├── pkg └── install_scripts │ ├── dory │ ├── dory-engine │ │ └── license.yaml │ ├── docker │ │ ├── daemon.json │ │ ├── docker_certs.sh │ │ └── config.json │ ├── nginx-gitlab │ │ └── nginx-gitlab.conf │ └── openldap │ │ └── openldap_certs.sh │ ├── kubernetes │ ├── harbor │ │ ├── .helmignore │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── registry │ │ │ │ ├── registryctl-cm.yaml │ │ │ │ ├── registryctl-secret.yaml │ │ │ │ ├── registry-tls.yaml │ │ │ │ ├── registry-svc.yaml │ │ │ │ ├── registry-pvc.yaml │ │ │ │ └── registry-secret.yaml │ │ │ ├── database │ │ │ │ ├── database-secret.yaml │ │ │ │ └── database-svc.yaml │ │ │ ├── redis │ │ │ │ └── service.yaml │ │ │ ├── trivy │ │ │ │ ├── trivy-secret.yaml │ │ │ │ ├── trivy-svc.yaml │ │ │ │ └── trivy-tls.yaml │ │ │ ├── exporter │ │ │ │ ├── exporter-svc.yaml │ │ │ │ ├── exporter-secret.yaml │ │ │ │ └── exporter-cm-env.yaml │ │ │ ├── ingress │ │ │ │ └── secret.yaml │ │ │ ├── jobservice │ │ │ │ ├── jobservice-svc.yaml │ │ │ │ ├── jobservice-tls.yaml │ │ │ │ ├── jobservice-secrets.yaml │ │ │ │ ├── jobservice-pvc.yaml │ │ │ │ ├── jobservice-cm-env.yaml │ │ │ │ └── jobservice-cm.yaml │ │ │ ├── core │ │ │ │ ├── core-tls.yaml │ │ │ │ ├── core-svc.yaml │ │ │ │ ├── core-secret.yaml │ │ │ │ └── core-pre-upgrade-job.yaml │ │ │ ├── portal │ │ │ │ ├── tls.yaml │ │ │ │ ├── service.yaml │ │ │ │ └── configmap.yaml │ │ │ ├── nginx │ │ │ │ ├── secret.yaml │ │ │ │ └── service.yaml │ │ │ ├── metrics │ │ │ │ └── metrics-svcmon.yaml │ │ │ └── internal │ │ │ │ └── auto-tls.yaml │ │ └── Chart.yaml │ ├── harbor-v2.8.4 │ │ ├── .helmignore │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── registry │ │ │ │ ├── registryctl-cm.yaml │ │ │ │ ├── registryctl-secret.yaml │ │ │ │ ├── registry-tls.yaml │ │ │ │ ├── registry-svc.yaml │ │ │ │ ├── registry-pvc.yaml │ │ │ │ └── registry-secret.yaml │ │ │ ├── database │ │ │ │ ├── database-secret.yaml │ │ │ │ └── database-svc.yaml │ │ │ ├── redis │ │ │ │ ├── service.yaml │ │ │ │ └── statefulset.yaml │ │ │ ├── trivy │ │ │ │ ├── trivy-secret.yaml │ │ │ │ ├── trivy-svc.yaml │ │ │ │ └── trivy-tls.yaml │ │ │ ├── exporter │ │ │ │ ├── exporter-svc.yaml │ │ │ │ ├── exporter-secret.yaml │ │ │ │ └── exporter-cm-env.yaml │ │ │ ├── jobservice │ │ │ │ ├── jobservice-secrets.yaml │ │ │ │ ├── jobservice-svc.yaml │ │ │ │ ├── jobservice-tls.yaml │ │ │ │ ├── jobservice-pvc.yaml │ │ │ │ ├── jobservice-cm-env.yaml │ │ │ │ └── jobservice-cm.yaml │ │ │ ├── portal │ │ │ │ ├── service.yaml │ │ │ │ ├── tls.yaml │ │ │ │ ├── configmap.yaml │ │ │ │ └── deployment.yaml │ │ │ ├── ingress │ │ │ │ └── secret.yaml │ │ │ ├── core │ │ │ │ ├── core-tls.yaml │ │ │ │ ├── core-svc.yaml │ │ │ │ ├── core-secret.yaml │ │ │ │ └── core-pre-upgrade-job.yaml │ │ │ ├── nginx │ │ │ │ ├── secret.yaml │ │ │ │ ├── service.yaml │ │ │ │ └── deployment.yaml │ │ │ ├── notary │ │ │ │ ├── notary-secret.yaml │ │ │ │ ├── notary-svc.yaml │ │ │ │ └── notary-signer.yaml │ │ │ ├── metrics │ │ │ │ └── metrics-svcmon.yaml │ │ │ └── internal │ │ │ │ └── auto-tls.yaml │ │ ├── conf │ │ │ ├── notary-signer.json │ │ │ └── notary-server.json │ │ └── Chart.yaml │ ├── harbor_update_docker_certs.sh │ ├── step03-service.yaml │ ├── project-data-pod.yaml │ ├── step04-networkpolicy.yaml │ └── step01-namespace.yaml │ ├── kubernetes-ha │ ├── nginx-lb │ │ ├── docker-compose.yaml │ │ └── nginx-lb.conf │ ├── keepalived │ │ ├── docker-compose.yaml │ │ ├── check_apiserver.sh │ │ └── keepalived.conf │ ├── kubeadm-config.yaml │ ├── zh-README.md │ ├── zh-kubernetes-ha.yaml │ ├── en-README.md │ └── en-kubernetes-ha.yaml │ ├── docker-files │ ├── Dockerfile-jmeter │ ├── Dockerfile-maven │ ├── Dockerfile-gradle │ ├── Dockerfile-golang │ ├── Dockerfile-alpine │ ├── Dockerfile-python │ ├── Dockerfile-node │ ├── Dockerfile-robot │ ├── Dockerfile-liquibase │ └── Dockerfile-ansible │ ├── zh-deploy-dory.sh │ ├── en-deploy-dory.sh │ ├── zh-gitlab-config.sh │ ├── en-gitlab-config.sh │ ├── zh-restart-dory.sh │ ├── en-restart-dory.sh │ ├── zh-README-2-reset.md │ ├── en-README-2-reset.md │ ├── zh-sonarqube-config.sh │ ├── zh-pods-ready.sh │ ├── en-sonarqube-config.sh │ ├── en-pods-ready.sh │ ├── zh-push-images.sh │ ├── en-push-images.sh │ ├── zh-README-1-config.md │ ├── zh-README-0-install.md │ └── en-README-1-config.md ├── .gitignore ├── docs └── images │ ├── dory-icon.png │ ├── architecture.png │ ├── what-is-dory.png │ └── dory-engine-webui.png ├── CHANGELOGS ├── CHANGELOG-v1.6.1.md ├── CHANGELOG-v1.6.3.md ├── CHANGELOG-v1.5.0.md ├── CHANGELOG-v1.6.2.md ├── CHANGELOG-v1.5.1.md ├── CHANGELOG-v1.6.4.md ├── CHANGELOG-v1.5.2.md ├── CHANGELOG-v1.6.0.md ├── CHANGELOG-v1.6.6.md ├── CHANGELOG-v1.6.5.md ├── CHANGELOG-v1.7.1.md └── CHANGELOG-v1.7.0.md ├── .bashrc ├── main.go ├── Dockerfile ├── cmd ├── project.go ├── pipeline.go ├── install_ha.go ├── run.go ├── admin.go ├── console.go ├── install.go ├── def.go ├── install_ha_print.go ├── logout.go ├── version.go ├── install_print.go ├── run_logs.go └── run_abort.go ├── go.mod └── .github └── workflows └── build-release.yml /pkg/install_scripts/dory/dory-engine/license.yaml: -------------------------------------------------------------------------------- 1 | licenseKey: {{ $.dory.licenseKey | quote}} 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | node_modules 3 | *.so 4 | dorycli 5 | *cli 6 | xxx* 7 | .idea 8 | .vscode 9 | -------------------------------------------------------------------------------- /docs/images/dory-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dory-engine/dorycli/HEAD/docs/images/dory-icon.png -------------------------------------------------------------------------------- /docs/images/architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dory-engine/dorycli/HEAD/docs/images/architecture.png -------------------------------------------------------------------------------- /docs/images/what-is-dory.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dory-engine/dorycli/HEAD/docs/images/what-is-dory.png -------------------------------------------------------------------------------- /docs/images/dory-engine-webui.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dory-engine/dorycli/HEAD/docs/images/dory-engine-webui.png -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/.helmignore: -------------------------------------------------------------------------------- 1 | .github/* 2 | docs/* 3 | .git/* 4 | .gitignore 5 | CONTRIBUTING.md 6 | test/* -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/.helmignore: -------------------------------------------------------------------------------- 1 | .github/* 2 | docs/* 3 | .git/* 4 | .gitignore 5 | CONTRIBUTING.md 6 | test/* -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.6.1.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.6.1 2 | 3 | **新特性:** 4 | 5 | - dory-engine 运行列表页支持动态更新 6 | 7 | - dory-engine 服务依赖支持http请求某个url 8 | -------------------------------------------------------------------------------- /.bashrc: -------------------------------------------------------------------------------- 1 | export HISTTIMEFORMAT="%Y-%m-%d %T " 2 | export PS1='\u@\h:\W \$ ' 3 | alias l='ls -CF' 4 | alias la='ls -A' 5 | alias ll='ls -alh' 6 | alias ls='ls --color=auto' 7 | source /etc/profile.d/bash_completion.sh 8 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "github.com/dory-engine/dorycli/cmd" 5 | "github.com/spf13/cobra" 6 | ) 7 | 8 | func main() { 9 | var err error 10 | rootCmd := cmd.NewCmdRoot() 11 | err = rootCmd.Execute() 12 | cobra.CheckErr(err) 13 | } 14 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Please wait for several minutes for Harbor deployment to complete. 2 | Then you should be able to visit the Harbor portal at {{ .Values.externalURL }} 3 | For more details, please visit https://github.com/goharbor/harbor 4 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Please wait for several minutes for Harbor deployment to complete. 2 | Then you should be able to visit the Harbor portal at {{ .Values.externalURL }} 3 | For more details, please visit https://github.com/goharbor/harbor 4 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/registry/registryctl-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{ template "harbor.registryCtl" . }}" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | data: 8 | {{- template "harbor.traceEnvsForRegistryCtl" . }} 9 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/registry/registryctl-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: "{{ template "harbor.registryCtl" . }}" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | type: Opaque 8 | data: 9 | {{- template "harbor.traceJaegerPassword" . }} -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes-ha/nginx-lb/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | nginx-lb: 4 | image: {{ $.nginxlbImage }} 5 | container_name: nginx-lb 6 | hostname: nginx-lb 7 | volumes: 8 | - ./nginx-lb.conf:/etc/nginx/nginx.conf 9 | network_mode: host 10 | restart: always 11 | -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.6.3.