Wang Yan
ae06ac2fae
fix db issue on helm upgrade ( #15028 )
...
fixes #15000
It needs to double confirm that old pg is stopped before migration
Signed-off-by: wang yan <wangyan@vmware.com>
2021-06-01 15:59:41 +08:00
Wang Yan
66b8a8f8dd
add build arch parameter in Makefile ( #14995 )
...
* add build arch parameter in Makefile
Add parameter BUILDARCH for make file. DB base builds pg96 for x86_64 only
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-06-01 10:38:05 +08:00
DQ
5d02acd043
Add upgrade script for harbor 2.3
...
no new config item added. harbor.yml keep the same as last version
Signed-off-by: DQ <dengq@vmware.com>
2021-05-28 20:30:12 +08:00
Qian Deng
9ea8aade01
Upgrade prepare to consistent with photon 4 ( #14698 )
...
* requires version to 3.9.1
* upgrade packages
Signed-off-by: DQ <dengq@vmware.com>
2021-05-26 16:39:04 +08:00
Wang Yan
39bdd7b506
pg upgrade failure handling ( #14934 )
...
To ensure the upgrade execution idempotence, it needs to clean the $PGDATANEW on pg_upgrade failure.
Otherwise, the upgrade will skip the upgrade process from the second time launch as the exist of $PGDATANEW.
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-05-21 13:53:39 +08:00
Wang Yan
86185989cf
support pg upgrade ( #14846 )
...
1, use the pg source and photon spec to build postgres 9.6
2, install 9.6 on the photon 4.0
3, then leverage pg_upgrade to handle the pg major version migration
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-05-20 16:25:50 +08:00
Wang Yan
0fb520a33b
bump up go to v1.15.12
...
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-05-14 15:36:23 +08:00
DQ
04ba4a4033
Upgrade chartmuseum version
...
from 1.12.0 to 1.13.1
Signed-off-by: DQ <dengq@vmware.com>
2021-05-11 13:51:55 +00:00
Daniel Jiang
c701ce09fa
Merge pull request #14681 from bitsf/fix_typo_NOTARYURL
...
Fixed typo in NOTARYURL variable name
2021-04-21 17:38:01 +08:00
Ziming Zhang
39f70287b4
Fixed typo in NOTARYURL variable name
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2021-04-17 15:55:02 +08:00
DQ
ffed6459c7
Fix: Use local host on db's healthcheck
...
hostname -i will malfunction in some cases like the `nsswitch.conf` file does'nt exist
Signed-off-by: DQ <dengq@vmware.com>
2021-04-16 18:37:24 +08:00
Pushkar Joglekar
3947c5faff
Add --no-cache and --pull flag to image builds to ensure latest security fixes are pulled from base image
...
Signed-off-by: Pushkar Joglekar <pjoglekar@vmware.com>
2021-04-12 09:49:27 -07:00
Qian Deng
c5d12ce8ee
Merge pull request #14542 from ninjadq/add_task_info_in_exporter
...
Add task info in exporter
2021-04-07 18:17:26 +08:00
Alexis
06fa88cfb7
Fix typo
...
Signed-off-by: Alexis <60alexis@gmail.com>
2021-04-07 15:58:17 +08:00
Alexis
e33f7aa9dd
Add redis port to 2.1.0 jinja template
...
Signed-off-by: Alexis <60alexis@gmail.com>
2021-04-07 15:58:17 +08:00
Alexis
7742aec4af
Add port to 2.0.0 jinja file
...
Signed-off-by: Alexis <60alexis@gmail.com>
2021-04-07 15:58:17 +08:00
Alexis
d28845af51
Remove external_redis.port since not used since v1.10.0
...
Signed-off-by: Alexis <60alexis@gmail.com>
2021-04-07 15:58:17 +08:00
stonezdj(Daojun Zhang)
448f0b6e28
Merge pull request #14579 from stonezdj/21apr_add_docker_registry_proxy
...
Support proxy cache for docker-registry type
2021-04-07 10:59:24 +08:00
Steven Zou
e2148f9eea
Merge pull request #14514 from goharbor/dependabot/pip/make/photon/prepare/pyyaml-5.4
...
