Update harbor to 2.6.
This commit is contained in:
@@ -103,28 +103,34 @@ function check_docker {
|
||||
}
|
||||
|
||||
function check_dockercompose {
|
||||
if ! docker compose version &> /dev/null
|
||||
if [! docker compose version] &> /dev/null || [! docker-compose --version] &> /dev/null
|
||||
then
|
||||
error "Need to install docker compose(1.18.0+) by yourself first and run this script again."
|
||||
error "Need to install docker-compose(1.18.0+) or a docker-compose-plugin (https://docs.docker.com/compose/)by yourself first and run this script again."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# docker compose has been installed, check its version
|
||||
if [[ $(docker compose version) =~ (([0-9]+)\.([0-9]+)([\.0-9]*)) ]]
|
||||
# either docker compose plugin has been installed
|
||||
if docker compose version &> /dev/null
|
||||
then
|
||||
note "$(docker compose version)"
|
||||
DOCKER_COMPOSE="docker compose"
|
||||
|
||||
# or docker-compose has been installed, check its version
|
||||
elif [[ $(docker-compose --version) =~ (([0-9]+)\.([0-9]+)([\.0-9]*)) ]]
|
||||
then
|
||||
docker_compose_version=${BASH_REMATCH[1]}
|
||||
docker_compose_version_part1=${BASH_REMATCH[2]}
|
||||
docker_compose_version_part2=${BASH_REMATCH[3]}
|
||||
|
||||
note "docker compose version: $docker_compose_version"
|
||||
# the version of docker compose does not meet the requirement
|
||||
note "docker-compose version: $docker_compose_version"
|
||||
# the version of docker-compose does not meet the requirement
|
||||
if [ "$docker_compose_version_part1" -lt 1 ] || ([ "$docker_compose_version_part1" -eq 1 ] && [ "$docker_compose_version_part2" -lt 18 ])
|
||||
then
|
||||
error "Need to upgrade docker compose package to 1.18.0+."
|
||||
error "Need to upgrade docker-compose package to 1.18.0+."
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
error "Failed to parse docker compose version."
|
||||
error "Failed to parse docker-compose version."
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
@@ -21,8 +21,8 @@ PORTAL_URL=http://portal:8080
|
||||
TOKEN_SERVICE_URL=http://core:8080/service/token
|
||||
HARBOR_ADMIN_PASSWORD=j2Q2gRX@zpGYGsUZwJ@ynvnU3gw6Y*
|
||||
MAX_JOB_WORKERS=10
|
||||
CORE_SECRET=Q1kOSJ2hbw3qs2Uh
|
||||
JOBSERVICE_SECRET=LURd3ymSGca6nuB5
|
||||
CORE_SECRET=2WyVPYUlCIRDPCv2
|
||||
JOBSERVICE_SECRET=a1XRgtkNICmX2Gl4
|
||||
WITH_NOTARY=False
|
||||
WITH_TRIVY=True
|
||||
CORE_URL=http://core:8080
|
||||
@@ -37,14 +37,15 @@ CHART_REPOSITORY_URL=http://chartmuseum:9999
|
||||
REGISTRY_CONTROLLER_URL=http://registryctl:8080
|
||||
WITH_CHARTMUSEUM=False
|
||||
REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
|
||||
REGISTRY_CREDENTIAL_PASSWORD=nTDpudVQRYA4rPGrDvmLvHskdd5gPcUU
|
||||
CSRF_KEY=dtP7zBtDmaQR9fhuxuy5fNpbCVZfFSD4
|
||||
PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE=docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry
|
||||
REGISTRY_CREDENTIAL_PASSWORD=RvC6BuQM4kFianaQ81mMxGuDHdNEQ5Yp
|
||||
CSRF_KEY=hPD1uJIjELdXLCH2Z6zFWS6JDT0JGRHc
|
||||
PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE=docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry,github-ghcr
|
||||
|
||||
HTTP_PROXY=
|
||||
HTTPS_PROXY=
|
||||
NO_PROXY=.internal,notary-signer,registryctl,.local,nginx,chartmuseum,portal,127.0.0.1,exporter,redis,jobservice,db,core,registry,localhost,trivy-adapter,log,notary-server,postgresql
|
||||
NO_PROXY=localhost,log,.internal,exporter,db,.local,portal,redis,127.0.0.1,registryctl,nginx,core,jobservice,chartmuseum,notary-signer,trivy-adapter,registry,postgresql,notary-server
|
||||
|
||||
PORT=8080