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.6.3 2 | 3 | **新特性:** 4 | 5 | - dory-engine 构建环境设置和自定义步骤设置支持docker环境变量设置和docker主机别名设置 6 | 7 | - dory-engine 解决日志查看时系统异常问题 8 | 9 | - dory-engine 自定义步骤的内置变量增加sonarqube、nexus和harbor的url以及密码、token信息 10 | 11 | - dory-engine 试用版改为社区版 12 | 13 | - dory-engine 自定义步骤的目录改为使用/custom-steps目录 14 | -------------------------------------------------------------------------------- /pkg/install_scripts/docker-files/Dockerfile-jmeter: -------------------------------------------------------------------------------- 1 | FROM {{ $.source }} 2 | 3 | LABEL maintainer="cookeem" 4 | LABEL email="cookeem@qq.com" 5 | LABEL version="5.3.0" 6 | 7 | ENTRYPOINT [] 8 | 9 | # docker build -t {{ $.target }}{{ if $.isArm64}}-arm64v8{{ end }} -f Dockerfile-jmeter-{{ $.tagName }}{{ if $.isArm64}}-arm64v8{{ end }} . 10 | -------------------------------------------------------------------------------- /pkg/install_scripts/dory/docker/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "insecure-registries": [ 3 | {{- if eq $.dory.artifactRepo.type "nexus"}} 4 | "{{ $.artifactRepoIp }}:{{ $.artifactRepoPortHub }}", 5 | "{{ $.artifactRepoIp }}:{{ $.artifactRepoPortGcr }}", 6 | "{{ $.artifactRepoIp }}:{{ $.artifactRepoPortQuay }}" 7 | {{- end }} 8 | ] 9 | } 10 | -------------------------------------------------------------------------------- /pkg/install_scripts/docker-files/Dockerfile-maven: -------------------------------------------------------------------------------- 1 | FROM {{ $.source }} 2 | LABEL maintainer="cookeem" 3 | LABEL email="cookeem@qq.com" 4 | RUN useradd --uid 1000 --user-group --create-home --home-dir /home/dory dory 5 | 6 | # docker build -t {{ $.target }}{{ if $.isArm64}}-arm64v8{{ end }} -f Dockerfile-maven-{{ $.tagName }}{{ if $.isArm64}}-arm64v8{{ end }} . 7 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/registry/registryctl-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{ template "harbor.registryCtl" . }}" 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | data: 9 | {{- template "harbor.traceEnvsForRegistryCtl" . }} 10 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/registry/registryctl-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: "{{ template "harbor.registryCtl" . }}" 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | type: Opaque 9 | data: 10 | {{- template "harbor.traceJaegerPassword" . }} 11 | -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.5.0.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.5.0 2 | 3 | **新特性:** 4 | 5 | - 支持install ha命令,生成高可用kubernetes集群配置 6 | 7 | - admin apply/get 命令支持管理 dockerBuildEnv gitRepoConfig imageRepoConfig artifactRepoConfig scanCodeRepoConfig 8 | 9 | - 支持租户管理员管理相关配置的权限 10 | 11 | - harbor从v2.6.0升级到v2.8.4 12 | 13 | - dory-frontend 更名为 dory-console 14 | 15 | - dory-cli 更名为 dorycli 16 | 17 | -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.6.2.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.6.2 2 | 3 | **新特性:** 4 | 5 | - dory-engine 支持更新项目环境信息,可以设置项目环境的特权模式,以及禁止设置的容器部署设置项 6 | 7 | - dory-engine 支持申请更新项目环境信息 8 | 9 | - dory-engine 运行日志以及访问日志保存到logs目录 10 | 11 | - dory-engine 修复多个步骤同时执行引起的 "fatal error: concurrent map writes" 异常 12 | 13 | - dory-engine 前端界面下拉列表搜索支持输入文本快速定位搜索项 14 | 15 | - dory-engine 前端优化"选择操作"的下拉菜单 16 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/database/database-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.database.type "internal" -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: "{{ template "harbor.database" . }}" 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | type: Opaque 9 | data: 10 | POSTGRES_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.5.1.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.5.1 2 | 3 | **新特性:** 4 | 5 | - dorycli admin 命令的类型参数名字更新 6 | 7 | - dorycli def 命令的类型参数名字更新 8 | 9 | - dorycli install 命令的配置文件升级 10 | 11 | - serverURL 和 expireDays 参数更新为 server-url 和 expire-days 12 | 13 | - node镜像升级,支持npm-node18 和 npm-node20 14 | 15 | - dory-engine v2.5.1 数据结构升级 16 | 17 | - dory-engine 支持每个环境独立的nodePort端口段 18 | 19 | - dory-engine 支持使用外部的容器镜像仓库 20 | 21 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/redis/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.redis.type "internal" -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "harbor.redis" . }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | spec: 9 | ports: 10 | - port: 6379 11 | selector: 12 | {{ include "harbor.matchLabels" . | indent 4 }} 13 | component: redis 14 | {{- end -}} -------------------------------------------------------------------------------- /pkg/install_scripts/docker-files/Dockerfile-gradle: -------------------------------------------------------------------------------- 1 | FROM {{ $.source }} 2 | LABEL maintainer="cookeem" 3 | LABEL email="cookeem@qq.com" 4 | USER root 5 | RUN userdel gradle && groupadd -g 1000 dory && useradd -u 1000 -g 1000 -r dory -d /home/dory -m 6 | USER dory 7 | WORKDIR /home/dory 8 | 9 | # docker build -t {{ $.target }}{{ if $.isArm64}}-arm64v8{{ end }} -f Dockerfile-gradle-{{ $.tagName }}{{ if $.isArm64}}-arm64v8{{ end }} . 10 | -------------------------------------------------------------------------------- /pkg/install_scripts/zh-deploy-dory.sh: -------------------------------------------------------------------------------- 1 | # 创建 {{ $.dory.namespace }} 组件的名字空间与pv 2 | kubectl apply -f {{ $.dory.namespace }}/step01-pv.yaml 3 | 4 | # 在kubernetes中部署dory组件 5 | kubectl apply -f {{ $.dory.namespace }}/step02-statefulset.yaml 6 | kubectl apply -f {{ $.dory.namespace }}/step03-service.yaml 7 | kubectl apply -f {{ $.dory.namespace }}/step04-networkpolicy.yaml 8 | 9 | # 检查dory服务状态 10 | sh pods-ready.sh {{ $.dory.namespace }} 11 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/database/database-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.database.type "internal" -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: "{{ template "harbor.database" . }}" 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | spec: 9 | ports: 10 | - port: 5432 11 | selector: 12 | {{ include "harbor.matchLabels" . | indent 4 }} 13 | component: database 14 | {{- end -}} -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.6.4.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.6.4 2 | 3 | **新特性:** 4 | 5 | - dory-engine 支持设置项目成员禁止设置哪些项目定义、禁止查看哪些repo密钥、禁止执行哪些流水线 6 | 7 | - dory-engine 部署到k8s的制品压缩包名称包含分支信息 8 | 9 | - dory-engine 组件模板列表问题修复 10 | 11 | - dory-engine 管理控制台和项目控制台支持信息复制功能 12 | 13 | - dory-engine 环境组件的hostAliases解析问题修复 14 | 15 | - dory-engine 项目开通时,harbor的项目账号改为maintainer权限 16 | 17 | - dory-engine 修复崩溃问题 panic: concurrent write to websocket connection 18 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/database/database-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.database.type "internal" -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: "{{ template "harbor.database" . }}" 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: Opaque 10 | data: 11 | POSTGRES_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/trivy/trivy-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.trivy.enabled }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "harbor.trivy" . }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | type: Opaque 9 | data: 10 | redisURL: {{ include "harbor.redis.urlForTrivy" . | b64enc }} 11 | gitHubToken: {{ .Values.trivy.gitHubToken | default "" | b64enc | quote }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/conf/notary-signer.json: -------------------------------------------------------------------------------- 1 | { 2 | "server": { 3 | "grpc_addr": ":7899", 4 | "tls_cert_file": "/etc/ssl/notary/tls.crt", 5 | "tls_key_file": "/etc/ssl/notary/tls.key" 6 | }, 7 | "logging": { 8 | "level": "{{ .Values.logLevel }}" 9 | }, 10 | "storage": { 11 | "backend": "postgres", 12 | "db_url": "{{ template "harbor.database.notarySigner" . }}", 13 | "default_alias": "defaultalias" 14 | } 15 | } -------------------------------------------------------------------------------- /pkg/install_scripts/docker-files/Dockerfile-golang: -------------------------------------------------------------------------------- 1 | FROM {{ $.source }} 2 | LABEL maintainer="cookeem" 3 | LABEL email="cookeem@qq.com" 4 | RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \ 5 | apk --update add gcc musl-dev ca-certificates git curl zip jq tree htop && \ 6 | update-ca-certificates 7 | 8 | # docker build -t {{ $.target }}{{ if $.isArm64}}-arm64v8{{ end }} -f Dockerfile-golang-{{ $.tagName }}{{ if $.isArm64}}-arm64v8{{ end }} . 