DQ
03e11c63c7
Fix docker file with secure tls change
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:10 +08:00
DQ
dcc6950af7
Feat: auto install ca in registry
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
b852605193
Feat: enable mtls in harbor replication
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
40e67f3b14
Feat: Enable mtls for registry
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
07a1d51693
Feat: enable tls in registryctlAdd tls related code in registryctl
...
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
da359f609f
Feat: enable mtls in core
...
add mtls related code in core
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
DQ
a4855cca36
Feat: update prepare to support tls
...
update makefile
add model for prepare
update jinja template for prepare
Signed-off-by: DQ <dengq@vmware.com>
2020-03-18 19:22:09 +08:00
Daniel Pacak
9c13116963
chore(trivy): Allow configuring HTTP(S) proxy
...
Resolves : #11032
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-16 12:26:49 +01:00
Daniel Pacak
46fb43bc25
chore: Bump up Trivy adapter to v0.4.0
...
Allows configuring SCANNER_TRIVY_GITHUB_TOKEN environment variable,
which is passed to trivy executable binary when it starts scanning
a given artifact.
This is to increase GitHub requests rate limit from 60 per hours
(for anonymous requests) to 5000 when Trivy download its
vulnerabilities database.
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-03-16 09:53:16 +01:00
DQ
1eeea6b888
Fix: fix logrotate is dir issue
...
Change it to bind command
Signed-off-by: DQ <dengq@vmware.com>
2020-03-13 14:58:45 +08:00
Ziming Zhang
695a2559be
feat(cicd) use unified version as tag name, clean more
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 17:13:28 +08:00
Ziming Zhang
200c352c35
feat(cicd) use unified version as tag name
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-03-09 15:30:03 +08:00
Daniel Jiang
ae5ffce83a
Update CSRF mechanism
...
This commit replaces beego's CSRF mechanism with gorilla's csrf library.
The criteria for requests to skip the csrf check remain the same.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-03-09 01:15:54 +08:00
wang yan
2b0b7576b2
Fix gc issue on clean the artifact trash
...
1, enable dao test for artifact trash
2, set default flush trash table to false
3, hanlder empty parameter in API call
4, add registry auth info into jobservice container
Signed-off-by: wang yan <wangyan@vmware.com>
2020-03-06 03:11:31 +08:00
Daniel Jiang
1823c984f7
Merge branch 'master' into redis-idle-timeout
2020-02-27 22:01:22 +08:00
stonezdj(Daojun Zhang)
a7e5873f46
Merge pull request #10821 from stonezdj/20200224_remove_notification
...
Remove registry notification and change core health check url
2020-02-25 13:34:37 +08:00
Ziming Zhang
94230b5e19
feat(cicd) fix some build problem
...
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2020-02-25 12:05:39 +08:00
stonezdj
6005101c95
Remove registry notification and change /api/ping
...
Update config.yaml.jinja to remove notification
Change api/ping in core/Dockerfile
Signed-off-by: stonezdj <stonezdj@gmail.com>
2020-02-25 11:24:21 +08:00
Wenkai Yin
bd204464f3
Remove dead code
...
Remove dead code
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2020-02-23 17:11:46 +08:00
dechen
e642a73280
Set redis idle timeout for core
...
Signed-off-by: dechen <xxyydream@gmail.com>
2020-02-23 12:31:56 +08:00
Daniel Pacak
70dda1387a
chore: Configure Redis URL for Trivy adapter
...
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-02-13 17:57:02 +01:00
Daniel Pacak
a642667ffc
chore(install): Add --with-trivy arg to the installation script
...
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
2020-02-12 23:47:56 +01:00
Daniel Jiang
2064a1cd6d
Switch to basic authentication for registry
...
1. Add basic authorizer for registry which modify the request
to add basic authorization header to request based on configuration.
2. Set basic auth header for proxy when accessing registry
3. Switche the registry to use basic auth by default and use the basic
authorizer to access Harbor.
4. Make necessary change to test cases, particularly
"test_robot_account.py" and "docker_api.py", because the error is
changed after siwtched to basic auth from token auth. #10604 is opened
to track the follow up work.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2020-01-31 21:46:47 +09:00
Daniel Jiang
a087ba02e3
Populate basic auth information for registry
...
This commit updates `prepare` and templates to populate the credential
for registry for basic authentication.
A temporary flag `registry_use_basic_auth` was added to avoid breakage.
It MUST be removed before the release.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-12-31 14:50:46 +08:00
Wang Yan
2a63382236
Merge pull request #10047 from bitsf/makefile_clean
...
optimize the makefile process
2019-12-05 19:03:19 +08:00
Ziming Zhang
332f88ec8c
add make clean
...
