pem_path, old_crt_path)
|
|||||||
@click.command()
|
@click.command()
|
||||||
@click.option('--conf', default=input_config_path, help="the path of Harbor configuration file")
|
@click.option('--conf', default=input_config_path, help="the path of Harbor configuration file")
|
||||||
@click.option('--with-notary', is_flag=True, help="the Harbor instance is to be deployed with notary")
|
@click.option('--with-notary', is_flag=True, help="the Harbor instance is to be deployed with notary")
|
||||||
@click.option('--with-clair', is_flag=True, help="the Harbor instance is to be deployed with clair")
|
|
||||||
@click.option('--with-trivy', is_flag=True, help="the Harbor instance is to be deployed with Trivy")
|
@click.option('--with-trivy', is_flag=True, help="the Harbor instance is to be deployed with Trivy")
|
||||||
@click.option('--with-chartmuseum', is_flag=True, help="the Harbor instance is to be deployed with chart repository supporting")
|
@click.option('--with-chartmuseum', is_flag=True, help="the Harbor instance is to be deployed with chart repository supporting")
|
||||||
def prepare(conf, with_notary, with_clair, with_trivy, with_chartmuseum):
|
def prepare(conf, with_notary, with_trivy, with_chartmuseum):
|
||||||
|
|
||||||
delfile(config_dir)
|
delfile(config_dir)
|
||||||
config_dict = parse_yaml_config(conf, with_notary=with_notary, with_clair=with_clair, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum)
|
config_dict = parse_yaml_config(conf, with_notary=with_notary, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum)
|
||||||
try:
|
try:
|
||||||
validate(config_dict, notary_mode=with_notary)
|
validate(config_dict, notary_mode=with_notary)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
@ -47,7 +44,7 @@ def prepare(conf, with_notary, with_clair, with_trivy, with_chartmuseum):
|
|||||||
prepare_portal(config_dict)
|
prepare_portal(config_dict)
|
||||||
prepare_log_configs(config_dict)
|
prepare_log_configs(config_dict)
|
||||||
prepare_nginx(config_dict)
|
prepare_nginx(config_dict)
|
||||||
prepare_core(config_dict, with_notary=with_notary, with_clair=with_clair, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum)
|
prepare_core(config_dict, with_notary=with_notary, with_trivy=with_trivy, with_chartmuseum=with_chartmuseum)
|
||||||
prepare_registry(config_dict)
|
prepare_registry(config_dict)
|
||||||
prepare_registry_ctl(config_dict)
|
prepare_registry_ctl(config_dict)
|
||||||
prepare_db(config_dict)
|
prepare_db(config_dict)
|
||||||
@ -68,14 +65,10 @@ def prepare(conf, with_notary, with_clair, with_trivy, with_chartmuseum):
|
|||||||
if with_notary:
|
if with_notary:
|
||||||
prepare_notary(config_dict, nginx_confd_dir, SSL_CERT_PATH, SSL_CERT_KEY_PATH)
|
prepare_notary(config_dict, nginx_confd_dir, SSL_CERT_PATH, SSL_CERT_KEY_PATH)
|
||||||
|
|
||||||
if with_clair:
|
|
||||||
prepare_clair(config_dict)
|
|
||||||
prepare_clair_adapter(config_dict)
|
|
||||||
|
|
||||||
if with_trivy:
|
if with_trivy:
|
||||||
prepare_trivy_adapter(config_dict)
|
prepare_trivy_adapter(config_dict)
|
||||||
|
|
||||||
if with_chartmuseum:
|
if with_chartmuseum:
|
||||||
prepare_chartmuseum(config_dict)
|
prepare_chartmuseum(config_dict)
|
||||||
|
|
||||||
prepare_docker_compose(config_dict, with_clair, with_trivy, with_notary, with_chartmuseum)
|
prepare_docker_compose(config_dict, with_trivy, with_notary, with_chartmuseum)
|
||||||
|
@ -57,10 +57,8 @@ INTERNAL_NO_PROXY_DN = {
|
|||||||
'jobservice',
|
'jobservice',
|
||||||
'registry',
|
'registry',
|
||||||
'registryctl',
|
'registryctl',
|
||||||
'clair',
|
|
||||||
'chartmuseum',
|
'chartmuseum',
|
||||||
'notary-server',
|
'notary-server',
|
||||||
'notary-signer',
|
'notary-signer',
|
||||||
'clair-adapter',
|
|
||||||
'trivy-adapter',
|
'trivy-adapter',
|
||||||
}
|
}
|
||||||
|
@ -19,11 +19,6 @@ class InternalTLS:
|
|||||||
'portal.crt', 'portal.key'
|
'portal.crt', 'portal.key'
|
||||||
}
|
}
|
||||||
|
|
||||||
clair_certs_filename = {
|
|
||||||
'clair_adapter.crt', 'clair_adapter.key',
