mirror of
https://github.com/goharbor/harbor.git
synced 2024-09-27 21:12:42 +02:00
add ip_family config in harbor.yml (#19934)
add ipFamily config in values.yaml Signed-off-by: yminer <yminer@vmware.com> update name update prepare and migration update comments Signed-off-by: yminer <yminer@vmware.com> remove print msg update migrate template update default value update migrating template
This commit is contained in:
parent
fb1e828547
commit
a3e1b1eb79
@ -17,6 +17,16 @@ https:
|
|||||||
certificate: /your/certificate/path
|
certificate: /your/certificate/path
|
||||||
private_key: /your/private/key/path
|
private_key: /your/private/key/path
|
||||||
|
|
||||||
|
# # Harbor will set ipv4 enabled only by defualt if this block is not configured
|
||||||
|
# # Otherwise, please uncomment this block to configure your own ip_family stacks
|
||||||
|
# ip_family:
|
||||||
|
# # ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
|
||||||
|
# ipv6:
|
||||||
|
# enabled: false
|
||||||
|
# # ipv4Enabled set to true by default, currently it affected the nginx related component
|
||||||
|
# ipv4:
|
||||||
|
# enabled: true
|
||||||
|
|
||||||
# # Uncomment following will enable tls communication between all harbor components
|
# # Uncomment following will enable tls communication between all harbor components
|
||||||
# internal_tls:
|
# internal_tls:
|
||||||
# # set enabled to true means internal tls is enabled
|
# # set enabled to true means internal tls is enabled
|
||||||
|
@ -33,6 +33,28 @@ https:
|
|||||||
# private_key: /your/private/key/path
|
# private_key: /your/private/key/path
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if ip_family is defined %}
|
||||||
|
# # Harbor will set ipv4 enabled only by defualt if this block is not configured
|
||||||
|
# # Otherwise, please uncomment this block to configure your own ip_family stacks
|
||||||
|
ip_family:
|
||||||
|
# ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
|
||||||
|
ipv6:
|
||||||
|
enabled: {{ ip_family.ipv6.enabled | lower }}
|
||||||
|
# ipv4Enabled set to true by default, currently it affected the nginx related component
|
||||||
|
ipv4:
|
||||||
|
enabled: {{ ip_family.ipv4.enabled | lower }}
|
||||||
|
{% else %}
|
||||||
|
# # Harbor will set ipv4 enabled only by defualt if this block is not configured
|
||||||
|
# # Otherwise, please uncomment this block to configure your own ip_family stacks
|
||||||
|
ip_family:
|
||||||
|
# ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
|
||||||
|
ipv6:
|
||||||
|
enabled: false
|
||||||
|
# ipv4Enabled set to true by default, currently it affected the nginx related component
|
||||||
|
ipv4:
|
||||||
|
enabled: true
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if internal_tls is defined %}
|
{% if internal_tls is defined %}
|
||||||
# Uncomment following will enable tls communication between all harbor components
|
# Uncomment following will enable tls communication between all harbor components
|
||||||
internal_tls:
|
internal_tls:
|
||||||
|
@ -33,6 +33,28 @@ https:
|
|||||||
# private_key: /your/private/key/path
|
# private_key: /your/private/key/path
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if ip_family is defined %}
|
||||||
|
# # Harbor will set ipv4 enabled only by defualt if this block is not configured
|
||||||
|
# # Otherwise, please uncomment this block to configure your own ip_family stacks
|
||||||
|
ip_family:
|
||||||
|
# ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
|
||||||
|
ipv6:
|
||||||
|
enabled: {{ ip_family.ipv6.enabled | lower }}
|
||||||
|
# ipv4Enabled set to true by default, currently it affected the nginx related component
|
||||||
|
ipv4:
|
||||||
|