Change-Id: Ibe806972a19cd69bfd90be051cdc340c4d7c6afb
Signed-off-by: Ziming Zhang <zziming@vmware.com>
2019-12-05 14:44:07 +08:00
Wenkai Yin(尹文开)
d145f4baf4
Merge pull request #10034 from ywk253100/191128_clean
...
Clean up admiral-related code
2019-12-04 17:33:31 +08:00
Daniel Jiang
7bb71db478
Merge pull request #10003 from ninjadq/migrator_miss_component_no_proxy
...
Add default domainname for no_proxy
2019-12-03 10:50:32 +08:00
Wenkai Yin
dd2bc0ecef
Clean up admiral-related code
...
Clean up admiral-related code as it's useless
Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-11-28 17:28:54 +08:00
DQ
79344887b9
Fix ca bundle path join issue
...
CA bundle name start with '/' will break the os path join
Signed-off-by: DQ <dengq@vmware.com>
2019-11-27 18:37:45 +08:00
DQ
ed6438cf69
Add default domainname for no_proxy
...
All internal service and known internal hostname shuold add to no_proxy by default
Signed-off-by: DQ <dengq@vmware.com>
2019-11-27 15:10:42 +08:00
He Weiwei
b8308f41a0
fix(prepaire,clair): disable clair updaters when its interval is 0
...
Closes #9961
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-22 03:31:20 +00:00
Daniel Jiang
2fcd174e4b
Merge pull request #9828 from wy65701436/cii-docker-base
...
add base images when to build harbor assets
2019-11-15 14:24:11 +08:00
He Weiwei
fe69a5df99
build(scanner-adapter): bump up clair adapter to v1.0.1-rc2
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-11-13 02:35:21 +00:00
wang yan
47793e77e3
update base file name ane pass base version to build file
...
Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-12 19:12:49 +08:00
Wang Yan
544cc98971
add base images when to build harbor assets
...
* add base images when to build harbor assets
Signed-off-by: wang yan <wangyan@vmware.com>
2019-11-12 15:38:51 +08:00
Wang Yan
6da183d576
Merge pull request #9800 from ninjadq/failure_earlier_of_ca_bundle_permission_check
...
Failure earlier of ca bundle permission check
2019-11-11 14:09:21 +08:00
Wang Yan
0b09bd14b1
Merge pull request #9756 from ninjadq/add_ignore_media_type
...
Add ignore mediatypes for registry
2019-11-08 18:34:13 +08:00
DQ
80c3e76b5a
check the permission of ca bundle file
...
CA bundle need check before use
Signed-off-by: DQ <dengq@vmware.com>
2019-11-08 15:34:17 +08:00
Daniel Jiang
06e4e124d8
Refine request handle process ( #9760 )
...
* Refine request handle process
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-11-07 13:02:17 +08:00
DQ
45868107aa
Add ignore mediatypes for registry
...
Add these mediatypes to reduce the amount of registry event
Signed-off-by: DQ <dengq@vmware.com>
2019-11-06 21:39:08 +08:00
Wang Yan
27cb25cc04
Merge pull request #9400 from ninjadq/inject_certs_to_non_root
...
Inject certs to non root
2019-11-05 14:49:08 +08:00
DQ
ece321a53a
Change certs's owner to 10000
...
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 17:38:41 +08:00
Wang Yan
3f39b0ba4f
Merge pull request #9550 from ninjadq/enable_https_by_default
...
Enable https by default
2019-11-04 16:51:33 +08:00
Daniel Jiang
02dab35a43
Merge pull request #9683 from ninjadq/upgrade_python_rand_gen
...
Replance python ran lib to secrets
2019-10-31 21:51:38 +08:00
DQ
873d9f5b82
Enable https by default
...
1. Umcomment https related configs
2. Remove the https prepare related thing in ci
Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 20:58:09 +08:00
DQ
6c01049d94
Replance python ran lib to secrets
...
Secrets is included in python 3.6, so just import and use it
Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 17:23:19 +08:00
wang yan
c46d7e856a
add a switcher for quota sync on core launch
...
As the quota sync is default called by harbor-core on every launch, and it will break the launch process if any failure throwed.
1, The commit is to provide an switcher for the system admin to bypass the quota sync.
2, In case Harbor goes into the restarting cycle.
Harbor already provides an internal API to sync quota data, in the failure case,
system admin can launch harbor and call the /api/internal/syncquota to sync quota.
Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-31 16:17:27 +08:00
He Weiwei
b0f7404231
chore(log): log level support for clair adapter ( #9640 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-29 16:50:26 +08:00
He Weiwei
28e0c0693b
Upgrade clair adapter to v1.0.0
...
