Commit Graph

288 Commits

Author SHA1 Message Date
Wang Yan
27cb25cc04
Merge pull request #9400 from ninjadq/inject_certs_to_non_root
Inject certs to non root
2019-11-05 14:49:08 +08:00
DQ
ece321a53a Change certs's owner to 10000
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 17:38:41 +08:00
Wang Yan
3f39b0ba4f
Merge pull request #9550 from ninjadq/enable_https_by_default
Enable https by default
2019-11-04 16:51:33 +08:00
DQ
a0462f0baa Change the clair container to non root user
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
DQ
d0ed075b91 Change chartmuseum container to non-root
Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
DQ
1c76d52152 Add registryctl to non-root
And the install_cert.sh will changed for non-root too

Signed-off-by: DQ <dengq@vmware.com>
2019-11-04 11:36:39 +08:00
Qian Deng
336dbfd3e1
Merge pull request #9452 from ninjadq/add_certs_in_specific_dir
All certs in /harbor_cust_certs will appended to ca_bundle
2019-11-01 13:13:18 +08:00
Daniel Jiang
02dab35a43
Merge pull request #9683 from ninjadq/upgrade_python_rand_gen
Replance python ran lib to secrets
2019-10-31 21:51:38 +08:00
DQ
873d9f5b82 Enable https by default
1. Umcomment https related configs
2. Remove the https prepare related thing in ci

Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 20:58:09 +08:00
DQ
2529f69fba All certs in /harbor_cust_certs will appended to ca_bundle
Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 20:51:08 +08:00
Daniel Jiang
bc65609a10
Merge pull request #9657 from wy65701436/quota-sync-switcher
add a switcher for quota sync on core launch
2019-10-31 19:22:23 +08:00
Wang Yan
fa784d7514
Merge pull request #9649 from wy65701436/fix-9081
add ldflags for harbor compiler and linker
2019-10-31 19:14:16 +08:00
DQ
6c01049d94 Replance python ran lib to secrets
Secrets is included in python 3.6, so just import and use it

Signed-off-by: DQ <dengq@vmware.com>
2019-10-31 17:23:19 +08:00
wang yan
c46d7e856a add a switcher for quota sync on core launch
As the quota sync is default called by harbor-core on every launch, and it will break the launch process if any failure throwed.

1, The commit is to provide an switcher for the system admin to bypass the quota sync.
2, In case Harbor goes into the restarting cycle.

Harbor already provides an internal API to sync quota data, in the failure case,
system admin can launch harbor and call the /api/internal/syncquota to sync quota.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-31 16:17:27 +08:00
Steven Zou
7b6e83090e create API folder to keep API swagger files
- create API folder
- move harbor API swagger file to API/harbor
- add scanner adapter open API swagger file to API/scanner
- update protal build Dockerfile
- update swagger explorer build command in Makefile

Signed-off-by: Steven Zou <szou@vmware.com>
2019-10-30 21:41:03 +08:00
wang yan
253e87d186 inject ldflags for harbor compiler and linker
1, replace the UIVERSION file with ldflags, which is generarted by make to inject into the UI core.
2, inject additional ldflags for harbor compiler

Signed-off-by: wang yan <wangyan@vmware.com>
2019-10-30 18:31:42 +08:00
He Weiwei
b0f7404231
chore(log): log level support for clair adapter (#9640)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-29 16:50:26 +08:00
He Weiwei
28e0c0693b Upgrade clair adapter to v1.0.0
1. Upgrade clair adapter to v1.0.0.
2. Make the clair adapter which installed by harbor immutable and using internal registry address.
3. Add support to build clair adapter image from binary.
4. Switch to ScannerPull action when make authorization for the scan request.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-26 17:25:36 +00:00
Wang Yan
d503f2a245
Merge pull request #9489 from reasonerjt/bump-up-golang
Bump up golang to 1.12.12
2019-10-22 10:54:35 +08:00
Daniel Jiang
6e131d511c Hide DB URL from notary migrator script
This commit modify the log message from upstream notary DB migrator, to
make sure the DB URL is not displayed.
Fixes #7510

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-21 23:10:27 +08:00
Daniel Jiang
dbe6ebceec Bump up golang to 1.12.12
Bump up the golang for compiling the binaries to 1.12.12
This commit also includes some minor changes to Makefile to fix issue in
building the binary files.

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-10-21 15:55:58 +08:00
He Weiwei
8964a8697a build(clair): internal clair adapter when install with clair
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-17 12:00:51 +08:00
stonezdj(Daojun Zhang)
0fa4934679
Merge pull request #8596 from JakubOnderka/patch-4
nginx: Remove TLSv1.1 support
2019-10-16 11:39:55 +08:00
He Weiwei
6fbb77d65a
build(portal): npm registry configurable and build cache support (#9356)
1. Introduce NPM_REGISTRY in Makefile to support npm registry
configuration when build portal image.
2. Install npm pkgs before copy portal src so that build cache works for
npm install in portal image.

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-10-10 15:29:50 +08:00
Wang Yan
7e73dfb754
Merge pull request #9221 from wy65701436/fix-9186
patch registry fix of issue 2553
2019-09-26 19:34:18 +08:00
wang yan
3cf7e702be patch regsitry fix of issue 2553
This commit is target to fix harbor issue #9186, which root cause is mentioned by
https://github.com/docker/distribution/issues/2553, and fixed by https://github.com/docker/distribution/pull/2879.