|
|
||||||
'clair.crt', 'clair.key'
|
|
||||||
}
|
|
||||||
|
|
||||||
trivy_certs_filename = {
|
trivy_certs_filename = {
|
||||||
'trivy_adapter.crt', 'trivy_adapter.key',
|
'trivy_adapter.crt', 'trivy_adapter.key',
|
||||||
}
|
}
|
||||||
@ -49,8 +44,6 @@ class InternalTLS:
|
|||||||
self.tls_dir = tls_dir
|
self.tls_dir = tls_dir
|
||||||
if self.enabled:
|
if self.enabled:
|
||||||
self.required_filenames = self.harbor_certs_filename
|
self.required_filenames = self.harbor_certs_filename
|
||||||
if kwargs.get('with_clair'):
|
|
||||||
self.required_filenames.update(self.clair_certs_filename)
|
|
||||||
if kwargs.get('with_notary'):
|
if kwargs.get('with_notary'):
|
||||||
self.required_filenames.update(self.notary_certs_filename)
|
self.required_filenames.update(self.notary_certs_filename)
|
||||||
if kwargs.get('with_chartmuseum'):
|
if kwargs.get('with_chartmuseum'):
|
||||||
|
@ -77,27 +77,6 @@ openssl req -new \
|
|||||||
openssl x509 -req -days $DAYS -sha256 -in registryctl.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out registryctl.crt
|
openssl x509 -req -days $DAYS -sha256 -in registryctl.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out registryctl.crt
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# generate clair_adapter key
|
|
||||||
openssl req -new \
|
|
||||||
-newkey rsa:4096 -nodes -sha256 -keyout clair_adapter.key \
|
|
||||||
-out clair_adapter.csr \
|
|
||||||
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=clair-adapter"
|
|
||||||
|
|
||||||
# sign clair_adapter csr with CA certificate and key
|
|
||||||
openssl x509 -req -days $DAYS -sha256 -in clair_adapter.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out clair_adapter.crt
|
|
||||||
|
|
||||||
|
|
||||||
# generate clair key
|
|
||||||
openssl req -new \
|
|
||||||
-newkey rsa:4096 -nodes -sha256 -keyout clair.key \
|
|
||||||
-out clair.csr \
|
|
||||||
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=clair"
|
|
||||||
|
|
||||||
# sign clair csr with CA certificate and key
|
|
||||||
openssl x509 -req -days $DAYS -sha256 -in clair.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out clair.crt
|
|
||||||
|
|
||||||
|
|
||||||
# generate trivy_adapter key
|
# generate trivy_adapter key
|
||||||
openssl req -new \
|
openssl req -new \
|
||||||
-newkey rsa:4096 -nodes -sha256 -keyout trivy_adapter.key \
|
-newkey rsa:4096 -nodes -sha256 -keyout trivy_adapter.key \
|
||||||
|
@ -1,10 +0,0 @@
|
|||||||
SCANNER_LOG_LEVEL={{log_level}}
|
|
||||||
SCANNER_CLAIR_URL={{clair_url}}
|
|
||||||
SCANNER_CLAIR_DATABASE_URL=postgresql://{{clair_db_username}}:{{clair_db_password}}@{{clair_db_host}}:{{clair_db_port}}/{{clair_db_name}}?sslmode={{clair_db_sslmode}}
|
|
||||||
SCANNER_STORE_REDIS_URL={{redis_url_clair}}
|
|
||||||
|
|
||||||
{%if internal_tls.enabled %}
|
|
||||||
SCANNER_API_SERVER_ADDR=:8443
|
|
||||||
SCANNER_API_SERVER_TLS_CERTIFICATE=/etc/harbor/ssl/clair_adapter.crt
|
|
||||||
SCANNER_API_SERVER_TLS_KEY=/etc/harbor/ssl/clair_adapter.key
|
|
||||||
{% endif %}
|
|
@ -1,3 +0,0 @@
|
|||||||
HTTP_PROXY={{clair_http_proxy}}
|
|
||||||
HTTPS_PROXY={{clair_https_proxy}}
|
|
||||||
NO_PROXY={{clair_no_proxy}}
|
|
@ -1,19 +0,0 @@
|
|||||||
clair:
|
|
||||||
database:
|
|
||||||
type: pgsql
|
|
||||||
options:
|
|
||||||
source: postgresql://{{clair_db_username}}:{{clair_db_password}}@{{clair_db_host}}:{{clair_db_port}}/{{clair_db_name}}?sslmode={{clair_db_sslmode}}
|
|
||||||
|
|
||||||
# Number of elements kept in the cache
|
|
||||||
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
|
|
||||||
cachesize: 16384
|
|
||||||
|
|
||||||
api:
|
|
||||||
# API server port
|
|
||||||
port: 6060
|
|
||||||
healthport: 6061
|
|
||||||
|
|
||||||
# Deadline before an API request will respond with a 503
|
|
||||||
timeout: 300s
|
|
||||||
updater:
|
|
||||||
interval: {{clair_updaters_interval}}h
|
|
@ -1 +0,0 @@
|
|||||||
POSTGRES_PASSWORD={{clair_db_password}}
|
|
@ -1,7 +0,0 @@
|
|||||||
This folder used to run some initial sql for clair if needed.