Bump pyyaml from 4.2b1 to 5.4 in /make/photon/prepare
2021-04-07 09:57:07 +08:00
Steven Zou
10711b7de1
Merge pull request #14482 from goharbor/dependabot/pip/make/photon/prepare/jinja2-2.11.3
...
Bump jinja2 from 2.11.1 to 2.11.3 in /make/photon/prepare
2021-04-07 09:56:23 +08:00
stonezdj
ccd9ee8c56
Support proxy cache for docker-registry type
...
Add proxy cache for docker registry type
Fixes #14477 , #14547
Signed-off-by: stonezdj <stonezdj@gmail.com>
2021-04-06 16:47:12 +08:00
Wang Yan
d03a29e531
bump up photon to 4.0
...
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-03-31 13:25:29 +08:00
DQ
7eebbeebdf
Add jobservice task queue related task
...
add jobservice metrics
add redis client
Signed-off-by: DQ <dengq@vmware.com>
2021-03-30 10:29:36 +00:00
DQ
fbe9cd88f8
Enabled Prometheus for Jobservice
...
* Add prom server on jobservice
* Enabeld configs in templates
* Enabeld jobservice metrics in nginx
Signed-off-by: DQ <dengq@vmware.com>
2021-03-30 08:52:59 +00:00
dependabot[bot]
f20f4215c3
Bump pyyaml from 4.2b1 to 5.4 in /make/photon/prepare
...
Bumps [pyyaml](https://github.com/yaml/pyyaml ) from 4.2b1 to 5.4.
- [Release notes](https://github.com/yaml/pyyaml/releases )
- [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES )
- [Commits](https://github.com/yaml/pyyaml/commits/5.4 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-03-25 22:46:56 +00:00
DQ
f5fcc7bd31
Add base image for exporter
...
* Add base
* update Makefile
Signed-off-by: DQ <dengq@vmware.com>
2021-03-25 16:35:57 +08:00
dependabot[bot]
0ec667c4d8
Bump jinja2 from 2.11.1 to 2.11.3 in /make/photon/prepare
...
Bumps [jinja2](https://github.com/pallets/jinja ) from 2.11.1 to 2.11.3.
- [Release notes](https://github.com/pallets/jinja/releases )
- [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst )
- [Commits](https://github.com/pallets/jinja/compare/2.11.1...2.11.3 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-03-20 00:43:21 +00:00
Xavier Duthil
280c8272f8
Use exec in all components' entrypoints
...
Use the exec Bash command so that the final running application becomes
the container’s PID 1. This allows the application to receive any Unix
signals sent to the container, in accordance with
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#entrypoint
Currently, SIGTERM signals sent by kubernetes are not passed to the
executed binary.
Signed-off-by: Xavier Duthil <xavier.duthil@corp.ovh.com>
2021-03-05 15:00:25 +01:00
Wang Yan
3dfddfdf4e
patch upstream fix for io reader ( #14356 )
...
Fixes #12850
This patch can fix the GC failure in the NFS v3 env, see https://github.com/distribution/distribution/pull/3309#issuecomment-783606968
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-03-04 15:33:09 +08:00
Daniel Jiang
387be3686a
Refine the way to set X-Forwarded-Proto in nginx
...
Refine the way to set the header so user won't need to comment it if
Harbor is sitting behind a reverse proxy.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-02-25 17:43:55 +08:00
Josh Soref
dfe360040b
Spelling
...
* addition
* attribute
* auditing
* availability
* available
* bandwidth
* browser
* business
* cadence
* chartmuseum
* client
* column
* content
* demonstrate
* described
* endpoints
* facilitate
* github
* harbor
* information
* instance
* manual
* meaningful
* operation
* overridden
* password
* possible
* project
* refactor
* replication
* requires
* running
* scanned
* settings
* signup
* those
* unsigned
* vulnerability
--
Also removes trailing space from a filename
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2021-02-19 11:59:15 +08:00
DQ
307c5a8ed4
Fix metrics template for http mode
...
the port shouldn't be hardcode
Signed-off-by: DQ <dengq@vmware.com>
2021-02-05 18:44:28 +00:00
DQ
051b5f289d
Add sen existed check for internal cert
...
fali ealier when there is no san
Signed-off-by: DQ <dengq@vmware.com>
2021-01-28 08:22:07 +00:00
Qian Deng
f013d88efc
Merge pull request #14013 from ninjadq/upgrade_script_for_2_2_0
...