As the latest distribution release(v2.7.1) does not contain this fix, but it will break the quota migraion process on S3 storage, we have to path this fix into Harbor regsitry binary.

[Tag Version]
It uses the issue number(2553) as the tag naming convention, like v2.7.1-patch-2553, means that we patch the fix of issue 2553 into v2.7.1.

[Note]
So far, this fix is only targets on docker regsitry v2.7.1. If the registry has this fix in new release, we'll move on.

Signed-off-by: wang yan <wangyan@vmware.com>
2019-09-26 18:27:53 +08:00
Qian Deng
578adaa064
Merge pull request #9240 from ninjadq/add_extra_headers_in_nginx
Add headers in nginx config file
2019-09-26 10:27:08 +08:00
DQ
e7394041ab Add headers in nginx config file
extra headered added in https and http config

Signed-off-by: DQ <dengq@vmware.com>
2019-09-24 17:50:40 +08:00
Daniel Jiang
3e5973fc6e Add Secure flag to cookie
This commit modifies nginx configuration file to make sure the secure
flag is added to "Set-Cookie" header when Harbor is serving https

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-09-19 21:04:37 +08:00
Yogi_Wang
a7c7a8e675 Upgrade angualr from 7.1.3 to 8.2.0 and clarity from 1.0 to 2.2
Signed-off-by: Yogi_Wang <yawang@vmware.com>

Signed-off-by: Meina Zhou <meinaz@vmware.com>
Signed-off-by: sshijun <sshijun@vmware.com>
2019-09-18 10:12:20 +08:00
stonezdj(Daojun Zhang)
ca97c85279
Merge pull request #8927 from ninjadq/fix_config_with_components
Add logic to read clair and notary config
2019-09-09 15:50:09 +08:00
DQ
495a257ab5 Add logic to read clair and notary config
Signed-off-by: DQ <dengq@vmware.com>
2019-09-05 12:49:32 +08:00
Daniel Jiang
b75cbe1a7e
Merge pull request #8912 from ninjadq/no_cache_index_html
Add no-cache to index.html
2019-09-03 13:01:55 +08:00
Qian Deng
97c40df40f
Merge pull request #8593 from ninjadq/fix_wording_in_doc
Update config file names
2019-09-03 10:53:23 +08:00
DQ
d50df0f0db Add no-cache to index.html
shouldn't cache index.html for access fresh page after upgrade.

Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:48:02 +08:00
DQ
377739204b Update config file names
Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 18:19:06 +08:00
stonezdj(Daojun Zhang)
469018ae9e
Merge pull request #8891 from ninjadq/fix_prepare_file_permission
Fix: prepare permission issue
2019-09-02 18:07:14 +08:00
Qian Deng
86f2bb26a3 Fix docker-compose file permmission
non-root user can see the content

Signed-off-by: Qian Deng <dengq@vmware.com>
2019-09-02 13:57:18 +08:00
DQ
6ed3d52615 Fix: prepare permission issue
1. recursivele change ownership for all prepare dir
2. database file permission fix

Signed-off-by: DQ <dengq@vmware.com>
2019-09-02 10:04:38 +08:00
Wang Yan
6e462baa0d
Merge pull request #8837 from ninjadq/disable_redis_n_db_container_if_use_exeternal
Disable redis and db containers if external db enabled
2019-09-01 17:47:28 +08:00
He Weiwei
e2a19d8ab9
fix(build): max idle and open conn settings for external db (#8854)
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-29 15:04:10 +08:00
Wang Yan
39f78ae768
Merge pull request #7872 from cd1989/config-redis-pool-idletimeout
Config idle timeout for redis pool to avoid jobservice restarting
2019-08-27 14:46:01 +08:00
DQ
fe3c71094b Disable redis and db containers if external db enabled
If depend on external redis or pg. local db and redis should not start. Therefore can save some resources.

Signed-off-by: DQ <dengq@vmware.com>
2019-08-26 17:59:13 +08:00
He Weiwei
a2c8536d37 fix(build): install tzdata pkg for core and jobservice images
Closes #8314

Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-21 14:40:29 +00:00
cd1989
db9b52d827 Config idle timeout for redis pool
Signed-off-by: cd1989 <chende@caicloud.io>
2019-08-20 17:23:32 +08:00
Daniel Jiang
f674bb4e6c
Merge pull request #8590 from ninjadq/fix_registry_log_level
Fix: registry log level rendering issue
2019-08-20 09:11:56 +08:00
Daniel Jiang
b34fda173c Bump up Clair to v2.0.9
Fixes #8584

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
2019-08-19 16:19:29 +08:00
He Weiwei
98e1f68468 feat(configuration,db): connection pool configs for db
Signed-off-by: He Weiwei <hweiwei@vmware.com>
2019-08-14 14:30:34 +08:00
Daniel Jiang
ca585f8b9c
Merge pull request #8640 from ninjadq/fix_permission_of_nginx_cert
Fix permission of nginx cert
2019-08-14 14:23:40 +08:00
Wenkai Yin(尹文开)
a6445c1ebe
Merge pull request #8472 from kofj/feature/proxy
Proxy
2019-08-13 12:27:19 +08:00