1. Upgrade clair adapter to v1.0.0.
2. Make the clair adapter which installed by harbor immutable and using internal registry address.
3. Add support to build clair adapter image from binary.
4. Switch to ScannerPull action when make authorization for the scan request.
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-26 17:25:36 +00:00
He Weiwei
8964a8697a
build(clair): internal clair adapter when install with clair
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-17 12:00:51 +08:00
stonezdj(Daojun Zhang)
0fa4934679
Merge pull request #8596 from JakubOnderka/patch-4
...
nginx: Remove TLSv1.1 support
2019-10-16 11:39:55 +08:00
Qian Deng
578adaa064
Merge pull request #9240 from ninjadq/add_extra_headers_in_nginx
...
Add headers in nginx config file
2019-09-26 10:27:08 +08:00
DQ
e7394041ab
Add headers in nginx config file
...
extra headered added in https and http config
Signed-off-by: DQ <dengq@vmware.com>
2019-09-24 17:50:40 +08:00
Daniel Jiang
3e5973fc6e
Add Secure flag to cookie
...
This commit modifies nginx configuration file to make sure the secure
flag is added to "Set-Cookie" header when Harbor is serving https
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-19 21:04:37 +08:00
stonezdj(Daojun Zhang)
ca97c85279
Merge pull request #8927 from ninjadq/fix_config_with_components
...
Add logic to read clair and notary config
2019-09-09 15:50:09 +08:00
DQ
495a257ab5
Add logic to read clair and notary config
...
Signed-off-by: DQ <dengq@vmware.com>
2019-09-05 12:49:32 +08:00
Qian Deng
97c40df40f
Merge pull request #8593 from ninjadq/fix_wording_in_doc
...
Update config file names
2019-09-03 10:53:23 +08:00
DQ
377739204b
Update config file names
...
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:19:06 +08:00
stonezdj(Daojun Zhang)
469018ae9e
Merge pull request #8891 from ninjadq/fix_prepare_file_permission
...
Fix: prepare permission issue
2019-09-02 18:07:14 +08:00
Qian Deng
86f2bb26a3
Fix docker-compose file permmission
...
non-root user can see the content
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-09-02 13:57:18 +08:00
DQ
6ed3d52615
Fix: prepare permission issue
...
1. recursivele change ownership for all prepare dir
2. database file permission fix
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 10:04:38 +08:00
Wang Yan
6e462baa0d
Merge pull request #8837 from ninjadq/disable_redis_n_db_container_if_use_exeternal
...
Disable redis and db containers if external db enabled
2019-09-01 17:47:28 +08:00
He Weiwei
e2a19d8ab9
fix(build): max idle and open conn settings for external db ( #8854 )
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-29 15:04:10 +08:00
DQ
fe3c71094b
Disable redis and db containers if external db enabled
...
If depend on external redis or pg. local db and redis should not start. Therefore can save some resources.
Signed-off-by: DQ <dengq@vmware.com>
2019-08-26 17:59:13 +08:00
cd1989
db9b52d827
Config idle timeout for redis pool
...
Signed-off-by: cd1989 <chende@caicloud.io>
2019-08-20 17:23:32 +08:00
Daniel Jiang
f674bb4e6c
Merge pull request #8590 from ninjadq/fix_registry_log_level
...
Fix: registry log level rendering issue
2019-08-20 09:11:56 +08:00
Daniel Jiang
b34fda173c
Bump up Clair to v2.0.9
...
Fixes #8584
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-08-19 16:19:29 +08:00
He Weiwei
98e1f68468
feat(configuration,db): connection pool configs for db
...
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-14 14:30:34 +08:00
Daniel Jiang
ca585f8b9c
Merge pull request #8640 from ninjadq/fix_permission_of_nginx_cert
...
Fix permission of nginx cert
2019-08-14 14:23:40 +08:00
Qian Deng
b4975d8601
Fix nginx permission issue
...
* mount root of host
* copy file to data dir and change ownership and permission
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-13 02:59:27 +00:00
疯魔慕薇
3e8a73ca1e
Proxy
...
1. Global proxy config for components.
2. Prepare proxy configure for clair, core and jobservice.
Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com>
2019-08-11 00:24:18 +08:00
Qian Deng
a935823e3d
Merge pull request #8362 from ninjadq/non-root-contaienr
...
Non root contaienr
2019-08-08 17:34:25 +08:00
Jakub Onderka
8f83310022
nginx: Remove TLSv1.1 support
...
Signed-off-by: Jakub Onderka <jakub.onderka@gmail.com>
2019-08-07 17:51:31 +02:00
王添
94d4f9c6b6
add webhook job
...