Harbor upgrading for 2.2
2021-01-22 18:10:24 +08:00
Qian Deng
045e1d9abe
Merge pull request #14040 from ninjadq/metric_improvement
...
Metric improvement
2021-01-22 17:13:57 +08:00
DQ
489f31d8fe
Add upgrade scirpt for 2.2
...
1. add metrics config item in config
2. upgrade version in template
Signed-off-by: DQ <dengq@vmware.com>
2021-01-22 16:15:06 +08:00
Wang Yan
dba229d0df
build third party binaries in CI ( #14019 )
...
Signed-off-by: Wang Yan <wangyan@vmware.com>
2021-01-22 11:33:42 +08:00
DQ
92cf728371
Add custom cert for exporter
...
* injecting custom certs related config to exporter
Signed-off-by: DQ <dengq@vmware.com>
2021-01-20 10:52:34 +08:00
DQ
a61e9b0e2e
Add san for notary upgrading
...
if san not exists then remove that cert, prepare will regenerate one
Signed-off-by: DQ <dengq@vmware.com>
2021-01-18 21:00:35 +08:00
Daniel Jiang
1b64b9fdc2
Bump up the go-migrate ( #13914 )
...
Bump it up to v4.11.0 to be consistent with harbor-core
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2021-01-11 19:08:17 +08:00
Qian Deng
642d56041d
Add san for notary cert ( #13928 )
...
Signed-off-by: DQ <dengq@vmware.com>
2021-01-08 01:00:34 +08:00
stonezdj
6b8fb8431d
Add quay registry to proxy cache
...
Update env.jinja to add quay
Signed-off-by: stonezdj <stonezdj@gmail.com>
2021-01-06 17:22:57 +08:00
Wenkai Yin(尹文开)
19ad8ad68d
Merge pull request #13823 from reasonerjt/inst-cert-home-dir
...
Replace tilde in install_cert.sh
2020-12-25 10:25:51 +08:00
Wang Yan
7a8a8fa104
upgrade go version to v1.15.6 ( #13836 )
...
Signed-off-by: wang yan <wangyan@vmware.com>
2020-12-23 18:53:09 +08:00
Daniel Jiang
9d99dfa82b
Replace tilde in install_cert.sh
...
This commit fixes #13287 to remove the usage of tilde as the $HOME is not available in some
cases. More details see #13287
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-12-21 20:39:34 +08:00
Qian Deng
31138f12b0
Merge pull request #13806 from ninjadq/fix_python_yaml_load
...
Fix pythom yaml load to safe_load
2020-12-21 16:04:12 +08:00
Qian Deng
9197471e70
Add Scan for internal tls ( #13810 )
...
Signed-off-by: DQ <dengq@vmware.com>
2020-12-21 15:23:11 +08:00
Will Sun
4392a626f3
Merge pull request #13804 from AllForNothing/scan-all
...
Fix robot account UI issues
2020-12-18 15:48:26 +08:00
AllForNothing
b20cc474b3
Fix robot account UI issues
...
Signed-off-by: AllForNothing <sshijun@vmware.com>
2020-12-18 14:11:08 +08:00
DQ
234b29e170
Fix pythom yaml load to safe_load
...
Signed-off-by: DQ <dengq@vmware.com>
2020-12-16 14:59:06 +08:00
DQ
19e8527cc1
Fix log level issue in registry
...
1. fix level issue in registry.jinja
2. add log level to registryctl
Signed-off-by: DQ <dengq@vmware.com>
2020-12-14 11:52:42 +08:00
DQ
d95f22448c
Add cache for exporter
...
Add timed cache for exporter
default cache time is 30s, cleanup job run every 4 hours
Signed-off-by: DQ <dengq@vmware.com>
2020-12-09 21:22:40 +08:00
DQ
f0db193895
Add prepare file for exporter
...
prepare env for exporter
Signed-off-by: DQ <dengq@vmware.com>
2020-12-09 21:22:13 +08:00
DQ
dc0047c48c
Add build script for exporter
...
- Add dockerfile
- update makefile
Signed-off-by: DQ <dengq@vmware.com>
2020-12-09 20:42:21 +08:00
DQ
590212b485
Remove clair related code
...
