From 045758056e9e84660c5afd9cc79d7f5acdb251bf Mon Sep 17 00:00:00 2001 From: tanner Date: Mon, 27 Feb 2023 14:45:49 +0900 Subject: [PATCH 1/2] feat: add init containers Signed-off-by: Taehyun Kim --- README.md | 4 ++++ templates/core/core-dpl.yaml | 4 ++++ templates/jobservice/jobservice-dpl.yaml | 4 ++++ templates/portal/deployment.yaml | 4 ++++ templates/registry/registry-dpl.yaml | 4 ++++ values.yaml | 28 ++++++++++++++++++++++++ 6 files changed, 48 insertions(+) diff --git a/README.md b/README.md index c21764a86..38c108952 100644 --- a/README.md +++ b/README.md @@ -215,6 +215,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `portal.affinity` | Node/Pod affinities | `{}` | | `portal.podAnnotations` | Annotations to add to the portal pod | `{}` | | `portal.priorityClassName` | The priority class to run the pod as | | +| `portal.initContainers` | Init containers to be run before the controller's container starts. | `[]` | | **Core** | | | | `core.image.repository` | Repository for Harbor core image | `goharbor/harbor-core` | | `core.image.tag` | Tag for Harbor core image | `dev` | @@ -226,6 +227,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `core.nodeSelector` | Node labels for pod assignment | `{}` | | `core.tolerations` | Tolerations for pod assignment | `[]` | | `core.affinity` | Node/Pod affinities | `{}` | +| `core.initContainers` | Init containers to be run before the controller's container starts. | `[]` | | `core.podAnnotations` | Annotations to add to the core pod | `{}` | | `core.serviceAnnotations` | Annotations to add to the core service | `{}` | | `core.secret` | Secret is used when core server communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | | @@ -251,6 +253,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `jobservice.affinity` | Node/Pod affinities | `{}` | | `jobservice.podAnnotations` | Annotations to add to the jobservice pod | `{}` | | `jobservice.priorityClassName` | The priority class to run the pod as | | +| `jobservice.initContainers` | Init containers to be run before the controller's container starts. | `[]` | | `jobservice.secret` | Secret is used when job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | | | **Registry** | | | | `registry.registry.image.repository` | Repository for registry image | `goharbor/registry-photon` | @@ -278,6 +281,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `registry.upload_purging.age` | Remove files in _upload directories which exist for a period of time, default is one week. | `168h` | | `registry.upload_purging.interval` | The interval of the purge operations | `24h` | | `registry.upload_purging.dryrun` | If true, enable dryrun for purging _upload, default false | `false` | +| `registry.initContainers` | Init containers to be run before the controller's container starts. | `[]` | | **[Trivy][trivy]** | | | | `trivy.enabled` | The flag to enable Trivy scanner | `true` | | `trivy.image.repository` | Repository for Trivy adapter image | `goharbor/trivy-adapter-photon` | diff --git a/templates/core/core-dpl.yaml b/templates/core/core-dpl.yaml index 2ca8b0c5e..fb630c09f 100644 --- a/templates/core/core-dpl.yaml +++ b/templates/core/core-dpl.yaml @@ -42,6 +42,10 @@ spec: {{- end }} automountServiceAccountToken: {{ .Values.core.automountServiceAccountToken | default false }} terminationGracePeriodSeconds: 120 + {{- with .Values.core.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: core image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }} diff --git a/templates/jobservice/jobservice-dpl.yaml b/templates/jobservice/jobservice-dpl.yaml index 32df454b1..8c461a82c 100644 --- a/templates/jobservice/jobservice-dpl.yaml +++ b/templates/jobservice/jobservice-dpl.yaml @@ -48,6 +48,10 @@ spec: {{- end }} automountServiceAccountToken: {{ .Values.jobservice.automountServiceAccountToken | default false }} terminationGracePeriodSeconds: 120 + {{- with .Values.jobservice.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: jobservice image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }} diff --git a/templates/portal/deployment.yaml b/templates/portal/deployment.yaml index 934dc566b..7f1e62f59 100644 --- a/templates/portal/deployment.yaml +++ b/templates/portal/deployment.yaml @@ -38,6 +38,10 @@ spec: serviceAccountName: {{ .Values.portal.serviceAccountName }} {{- end }} automountServiceAccountToken: {{ .Values.portal.automountServiceAccountToken | default false }} + {{- with .Values.portal.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: portal image: {{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }} diff --git a/templates/registry/registry-dpl.yaml b/templates/registry/registry-dpl.yaml index 118a165d4..09224b545 100644 --- a/templates/registry/registry-dpl.yaml +++ b/templates/registry/registry-dpl.yaml @@ -51,6 +51,10 @@ spec: {{- end }} automountServiceAccountToken: {{ .Values.registry.automountServiceAccountToken | default false }} terminationGracePeriodSeconds: 120 + {{- with .Values.registry.