add k8s yamls and dockerfiles.

k8s/dockerfiles/config/db/env

@@ -0,0 +1 @@
+MYSQL_ROOT_PASSWORD=root123

k8s/dockerfiles/config/nginx/nginx.conf

@@ -0,0 +1,66 @@
+worker_processes auto;
+
+events {
+  worker_connections 1024;
+  use epoll;
+  multi_accept on;
+}
+
+http {
+  tcp_nodelay on;
+
+  # this is necessary for us to be able to disable request buffering in all cases
+  proxy_http_version 1.1;
+
+
+  upstream registry {
+    server registry:5000;
+  }
+
+  upstream ui {
+    server ui:80;
+  }
+
+
+  server {
+    listen 80;
+
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+
+    location / {
+      proxy_pass http://ui/;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }
+
+    location /v1/ {
+      return 404;
+    }
+
+    location /v2/ {
+      proxy_pass http://registry/v2/;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+
+    }
+
+    location /service/ {
+      proxy_pass http://ui/service/;
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }
+  }
+}

k8s/dockerfiles/config/nginx/nginx.https.conf

@@ -0,0 +1,85 @@
+worker_processes auto;
+
+events {
+  worker_connections 1024;
+  use epoll;
+  multi_accept on;
+}
+
+http {
+  tcp_nodelay on;
+
+  # this is necessary for us to be able to disable request buffering in all cases
+  proxy_http_version 1.1;
+
+
+  upstream registry {
+    server registry:5000;
+  }
+
+  upstream ui {
+    server ui:80;
+  }
+
+
+  server {
+    listen 443 ssl;
+    server_name harbordomain.com;
+
+    # SSL
+    ssl_certificate /etc/nginx/cert/harbordomain.crt;
+    ssl_certificate_key /etc/nginx/cert/harbordomain.key;
+  
+    # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+    ssl_protocols TLSv1.1 TLSv1.2;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
+  
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+  
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+    chunked_transfer_encoding on;
+
+    location / {
+      proxy_pass http://ui/;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }
+
+    location /v1/ {
+      return 404;
+    }
+
+    location /v2/ {
+      proxy_pass http://registry/v2/;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+
+    }
+
+    location /service/ {
+      proxy_pass http://ui/service/;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_buffering off;
+      proxy_request_buffering off;
+    }
+  }
+    server {
+      listen 80;
+      server_name harbordomain.com;
+      rewrite ^/(.*) https://$server_name$1 permanent;
+  } 
+}

k8s/dockerfiles/config/registry/config.yml

@@ -0,0 +1,33 @@
+version: 0.1
+log:
+  level: debug
+  fields:
+    service: registry
+storage:
+    cache:
+        layerinfo: inmemory
+    filesystem:
+        rootdirectory: /storage
+    maintenance:
+        uploadpurging:
+            enabled: false
+http:
+    addr: :5000
+    secret: placeholder
+    debug:
+        addr: localhost:5001
+auth:
+  token:
+    issuer: registry-token-issuer
+    realm: http://localhost/service/token
+    rootcertbundle: /etc/registry/root.crt
+    service: token-service
+
+notifications:
+  endpoints:
+      - name: harbor
+        disabled: false
+        url: http://localhost/service/notifications
+        timeout: 500
+        threshold: 5
+        backoff: 1000

k8s/dockerfiles/config/registry/root.crt

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAcGgAwIBAgIJAN1nLuloDeHNMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTYwMTI3MDQyMDM1WhcNNDMwNjE0MDQyMDM1WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQClak/4HO7EeLU0w/BhtVENPLOqU0AP2QjVUdg1qhNiDWVrbWx9KYHqz5Kn0n2+
+fxdZo3o7ZY5/2+hhgkKh1z6Kge9XGgune6z4fx2J/X2Se8WsGeQUTiND8ngSnsCA
+NtYFwW50SbUZPtyf5XjAfKRofZem51OxbxzN3217L/ubKwIDAQABo1AwTjAdBgNV
+HQ4EFgQU5EG2VrB3I6G/TudUpz+kBgQXSvYwHwYDVR0jBBgwFoAU5EG2VrB3I6G/
+TudUpz+kBgQXSvYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAx+2eo
+oOm0YNy9KQ81+7GQkKVWoPQXjAGGgZuZj8WCFepYqUSJ4q5qbuVCY8WbGcHVk2Rx
+Jg1XDCmMjBgYP6S0ikezBRqSmNA3G6oFiydTKBfPs6RNalsB0C78Xk5l5+PIyd2R
+jFKOKoMpkjwfeJv2j64WNGoBgqj7XRBoJ11a4g==
+-----END CERTIFICATE-----

