mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-22 08:38:03 +01:00
Merge pull request #11428 from ninjadq/fix_container_unhealth
Fix container unhealth
This commit is contained in:
commit
e064bd4c01
@ -20,4 +20,4 @@ ENTRYPOINT ["./docker-entrypoint.sh"]
|
|||||||
VOLUME ["/chart_storage"]
|
VOLUME ["/chart_storage"]
|
||||||
EXPOSE 9999
|
EXPOSE 9999
|
||||||
|
|
||||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:9999/health || exit 1
|
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:9999/health || curl -k -sS https://127.0.0.1:9443/health || exit 1
|
||||||
|
@ -12,7 +12,7 @@ RUN chown -R clair-adapter:clair-adapter /etc/pki/tls/certs \
|
|||||||
|
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
|
||||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:8080/probe/healthy || exit 1
|
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS http://127.0.0.1:8080/probe/healthy || curl -k -sS https://127.0.0.1:8443/probe/healthy || exit 1
|
||||||
|
|
||||||
USER clair-adapter
|
USER clair-adapter
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
ARG harbor_base_image_version
|
ARG harbor_base_image_version
|
||||||
FROM goharbor/harbor-core-base:${harbor_base_image_version}
|
FROM goharbor/harbor-core-base:${harbor_base_image_version}
|
||||||
|
|
||||||
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v2.0/ping || exit 1
|
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v2.0/ping || curl -k --fail -s https://127.0.0.1:8443/api/v2.0/ping || exit 1
|
||||||
COPY ./make/photon/common/install_cert.sh /harbor/
|
COPY ./make/photon/common/install_cert.sh /harbor/
|
||||||
COPY ./make/photon/core/entrypoint.sh /harbor/
|
COPY ./make/photon/core/entrypoint.sh /harbor/
|
||||||
COPY ./make/photon/core/harbor_core /harbor/
|
COPY ./make/photon/core/harbor_core /harbor/
|
||||||
|
@ -17,6 +17,6 @@ USER harbor
|
|||||||
|
|
||||||
VOLUME ["/var/log/jobs/"]
|
VOLUME ["/var/log/jobs/"]
|
||||||
|
|
||||||
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v1/stats || exit 1
|
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/v1/stats || curl -k --fail -s https://127.0.0.1:8443/api/v1/stats || exit 1
|
||||||
|
|
||||||
ENTRYPOINT ["/harbor/entrypoint.sh"]
|
ENTRYPOINT ["/harbor/entrypoint.sh"]
|
||||||
|
@ -104,7 +104,7 @@ openssl x509 -req -days $DAYS -sha256 -in trivy_adapter.csr -CA harbor_internal_
|
|||||||
openssl req -new \
|
openssl req -new \
|
||||||
-newkey rsa:4096 -nodes -sha256 -keyout notary_signer.key \
|
-newkey rsa:4096 -nodes -sha256 -keyout notary_signer.key \
|
||||||
-out notary_signer.csr \
|
-out notary_signer.csr \
|
||||||
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary_signer"
|
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary-signer"
|
||||||
|
|
||||||
# sign notary_signer csr with CA certificate and key
|
# sign notary_signer csr with CA certificate and key
|
||||||
openssl x509 -req -days $DAYS -sha256 -in notary_signer.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out notary_signer.crt
|
openssl x509 -req -days $DAYS -sha256 -in notary_signer.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out notary_signer.crt
|
||||||
@ -113,7 +113,7 @@ openssl x509 -req -days $DAYS -sha256 -in notary_signer.csr -CA harbor_internal_
|
|||||||
openssl req -new \
|
openssl req -new \
|
||||||
-newkey rsa:4096 -nodes -sha256 -keyout notary_server.key \
|
-newkey rsa:4096 -nodes -sha256 -keyout notary_server.key \
|
||||||
-out notary_server.csr \
|
-out notary_server.csr \
|
||||||
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary_server"
|
-subj "/C=CN/ST=Beijing/L=Beijing/O=VMware/CN=notary-server"
|
||||||
|
|
||||||
# sign notary_server csr with CA certificate and key
|
# sign notary_server csr with CA certificate and key
|
||||||
openssl x509 -req -days $DAYS -sha256 -in notary_server.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out notary_server.crt
|
openssl x509 -req -days $DAYS -sha256 -in notary_server.csr -CA harbor_internal_ca.crt -CAkey harbor_internal_ca.key -CAcreateserial -out notary_server.crt
|
||||||
|
@ -267,6 +267,11 @@ services:
|
|||||||
- type: bind
|
- type: bind
|
||||||
source: {{internal_tls.job_service_key_path}}
|
source: {{internal_tls.job_service_key_path}}
|
||||||
target: /etc/harbor/ssl/job_service.key
|
target: /etc/harbor/ssl/job_service.key
|
||||||
|
{% endif %}
|
||||||
|
{% if protocol == 'https' %}
|
||||||
|
- type: bind
|
||||||
|
source: {{data_volume}}/secret/cert/server.crt
|
||||||
|
target: /harbor_cust_cert/harbor_ca.crt
|
||||||
{% endif %}
|
{% endif %}
|
||||||
networks:
|
networks:
|
||||||
- harbor
|
- harbor
|
||||||
@ -593,7 +598,7 @@ services:
|
|||||||
{%if internal_tls.enabled %}
|
{%if internal_tls.enabled %}
|
||||||
- type: bind
|
- type: bind
|
||||||
source: {{internal_tls.harbor_internal_ca_crt_path}}
|
source: {{internal_tls.harbor_internal_ca_crt_path}}
|
||||||
target: /etc/harbor/ssl/harbor_internal_ca.crt
|
target: /harbor_cust_cert/harbor_internal_ca.crt
|
||||||
- type: bind
|
- type: bind
|
||||||
source: {{internal_tls.chartmuseum_crt_path}}
|
source: {{internal_tls.chartmuseum_crt_path}}
|
||||||
target: /etc/harbor/ssl/chartmuseum.crt
|
target: /etc/harbor/ssl/chartmuseum.crt
|
||||||
|
@ -10,7 +10,7 @@ RUN chown -R harbor:harbor /etc/pki/tls/certs \
|
|||||||
&& chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh \
|
&& chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh \
|
||||||
&& chown harbor:harbor /usr/bin/registry && chmod u+x /usr/bin/registry
|
&& chown harbor:harbor /usr/bin/registry && chmod u+x /usr/bin/registry
|
||||||
|
|
||||||
HEALTHCHECK CMD curl 127.0.0.1:5000/
|
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:5000 || curl -k --fail -s https://127.0.0.1:5443 || exit 1
|
||||||
|
|
||||||
USER harbor
|
USER harbor
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@ RUN chown -R harbor:harbor /etc/pki/tls/certs \
|
|||||||
&& chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh
|
&& chown harbor:harbor /home/harbor/install_cert.sh && chmod u+x /home/harbor/install_cert.sh
|
||||||
|
|
||||||
|
|
||||||
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/health || exit 1
|
HEALTHCHECK CMD curl --fail -s http://127.0.0.1:8080/api/health || curl -k --fail -s https://127.0.0.1:8443/api/health || exit 1
|
||||||
|
|
||||||
VOLUME ["/var/lib/registry"]
|
VOLUME ["/var/lib/registry"]
|
||||||
|
|
||||||
|
@ -3,15 +3,24 @@ FROM goharbor/harbor-trivy-adapter-base:${harbor_base_image_version}
|
|||||||
|
|
||||||
ARG trivy_version
|
ARG trivy_version
|
||||||
|
|
||||||
|
COPY ./make/photon/common/install_cert.sh /home/scanner
|
||||||
|
COPY ./make/photon/trivy-adapter/entrypoint.sh /home/scanner
|
||||||
COPY ./make/photon/trivy-adapter/binary/trivy /usr/local/bin/trivy
|
COPY ./make/photon/trivy-adapter/binary/trivy /usr/local/bin/trivy
|
||||||
COPY ./make/photon/trivy-adapter/binary/scanner-trivy /home/scanner/bin/scanner-trivy
|
COPY ./make/photon/trivy-adapter/binary/scanner-trivy /home/scanner/bin/scanner-trivy
|
||||||
|
|
||||||
|
|
||||||
|
RUN chown -R scanner:scanner /etc/pki/tls/certs \
|
||||||
|
&& chown scanner:scanner /home/scanner/entrypoint.sh && chmod u+x /home/scanner/entrypoint.sh \
|
||||||
|
&& chown scanner:scanner /usr/local/bin/trivy && chmod u+x /usr/local/bin/trivy \
|
||||||
|
&& chown scanner:scanner /home/scanner/bin/scanner-trivy && chmod u+x /home/scanner/bin/scanner-trivy \
|
||||||
|
&& chown scanner:scanner /home/scanner/install_cert.sh && chmod u+x /home/scanner/install_cert.sh
|
||||||
|
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
|
||||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl -sS 127.0.0.1:8080/probe/healthy || exit 1
|
HEALTHCHECK --interval=30s --timeout=10s --retries=3 CMD curl --fail -s http://127.0.0.1:8080/probe/healthy || curl -k --fail -s https://127.0.0.1:8443/probe/healthy || exit 1
|
||||||
|
|
||||||
ENV TRIVY_VERSION=${trivy_version}
|
ENV TRIVY_VERSION=${trivy_version}
|
||||||
|
|
||||||
USER scanner
|
USER scanner
|
||||||
|
|
||||||
ENTRYPOINT ["/home/scanner/bin/scanner-trivy"]
|
ENTRYPOINT ["/home/scanner/entrypoint.sh"]
|
||||||
|
Loading…
Reference in New Issue
Block a user