mirror of
https://github.com/goharbor/harbor
synced 2024-09-21 02:49:59 +00:00
k8s deployment
This commit is contained in:
parent
8a1b10ad7e
commit
f9480b92b5
232
make/kubernetes/adminserver/adminserver.rc.yaml
Normal file
232
make/kubernetes/adminserver/adminserver.rc.yaml
Normal file
|
@ -0,0 +1,232 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ReplicationController
|
||||||
|
metadata:
|
||||||
|
name: adminserver-rc
|
||||||
|
labels:
|
||||||
|
name: adminserver-rc
|
||||||
|
spec:
|
||||||
|
replicas: 1
|
||||||
|
selector:
|
||||||
|
name: adminserver-apps
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
name: adminserver-apps
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: adminserver-app
|
||||||
|
image: 192.168.56.201:5000/vmware/harbor-adminserver:dev
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
env:
|
||||||
|
- name: LOG_LEVEL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: LOG_LEVEL
|
||||||
|
- name: JSON_CFG_STORE_PATH
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: JSON_CFG_STORE_PATH
|
||||||
|
- name: EXT_ENDPOINT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: EXT_ENDPOINT
|
||||||
|
- name: AUTH_MODE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: AUTH_MODE
|
||||||
|
- name: SELF_REGISTRATION
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: SELF_REGISTRATION
|
||||||
|
- name: LDAP_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: LDAP_URL
|
||||||
|
- name: LDAP_SEARCH_DN
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: LDAP_SEARCH_DN
|
||||||
|
- name: LDAP_SEARCH_PWD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: LDAP_SEARCH_PWD
|
||||||
|
- name: LDAP_BASE_DN
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: LDAP_BASE_DN
|
||||||
|
- name: LDAP_FILTER
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: LDAP_FILTER
|
||||||
|
- name: LDAP_UID
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: LDAP_UID
|
||||||
|
- name: LDAP_SCOPE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: LDAP_SCOPE
|
||||||
|
- name: LDAP_TIMEOUT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: LDAP_TIMEOUT
|
||||||
|
- name: DATABASE_TYPE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: DATABASE_TYPE
|
||||||
|
- name: MYSQL_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: MYSQL_HOST
|
||||||
|
- name: MYSQL_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: MYSQL_PORT
|
||||||
|
- name: MYSQL_USR
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: MYSQL_USR
|
||||||
|
- name: MYSQL_PWD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: MYSQL_PWD
|
||||||
|
- name: MYSQL_DATABASE
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: MYSQL_DATABASE
|
||||||
|
- name: REGISTRY_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: REGISTRY_URL
|
||||||
|
- name: TOKEN_SERVICE_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: TOKEN_SERVICE_URL
|
||||||
|
- name: EMAIL_HOST
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: EMAIL_HOST
|
||||||
|
- name: EMAIL_PORT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: EMAIL_PORT
|
||||||
|
- name: EMAIL_USR
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: EMAIL_USR
|
||||||
|
- name: EMAIL_PWD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: EMAIL_PWD
|
||||||
|
- name: EMAIL_SSL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: EMAIL_SSL
|
||||||
|
- name: EMAIL_FROM
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: EMAIL_FROM
|
||||||
|
- name: EMAIL_IDENTITY
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: EMAIL_IDENTITY
|
||||||
|
- name: HARBOR_ADMIN_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: HARBOR_ADMIN_PASSWORD
|
||||||
|
- name: PROJECT_CREATION_RESTRICTION
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: PROJECT_CREATION_RESTRICTION
|
||||||
|
- name: VERIFY_REMOTE_CERT
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: VERIFY_REMOTE_CERT
|
||||||
|
- name: MAX_JOB_WORKERS
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: MAX_JOB_WORKERS
|
||||||
|
- name: UI_SECRET
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: UI_SECRET