Signed-off-by: 王添 <wangtian@corp.netease.com>
2019-08-07 20:56:31 +08:00
DQ
057bc34703
Fix: registry log level rendering issue
...
when log level is warning, the actual value of registry should be warn
Signed-off-by: DQ <dengq@vmware.com>
2019-08-07 14:35:36 +08:00
Qian Deng
dacb1fc79e
Add healthcheck in Dockerfile* redis* jobservice
...
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 13:16:12 +00:00
Qian Deng
303471563f
DB container run as non-root
...
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:47 +00:00
Qian Deng
8b7f1ae4c0
Add proxy nginx container as non-root user
...
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:47 +00:00
Qian Deng
29727148b3
Running job service with non-root container
...
job-service running with 10000:10000 user
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Qian Deng
904f04fac1
Enhance: Running contaienr with non-root user
...
* core
* portal
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-08-06 05:21:45 +00:00
Daniel Jiang
eec4fc2798
Remove clair notifier
...
The way Harbor handles notification is problematic.
It currently triggers rescan, which will cause problem when there are
lot of images in the registry.
Such as #7316
This commit removes the notifier and we need to revisit the notification
to figure out how to map the notification to a particular image if need
the notification mechanism in future.
Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-08-06 01:58:15 +08:00
Jakub Onderka
53b5dcfece
nginx.https.conf.jinja template indention fix
...
Signed-off-by: Jakub Onderka <jakub.onderka@gmail.com>
2019-08-01 22:24:19 +02:00
wang yan
4410cc93f9
add internal reg request handler chain
...
this is for internal registry api call, the request should be intercpeted by quota middlerwares, like retag and delete.
Note: The api developer has to know that if the internal registry call in your api, please consider to use
NewRepositoryClientForLocal() to init the repository client, which can handle quota change.
Signed-off-by: wang yan <wangyan@vmware.com>
2019-07-30 19:39:56 +08:00
Daniel Jiang
e0e6a1d30b
Merge pull request #8301 from ninjadq/external_endpoint_support
...
Add supoort for external endpoint
2019-07-18 01:36:08 +08:00
DQ
6cf4596292
Add supoort for external endpoint
...
Add config item in harbor.yml
Make fowarding rule configurable
Signed-off-by: DQ <dengq@vmware.com>
2019-07-17 16:23:37 +08:00
Qian Deng
5cd3594f20
Upgrade chartmuseum from v0.8.1 to v0.9.0
...
Signed-off-by: Qian Deng <dengqian0826@gmail.com>
2019-07-17 06:45:23 +00:00
stonezdj
a8cd1bca59
Change the mount target of gcs.key file
...
Signed-off-by: stonezdj <stonezdj@gmail.com>
2019-06-16 13:34:32 +08:00
Wenkai Yin
1ceb7a2fb9
Merge pull request #7825 from ninjadq/update_installation_doc
...
Update doc caused by refactor prepare
2019-05-17 10:02:47 +08:00
Qian Deng
48151f6d46
Update doc caused by refactor prepare
...
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-16 23:01:12 +08:00
Wenkai Yin
64cacc99e0
Merge pull request #7750 from liqiang-fit2cloud/fix-7288
...
Fix issue: harbor 1.7.4 aliyun oss chartmuseum 500
2019-05-16 18:23:35 +08:00
Qian Deng
ea889d5a50
Fix typo in azure config
...
Fix typo in chart azure
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-15 18:25:34 +08:00
Qian Deng
1677686140
Made logs in jobservice configurable
...
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-15 10:57:42 +08:00
Qian Deng
4188c4db76
Merge pull request #7719 from ninjadq/fix_chart_relative_url_issue
...
Fix chart relative url issue
2019-05-15 10:02:07 +08:00
stonezdj(Daojun Zhang)
47f24cab4b
Merge pull request #7770 from ninjadq/fix_typo_in_registry_config
...
Typo in registry config
2019-05-14 13:58:03 +08:00
Qian Deng
f607c5177d
Fix frontend failure caused by absolute path
...
Fix failures because front downlowd chart using relative path
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-14 13:22:06 +08:00
Qian Deng
3022b617f2
Add chart absolute url item in config
...
Add a config item to enable and disalbe chart_url
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-14 12:56:20 +08:00
Qian Deng
cd6c5a9f10
Enable absolute url in helm chart
...
assign public_url to chart-url
remove namespace merge in index.yaml
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-14 12:56:20 +08:00
Qian Deng
41e399dec0
Fix issue caused by notary default_alias
...
Fix notary issue
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-13 18:43:15 +08:00
Qian Deng
6db39f9c71
Typo in registry config
...
it should be disable not disabled
Signed-off-by: Qian Deng <dengq@vmware.com>
2019-05-10 23:08:21 +08:00