From b47de37878c5da3fb7782418621f60e3d812864f Mon Sep 17 00:00:00 2001 From: Wenkai Yin Date: Tue, 27 Nov 2018 19:29:17 +0800 Subject: [PATCH] Update Harbor chart according to the requirement for upgrade 1. Empty the "subPath" for volumes 2. Set "ReadWriteOnce" as the default value of access mode 3. Add checksum annotation for pod, see #5193 for detail Signed-off-by: Wenkai Yin --- README.md | 16 ++++++++-------- docs/High Availability.md | 2 ++ templates/adminserver/adminserver-dpl.yaml | 3 +++ templates/chartmuseum/chartmuseum-dpl.yaml | 3 +++ templates/clair/clair-dpl.yaml | 2 ++ templates/core/core-dpl.yaml | 3 +++ templates/database/database-ss.yaml | 2 ++ templates/jobservice/jobservice-dpl.yaml | 3 +++ templates/nginx/deployment.yaml | 9 +++++++++ templates/notary/notary-server.yaml | 2 ++ templates/notary/notary-signer.yaml | 2 ++ templates/registry/registry-dpl.yaml | 3 +++ values.yaml | 16 ++++++++-------- 13 files changed, 50 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 8b52f9bbf..c8b41d033 100644 --- a/README.md +++ b/README.md @@ -91,27 +91,27 @@ The following table lists the configurable parameters of the Harbor chart and th | `persistence.resourcePolicy` | Setting it to `keep` to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `keep` | | `persistence.persistentVolumeClaim.registry.existingClaim` | Use the existing PVC which must be created manually before bound | | |`persistence.persistentVolumeClaim.registry.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used(the default). Set it to `-` to disable dynamic provisioning | | -|`persistence.persistentVolumeClaim.registry.subPath` | The sub path used in the volume | `registry` | -|`persistence.persistentVolumeClaim.registry.accessMode` | The access mode of the volume | `ReadWriteMany` | +|`persistence.persistentVolumeClaim.registry.subPath` | The sub path used in the volume | | +|`persistence.persistentVolumeClaim.registry.accessMode` | The access mode of the volume | `ReadWriteOnce` | |`persistence.persistentVolumeClaim.registry.size` | The size of the volume | `5Gi` | |`persistence.persistentVolumeClaim.chartmuseum.existingClaim` | Use the existing PVC which must be created manually before bound | | |`persistence.persistentVolumeClaim.chartmuseum.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used(the default). Set it to `-` to disable dynamic provisioning | | -|`persistence.persistentVolumeClaim.chartmuseum.subPath` | The sub path used in the volume | `chartmuseum` | -|`persistence.persistentVolumeClaim.chartmuseum.accessMode` | The access mode of the volume | `ReadWriteMany` | +|`persistence.persistentVolumeClaim.chartmuseum.subPath` | The sub path used in the volume | | +|`persistence.persistentVolumeClaim.chartmuseum.accessMode` | The access mode of the volume | `ReadWriteOnce` | |`persistence.persistentVolumeClaim.chartmuseum.size` | The size of the volume | `5Gi` | |`persistence.persistentVolumeClaim.jobservice.existingClaim` | Use the existing PVC which must be created manually before bound | | |`persistence.persistentVolumeClaim.jobservice.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used(the default). Set it to `-` to disable dynamic provisioning | | -|`persistence.persistentVolumeClaim.jobservice.subPath` | The sub path used in the volume | `jobservice` | -|`persistence.persistentVolumeClaim.jobservice.accessMode` | The access mode of the volume | `ReadWriteMany` | +|`persistence.persistentVolumeClaim.jobservice.subPath` | The sub path used in the volume | | +|`persistence.persistentVolumeClaim.jobservice.accessMode` | The access mode of the volume | `ReadWriteOnce` | |`persistence.persistentVolumeClaim.jobservice.size` | The size of the volume | `1Gi` | |`persistence.persistentVolumeClaim.database.existingClaim` | Use the existing PVC which must be created manually before bound. If external database is used, the setting will be ignored | | |`persistence.persistentVolumeClaim.database.