enabled: {{ ip_family.ipv4.enabled | lower }}
|
||||||
|
{% else %}
|
||||||
|
# # Harbor will set ipv4 enabled only by defualt if this block is not configured
|
||||||
|
# # Otherwise, please uncomment this block to configure your own ip_family stacks
|
||||||
|
ip_family:
|
||||||
|
# ipv6Enabled set to true if ipv6 is enabled in docker network, currently it affected the nginx related component
|
||||||
|
ipv6:
|
||||||
|
enabled: false
|
||||||
|
# ipv4Enabled set to true by default, currently it affected the nginx related component
|
||||||
|
ipv4:
|
||||||
|
enabled: true
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if internal_tls is defined %}
|
{% if internal_tls is defined %}
|
||||||
# Uncomment following will enable tls communication between all harbor components
|
# Uncomment following will enable tls communication between all harbor components
|
||||||
internal_tls:
|
internal_tls:
|
||||||
|
@ -50,8 +50,12 @@ http {
|
|||||||
include /etc/nginx/conf.d/*.server.conf;
|
include /etc/nginx/conf.d/*.server.conf;
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
{% if ip_family.ipv4.enabled %}
|
||||||
listen 8443 ssl;
|
listen 8443 ssl;
|
||||||
|
{% endif %}
|
||||||
|
{% if ip_family.ipv6.enabled %}
|
||||||
listen [::]:8443 ssl;
|
listen [::]:8443 ssl;
|
||||||
|
{% endif %}
|
||||||
# server_name harbordomain.com;
|
# server_name harbordomain.com;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
# SSL
|
# SSL
|
||||||
|
@ -16,8 +16,13 @@ http {
|
|||||||
|
|
||||||
server {
|
server {
|
||||||
{% if internal_tls.enabled %}
|
{% if internal_tls.enabled %}
|
||||||
|
#ip_family
|
||||||
|
{% if ip_family.ipv4.enabled %}
|
||||||
listen 8443 ssl;
|
listen 8443 ssl;
|
||||||
|
{% endif %}
|
||||||
|
{% if ip_family.ipv6.enabled %}
|
||||||
listen [::]:8443 ssl;
|
listen [::]:8443 ssl;
|
||||||
|
{% endif %}
|
||||||
# SSL
|
# SSL
|
||||||
ssl_certificate /etc/harbor/tls/portal.crt;
|
ssl_certificate /etc/harbor/tls/portal.crt;
|
||||||
ssl_certificate_key /etc/harbor/tls/portal.key;
|
ssl_certificate_key /etc/harbor/tls/portal.key;
|
||||||
|
@ -299,6 +299,9 @@ def parse_yaml_config(config_file_path, with_trivy):
|
|||||||
else:
|
else:
|
||||||
config_dict['internal_tls'] = InternalTLS()
|
config_dict['internal_tls'] = InternalTLS()
|
||||||
|
|
||||||
|
# ip_family config
|
||||||
|
config_dict['ip_family'] = configs.get('ip_family') or {'ipv4': {'enabled': True}, 'ipv6': {'enabled': False}}
|
||||||
|
|
||||||
# metric configs
|
# metric configs
|
||||||
metric_config = configs.get('metric')
|
metric_config = configs.get('metric')
|
||||||
if metric_config:
|
if metric_config:
|
||||||
|
@ -63,7 +63,8 @@ def render_nginx_template(config_dict):
|
|||||||
ssl_cert=SSL_CERT_PATH,
|
ssl_cert=SSL_CERT_PATH,
|
||||||
ssl_cert_key=SSL_CERT_KEY_PATH,
|
ssl_cert_key=SSL_CERT_KEY_PATH,
|
||||||
internal_tls=config_dict['internal_tls'],
|
internal_tls=config_dict['internal_tls'],
|
||||||
metric=config_dict['metric'])
|
metric=config_dict['metric'],
|
||||||
|
ip_family=config_dict['ip_family'])
|
||||||
location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTPS
|
location_file_pattern = CUSTOM_NGINX_LOCATION_FILE_PATTERN_HTTPS
|
||||||
|
|
||||||
else:
|
else:
|
||||||
|
@ -14,5 +14,6 @@ def prepare_portal(config_dict):
|
|||||||
str(portal_conf_template_path),
|
str(portal_conf_template_path),
|
||||||
portal_conf,
|
portal_conf,
|
||||||
internal_tls=config_dict['internal_tls'],
|
internal_tls=config_dict['internal_tls'],
|
||||||
|
ip_family=config_dict['ip_family'],
|
||||||
uid=DEFAULT_UID,
|
uid=DEFAULT_UID,
|
||||||
gid=DEFAULT_GID)
|
gid=DEFAULT_GID)
|
||||||
|
Loading…
Reference in New Issue
Block a user