mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-25 03:35:21 +01:00
Fix issues related with chart storage
- inject custom CA bundle into chart repo - update prepare script to inject credentials Signed-off-by: Steven Zou <szou@vmware.com>
This commit is contained in:
parent
141f6056e7
commit
43ecf62c25
@ -20,6 +20,7 @@ services:
|
||||
- redis
|
||||
volumes:
|
||||
- /data/chart_storage:/chart_storage:z
|
||||
- ./common/config/chartserver:/etc/chartserver:z
|
||||
logging:
|
||||
driver: "syslog"
|
||||
options:
|
||||
|
@ -186,14 +186,16 @@ uaa_verify_cert = true
|
||||
uaa_ca_cert = /path/to/ca.pem
|
||||
|
||||
|
||||
### Docker Registry setting ###
|
||||
### Harbor Storage settings ###
|
||||
#Please be aware that the following storage settings will be applied to both docker registry and helm chart repository.
|
||||
#registry_storage_provider can be: filesystem, s3, gcs, azure, etc.
|
||||
registry_storage_provider_name = filesystem
|
||||
#registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2".
|
||||
#To avoid duplicated configurations, both docker registry and chart repository follow the same storage configuration specifications of docker registry.
|
||||
#Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration.
|
||||
registry_storage_provider_config =
|
||||
#registry_custom_ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
|
||||
#of registry's container. This is usually needed when the user hosts a internal storage with self signed certificate.
|
||||
#of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
|
||||
registry_custom_ca_bundle =
|
||||
|
||||
#If reload_config=true, all settings which present in harbor.cfg take effect after prepare and restart harbor, it overwrites exsiting settings.
|
||||
|
@ -7,6 +7,22 @@ if [ -d /chart_storage ]; then
|
||||
chown 10000:10000 -R /chart_storage
|
||||
fi
|
||||
|
||||
# Start the server process
|
||||
#Config the custom ca bundle
|
||||
if [ -f /etc/chartserver/custom-ca-bundle.crt ]; then
|
||||
if grep -q "Photon" /etc/lsb-release; then
|
||||
if [ ! -f /etc/pki/tls/certs/ca-bundle.crt.original ]; then
|
||||
cp /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.original
|
||||
fi
|
||||
|
||||
echo "Appending custom ca bundle ..."
|
||||
cp /etc/pki/tls/certs/ca-bundle.crt.original /etc/pki/tls/certs/ca-bundle.crt
|
||||
cat /etc/chartserver/custom-ca-bundle.crt >> /etc/pki/tls/certs/ca-bundle.crt
|
||||
echo "Done."
|
||||
else
|
||||
echo "Current OS is not Photon, skip appending ca bundle"
|
||||
fi
|
||||
fi
|
||||
|
||||
#Start the server process
|
||||
sudo -E -H -u \#10000 sh -c "/chartserver/chartm" #Parameters are set by ENV
|
||||
set +e
|
||||
|
32
make/prepare
32
make/prepare
@ -479,6 +479,14 @@ if storage_provider_name == "filesystem":
|
||||
# generate storage configuration section in yaml format
|
||||
storage_provider_conf_list = [storage_provider_name + ':']
|
||||
for c in storage_provider_config.split(","):
|
||||
kvs = c.split(": ")
|
||||
if len(kvs) == 2:
|
||||
if kvs[0].strip() == "keyfile":
|
||||
srcKeyFile = kvs[1].strip()
|
||||
if os.path.isfile(srcKeyFile):
|
||||
shutil.copyfile(srcKeyFile, os.path.join(registry_config_dir, "gcs.key"))
|
||||
storage_provider_conf_list.append("keyfile: %s" % "/etc/registry/gcs.key")
|
||||
continue
|
||||
storage_provider_conf_list.append(c.strip())
|
||||
storage_provider_info = ('\n' + ' ' * 4).join(storage_provider_conf_list)
|
||||
render(os.path.join(templates_dir, "registry", registry_config_file),
|
||||
@ -695,6 +703,11 @@ if args.chart_mode:
|
||||
print ("Create config folder: %s" % chartm_config_dir)
|
||||
os.makedirs(chartm_config_dir)
|
||||
|
||||
# handle custom ca bundle
|
||||
if len(registry_custom_ca_bundle_path) > 0 and os.path.isfile(registry_custom_ca_bundle_path):
|
||||
shutil.copyfile(registry_custom_ca_bundle_path, os.path.join(chartm_config_dir, "custom-ca-bundle.crt"))
|
||||
print("Copied custom ca bundle: %s" % os.path.join(chartm_config_dir, "custom-ca-bundle.crt"))
|
||||
|
||||
# process redis info
|
||||
cache_store = "redis"
|
||||
cache_redis_password = redis_password
|
||||