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used(the default). Set it to `-` to disable dynamic provisioning. If external database is used, the setting will be ignored | | -|`persistence.persistentVolumeClaim.database.subPath` | The sub path used in the volume. If external database is used, the setting will be ignored | `database` | +|`persistence.persistentVolumeClaim.database.subPath` | The sub path used in the volume. If external database is used, the setting will be ignored | | |`persistence.persistentVolumeClaim.database.accessMode` | The access mode of the volume. If external database is used, the setting will be ignored | `ReadWriteOnce` | |`persistence.persistentVolumeClaim.database.size` | The size of the volume. If external database is used, the setting will be ignored | `1Gi` | |`persistence.persistentVolumeClaim.redis.existingClaim` | Use the existing PVC which must be created manually before bound. If external Redis is used, the setting will be ignored | | |`persistence.persistentVolumeClaim.redis.storageClass` | Specify the `storageClass` used to provision the volume. Or the default StorageClass will be used(the default). Set it to `-` to disable dynamic provisioning. If external Redis is used, the setting will be ignored | | -|`persistence.persistentVolumeClaim.redis.subPath` | The sub path used in the volume. If external Redis is used, the setting will be ignored | `redis` | +|`persistence.persistentVolumeClaim.redis.subPath` | The sub path used in the volume. If external Redis is used, the setting will be ignored | | |`persistence.persistentVolumeClaim.redis.accessMode` | The access mode of the volume. If external Redis is used, the setting will be ignored | `ReadWriteOnce` | |`persistence.persistentVolumeClaim.redis.size` | The size of the volume. If external Redis is used, the setting will be ignored | `1Gi` | |`persistence.imageChartStorage.type` | The type of storage for images and charts: `filesystem`, `azure`, `gcs`, `s3`, `swift` or `oss`. The type must be `filesystem` if you want to use persistent volumes for registry and chartmuseum. Refer to the [guide](https://github.com/docker/distribution/blob/master/docs/configuration.md#storage) for more information about the detail | `filesystem` | diff --git a/docs/High Availability.md b/docs/High Availability.md index 1b7728afa..4835b3c21 100644 --- a/docs/High Availability.md +++ b/docs/High Availability.md @@ -47,6 +47,8 @@ Configure the followings items in `values.yaml`, you can also set them as parame If you want to specify the `StorageClass`, set `persistence.persistentVolumeClaim.registry.storageClass`, `persistence.persistentVolumeClaim.chartmuseum.storageClass` and `persistence.persistentVolumeClaim.jobservice.storageClass`. + If you use `StorageClass`, for both default or specified one, set `persistence.persistentVolumeClaim.registry.accessMode`, `persistence.persistentVolumeClaim.chartmuseum.accessMode` and `persistence.persistentVolumeClaim.jobservice.accessMode` as `ReadWriteMany`, and make sure that the persistent volumes must can be shared cross different nodes. + You can also use the existing PVCs to store data, set `persistence.persistentVolumeClaim.registry.existingClaim`, `persistence.persistentVolumeClaim.chartmuseum.existingClaim` and `persistence.persistentVolumeClaim.jobservice.existingClaim`. Cloud storage also can be used to store images and charts. Set the `persistence.imageChartStorage.type` to the value you want to use and fill the corresponding section. Notes: PVC is also needed to store job logs. diff --git a/templates/adminserver/adminserver-dpl.yaml b/templates/adminserver/adminserver-dpl.yaml index 92bc01c52..8adbd77b3 100644 --- a/templates/adminserver/adminserver-dpl.yaml +++ b/templates/adminserver/adminserver-dpl.yaml @@ -16,6 +16,9 @@ spec: labels: {{ include "harbor.labels" . | indent 8 }} component: adminserver + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/adminserver/adminserver-cm.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/adminserver/adminserver-secrets.yaml") . | sha256sum }} spec: containers: - name: adminserver diff --git a/templates/chartmuseum/chartmuseum-dpl.yaml b/templates/chartmuseum/chartmuseum-dpl.yaml index 8837e8d84..4c65d9800 100644 --- a/templates/chartmuseum/chartmuseum-dpl.yaml +++ b/templates/chartmuseum/chartmuseum-dpl.yaml @@ -17,6 +17,9 @@ spec: labels: {{ include "harbor.labels" . | indent 8 }} component: chartmuseum + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }} spec: containers: - name: chartmuseum diff --git a/templates/clair/clair-dpl.yaml b/templates/clair/clair-dpl.yaml index e9b7114a6..79c3dd6ce 100644 --- a/templates/clair/clair-dpl.yaml +++ b/templates/clair/clair-dpl.yaml @@ -17,6 +17,8 @@ spec: labels: {{ include "harbor.labels" . | indent 8 }} component: clair + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/clair/clair-cm.yaml") . | sha256sum }} spec: containers: - name: clair diff --git a/templates/core/core-dpl.yaml b/templates/core/core-dpl.yaml index 6754af0ea..8f3a6f1e0 100644 --- a/templates/core/core-dpl.yaml +++ b/templates/core/core-dpl.yaml @@ -16,6 +16,9 @@ spec: labels: {{ include "harbor.matchLabels" . | indent 8 }} component: core + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/core/core-cm.