From fbd7092114ffcf6cdf529fe09dd04e244d2d9f9d Mon Sep 17 00:00:00 2001 From: Eguo Wang Date: Thu, 5 Jan 2023 20:55:20 +0800 Subject: [PATCH] Deployed harbor with http protocol, and enabled push cluster builder to registry --- charts/amphitheatre/Chart.yaml | 10 +-- .../harbor/containerd/config-map.yaml | 43 ------------- .../harbor/containerd/daemon-set.yaml | 63 ------------------- .../templates/harbor/docker/config-map.yaml | 28 --------- .../templates/harbor/docker/daemon-set.yaml | 50 --------------- .../templates/harbor/nginx-tls-secret.yaml | 14 ----- .../amphitheatre/templates/harbor/secret.yaml | 12 ++++ .../templates/kpack/cluster-builder.yaml | 2 +- .../templates/kpack/service-account.yaml | 4 ++ charts/amphitheatre/values.yaml | 10 +-- 10 files changed, 19 insertions(+), 217 deletions(-) delete mode 100644 charts/amphitheatre/templates/harbor/containerd/config-map.yaml delete mode 100644 charts/amphitheatre/templates/harbor/containerd/daemon-set.yaml delete mode 100644 charts/amphitheatre/templates/harbor/docker/config-map.yaml delete mode 100644 charts/amphitheatre/templates/harbor/docker/daemon-set.yaml delete mode 100644 charts/amphitheatre/templates/harbor/nginx-tls-secret.yaml create mode 100644 charts/amphitheatre/templates/harbor/secret.yaml diff --git a/charts/amphitheatre/Chart.yaml b/charts/amphitheatre/Chart.yaml index 8270d06..5999230 100644 --- a/charts/amphitheatre/Chart.yaml +++ b/charts/amphitheatre/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.10 +version: 0.2.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to @@ -28,14 +28,6 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 16.1.0 condition: harbor.enabled - - name: vcluster - repository: https://charts.loft.sh - version: 0.13.0 - condition: vcluster.enabled - - name: mysql - repository: https://charts.bitnami.com/bitnami - version: 9.4.5 - condition: mysql.enabled - name: kpack repository: https://charts.amphitheatre.app version: 0.1.0 diff --git a/charts/amphitheatre/templates/harbor/containerd/config-map.yaml b/charts/amphitheatre/templates/harbor/containerd/config-map.yaml deleted file mode 100644 index 97bf08f..0000000 --- a/charts/amphitheatre/templates/harbor/containerd/config-map.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if eq .Values.runtime "containerd" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: entrypoint - labels: - app: default-init -data: - custom_config.toml: | - [plugins.cri.registry.mirrors."{{ .Values.registry }}"] - endpoint = ["https://{{ .Values.registry }}"] - [plugins.cri.registry.configs."{{ .Values.registry }}".tls] - ca_file = "/etc/custom-certs/cert.pem" - entrypoint.sh: | - #!/usr/bin/env bash - - set -euo pipefail - export REGISTRY_FQDN={{ .Values.registry }} - - echo "Deleting the custom certificate file if it exists" - rm -rf /mnt/etc/custom-certs - mkdir /mnt/etc/custom-certs - - echo "Copying the custom certificate" - cp /registry/tls.crt /mnt/etc/custom-certs/cert.pem - - echo "Checking if the custom config is already applied" - if ! grep -q $REGISTRY_FQDN /mnt/etc/containerd/config.toml; then - echo "Appending the custom config to the end of the config file" - cat /etc/config/custom_config.toml >> /mnt/etc/containerd/config.toml - - if grep -q 'plugins."io.containerd.grpc.v1.cri".registry' /mnt/etc/containerd/config.toml; then - sed -i 's@plugins.cri.registry@plugins."io.containerd.grpc.v1.cri".registry@' /mnt/etc/containerd/config.toml - fi - - cat /mnt/etc/containerd/config.toml - - echo "restaring containerd" - nsenter --target 1 --mount systemctl restart containerd - else - echo "skiped applying the custom config" - fi -{{- end }} diff --git a/charts/amphitheatre/templates/harbor/containerd/daemon-set.yaml b/charts/amphitheatre/templates/harbor/containerd/daemon-set.yaml deleted file mode 100644 index 18e2de8..0000000 --- a/charts/amphitheatre/templates/harbor/containerd/daemon-set.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if eq .Values.runtime "containerd" }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: cert-daemonset -spec: - selector: - matchLabels: - k8s-app: cert-daemonset - template: - metadata: - annotations: - labels: - k8s-app: cert-daemonset - spec: - initContainers: - - image: gcr.io/gcp-runtimes/ubuntu_16_0_4 - name: init - command: ["/scripts/entrypoint.sh"] - securityContext: - capabilities: - add: - - NET_ADMIN - privileged: true - volumeMounts: - - mountPath: /mnt/etc - name: etc - - mountPath: /registry - name: nginx-tls-secret - readOnly: true - - mountPath: /scripts - name: entrypoint - - mountPath: /etc/config - name: containerd-config - readOnly: true - hostNetwork: true - hostPID: true - volumes: - - hostPath: - path: /etc - name: etc - - name: nginx-tls-secret - secret: - secretName: nginx-tls-secret - defaultMode: 420 - - name: entrypoint - configMap: - name: entrypoint - defaultMode: 0744 - items: - - key: entrypoint.sh - path: entrypoint.sh - - name: containerd-config - configMap: - name: entrypoint - defaultMode: 0744 - items: - - key: custom_config.toml - path: custom_config.toml - containers: - - image: gcr.io/google-containers/pause:3.2 - name: pause -{{- end }} diff --git a/charts/amphitheatre/templates/harbor/docker/config-map.yaml b/charts/amphitheatre/templates/harbor/docker/config-map.yaml deleted file mode 100644 index a8b7d35..0000000 --- a/charts/amphitheatre/templates/harbor/docker/config-map.