diff --git a/.beagle.yml b/.beagle.yml new file mode 100644 index 0000000000000000000000000000000000000000..b207cf69a236e34d488322f65479d39d57f5142b --- /dev/null +++ b/.beagle.yml @@ -0,0 +1,86 @@ +platform: 10.11.92.34 + +clone: + git: + image: registry.cn-qingdao.aliyuncs.com/wod/devops-git:1.0 + dns: + - 223.5.5.5 + +pipeline: + + charts: + image: registry.cn-qingdao.aliyuncs.com/wod/alpine:3.12 + pull: true + dns: + - 223.5.5.5 + volumes: + - /data/downloads/k8s/charts/:/charts + environment: + - TGZ_TARGET=harbor-v2.1.1.tgz + commands: + - rm -rf .git + - tar -zcvf $TGZ_TARGET . + - mv $TGZ_TARGET /charts/$TGZ_TARGET + when: + branch: + release-v2.1 + + ansible-amd64: + image: registry.cn-qingdao.aliyuncs.com/wod/ansible-kubernetes-image:v1.20.2 + pull: true + dns: + - 223.5.5.5 + commands: + - cp -r ./ansible/main.yaml /etc/ansible/linux/main.yaml + - cd ansible + - >- + ansible-playbook /etc/ansible/linux/main.yaml + --extra-vars + '{ + "TARGET_ARCH":"amd64", + "TARGET_VERSION":"v2.1.1" + }' + --extra-vars "@images.yaml" + when: + branch: + release-v2.1 + + ansible-arm64: + image: registry.cn-qingdao.aliyuncs.com/wod/ansible-kubernetes-image:v1.20.2 + pull: true + dns: + - 223.5.5.5 + commands: + - cp -r ./ansible/main.yaml /etc/ansible/linux/main.yaml + - cd ansible + - >- + ansible-playbook /etc/ansible/linux/main.yaml + --extra-vars + '{ + "TARGET_ARCH":"arm64", + "TARGET_VERSION":"v2.1.1" + }' + --extra-vars "@images.yaml" + when: + branch: + release-v2.1 + + ansible-ppc64le: + image: registry.cn-qingdao.aliyuncs.com/wod/ansible-kubernetes-image:v1.20.2 + pull: true + dns: + - 223.5.5.5 + commands: + - cp -r ./ansible/main.yaml /etc/ansible/linux/main.yaml + - cd ansible + - >- + ansible-playbook /etc/ansible/linux/main.yaml + --extra-vars + '{ + "TARGET_ARCH":"ppc64le", + "TARGET_VERSION":"v2.1.1" + }' + --extra-vars "@images.yaml" + when: + branch: + release-v2.1 \ No newline at end of file diff --git a/Chart.yaml b/Chart.yaml index d614d9379e64a5efa4ae1f8b6b4922fbb809d1c6..2b245c4b6ccef02971bd2c0d4a7975497dd9b789 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -name: harbor +name: beagle-harbor version: 1.5.3 appVersion: 2.1.3 description: An open source trusted cloud native registry that stores, signs, and scans content diff --git a/ansible/images.yaml b/ansible/images.yaml new file mode 100644 index 0000000000000000000000000000000000000000..db0f63442fb624e4be4023fdd222e3d80e879c6e --- /dev/null +++ b/ansible/images.yaml @@ -0,0 +1,27 @@ +IMAGES: + - repo: harbor-portal + tag: "v2.1.1" + - repo: harbor-core + tag: "v2.1.1" + - repo: harbor-jobservice + tag: "v2.1.1" + - repo: harbor-db + tag: "v2.1.1" + - repo: harbor-registryctl + tag: "v2.1.1" + - repo: harbor-chartmuseum + tag: "v2.1.1" + - repo: harbor-clair + tag: "v2.1.1" + - repo: harbor-clair-adapter + tag: "v2.1.1" + - repo: harbor-trivy-adapter + tag: "v2.1.1" + - repo: harbor-notary-server + tag: "v2.1.1" + - repo: harbor-notary-signer + tag: "v2.1.1" + - repo: registry + tag: "2.7.1" + - repo: redis + tag: "6.0.9" \ No newline at end of file diff --git a/ansible/main.yaml b/ansible/main.yaml new file mode 100644 index 0000000000000000000000000000000000000000..301c0aab3106804a63724398910f0f292e291e65 --- /dev/null +++ b/ansible/main.yaml @@ -0,0 +1,10 @@ +- hosts: all + gather_facts: False + vars: + REGISTRY_DATA_PATH: '/data/downloads/k8s/registry/{{ TARGET_ARCH }}' + REGISTRY_DATA_FILE: "images-harbor-{{ TARGET_VERSION }}.tar.gz" + roles: + - role: wod.registry + - role: wod.registry-cache + CACHE_IMAGES: '{{ IMAGES }}' + - role: wod.tgz \ No newline at end of file diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 3a491070b6a8142d6cad32654c6956debb191b92..122afad043a8de38b0d23fa8b532fa6cfacbcb94 