upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor synced 2024-09-20 23:59:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

k8s deployment

Browse Source
This commit is contained in:
root 2017-08-18 18:11:15 +00:00
parent 8a1b10ad7e
commit f9480b92b5
8 changed files with 312 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

232
make/kubernetes/adminserver/adminserver.rc.yaml Normal file
View File

@ -0,0 +1,232 @@
apiVersion: v1
kind: ReplicationController
metadata:
name: adminserver-rc
labels:
name: adminserver-rc
spec:
replicas: 1
selector:
name: adminserver-apps
template:
metadata:
labels:
name: adminserver-apps
spec:
containers:
- name: adminserver-app
image: 192.168.56.201:5000/vmware/harbor-adminserver:dev
imagePullPolicy: IfNotPresent
env:
- name: LOG_LEVEL
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: LOG_LEVEL
- name: JSON_CFG_STORE_PATH
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: JSON_CFG_STORE_PATH
- name: EXT_ENDPOINT
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: EXT_ENDPOINT
- name: AUTH_MODE
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: AUTH_MODE
- name: SELF_REGISTRATION
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: SELF_REGISTRATION
- name: LDAP_URL
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: LDAP_URL
- name: LDAP_SEARCH_DN
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: LDAP_SEARCH_DN
- name: LDAP_SEARCH_PWD
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: LDAP_SEARCH_PWD
- name: LDAP_BASE_DN
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: LDAP_BASE_DN
- name: LDAP_FILTER
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: LDAP_FILTER
- name: LDAP_UID
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: LDAP_UID
- name: LDAP_SCOPE
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: LDAP_SCOPE
- name: LDAP_TIMEOUT
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: LDAP_TIMEOUT
- name: DATABASE_TYPE
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: DATABASE_TYPE
- name: MYSQL_HOST
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: MYSQL_HOST
- name: MYSQL_PORT
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: MYSQL_PORT
- name: MYSQL_USR
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: MYSQL_USR
- name: MYSQL_PWD
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: MYSQL_PWD
- name: MYSQL_DATABASE
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: MYSQL_DATABASE
- name: REGISTRY_URL
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: REGISTRY_URL
- name: TOKEN_SERVICE_URL
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: TOKEN_SERVICE_URL
- name: EMAIL_HOST
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: EMAIL_HOST
- name: EMAIL_PORT
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: EMAIL_PORT
- name: EMAIL_USR
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: EMAIL_USR
- name: EMAIL_PWD
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: EMAIL_PWD
- name: EMAIL_SSL
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: EMAIL_SSL
- name: EMAIL_FROM
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: EMAIL_FROM
- name: EMAIL_IDENTITY
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: EMAIL_IDENTITY
- name: HARBOR_ADMIN_PASSWORD
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: HARBOR_ADMIN_PASSWORD
- name: PROJECT_CREATION_RESTRICTION
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: PROJECT_CREATION_RESTRICTION
- name: VERIFY_REMOTE_CERT
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: VERIFY_REMOTE_CERT
- name: MAX_JOB_WORKERS
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: MAX_JOB_WORKERS
- name: UI_SECRET
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: UI_SECRET
- name: JOBSERVICE_SECRET
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: JOBSERVICE_SECRET
- name: TOKEN_EXPIRATION
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: TOKEN_EXPIRATION
- name: CFG_EXPIRATION
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: CFG_EXPIRATION
- name: GODEBUG
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: GODEBUG
- name: ADMIRAL_URL
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: ADMIRAL_URL
- name: WITH_NOTARY
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: WITH_NOTARY
- name: RESET
valueFrom:
configMapKeyRef:
name: harbor-adminserver-config
key: RESET
ports:
- containerPort: 80
volumeMounts:
- name: config
mountPath: /etc/adminserver/
volumes:
- name: config
configMap:
name: harbor-adminserver-config
items:
- key: SECRET_KEY
path: key

9
make/kubernetes/adminserver/adminserver.svc.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: v1
kind: Service
metadata:
name: adminserver
spec:
ports:
- port: 80
selector:
name: adminserver-apps

4
make/kubernetes/jobservice/jobservice.rc.yaml
View File

@ -43,11 +43,11 @@ spec:
configMapKeyRef:
name: harbor-jobservice-config
key: UI_SECRET
- name: SECRET_KEY
- name: JOBSERVICE_SECRET
valueFrom:
configMapKeyRef:
name: harbor-jobservice-config
key: SECRET_KEY
key: JOBSERVICE_SECRET
- name: CONFIG_PATH
valueFrom:
configMapKeyRef:

18
make/kubernetes/prepare
View File

@ -29,6 +29,8 @@ parser.add_argument('-k', default='',
dest='private_key', help='[Optional] path of harbor https private key(pem)')
parser.add_argument('-c', default='',
dest='cert', help='[Optional] harbor path of https cert(pem)')
parser.add_argument('-j', default='',
dest='jobservice_secret', help="[Optional] path of harbor secret key(16 characters)")
parser.add_argument('-s', default='',
dest='secret_key', help="[Optional] path of harbor secret key(16 characters)")
@ -99,7 +101,20 @@ else:
cert_path = ''
# read secret key
# read jobservice secret key
if args.jobservice_secret != '':
if os.path.isfile(args.jobservice_secret):
key = ''
with open(args.jobservice_secret, 'r') as skey:
key = skey.read()
if len(key) != 16:
raise Exception('Error: The length of secret key has to be 16 characters!')
set_config('jobservice_secret', key)
else:
set_config('jobservice_secret', ''.join(random.choice(
string.ascii_letters + string.digits) for i in range(16)))
# read ldap secret key
if args.secret_key != '':
if os.path.isfile(args.secret_key):
key = ''
@ -199,3 +214,4 @@ generate_template(os.path.join(template_dir, 'jobservice.cm.yaml'), os.path.join
generate_template(os.path.join(template_dir, 'mysql.cm.yaml'), os.path.join(output_dir, 'mysql/mysql.cm.yaml'))
generate_template(os.path.join(template_dir, 'nginx.cm.yaml'), os.path.join(output_dir, 'nginx/nginx.cm.yaml'))
generate_template(os.path.join(template_dir, 'registry.cm.yaml'), os.path.join(output_dir, 'registry/registry.cm.yaml'))
generate_template(os.path.join(template_dir, 'adminserver.cm.yaml'), os.path.join(output_dir, 'adminserver/adminserver.cm.yaml'))

47
make/kubernetes/templates/adminserver.cm.yaml Normal file
View File

@ -0,0 +1,47 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: harbor-adminserver-config
data:
LOG_LEVEL: debug
AUTH_MODE: db_auth
SELF_REGISTRATION: "on"
LDAP_URL: ldaps://ldap.mydomain.com
LDAP_SEARCH_DN:
LDAP_SEARCH_PWD:
LDAP_BASE_DN: "ou=people,dc=mydomain,dc=com"
LDAP_FILTER:
LDAP_UID: uid
LDAP_SCOPE: "3"
LDAP_TIMEOUT: "5"
DATABASE_TYPE: mysql
MYSQL_HOST: mysql
MYSQL_PORT: "3306"
MYSQL_USR: root
MYSQL_PWD: "{{db_password}}"
MYSQL_DATABASE: registry
REGISTRY_URL: http://registry:5000
TOKEN_SERVICE_URL: http://ui/service/token
EMAIL_HOST: smtp.mydomain.com
EMAIL_PORT: "25"
EMAIL_USR: sample_admin@mydomain.com
EMAIL_PWD: abc
EMAIL_SSL: "false"
EMAIL_FROM: "admin <sample_admin@mydomain.com>"
EMAIL_IDENTITY:
HARBOR_ADMIN_PASSWORD: "{{harbor_admin_password}}"
PROJECT_CREATION_RESTRICTION: everyone
VERIFY_REMOTE_CERT: "on"
MAX_JOB_WORKERS: "{{max_job_workers}}"
UI_SECRET: "{{ui_secret}}"
JOBSERVICE_SECRET: "{{jobservice_secret}}"
TOKEN_EXPIRATION: "30"
CFG_EXPIRATION: "5"
GODEBUG: "netdns=cgo"
ADMIRAL_URL: NA
WITH_NOTARY: "False"
RESET: "false"
EXT_ENDPOINT: "{{ui_url}}"
TOKEN_URL: http://ui
JSON_CFG_STORE_PATH: "/etc/config/config.json"
SECRET_KEY: "{{secret_key}}"

2
make/kubernetes/templates/jobservice.cm.yaml
View File

@ -8,7 +8,7 @@ data:
MYSQL_USR: root
MYSQL_PWD: "{{db_password}}"
UI_SECRET: "{{ui_secret}}"
SECRET_KEY: "{{secret_key}}"
JOBSERVICE_SECRET: "{{jobservice_secret}}"
CONFIG_PATH: /etc/jobservice/app.conf
REGISTRY_URL: http://registry:5000
VERIFY_REMOTE_CERT: "{{verify_remote_cert}}"

2
make/kubernetes/templates/ui.cm.yaml
View File

@ -22,7 +22,7 @@ data:
LDAP_SCOPE: "{{ldap_scope}}"
LOG_LEVEL: debug
UI_SECRET: "{{ui_secret}}"
SECRET_KEY: "{{secret_key}}"
JOBSERVICE_SECRET: "{{jobservice_secre}}"
GODEBUG: netdns=cgo
EXT_ENDPOINT: "{{ui_url}}"
TOKEN_URL: http://ui

6
make/kubernetes/ui/ui.rc.yaml
View File

@ -113,11 +113,11 @@ spec:
configMapKeyRef:
name: harbor-ui-config
key: UI_SECRET
- name: SECRET_KEY
- name: JOBSERVICE_SECRET
valueFrom:
configMapKeyRef:
name: harbor-ui-config
key: SECRET_KEY
key: JOBSERVICE_SECRET
- name: GODEBUG
valueFrom:
configMapKeyRef:
@ -171,4 +171,4 @@ spec:
- key: config
path: app.conf
- key: pkey
path: private_key.pem
path: private_key.pem