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if eq .Values.runtime "docker" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: entrypoint - labels: - app: default-init -data: - entrypoint.sh: | - #!/usr/bin/env bash - - set -euo pipefail - export REGISTRY_FQDN={{ .Values.registry }} - export FOLDER=/mnt/etc/docker/certs.d/$REGISTRY_FQDN - - echo "Deleting the custom certificate folder and creating it again" - rm -rf $FOLDER - mkdir -p $FOLDER - - echo "Copying the custom certificate" - cp /registry/tls.crt $FOLDER/client.cert - cp /registry/tls.key $FOLDER/client.key - cp /registry/ca.crt $FOLDER/ca.crt - - echo "Certificates copied" - echo $FOLDER/client.cert - cat $FOLDER/client.cert -{{- end }} diff --git a/charts/amphitheatre/templates/harbor/docker/daemon-set.yaml b/charts/amphitheatre/templates/harbor/docker/daemon-set.yaml deleted file mode 100644 index 2caf749..0000000 --- a/charts/amphitheatre/templates/harbor/docker/daemon-set.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if eq .Values.runtime "docker" }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: cert-daemonset -spec: - selector: - matchLabels: - k8s-app: cert-daemonset - template: - metadata: - annotations: - labels: - k8s-app: cert-daemonset - spec: - initContainers: - - image: gcr.io/gcp-runtimes/ubuntu_16_0_4 - name: init - command: ["/scripts/entrypoint.sh"] - securityContext: - capabilities: - add: - - NET_ADMIN - privileged: true - volumeMounts: - - mountPath: /mnt/etc - name: etc - - mountPath: /registry - name: nginx-tls-secret - readOnly: true - - mountPath: /scripts - name: entrypoint - hostNetwork: true - hostPID: true - volumes: - - hostPath: - path: /etc - name: etc - - name: nginx-tls-secret - secret: - secretName: nginx-tls-secret - defaultMode: 420 - - name: entrypoint - configMap: - name: entrypoint - defaultMode: 0744 - containers: - - image: gcr.io/google-containers/pause:3.2 - name: pause -{{- end }} diff --git a/charts/amphitheatre/templates/harbor/nginx-tls-secret.yaml b/charts/amphitheatre/templates/harbor/nginx-tls-secret.yaml deleted file mode 100644 index 7c37078..0000000 --- a/charts/amphitheatre/templates/harbor/nginx-tls-secret.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.harbor.enabled .Values.harbor.nginx.tls.enabled }} -{{- $cn := (required "The \"harbor.nginx.tls.commonName\" is required!" .Values.harbor.nginx.tls.commonName) }} -{{- $ca := genCA "harbor-ca" 1068 }} -{{- $cert := genSignedCert $cn nil (list $cn) 1068 $ca }} -apiVersion: v1 -kind: Secret -metadata: - name: nginx-tls-secret -type: Opaque -data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} -{{- end }} diff --git a/charts/amphitheatre/templates/harbor/secret.yaml b/charts/amphitheatre/templates/harbor/secret.yaml new file mode 100644 index 0000000..e0ebede --- /dev/null +++ b/charts/amphitheatre/templates/harbor/secret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.harbor.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: registry-credentials + annotations: + kpack.io/docker: {{ .Values.harbor.externalURL }} +type: kubernetes.io/basic-auth +stringData: + username: admin + password: {{ .Values.harbor.adminPassword }} +{{- end }} diff --git a/charts/amphitheatre/templates/kpack/cluster-builder.yaml b/charts/amphitheatre/templates/kpack/cluster-builder.yaml index 3df0ab2..321fd6b 100644 --- a/charts/amphitheatre/templates/kpack/cluster-builder.yaml +++ b/charts/amphitheatre/templates/kpack/cluster-builder.yaml @@ -6,7 +6,7 @@ metadata: "helm.sh/hook": post-install "helm.sh/hook-weight": "-4" spec: - tag: {{ .Values.registry }}/amp-default-cluster-builder + tag: {{ .Values.registry }}/library/amp-default-cluster-builder stack: name: amp-default-cluster-stack kind: ClusterStack diff --git a/charts/amphitheatre/templates/kpack/service-account.yaml b/charts/amphitheatre/templates/kpack/service-account.yaml index f913e67..e5a5c01 100644 --- a/charts/amphitheatre/templates/kpack/service-account.yaml +++ b/charts/amphitheatre/templates/kpack/service-account.yaml @@ -5,3 +5,7 @@ metadata: annotations: "helm.sh/hook": post-install "helm.sh/hook-weight": "-6" +secrets: + - name: registry-credentials +imagePullSecrets: + - name: registry-credentials diff --git a/charts/amphitheatre/values.yaml b/charts/amphitheatre/values.yaml index b92120e..b955d27 100644 --- a/charts/amphitheatre/values.yaml +++ b/charts/amphitheatre/values.yaml @@ -2,7 +2,6 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -runtime: containerd registry: harbor.amp-system.svc.cluster.local harbor: @@ -15,14 +14,7 @@ harbor: type: ClusterIP nginx: tls: - enabled: true - commonName: harbor.amp-system.svc.cluster.local - existingSecret: nginx-tls-secret -vcluster: - enabled: false - -mysql: - enabled: false + enabled: false kpack: enabled: true