- clair code in harbor core
- clair code in frontend
- clair code in robotcase
Signed-off-by: DQ <dengq@vmware.com>
2020-11-27 14:01:04 +08:00
stonezdj(Daojun Zhang)
be4e6a5985
Merge pull request #13537 from stonezdj/201118_add_more_registry_type
...
Add more registry type to proxy cache
2020-11-26 11:16:16 +08:00
Ziming Zhang
d55f55aeb9
fix(chartmuseum) compatible s3 cache fail
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-11-25 17:00:16 +08:00
stonezdj
e667121a34
Add more registry type to proxy cache
...
Includes: azure-acr, aws-ecr, google-gcr
Signed-off-by: stonezdj <stonezdj@gmail.com>
2020-11-18 10:38:07 +08:00
Will Sun
eca3de3489
Merge pull request #13494 from dirkmueller/lock_json_include
...
Include package.json/package-lock.json in portal image
2020-11-16 16:38:02 +08:00
Dirk Mueller
12adc63a48
Include package.json/package-lock.json in portal image
...
This allows Trivy and other vulnerability scanners to correctly
determine the embedded dependencies in minified harbor-portal image.
Also simplify build process by reducing the number of layers in the
final stage container image
Signed-off-by: Dirk Mueller <dirk@dmllr.de>
2020-11-11 21:21:28 +01:00
DQ
0c9faea294
Clean up Clair in prepare script
...
Signed-off-by: DQ <dengq@vmware.com>
2020-11-10 11:39:18 +08:00
DQ
8a584aff89
Clean up clair and clair-adapter in build scripts
...
1. Makefles
2. Dockerfiles
3. Installation script
4. harbor.yml template
Signed-off-by: DQ <dengq@vmware.com>
2020-11-10 11:39:18 +08:00
DQ
9152521b11
Fix: log container password expire
...
move chage command to base image
Signed-off-by: DQ <dengq@vmware.com>
2020-11-09 18:29:41 +08:00
DQ
eb470501be
Add metrics to Harbor Core
...
1. Add configs in prepare
2. Add models and config items in Core
3. Encapdulate getting metric in commom package
4. Add a middleware for global request to collect 3 metrics
Signed-off-by: DQ <dengq@vmware.com>
2020-11-03 14:33:10 +08:00
Daniel Jiang
fb687aeef8
Use pkg/token to generate JWT token
...
This commit refactors the approach to encode a token in handler of /service/token,
by reusing pkg/token to avoid inconsistency.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-10-15 16:16:44 +08:00
DQ
184e89365b
Fix internal tls config upgrade issue
...
internal tls config upgrade is not included in template, this pr is to add it.
Signed-off-by: DQ <dengq@vmware.com>
2020-09-25 09:54:31 +08:00
DQ
17f3bfccb4
Fix trivy setting in upgrading script
...
Signed-off-by: DQ <dengq@vmware.com>
2020-09-08 18:15:57 +08:00
He Weiwei
687043c298
Merge pull request #12880 from stefannica/use-exit-in-db-entrypoint
...
Use exec in harbor database entrypoint
2020-08-28 10:09:58 +08:00
Ziming Zhang
ff19dd499c
fix(jobservice) redis sentinel failover hang
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-08-26 10:42:44 +08:00
Stefan Nica
1c768d0bf1
Use exec in harbor database entrypoint
...
The harbor-db pod takes a long time to terminate. Using an `exec`
command in the entrypoint ensures that Unix signals reach the
postgres process [1].
[1] https://docs.docker.com/engine/reference/builder/#exec-form-entrypoint-example
Signed-off-by: Stefan Nica <snica@suse.com>
2020-08-25 20:24:52 +02:00
Daniel Jiang
4f812f7926
Merge pull request #12811 from ninjadq/fix_portal_health_check
...
Fix schema of the portal health check
2020-08-21 13:44:47 +08:00
Dirk Mueller
08a4d8efd2
Update to golang 1.14.7 ( #12809 )
...
We should use a golang that isn't having security issues.
This includes:
* go1.14.6 (released 2020/07/16) includes fixes to the go command, the
compiler, the linker, vet, and the database/sql, encoding/json,
net/http, reflect, and testing packages. See the Go 1.14.6 milestone on
our issue tracker for details.