@ -726,15 +739,25 @@ if args.chart_mode:
|
||||
storage_provider_config_options.append("STORAGE_AMAZON_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
|
||||
storage_provider_config_options.append("STORAGE_AMAZON_REGION=%s" % storgae_provider_confg_map.get("region", ""))
|
||||
storage_provider_config_options.append("STORAGE_AMAZON_ENDPOINT=%s" % storgae_provider_confg_map.get("regionendpoint", ""))
|
||||
storage_provider_config_options.append("AWS_ACCESS_KEY_ID=%s" % storgae_provider_confg_map.get("accesskey", ""))
|
||||
storage_provider_config_options.append("AWS_SECRET_ACCESS_KEY=%s" % storgae_provider_confg_map.get("secretkey", ""))
|
||||
elif storage_provider_name == "gcs":
|
||||
# google cloud storage
|
||||
storage_driver = "google"
|
||||
storage_provider_config_options.append("STORAGE_GOOGLE_BUCKET=%s" % storgae_provider_confg_map.get("bucket", ""))
|
||||
storage_provider_config_options.append("STORAGE_GOOGLE_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
|
||||
|
||||
keyFileOnHost = storgae_provider_confg_map.get("keyfile", "")
|
||||
if os.path.isfile(keyFileOnHost):
|
||||
shutil.copyfile(keyFileOnHost, os.path.join(chartm_config_dir, "gcs.key"))
|
||||
targetKeyFile = "/etc/chartserver/gcs.key"
|
||||
storage_provider_config_options.append("GOOGLE_APPLICATION_CREDENTIALS=%s" % targetKeyFile)
|
||||
elif storage_provider_name == "azure":
|
||||
# azure storage
|
||||
storage_driver = "microsoft"
|
||||
storage_provider_config_options.append("STORAGE_MICROSOFT_CONTAINER=%s" % storgae_provider_confg_map.get("container", ""))
|
||||
storage_provider_config_options.append("AZURE_STORAGE_ACCOUNT=%s" % storgae_provider_confg_map.get("accountname", ""))
|
||||
storage_provider_config_options.append("AZURE_STORAGE_ACCESS_KEY=%s" % storgae_provider_confg_map.get("accountkey", ""))
|
||||
storage_provider_config_options.append("STORAGE_MICROSOFT_PREFIX=/azure/harbor/charts")
|
||||
elif storage_provider_name == "swift":
|
||||
# open stack swift
|
||||
@ -742,12 +765,21 @@ if args.chart_mode:
|
||||
storage_provider_config_options.append("STORAGE_OPENSTACK_CONTAINER=%s" % storgae_provider_confg_map.get("container", ""))
|
||||
storage_provider_config_options.append("STORAGE_OPENSTACK_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
|
||||
storage_provider_config_options.append("STORAGE_OPENSTACK_REGION=%s" % storgae_provider_confg_map.get("region", ""))
|
||||
storage_provider_config_options.append("OS_AUTH_URL=%s" % storgae_provider_confg_map.get("authurl", ""))
|
||||
storage_provider_config_options.append("OS_USERNAME=%s" % storgae_provider_confg_map.get("username", ""))
|
||||
storage_provider_config_options.append("OS_PASSWORD=%s" % storgae_provider_confg_map.get("password", ""))
|
||||
storage_provider_config_options.append("OS_PROJECT_ID=%s" % storgae_provider_confg_map.get("tenantid", ""))
|
||||
storage_provider_config_options.append("OS_PROJECT_NAME=%s" % storgae_provider_confg_map.get("tenant", ""))
|
||||
storage_provider_config_options.append("OS_DOMAIN_ID=%s" % storgae_provider_confg_map.get("domainid", ""))
|
||||
storage_provider_config_options.append("OS_DOMAIN_NAME=%s" % storgae_provider_confg_map.get("domain", ""))
|
||||
elif storage_provider_name == "oss":
|
||||
# aliyun OSS
|
||||
storage_driver = "alibaba"
|
||||
storage_provider_config_options.append("STORAGE_ALIBABA_BUCKET=%s" % storgae_provider_confg_map.get("bucket", ""))
|
||||
storage_provider_config_options.append("STORAGE_ALIBABA_PREFIX=%s" % storgae_provider_confg_map.get("rootdirectory", ""))
|
||||
storage_provider_config_options.append("STORAGE_ALIBABA_ENDPOINT=%s" % storgae_provider_confg_map.get("endpoint", ""))
|
||||
storage_provider_config_options.append("ALIBABA_CLOUD_ACCESS_KEY_ID=%s" % storgae_provider_confg_map.get("accesskeyid", ""))
|
||||
storage_provider_config_options.append("ALIBABA_CLOUD_ACCESS_KEY_SECRET=%s" % storgae_provider_confg_map.get("accesskeysecret", ""))
|
||||
else:
|
||||
# use local file system
|
||||
storage_provider_config_options.append("STORAGE_LOCAL_ROOTDIR=/chart_storage")
|
||||
|
Loading…
Reference in New Issue
Block a user