k8s/dockerfiles/config/ui/app.conf

@@ -0,0 +1,16 @@
+appname = registry
+runmode = dev
+
+[lang]
+types = en-US|zh-CN
+names = en-US|zh-CN
+
+[dev]
+httpport = 80
+
+[mail]
+host = smtp.mydomain.com
+port = 25
+username = sample_admin@mydomain.com
+password = abc
+from = admin <sample_admin@mydomain.com>

k8s/dockerfiles/config/ui/env

@@ -0,0 +1,11 @@
+MYSQL_HOST=mysql
+MYSQL_USR=root
+REGISTRY_URL=http://registry:5000
+CONFIG_PATH=/etc/ui/app.conf
+HARBOR_REG_URL=localhost
+HARBOR_ADMIN_PASSWORD=Harbor12345
+HARBOR_URL=http://localhost
+AUTH_MODE=db_auth
+LDAP_URL=ldaps://ldap.mydomain.com
+LDAP_BASE_DN=uid=%s,ou=people,dc=mydomain,dc=com
+LOG_LEVEL=debug

k8s/dockerfiles/config/ui/private_key.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQClak/4HO7EeLU0w/BhtVENPLOqU0AP2QjVUdg1qhNiDWVrbWx9
+KYHqz5Kn0n2+fxdZo3o7ZY5/2+hhgkKh1z6Kge9XGgune6z4fx2J/X2Se8WsGeQU
+TiND8ngSnsCANtYFwW50SbUZPtyf5XjAfKRofZem51OxbxzN3217L/ubKwIDAQAB
+AoGBAITMMuNYJwAogCGaZHOs4yMjZoIJT9bpQMQxbsi2f9UqOA/ky0I4foqKloyQ
+2k6DLbXTHqBsydgwLgGKWAAiE5xIR2bPMUNSLgjbA2eLly3aOR/0FJ5n09k2EmGg
+Am7tLP+6yneXWKVi3HI3NzXriVjWK94WHGGC1b9F+n5CY/2RAkEA1d62OJUNve2k
+IY6/b6T0BdssFo3VFcm22vnayEL/wcYrnRfF9Pb5wM4HUUqwVelKTouivXg60GNK
+ZKYAx5CtHwJBAMYAEf5u0CQ/8URcwBuMkm0LzK4AM2x1nGs7gIxAEFhu1Z4xPjVe
+MtIxuHhDhlLvD760uccmo5yE72QJ1ZrYBHUCQQCAxLZMPRpoB4QyHEOREe1G9V6H
+OeBZXPk2wQcEWqqo3gt2a1DqHCXl+2aWgHTJVUxDHHngwFoRDCdHkFeZ0LcbAkAj
+T8/luI2WaXD16DS6tQ9IM1qFjbOeHDuRRENgv+wqWVnvpIibq/kUU5m6mRBTqh78
+u+6F/fYf6/VluftGalAhAkAukdMtt+sksq2e7Qw2dRr5GXtXjt+Otjj0NaJENmWk
+a7SgAs34EOWtbd0XGYpZFrg134MzQGbweFeEUTj++e8p
+-----END RSA PRIVATE KEY-----

k8s/dockerfiles/proxy-dockerfile

@@ -0,0 +1,5 @@
+FROM library/nginx:1.9
+
+ADD ./config/nginx /etc/nginx
+
+

k8s/dockerfiles/registry-dockerfile

@@ -0,0 +1,6 @@
+FROM library/registry:2.3.0
+
+ADD ./config/registry/ /etc/registry/
+
+CMD ["/etc/registry/config.yml"]
+