9 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/redis/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.redis.type "internal" -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "harbor.redis" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | spec: 10 | ports: 11 | - port: 6379 12 | selector: 13 | {{ include "harbor.matchLabels" . | indent 4 }} 14 | component: redis 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /pkg/install_scripts/en-deploy-dory.sh: -------------------------------------------------------------------------------- 1 | # create {{ $.dory.namespace }} namespace and pv 2 | kubectl apply -f {{ $.dory.namespace }}/step01-pv.yaml 3 | 4 | # start all dory services with kubernetes 5 | kubectl apply -f {{ $.dory.namespace }}/step02-statefulset.yaml 6 | kubectl apply -f {{ $.dory.namespace }}/step03-service.yaml 7 | kubectl apply -f {{ $.dory.namespace }}/step04-networkpolicy.yaml 8 | 9 | # check dory services status 10 | sh pods-ready.sh {{ $.dory.namespace }} 11 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/database/database-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.database.type "internal" -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: "{{ template "harbor.database" . }}" 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | spec: 10 | ports: 11 | - port: 5432 12 | selector: 13 | {{ include "harbor.matchLabels" . | indent 4 }} 14 | component: database 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/trivy/trivy-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.trivy.enabled }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "harbor.trivy" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: Opaque 10 | data: 11 | redisURL: {{ include "harbor.redis.urlForTrivy" . | b64enc }} 12 | gitHubToken: {{ .Values.trivy.gitHubToken | default "" | b64enc | quote }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /pkg/install_scripts/docker-files/Dockerfile-alpine: -------------------------------------------------------------------------------- 1 | FROM {{ $.source }} 2 | LABEL maintainer="cookeem" 3 | LABEL email="cookeem@qq.com" 4 | RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \ 5 | apk --update add ca-certificates git curl zip jq tree htop bash && \ 6 | update-ca-certificates && \ 7 | rm -rf /var/cache/apk/* 8 | 9 | # docker build -t {{ $.target }}{{ if $.isArm64}}-arm64v8{{ end }} -f Dockerfile-alpine-{{ $.tagName }}{{ if $.isArm64}}-arm64v8{{ end }} . 10 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/exporter/exporter-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: "{{ template "harbor.exporter" . }}" 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | spec: 9 | ports: 10 | - name: {{ template "harbor.metricsPortName" . }} 11 | port: {{ .Values.metrics.exporter.port }} 12 | selector: 13 | {{ include "harbor.matchLabels" . | indent 4 }} 14 | component: exporter 15 | {{ end }} 16 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes-ha/keepalived/docker-compose.yaml: -------------------------------------------------------------------------------- 1 | version: '3' 2 | services: 3 | keepalived: 4 | image: {{ $.keepalivedImage }} 5 | container_name: keepalived 6 | hostname: keepalived 7 | volumes: 8 | - ./check_apiserver.sh:/container/service/keepalived/assets/check_apiserver.sh 9 | - ./keepalived.conf:/container/service/keepalived/assets/keepalived.conf 10 | cap_add: 11 | - NET_ADMIN 12 | command: --copy-service 13 | network_mode: host 14 | restart: always 15 | -------------------------------------------------------------------------------- /pkg/install_scripts/docker-files/Dockerfile-python: -------------------------------------------------------------------------------- 1 | FROM {{ $.source }} 2 | LABEL maintainer="cookeem" 3 | LABEL email="cookeem@qq.com" 4 | RUN adduser -u 1000 -D dory && \ 5 | sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \ 6 | apk --update add ca-certificates curl gcc musl-dev git zip jq tree htop bash && \ 7 | update-ca-certificates 8 | 9 | # docker build -t {{ $.target }}{{ if $.isArm64}}-arm64v8{{ end }} -f Dockerfile-python-{{ $.tagName }}{{ if $.isArm64}}-arm64v8{{ end }} . 10 | -------------------------------------------------------------------------------- /pkg/install_scripts/docker-files/Dockerfile-node: -------------------------------------------------------------------------------- 1 | FROM {{ $.source }} 2 | LABEL maintainer="cookeem" 3 | LABEL email="cookeem@qq.com" 4 | RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \ 5 | apk --update add ca-certificates git curl zip jq tree htop python3 g++ make libpng-dev autoconf bash && \ 6 | update-ca-certificates && \ 7 | rm -rf /var/cache/apk/* 8 | 9 | # docker build -t {{ $.target }}{{ if $.isArm64}}-arm64v8{{ end }} -f Dockerfile-node-{{ $.tagName }}{{ if $.isArm64}}-arm64v8{{ end }} . 10 | -------------------------------------------------------------------------------- /pkg/install_scripts/zh-gitlab-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CONTAINER="gitlab-0" 4 | GITLAB_ROOT_PASSWORD=$(kubectl -n {{ $.dory.namespace }} exec $CONTAINER -- cat /etc/gitlab/initial_root_password 2>/dev/null | grep "^Password:" | awk -F': ' '{print $2}') 5 | 6 | if [ -n "$GITLAB_ROOT_PASSWORD" ]; then 7 | echo "✅ root初始密码: $GITLAB_ROOT_PASSWORD" 8 | else 9 | echo "❌ 未能获取root初始密码" 10 | fi 11 | 12 | {{ $.cmdRun }} --rm -ti -v $PWD:/src doryengine/python:3.11.2-alpine3.17-dory python /src/gitlab-config.py --password $GITLAB_ROOT_PASSWORD 13 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/exporter/exporter-svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: "{{ template "harbor.exporter" . }}" 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | spec: 10 | ports: 11 | - name: {{ template "harbor.metricsPortName" . }} 12 | port: {{ .Values.metrics.exporter.port }} 13 | selector: 14 | {{ include "harbor.matchLabels" . | indent 4 }} 15 | component: exporter 16 | {{ end }} 17 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/trivy/trivy-svc.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.trivy.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: "{{ template "harbor.trivy" . }}" 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | spec: 9 | ports: 10 | - name: {{ ternary "https-trivy" "http-trivy" .Values.internalTLS.enabled }} 11 | protocol: TCP 12 | port: {{ template "harbor.trivy.servicePort" . }} 13 | selector: 14 | {{ include "harbor.matchLabels" . | indent 4 }} 15 | component: trivy 16 | {{ end }} 17 | -------------------------------------------------------------------------------- /pkg/install_scripts/en-gitlab-config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CONTAINER="gitlab-0" 4 | GITLAB_ROOT_PASSWORD=$(kubectl -n {{ $.dory.namespace }} exec $CONTAINER -- cat /etc/gitlab/initial_root_password 2>/dev/null | grep "^Password:" | awk -F': ' '{print $2}') 5 | 6 | if [ -n "$GITLAB_ROOT_PASSWORD" ]; then 7 | echo "✅ initial root password: $GITLAB_ROOT_PASSWORD" 8 | else 9 | echo "❌ get initial root password failed" 10 | fi 11 | 12 | {{ $.cmdRun }} --rm -ti -v $PWD:/src doryengine/python:3.11.2-alpine3.17-dory python /src/gitlab-config.py --password $GITLAB_ROOT_PASSWORD 13 | -------------------------------------------------------------------------------- /pkg/install_scripts/zh-restart-dory.sh: -------------------------------------------------------------------------------- 1 | # 把dory-engine配置文件复制到共享存储 2 | kubectl -n {{ $.dory.namespace }} cp install-data/{{ $.dory.namespace }}/dory-engine/config/config.yaml project-data-pod-0:/project-data/{{ $.dory.namespace }}/dory-engine/config/ 3 | 4 | # 重启 dory-engine 和 dory-console 服务 5 | kubectl -n {{ $.dory.namespace }} scale statefulsets.apps dory-engine dory-console --replicas 0 6 | kubectl -n {{ $.dory.namespace }} scale statefulsets.apps dory-engine dory-console --replicas 1 7 | 8 | # 等待 dory-engine-0 dory-console-0 pod处于ready状态 9 | sh pods-ready.sh {{ $.dory.namespace }} 10 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/jobservice/jobservice-secrets.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: "{{ template "harbor.jobservice" . }}" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | type: Opaque 8 | data: 9 | JOBSERVICE_SECRET: {{ .Values.jobservice.secret | default (randAlphaNum 16) | b64enc | quote }} 10 | {{- if not .Values.registry.credentials.existingSecret }} 11 | REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }} 12 | {{- end }} 13 | {{- template "harbor.traceJaegerPassword" . }} 14 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/trivy/trivy-svc.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.trivy.