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -22,6 +22,9 @@ heritage: {{ .Release.Service }} release: {{ .Release.Name }} chart: {{ .Chart.Name }} app: "{{ template "harbor.name" . }}" +{{- if .Values.commonLabels}} +{{ toYaml .Values.commonLabels }} +{{- end }} {{- end -}} {{/* matchLabels */}} diff --git a/templates/core/core-dpl.yaml b/templates/core/core-dpl.yaml index b519929ccec746695bac76c1ae3ea424a74a7860..2967e008324569a0f47fe99e6c3b86780a1d4afb 100644 --- a/templates/core/core-dpl.yaml +++ b/templates/core/core-dpl.yaml @@ -14,7 +14,7 @@ spec: template: metadata: labels: -{{ include "harbor.matchLabels" . | indent 8 }} +{{ include "harbor.labels" . | indent 8 }} component: core annotations: checksum/configmap: {{ include (print $.Template.BasePath "/core/core-cm.yaml") . | sha256sum }} diff --git a/templates/ingress/ingresshost.yaml b/templates/ingress/ingresshost.yaml new file mode 100644 index 0000000000000000000000000000000000000000..875d431dec86fef4d028f63b9214963cab786820 --- /dev/null +++ b/templates/ingress/ingresshost.yaml @@ -0,0 +1,28 @@ +{{- if .Capabilities.APIVersions.Has "bcc.bd-apaas.com/v1alpha1" -}} +--- +apiVersion: bcc.bd-apaas.com/v1alpha1 +kind: IngressHost +metadata: + name: "{{ template "harbor.ingress" . }}-core" + annotations: + {{- with .Values.expose.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{ include "harbor.labels" . | nindent 4 }} +spec: + host: "{{ .Values.expose.ingress.hosts.core }}" +--- +apiVersion: bcc.bd-apaas.com/v1alpha1 +kind: IngressHost +metadata: + name: "{{ template "harbor.ingress" . }}-notary" + annotations: + {{- with .Values.expose.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{ include "harbor.labels" . | nindent 4 }} +spec: + host: "{{ .Values.expose.ingress.hosts.notary }}" +{{- end -}} diff --git a/templates/ingress/ingressroute.yaml b/templates/ingress/ingressroute.yaml index 5def218499cf618e6697213e24ea20fc3f0c67a0..f5ea7ac721ebfcb11f5f2ec74e8c568782fb7537 100644 --- a/templates/ingress/ingressroute.yaml +++ b/templates/ingress/ingressroute.yaml @@ -1,4 +1,4 @@ -{{- if .Capabilities.APIVersions.Has "bcc.bd-apaas.com/v1alpha1/IngressRoute" -}} +{{- if .Capabilities.APIVersions.Has "bcc.bd-apaas.com/v1alpha1" -}} --- apiVersion: bcc.bd-apaas.com/v1alpha1 kind: IngressRoute @@ -31,6 +31,8 @@ spec: port: {{ template "harbor.core.servicePort" . }} - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/v2/`) kind: Rule + middlewares: + - name: "{{ template "harbor.ingress" . }}-https" services: - name: {{ template "harbor.core" . }} port: {{ template "harbor.core.servicePort" . }} diff --git a/templates/ingress/middleware.yaml b/templates/ingress/middleware.yaml new file mode 100644 index 0000000000000000000000000000000000000000..bb742070b7c6cdd76c85ff2038f6900871bf25b7 --- /dev/null +++ b/templates/ingress/middleware.yaml @@ -0,0 +1,10 @@ +{{- if .Capabilities.APIVersions.Has "bcc.bd-apaas.com/v1alpha1" -}} +apiVersion: bcc.bd-apaas.com/v1alpha1 +kind: Middleware +metadata: + name: "{{ template "harbor.ingress" . }}-https" +spec: + headers: + customRequestHeaders: + X-Forwarded-Proto: "https" +{{- end -}} \ No newline at end of file diff --git a/templates/portal/deployment.yaml b/templates/portal/deployment.yaml index 855830f4cecf66957ad7feb5bee764276b4ded54..7b022c6d2631a94a48f4233aba9e35ec898d344f 100644 --- a/templates/portal/deployment.yaml +++ b/templates/portal/deployment.yaml @@ -14,7 +14,7 @@ spec: template: metadata: labels: -{{ include "harbor.matchLabels" . | indent 8 }} +{{ include "harbor.labels" . | indent 8 }} component: portal annotations: {{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }} diff --git a/values-aliyun.yaml b/values-aliyun.yaml index