* go1.14.7 (released 2020/08/06) includes security fixes to the
encoding/binary package. See the Go 1.14.7 milestone on our issue
tracker for details (CVE-2020-16845)
Signed-off-by: Dirk Mueller <dirk@dmllr.de>
Signed-off-by: Dirk Mueller <dmueller@suse.com>
2020-08-20 15:38:35 +08:00
DQ
e9323ca268
Fix schema of the portal health check
...
it should be https
Signed-off-by: DQ <dengq@vmware.com>
2020-08-19 15:58:51 +08:00
Wenkai Yin
b1ddb5e2cc
Implement the icon API to get the icon of artifact
...
Implement the icon API to get the icon of artifact
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-08-15 08:40:38 +08:00
Qian Deng
5dbbfa76d3
Merge pull request #12766 from ninjadq/add_log_dependency_to_trivy
...
Add log denpendency ti trivy
2020-08-13 18:23:09 +08:00
Qian Deng
78d4b54ddc
Merge pull request #12765 from ninjadq/fix_trivy_append_in_2_1_0_config
...
Fix: append trivy every time when run migrate
2020-08-13 14:47:54 +08:00
DQ
a251e90507
Add log denpendency ti trivy
...
To void trivy can not start issue
Signed-off-by: DQ <dengq@vmware.com>
2020-08-13 11:35:21 +08:00
DQ
7ba498be5b
Fix: append trivy every time run migrate
...
Signed-off-by: DQ <dengq@vmware.com>
2020-08-11 17:43:25 +08:00
He Weiwei
8f036c765a
chore(images): install shadow package in base images
...
The latest `photon:2.0` does not include `groupadd` and `useradd`
we need to install `shadow` package which includes these commands.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-08-10 10:23:48 +00:00
Wenkai Yin(尹文开)
e8f9fb63c0
Merge pull request #12674 from reasonerjt/standalone-db-migrator
...
Provide a standalone migrator to migrate DB schema.
2020-08-10 15:11:52 +08:00
Tianon Gravi
4752cac051
Remove unused "sudo" package from most images
...
Notably missing is the "log" image, which still uses sudo.
Signed-off-by: Tianon Gravi <tianon@infosiftr.com>
2020-08-06 12:44:06 -07:00
Daniel Jiang
4f94f59d2a
Provide a standalone migrator to migrate DB schema.
...
Fixes #11885
This part will not by default be packaged into release.
A README.md will be added in another commit.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-08-06 18:57:55 +08:00
DQ
b015440074
Remove expose port in dockerfiles
...
The export is dynamical now because of introduce of internal TLS
Signed-off-by: DQ <dengq@vmware.com>
2020-08-05 10:42:46 +08:00
Qian Deng
fbef7fd088
Merge pull request #12651 from ninjadq/add_migration_2_1_0
...
Add migration 2.1.0
2020-08-03 15:59:28 +08:00
DQ
1e32792dc5
Add migration 2.1.0
...
db_max_open_comms should be 1000 if its value between 100 and 1000
Signed-off-by: DQ <dengq@vmware.com>
2020-08-03 15:17:41 +08:00
DQ
d3ab9d7c6b
Add internal tls configs for portal
...
add related file, config, command to enabled https for portal
Signed-off-by: DQ <dengq@vmware.com>
2020-07-31 12:10:47 +08:00
DQ
d7618a6274
Fix: beego app config port hardcode
...
the port should be flexible depend on the internal tls
Signed-off-by: DQ <dengq@vmware.com>
2020-07-27 15:35:43 +08:00
Ziming Zhang
8857e89e40
feature(redis) support redis sentinel
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-07-19 21:19:03 +08:00
Wang Yan
bad8f026fc
upgrade golang to v1.14.5 ( #12489 )
...
Signed-off-by: wang yan <wangyan@vmware.com>
2020-07-16 16:20:54 +08:00
Qian Deng
bd26c294e8
Merge pull request #12341 from ninjadq/support_multi_down_version
...