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }} spec: containers: - name: core diff --git a/templates/database/database-ss.yaml b/templates/database/database-ss.yaml index b23118c64..c1f2d5e01 100644 --- a/templates/database/database-ss.yaml +++ b/templates/database/database-ss.yaml @@ -19,6 +19,8 @@ spec: labels: {{ include "harbor.labels" . | indent 8 }} component: database + annotations: + checksum/secret: {{ include (print $.Template.BasePath "/database/database-secret.yaml") . | sha256sum }} spec: initContainers: - name: "remove-lost-found" diff --git a/templates/jobservice/jobservice-dpl.yaml b/templates/jobservice/jobservice-dpl.yaml index 5654d154e..21d4f8823 100644 --- a/templates/jobservice/jobservice-dpl.yaml +++ b/templates/jobservice/jobservice-dpl.yaml @@ -16,6 +16,9 @@ spec: labels: {{ include "harbor.labels" . | indent 8 }} component: jobservice + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/jobservice/jobservice-secrets.yaml") . | sha256sum }} spec: containers: - name: jobservice diff --git a/templates/nginx/deployment.yaml b/templates/nginx/deployment.yaml index 9232e513c..d6d12c096 100644 --- a/templates/nginx/deployment.yaml +++ b/templates/nginx/deployment.yaml @@ -17,6 +17,15 @@ spec: labels: {{ include "harbor.labels" . | indent 8 }} component: nginx + annotations: + {{- if not .Values.expose.tls.enabled }} + checksum/configmap: {{ include (print $.Template.BasePath "/nginx/configmap-http.yaml") . | sha256sum }} + {{- else }} + checksum/configmap: {{ include (print $.Template.BasePath "/nginx/configmap-https.yaml") . | sha256sum }} + {{- end }} + {{- if eq (include "harbor.autoGenCertForNginx" .) "true" }} + checksum/secret: {{ include (print $.Template.BasePath "/nginx/secret.yaml") . | sha256sum }} + {{- end }} spec: containers: - name: nginx diff --git a/templates/notary/notary-server.yaml b/templates/notary/notary-server.yaml index da18e711a..cce09dd56 100644 --- a/templates/notary/notary-server.yaml +++ b/templates/notary/notary-server.yaml @@ -17,6 +17,8 @@ spec: labels: {{ include "harbor.labels" . | indent 8 }} component: notary-server + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/notary/notary-cm.yaml") . | sha256sum }} spec: containers: - name: notary-server diff --git a/templates/notary/notary-signer.yaml b/templates/notary/notary-signer.yaml index 8a1a79f7c..11831f2cb 100644 --- a/templates/notary/notary-signer.yaml +++ b/templates/notary/notary-signer.yaml @@ -17,6 +17,8 @@ spec: labels: {{ include "harbor.labels" . | indent 8 }} component: notary-signer + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/notary/notary-cm.yaml") . | sha256sum }} spec: containers: - name: notary-signer diff --git a/templates/registry/registry-dpl.yaml b/templates/registry/registry-dpl.yaml index fad231edf..113f1856b 100644 --- a/templates/registry/registry-dpl.yaml +++ b/templates/registry/registry-dpl.yaml @@ -16,6 +16,9 @@ spec: labels: {{ include "harbor.labels" . | indent 8 }} component: registry + annotations: + checksum/configmap: {{ include (print $.Template.BasePath "/registry/registry-cm.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/registry/registry-secret.yaml") . | sha256sum }} spec: containers: - name: registry diff --git a/values.yaml b/values.yaml index 2021a437d..6778abfa8 100644 --- a/values.yaml +++ b/values.yaml @@ -98,27 +98,27 @@ persistence: # StorageClass will be used(the default). # Set it to "-" to disable dynamic provisioning storageClass: "" - subPath: "registry" - accessMode: ReadWriteMany + subPath: "" + accessMode: ReadWriteOnce size: 5Gi chartmuseum: existingClaim: "" storageClass: "" - subPath: "chartmuseum" - accessMode: ReadWriteMany + subPath: "" + accessMode: ReadWriteOnce size: 5Gi jobservice: existingClaim: "" storageClass: "" - subPath: "jobservice" - accessMode: ReadWriteMany + subPath: "" + accessMode: ReadWriteOnce size: 1Gi # If external database is used, the following settings for database will # be ignored database: existingClaim: "" storageClass: "" - subPath: "database" + subPath: "" accessMode: ReadWriteOnce size: 1Gi # If external Redis is used, the following settings for Redis will @@ -126,7 +126,7 @@ persistence: redis: existingClaim: "" storageClass: "" - subPath: "redis" + subPath: "" accessMode: ReadWriteOnce size: 1Gi # Define which storage backend is used for registry and chartmuseum to store