|
|
||||||
|
|
||||||
Just put the sql file in this directory and then start the
|
|
||||||
clair .
|
|
||||||
|
|
||||||
both .sql and .gz format supported
|
|
||||||
|
|
@ -61,9 +61,6 @@ services:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
networks:
|
networks:
|
||||||
- harbor
|
- harbor
|
||||||
{% if with_clair %}
|
|
||||||
- harbor-clair
|
|
||||||
{% endif %}
|
|
||||||
dns_search: .
|
dns_search: .
|
||||||
depends_on:
|
depends_on:
|
||||||
- log
|
- log
|
||||||
@ -136,11 +133,6 @@ services:
|
|||||||
harbor-notary:
|
harbor-notary:
|
||||||
aliases:
|
aliases:
|
||||||
- harbor-db
|
- harbor-db
|
||||||
{% endif %}
|
|
||||||
{% if with_clair %}
|
|
||||||
harbor-clair:
|
|
||||||
aliases:
|
|
||||||
- harbor-db
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
dns_search: .
|
dns_search: .
|
||||||
env_file:
|
env_file:
|
||||||
@ -198,11 +190,6 @@ services:
|
|||||||
{% if with_notary %}
|
{% if with_notary %}
|
||||||
harbor-notary:
|
harbor-notary:
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if with_clair %}
|
|
||||||
harbor-clair:
|
|
||||||
aliases:
|
|
||||||
- harbor-core
|
|
||||||
{% endif %}
|
|
||||||
{% if with_chartmuseum %}
|
{% if with_chartmuseum %}
|
||||||
harbor-chartmuseum:
|
harbor-chartmuseum:
|
||||||
aliases:
|
aliases:
|
||||||
@ -287,9 +274,6 @@ services:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
networks:
|
networks:
|
||||||
- harbor
|
- harbor
|
||||||
{% if with_clair %}
|
|
||||||
- harbor-clair
|
|
||||||
{% endif %}
|
|
||||||
dns_search: .
|
dns_search: .
|
||||||
depends_on:
|
depends_on:
|
||||||
- core
|
- core
|
||||||
@ -317,11 +301,6 @@ services:
|
|||||||
harbor-chartmuseum:
|
harbor-chartmuseum:
|
||||||
aliases:
|
aliases:
|
||||||
- redis
|
- redis
|
||||||
{% endif %}
|
|
||||||
{% if with_clair %}
|
|
||||||
harbor-clair:
|
|
||||||
aliases:
|
|
||||||
- redis
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
dns_search: .
|
dns_search: .
|
||||||
depends_on:
|
depends_on:
|
||||||
@ -468,87 +447,6 @@ services:
|
|||||||
syslog-address: "tcp://127.0.0.1:1514"
|
syslog-address: "tcp://127.0.0.1:1514"
|
||||||
tag: "notary-signer"
|
tag: "notary-signer"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if with_clair %}
|
|
||||||
clair:
|
|
||||||
networks:
|
|
||||||
- harbor-clair
|
|
||||||
container_name: clair
|
|
||||||
image: goharbor/clair-photon:{{clair_version}}
|
|
||||||
restart: always
|
|
||||||
cap_drop:
|
|
||||||
- ALL
|
|
||||||
cap_add:
|
|
||||||
- DAC_OVERRIDE
|
|
||||||
- SETGID
|
|
||||||
- SETUID
|
|
||||||
cpu_quota: 50000
|
|
||||||
dns_search: .