|
||||||
|
- name: JOBSERVICE_SECRET
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: JOBSERVICE_SECRET
|
||||||
|
- name: TOKEN_EXPIRATION
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: TOKEN_EXPIRATION
|
||||||
|
- name: CFG_EXPIRATION
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: CFG_EXPIRATION
|
||||||
|
- name: GODEBUG
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: GODEBUG
|
||||||
|
- name: ADMIRAL_URL
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: ADMIRAL_URL
|
||||||
|
- name: WITH_NOTARY
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: WITH_NOTARY
|
||||||
|
- name: RESET
|
||||||
|
valueFrom:
|
||||||
|
configMapKeyRef:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
key: RESET
|
||||||
|
ports:
|
||||||
|
- containerPort: 80
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /etc/adminserver/
|
||||||
|
volumes:
|
||||||
|
- name: config
|
||||||
|
configMap:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
items:
|
||||||
|
- key: SECRET_KEY
|
||||||
|
path: key
|
9
make/kubernetes/adminserver/adminserver.svc.yaml
Normal file
9
make/kubernetes/adminserver/adminserver.svc.yaml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: adminserver
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: 80
|
||||||
|
selector:
|
||||||
|
name: adminserver-apps
|
|
@ -43,11 +43,11 @@ spec:
|
||||||
configMapKeyRef:
|
configMapKeyRef:
|
||||||
name: harbor-jobservice-config
|
name: harbor-jobservice-config
|
||||||
key: UI_SECRET
|
key: UI_SECRET
|
||||||
- name: SECRET_KEY
|
- name: JOBSERVICE_SECRET
|
||||||
valueFrom:
|
valueFrom:
|
||||||
configMapKeyRef:
|
configMapKeyRef:
|
||||||
name: harbor-jobservice-config
|
name: harbor-jobservice-config
|
||||||
key: SECRET_KEY
|
key: JOBSERVICE_SECRET
|
||||||
- name: CONFIG_PATH
|
- name: CONFIG_PATH
|
||||||
valueFrom:
|
valueFrom:
|
||||||
configMapKeyRef:
|
configMapKeyRef:
|
||||||
|
|
|
@ -29,6 +29,8 @@ parser.add_argument('-k', default='',
|
||||||
dest='private_key', help='[Optional] path of harbor https private key(pem)')
|
dest='private_key', help='[Optional] path of harbor https private key(pem)')
|
||||||
parser.add_argument('-c', default='',
|
parser.add_argument('-c', default='',
|
||||||
dest='cert', help='[Optional] harbor path of https cert(pem)')
|
dest='cert', help='[Optional] harbor path of https cert(pem)')
|
||||||
|
parser.add_argument('-j', default='',
|
||||||
|
dest='jobservice_secret', help="[Optional] path of harbor secret key(16 characters)")
|
||||||
parser.add_argument('-s', default='',
|
parser.add_argument('-s', default='',
|
||||||
dest='secret_key', help="[Optional] path of harbor secret key(16 characters)")
|
dest='secret_key', help="[Optional] path of harbor secret key(16 characters)")
|
||||||
|
|
||||||
|
@ -99,7 +101,20 @@ else:
|
||||||
cert_path = ''
|
cert_path = ''
|
||||||
|
|
||||||
|
|
||||||
# read secret key
|
# read jobservice secret key
|
||||||
|
if args.jobservice_secret != '':
|
||||||
|
if os.path.isfile(args.jobservice_secret):
|
||||||
|
key = ''
|
||||||
|
with open(args.jobservice_secret, 'r') as skey:
|
||||||
|
key = skey.read()
|
||||||
|
if len(key) != 16:
|
||||||
|
raise Exception('Error: The length of secret key has to be 16 characters!')
|
||||||
|
set_config('jobservice_secret', key)
|
||||||
|
else:
|
||||||
|
set_config('jobservice_secret', ''.join(random.choice(
|
||||||
|
string.ascii_letters + string.digits) for i in range(16)))
|
||||||
|
|
||||||
|
# read ldap secret key
|
||||||
if args.secret_key != '':
|
if args.secret_key != '':
|
||||||
if os.path.isfile(args.secret_key):
|
if os.path.isfile(args.secret_key):
|
||||||
key = ''
|
key = ''
|
||||||
|
@ -199,3 +214,4 @@ generate_template(os.path.join(template_dir, 'jobservice.cm.yaml'), os.path.join
|
||||||
generate_template(os.path.join(template_dir, 'mysql.cm.yaml'), os.path.join(output_dir, 'mysql/mysql.cm.yaml'))
|
generate_template(os.path.join(template_dir, 'mysql.cm.yaml'), os.path.join(output_dir, 'mysql/mysql.cm.yaml'))
|
||||||
generate_template(os.path.join(template_dir, 'nginx.cm.yaml'), os.path.join(output_dir, 'nginx/nginx.cm.yaml'))
