From f9480b92b59bdf7bb71ba553ca24d345eac18443 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 18 Aug 2017 18:11:15 +0000 Subject: [PATCH] k8s deployment --- .../adminserver/adminserver.rc.yaml | 232 ++++++++++++++++++ .../adminserver/adminserver.svc.yaml | 9 + make/kubernetes/jobservice/jobservice.rc.yaml | 4 +- make/kubernetes/prepare | 18 +- make/kubernetes/templates/adminserver.cm.yaml | 47 ++++ make/kubernetes/templates/jobservice.cm.yaml | 2 +- make/kubernetes/templates/ui.cm.yaml | 2 +- make/kubernetes/ui/ui.rc.yaml | 6 +- 8 files changed, 312 insertions(+), 8 deletions(-) create mode 100644 make/kubernetes/adminserver/adminserver.rc.yaml create mode 100644 make/kubernetes/adminserver/adminserver.svc.yaml create mode 100644 make/kubernetes/templates/adminserver.cm.yaml diff --git a/make/kubernetes/adminserver/adminserver.rc.yaml b/make/kubernetes/adminserver/adminserver.rc.yaml new file mode 100644 index 000000000..9843c1107 --- /dev/null +++ b/make/kubernetes/adminserver/adminserver.rc.yaml @@ -0,0 +1,232 @@ +apiVersion: v1 +kind: ReplicationController +metadata: + name: adminserver-rc + labels: + name: adminserver-rc +spec: + replicas: 1 + selector: + name: adminserver-apps + template: + metadata: + labels: + name: adminserver-apps + spec: + containers: + - name: adminserver-app + image: 192.168.56.201:5000/vmware/harbor-adminserver:dev + imagePullPolicy: IfNotPresent + env: + - name: LOG_LEVEL + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: LOG_LEVEL + - name: JSON_CFG_STORE_PATH + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: JSON_CFG_STORE_PATH + - name: EXT_ENDPOINT + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: EXT_ENDPOINT + - name: AUTH_MODE + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: AUTH_MODE + - name: SELF_REGISTRATION + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: SELF_REGISTRATION + - name: LDAP_URL + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: LDAP_URL + - name: LDAP_SEARCH_DN + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: LDAP_SEARCH_DN + - name: LDAP_SEARCH_PWD + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: LDAP_SEARCH_PWD + - name: LDAP_BASE_DN + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: LDAP_BASE_DN + - name: LDAP_FILTER + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: LDAP_FILTER + - name: LDAP_UID + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: LDAP_UID + - name: LDAP_SCOPE + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: LDAP_SCOPE + - name: LDAP_TIMEOUT + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: LDAP_TIMEOUT + - name: DATABASE_TYPE + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: DATABASE_TYPE + - name: MYSQL_HOST + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: MYSQL_HOST + - name: MYSQL_PORT + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: MYSQL_PORT + - name: MYSQL_USR + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: MYSQL_USR + - name: MYSQL_PWD + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: MYSQL_PWD + - name: MYSQL_DATABASE + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: MYSQL_DATABASE + - name: REGISTRY_URL + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: REGISTRY_URL + - name: TOKEN_SERVICE_URL + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: TOKEN_SERVICE_URL + - name: EMAIL_HOST + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: EMAIL_HOST + - name: EMAIL_PORT + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: EMAIL_PORT + - name: EMAIL_USR + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: EMAIL_USR + - name: EMAIL_PWD + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: EMAIL_PWD + - name: EMAIL_SSL + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: EMAIL_SSL + - name: EMAIL_FROM + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: EMAIL_FROM + - name: EMAIL_IDENTITY + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: EMAIL_IDENTITY + - name: HARBOR_ADMIN_PASSWORD + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: HARBOR_ADMIN_PASSWORD + - name: PROJECT_CREATION_RESTRICTION + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: PROJECT_CREATION_RESTRICTION + - name: VERIFY_REMOTE_CERT + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: VERIFY_REMOTE_CERT + - name: MAX_JOB_WORKERS + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: MAX_JOB_WORKERS + - name: UI_SECRET + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: UI_SECRET + - name: JOBSERVICE_SECRET + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: JOBSERVICE_SECRET + - name: TOKEN_EXPIRATION + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: TOKEN_EXPIRATION + - name: CFG_EXPIRATION + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: CFG_EXPIRATION + - name: GODEBUG + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: GODEBUG + - name: ADMIRAL_URL + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: ADMIRAL_URL + - name: WITH_NOTARY + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: WITH_NOTARY + - name: RESET + valueFrom: + configMapKeyRef: + name: harbor-adminserver-config + key: RESET + ports: + - containerPort: 80 + volumeMounts: + - name: config + mountPath: /etc/adminserver/ + volumes: + - name: config + configMap: + name: harbor-adminserver-config + items: + - key: SECRET_KEY + path: key diff --git a/make/kubernetes/adminserver/adminserver.svc.yaml b/make/kubernetes/adminserver/adminserver.svc.yaml new file mode 100644 index 000000000..4e3fc7be4 --- /dev/null +++ b/make/kubernetes/adminserver/adminserver.svc.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: adminserver +spec: + ports: + - port: 80 + selector: + name: adminserver-apps diff --git a/make/kubernetes/jobservice/jobservice.rc.yaml b/make/kubernetes/jobservice/jobservice.rc.yaml index 3b62a8ae0..60f2bf65b 100644 --- a/make/kubernetes/jobservice/jobservice.rc.yaml +++ b/make/kubernetes/jobservice/jobservice.rc.yaml @@ -43,11 +43,11 @@ spec: configMapKeyRef: name: harbor-jobservice-config key: UI_SECRET - - name: SECRET_KEY + - name: JOBSERVICE_SECRET valueFrom: configMapKeyRef: name: harbor-jobservice-config - key: SECRET_KEY + key: JOBSERVICE_SECRET - name: CONFIG_PATH valueFrom: configMapKeyRef: diff --git a/make/kubernetes/prepare b/make/kubernetes/prepare index 465fec7ac..fb70e21b8 100644 --- a/make/kubernetes/prepare +++ b/make/kubernetes/prepare @@ -29,6 +29,8 @@ parser.add_argument('-k', default='', dest='private_key', help='[Optional] path of harbor https private key(pem)') parser.add_argument('-c', default='', dest='cert', help='[Optional] harbor path of https cert(pem)') +parser.add_argument('-j', default='', + dest='jobservice_secret', help="[Optional] path of harbor secret key(16 characters)") parser.add_argument('-s', default='', dest='secret_key', help="[Optional] path of harbor secret key(16 characters)") @@ -99,7 +101,20 @@ else: cert_path = '' -# read secret key +# read jobservice secret key +if args.jobservice_secret != '': + if os.path.isfile(args.jobservice_secret): + key = '' + with open(args.jobservice_secret, 'r') as skey: + key = skey.read() + if len(key) != 16: + raise Exception('Error: The length of secret key has to be 16 characters!') + set_config('jobservice_secret', key) +else: + set_config('jobservice_secret', ''.join(random.choice( + string.ascii_letters + string.digits) for i in range(16))) + +# read