mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-22 00:27:44 +01:00
Merge pull request #11428 from ninjadq/fix_container_unhealth
Fix container unhealth
This commit is contained in:
commit
e064bd4c01
@ -20,4 +20,4 @@ ENTRYPOINT ["./docker-entrypoint.sh"]
|
||||
VOLUME ["/chart_storage"]
|
||||
EXPOSE 9999
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:9999/health || exit 1
|
||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:9999/health || curl -k -sS https://127.0.0.1:9443/health || exit 1
|
||||
|
@ -12,7 +12,7 @@ RUN chown -R clair-adapter:clair-adapter /etc/pki/tls/certs \
|
||||
|
||||
EXPOSE 8080
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:8080/probe/healthy || exit 1
|
||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:8080/probe/healthy || curl -k -sS https://127.0.0.1:8443/probe/healthy || exit 1
|
||||
|
||||
USER clair-adapter
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
ARG harbor_base_image_version
|
||||
FROM goharbor/harbor-core-base:${harbor_base_image_version}
|
||||
|
||||
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v2.0/ping || exit 1
|
||||
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v2.0/ping || curl -k --fail -s https://127.0.0.1:8443/api/v2.0/ping || exit 1
|
||||
COPY ./make/photon/common/install_cert.sh /harbor/
|
||||
COPY ./make/photon/core/entrypoint.sh /harbor/
|
||||
COPY ./make/photon/core/harbor_core /harbor/
|
||||
|
@ -17,6 +17,6 @@ USER harbor
|
||||
|
||||
VOLUME ["/var/log/jobs/"]
|
||||
|
||||
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v1/stats || exit 1
|
||||
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v1/stats || curl -k --fail -s https://127.0.0.1:8443/api/v1/stats || exit 1
|
||||
|
||||
ENTRYPOINT ["/harbor/entrypoint.sh"]
|
||||
|
@ -104,7 +104,7 @@ openssl x509 -req -days $DAYS -sha256 -in trivy_adapter.csr -CA harbor_internal_
|
||||
openssl req -new \
|
||||
-newkey rsa:4096 -nodes -sha256 -keyout notary_signer.key \
|
||||
-out notary_signer.csr \
|
||||
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary_signer"
|
||||
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary-signer"
|
||||
|
||||
# sign notary_signer csr with CA certificate and key
|
||||
openssl x509 -req -days $DAYS -sha256 -in notary_signer.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out notary_signer.crt
|
||||
@ -113,7 +113,7 @@ openssl x509 -req -days $DAYS -sha256 -in notary_signer.csr -CA harbor_internal_
|
||||
openssl req -new \
|
||||
-newkey rsa:4096 -nodes -sha256 -keyout notary_server.key \
|
||||
-out notary_server.csr \
|
||||
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary_server"
|
||||
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary-server"
|
||||
|
||||
# sign notary_server csr with CA certificate and key
|
||||
openssl x509 -req -days $DAYS -sha256 -in notary_server.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out notary_server.crt
|
||||
|
@ -267,6 +267,11 @@ services:
|
||||
- type: bind
|
||||
source: {{internal_tls.job_service_key_path}}
|
||||
target: /etc/harbor/ssl/job_service.key
|
||||
{% endif %}
|
||||
{% if protocol == 'https' %}
|
||||
- type: bind
|
||||
source: {{data_volume}}/secret/cert/server.crt
|
||||
target: /harbor_cust_cert/harbor_ca.crt
|
||||
{% endif %}
|
||||
networks:
|
||||
- harbor
|
||||
@ -475,7 +480,7 @@ services:
|
||||
{%if internal_tls.enabled %}
|
||||
- type: bind
|
||||
source: {{internal_tls.harbor_internal_ca_crt_path}}
|
||||
target: /harbor_cust_cert/harbor_internal_ca.crt
|
||||
target: /harbor_cust_cert/harbor_internal_ca.crt
|
||||
- type: bind
|
||||
source: {{internal_tls.clair_crt_path}}
|
||||
target: /etc/harbor/ssl/clair.crt
|
||||
@ -554,7 +559,7 @@ services:
|
||||
volumes:
|
||||
- type: bind
|
||||
source: {{internal_tls.harbor_internal_ca_crt_path}}
|
||||
target: /harbor_cust_cert/harbor_internal_ca.crt
|
||||
target: /harbor_cust_cert/harbor_internal_ca.crt
|
||||
- type: bind
|
||||
source: {{internal_tls.trivy_adapter_crt_path}}
|
||||
target: /etc/harbor/ssl/trivy_adapter.crt
|
||||
@ -593,7 +598,7 @@ services:
|
||||
{%if internal_tls.enabled %}
|
||||
- type: bind
|
||||
source: {{internal_tls.harbor_internal_ca_crt_path}}
|
||||
target: /etc/harbor/ssl/harbor_internal_ca.crt
|
||||
target: /harbor_cust_cert/harbor_internal_ca.crt
|
||||
- type: bind
|
||||
source: {{internal_tls.chartmuseum_crt_path}}
|
||||
target: /etc/harbor/ssl/chartmuseum.crt
|
||||
|
@ -10,7 +10,7 @@ RUN chown -R harbor:harbor /etc/pki/tls/certs \
|
||||
&& chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh \
|
||||
&& chown harbor:harbor /usr/bin/registry && chmod u+x /usr/bin/registry
|
||||
|
||||
HEALTHCHECK CMD curl 127.0.0.1:5000/
|
||||
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:5000 || curl -k --fail -s https://127.0.0.1:5443 || exit 1
|
||||
|
||||
USER harbor
|
||||
|
||||
|
@ -13,7 +13,7 @@ RUN chown -R harbor:harbor /etc/pki/tls/certs \
|
||||
&& chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh
|
||||
|
||||
|
||||
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/health || exit 1
|
||||
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/health || curl -k --fail -s https://127.0.0.1:8443/api/health || exit 1
|
||||
|
||||
VOLUME ["/var/lib/registry"]
|
||||
|
||||
|
@ -3,15 +3,24 @@ FROM goharbor/harbor-trivy-adapter-base:${harbor_base_image_version}
|
||||
|
||||
ARG trivy_version
|
||||
|
||||
COPY ./make/photon/common/install_cert.sh /home/scanner
|
||||
COPY ./make/photon/trivy-adapter/entrypoint.sh /home/scanner
|
||||
COPY ./make/photon/trivy-adapter/binary/trivy /usr/local/bin/trivy
|
||||
COPY ./make/photon/trivy-adapter/binary/scanner-trivy /home/scanner/bin/scanner-trivy
|
||||
|
||||
|
||||
RUN chown -R scanner:scanner /etc/pki/tls/certs \
|
||||
&& chown scanner:scanner /home/scanner/entrypoint.sh && chmod u+x /home/scanner/entrypoint.sh \
|
||||
&& chown scanner:scanner /usr/local/bin/trivy && chmod u+x /usr/local/bin/trivy \
|
||||
&& chown scanner:scanner /home/scanner/bin/scanner-trivy && chmod u+x /home/scanner/bin/scanner-trivy \
|
||||
&& chown scanner:scanner /home/scanner/install_cert.sh && chmod u+x /home/scanner/install_cert.sh
|
||||
|
||||
EXPOSE 8080
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:8080/probe/healthy || exit 1
|
||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl --fail -s http://127.0.0.1:8080/probe/healthy || curl -k --fail -s https://127.0.0.1:8443/probe/healthy || exit 1
|
||||
|
||||
ENV TRIVY_VERSION=${trivy_version}
|
||||
|
||||
USER scanner
|
||||
|
||||
ENTRYPOINT ["/home/scanner/bin/scanner-trivy"]
|
||||
ENTRYPOINT ["/home/scanner/entrypoint.sh"]
|
||||
|
Loading…
Reference in New Issue
Block a user