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: "{{ template "harbor.trivy" . }}" 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | spec: 10 | ports: 11 | - name: {{ ternary "https-trivy" "http-trivy" .Values.internalTLS.enabled }} 12 | protocol: TCP 13 | port: {{ template "harbor.trivy.servicePort" . }} 14 | selector: 15 | {{ include "harbor.matchLabels" . | indent 4 }} 16 | component: trivy 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /pkg/install_scripts/en-restart-dory.sh: -------------------------------------------------------------------------------- 1 | # copy dory-engine config file to share storage 2 | kubectl -n {{ $.dory.namespace }} cp install-data/{{ $.dory.namespace }}/dory-engine/config/config.yaml project-data-pod-0:/project-data/{{ $.dory.namespace }}/dory-engine/config/ 3 | 4 | # restart dory-engine and dory-console service 5 | kubectl -n {{ $.dory.namespace }} scale statefulsets.apps dory-engine dory-console --replicas 0 6 | kubectl -n {{ $.dory.namespace }} scale statefulsets.apps dory-engine dory-console --replicas 1 7 | 8 | # waiting for dory-engine-0 dory-console-0 ready 9 | sh pods-ready.sh {{ $.dory.namespace }} 10 | -------------------------------------------------------------------------------- /pkg/install_scripts/docker-files/Dockerfile-robot: -------------------------------------------------------------------------------- 1 | FROM {{ $.source }} 2 | USER root 3 | RUN mkdir -p /root/.pip/ && \ 4 | echo '[global]' >> /root/.pip/pip.conf && \ 5 | echo 'index-url = https://mirrors.aliyun.com/pypi/simple/' >> /root/.pip/pip.conf && \ 6 | echo '[install]' >> /root/.pip/pip.conf && \ 7 | echo 'trusted-host=mirrors.aliyun.com' >> /root/.pip/pip.conf && \ 8 | pip install robotframework-excellibrary-xwfintech flask pymysql 9 | USER 1000:1000 10 | 11 | # docker build -t {{ $.target }}{{ if $.isArm64}}-arm64v8{{ end }} -f Dockerfile-robot-{{ $.tagName }}{{ if $.isArm64}}-arm64v8{{ end }} . 12 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/exporter/exporter-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "harbor.exporter" . }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | type: Opaque 9 | data: 10 | {{- if not .Values.existingSecretAdminPassword }} 11 | HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }} 12 | {{- end }} 13 | {{- if not .Values.database.external.existingSecret }} 14 | HARBOR_DATABASE_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.5.2.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.5.2 2 | 3 | **新特性:** 4 | 5 | - dorycli install print 命令默认不安装代码仓库、镜像仓库、制品仓库、代码扫描仓库 6 | 7 | - dorycli install print 命令支持--full参数,full参数表示完整安装代码仓库、镜像仓库、制品仓库、代码扫描仓库 8 | 9 | - dorycli install 不再自动下载trivy漏洞库,需要手工下载 10 | 11 | - dorycli install pull 命令在默认安装情况下,不进行镜像的拉取、构建和推送到内部镜像仓库 12 | 13 | - dorycli 支持中文子命令说明和参数说明 14 | 15 | - dory-engine v2.5.2 数据结构升级 16 | 17 | - dory-engine 支持使用外部制品仓库,支持ftp sftp http方式上传制品 18 | 19 | - dory-engine 支持制品仓库功能,可以把制品保存在DORY中 20 | 21 | - dory-engine 支持不设置制品扫描仓库,不设置情况下不启用代码扫描功能 22 | 23 | - dory-engine 支持在已有的代码仓库中创建演示项目代码和演示配置 24 | 25 | - dory-engine 支持设置项目的演示代码目录信息 26 | 27 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes-ha/keepalived/check_apiserver.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # if check error then repeat check for 12 times, else exit 4 | err=0 5 | for k in $(seq 1 12) 6 | do 7 | nc -zv localhost 6443 8 | check_code=$? 9 | if [[ $check_code == "0" ]]; then 10 | err=0 11 | break 12 | else 13 | err=$(expr $err + 1) 14 | sleep 5 15 | continue 16 | fi 17 | done 18 | 19 | if [[ $err != "0" ]]; then 20 | # if apiserver is down send SIG=1 21 | echo '[ERROR] apiserver error' 22 | exit 1 23 | else 24 | # if apiserver is up send SIG=0 25 | echo '[INFO] apiserver ok' 26 | exit 0 27 | fi 28 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/portal/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: "{{ template "harbor.portal" . }}" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | spec: 8 | {{- if or (eq .Values.expose.ingress.controller "gce") (eq .Values.expose.ingress.controller "alb") (eq .Values.expose.ingress.controller "f5-bigip") }} 9 | type: NodePort 10 | {{- end }} 11 | ports: 12 | - port: {{ template "harbor.portal.servicePort" . }} 13 | targetPort: {{ template "harbor.portal.containerPort" . }} 14 | selector: 15 | {{ include "harbor.matchLabels" . | indent 4 }} 16 | component: portal 17 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/exporter/exporter-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "harbor.exporter" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: Opaque 10 | data: 11 | {{- if not .Values.existingSecretAdminPassword }} 12 | HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }} 13 | {{- end }} 14 | {{- if not .Values.database.external.existingSecret }} 15 | HARBOR_DATABASE_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/ingress/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "harbor.autoGenCertForIngress" .) "true" }} 2 | {{- $ca := genCA "harbor-ca" 3650 }} 3 | {{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core .Values.expose.ingress.hosts.notary) 3650 $ca }} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: "{{ template "harbor.ingress" . }}" 8 | labels: 9 | {{ include "harbor.labels" . | indent 4 }} 10 | type: kubernetes.io/tls 11 | data: 12 | tls.crt: {{ $cert.Cert | b64enc | quote }} 13 | tls.key: {{ $cert.Key | b64enc | quote }} 14 | ca.crt: {{ $ca.Cert | b64enc | quote }} 15 | {{- end }} -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/ingress/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "harbor.autoGenCertForIngress" .) "true" }} 2 | {{- $ca := genCA "harbor-ca" 3650 }} 3 | {{- $cert := genSignedCert .Values.expose.ingress.hosts.core nil (list .Values.expose.ingress.hosts.core) 3650 $ca }} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: "{{ template "harbor.ingress" . }}" 8 | namespace: {{ .Release.Namespace | quote }} 9 | labels: 10 | {{ include "harbor.labels" . | indent 4 }} 11 | type: kubernetes.io/tls 12 | data: 13 | tls.crt: {{ $cert.Cert | b64enc | quote }} 14 | tls.key: {{ $cert.Key | b64enc | quote }} 15 | ca.crt: {{ $ca.Cert | b64enc | quote }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 2.8.4 3 | description: An open source trusted cloud native registry that stores, signs, and scans content 4 | home: https://goharbor.io 5 | icon: https://raw.githubusercontent.com/goharbor/website/master/static/img/logos/harbor-icon-color.png 6 | keywords: 7 | - docker 8 | - registry 9 | - harbor 10 | maintainers: 11 | - email: yinw@vmware.com 12 | name: Wenkai Yin 13 | - email: hweiwei@vmware.com 14 | name: Weiwei He 15 | - email: yshengwen@vmware.com 16 | name: Shengwen Yu 17 | name: harbor 18 | sources: 19 | - https://github.com/goharbor/harbor 20 | - https://github.com/goharbor/harbor-helm 21 | version: 1.12.4 22 | -------------------------------------------------------------------------------- /pkg/install_scripts/docker-files/Dockerfile-liquibase: -------------------------------------------------------------------------------- 1 | FROM {{ $.source }} 2 | 3 | LABEL maintainer="cookeem" 4 | LABEL email="cookeem@qq.com" 5 | LABEL version="4.17.2" 6 | 7 | USER root 8 | RUN usermod -u 1000 liquibase && \ 9 | groupmod -g 1000 liquibase && \ 10 | lpm add oracle && \ 11 | lpm add mysql && \ 12 | lpm add mongodb && \ 13 | mv /liquibase/liquibase_libs/*.jar /liquibase/internal/lib && \ 14 | chown -R 1000:1000 /liquibase/ && \ 15 | chown -R 1000:1000 /home/liquibase/ 16 | 17 | USER liquibase 18 | ENTRYPOINT [] 19 | 20 | # docker build -t {{ $.target }}{{ if $.isArm64}}-arm64v8{{ end }} -f Dockerfile-liquibase-{{ $.tagName }}{{ if $.isArm64}}-arm64v8{{ end }} . 21 | -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.6.0.