ldap secret key if args.secret_key != '': if os.path.isfile(args.secret_key): key = '' @@ -199,3 +214,4 @@ generate_template(os.path.join(template_dir, 'jobservice.cm.yaml'), os.path.join generate_template(os.path.join(template_dir, 'mysql.cm.yaml'), os.path.join(output_dir, 'mysql/mysql.cm.yaml')) generate_template(os.path.join(template_dir, 'nginx.cm.yaml'), os.path.join(output_dir, 'nginx/nginx.cm.yaml')) generate_template(os.path.join(template_dir, 'registry.cm.yaml'), os.path.join(output_dir, 'registry/registry.cm.yaml')) +generate_template(os.path.join(template_dir, 'adminserver.cm.yaml'), os.path.join(output_dir, 'adminserver/adminserver.cm.yaml')) diff --git a/make/kubernetes/templates/adminserver.cm.yaml b/make/kubernetes/templates/adminserver.cm.yaml new file mode 100644 index 000000000..e5552c2d9 --- /dev/null +++ b/make/kubernetes/templates/adminserver.cm.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: harbor-adminserver-config +data: + LOG_LEVEL: debug + AUTH_MODE: db_auth + SELF_REGISTRATION: "on" + LDAP_URL: ldaps://ldap.mydomain.com + LDAP_SEARCH_DN: + LDAP_SEARCH_PWD: + LDAP_BASE_DN: "ou=people,dc=mydomain,dc=com" + LDAP_FILTER: + LDAP_UID: uid + LDAP_SCOPE: "3" + LDAP_TIMEOUT: "5" + DATABASE_TYPE: mysql + MYSQL_HOST: mysql + MYSQL_PORT: "3306" + MYSQL_USR: root + MYSQL_PWD: "{{db_password}}" + MYSQL_DATABASE: registry + REGISTRY_URL: http://registry:5000 + TOKEN_SERVICE_URL: http://ui/service/token + EMAIL_HOST: smtp.mydomain.com + EMAIL_PORT: "25" + EMAIL_USR: sample_admin@mydomain.com + EMAIL_PWD: abc + EMAIL_SSL: "false" + EMAIL_FROM: "admin " + EMAIL_IDENTITY: + HARBOR_ADMIN_PASSWORD: "{{harbor_admin_password}}" + PROJECT_CREATION_RESTRICTION: everyone + VERIFY_REMOTE_CERT: "on" + MAX_JOB_WORKERS: "{{max_job_workers}}" + UI_SECRET: "{{ui_secret}}" + JOBSERVICE_SECRET: "{{jobservice_secret}}" + TOKEN_EXPIRATION: "30" + CFG_EXPIRATION: "5" + GODEBUG: "netdns=cgo" + ADMIRAL_URL: NA + WITH_NOTARY: "False" + RESET: "false" + EXT_ENDPOINT: "{{ui_url}}" + TOKEN_URL: http://ui + JSON_CFG_STORE_PATH: "/etc/config/config.json" + SECRET_KEY: "{{secret_key}}" diff --git a/make/kubernetes/templates/jobservice.cm.yaml b/make/kubernetes/templates/jobservice.cm.yaml index b2123c757..c1702c2d6 100644 --- a/make/kubernetes/templates/jobservice.cm.yaml +++ b/make/kubernetes/templates/jobservice.cm.yaml @@ -8,7 +8,7 @@ data: MYSQL_USR: root MYSQL_PWD: "{{db_password}}" UI_SECRET: "{{ui_secret}}" - SECRET_KEY: "{{secret_key}}" + JOBSERVICE_SECRET: "{{jobservice_secret}}" CONFIG_PATH: /etc/jobservice/app.conf REGISTRY_URL: http://registry:5000 VERIFY_REMOTE_CERT: "{{verify_remote_cert}}" diff --git a/make/kubernetes/templates/ui.cm.yaml b/make/kubernetes/templates/ui.cm.yaml index 4df0a2a0c..d1fec20ae 100644 --- a/make/kubernetes/templates/ui.cm.yaml +++ b/make/kubernetes/templates/ui.cm.yaml @@ -22,7 +22,7 @@ data: LDAP_SCOPE: "{{ldap_scope}}" LOG_LEVEL: debug UI_SECRET: "{{ui_secret}}" - SECRET_KEY: "{{secret_key}}" + JOBSERVICE_SECRET: "{{jobservice_secre}}" GODEBUG: netdns=cgo EXT_ENDPOINT: "{{ui_url}}" TOKEN_URL: http://ui diff --git a/make/kubernetes/ui/ui.rc.yaml b/make/kubernetes/ui/ui.rc.yaml index a14902307..f19252085 100644 --- a/make/kubernetes/ui/ui.rc.yaml +++ b/make/kubernetes/ui/ui.rc.yaml @@ -113,11 +113,11 @@ spec: configMapKeyRef: name: harbor-ui-config key: UI_SECRET - - name: SECRET_KEY + - name: JOBSERVICE_SECRET valueFrom: configMapKeyRef: name: harbor-ui-config - key: SECRET_KEY + key: JOBSERVICE_SECRET - name: GODEBUG valueFrom: configMapKeyRef: @@ -171,4 +171,4 @@ spec: - key: config path: app.conf - key: pkey - path: private_key.pem \ No newline at end of file + path: private_key.pem