|
generate_template(os.path.join(template_dir, 'nginx.cm.yaml'), os.path.join(output_dir, 'nginx/nginx.cm.yaml'))
|
||||||
generate_template(os.path.join(template_dir, 'registry.cm.yaml'), os.path.join(output_dir, 'registry/registry.cm.yaml'))
|
generate_template(os.path.join(template_dir, 'registry.cm.yaml'), os.path.join(output_dir, 'registry/registry.cm.yaml'))
|
||||||
|
generate_template(os.path.join(template_dir, 'adminserver.cm.yaml'), os.path.join(output_dir, 'adminserver/adminserver.cm.yaml'))
|
||||||
|
|
47
make/kubernetes/templates/adminserver.cm.yaml
Normal file
47
make/kubernetes/templates/adminserver.cm.yaml
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: harbor-adminserver-config
|
||||||
|
data:
|
||||||
|
LOG_LEVEL: debug
|
||||||
|
AUTH_MODE: db_auth
|
||||||
|
SELF_REGISTRATION: "on"
|
||||||
|
LDAP_URL: ldaps://ldap.mydomain.com
|
||||||
|
LDAP_SEARCH_DN:
|
||||||
|
LDAP_SEARCH_PWD:
|
||||||
|
LDAP_BASE_DN: "ou=people,dc=mydomain,dc=com"
|
||||||
|
LDAP_FILTER:
|
||||||
|
LDAP_UID: uid
|
||||||
|
LDAP_SCOPE: "3"
|
||||||
|
LDAP_TIMEOUT: "5"
|
||||||
|
DATABASE_TYPE: mysql
|
||||||
|
MYSQL_HOST: mysql
|
||||||
|
MYSQL_PORT: "3306"
|
||||||
|
MYSQL_USR: root
|
||||||
|
MYSQL_PWD: "{{db_password}}"
|
||||||
|
MYSQL_DATABASE: registry
|
||||||
|
REGISTRY_URL: http://registry:5000
|
||||||
|
TOKEN_SERVICE_URL: http://ui/service/token
|
||||||
|
EMAIL_HOST: smtp.mydomain.com
|
||||||
|
EMAIL_PORT: "25"
|
||||||
|
EMAIL_USR: sample_admin@mydomain.com
|
||||||
|
EMAIL_PWD: abc
|
||||||
|
EMAIL_SSL: "false"
|
||||||
|
EMAIL_FROM: "admin <sample_admin@mydomain.com>"
|
||||||
|
EMAIL_IDENTITY:
|
||||||
|
HARBOR_ADMIN_PASSWORD: "{{harbor_admin_password}}"
|
||||||
|
PROJECT_CREATION_RESTRICTION: everyone
|
||||||
|
VERIFY_REMOTE_CERT: "on"
|
||||||
|
MAX_JOB_WORKERS: "{{max_job_workers}}"
|
||||||
|
UI_SECRET: "{{ui_secret}}"
|
||||||
|
JOBSERVICE_SECRET: "{{jobservice_secret}}"
|
||||||
|
TOKEN_EXPIRATION: "30"
|
||||||
|
CFG_EXPIRATION: "5"
|
||||||
|
GODEBUG: "netdns=cgo"
|
||||||
|
ADMIRAL_URL: NA
|
||||||
|
WITH_NOTARY: "False"
|
||||||
|
RESET: "false"
|
||||||
|
EXT_ENDPOINT: "{{ui_url}}"
|
||||||
|
TOKEN_URL: http://ui
|
||||||
|
JSON_CFG_STORE_PATH: "/etc/config/config.json"
|
||||||
|
SECRET_KEY: "{{secret_key}}"
|
|
@ -8,7 +8,7 @@ data:
|
||||||
MYSQL_USR: root
|
MYSQL_USR: root
|
||||||
MYSQL_PWD: "{{db_password}}"
|
MYSQL_PWD: "{{db_password}}"
|
||||||
UI_SECRET: "{{ui_secret}}"
|
UI_SECRET: "{{ui_secret}}"
|
||||||
SECRET_KEY: "{{secret_key}}"
|
JOBSERVICE_SECRET: "{{jobservice_secret}}"
|
||||||
CONFIG_PATH: /etc/jobservice/app.conf
|
CONFIG_PATH: /etc/jobservice/app.conf
|
||||||
REGISTRY_URL: http://registry:5000
|
REGISTRY_URL: http://registry:5000
|
||||||
VERIFY_REMOTE_CERT: "{{verify_remote_cert}}"
|
VERIFY_REMOTE_CERT: "{{verify_remote_cert}}"
|
||||||
|
|
|
@ -22,7 +22,7 @@ data:
|
||||||
LDAP_SCOPE: "{{ldap_scope}}"
|
LDAP_SCOPE: "{{ldap_scope}}"
|
||||||
LOG_LEVEL: debug
|
LOG_LEVEL: debug
|
||||||
UI_SECRET: "{{ui_secret}}"
|
UI_SECRET: "{{ui_secret}}"
|
||||||
SECRET_KEY: "{{secret_key}}"
|
JOBSERVICE_SECRET: "{{jobservice_secre}}"
|
||||||
GODEBUG: netdns=cgo
|
GODEBUG: netdns=cgo
|
||||||
EXT_ENDPOINT: "{{ui_url}}"
|
EXT_ENDPOINT: "{{ui_url}}"
|
||||||
TOKEN_URL: http://ui
|
TOKEN_URL: http://ui
|
||||||
|
|
|
@ -113,11 +113,11 @@ spec:
|
||||||
configMapKeyRef:
|
configMapKeyRef:
|
||||||
name: harbor-ui-config
|
name: harbor-ui-config
|
||||||
key: UI_SECRET
|
key: UI_SECRET
|
||||||
- name: SECRET_KEY
|
- name: JOBSERVICE_SECRET
|
||||||
valueFrom:
|
valueFrom:
|
||||||
configMapKeyRef:
|
configMapKeyRef:
|
||||||
name: harbor-ui-config
|
name: harbor-ui-config
|
||||||
key: SECRET_KEY
|
key: JOBSERVICE_SECRET
|
||||||
- name: GODEBUG
|
- name: GODEBUG
|
||||||
valueFrom:
|
valueFrom:
|
||||||
configMapKeyRef:
|
configMapKeyRef:
|
||||||
|
@ -171,4 +171,4 @@ spec:
|
||||||
- key: config
|
- key: config
|
||||||
path: app.conf
|
path: app.conf
|
||||||
- key: pkey
|
- key: pkey
|
||||||
path: private_key.pem
|
path: private_key.pem
|
||||||
|
|
Loading…
Reference in New Issue
Block a user