|
|
||||||
depends_on:
|
|
||||||
- log
|
|
||||||
{% if external_database == False %}
|
|
||||||
- postgresql
|
|
||||||
{% endif %}
|
|
||||||
volumes:
|
|
||||||
- type: bind
|
|
||||||
source: ./common/config/clair/config.yaml
|
|
||||||
target: /etc/clair/config.yaml
|
|
||||||
- type: bind
|
|
||||||
source: ./common/config/shared/trust-certificates
|
|
||||||
target: /harbor_cust_cert
|
|
||||||
{%if internal_tls.enabled %}
|
|
||||||
- type: bind
|
|
||||||
source: {{internal_tls.clair_crt_path}}
|
|
||||||
target: /etc/harbor/ssl/clair.crt
|
|
||||||
- type: bind
|
|
||||||
source: {{internal_tls.clair_key_path}}
|
|
||||||
target: /etc/harbor/ssl/clair.key
|
|
||||||
{% endif %}
|
|
||||||
logging:
|
|
||||||
driver: "syslog"
|
|
||||||
options:
|
|
||||||
syslog-address: "tcp://127.0.0.1:1514"
|
|
||||||
tag: "clair"
|
|
||||||
env_file:
|
|
||||||
./common/config/clair/clair_env
|
|
||||||
clair-adapter:
|
|
||||||
networks:
|
|
||||||
- harbor-clair
|
|
||||||
container_name: clair-adapter
|
|
||||||
image: goharbor/clair-adapter-photon:{{clair_adapter_version}}
|
|
||||||
restart: always
|
|
||||||
cap_drop:
|
|
||||||
- ALL
|
|
||||||
cap_add:
|
|
||||||
- DAC_OVERRIDE
|
|
||||||
- SETGID
|
|
||||||
- SETUID
|
|
||||||
cpu_quota: 50000
|
|
||||||
dns_search: .
|
|
||||||
depends_on:
|
|
||||||
- clair
|
|
||||||
{% if external_redis == False %}
|
|
||||||
- redis
|
|
||||||
{% endif %}
|
|
||||||
volumes:
|
|
||||||
- type: bind
|
|
||||||
source: ./common/config/shared/trust-certificates
|
|
||||||
target: /harbor_cust_cert
|
|
||||||
{%if internal_tls.enabled %}
|
|
||||||
- type: bind
|
|
||||||
source: {{internal_tls.clair_adapter_crt_path}}
|
|
||||||
target: /etc/harbor/ssl/clair_adapter.crt
|
|
||||||
- type: bind
|
|
||||||
source: {{internal_tls.clair_adapter_key_path}}
|
|
||||||
target: /etc/harbor/ssl/clair_adapter.key
|
|
||||||
{% endif %}
|
|
||||||
logging:
|
|
||||||
driver: "syslog"
|
|
||||||
options:
|
|
||||||
syslog-address: "tcp://127.0.0.1:1514"
|
|
||||||
tag: "clair-adapter"
|
|
||||||
env_file:
|
|
||||||
./common/config/clair-adapter/env
|
|
||||||
{% endif %}
|
|
||||||
{% if with_trivy %}
|
{% if with_trivy %}
|
||||||
trivy-adapter:
|
trivy-adapter:
|
||||||
container_name: trivy-adapter
|
container_name: trivy-adapter
|
||||||
@ -643,10 +541,6 @@ networks:
|
|||||||
notary-sig:
|
notary-sig:
|
||||||
external: false
|
external: false
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if with_clair %}
|
|
||||||
harbor-clair:
|
|
||||||
external: false
|
|
||||||
{% endif %}
|
|
||||||
{% if with_chartmuseum %}
|
{% if with_chartmuseum %}
|
||||||
harbor-chartmuseum:
|
harbor-chartmuseum:
|
||||||
external: false
|
external: false
|
||||||
|
@ -1,43 +0,0 @@
|
|||||||
import os, shutil
|
|
||||||
|
|
||||||
from g import templates_dir, config_dir, DEFAULT_UID, DEFAULT_GID
|
|
||||||
from .jinja import render_jinja
|
|
||||||
from .misc import prepare_dir
|
|
||||||
|
|
||||||
clair_template_dir = os.path.join(templates_dir, "clair")
|
|
||||||
|
|
||||||
def prepare_clair(config_dict):
|
|
||||||
clair_config_dir = prepare_dir(config_dir, "clair")
|
|
||||||
|
|
||||||
if os.path.exists(os.path.join(clair_config_dir, "postgresql-init.d")):
|
|
||||||
print("Copying offline data file for clair DB")
|
|
||||||
shutil.rmtree(os.path.join(clair_config_dir, "postgresql-init.d"))
|
|
||||||
|
|
||||||
shutil.copytree(os.path.join(clair_template_dir, "postgresql-init.d"), os.path.join(clair_config_dir, "postgresql-init.d"))
|
|
||||||
|
|
||||||
postgres_env_path = os.path.join(clair_config_dir, "postgres_env")
|
|
||||||
postgres_env_template = os.path.join(clair_template_dir, "postgres_env.jinja")
|
|
||||||
|
|
||||||
clair_config_path = os.path.join(clair_config_dir, "config.yaml")