Enhance: Support multi downversion in migration
2020-07-15 23:39:11 +08:00
Daniel Jiang
947eadaa72
Merge pull request #12440 from heww/remove-init-clair-db
...
refactor: remove initialization of clair db
2020-07-15 00:38:12 +08:00
He Weiwei
2a6fe801bc
chore(db): change max_connections of postgres to 1024
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-07-14 07:34:37 +00:00
He Weiwei
039aef5356
refactor: remove initialization of clair db
...
To fetch vulnerability database updated time of the Clair had moved to
the Clair adapter so removes the initialization of clair db in the core.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-07-09 15:26:14 +00:00
DQ
4617e0ff38
Enhance: Support multi downversion in migration
...
1. Change down version to list to accept multi verstion value
2. Update search function use BFS to find migration path
2. Add test case
Signed-off-by: DQ <dengq@vmware.com>
2020-07-07 21:36:58 +08:00
Wenkai Yin
02690d1d04
Suport filtering registries by type in listing registry API
...
Suport filtering registries by type in listing registry API
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-07-07 10:30:46 +08:00
DQ
d0ddd61ad9
Fix Amazon S3 storage not work
...
The Chartmuseum S3 client need set an Env variable
Ref: https://github.com/helm/chartmuseum/issues/280
Signed-off-by: DQ <dengq@vmware.com>
2020-06-30 15:16:18 +08:00
He Weiwei
0474a2a040
Merge pull request #12322 from heww/install-tls-ca
...
feat(certs): install internal tls ca from /etc/harbor/ssl dir
2020-06-25 21:03:35 +08:00
He Weiwei
13436b75a6
feat(certs): install internal tls ca from /etc/harbor/ssl dir
...
Closes #10222
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-06-24 08:58:08 +00:00
Max Rosin
34d5591b1b
Fix DOCKERIMASES and SWAAGER_IMAGE_BUILD_CMD typos in Makefiles
...
Fix #12259
Signed-off-by: Max Rosin <git@hackrid.de>
2020-06-16 12:18:55 +02:00
Wang Yan
dec8397c21
Add api to delete blob and manifest ( #12006 )
...
* Add api to delete blob and manifest
Enable the capability of registry controller to delete blob and manifest
Signed-off-by: wang yan <wangyan@vmware.com>
2020-06-06 01:34:23 +08:00
Qian Deng
9e1302211b
Merge pull request #12072 from ninjadq/add_timeout_in_nginx_config
...
Add timeout in nginx config
2020-06-02 15:14:42 +08:00
Steven Zou
c7c1742b88
Merge pull request #12106 from heww/clean-clair-url
...
refactor(configuration): cleanup unneeded CLAIR_URL configuration in core
2020-06-01 19:24:19 +08:00
Daniel Jiang
58894e9d9c
Merge pull request #12071 from ninjadq/upgrade_chartversion
...
Enhance: Upgrade chartmuseum version
2020-06-01 13:36:54 +08:00
Daniel Jiang
6271da471b
Update health check script for harbor-db ( #12103 )
...
This patch remove the trailing space of the hostname introduced by
`hostname -i`.
The trailing space will cause resolution error after this patch is
applied to glibc in photon:
https://github.com/vmware/photon/blob/2.0/SPECS/glibc/glibc-fix-CVE-2019-10739.patch
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-05-30 14:05:39 +08:00
He Weiwei
d97be71234
refactor(configuration): cleanup unneeded CLAIR_URL configuration in core
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-05-29 07:27:50 +00:00
DQ
278338e401
Add timount on nginx configs
...
set timeout to 900
Signed-off-by: DQ <dengq@vmware.com>
2020-05-26 16:18:35 +08:00
DQ
715685ae51
Remove tls1.1 in notary
...
Signed-off-by: DQ <dengq@vmware.com>
2020-05-26 16:11:57 +08:00
DQ
f7ffd991cc
Enhance: Upgrade chartmuseum version
...
Upgrade chartmuseum version 0.12.0
Signed-off-by: DQ <dengq@vmware.com>
2020-05-26 15:59:58 +08:00
AllForNothing
90e34e0104
Improve i18n service
...
Signed-off-by: AllForNothing <sshijun@vmware.com>
2020-05-06 14:45:56 +08:00
DQ
b06e19a637
Fix: GCS storage gc issue
...
