Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add feature : use existing secret to set HTTP_PROXY & HTTPS_PROXY #1825

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open
4 changes: 2 additions & 2 deletions .github/workflows/publish_release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@ jobs:
- name: Publish Helm Chart
run: |
helm registry login registry-1.docker.io -u ${{ secrets.DOCKER_HUB_USERNAME }} -p ${{ secrets.DOCKER_HUB_PASSWORD }}
helm push ${{ env.PACKAGE_PATH }} oci://registry-1.docker.io/${{ secrets.DOCKER_HUB_USERNAME }}
helm push ${{ env.PACKAGE_PATH }} oci://registry-1.docker.io/goharbor
helm registry login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }}
helm push ${{ env.PACKAGE_PATH }} oci://ghcr.io/${{ github.actor }}
helm push ${{ env.PACKAGE_PATH }} oci://ghcr.io/goharbor
- name: Upload to chart repository
run: |
git config --global user.email "${{ github.event.repository.name }}@users.noreply.github.com"
Expand Down
14 changes: 8 additions & 6 deletions Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: harbor
version: 1.4.0-dev
appVersion: dev
version: 1.15.1-proxy-0.2
appVersion: 2.11.1
description: An open source trusted cloud native registry that stores, signs, and scans content
keywords:
- docker
Expand All @@ -13,10 +13,12 @@ sources:
- https://github.com/goharbor/harbor
- https://github.com/goharbor/harbor-helm
maintainers:
- name: Yan Wang
email: [email protected]
- name: Wenkai Yin
email: yinw@vmware.com
- name: Weiwei He
email: hweiwei@vmware.com
email: wenkai.yin@broadcom.com
- name: Miner Yang
email: miner.yang@broadcom.com
- name: Shengwen Yu
email: yshengwen@vmware.com
email: shengwen.yu@broadcom.com
engine: gotpl
4 changes: 3 additions & 1 deletion templates/core/core-cm.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,11 @@ data:
{{- if .Values.uaaSecretName }}
UAA_CA_ROOT: "/etc/core/auth-ca/auth-ca.crt"
{{- end }}
{{- if has "core" .Values.proxy.components }}
{{- if and (has "core" .Values.proxy.components) (not .Values.proxy.existingSecret) }}
HTTP_PROXY: "{{ .Values.proxy.httpProxy }}"
HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}"
{{- end }}
{{- if has "core" .Values.proxy.components }}
NO_PROXY: "{{ template "harbor.noProxy" . }}"
{{- end }}
PERMITTED_REGISTRY_TYPES_FOR_PROXY_CACHE: "docker-hub,harbor,azure-acr,aws-ecr,google-gcr,quay,docker-registry,github-ghcr,jfrog-artifactory"
Expand Down
4 changes: 4 additions & 0 deletions templates/core/core-dpl.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,10 @@ spec:
name: "{{ template "harbor.core" . }}"
- secretRef:
name: "{{ template "harbor.core" . }}"
{{- if .Values.proxy.existingSecret }}
- secretRef:
name: "{{ .Values.proxy.existingSecret }}"
{{- end }}
env:
- name: CORE_SECRET
valueFrom:
Expand Down
4 changes: 3 additions & 1 deletion templates/exporter/exporter-cm-env.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@ metadata:
labels:
{{ include "harbor.labels" . | indent 4 }}
data:
{{- if has "jobservice" .Values.proxy.components }}
{{- if and (has "jobservice" .Values.proxy.components) (not .Values.proxy.existingSecret) }}
HTTP_PROXY: "{{ .Values.proxy.httpProxy }}"
HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}"
{{- end }}
{{- if has "jobservice" .Values.proxy.components }}
NO_PROXY: "{{ template "harbor.noProxy" . }}"
{{- end }}
LOG_LEVEL: "{{ .Values.logLevel }}"
Expand Down
4 changes: 4 additions & 0 deletions templates/exporter/exporter-dpl.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,10 @@ spec:
name: "{{ template "harbor.exporter" . }}-env"
- secretRef:
name: "{{ template "harbor.exporter" . }}"
{{- if .Values.proxy.existingSecret }}
- secretRef:
name: "{{ .Values.proxy.existingSecret }}"
{{- end }}
env:
{{- if .Values.database.external.existingSecret }}
- name: HARBOR_DATABASE_PASSWORD
Expand Down
4 changes: 3 additions & 1 deletion templates/jobservice/jobservice-cm-env.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,11 @@ data:
JOBSERVICE_WEBHOOK_JOB_MAX_RETRY: "{{ .Values.jobservice.notification.webhook_job_max_retry }}"
JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "{{ .Values.jobservice.notification.webhook_job_http_client_timeout }}"

