Merge pull request #4389 from paulczar/helm-clair-external-db

update helm chart to use external postgresql dependency

contrib/helm/harbor/.gitignore

@@ -0,0 +1 @@
+charts/*

contrib/helm/harbor/Chart.yaml

@@ -1,5 +1,5 @@
 name: harbor
-version: 0.1.0
+version: 0.1.1
 appVersion: 1.4.0
 description: An Enterprise-class Docker Registry by VMware
 keywords:

contrib/helm/harbor/README.md

@@ -152,8 +152,8 @@ The following tables lists the configurable parameters of the Harbor chart and t
 | `clair.enabled` | Enable clair? | `true` |
 | `clair.image.repository` | Repository for clair image | `vmware/clair-photon` |
 | `clair.image.tag` | Tag for clair image | `v2.0.1-v1.4.0`
-| `clair.postgresPassword` | password for clair postgres | see values.yaml |
-| `clair.resources` | [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) to allocate for container   | undefined | `clair.pgResources` | [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) to allocate for container   | undefined |
+| `clair.resources` | [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) to allocate for container   | undefined
+| `postgresql` | Overrides for postgresql chart [values.yaml](https://github.com/kubernetes/charts/blob/f2938a46e3ae8e2512ede1142465004094c3c333/stable/postgresql/values.yaml) | see values.yaml
 | | | |
 
 

contrib/helm/harbor/requirements.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://kubernetes-charts.storage.googleapis.com
+  version: 0.9.1
+digest: sha256:e89ecacdca0cc0414763a586832bf7ca3d57bd25ac8e1a08e41080b610eb5a7d
+generated: 2018-03-09T15:34:27.167977722-06:00

contrib/helm/harbor/requirements.yaml

@@ -0,0 +1,4 @@
+dependencies:
+- name: postgresql
+  version: 0.9.1
+  repository: https://kubernetes-charts.storage.googleapis.com

contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml

@@ -50,10 +50,10 @@ data:
   ADMIRAL_URL: "NA"
   RESET: "false"
   WITH_CLAIR: "{{ .Values.clair.enabled }}"
-  CLAIR_DB_HOST: "{{ template "harbor.fullname" . }}-clair-pg"
+  CLAIR_DB_HOST: "{{ .Release.Name }}-postgresql"
   CLAIR_DB_PORT: "5432"
-  CLAIR_DB: "postgres"
-  CLAIR_DB_USERNAME: "postgres"
+  CLAIR_DB: "{{ .Values.clair.postgresDatabase }}"
+  CLAIR_DB_USERNAME: "{{ .Values.clair.postgresUser }}"
   CLAIR_DB_PASSWORD: "{{ .Values.clair.postgresPassword }}"
   UAA_ENDPOINT: ""
   UAA_CLIENTID: ""

contrib/helm/harbor/templates/clair/clair-cm.yaml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "harbor.fullname" . }}
+  name: {{ template "harbor.fullname" . }}-clair
   labels:
 {{ include "harbor.labels" . | indent 4 }}
     component: clair
@@ -12,8 +12,7 @@ data:
       database:
         type: pgsql
         options:
-          source: "postgresql://postgres:{{ .Values.clair.postgresPassword }}@{{ template "harbor.fullname" . }}-clair-pg:5432?sslmode=disable"
-
+          source: "postgresql://{{ .Values.clair.postgresUser }}:{{ .Values.clair.postgresPassword }}@{{ .Release.Name }}-postgresql:5432/{{ .Values.clair.postgresDatabase }}?sslmode=disable"
           # Number of elements kept in the cache
           # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
           cachesize: 16384

contrib/helm/harbor/templates/clair/clair-dpl.yaml

@@ -34,7 +34,7 @@ spec:
       volumes:
       - name: clair-config
         configMap:
-          name: "{{ template "harbor.fullname" . }}"
+          name: "{{ template "harbor.fullname" . }}-clair"
           items:
             - key: config.yaml
               path: config.yaml

contrib/helm/harbor/templates/clair/postgres-secret.yaml

@@ -1,11 +0,0 @@
-{{ if .Values.clair.enabled }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ template "harbor.fullname" . }}-clair-pg-config
-  labels:
-{{ include "harbor.labels" . | indent 4 }}
-type: Opaque
-data:
-  POSTGRES_PASSWORD: {{ .Values.clair.postgresPassword | b64enc | quote }}
-{{ end }}