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
CORE_SECRET=Q1kOSJ2hbw3qs2Uh
|
||||
CORE_SECRET=2WyVPYUlCIRDPCv2
|
||||
REGISTRY_URL=http://registry:5000
|
||||
JOBSERVICE_SECRET=LURd3ymSGca6nuB5
|
||||
JOBSERVICE_SECRET=a1XRgtkNICmX2Gl4
|
||||
CORE_URL=http://core:8080
|
||||
REGISTRY_CONTROLLER_URL=http://registryctl:8080
|
||||
JOBSERVICE_WEBHOOK_JOB_MAX_RETRY=10
|
||||
@@ -8,8 +8,9 @@ JOBSERVICE_WEBHOOK_JOB_MAX_RETRY=10
|
||||
|
||||
HTTP_PROXY=
|
||||
HTTPS_PROXY=
|
||||
NO_PROXY=.internal,notary-signer,registryctl,.local,nginx,chartmuseum,portal,127.0.0.1,exporter,redis,jobservice,db,core,registry,localhost,trivy-adapter,log,notary-server,postgresql
|
||||
NO_PROXY=localhost,log,.internal,exporter,db,.local,portal,redis,127.0.0.1,registryctl,nginx,core,jobservice,chartmuseum,notary-signer,trivy-adapter,registry,postgresql,notary-server
|
||||
REGISTRY_CREDENTIAL_USERNAME=harbor_registry_user
|
||||
REGISTRY_CREDENTIAL_PASSWORD=nTDpudVQRYA4rPGrDvmLvHskdd5gPcUU
|
||||
REGISTRY_CREDENTIAL_PASSWORD=RvC6BuQM4kFianaQ81mMxGuDHdNEQ5Yp
|
||||
|
||||
|
||||
|
||||
|
||||
@@ -1,130 +0,0 @@
|
||||
worker_processes auto;
|
||||
pid /tmp/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 3096;
|
||||
use epoll;
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
client_body_temp_path /tmp/client_body_temp;
|
||||
proxy_temp_path /tmp/proxy_temp;
|
||||
fastcgi_temp_path /tmp/fastcgi_temp;
|
||||
uwsgi_temp_path /tmp/uwsgi_temp;
|
||||
scgi_temp_path /tmp/scgi_temp;
|
||||
tcp_nodelay on;
|
||||
|
||||
# this is necessary for us to be able to disable request buffering in all cases
|
||||
proxy_http_version 1.1;
|
||||
|
||||
upstream core {
|
||||
server core:8080;
|
||||
}
|
||||
|
||||
upstream portal {
|
||||
server portal:8080;
|
||||
}
|
||||
|
||||
log_format timed_combined '$remote_addr - '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent" '
|
||||
'$request_time $upstream_response_time $pipe';
|
||||
|
||||
access_log /dev/stdout timed_combined;
|
||||
|
||||
map $http_x_forwarded_proto $x_forwarded_proto {
|
||||
default $http_x_forwarded_proto;
|
||||
"" $scheme;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8080;
|
||||
server_tokens off;
|
||||
# disable any limits to avoid HTTP 413 for large image uploads
|
||||
client_max_body_size 0;
|
||||
|
||||
# Add extra headers
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header Content-Security-Policy "frame-ancestors 'none'";
|
||||
|
||||
# customized location config file can place to /etc/nginx/etc with prefix harbor.http. and suffix .conf
|
||||
include /etc/nginx/conf.d/harbor.http.*.conf;
|
||||
|
||||
location / {
|
||||
proxy_pass http://portal/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /c/ {
|
||||
proxy_pass http://core/c/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
proxy_pass http://core/api/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /chartrepo/ {
|
||||
proxy_pass http://core/chartrepo/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /v1/ {
|
||||
return 404;
|
||||
}
|
||||
|
||||
location /v2/ {
|
||||
proxy_pass http://core/v2/;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
|
||||
proxy_send_timeout 900;
|
||||
proxy_read_timeout 900;
|
||||
}
|
||||
|
||||
location /service/ {
|
||||
proxy_pass http://core/service/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $x_forwarded_proto;
|
||||
|
||||
proxy_buffering off;
|
||||
proxy_request_buffering off;
|
||||
}
|
||||
|
||||
location /service/notifications {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
harbor_registry_user:$2y$05$ZZgSSdASjscjf4QfvkaEHus/y62rx0h2qPoLeb/MsoG5FvUmrPfI.
