add ip_family config in harbor.yml (#19934)

add ipFamily config in values.yaml

Signed-off-by: yminer <yminer@vmware.com>

update name

update prepare and migration

update comments

Signed-off-by: yminer <yminer@vmware.com>

remove print msg

update migrate template

update default value

update migrating template

make/harbor.yml.tmpl

@@ -17,6 +17,16 @@ https:
   certificate: /your/certificate/path
   private_key: /your/private/key/path
 
+# # Harbor will set ipv4 enabled only by defualt if this block is not configured
+# # Otherwise, please uncomment this block to configure your own ip_family stacks
+# ip_family:
+#   # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
+#   ipv6:
+#     enabled: false
+#   # ipv4Enabled set to true by default, currently it affected the nginx related component
+#   ipv4:
+#     enabled: true
+
 # # Uncomment following will enable tls communication between all harbor components
 # internal_tls:
 #   # set enabled to true means internal tls is enabled

make/photon/prepare/migrations/version_2_10_0/harbor.yml.jinja

@@ -33,6 +33,28 @@ https:
 #   private_key: /your/private/key/path
 {% endif %}
 
+{% if ip_family is defined %}
+# # Harbor will set ipv4 enabled only by defualt if this block is not configured
+# # Otherwise, please uncomment this block to configure your own ip_family stacks
+ip_family:
+  # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
+  ipv6:
+    enabled: {{ ip_family.ipv6.enabled | lower }}
+  # ipv4Enabled set to true by default, currently it affected the nginx related component
+  ipv4:
+    enabled: {{ ip_family.ipv4.enabled | lower }}
+{% else %}
+# # Harbor will set ipv4 enabled only by defualt if this block is not configured
+# # Otherwise, please uncomment this block to configure your own ip_family stacks
+ip_family:
+  # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
+  ipv6:
+    enabled: false
+  # ipv4Enabled set to true by default, currently it affected the nginx related component
+  ipv4:
+    enabled: true
+{% endif %}
+
 {% if internal_tls is defined %}
 # Uncomment following will enable tls communication between all harbor components
 internal_tls:

make/photon/prepare/migrations/version_2_9_0/harbor.yml.jinja

@@ -33,6 +33,28 @@ https:
 #   private_key: /your/private/key/path
 {% endif %}
 
+{% if ip_family is defined %}
+# # Harbor will set ipv4 enabled only by defualt if this block is not configured
+# # Otherwise, please uncomment this block to configure your own ip_family stacks
+ip_family:
+  # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
+  ipv6:
+    enabled: {{ ip_family.ipv6.enabled | lower }}
+  # ipv4Enabled set to true by default, currently it affected the nginx related component
+  ipv4:
+    enabled: {{ ip_family.ipv4.enabled | lower }}
+{% else %}
+# # Harbor will set ipv4 enabled only by defualt if this block is not configured
+# # Otherwise, please uncomment this block to configure your own ip_family stacks
+ip_family:
+  # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
+  ipv6:
+    enabled: false
+  # ipv4Enabled set to true by default, currently it affected the nginx related component
+  ipv4:
+    enabled: true
+{% endif %}
+
 {% if internal_tls is defined %}
 # Uncomment following will enable tls communication between all harbor components
 internal_tls:

make/photon/prepare/templates/nginx/nginx.https.conf.jinja

@@ -50,8 +50,12 @@ http {
   include /etc/nginx/conf.d/*.server.conf;
 
   server {
+    {% if ip_family.ipv4.enabled %}
     listen 8443 ssl;
+    {% endif %}
+    {% if ip_family.ipv6.enabled %}
     listen [::]:8443 ssl;
+    {% endif %}
 #    server_name harbordomain.com;
     server_tokens off;
     # SSL

make/photon/prepare/templates/portal/nginx.conf.jinja

@@ -16,8 +16,13 @@ http {
 
     server {
 {% if internal_tls.enabled %}
+        #ip_family
+    {% if ip_family.ipv4.enabled %}
         listen 8443 ssl;
+    {% endif %}
+    {% if ip_family.ipv6.enabled %}
         listen [::]:8443 ssl;
+    {% endif %}
         # SSL
         ssl_certificate /etc/harbor/tls/portal.crt;
         ssl_certificate_key /etc/harbor/tls/portal.key;

make/photon/prepare/utils/configs.py

@@ -298,6 +298,9 @@ def parse_yaml_config(config_file_path, with_trivy):
             external_database=config_dict['external_database'])
     else:
         config_dict['internal_tls'] = InternalTLS()
+    
+    # ip_family config
+    config_dict['ip_family'] = configs.get('ip_family') or {'ipv4': {'enabled': True}, 'ipv6': {'enabled': False}}
 
     # metric configs
     metric_config = configs.get('metric')

make/photon/prepare/utils/nginx.py

@@ -63,7 +63,8 @@ def render_nginx_template(config_dict):
             ssl_cert=SSL_CERT_PATH,
             ssl_cert_key=SSL_CERT_KEY_PATH,
             internal_tls=config_dict['internal_tls'],
-            metric=config_dict['metric'])
+            metric=config_dict['metric'],
+            ip_family=config_dict['ip_family'])
         location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTPS
 
     else:

make/photon/prepare/utils/portal.py

@@ -14,5 +14,6 @@ def prepare_portal(config_dict):
         str(portal_conf_template_path),
         portal_conf,
         internal_tls=config_dict['internal_tls'],
+        ip_family=config_dict['ip_family'],
         uid=DEFAULT_UID,
         gid=DEFAULT_GID)