|
|
||||||
clair_config_template = os.path.join(clair_template_dir, "config.yaml.jinja")
|
|
||||||
|
|
||||||
clair_env_path = os.path.join(clair_config_dir, "clair_env")
|
|
||||||
clair_env_template = os.path.join(clair_template_dir, "clair_env.jinja")
|
|
||||||
|
|
||||||
render_jinja(
|
|
||||||
postgres_env_template,
|
|
||||||
postgres_env_path,
|
|
||||||
**config_dict)
|
|
||||||
|
|
||||||
render_jinja(
|
|
||||||
clair_config_template,
|
|
||||||
clair_config_path,
|
|
||||||
uid=DEFAULT_UID,
|
|
||||||
gid=DEFAULT_GID,
|
|
||||||
**config_dict)
|
|
||||||
|
|
||||||
# config http proxy for Clair
|
|
||||||
render_jinja(
|
|
||||||
clair_env_template,
|
|
||||||
clair_env_path,
|
|
||||||
**config_dict)
|
|
@ -1,18 +0,0 @@
|
|||||||
import os
|
|
||||||
|
|
||||||
from g import templates_dir, config_dir
|
|
||||||
from .jinja import render_jinja
|
|
||||||
from .misc import prepare_dir
|
|
||||||
|
|
||||||
clair_adapter_template_dir = os.path.join(templates_dir, "clair-adapter")
|
|
||||||
|
|
||||||
def prepare_clair_adapter(config_dict):
|
|
||||||
clair_adapter_config_dir = prepare_dir(config_dir, "clair-adapter")
|
|
||||||
|
|
||||||
clair_adapter_env_path = os.path.join(clair_adapter_config_dir, "env")
|
|
||||||
clair_adapter_env_template = os.path.join(clair_adapter_template_dir, "env.jinja")
|
|
||||||
|
|
||||||
render_jinja(
|
|
||||||
clair_adapter_env_template,
|
|
||||||
clair_adapter_env_path,
|
|
||||||
**config_dict)
|
|
@ -85,7 +85,7 @@ def parse_versions():
|
|||||||
return versions
|
return versions
|
||||||
|
|
||||||
|
|
||||||
def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, with_chartmuseum):
|
def parse_yaml_config(config_file_path, with_notary, with_trivy, with_chartmuseum):
|
||||||
'''
|
'''
|
||||||
:param configs: config_parser object
|
:param configs: config_parser object
|
||||||
:returns: dict of configs
|
:returns: dict of configs
|
||||||
@ -102,8 +102,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
|
|||||||
'core_local_url': 'http://127.0.0.1:8080',
|
'core_local_url': 'http://127.0.0.1:8080',
|
||||||
'token_service_url': 'http://core:8080/service/token',
|
'token_service_url': 'http://core:8080/service/token',
|
||||||
'jobservice_url': 'http://jobservice:8080',
|
'jobservice_url': 'http://jobservice:8080',
|
||||||
'clair_url': 'http://clair:6060',
|
|
||||||
'clair_adapter_url': 'http://clair-adapter:8080',
|
|
||||||
'trivy_adapter_url': 'http://trivy-adapter:8080',
|
'trivy_adapter_url': 'http://trivy-adapter:8080',
|
||||||
'notary_url': 'http://notary-server:4443',
|
'notary_url': 'http://notary-server:4443',
|
||||||
'chart_repository_url': 'http://chartmuseum:9999'
|
'chart_repository_url': 'http://chartmuseum:9999'
|
||||||
@ -149,15 +147,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
|
|||||||
config_dict['harbor_db_max_idle_conns'] = db_configs.get("max_idle_conns") or default_db_max_idle_conns
|
config_dict['harbor_db_max_idle_conns'] = db_configs.get("max_idle_conns") or default_db_max_idle_conns
|
||||||
config_dict['harbor_db_max_open_conns'] = db_configs.get("max_open_conns") or default_db_max_open_conns
|
config_dict['harbor_db_max_open_conns'] = db_configs.get("max_open_conns") or default_db_max_open_conns
|
||||||
|
|
||||||
if with_clair:
|
|
||||||
# clair db
|
|
||||||
config_dict['clair_db_host'] = 'postgresql'
|
|
||||||
config_dict['clair_db_port'] = 5432
|
|
||||||
config_dict['clair_db_name'] = 'postgres'
|
|
||||||
config_dict['clair_db_username'] = 'postgres'
|
|
||||||
config_dict['clair_db_password'] = db_configs.get("password") or ''
|
|
||||||
config_dict['clair_db_sslmode'] = 'disable'
|
|
||||||
|
|
||||||
if with_notary:
|
if with_notary:
|
||||||
# notary signer
|
# notary signer
|
||||||
config_dict['notary_signer_db_host'] = 'postgresql'