|
||||
harbor_registry_user:$2y$05$paAwVLgr1maxYnL9fud8q.u7SiU/75K/ra2aeEcYNJt22ro/st4qe
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
CORE_SECRET=Q1kOSJ2hbw3qs2Uh
|
||||
JOBSERVICE_SECRET=LURd3ymSGca6nuB5
|
||||
CORE_SECRET=2WyVPYUlCIRDPCv2
|
||||
JOBSERVICE_SECRET=a1XRgtkNICmX2Gl4
|
||||
|
||||
@@ -16,4 +16,4 @@ SCANNER_TRIVY_INSECURE=False
|
||||
SCANNER_TRIVY_TIMEOUT=5m0s
|
||||
HTTP_PROXY=
|
||||
HTTPS_PROXY=
|
||||
NO_PROXY=.internal,notary-signer,registryctl,.local,nginx,chartmuseum,portal,127.0.0.1,exporter,redis,jobservice,db,core,registry,localhost,trivy-adapter,log,notary-server,postgresql
|
||||
NO_PROXY=localhost,log,.internal,exporter,db,.local,portal,redis,127.0.0.1,registryctl,nginx,core,jobservice,chartmuseum,notary-signer,trivy-adapter,registry,postgresql,notary-server
|
||||
|
||||
@@ -95,7 +95,7 @@ services:
|
||||
volumes:
|
||||
- /data/database:/var/lib/postgresql/data:z
|
||||
networks:
|
||||
- harbor
|
||||
harbor:
|
||||
env_file:
|
||||
- ./common/config/db/env
|
||||
depends_on:
|
||||
@@ -108,7 +108,7 @@ services:
|
||||
shm_size: '1gb'
|
||||
core:
|
||||
image: goharbor/harbor-core:v2.6.1
|
||||
container_name: core
|
||||
container_name: harbor-core
|
||||
env_file:
|
||||
- ./common/config/core/env
|
||||
restart: always
|
||||
@@ -134,12 +134,12 @@ services:
|
||||
source: ./common/config/shared/trust-certificates
|
||||
target: /harbor_cust_cert
|
||||
networks:
|
||||
- harbor
|
||||
harbor:
|
||||
depends_on:
|
||||
- log
|
||||
- registry
|
||||
- redis
|
||||
- harbor-db
|
||||
- postgresql
|
||||
logging:
|
||||
driver: "syslog"
|
||||
options:
|
||||
@@ -147,7 +147,7 @@ services:
|
||||
tag: "core"
|
||||
portal:
|
||||
image: goharbor/harbor-portal:v2.6.1
|
||||
container_name: portal
|
||||
container_name: harbor-portal
|
||||
restart: always
|
||||
cap_drop:
|
||||
- ALL
|
||||
@@ -172,7 +172,7 @@ services:
|
||||
|
||||
jobservice:
|
||||
image: goharbor/harbor-jobservice:v2.6.1
|
||||
container_name: jobservice
|
||||
container_name: harbor-jobservice
|
||||
env_file:
|
||||
- ./common/config/jobservice/env
|
||||
restart: always
|
||||
@@ -184,6 +184,7 @@ services:
|
||||
- SETUID
|
||||
volumes:
|
||||
- /data/job_logs:/var/log/jobs:z
|
||||
- /data/scandata_exports:/var/scandata_exports:z
|
||||
- type: bind
|
||||
source: ./common/config/jobservice/config.yml
|
||||
target: /etc/jobservice/config.yml
|
||||
@@ -212,7 +213,7 @@ services:
|
||||
volumes:
|
||||
- /data/redis:/var/lib/redis
|
||||
networks:
|
||||
- harbor
|
||||
harbor:
|
||||
depends_on:
|
||||
- log
|
||||
logging:
|
||||
@@ -294,6 +295,5 @@ services:
|
||||
networks:
|
||||
harbor:
|
||||
external: false
|
||||
name: harbor
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
@@ -137,7 +137,7 @@ log:
|
||||
# port: 5140
|
||||
|
||||
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
|
||||
_version: 2.5.0
|
||||
_version: 2.6.0
|
||||
|
||||
# Uncomment external_database if using external database.
|
||||
# external_database:
|
||||
@@ -245,3 +245,18 @@ upload_purging:
|
||||
# the interval of the purge operations
|
||||
interval: 24h
|
||||
dryrun: false
|
||||
|
||||
# cache layer configurations
|
||||
# If this feature enabled, harbor will cache the resource
|
||||
# `project/project_metadata/repository/artifact/manifest` in the redis
|
||||
# which can especially help to improve the performance of high concurrent
|
||||
# manifest pulling.
|
||||
# NOTICE
|
||||
# If you are deploying Harbor in HA mode, make sure that all the harbor
|
||||
# instances have the same behaviour, all with caching enabled or disabled,
|
||||
# otherwise it can lead to potential data inconsistency.
|
||||
cache:
|
||||
# not enabled by default
|
||||
enabled: false
|
||||
# keep cache for one day by default
|
||||
expire_hours: 24
|
||||
|
||||
@@ -22,6 +22,9 @@ with_trivy=$false
|
||||
# chartmuseum is not enabled by default
|
||||
with_chartmuseum=$false
|
||||
|
||||
# flag to using docker compose v1 or v2, default would using v1 docker-compose
|
||||
DOCKER_COMPOSE=docker-compose
|
||||
|
||||
while [ $# -gt 0 ]; do
|
||||
case $1 in
|
||||
--help)
|
||||
@@ -88,14 +91,28 @@ fi
|
||||
./prepare $prepare_para
|
||||
echo ""
|
||||
|
||||
if [ -n "$(docker-compose ps -q)" ]
|
||||
then
|
||||
if [ -n "$DOCKER_COMPOSE ps -q" ]
|
||||
then
|
||||
note "stopping existing Harbor instance ..."
|
||||
docker-compose down -v
|
||||
$DOCKER_COMPOSE down -v
|
||||
fi
|
||||
echo ""
|
||||
|
||||
h2 "[Step $item]: starting Harbor ..."
|
||||
docker-compose up -d
|
||||
if [ $with_chartmuseum ]
|
||||
then
|
||||
warn "
|
||||
Chartmusuem will be deprecated as of Harbor v2.6.0 and start to be removed in v2.8.0 or later.
|
||||
Please see discussion here for more details. https://github.com/goharbor/harbor/discussions/15057"
|
||||
fi
|
||||
if [ $with_notary ]
|
||||
then
|
||||
warn "
|
||||
Notary will be deprecated as of Harbor v2.6.0 and start to be removed in v2.8.0 or later.
|
||||
You can use cosign for signature instead since Harbor v2.5.0.
|
||||
Please see discussion here for more details. https://github.com/goharbor/harbor/discussions/16612"
|
||||
fi
|
||||
|
||||
$DOCKER_COMPOSE up -d
|
||||
|
||||
success $"----Harbor has been installed and started successfully.----"
|
||||
|
||||
@@ -57,7 +57,7 @@ docker run --rm -v $input_dir:/input \
|
||||
-v $config_dir:/config \
|
||||
-v /:/hostfs \
|
||||
--privileged \
|
||||
goharbor/prepare:v2.5.1 prepare $@
|
||||
goharbor/prepare:v2.6.1 prepare $@
|
||||
|
||||
echo "Clean up the input dir"
|
||||
# Clean up input dir
|
||||
|
||||
Reference in New Issue
Block a user