e90cfa082d52a4594321d1845784cd11403b6bf2..40a42983fff7c88a0a2e7d71c68302c94b52fe14 100644 --- a/values-aliyun.yaml +++ b/values-aliyun.yaml @@ -16,37 +16,37 @@ persistence: persistentVolumeClaim: registry: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 5Gi chartmuseum: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 5Gi jobservice: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 1Gi database: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 1Gi redis: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 1Gi trivy: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 5Gi diff --git a/values-arm.yaml b/values-arm.yaml index 53994b58865b8a467c57712fee74676fd41451a4..826dc59e95623d531bdc3a48d2a7764625283cc7 100644 --- a/values-arm.yaml +++ b/values-arm.yaml @@ -16,37 +16,37 @@ persistence: persistentVolumeClaim: registry: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 5Gi chartmuseum: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 5Gi jobservice: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 1Gi database: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 1Gi redis: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 1Gi trivy: existingClaim: "" - storageClass: "" + storageClass: "hostpath" subPath: "" accessMode: ReadWriteOnce size: 5Gi @@ -72,24 +72,24 @@ secretKey: "IpTIscRIgmerlare" portal: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-harbor-portal-arm64 - tag: v2.1.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal + tag: v2.1.1-arm64 core: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-harbor-core-arm64 - tag: v2.1.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core + tag: v2.1.1-arm64 jobservice: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-harbor-jobservice-arm64 - tag: v2.1.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice + tag: v2.1.1-arm64 registry: registry: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-registry-arm64 - tag: 2.7.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/registry + tag: 2.7.1-arm64 resources: limits: memory: 4Gi @@ -97,15 +97,16 @@ registry: memory: 256Mi controller: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-harbor-registryctl-arm64 - tag: v2.1.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl + tag: v2.1.1-arm64 chartmuseum: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-chartmuseum-arm64 - tag: v2.1.1 - nodeSelector: - harbor: enabled + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum + tag: v2.1.1-arm64 + nodeSelector: {} + # nodeSelector: + # harbor: enabled storageSpec: type: hostPath emptyDir: {} @@ -115,34 +116,34 @@ chartmuseum: clair: clair: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-clair-arm64 - tag: v2.1.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair + tag: v2.1.1-arm64 adapter: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-clair-adapter-arm64 - tag: v2.1.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter + tag: v2.1.1-arm64 trivy: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-trivy-adapter-arm64 - tag: v2.1.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter + tag: v2.1.1-arm64 notary: server: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-notary-server-arm64 - tag: v2.1.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server + tag: v2.1.1-arm64 signer: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-notary-signer-arm64 - tag: v2.1.