k8s/dockerfiles/ui-dockerfile

@@ -0,0 +1,7 @@
+FROM index.caicloud.io/caicloud/harbor_deploy_ui:org
+
+ADD ./config/ui/app.conf /etc/ui/app.conf
+ADD ./config/ui/private_key.pem /etc/ui/private_key.pem
+
+
+

k8s/mysql-rc.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: mysql
+  labels:
+    name: mysql
+spec:
+  replicas: 1
+  selector:
+    name: mysql
+  template:
+    metadata:
+      labels:
+        name: mysql
+    spec:
+      containers:
+      - name: mysql
+        image: index.caicloud.io/caicloud/harbor_deploy_mysql:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 3306
+        env:
+          - name: MYSQL_ROOT_PASSWORD
+            value: root123
+        volumeMounts:
+        - name: mysql-storage
+          mountPath: /var/lib/mysql
+      volumes:
+      - name: mysql-storage
+        emptyDir: {}

k8s/mysql-svc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql
+  labels:
+    name: mysql
+spec:
+  ports:
+    - port: 3306
+  selector:
+    name: mysql

k8s/proxy-rc.yaml

@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: proxy
+  labels:
+    name: proxy
+spec:
+  replicas: 1
+  selector:
+    name: proxy
+  template:
+    metadata:
+      labels:
+        name: proxy
+    spec:
+      containers:
+      - name: proxy
+        image: index.caicloud.io/caicloud/harbor_proxy:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+        - containerPort: 443

k8s/proxy-svc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: proxy
+  labels:
+    name: proxy
+spec:
+  type: LoadBalancer
+  ports:
+    - name: bbb
+      port: 80
+    - name: aaa
+      port: 443
+  selector:
+    name: proxy

k8s/registry-rc.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: registry
+  labels:
+    name: registry
+spec:
+  replicas: 1
+  selector:
+    name: registry
+  template:
+    metadata:
+      labels:
+        name: registry
+    spec:
+      containers:
+      - name: registry
+        image: index.caicloud.io/caicloud/harbor_registry:2.3.0
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 5000
+        - containerPort: 5001
+        volumeMounts:
+        - name: storage
+          mountPath: /storage
+      volumes:
+      - name: storage
+        emptyDir: {}

k8s/registry-svc.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry
+  labels:
+    name: registry
+spec:
+  type: LoadBalancer
+  ports:
+    - name: internal
+      port: 5000
+    - name: external
+      port: 5001
+  selector:
+    name: registry

k8s/ui-rc.yaml

@@ -0,0 +1,49 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: ui
+  labels:
+    name: ui
+spec:
+  replicas: 1
+  selector:
+    name: ui
+  template:
+    metadata:
+      labels:
+        name: ui
+    spec:
+      containers:
+      - name: ui
+        image: index.caicloud.io/caicloud/harbor_deploy_ui:latest
+        imagePullPolicy: Always
+        env:
+          - name: MYSQL_HOST
+            value: mysql
+          - name: MYSQL_PORT
+            value: "3306"
+          - name: MYSQL_USR
+            value: root
+          - name: MYSQL_PWD
+            value: root123
+          - name: REGISTRY_URL
+            value: http://registry:5000
+          - name: CONFIG_PATH
+            value: /etc/ui/app.conf
+          - name: HARBOR_REG_URL
+            value: localhost
+          - name: HARBOR_ADMIN_PASSWORD
+            value: Harbor12345
+          - name: HARBOR_URL
+            value: http://localhost
+          - name: AUTH_MODE
+            value: db_auth
+          - name: LDAP_URL
+            value: ldaps://ldap.mydomain.com
+          - name: LDAP_BASE_DN
+            value: uid=%s,ou=people,dc=mydomain,dc=com
+          - name: LOG_LEVEL
+            value: debug
+        ports:
+        - containerPort: 80
+

k8s/ui-svc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ui
+  labels:
+    name: ui
+spec:
+  ports:
+    - port: 80
+  selector:
+    name: ui