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.6.0 2 | 3 | **新特性:** 4 | 5 | - dorycli 所有子命令说明支持多语言 6 | 7 | - dorycli install 安装gitlab支持/dev/shm参数 8 | 9 | - dorycli install 新增node16版本支持 10 | 11 | - dorycli install 更新安装说明 12 | 13 | - dorycli install check 更新安装说明 14 | 15 | - dorycli install ha 更新安装说明 16 | 17 | - dorycli install 不再处理/user/share/zoneinfo目录 18 | 19 | - dorycli install pull 支持无提示输入YES 20 | 21 | - dorycli install pull 支持不进行镜像build操作,直接从doryengine的dockerhub拉取镜像 22 | 23 | - dorycli install 显示子命令结构 24 | 25 | - dory-engine v2.6.0 数据结构升级 26 | 27 | - dory-engine 支持扩展资源配额(兼容gpu资源配额) 28 | 29 | - dory-engine 镜像打包步骤支持推送到其他镜像仓库 30 | 31 | - dory-engine 容器部署定义支持替换镜像名称,让环境支持其他镜像仓库 32 | 33 | - dory-engine 控制台支持清理项目临时代码仓库 34 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/jobservice/jobservice-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: "{{ template "harbor.jobservice" . }}" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | spec: 8 | ports: 9 | - name: {{ ternary "https-jobservice" "http-jobservice" .Values.internalTLS.enabled }} 10 | port: {{ template "harbor.jobservice.servicePort" . }} 11 | targetPort: {{ template "harbor.jobservice.containerPort" . }} 12 | {{- if .Values.metrics.enabled }} 13 | - name: {{ template "harbor.metricsPortName" . }} 14 | port: {{ .Values.metrics.jobservice.port }} 15 | {{- end }} 16 | selector: 17 | {{ include "harbor.matchLabels" . | indent 4 }} 18 | component: jobservice 19 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/core/core-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.internalTLS.enabled }} 2 | {{- if eq .Values.internalTLS.certSource "manual" }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "{{ template "harbor.internalTLS.core.secretName" . }}" 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: kubernetes.io/tls 10 | data: 11 | ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }} 12 | tls.crt: {{ (required "The \"internalTLS.core.crt\" is required!" .Values.internalTLS.core.crt) | b64enc | quote }} 13 | tls.key: {{ (required "The \"internalTLS.core.key\" is required!" .Values.internalTLS.core.key) | b64enc | quote }} 14 | {{- end }} 15 | {{- end }} -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | appVersion: 2.13.1 3 | description: An open source trusted cloud native registry that stores, signs, and 4 | scans content 5 | home: https://goharbor.io 6 | icon: https://raw.githubusercontent.com/goharbor/website/main/static/img/logos/harbor-icon-color.png 7 | keywords: 8 | - docker 9 | - registry 10 | - harbor 11 | maintainers: 12 | - email: yan-yw.wang@broadcom.com 13 | name: Yan Wang 14 | - email: wenkai.yin@broadcom.com 15 | name: Wenkai Yin 16 | - email: miner.yang@broadcom.com 17 | name: Miner Yang 18 | - email: shengwen.yu@broadcom.com 19 | name: Shengwen Yu 20 | name: harbor 21 | sources: 22 | - https://github.com/goharbor/harbor 23 | - https://github.com/goharbor/harbor-helm 24 | version: 1.17.1 25 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/portal/tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.internalTLS.enabled }} 2 | {{- if eq .Values.internalTLS.certSource "manual" }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "{{ template "harbor.internalTLS.portal.secretName" . }}" 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: kubernetes.io/tls 10 | data: 11 | ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }} 12 | tls.crt: {{ (required "The \"internalTLS.portal.crt\" is required!" .Values.internalTLS.portal.crt) | b64enc | quote }} 13 | tls.key: {{ (required "The \"internalTLS.portal.key\" is required!" .Values.internalTLS.portal.key) | b64enc | quote }} 14 | {{- end }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/registry/registry-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.internalTLS.enabled }} 2 | {{- if eq .Values.internalTLS.certSource "manual" }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "{{ template "harbor.internalTLS.registry.secretName" . }}" 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: kubernetes.io/tls 10 | data: 11 | ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }} 12 | tls.crt: {{ (required "The \"internalTLS.registry.crt\" is required!" .Values.internalTLS.registry.crt) | b64enc | quote }} 13 | tls.key: {{ (required "The \"internalTLS.registry.key\" is required!" .Values.internalTLS.registry.key) | b64enc | quote }} 14 | {{- end }} 15 | {{- end }} -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/trivy/trivy-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.trivy.enabled .Values.internalTLS.enabled }} 2 | {{- if eq .Values.internalTLS.certSource "manual" }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "{{ template "harbor.internalTLS.trivy.secretName" . }}" 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: kubernetes.io/tls 10 | data: 11 | ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }} 12 | tls.crt: {{ (required "The \"internalTLS.trivy.crt\" is required!" .Values.internalTLS.trivy.crt) | b64enc | quote }} 13 | tls.key: {{ (required "The \"internalTLS.trivy.key\" is required!" .Values.internalTLS.trivy.key) | b64enc | quote }} 14 | {{- end }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/jobservice/jobservice-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: "{{ template "harbor.jobservice" . }}" 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | spec: 9 | ports: 10 | - name: {{ ternary "https-jobservice" "http-jobservice" .Values.internalTLS.enabled }} 11 | port: {{ template "harbor.jobservice.servicePort" . }} 12 | targetPort: {{ template "harbor.jobservice.containerPort" . }} 13 | {{- if .Values.metrics.enabled }} 14 | - name: {{ template "harbor.metricsPortName" . }} 15 | port: {{ .Values.metrics.jobservice.port }} 16 | {{- end }} 17 | selector: 18 | {{ include "harbor.matchLabels" . | indent 4 }} 19 | component: jobservice 20 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/jobservice/jobservice-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.internalTLS.enabled }} 2 | {{- if eq .Values.internalTLS.certSource "manual" }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "{{ template "harbor.internalTLS.jobservice.secretName" . }}" 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: kubernetes.io/tls 10 | data: 11 | ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }} 12 | tls.crt: {{ (required "The \"internalTLS.jobservice.crt\" is required!" .Values.internalTLS.jobservice.crt) | b64enc | quote }} 13 | tls.key: {{ (required "The \"internalTLS.jobservice.key\" is required!" .Values.internalTLS.jobservice.key) | b64enc | quote }} 14 | {{- end }} 15 | {{- end }} -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/conf/notary-server.json: -------------------------------------------------------------------------------- 1 | { 2 | "server": { 3 | "http_addr": ":4443" 4 | }, 5 | "trust_service": { 6 | "type": "remote", 7 | "hostname": "{{ template "harbor.notary-signer" . }}", 8 | "port": "7899", 9 | "tls_ca_file": "/etc/ssl/notary/ca.crt", 10 | "key_algorithm": "ecdsa" 11 | }, 12 | "logging": { 13 | "level": "{{ .Values.logLevel }}" 14 | }, 15 | "storage": { 16 | "backend": "postgres", 17 | "db_url": "{{ template "harbor.database.notaryServer" . }}" 18 | }, 19 | "auth": { 20 | "type": "token", 21 | "options": { 22 | "realm": "{{ .Values.externalURL }}/service/token", 23 | "service": "harbor-notary", 24 | "issuer": "harbor-token-issuer", 25 | "rootcertbundle": "/root.crt" 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/core/core-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.internalTLS.enabled }} 2 | {{- if eq .Values.internalTLS.certSource "manual" }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "{{ template "harbor.internalTLS.core.secretName" . }}" 7 | namespace: {{ .Release.Namespace | quote }} 8 | labels: 9 | {{ include "harbor.labels" . | indent 4 }} 10 | type: kubernetes.io/tls 11 | data: 12 | ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }} 13 | tls.crt: {{ (required "The \"internalTLS.core.crt\" is required!" .Values.internalTLS.core.crt) | b64enc | quote }} 14 | tls.key: {{ (required "The \"internalTLS.core.key\" is required!" .Values.internalTLS.core.key) | b64enc | quote }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/portal/tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.internalTLS.enabled }} 2 | {{- if eq .Values.internalTLS.certSource "manual" }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "{{ template "harbor.internalTLS.portal.secretName" . }}" 7 | namespace: {{ .Release.Namespace | quote }} 8 | labels: 9 | {{ include "harbor.labels" . | indent 4 }} 10 | type: kubernetes.io/tls 11 | data: 12 | ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }} 13 | tls.crt: {{ (required "The \"internalTLS.portal.crt\" is required!" .Values.internalTLS.portal.crt) | b64enc | quote }} 14 | tls.key: {{ (required "The \"internalTLS.portal.key\" is required!" .Values.internalTLS.portal.key) | b64enc | quote }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/registry/registry-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: "{{ template "harbor.registry" . }}" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | spec: 8 | ports: 9 | - name: {{ ternary "https-registry" "http-registry" .Values.internalTLS.enabled }} 10 | port: {{ template "harbor.registry.servicePort" . }} 11 | 12 | - name: {{ ternary "https-controller" "http-controller" .Values.internalTLS.enabled }} 13 | port: {{ template "harbor.registryctl.servicePort" . }} 14 | {{- if .Values.metrics.enabled}} 15 | - name: {{ template "harbor.metricsPortName" . }} 16 | port: {{ .Values.metrics.registry.port }} 17 | {{- end }} 18 | selector: 19 | {{ include "harbor.matchLabels" . | indent 4 }} 20 | component: registry -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/portal/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: "{{ template "harbor.portal" . }}" 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | {{- with .Values.portal.serviceAnnotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | {{- if or (eq .Values.expose.ingress.controller "gce") (eq .Values.expose.ingress.controller "alb") (eq .Values.expose.ingress.controller "f5-bigip") }} 14 | type: NodePort 15 | {{- end }} 16 | ports: 17 | - port: {{ template "harbor.portal.servicePort" . }} 18 | targetPort: {{ template "harbor.portal.containerPort" . }} 19 | selector: 20 | {{ include "harbor.matchLabels" . | indent 4 }} 21 | component: portal 22 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/registry/registry-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.internalTLS.enabled }} 2 | {{- if eq .Values.internalTLS.certSource "manual" }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "{{ template "harbor.internalTLS.registry.secretName" . }}" 7 | namespace: {{ .Release.Namespace | quote }} 8 | labels: 9 | {{ include "harbor.labels" . | indent 4 }} 10 | type: kubernetes.io/tls 11 | data: 12 | ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }} 13 | tls.crt: {{ (required "The \"internalTLS.registry.crt\" is required!" .Values.internalTLS.registry.crt) | b64enc | quote }} 14 | tls.key: {{ (required "The \"internalTLS.registry.key\" is required!" .Values.internalTLS.registry.key) | b64enc | quote }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/trivy/trivy-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.trivy.enabled .Values.internalTLS.enabled }} 2 | {{- if eq .Values.internalTLS.certSource "manual" }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "{{ template "harbor.internalTLS.trivy.secretName" . }}" 7 | namespace: {{ .Release.Namespace | quote }} 8 | labels: 9 | {{ include "harbor.labels" . | indent 4 }} 10 | type: kubernetes.io/tls 11 | data: 12 | ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }} 13 | tls.crt: {{ (required "The \"internalTLS.trivy.crt\" is required!" .Values.internalTLS.trivy.crt) | b64enc | quote }} 14 | tls.key: {{ (required "The \"internalTLS.trivy.key\" is required!" .Values.internalTLS.trivy.key) | b64enc | quote }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/jobservice/jobservice-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.internalTLS.enabled }} 2 | {{- if eq .Values.internalTLS.certSource "manual" }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: "{{ template "harbor.internalTLS.jobservice.secretName" . }}" 7 | namespace: {{ .Release.Namespace | quote }} 8 | labels: 9 | {{ include "harbor.labels" . | indent 4 }} 10 | type: kubernetes.io/tls 11 | data: 12 | ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }} 13 | tls.crt: {{ (required "The \"internalTLS.jobservice.crt\" is required!" .Values.internalTLS.jobservice.crt) | b64enc | quote }} 14 | tls.key: {{ (required "The \"internalTLS.jobservice.key\" is required!" .Values.internalTLS.jobservice.key) | b64enc | quote }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/registry/registry-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: "{{ template "harbor.registry" . }}" 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | spec: 9 | ports: 10 | - name: {{ ternary "https-registry" "http-registry" .Values.internalTLS.enabled }} 11 | port: {{ template "harbor.registry.servicePort" . }} 12 | 13 | - name: {{ ternary "https-controller" "http-controller" .Values.internalTLS.enabled }} 14 | port: {{ template "harbor.registryctl.servicePort" . }} 15 | {{- if .Values.metrics.enabled}} 16 | - name: {{ template "harbor.metricsPortName" . }} 17 | port: {{ .Values.metrics.registry.port }} 18 | {{- end }} 19 | selector: 20 | {{ include "harbor.matchLabels" . | indent 4 }} 21 | component: registry 22 | -------------------------------------------------------------------------------- /pkg/install_scripts/zh-README-2-reset.md: -------------------------------------------------------------------------------- 1 | # 清除kubernetes方式部署的服务 2 | 3 | ## 当安装出现异常的情况下,清除所有dory服务 4 | 5 | {{- if $.imageRepoInternal }} 6 | ### 停止并清除 {{ $.dory.imageRepo.type }} 服务 7 | 8 | ```shell script 9 | helm -n {{ $.dory.imageRepo.internal.namespace }} uninstall {{ $.dory.imageRepo.internal.namespace }} 10 | ``` 11 | {{- end }} 12 | 13 | ### 停止并清除所有 dory 服务 14 | 15 | ```shell script 16 | # 删除所有dory数据 17 | kubectl -n {{ $.dory.namespace }} exec project-data-pod-0 -- sh -c "rm -rf /project-data/*" 18 | 19 | # 删除相关名字空间 20 | kubectl delete namespace {{ $.dory.namespace }} 21 | kubectl delete pv {{ $.dory.namespace }}-pv 22 | {{- if $.imageRepoInternal }} 23 | kubectl delete namespace {{ $.dory.imageRepo.internal.namespace }} 24 | kubectl delete pv {{ $.dory.imageRepo.internal.namespace }}-pv 25 | {{- end }} 26 | 27 | kubectl delete pv {{ $.dory.namespace }}-project-data-pv 28 | ``` 29 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes-ha/keepalived/keepalived.conf: -------------------------------------------------------------------------------- 1 | ! ######################### 2 | ! {{ $.host.hostname }} keepalived 3 | ! ######################### 4 | 5 | global_defs { 6 | router_id LVS_DEVEL 7 | } 8 | vrrp_script check_apiserver { 9 | script "/etc/keepalived/check_apiserver.sh" 10 | interval 5 11 | weight -60 12 | fall 2 13 | rise 2 14 | } 15 | vrrp_instance VI_1 { 16 | state BACKUP 17 | mcast_src_ip {{ $.host.ipAddress }} 18 | interface {{ $.host.networkInterface }} 19 | priority {{ $.host.keepalivedPriority }} 20 | authentication { 21 | auth_type PASS 22 | auth_pass {{ $.keepAlivedAuthPass }} 23 | } 24 | virtual_ipaddress { 25 | {{ $.virtualIp }} 26 | } 27 | virtual_router_id {{ $.keepAlivedVirtualRouterId }} 28 | advert_int 5 29 | track_script { 30 | check_apiserver 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/jobservice/jobservice-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.jobservice" .) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: "{{ template "harbor.jobservice" . }}" 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: Opaque 10 | data: 11 | {{- if not .Values.jobservice.existingSecret }} 12 | JOBSERVICE_SECRET: {{ .Values.jobservice.secret | default (include "harbor.secretKeyHelper" (dict "key" "JOBSERVICE_SECRET" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }} 13 | {{- end }} 14 | {{- if not .Values.registry.credentials.existingSecret }} 15 | REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }} 16 | {{- end }} 17 | {{- template "harbor.traceJaegerPassword" . }} 18 | -------------------------------------------------------------------------------- /pkg/install_scripts/dory/nginx-gitlab/nginx-gitlab.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 8080; 3 | server_name localhost; 4 | resolver kube-dns.kube-system.svc.cluster.local valid=5s; 5 | location / { 6 | proxy_pass http://gitlab.{{ $.dory.namespace }}.svc.cluster.local/$request_uri; 7 | proxy_redirect off; 8 | proxy_set_header Host $http_host; 9 | proxy_set_header Upgrade $http_upgrade; 10 | proxy_set_header Connection "Upgrade"; 11 | proxy_set_header X-Real-IP $remote_addr; 12 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 13 | proxy_set_header X-Forwarded-Proto https; 14 | proxy_set_header X-Frame-Options SAMEORIGIN; 15 | 16 | sub_filter 'http://gitlab-0' ''; 17 | sub_filter_once off; 18 | sub_filter_types 'application/json'; 19 | 20 | client_max_body_size 0; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /pkg/install_scripts/en-README-2-reset.md: -------------------------------------------------------------------------------- 1 | # reset kubernetes installation 2 | 3 | ## remove all dory service when install failure 4 | 5 | {{- if $.imageRepoInternal }} 6 | ### stop and remove {{ $.dory.imageRepo.type }} services 7 | 8 | ```shell script 9 | helm -n {{ $.dory.imageRepo.internal.namespace }} uninstall {{ $.dory.imageRepo.internal.namespace }} 10 | ``` 11 | {{- end }} 12 | 13 | ### stop and remove dory services 14 | 15 | ```shell script 16 | # delete all dory data 17 | kubectl -n {{ $.dory.namespace }} exec project-data-pod-0 -- sh -c "rm -rf /project-data/*" 18 | 19 | # delete relative namespaces 20 | kubectl delete namespace {{ $.dory.namespace }} 21 | kubectl delete pv {{ $.dory.namespace }}-pv 22 | {{- if $.imageRepoInternal }} 23 | kubectl delete namespace {{ $.dory.imageRepo.internal.namespace }} 24 | kubectl delete pv {{ $.dory.imageRepo.internal.namespace }}-pv 25 | {{- end }} 26 | 27 | kubectl delete pv {{ $.dory.namespace }}-project-data-pv 28 | ``` 29 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes-ha/kubeadm-config.