Mount gcs key to registryctl
Signed-off-by: DQ <dengq@vmware.com>
2020-04-29 15:04:16 +08:00
Qian Deng
9469252e85
Merge pull request #11745 from ninjadq/mount_ca_bundle
...
Enhance: Create shared to store shared ca
2020-04-28 10:19:26 +08:00
DQ
f70339870a
Enhance: Create shared to store shared ca
...
this shared ca will mount to all harbor components
Signed-off-by: DQ <dengq@vmware.com>
2020-04-28 02:58:11 +08:00
DQ
90faf700f8
Enhance: output the stdout of gen cert script
...
use popen replace check_all
Signed-off-by: DQ <dengq@vmware.com>
2020-04-27 10:43:22 +08:00
DQ
026e37e777
Fix chart museum absolute url issue
...
if absolute url is enabled return true else set it to false
Signed-off-by: DQ <dengq@vmware.com>
2020-04-26 13:04:29 +08:00
DQ
599ca98c09
Hidden veriify client cert verfiy option
...
Remove to avoid replication access core from external_url issue
Signed-off-by: DQ <dengq@vmware.com>
2020-04-23 10:14:36 +08:00
Daniel Jiang
2ecf0425a4
Remove the certs of notary signer
...
Since `prepare` generates the certs as needed during installation, these
certs should not exist in the repo.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-04-21 13:20:19 +08:00
DQ
b728f04d0a
Fix tls min version for registry
...
cert,key,mintls should in the same context
Signed-off-by: DQ <dengq@vmware.com>
2020-04-20 19:19:15 +08:00
Qian Deng
9c7caddeae
Merge pull request #11635 from hyy0322/set-root-password-never-expire
...
fix: set root password never expire
2020-04-16 22:05:10 +08:00
Daniel Pacak
5c3abee135
chore(trivy): Bump up trivy adapter to 0.9.0
...
- Vendor the latest Trivy release 0.6.0
- Configure TLS 1.2 as min version when TLS is enabled
- Add more tracing to adapter config to facilitate troubleshooting
Resolves : #11544
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-04-16 08:40:27 +02:00
DQ
42c1095216
Fix cert issue of trivy
...
Trivy can't access harbor from external if https enabled so inject cert to trivy container trust
Signed-off-by: DQ <dengq@vmware.com>
2020-04-16 10:52:03 +08:00
Yiyang Huang
4598f52057
fix: set root password never expire
...
Signed-off-by: Yiyang Huang <huangyiyang@caicloud.io>
2020-04-16 00:15:28 +08:00
He Weiwei
355c16943c
chore(clair): bump up clair adapter version to 1.0.2
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-04-15 14:07:46 +00:00
Qian Deng
95d7c9382b
Merge pull request #11592 from ninjadq/min_version_tls_to_12
...
Min version tls to 12
2020-04-14 18:12:55 +08:00
wang yan
ff2a6c7a01
add warning to registry binary name
...
Fixes #11606
As we DO NOT want to user to execute GC in the container, rename it and append the warning message.
Signed-off-by: wang yan <wangyan@vmware.com>
2020-04-14 15:16:50 +08:00
DQ
75f78b64b2
Set registry tls version to 1.2
...
when internal tls enabled set min version of registry to 1.2
Signed-off-by: DQ <dengq@vmware.com>
2020-04-13 18:13:30 +08:00
jwangyangls
e28b5811f7
Merge pull request #11176 from jwangyangls/change-helm-version
...
Separate swagger to get v2.0 swagger and chart swagger
2020-04-10 17:12:00 +08:00
Yogi_Wang
33ed4fb67e
Separate swagger to get v2.0 swagger and chart swagger
...
1. Partial helm api version number clear
2. Separate swagger to get v2.0 swagger and chart swagger
3. router add chart swagger
Signed-off-by: Yogi_Wang <yawang@vmware.com>
2020-04-10 16:25:30 +08:00
DQ
e907cbe2b6
Fix health check for jobservice and regctl
...
need cert when mTLS is enabled
Signed-off-by: DQ <dengq@vmware.com>
2020-04-09 20:35:46 +08:00
DQ
08ff622310
Remove lines not needed
...
volume already defined above
Signed-off-by: DQ <dengq@vmware.com>
2020-04-09 20:06:51 +08:00
Ziming Zhang
572ebef685
feat(cicd) parameterize docker base image and external url
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-04-08 00:21:47 +08:00
DQ
6ae1b1dc97
Add missiong entrypoint file for trivy-adapter
...