|
config_dict['notary_signer_db_host'] = 'postgresql'
|
||||||
@ -224,12 +213,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
|
|||||||
config_dict[proxy_component + '_https_proxy'] = proxy_config.get('https_proxy') or ''
|
config_dict[proxy_component + '_https_proxy'] = proxy_config.get('https_proxy') or ''
|
||||||
config_dict[proxy_component + '_no_proxy'] = ','.join(all_no_proxy)
|
config_dict[proxy_component + '_no_proxy'] = ','.join(all_no_proxy)
|
||||||
|
|
||||||
# Clair configs, optional
|
|
||||||
clair_configs = configs.get("clair") or {}
|
|
||||||
config_dict['clair_db'] = 'postgres'
|
|
||||||
updaters_interval = clair_configs.get("updaters_interval", None)
|
|
||||||
config_dict['clair_updaters_interval'] = 12 if updaters_interval is None else updaters_interval
|
|
||||||
|
|
||||||
# Trivy configs, optional
|
# Trivy configs, optional
|
||||||
trivy_configs = configs.get("trivy") or {}
|
trivy_configs = configs.get("trivy") or {}
|
||||||
config_dict['trivy_github_token'] = trivy_configs.get("github_token") or ''
|
config_dict['trivy_github_token'] = trivy_configs.get("github_token") or ''
|
||||||
@ -292,14 +275,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
|
|||||||
config_dict['harbor_db_max_idle_conns'] = external_db_configs['harbor'].get("max_idle_conns") or default_db_max_idle_conns
|
config_dict['harbor_db_max_idle_conns'] = external_db_configs['harbor'].get("max_idle_conns") or default_db_max_idle_conns
|
||||||
config_dict['harbor_db_max_open_conns'] = external_db_configs['harbor'].get("max_open_conns") or default_db_max_open_conns
|
config_dict['harbor_db_max_open_conns'] = external_db_configs['harbor'].get("max_open_conns") or default_db_max_open_conns
|
||||||
|
|
||||||
if with_clair:
|
|
||||||
# clair db
|
|
||||||
config_dict['clair_db_host'] = external_db_configs['clair']['host']
|
|
||||||
config_dict['clair_db_port'] = external_db_configs['clair']['port']
|
|
||||||
config_dict['clair_db_name'] = external_db_configs['clair']['db_name']
|
|
||||||
config_dict['clair_db_username'] = external_db_configs['clair']['username']
|
|
||||||
config_dict['clair_db_password'] = external_db_configs['clair']['password']
|
|
||||||
config_dict['clair_db_sslmode'] = external_db_configs['clair']['ssl_mode']
|
|
||||||
if with_notary:
|
if with_notary:
|
||||||
# notary signer
|
# notary signer
|
||||||
config_dict['notary_signer_db_host'] = external_db_configs['notary_signer']['host']
|
config_dict['notary_signer_db_host'] = external_db_configs['notary_signer']['host']
|
||||||
@ -319,7 +294,7 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
|
|||||||
config_dict['external_database'] = False
|
config_dict['external_database'] = False
|
||||||
|
|
||||||
# update redis configs
|
# update redis configs
|
||||||
config_dict.update(get_redis_configs(configs.get("external_redis", None), with_clair, with_trivy))
|
config_dict.update(get_redis_configs(configs.get("external_redis", None), with_trivy))
|
||||||
|
|
||||||
# auto generated secret string for core
|
# auto generated secret string for core
|
||||||
config_dict['core_secret'] = generate_random_string(16)
|
config_dict['core_secret'] = generate_random_string(16)
|
||||||
@ -339,7 +314,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
|
|||||||
internal_tls_config['dir'],
|
internal_tls_config['dir'],
|
||||||
configs['data_volume'],
|
configs['data_volume'],
|
||||||
with_notary=with_notary,
|
with_notary=with_notary,
|
||||||
with_clair=with_clair,
|
|
||||||
with_trivy=with_trivy,
|
with_trivy=with_trivy,
|
||||||
with_chartmuseum=with_chartmuseum,
|
with_chartmuseum=with_chartmuseum,
|
||||||
external_database=config_dict['external_database'])
|
external_database=config_dict['external_database'])
|
||||||