contrib/helm/harbor/templates/clair/postgres-ss.yaml

@@ -1,72 +0,0 @@
-{{ if .Values.clair.enabled }}
-apiVersion: apps/v1beta2
-kind: StatefulSet
-metadata:
-  name: {{ template "harbor.fullname" . }}-clair-pg
-  labels:
-{{ include "harbor.labels" . | indent 4 }}
-    component: clair-pg
-spec:
-  serviceName: "{{ template "harbor.fullname" . }}-clair-pg"
-  selector:
-    matchLabels:
-{{ include "harbor.matchLabels" . | indent 6 }}
-      component: clair-pg
-  template:
-    metadata:
-      name: {{ template "harbor.fullname" . }}-clair-pg
-      labels:
-{{ include "harbor.labels" . | indent 8 }}
-        component: clair-pg
-    spec:
-      containers:
-      - name: postgres
-        image: {{ .Values.clair.pgImage.repository }}:{{ .Values.clair.pgImage.tag }}
-        imagePullPolicy: {{ .Values.clair.pgImage.pullPolicy }}
-        resources:
-{{ toYaml .Values.clair.pgResources | indent 10 }}
-        env:
-        - name: POSTGRES_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "harbor.fullname" . }}-clair-pg-config
-              key: POSTGRES_PASSWORD
-        resources:
-          limits:
-            cpu: 1000m
-            memory: 1Gi
-          requests:
-            cpu: 100m
-            memory: 512Mi
-        volumeMounts:
-        - name: pgdata
-          mountPath: /var/lib/postgresql
-        ports:
-        - containerPort: 5432
-          name: postgres-port
-          protocol: TCP
-{{- if not .Values.persistence.enabled }}
-      volumes:
-      - name: pgdata
-        emptyDir: {}
-{{- end }}
-  {{- if .Values.persistence.enabled }}
-  volumeClaimTemplates:
-  - metadata:
-      name: pgdata
-      labels:
-{{ include "harbor.labels" . | indent 8 }}
-    spec:
-      accessModes: [{{ .Values.clair.volumes.pgData.accessMode | quote }}]
-      {{- if .Values.clair.volumes.pgData.storageClass }}
-      {{- if (eq "-" .Values.clair.volumes.pgData.storageClass) }}
-      storageClassName: ""
-      {{- else }}
-      storageClassName: "{{ .Values.clair.volumes.pgData.storageClass }}"
-      {{- end }}
-      {{- end }}
-      resources:
-        requests:
-          storage: {{ .Values.clair.volumes.pgData.size | quote }}
-  {{- end -}}
-{{- end -}}

contrib/helm/harbor/templates/clair/postgres-svc.yaml

@@ -1,14 +0,0 @@
-{{ if .Values.clair.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "harbor.fullname" . }}-clair-pg
-  labels:
-{{ include "harbor.labels" . | indent 4 }}
-spec:
-  ports:
-    - port: 5432
-  selector:
-{{ include "harbor.matchLabels" . | indent 4 }}
-    component: clair-pg
-{{ end }}

contrib/helm/harbor/values.yaml

@@ -243,20 +243,18 @@ registry:
   #    memory: 256Mi
   #    cpu: 100m
 
-## Clair support is not yet fully implemented in the Helm Charts
-## Enabling it will just break things.
-#
 clair:
   enabled: true
   image:
     repository: vmware/clair-photon
     tag: v2.0.1-v1.4.0
     pullPolicy: IfNotPresent
+## The following needs to match the credentials
+## in the `postgresql` configuration under the
+## `postgresql` namespace below.
   postgresPassword: not-a-secure-password
-  pgImage:
-    repository: postgres
-    tag: "9.6.4"
-    pullPolicy: IfNotPresent
+  postgresUser: clair
+  postgresDatabase: clair
 # resources:
 #  requests:
 #    memory: 256Mi
@@ -280,3 +278,13 @@ clair:
 #
 notary:
   enabled: false
+
+## Settings for postgresql dependency.
+## see https://github.com/kubernetes/charts/tree/master/stable/postgresql
+## for further configurables.
+postgresql:
+  postgresUser: clair
+  postgresPassword: not-a-secure-password
+  postgresDatabase: clair
+  persistence:
+    enabled: false