Signed-off-by: DQ <dengq@vmware.com>
2020-04-07 10:39:07 +00:00
Daniel Jiang
5bcd015d6f
Merge pull request #11469 from ninjadq/clean_up_migrator
...
Remove migrator flags in script
2020-04-07 16:37:24 +08:00
DQ
1ae50b8d66
Remove migrator flags in script
...
Because migrator tool removed
Signed-off-by: DQ <dengq@vmware.com>
2020-04-07 14:57:10 +08:00
DQ
4a836ea975
Fix health check url
...
health check url should depend on internal https
Signed-off-by: DQ <dengq@vmware.com>
2020-04-07 03:35:52 +00:00
DQ
cdb675bf3d
Add proxy cert file to jobservice when https enabled
...
jobservice may request via absolute path of url to harbor
Signed-off-by: DQ <dengq@vmware.com>
2020-04-04 17:44:34 +00:00
DQ
23ed189ed4
Add SAN to gencert script
...
add localhost and 127.0.0.1 to SAN
Signed-off-by: DQ <dengq@vmware.com>
2020-04-04 17:44:34 +00:00
He Weiwei
77a8c3205f
fix(prepare): not accpet items of false value in external_redis
...
Item in yaml without value will be as None in python, which will make
the password of redis as `None` in `get_redis_configs`. This fix will
not accept items of `false value` in `external_redis` configurations.
Closes #11367
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2020-04-03 04:09:26 +00:00
Qian Deng
a702c32346
Merge pull request #11063 from ninjadq/fix_syslog_dir_in_tpl
...
Fix: fix logrotate is dir issue
2020-04-02 11:37:29 +08:00
DQ
dc271e1a87
Add packaging to pipenv
...
Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 22:54:47 +08:00
DQ
d636f2ea5c
Enhance help message
...
Provide more info in help message
Add requried opition and they will show missing option if you are not provide them instead of Exception
Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 17:02:59 +08:00
DQ
b2e1905e7a
Enhance: Stop upgrade when input version less then 1.9.0
...
The migration script should failure early when version is not supported
Signed-off-by: DQ <dengq@vmware.com>
2020-04-01 15:35:49 +08:00
Qian Deng
9e101b73a4
Merge pull request #11156 from ninjadq/migrate_config_to_harbor2
...
Migrate config to harbor2
2020-03-25 16:02:18 +08:00
DQ
85ec0e7820
Enhance: Refactor the migration structure
...
1. Refactor structure of migrate file
2. fix some previous bugs
Signed-off-by: DQ <dengq@vmware.com>
2020-03-23 21:26:28 +08:00
DQ
444678fe07
Fix: module path raise exception when it is loop
...
add test for loop
Signed-off-by: DQ <dengq@vmware.com>
2020-03-23 19:29:59 +08:00
DQ
e8bb977ae1
Feat: Upgrade configs to harbor 2.0
...
add migrate files for harbor 2.0
Signed-off-by: DQ <dengq@vmware.com>
2020-03-20 15:20:32 +08:00
DQ
1e0c9f7231
Feat: Add config migrator to prepare
...
deprecated migrator container and move config migration to prepare
Signed-off-by: DQ <dengq@vmware.com>
2020-03-20 03:04:10 +08:00
Steven Zou
2859cd8b69
Merge pull request #11134 from danielpacak/feat/issue_11090/trivy_skip_update_flag
...
feat(trivy): Configure Trivy to skip database updates
2020-03-19 18:13:08 +08:00
DQ
f18a546429
Fix: return error when internal_tls_not_provided
...
When iinternal_tls is empty, prepare should works as usual
Signed-off-by: DQ <dengq@vmware.com>
2020-03-19 10:37:58 +08:00
Daniel Pacak
7325105714
feat(trivy): Configure Trivy to skip database updates
...
Resolves : #11090
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-18 17:11:47 +01:00
DQ
6e8d44101f
Enhance: User can generate cert by their own ca key pair
...
User can put their ca key pair on internal cert dir and name them to `harbor_internal_ca.key` and `harbor_internal_ca.crt` we wil use them to generate other certs
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00