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: kubeadm.k8s.io/v1beta3 3 | kind: ClusterConfiguration 4 | kubernetesVersion: {{ $.version }} 5 | {{- if $.imageRepository }} 6 | imageRepository: {{ $.imageRepository }} 7 | {{- end }} 8 | apiServer: 9 | certSANs: 10 | - {{ $.virtualHostname | quote }} 11 | - {{ $.virtualIp | quote }} 12 | {{- range $_, $host := $.masterHosts }} 13 | - {{ $host.hostname | quote }} 14 | - {{ $host.ipAddress | quote }} 15 | {{- end }} 16 | controlPlaneEndpoint: "{{ $.virtualIp }}:{{ $.virtualPort }}" 17 | {{- if or $.podSubnet $.serviceSubnet }} 18 | networking: 19 | {{- if $.podSubnet }} 20 | podSubnet: {{ $.podSubnet | quote }} 21 | {{- end }} 22 | {{- if $.serviceSubnet }} 23 | serviceSubnet: {{ $.serviceSubnet | quote }} 24 | {{- end }} 25 | {{- end }} 26 | 27 | --- 28 | apiVersion: kubeadm.k8s.io/v1beta3 29 | kind: InitConfiguration 30 | nodeRegistration: 31 | criSocket: {{ $.criSocket | quote }} 32 | -------------------------------------------------------------------------------- /pkg/install_scripts/zh-sonarqube-config.sh: -------------------------------------------------------------------------------- 1 | export PASSWORD={{ $.scanCodeRepoPassword }} 2 | 3 | # 修改admin密码 4 | curl -X 'GET' -u admin:admin \ 5 | {{ $.scanCodeRepoViewUrl }}/api/authentication/validate 6 | 7 | export TOKEN=$(curl -X 'POST' -u admin:admin \ 8 | {{ $.scanCodeRepoViewUrl }}/api/user_tokens/generate \ 9 | -d 'name=dory' | jq -r .token) 10 | echo "token: $TOKEN" 11 | 12 | curl -X 'POST' -u $TOKEN: \ 13 | {{ $.scanCodeRepoViewUrl }}/api/users/change_password \ 14 | -d "login=admin&password=$PASSWORD&previousPassword=admin" 15 | 16 | # 创建 admin token 17 | curl -X 'GET' -u admin:$PASSWORD \ 18 | {{ $.scanCodeRepoViewUrl }}/api/authentication/validate 19 | 20 | # 设置项目默认不可见 21 | curl -X 'POST' -u $TOKEN: \ 22 | {{ $.scanCodeRepoViewUrl }}/api/projects/update_default_visibility \ 23 | -d "projectVisibility=private" 24 | 25 | # 更新dory-engine的配置文件config.yaml 26 | sed -i "s/SCAN_CODE_REPO_TOKEN/$TOKEN/g" install-data/{{ $.dory.namespace }}/dory-engine/config/config.yaml 27 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes-ha/nginx-lb/nginx-lb.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | worker_processes 1; 3 | 4 | error_log /var/log/nginx/error.log warn; 5 | pid /var/run/nginx.pid; 6 | 7 | 8 | events { 9 | worker_connections 1024; 10 | } 11 | 12 | stream { 13 | upstream apiserver { 14 | {{- range $_, $host := $.masterHosts }} 15 | server {{ $host.ipAddress }}:6443 weight=5 max_fails=3 fail_timeout=30s; 16 | {{- end }} 17 | } 18 | 19 | server { 20 | listen {{ $.virtualPort }}; 21 | proxy_connect_timeout 15s; 22 | proxy_timeout 15s; 23 | proxy_pass apiserver; 24 | } 25 | 26 | log_format proxy '$remote_addr [$time_local] ' 27 | '$protocol $status $bytes_sent $bytes_received ' 28 | '$session_time "$upstream_addr" ' 29 | '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"'; 30 | 31 | access_log /var/log/nginx/access.log proxy; 32 | } 33 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/core/core-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "harbor.core" . }} 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | {{- with .Values.core.serviceAnnotations }} 8 | annotations: 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | {{- if or (eq .Values.expose.ingress.controller "gce") (eq .Values.expose.ingress.controller "alb") (eq .Values.expose.ingress.controller "f5-bigip") }} 13 | type: NodePort 14 | {{- end }} 15 | ports: 16 | - name: {{ ternary "https-web" "http-web" .Values.internalTLS.enabled }} 17 | port: {{ template "harbor.core.servicePort" . }} 18 | targetPort: {{ template "harbor.core.containerPort" . }} 19 | {{- if .Values.metrics.enabled}} 20 | - name: {{ template "harbor.metricsPortName" . }} 21 | port: {{ .Values.metrics.core.port }} 22 | {{- end }} 23 | selector: 24 | {{ include "harbor.matchLabels" . | indent 4 }} 25 | component: core 26 | -------------------------------------------------------------------------------- /pkg/install_scripts/zh-pods-ready.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 用法: ./pods-ready.sh 3 | # 不传参时默认使用 default 命名空间 4 | 5 | set -euo pipefail 6 | 7 | NS="${1:-default}" 8 | 9 | echo "正在等待 namespace \"$NS\" 中所有 Pod 就绪" 10 | 11 | while true; do 12 | pods=$(kubectl get pods -n "$NS" --no-headers 2>/dev/null || true) 13 | 14 | [[ -z "$pods" ]] && { echo "(暂无 Pod)"; sleep 5; continue; } 15 | 16 | all_ready=true 17 | 18 | while IFS= read -r line; do 19 | ready_col=$(awk '{print $2}' <<< "$line") 20 | status_col=$(awk '{print $3}' <<< "$line") 21 | 22 | ready_cnt=${ready_col%%/*} 23 | total_cnt=${ready_col##*/} 24 | 25 | if [[ "$status_col" != "Running" || "$ready_cnt" != "$total_cnt" ]]; then 26 | all_ready=false 27 | break 28 | fi 29 | done <<< "$pods" 30 | 31 | kubectl get pods -n "$NS" 32 | 33 | if $all_ready; then 34 | echo "namespace \"$NS\" 中的所有 Pod 均已 Running 且 Ready" 35 | exit 0 36 | fi 37 | 38 | echo "仍有 Pod 未就绪,5 秒后继续检查…" 39 | sleep 5 40 | done 41 | -------------------------------------------------------------------------------- /pkg/install_scripts/en-sonarqube-config.sh: -------------------------------------------------------------------------------- 1 | export PASSWORD={{ $.scanCodeRepoPassword }} 2 | 3 | # change admin password 4 | curl -X 'GET' -u admin:admin \ 5 | {{ $.scanCodeRepoViewUrl }}/api/authentication/validate 6 | 7 | export TOKEN=$(curl -X 'POST' -u admin:admin \ 8 | {{ $.scanCodeRepoViewUrl }}/api/user_tokens/generate \ 9 | -d 'name=dory' | jq -r .token) 10 | echo "token: $TOKEN" 11 | 12 | curl -X 'POST' -u $TOKEN: \ 13 | {{ $.scanCodeRepoViewUrl }}/api/users/change_password \ 14 | -d "login=admin&password=$PASSWORD&previousPassword=admin" 15 | 16 | # create admin token 17 | curl -X 'GET' -u admin:$PASSWORD \ 18 | {{ $.scanCodeRepoViewUrl }}/api/authentication/validate 19 | 20 | # set projects invisible by default 21 | curl -X 'POST' -u $TOKEN: \ 22 | {{ $.scanCodeRepoViewUrl }}/api/projects/update_default_visibility \ 23 | -d "projectVisibility=private" 24 | 25 | # update dory-engine config file config.yaml 26 | sed -i "s/SCAN_CODE_REPO_TOKEN/$TOKEN/g" install-data/{{ $.dory.namespace }}/dory-engine/config/config.yaml 27 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/nginx/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "harbor.autoGenCertForNginx" .) "true" }} 2 | {{- $ca := genCA "harbor-ca" 3650 }} 3 | {{- $cn := (required "The \"expose.tls.auto.commonName\" is required!" .Values.expose.tls.auto.commonName) }} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ template "harbor.nginx" . }} 8 | labels: 9 | {{ include "harbor.labels" . | indent 4 }} 10 | type: Opaque 11 | data: 12 | {{- if regexMatch `^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$` $cn }} 13 | {{- $cert := genSignedCert $cn (list $cn) nil 3650 $ca }} 14 | tls.crt: {{ $cert.Cert | b64enc | quote }} 15 | tls.key: {{ $cert.Key | b64enc | quote }} 16 | ca.crt: {{ $ca.Cert | b64enc | quote }} 17 | {{- else }} 18 | {{- $cert := genSignedCert $cn nil (list $cn) 3650 $ca }} 19 | tls.crt: {{ $cert.Cert | b64enc | quote }} 20 | tls.key: {{ $cert.Key | b64enc | quote }} 21 | ca.crt: {{ $ca.Cert | b64enc | quote }} 22 | {{- end }} 23 | {{- end }} -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/notary/notary-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.notary.enabled }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "harbor.notary-server" . }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | component: notary 9 | type: Opaque 10 | data: 11 | {{- if not .Values.notary.secretName }} 12 | {{- $ca := genCA "harbor-notary-ca" 3650 }} 13 | {{- $cert := genSignedCert (include "harbor.notary-signer" .) nil (list (include "harbor.notary-signer" .)) 3650 $ca }} 14 | ca.crt: {{ $ca.Cert | b64enc | quote }} 15 | tls.crt: {{ $cert.Cert | b64enc | quote }} 16 | tls.key: {{ $cert.Key | b64enc | quote }} 17 | {{- end }} 18 | server.json: {{ tpl (.Files.Get "conf/notary-server.json") . | b64enc }} 19 | signer.json: {{ tpl (.Files.Get "conf/notary-signer.json") . | b64enc }} 20 | NOTARY_SERVER_DB_URL: {{ include "harbor.database.notaryServer" . | b64enc }} 21 | NOTARY_SIGNER_DB_URL: {{ include "harbor.database.notarySigner" . | b64enc }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/core/core-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "harbor.core" . }} 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | {{- with .Values.core.serviceAnnotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | {{- if or (eq .Values.expose.ingress.controller "gce") (eq .Values.expose.ingress.controller "alb") (eq .Values.expose.ingress.controller "f5-bigip") }} 14 | type: NodePort 15 | {{- end }} 16 | ports: 17 | - name: {{ ternary "https-web" "http-web" .Values.internalTLS.enabled }} 18 | port: {{ template "harbor.core.servicePort" . }} 19 | targetPort: {{ template "harbor.core.containerPort" . }} 20 | {{- if .Values.metrics.enabled}} 21 | - name: {{ template "harbor.metricsPortName" . }} 22 | port: {{ .Values.metrics.core.port }} 23 | {{- end }} 24 | selector: 25 | {{ include "harbor.matchLabels" . | indent 4 }} 26 | component: core 27 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/notary/notary-svc.