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: registry image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }} diff --git a/values.yaml b/values.yaml index 06c7a4f6a..86655c3a5 100644 --- a/values.yaml +++ b/values.yaml @@ -440,6 +440,13 @@ portal: podAnnotations: {} ## The priority class to run the pod as priorityClassName: + # containers to be run before the controller's container starts. + initContainers: [] + # Example: + # + # - name: wait + # image: busybox + # command: [ 'sh', '-c', "sleep 20" ] core: image: @@ -464,6 +471,13 @@ core: affinity: {} ## Additional deployment annotations podAnnotations: {} + # containers to be run before the controller's container starts. + initContainers: [] + # Example: + # + # - name: wait + # image: busybox + # command: [ 'sh', '-c', "sleep 20" ] ## Additional service annotations serviceAnnotations: {} # Secret is used when core server communicates with other components. @@ -528,6 +542,13 @@ jobservice: secret: "" ## The priority class to run the pod as priorityClassName: + # containers to be run before the controller's container starts. + initContainers: [] + # Example: + # + # - name: wait + # image: busybox + # command: [ 'sh', '-c', "sleep 20" ] registry: # set the service account to be used, default if left empty @@ -594,6 +615,13 @@ registry: # the interval of the purge operations interval: 24h dryrun: false + # containers to be run before the controller's container starts. + initContainers: [] + # Example: + # + # - name: wait + # image: busybox + # command: [ 'sh', '-c', "sleep 20" ] trivy: # enabled the flag to enable Trivy scanner From e5c177c4e2f9c28229c92749191b3606cad46630 Mon Sep 17 00:00:00 2001 From: Taehyun Kim Date: Tue, 18 Jun 2024 15:09:44 +0900 Subject: [PATCH 2/2] feat: init containers for database, redis Signed-off-by: Taehyun Kim --- README.md | 2 ++ templates/database/database-ss.yaml | 3 +++ templates/redis/statefulset.yaml | 4 ++++ values.yaml | 14 ++++++++++++++ 4 files changed, 23 insertions(+) diff --git a/README.md b/README.md index b33d462ef..a78cfa670 100644 --- a/README.md +++ b/README.md @@ -329,6 +329,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `database.internal.priorityClassName` | The priority class to run the pod as | | | `database.internal.livenessProbe.timeoutSeconds` | The timeout used in liveness probe; 1 to 5 seconds | 1 | | `database.internal.readinessProbe.timeoutSeconds` | The timeout used in readiness probe; 1 to 5 seconds | 1 | +| `database.internal.extrInitContainers` | Extra init containers to be run before the database's container starts. | `[]` | | `database.external.host` | The hostname of external database | `192.168.0.1` | | `database.external.port` | The port of external database | `5432` | | `database.external.username` | The username of external database | `user` | @@ -354,6 +355,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `redis.internal.trivyAdapterIndex` | The database index for trivy adapter | `5` | | `redis.internal.harborDatabaseIndex` | The database index for harbor miscellaneous business logic | `0` | | `redis.internal.cacheLayerDatabaseIndex` | The database index for harbor cache layer | `0` | +| `redis.internal.initContainers` | Init containers to be run before the redis's container starts. | `[]` | | `redis.external.addr` | The addr of external Redis: :. When using sentinel, it should be :,:,: | `192.168.0.2:6379` | | `redis.external.sentinelMasterSet` | The name of the set of Redis instances to monitor | | | `redis.external.coreDatabaseIndex` | The database index for core | `0` | diff --git a/templates/database/database-ss.yaml b/templates/database/database-ss.yaml index 8cf9cd928..71c5eb1e0 100644 --- a/templates/database/database-ss.yaml +++ b/templates/database/database-ss.yaml @@ -63,6 +63,9 @@ spec: - name: database-data mountPath: /var/lib/postgresql/data subPath: {{ $database.subPath }} + {{- with .Values.database.internal.extrInitContainers }} + {{- toYaml . | nindent 6 }} + {{- end }} containers: - name: database image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }} diff --git a/templates/redis/statefulset.yaml b/templates/redis/statefulset.yaml index ed8f705a7..1d37fb184 100644 --- a/templates/redis/statefulset.yaml +++ b/templates/redis/statefulset.yaml @@ -41,6 +41,10 @@ spec: {{- end }} automountServiceAccountToken: {{ .Values.redis.internal.automountServiceAccountToken | default false }} terminationGracePeriodSeconds: 120 + {{- with .Values.redis.internal.initContainers }} + initContainers: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: redis image: {{ .Values.redis.internal.image.repository }}:{{ .Values.redis.internal.image.tag }} diff --git a/values.yaml b/values.yaml index a74710d17..ec3e4c499 100644 --- a/values.yaml +++ b/values.yaml @@ -908,6 +908,13 @@ database: affinity: {} ## The priority class to run the pod as priorityClassName: + # containers to be run before the controller's container starts. + extrInitContainers: [] + # Example: + # + # - name: wait + # image: busybox + # command: [ 'sh', '-c', "sleep 20" ] # The initial superuser password for internal database password: "changeit" # The size limit for Shared memory, pgSQL use it for shared_buffer @@ -975,6 +982,13 @@ redis: affinity: {} ## The priority class to run the pod as priorityClassName: + # containers to be run before the controller's container starts. + initContainers: [] + # Example: + # + # - name: wait + # image: busybox + # command: [ 'sh', '-c', "sleep 20" ] # # jobserviceDatabaseIndex defaults to "1" # # registryDatabaseIndex defaults to "2" # # trivyAdapterIndex defaults to "5"