mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-26 17:41:25 +01:00
use docker-compose to deploy clair with harbor
This commit is contained in:
parent
eb39fbf814
commit
83b9196925
23
make/common/templates/clair/config.yaml
Normal file
23
make/common/templates/clair/config.yaml
Normal file
@ -0,0 +1,23 @@
|
||||
clair:
|
||||
database:
|
||||
type: pgsql
|
||||
options:
|
||||
source: postgresql://postgres:$password@postgres:5432?sslmode=disable
|
||||
|
||||
# Number of elements kept in the cache
|
||||
# Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
|
||||
cachesize: 16384
|
||||
|
||||
api:
|
||||
# API server port
|
||||
port: 6060
|
||||
healthport: 6061
|
||||
|
||||
# Deadline before an API request will respond with a 503
|
||||
timeout: 300s
|
||||
updater:
|
||||
interval: 0h
|
||||
|
||||
notifier:
|
||||
attempts: 3
|
||||
renotifyinterval: 2h
|
1
make/common/templates/clair/postgres_env
Normal file
1
make/common/templates/clair/postgres_env
Normal file
@ -0,0 +1 @@
|
||||
POSTGRES_PASSWORD=$password
|
48
make/docker-compose.clair.yml
Normal file
48
make/docker-compose.clair.yml
Normal file
@ -0,0 +1,48 @@
|
||||
version: '2'
|
||||
services:
|
||||
ui:
|
||||
networks:
|
||||
harbor-clair:
|
||||
aliases:
|
||||
- harbor-ui
|
||||
jobservice:
|
||||
networks:
|
||||
- harbor-clair
|
||||
postgres:
|
||||
networks:
|
||||
harbor-clair:
|
||||
aliases:
|
||||
- postgres
|
||||
container_name: clair-db
|
||||
image: postgres:latest
|
||||
restart: always
|
||||
depends_on:
|
||||
- log
|
||||
env_file:
|
||||
./common/config/clair/postgres_env
|
||||
volumes:
|
||||
- /data/clair-db:/var/lib/postgresql/data
|
||||
logging:
|
||||
driver: "syslog"
|
||||
options:
|
||||
syslog-address: "tcp://127.0.0.1:1514"
|
||||
tag: "clair-db"
|
||||
clair:
|
||||
networks:
|
||||
- harbor-clair
|
||||
container_name: clair
|
||||
image: quay.io/coreos/clair:v2.0.0-rc.0
|
||||
restart: always
|
||||
depends_on:
|
||||
- postgres
|
||||
volumes:
|
||||
- ./common/config/clair:/config
|
||||
command: [-config, /config/config.yaml]
|
||||
logging:
|
||||
driver: "syslog"
|
||||
options:
|
||||
syslog-address: "tcp://127.0.0.1:1514"
|
||||
tag: "clair"
|
||||
networks:
|
||||
harbor-clair:
|
||||
external: false
|
14
make/prepare
14
make/prepare
@ -95,6 +95,7 @@ def delfile(src):
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('--conf', dest='cfgfile', default=base_dir+'/harbor.cfg',type=str,help="the path of Harbor configuration file")
|
||||
parser.add_argument('--with-notary', dest='notary_mode', default=False, action='store_true', help="the Harbor instance is to be deployed with notary")
|
||||
parser.add_argument('--with-clair', dest='clair_mode', default=False, action='store_true', help="the Harbor instance is to be deployed with clair")
|
||||
args = parser.parse_args()
|
||||
|
||||
delfile(config_dir)
|
||||
@ -223,7 +224,8 @@ render(os.path.join(templates_dir, "adminserver", "env"),
|
||||
jobservice_secret=jobservice_secret,
|
||||
token_expiration=token_expiration,
|
||||
admiral_url=admiral_url,
|
||||
with_notary=args.notary_mode
|
||||
with_notary=args.notary_mode,
|
||||
scanner=args.clair_mode and "clair" or "none"
|
||||
)
|
||||
|
||||
render(os.path.join(templates_dir, "ui", "env"),
|
||||
@ -364,10 +366,18 @@ if args.notary_mode:
|
||||
ssl_cert = os.path.join("/etc/nginx/cert", os.path.basename(target_cert_path)),
|
||||
ssl_cert_key = os.path.join("/etc/nginx/cert", os.path.basename(target_cert_key_path)))
|
||||
|
||||
|
||||
default_alias = get_alias(secretkey_path)
|
||||
render(os.path.join(notary_temp_dir, "signer_env"), os.path.join(notary_config_dir, "signer_env"), alias = default_alias)
|
||||
|
||||
if args.clair_mode:
|
||||
pg_password = "password"
|
||||
clair_temp_dir = os.path.join(templates_dir, "clair")
|
||||
clair_config_dir = prep_conf_dir(config_dir, "clair")
|
||||
postgres_env = os.path.join(clair_config_dir, "postgres_env")
|
||||
render(os.path.join(clair_temp_dir, "postgres_env"), postgres_env, password = pg_password)
|
||||
clair_conf = os.path.join(clair_config_dir, "config.yaml")
|
||||
render(os.path.join(clair_temp_dir, "config.yaml"), clair_conf, password = pg_password)
|
||||
|
||||
FNULL.close()
|
||||
print("The configuration files are ready, please use docker-compose to start the service.")
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user