Merge pull request #4389 from paulczar/helm-clair-external-db

update helm chart to use external postgresql dependency
This commit is contained in:
Daniel Jiang 2018-03-21 10:17:35 +08:00 committed by GitHub
commit 3577e59445
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 35 additions and 114 deletions

1
contrib/helm/harbor/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
charts/*

View File

@ -1,5 +1,5 @@
name: harbor
version: 0.1.0
version: 0.1.1
appVersion: 1.4.0
description: An Enterprise-class Docker Registry by VMware
keywords:

View File

@ -152,8 +152,8 @@ The following tables lists the configurable parameters of the Harbor chart and t
| `clair.enabled` | Enable clair? | `true` |
| `clair.image.repository` | Repository for clair image | `vmware/clair-photon` |
| `clair.image.tag` | Tag for clair image | `v2.0.1-v1.4.0`
| `clair.postgresPassword` | password for clair postgres | see values.yaml |
| `clair.resources` | [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) to allocate for container | undefined | `clair.pgResources` | [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) to allocate for container | undefined |
| `clair.resources` | [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) to allocate for container | undefined
| `postgresql` | Overrides for postgresql chart [values.yaml](https://github.com/kubernetes/charts/blob/f2938a46e3ae8e2512ede1142465004094c3c333/stable/postgresql/values.yaml) | see values.yaml
| | | |

View File

@ -0,0 +1,6 @@
dependencies:
- name: postgresql
repository: https://kubernetes-charts.storage.googleapis.com
version: 0.9.1
digest: sha256:e89ecacdca0cc0414763a586832bf7ca3d57bd25ac8e1a08e41080b610eb5a7d
generated: 2018-03-09T15:34:27.167977722-06:00

View File

@ -0,0 +1,4 @@
dependencies:
- name: postgresql
version: 0.9.1
repository: https://kubernetes-charts.storage.googleapis.com

View File

@ -50,10 +50,10 @@ data:
ADMIRAL_URL: "NA"
RESET: "false"
WITH_CLAIR: "{{ .Values.clair.enabled }}"
CLAIR_DB_HOST: "{{ template "harbor.fullname" . }}-clair-pg"
CLAIR_DB_HOST: "{{ .Release.Name }}-postgresql"
CLAIR_DB_PORT: "5432"
CLAIR_DB: "postgres"
CLAIR_DB_USERNAME: "postgres"
CLAIR_DB: "{{ .Values.clair.postgresDatabase }}"
CLAIR_DB_USERNAME: "{{ .Values.clair.postgresUser }}"
CLAIR_DB_PASSWORD: "{{ .Values.clair.postgresPassword }}"
UAA_ENDPOINT: ""
UAA_CLIENTID: ""

View File

@ -2,7 +2,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "harbor.fullname" . }}
name: {{ template "harbor.fullname" . }}-clair
labels:
{{ include "harbor.labels" . | indent 4 }}
component: clair
@ -12,8 +12,7 @@ data:
database:
type: pgsql
options:
source: "postgresql://postgres:{{ .Values.clair.postgresPassword }}@{{ template "harbor.fullname" . }}-clair-pg:5432?sslmode=disable"
source: "postgresql://{{ .Values.clair.postgresUser }}:{{ .Values.clair.postgresPassword }}@{{ .Release.Name }}-postgresql:5432/{{ .Values.clair.postgresDatabase }}?sslmode=disable"
# Number of elements kept in the cache
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
cachesize: 16384

View File

@ -34,7 +34,7 @@ spec:
volumes:
- name: clair-config
configMap:
name: "{{ template "harbor.fullname" . }}"
name: "{{ template "harbor.fullname" . }}-clair"
items:
- key: config.yaml
path: config.yaml

View File

@ -1,11 +0,0 @@
{{ if .Values.clair.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "harbor.fullname" . }}-clair-pg-config
labels:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
POSTGRES_PASSWORD: {{ .Values.clair.postgresPassword | b64enc | quote }}
{{ end }}

View File

@ -1,72 +0,0 @@
{{ if .Values.clair.enabled }}
apiVersion: apps/v1beta2
kind: StatefulSet
metadata:
name: {{ template "harbor.fullname" . }}-clair-pg
labels:
{{ include "harbor.labels" . | indent 4 }}
component: clair-pg
spec:
serviceName: "{{ template "harbor.fullname" . }}-clair-pg"
selector:
matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
component: clair-pg
template:
metadata:
name: {{ template "harbor.fullname" . }}-clair-pg
labels:
{{ include "harbor.labels" . | indent 8 }}
component: clair-pg
spec:
containers:
- name: postgres
image: {{ .Values.clair.pgImage.repository }}:{{ .Values.clair.pgImage.tag }}
imagePullPolicy: {{ .Values.clair.pgImage.pullPolicy }}
resources:
{{ toYaml .Values.clair.pgResources | indent 10 }}
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "harbor.fullname" . }}-clair-pg-config
key: POSTGRES_PASSWORD
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 512Mi
volumeMounts:
- name: pgdata
mountPath: /var/lib/postgresql
ports:
- containerPort: 5432
name: postgres-port
protocol: TCP
{{- if not .Values.persistence.enabled }}
volumes:
- name: pgdata
emptyDir: {}
{{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- metadata:
name: pgdata
labels:
{{ include "harbor.labels" . | indent 8 }}
spec:
accessModes: [{{ .Values.clair.volumes.pgData.accessMode | quote }}]
{{- if .Values.clair.volumes.pgData.storageClass }}
{{- if (eq "-" .Values.clair.volumes.pgData.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.clair.volumes.pgData.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: {{ .Values.clair.volumes.pgData.size | quote }}
{{- end -}}
{{- end -}}

View File

@ -1,14 +0,0 @@
{{ if .Values.clair.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "harbor.fullname" . }}-clair-pg
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
ports:
- port: 5432
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: clair-pg
{{ end }}

View File

@ -243,20 +243,18 @@ registry:
# memory: 256Mi
# cpu: 100m
## Clair support is not yet fully implemented in the Helm Charts
## Enabling it will just break things.
#
clair:
enabled: true
image:
repository: vmware/clair-photon
tag: v2.0.1-v1.4.0
pullPolicy: IfNotPresent
## The following needs to match the credentials
## in the `postgresql` configuration under the
## `postgresql` namespace below.
postgresPassword: not-a-secure-password
pgImage:
repository: postgres
tag: "9.6.4"
pullPolicy: IfNotPresent
postgresUser: clair
postgresDatabase: clair
# resources:
# requests:
# memory: 256Mi
@ -280,3 +278,13 @@ clair:
#
notary:
enabled: false
## Settings for postgresql dependency.
## see https://github.com/kubernetes/charts/tree/master/stable/postgresql
## for further configurables.
postgresql:
postgresUser: clair
postgresPassword: not-a-secure-password
postgresDatabase: clair
persistence:
enabled: false