diff --git a/make/harbor.yml b/make/harbor.yml index 5876158b1..4589c352b 100644 --- a/make/harbor.yml +++ b/make/harbor.yml @@ -157,7 +157,8 @@ _version: 1.10.0 proxy: http_proxy: https_proxy: - no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server,clair-adapter + # no_proxy endpoints will appended to 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server + no_proxy: components: - core - jobservice diff --git a/make/photon/prepare/g.py b/make/photon/prepare/g.py index 14ec20975..616233392 100644 --- a/make/photon/prepare/g.py +++ b/make/photon/prepare/g.py @@ -32,4 +32,26 @@ input_config_path = '/input/harbor.yml' versions_file_path = Path('/usr/src/app/versions') cert_dir = os.path.join(config_dir, "nginx", "cert") -core_cert_dir = os.path.join(config_dir, "core", "certificates") \ No newline at end of file +core_cert_dir = os.path.join(config_dir, "core", "certificates") + +INTERNAL_NO_PROXY_DN = { + '127.0.0.1', + 'localhost', + '.local', + '.internal', + 'log', + 'db', + 'redis', + 'nginx', + 'core', + 'portal', + 'postgresql', + 'jobservice', + 'registry', + 'registryctl', + 'clair', + 'chartmuseum', + 'notary-server', + 'notary-signer', + 'clair-adapter' + } \ No newline at end of file diff --git a/make/photon/prepare/utils/configs.py b/make/photon/prepare/utils/configs.py index 639f6080d..47b476267 100644 --- a/make/photon/prepare/utils/configs.py +++ b/make/photon/prepare/utils/configs.py @@ -1,7 +1,7 @@ import os import yaml import logging -from g import versions_file_path, host_root_dir, DEFAULT_UID +from g import versions_file_path, host_root_dir, DEFAULT_UID, INTERNAL_NO_PROXY_DN from utils.misc import generate_random_string, owner_can_read, other_can_read default_db_max_idle_conns = 2 # NOTE: https://golang.org/pkg/database/sql/#DB.SetMaxIdleConns @@ -218,10 +218,15 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_chartmuseu # Global proxy configs proxy_config = configs.get('proxy') or {} proxy_components = proxy_config.get('components') or [] + no_proxy_config = proxy_config.get('no_proxy') + all_no_proxy = INTERNAL_NO_PROXY_DN + if no_proxy_config: + all_no_proxy |= set(no_proxy_config.split(',')) + for proxy_component in proxy_components: config_dict[proxy_component + '_http_proxy'] = proxy_config.get('http_proxy') or '' config_dict[proxy_component + '_https_proxy'] = proxy_config.get('https_proxy') or '' - config_dict[proxy_component + '_no_proxy'] = proxy_config.get('no_proxy') or '127.0.0.1,localhost,core,registry' + config_dict[proxy_component + '_no_proxy'] = ','.join(all_no_proxy) # Clair configs, optional clair_configs = configs.get("clair") or {} diff --git a/tools/migration/cfg/migrator_1_10_0/harbor.yml.jinja b/tools/migration/cfg/migrator_1_10_0/harbor.yml.jinja index 5b0c65109..7d035e098 100644 --- a/tools/migration/cfg/migrator_1_10_0/harbor.yml.jinja +++ b/tools/migration/cfg/migrator_1_10_0/harbor.yml.jinja @@ -334,7 +334,7 @@ proxy: proxy: http_proxy: https_proxy: - no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair + no_proxy: components: - core - jobservice diff --git a/tools/migration/cfg/migrator_1_9_0/harbor.yml.jinja b/tools/migration/cfg/migrator_1_9_0/harbor.yml.jinja index 9a9cf0f29..24db77466 100644 --- a/tools/migration/cfg/migrator_1_9_0/harbor.yml.jinja +++ b/tools/migration/cfg/migrator_1_9_0/harbor.yml.jinja @@ -262,7 +262,7 @@ proxy: proxy: http_proxy: https_proxy: - no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair + no_proxy: components: - core - jobservice