@ -361,7 +335,6 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_trivy, wit
|
|||||||
config_dict['core_local_url'] = 'https://core:8443'
|
config_dict['core_local_url'] = 'https://core:8443'
|
||||||
config_dict['token_service_url'] = 'https://core:8443/service/token'
|
config_dict['token_service_url'] = 'https://core:8443/service/token'
|
||||||
config_dict['jobservice_url'] = 'https://jobservice:8443'
|
config_dict['jobservice_url'] = 'https://jobservice:8443'
|
||||||
config_dict['clair_adapter_url'] = 'https://clair-adapter:8443'
|
|
||||||
config_dict['trivy_adapter_url'] = 'https://trivy-adapter:8443'
|
config_dict['trivy_adapter_url'] = 'https://trivy-adapter:8443'
|
||||||
# config_dict['notary_url'] = 'http://notary-server:4443'
|
# config_dict['notary_url'] = 'http://notary-server:4443'
|
||||||
config_dict['chart_repository_url'] = 'https://chartmuseum:9443'
|
config_dict['chart_repository_url'] = 'https://chartmuseum:9443'
|
||||||
@ -404,7 +377,7 @@ def get_redis_url_param(redis=None):
|
|||||||
return ""
|
return ""
|
||||||
|
|
||||||
|
|
||||||
def get_redis_configs(external_redis=None, with_clair=True, with_trivy=True):
|
def get_redis_configs(external_redis=None, with_trivy=True):
|
||||||
"""Returns configs for redis
|
"""Returns configs for redis
|
||||||
|
|
||||||
>>> get_redis_configs()['external_redis']
|
>>> get_redis_configs()['external_redis']
|
||||||
@ -413,8 +386,6 @@ def get_redis_configs(external_redis=None, with_clair=True, with_trivy=True):
|
|||||||
'redis://redis:6379/1'
|
'redis://redis:6379/1'
|
||||||
>>> get_redis_configs()['redis_url_js']
|
>>> get_redis_configs()['redis_url_js']
|
||||||
'redis://redis:6379/2'
|
'redis://redis:6379/2'
|
||||||
>>> get_redis_configs()['redis_url_clair']
|
|
||||||
'redis://redis:6379/4'
|
|
||||||
>>> get_redis_configs()['trivy_redis_url']
|
>>> get_redis_configs()['trivy_redis_url']
|
||||||
'redis://redis:6379/5'
|
'redis://redis:6379/5'
|
||||||
|
|
||||||
@ -433,13 +404,9 @@ def get_redis_configs(external_redis=None, with_clair=True, with_trivy=True):
|
|||||||
'redis://anonymous:pass@localhost:6379/1'
|
'redis://anonymous:pass@localhost:6379/1'
|
||||||
>>> get_redis_configs({'host': 'localhost', 'password': 'pass'})['redis_url_js']
|
>>> get_redis_configs({'host': 'localhost', 'password': 'pass'})['redis_url_js']
|
||||||
'redis://anonymous:pass@localhost:6379/2'
|
'redis://anonymous:pass@localhost:6379/2'
|
||||||
>>> get_redis_configs({'host': 'localhost', 'password': 'pass'})['redis_url_clair']
|
|
||||||
'redis://anonymous:pass@localhost:6379/4'
|
|
||||||
>>> get_redis_configs({'host': 'localhost', 'password': 'pass'})['trivy_redis_url']
|
>>> get_redis_configs({'host': 'localhost', 'password': 'pass'})['trivy_redis_url']
|
||||||
'redis://anonymous:pass@localhost:6379/5'
|
'redis://anonymous:pass@localhost:6379/5'
|
||||||
|
|
||||||
>>> 'redis_url_clair' not in get_redis_configs(with_clair=False)
|
|
||||||
True
|
|
||||||
>>> 'trivy_redis_url' not in get_redis_configs(with_trivy=False)
|
>>> 'trivy_redis_url' not in get_redis_configs(with_trivy=False)
|
||||||
True
|
True
|
||||||
"""
|
"""
|
||||||
@ -454,7 +421,6 @@ def get_redis_configs(external_redis=None, with_clair=True, with_trivy=True):
|
|||||||
'registry_db_index': 1,
|
'registry_db_index': 1,
|
||||||
'jobservice_db_index': 2,
|
'jobservice_db_index': 2,
|
||||||
'chartmuseum_db_index': 3,
|
'chartmuseum_db_index': 3,
|
||||||
'clair_db_index': 4,
|
|
||||||
'trivy_db_index': 5,
|
'trivy_db_index': 5,
|
||||||
'idle_timeout_seconds': 30,
|
'idle_timeout_seconds': 30,
|
||||||
}
|
}
|
||||||
@ -467,9 +433,6 @@ def get_redis_configs(external_redis=None, with_clair=True, with_trivy=True):
|
|||||||
configs['redis_url_js'] = get_redis_url(redis['jobservice_db_index'], redis)
|
