Update harbor to 2.6.
This commit is contained in:
@@ -21,8 +21,8 @@ PORTAL_URL=http://portal:8080
|
||||
TOKEN_SERVICE_URL=http://core:8080/service/token
|
||||
HARBOR_ADMIN_PASSWORD=j2Q2gRX@zpGYGsUZwJ@ynvnU3gw6Y*
|
||||
MAX_JOB_WORKERS=10
|
||||
CORE_SECRET=Q1kOSJ2hbw3qs2Uh
|
||||
JOBSERVICE_SECRET=LURd3ymSGca6nuB5
|
||||
CORE_SECRET=2WyVPYUlCIRDPCv2
|
||||
JOBSERVICE_SECRET=a1XRgtkNICmX2Gl4
|
||||
WITH_NOTARY=False
|
||||
WITH_TRIVY=True
|
||||
CORE_URL=http://core:8080
|
||||
@@ -37,14 +37,15 @@ CHART_REPOSITORY_URL=http://chartmuseum:9999
|
||||
REGISTRY_CONTROLLER_URL=http://registryctl:8080
|
||||
WITH_CHARTMUSEUM=False
|
||||
REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
|
||||
REGISTRY_CREDENTIAL_PASSWORD=nTDpudVQRYA4rPGrDvmLvHskdd5gPcUU
|
||||
CSRF_KEY=dtP7zBtDmaQR9fhuxuy5fNpbCVZfFSD4
|
||||
PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE=docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry
|
||||
REGISTRY_CREDENTIAL_PASSWORD=RvC6BuQM4kFianaQ81mMxGuDHdNEQ5Yp
|
||||
CSRF_KEY=hPD1uJIjELdXLCH2Z6zFWS6JDT0JGRHc
|
||||
PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE=docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry,github-ghcr
|
||||
|
||||
HTTP_PROXY=
|
||||
HTTPS_PROXY=
|
||||
NO_PROXY=.internal,notary-signer,registryctl,.local,nginx,chartmuseum,portal,127.0.0.1,exporter,redis,jobservice,db,core,registry,localhost,trivy-adapter,log,notary-server,postgresql
|
||||
NO_PROXY=localhost,log,.internal,exporter,db,.local,portal,redis,127.0.0.1,registryctl,nginx,core,jobservice,chartmuseum,notary-signer,trivy-adapter,registry,postgresql,notary-server
|
||||
|
||||
PORT=8080
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
CORE_SECRET=Q1kOSJ2hbw3qs2Uh
|
||||
CORE_SECRET=2WyVPYUlCIRDPCv2
|
||||
REGISTRY_URL=http://registry:5000
|
||||
JOBSERVICE_SECRET=LURd3ymSGca6nuB5
|
||||
JOBSERVICE_SECRET=a1XRgtkNICmX2Gl4
|
||||
CORE_URL=http://core:8080
|
||||
REGISTRY_CONTROLLER_URL=http://registryctl:8080
|
||||
JOBSERVICE_WEBHOOK_JOB_MAX_RETRY=10
|
||||
@@ -8,8 +8,9 @@ JOBSERVICE_WEBHOOK_JOB_MAX_RETRY=10
|
||||
|
||||
HTTP_PROXY=
|
||||
HTTPS_PROXY=
|
||||
NO_PROXY=.internal,notary-signer,registryctl,.local,nginx,chartmuseum,portal,127.0.0.1,exporter,redis,jobservice,db,core,registry,localhost,trivy-adapter,log,notary-server,postgresql
|
||||
NO_PROXY=localhost,log,.internal,exporter,db,.local,portal,redis,127.0.0.1,registryctl,nginx,core,jobservice,chartmuseum,notary-signer,trivy-adapter,registry,postgresql,notary-server
|
||||
REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
|
||||
REGISTRY_CREDENTIAL_PASSWORD=nTDpudVQRYA4rPGrDvmLvHskdd5gPcUU
|
||||
REGISTRY_CREDENTIAL_PASSWORD=RvC6BuQM4kFianaQ81mMxGuDHdNEQ5Yp
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -127,4 +127,4 @@ http {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,130 +0,0 @@
|
||||
worker_processes auto;
|
||||
pid /tmp/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 3096;
|
||||
use epoll;
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
client_body_temp_path /tmp/client_body_temp;
|
||||
proxy_temp_path /tmp/proxy_temp;
|
||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||
scgi_temp_path /tmp/scgi_temp;
|
||||
tcp_nodelay on;
|
||||
|
||||
# this is necessary for us to be able to disable request buffering in all cases
|
||||
proxy_http_version 1.1;
|
||||
|
||||
upstream core {
|
||||
server core:8080;
|
||||
}
|
||||
|
||||
upstream portal {
|
||||
server portal:8080;
|
||||
}
|
||||
|
||||
log_format timed_combined '$remote_addr - '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" '
|
||||
'$request_time $upstream_response_time $pipe';
|
||||
|
||||
access_log /dev/stdout timed_combined;
|
||||
|
||||
map $http_x_forwarded_proto $x_forwarded_proto {
|
||||
default $http_x_forwarded_proto;
|
||||
"" $scheme;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
server_tokens off;
|
||||
# disable any limits to avoid HTTP 413 for large image uploads
|
||||
client_max_body_size 0;
|
||||
|
||||
# Add extra headers
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header Content-Security-Policy "frame-ancestors 'none'";
|
||||
|
||||
# customized location config file can place to /etc/nginx/etc with prefix harbor.http. and suffix .conf
|
||||
include /etc/nginx/conf.d/harbor.http.*.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://portal/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /c/ {
|
||||
proxy_pass http://core/c/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
proxy_pass http://core/api/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /chartrepo/ {
|
||||
proxy_pass http://core/chartrepo/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /v1/ {
|
||||
return 404;
|
||||
}
|
||||
|
||||
location /v2/ {
|
||||
proxy_pass http://core/v2/;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
|
||||
proxy_send_timeout 900;
|
||||
proxy_read_timeout 900;
|
||||
}
|
||||
|
||||
location /service/ {
|
||||
proxy_pass http://core/service/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /service/notifications {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
harbor_registry_user:$2y$05$ZZgSSdASjscjf4QfvkaEHus/y62rx0h2qPoLeb/MsoG5FvUmrPfI.
|
||||
harbor_registry_user:$2y$05$paAwVLgr1maxYnL9fud8q.u7SiU/75K/ra2aeEcYNJt22ro/st4qe
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
CORE_SECRET=Q1kOSJ2hbw3qs2Uh
|
||||
JOBSERVICE_SECRET=LURd3ymSGca6nuB5
|
||||
CORE_SECRET=2WyVPYUlCIRDPCv2
|
||||
JOBSERVICE_SECRET=a1XRgtkNICmX2Gl4
|
||||
|
||||
@@ -16,4 +16,4 @@ SCANNER_TRIVY_INSECURE=False
|
||||
SCANNER_TRIVY_TIMEOUT=5m0s
|
||||
HTTP_PROXY=
|
||||
HTTPS_PROXY=
|
||||
NO_PROXY=.internal,notary-signer,registryctl,.local,nginx,chartmuseum,portal,127.0.0.1,exporter,redis,jobservice,db,core,registry,localhost,trivy-adapter,log,notary-server,postgresql
|
||||
NO_PROXY=localhost,log,.internal,exporter,db,.local,portal,redis,127.0.0.1,registryctl,nginx,core,jobservice,chartmuseum,notary-signer,trivy-adapter,registry,postgresql,notary-server
|
||||
|
||||
Reference in New Issue
Block a user