{{- if has "jobservice" .Values.proxy.components }}
{{- if and (has "jobservice" .Values.proxy.components) (not .Values.proxy.existingSecret) }}
HTTP_PROXY: "{{ .Values.proxy.httpProxy }}"
HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}"
{{- end }}
{{- if has "jobservice" .Values.proxy.components }}
NO_PROXY: "{{ template "harbor.noProxy" . }}"
{{- end }}
{{- if .Values.metrics.enabled}}
Expand Down
4 changes: 4 additions & 0 deletions templates/jobservice/jobservice-dpl.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,10 @@ spec:
name: "{{ template "harbor.jobservice" . }}-env"
- secretRef:
name: "{{ template "harbor.jobservice" . }}"
{{- if .Values.proxy.existingSecret }}
- secretRef:
name: "{{ .Values.proxy.existingSecret }}"
{{- end }}
ports:
- containerPort: {{ template "harbor.jobservice.containerPort" . }}
volumeMounts:
Expand Down
8 changes: 7 additions & 1 deletion templates/registry/registry-dpl.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -111,11 +111,13 @@ spec:
name: {{ .Values.registry.existingSecret }}
key: {{ .Values.registry.existingSecretKey }}
{{- end }}
{{- if has "registry" .Values.proxy.components }}
{{- if and (has "registry" .Values.proxy.components) (not .Values.proxy.existingSecret) }}
- name: HTTP_PROXY
value: "{{ .Values.proxy.httpProxy }}"
- name: HTTPS_PROXY
value: "{{ .Values.proxy.httpsProxy }}"
{{- end }}
{{- if has "registry" .Values.proxy.components }}
- name: NO_PROXY
value: "{{ template "harbor.noProxy" . }}"
{{- end }}
Expand Down Expand Up @@ -245,6 +247,10 @@ spec:
- secretRef:
name: {{ .Values.persistence.imageChartStorage.s3.existingSecret }}
{{- end }}
{{- if .Values.proxy.existingSecret }}
- secretRef:
name: "{{ .Values.proxy.existingSecret }}"
{{- end }}
env:
{{- if .Values.registry.existingSecret }}
- name: REGISTRY_HTTP_SECRET
Expand Down
9 changes: 8 additions & 1 deletion templates/trivy/trivy-sts.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -67,12 +67,19 @@ spec:
{{- if not (empty .Values.containerSecurityContext) }}
securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.proxy.existingSecret }}
envFrom:
- secretRef:
name: "{{ .Values.proxy.existingSecret }}"
{{- end }}
env:
{{- if has "trivy" .Values.proxy.components }}
{{- if and (has "trivy" .Values.proxy.components) (not .Values.proxy.existingSecret) }}
- name: HTTP_PROXY
value: "{{ .Values.proxy.httpProxy }}"
- name: HTTPS_PROXY
value: "{{ .Values.proxy.httpsProxy }}"
{{- end }}
{{- if has "trivy" .Values.proxy.components }}
- name: NO_PROXY
value: "{{ template "harbor.noProxy" . }}"
{{- end }}
Expand Down
2 changes: 1 addition & 1 deletion test/e2e/Jenkinsfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
@Library('harbor@main') _
@Library('harbor@2.11') _
import io.goharbor.*

class HarborChartFreshInstallPipelineExecutor extends FreshInstallPipelineExecutor implements Serializable {
Expand Down
27 changes: 17 additions & 10 deletions values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -367,12 +367,19 @@ existingSecretSecretKey: ""
proxy:
httpProxy:
httpsProxy:

# Fill in the name of an existing secret with HTTP_PROXY, HTTPS_PROXY keys.
# Setting existing secret will disable httpProxy, httpsProxy above.
existingSecret: ""

noProxy: 127.0.0.1,localhost,.local,.internal
components:
- core
- jobservice
- trivy



# Run the migration job via helm hook
enableMigrateHelmHook: false

Expand Down Expand Up @@ -483,7 +490,7 @@ containerSecurityContext:
nginx:
image:
repository: goharbor/nginx-photon
tag: dev
tag: v2.11.1
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
Expand Down Expand Up @@ -514,7 +521,7 @@ nginx:
portal:
image:
repository: goharbor/harbor-portal
tag: dev
tag: v2.11.1
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
Expand Down Expand Up @@ -554,7 +561,7 @@ portal:
core:
image:
repository: goharbor/harbor-core
tag: dev
tag: v2.11.1
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
Expand Down Expand Up @@ -641,7 +648,7 @@ core:
jobservice:
image:
repository: goharbor/harbor-jobservice
tag: dev
tag: v2.11.1
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
Expand Down Expand Up @@ -704,7 +711,7 @@ registry:
registry:
image:
repository: goharbor/registry-photon
tag: dev
tag: v2.11.1
# resources:
# requests:
# memory: 256Mi
Expand All @@ -713,7 +720,7 @@ registry:
controller:
image:
repository: goharbor/harbor-registryctl
tag: dev
tag: v2.11.1
# resources:
# requests:
# memory: 256Mi
Expand Down Expand Up @@ -794,7 +801,7 @@ trivy:
# repository the repository for Trivy adapter image
repository: goharbor/trivy-adapter-photon
# tag the tag for Trivy adapter image
tag: dev
tag: v2.11.1
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
Expand Down Expand Up @@ -887,7 +894,7 @@ database:
internal:
image:
repository: goharbor/harbor-db
tag: dev
tag: v2.11.1
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
Expand Down Expand Up @@ -967,7 +974,7 @@ redis:
internal:
image:
repository: goharbor/redis-photon
tag: dev
tag: v2.11.1
# set the service account to be used, default if left empty
serviceAccountName: ""
# mount the service account token
Expand Down Expand Up @@ -1029,7 +1036,7 @@ redis:
exporter:
image:
repository: goharbor/harbor-exporter
tag: dev
tag: v2.11.1
serviceAccountName: ""
# mount the service account token
automountServiceAccountToken: false
Expand Down