Skip to content

Commit

Permalink
Merge pull request #407 from ywk253100/191018_clair_adapter
Browse files Browse the repository at this point in the history 
Update Harbor chart to enable pluggable scanner
  • Loading branch information
@ywk253100
ywk253100 committed Oct 24, 2019
2 parents c07a21e + 129f557 commit 266acd3
Show file tree
Hide file tree
Showing 5 changed files with 61 additions and 25 deletions.
25 changes: 14 additions & 11 deletions README.md
View file
Expand Up @@ -226,17 +226,20 @@ The following table lists the configurable parameters of the Harbor chart and th
| `chartmuseum.tolerations` | Tolerations for pod assignment | `[]` |
| `chartmuseum.affinity` | Node/Pod affinities | `{}` |
| `chartmuseum.podAnnotations` | Annotations to add to the chart museum pod | `{}` |
| **Clair** |
| `clair.enabled` | Enable Clair | `true` |
| `clair.image.repository` | Repository for clair image | `goharbor/clair-photon` |
| `clair.image.tag` | Tag for clair image | `dev` |
| `clair.replicas` | The replica count | `1` |
| `clair.updatersInterval` | The interval of clair updaters, the unit is hour, set to 0 to disable the updaters | `12` |
| `clair.resources` | The [resources] to allocate for container | undefined |
| `clair.nodeSelector` | Node labels for pod assignment | `{}` |
| `clair.tolerations` | Tolerations for pod assignment | `[]` |
| `clair.affinity` | Node/Pod affinities | `{}` |
| `clair.podAnnotations` | Annotations to add to the clair pod | `{}` |
| **Clair** |
| `clair.enabled` | Enable Clair | `true` |
| `clair.clair.image.repository` | Repository for clair image | `goharbor/clair-photon` |
| `clair.clair.image.tag` | Tag for clair image | `dev` |
| `clair.clair.resources` | The [resources] to allocate for clair container | |
| `clair.adapter.image.repository` | Repository for clair adapter image | `goharbor/clair-adapter-photon` |
| `clair.adapter.image.tag` | Tag for clair adapter image | `dev` |
| `clair.adapter.resources` | The [resources] to allocate for clair adapter container | |
| `clair.replicas` | The replica count | `1` |
| `clair.updatersInterval` | The interval of clair updaters, the unit is hour, set to 0 to disable the updaters | `12` |
| `clair.nodeSelector` | Node labels for pod assignment | `{}` |
| `clair.tolerations` | Tolerations for pod assignment | `[]` |
| `clair.affinity` | Node/Pod affinities | `{}` |
| `clair.podAnnotations` | Annotations to add to the clair pod | `{}` |
| **Notary** |
| `notary.enabled` | Enable Notary? | `true` |
| `notary.server.image.repository` | Repository for notary server image | `goharbor/notary-server-photon` |
Expand Down
31 changes: 28 additions & 3 deletions templates/clair/clair-dpl.yaml
View file
Expand Up @@ -29,7 +29,7 @@ spec:
{{- end }}
containers:
- name: clair
image: {{ .Values.clair.image.repository }}:{{ .Values.clair.image.tag }}
image: {{ .Values.clair.clair.image.repository }}:{{ .Values.clair.clair.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
Expand All @@ -53,16 +53,41 @@ spec:
- name: NO_PROXY
value: "{{ template "harbor.noProxy" . }}"
{{- end }}
{{- if .Values.clair.resources }}
{{- if .Values.clair.clair.resources }}
resources:
{{ toYaml .Values.clair.resources | indent 10 }}
{{ toYaml .Values.clair.clair.resources | indent 10 }}
{{- end }}
ports:
- containerPort: 6060
volumeMounts:
- name: config
mountPath: /etc/clair/config.yaml
subPath: config.yaml
- name: adapter
image: {{ .Values.clair.adapter.image.repository }}:{{ .Values.clair.adapter.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
livenessProbe:
httpGet:
path: /probe/healthy
port: 8080
initialDelaySeconds: 300
periodSeconds: 10
readinessProbe:
httpGet:
path: /probe/ready
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
env:
- name: SCANNER_CLAIR_URL
# To avoid a pod cannot reach itself via service IP when the clusters disable hairpin
value: "http://127.0.0.1:6060"
{{- if .Values.clair.adapter.resources }}
resources:
{{ toYaml .Values.clair.adapter.resources | indent 10 }}
{{- end }}
ports:
- containerPort: 8080
volumes:
- name: config
secret:
Expand Down
6 changes: 2 additions & 4 deletions templates/clair/clair-svc.yaml
View file
Expand Up @@ -7,10 +7,8 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
spec:
ports:
- name: clair
port: 6060
- name: health
port: 6061
- name: adapter
port: 8080
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
component: clair
Expand Down
1 change: 1 addition & 0 deletions templates/core/core-cm.yaml
View file
Expand Up @@ -36,6 +36,7 @@ data:
CLAIR_DB: "{{ template "harbor.database.clairDatabase" . }}"
CLAIR_DB_SSLMODE: "{{ template "harbor.database.sslmode" . }}"
CLAIR_URL: "http://{{ template "harbor.fullname" . }}-clair:6060"
CLAIR_ADAPTER_URL: "http://{{ template "harbor.clair" . }}:8080"
REGISTRY_STORAGE_PROVIDER_NAME: "{{ .Values.persistence.imageChartStorage.type }}"
WITH_CHARTMUSEUM: "{{ .Values.chartmuseum.enabled }}"
CHART_REPOSITORY_URL: "http://{{ template "harbor.chartmuseum" . }}"
Expand Down
23 changes: 16 additions & 7 deletions values.yaml
View file
Expand Up @@ -411,17 +411,26 @@ chartmuseum:

clair:
enabled: true
image:
repository: goharbor/clair-photon
tag: dev
clair:
image:
repository: goharbor/clair-photon
tag: dev
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
adapter:
image:
repository: goharbor/clair-adapter-photon
tag: dev
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
replicas: 1
# The interval of clair updaters, the unit is hour, set to 0 to
# disable the updaters
updatersInterval: 12
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
nodeSelector: {}
tolerations: []
affinity: {}
Expand Down

0 comments on commit 266acd3

Please sign in to comment.