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer + tag: v2.1.1-arm64 database: type: internal internal: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/awecloud-harbor-db-arm64 - tag: v2.1.1 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db + tag: v2.1.1-arm64 password: "spaceIN511" resources: limits: @@ -155,4 +156,4 @@ redis: internal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/redis - tag: 4.0.14-alpine \ No newline at end of file + tag: 6.0.9-arm64 \ No newline at end of file diff --git a/values-ppc64le.yaml b/values-ppc64le.yaml new file mode 100644 index 0000000000000000000000000000000000000000..a2f0a3dd3bcdc94d6cb6c57aef7756ed2497f15a --- /dev/null +++ b/values-ppc64le.yaml @@ -0,0 +1,159 @@ +expose: + type: ingress + tls: + enabled: false + ingress: + hosts: + core: hub.wodcloud.local + notary: notary.wodcloud.local + annotations: + ingress.kubernetes.io/proxy-body-size: "0" + +externalURL: https://hub.wodcloud.local + +persistence: + enabled: true + persistentVolumeClaim: + registry: + existingClaim: "" + storageClass: "hostpath" + subPath: "" + accessMode: ReadWriteOnce + size: 5Gi + chartmuseum: + existingClaim: "" + storageClass: "hostpath" + subPath: "" + accessMode: ReadWriteOnce + size: 5Gi + jobservice: + existingClaim: "" + storageClass: "hostpath" + subPath: "" + accessMode: ReadWriteOnce + size: 1Gi + database: + existingClaim: "" + storageClass: "hostpath" + subPath: "" + accessMode: ReadWriteOnce + size: 1Gi + redis: + existingClaim: "" + storageClass: "hostpath" + subPath: "" + accessMode: ReadWriteOnce + size: 1Gi + trivy: + existingClaim: "" + storageClass: "hostpath" + subPath: "" + accessMode: ReadWriteOnce + size: 5Gi + imageChartStorage: + # s3 , filesystem + type: filesystem + s3: + accesskey: AKIAIOSFODNN7EXAMPLE + secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + region: us-east-1 + regionendpoint: http://minio.wodcloud.local + bucket: registry + encrypt: false + v4auth: true + chunksize: '5242880' + rootdirectory: / + +imagePullPolicy: IfNotPresent + +logLevel: info +harborAdminPassword: "spaceIN511" +secretKey: "IpTIscRIgmerlare" + +portal: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal + tag: v2.1.3-ppc64le + +core: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core + tag: v2.1.3-ppc64le + +jobservice: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice + tag: v2.1.3-ppc64le + +registry: + registry: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/registry + tag: 2.7.1-ppc64le + resources: + limits: + memory: 4Gi + requests: + memory: 256Mi + controller: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl + tag: v2.1.3-ppc64le + +chartmuseum: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum + tag: v2.1.1-ppc64le + nodeSelector: {} + # nodeSelector: + # harbor: enabled + storageSpec: + type: hostPath + emptyDir: {} + hostPath: + root: /data + +clair: + clair: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair + tag: v2.1.1-ppc64le + adapter: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter + tag: v2.1.1-ppc64le + +trivy: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter + tag: v2.1.1-ppc64le + +notary: + server: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server + tag: v2.1.1-ppc64le + signer: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer + tag: v2.1.1-ppc64le + +database: + type: internal + internal: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db + tag: v2.1.3-ppc64le + password: "spaceIN511" + resources: + limits: + memory: 4Gi + requests: + memory: 256Mi + +redis: + type: internal + internal: + image: + repository: registry.cn-qingdao.aliyuncs.com/wod/redis + tag: 6.0.9-ppc64le \ No newline at end of file diff --git a/values.yaml b/values.yaml index 7bff227d5d56fd0ba82c57382280d74ba15b4eac..17a66ee71af57daac2307c65e0b1ef572dc27892 100644 --- a/values.yaml +++ b/values.yaml @@ -742,3 +742,6 @@ redis: password: "" ## Additional deployment annotations podAnnotations: {} + +commonLabels: + app.bd-apaas.com/cluster-component: registry \ No newline at end of file