configs['redis_url_js'] = get_redis_url(redis['jobservice_db_index'], redis)
|
||||||
configs['redis_url_reg'] = get_redis_url(redis['registry_db_index'], redis)
|
configs['redis_url_reg'] = get_redis_url(redis['registry_db_index'], redis)
|
||||||
|
|
||||||
if with_clair:
|
|
||||||
configs['redis_url_clair'] = get_redis_url(redis['clair_db_index'], redis)
|
|
||||||
|
|
||||||
if with_trivy:
|
if with_trivy:
|
||||||
configs['trivy_redis_url'] = get_redis_url(redis['trivy_db_index'], redis)
|
configs['trivy_redis_url'] = get_redis_url(redis['trivy_db_index'], redis)
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@ core_conf = os.path.join(config_dir, "core", "app.conf")
|
|||||||
ca_download_dir = os.path.join(data_dir, 'ca_download')
|
ca_download_dir = os.path.join(data_dir, 'ca_download')
|
||||||
|
|
||||||
|
|
||||||
def prepare_core(config_dict, with_notary, with_clair, with_trivy, with_chartmuseum):
|
def prepare_core(config_dict, with_notary, with_trivy, with_chartmuseum):
|
||||||
prepare_dir(ca_download_dir, uid=DEFAULT_UID, gid=DEFAULT_GID)
|
prepare_dir(ca_download_dir, uid=DEFAULT_UID, gid=DEFAULT_GID)
|
||||||
prepare_dir(core_config_dir)
|
prepare_dir(core_config_dir)
|
||||||
# Render Core
|
# Render Core
|
||||||
@ -29,7 +29,6 @@ def prepare_core(config_dict, with_notary, with_clair, with_trivy, with_chartmus
|
|||||||
core_conf_env,
|
core_conf_env,
|
||||||
chart_cache_driver=chart_cache_driver,
|
chart_cache_driver=chart_cache_driver,
|
||||||
with_notary=with_notary,
|
with_notary=with_notary,
|
||||||
with_clair=with_clair,
|
|
||||||
with_trivy=with_trivy,
|
with_trivy=with_trivy,
|
||||||
with_chartmuseum=with_chartmuseum,
|
with_chartmuseum=with_chartmuseum,
|
||||||
csrf_key=generate_random_string(32),
|
csrf_key=generate_random_string(32),
|
||||||
|
@ -8,7 +8,7 @@ docker_compose_template_path = os.path.join(templates_dir, 'docker_compose', 'do
|
|||||||
docker_compose_yml_path = '/compose_location/docker-compose.yml'
|
docker_compose_yml_path = '/compose_location/docker-compose.yml'
|
||||||
|
|
||||||
# render docker-compose
|
# render docker-compose
|
||||||
def prepare_docker_compose(configs, with_clair, with_trivy, with_notary, with_chartmuseum):
|
def prepare_docker_compose(configs, with_trivy, with_notary, with_chartmuseum):
|
||||||
versions = parse_versions()
|
versions = parse_versions()
|
||||||
VERSION_TAG = versions.get('VERSION_TAG') or 'dev'
|
VERSION_TAG = versions.get('VERSION_TAG') or 'dev'
|
||||||
|
|
||||||
@ -17,8 +17,6 @@ def prepare_docker_compose(configs, with_clair, with_trivy, with_notary, with_ch
|
|||||||
'reg_version': VERSION_TAG,
|
'reg_version': VERSION_TAG,
|
||||||
'redis_version': VERSION_TAG,
|
'redis_version': VERSION_TAG,
|
||||||
'notary_version': VERSION_TAG,
|
'notary_version': VERSION_TAG,
|
||||||
'clair_version': VERSION_TAG,
|
|
||||||
'clair_adapter_version': VERSION_TAG,
|
|
||||||
'trivy_adapter_version': VERSION_TAG,
|
'trivy_adapter_version': VERSION_TAG,
|
||||||
'chartmuseum_version': VERSION_TAG,
|
'chartmuseum_version': VERSION_TAG,
|
||||||
'data_volume': configs['data_volume'],
|
'data_volume': configs['data_volume'],
|
||||||
@ -28,7 +26,6 @@ def prepare_docker_compose(configs, with_clair, with_trivy, with_notary, with_ch
|
|||||||
'external_redis': configs['external_redis'],
|
'external_redis': configs['external_redis'],
|
||||||
'external_database': configs['external_database'],
|
'external_database': configs['external_database'],
|
||||||
'with_notary': with_notary,
|
'with_notary': with_notary,
|
||||||
'with_clair': with_clair,
|
|
||||||
'with_trivy': with_trivy,
|
'with_trivy': with_trivy,
|
||||||
'with_chartmuseum': with_chartmuseum
|
'with_chartmuseum': with_chartmuseum
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user