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.notary.enabled }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "harbor.notary-server" . }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | {{- with .Values.notary.serviceAnnotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | spec: 13 | {{- if or (eq .Values.expose.ingress.controller "gce") (eq .Values.expose.ingress.controller "alb") (eq .Values.expose.ingress.controller "f5-bigip") }} 14 | type: NodePort 15 | {{- end }} 16 | ports: 17 | - port: 4443 18 | selector: 19 | {{ include "harbor.matchLabels" . | indent 4 }} 20 | component: notary-server 21 | 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: {{ template "harbor.notary-signer" . }} 27 | labels: 28 | {{ include "harbor.labels" . | indent 4 }} 29 | spec: 30 | ports: 31 | - port: 7899 32 | selector: 33 | {{ include "harbor.matchLabels" . | indent 4 }} 34 | component: notary-signer 35 | {{ end }} 36 | -------------------------------------------------------------------------------- /pkg/install_scripts/dory/openldap/openldap_certs.sh: -------------------------------------------------------------------------------- 1 | export DORY_OPENLDAP_NAME={{ $.dory.openldap.serviceName }} 2 | export DORY_OPENLDAP_NAMESPACE={{ $.dory.namespace }} 3 | 4 | openssl dhparam -out dhparam.pem 2048 5 | openssl genrsa -out ca.key 4096 6 | openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/CN=${DORY_OPENLDAP_NAME}" -key ca.key -out ca.crt 7 | openssl genrsa -out ldap.key 4096 8 | openssl req -sha512 -new -subj "/CN=${DORY_OPENLDAP_NAME}" -key ldap.key -out ldap.csr 9 | cat << EOF > v3.ext 10 | authorityKeyIdentifier=keyid,issuer 11 | basicConstraints=CA:FALSE 12 | keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment 13 | extendedKeyUsage = serverAuth, clientAuth 14 | subjectAltName = @alt_names 15 | 16 | [alt_names] 17 | DNS.1=${DORY_OPENLDAP_NAME}-0 18 | DNS.2=*.${DORY_OPENLDAP_NAME} 19 | DNS.3=${DORY_OPENLDAP_NAME} 20 | DNS.4=*.${DORY_OPENLDAP_NAMESPACE} 21 | DNS.5=localhost 22 | EOF 23 | openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in ldap.csr -out ldap.crt 24 | chown -R 911:911 .. 25 | 26 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/nginx/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "harbor.autoGenCertForNginx" .) "true" }} 2 | {{- $ca := genCA "harbor-ca" 3650 }} 3 | {{- $cn := (required "The \"expose.tls.auto.commonName\" is required!" .Values.expose.tls.auto.commonName) }} 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ template "harbor.nginx" . }} 8 | namespace: {{ .Release.Namespace | quote }} 9 | labels: 10 | {{ include "harbor.labels" . | indent 4 }} 11 | type: Opaque 12 | data: 13 | {{- if regexMatch `^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$` $cn }} 14 | {{- $cert := genSignedCert $cn (list $cn) nil 3650 $ca }} 15 | tls.crt: {{ $cert.Cert | b64enc | quote }} 16 | tls.key: {{ $cert.Key | b64enc | quote }} 17 | ca.crt: {{ $ca.Cert | b64enc | quote }} 18 | {{- else }} 19 | {{- $cert := genSignedCert $cn nil (list $cn) 3650 $ca }} 20 | tls.crt: {{ $cert.Cert | b64enc | quote }} 21 | tls.key: {{ $cert.Key | b64enc | quote }} 22 | ca.crt: {{ $ca.Cert | b64enc | quote }} 23 | {{- end }} 24 | {{- end }} 25 | -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.6.6.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.6.6 2 | 3 | **新特性:** 4 | 5 | - dory-engine 支持在流水线上设置cpu架构,一个项目可以通过不同的流水线,实现跨x86/arm64架构的编译、打包、部署 6 | - dory-engine 环境管理可以支持一个k8s集群有x86/arm64混合的节点,可以根据nodeSelector自动识别集群节点所支持的cpu架构,并且自动识别默认使用的cpu架构 7 | - dory-engine 把cpu架构信息从项目上移出,调整到在流水线上配置 8 | - dory-engine 流水线的步骤新增cpu架构信息 9 | - dory-engine 所有步骤执行记录新增cpu架构信息,可以看到编译、打包、部署步骤使用的cpu架构 10 | - dory-engine 环境组件部署可以选择cpu架构,自动识别环境中是否有可用的cpu架构的节点 11 | - dory-engine 环境调试组件无需设置cpu架构,自动根据k8s环境的默认cpu架构部署对应的调试组件 12 | - dory-engine 容器镜像打包定义的Dockerfile中支持根据流水线的cpu架构动态设置来源镜像 13 | - dory-engine 流水线、运行记录、步骤执行记录可以显示并过滤cpu架构信息 14 | - dory-engine 运行、步骤的度量统计信息支持使用cpu架构作为维度归类统计信息,也支持使用cpu架构信息过滤统计数据 15 | - dory-engine 新建项目以及为项目分配新nodePort端口段现在支持手工设置使用哪个nodePort端口段 16 | - dory-engine 控制台的项目查看页支持显示环境的cpu架构信息,管理控制台的环境管理页面支持显示环境的cpu架构信息 17 | 18 | **问题修复:** 19 | 20 | - dory-engine 修复新建项目提示制品仓库类型不能为空的问题 21 | - dory-engine 修复新建项目harbor的存储空间配额设置提示错误的问题 22 | - dory-engine 修复 管理控制台 - 租户管理 按照租户编码搜索过滤有问题 23 | - dorycli 修复 admin apply custom-step提示错误的问题 24 | - dorycli 修复 def get pipeline 不要显示ops流水线的问题 25 | - dorycli 支持显示cpu架构信息 26 | 27 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/jobservice/jobservice-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- $jobLog := .Values.persistence.persistentVolumeClaim.jobservice.jobLog -}} 2 | {{- if and .Values.persistence.enabled (not $jobLog.existingClaim) (has "file" .Values.jobservice.jobLoggers) }} 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: {{ template "harbor.jobservice" . }} 7 | annotations: 8 | {{- range $key, $value := $jobLog.annotations }} 9 | {{ $key }}: {{ $value | quote }} 10 | {{- end }} 11 | {{- if eq .Values.persistence.resourcePolicy "keep" }} 12 | helm.sh/resource-policy: keep 13 | {{- end }} 14 | labels: 15 | {{ include "harbor.labels" . | indent 4 }} 16 | component: jobservice 17 | spec: 18 | accessModes: 19 | - {{ $jobLog.accessMode }} 20 | resources: 21 | requests: 22 | storage: {{ $jobLog.size }} 23 | {{- if $jobLog.storageClass }} 24 | {{- if eq "-" $jobLog.storageClass }} 25 | storageClassName: "" 26 | {{- else }} 27 | storageClassName: {{ $jobLog.storageClass }} 28 | {{- end }} 29 | {{- end }} 30 | {{- end }} 31 | -------------------------------------------------------------------------------- /pkg/install_scripts/en-pods-ready.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Usage: ./pods-ready.sh 3 | # The default namespace is used by default when no parameters are passed 4 | 5 | set -euo pipefail 6 | 7 | NS="${1:-default}" 8 | 9 | echo "Waiting for all Pods in namespace \"$NS\" to be ready" 10 | 11 | while true; do 12 | pods=$(kubectl get pods -n "$NS" --no-headers 2>/dev/null || true) 13 | 14 | [[ -z "$pods" ]] && { echo "(No Pod)"; sleep 5; continue; } 15 | 16 | all_ready=true 17 | 18 | while IFS= read -r line; do 19 | ready_col=$(awk '{print $2}' <<< "$line") 20 | status_col=$(awk '{print $3}' <<< "$line") 21 | 22 | ready_cnt=${ready_col%%/*} 23 | total_cnt=${ready_col##*/} 24 | 25 | if [[ "$status_col" != "Running" || "$ready_cnt" != "$total_cnt" ]]; then 26 | all_ready=false 27 | break 28 | fi 29 | done <<< "$pods" 30 | 31 | kubectl get pods -n "$NS" 32 | 33 | if $all_ready; then 34 | echo "All Pods in namespace \"$NS\" are Running and Ready" 35 | exit 0 36 | fi 37 | 38 | echo "There are still Pods that are not ready. Check again in 5 seconds..." 39 | sleep 5 40 | done 41 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/registry/registry-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persistence.enabled }} 2 | {{- $registry := .Values.persistence.persistentVolumeClaim.registry -}} 3 | {{- if and (not $registry.existingClaim) (eq .Values.persistence.imageChartStorage.type "filesystem") }} 4 | kind: PersistentVolumeClaim 5 | apiVersion: v1 6 | metadata: 7 | name: {{ template "harbor.registry" . }} 8 | annotations: 9 | {{- range $key, $value := $registry.annotations }} 10 | {{ $key }}: {{ $value | quote }} 11 | {{- end }} 12 | {{- if eq .Values.persistence.resourcePolicy "keep" }} 13 | helm.sh/resource-policy: keep 14 | {{- end }} 15 | labels: 16 | {{ include "harbor.labels" . | indent 4 }} 17 | component: registry 18 | spec: 19 | accessModes: 20 | - {{ $registry.accessMode }} 21 | resources: 22 | requests: 23 | storage: {{ $registry.size }} 24 | {{- if $registry.storageClass }} 25 | {{- if eq "-" $registry.storageClass }} 26 | storageClassName: "" 27 | {{- else }} 28 | storageClassName: {{ $registry.storageClass }} 29 | {{- end }} 30 | {{- end }} 31 | {{- end }} 32 | {{- end }} -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.6.5.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.6.5 2 | 3 | **新特性:** 4 | 5 | - dory-engine 社区版支持设置项目的代码仓库、镜像仓库、依赖与制品仓库、代码扫描仓库 6 | - dory-engine 社区版限制项目开通、中间件部署、调试组件部署只能选择amd64架构 7 | - dory-engine 社区版限制禁用自定义资源配额的功能 8 | - dory-engine 新开通的演示项目默认禁用制品打包和制品主机部署步骤,默认只开启gin-demo模块 9 | - dory-engine 项目开通支持设置harbor镜像仓库的空间配额 10 | - dory-engine 可以设置流水线超过多长时间没有输入自动终止流水线 11 | - dory-engine 自定义步骤假如从代码仓库拉取代码,那么自动创建一个gitPullCustomStep步骤 12 | - dory-engine 项目定义页面和运行查看页面新增执行OPS批处理的菜单按钮 13 | - dory-engine 控制台项目管理列表页面支持使用环境名过滤项目 14 | - dory-engine 控制台页面支持搜索排序 15 | - dory-engine 提高步骤消耗的容器cpu和内存资源的可读性 16 | - dory-engine k8s环境支持使用storageClass来为项目动态分配PV和PVC 17 | - dory-engine k8s环境列表可以展示可用的storageClass,也可以展示pv的状态 18 | - dory-engine 用户管理列表页支持过滤不属于任何项目成员的用户 19 | - dory-engine 新增 /api/console/project/:projectName/minimal 接口,用于dorycli console子命令 20 | 21 | - dorycli 新增console子命令,支持通过命令行设置项目控制台信息,包括:项目成员、流水线、流水线触发器、项目主机、项目数据库、调试组件、项目组件等,需要项目维护者权限 22 | 23 | **问题修复:** 24 | 25 | - dory-engine 修复度量统计因为时区存在+8小时偏差导致统计数据异常的问题 26 | - dory-engine 修复按照时间进行运行列表过滤因为时区存在+8小时偏差导致数据显示的问题 27 | - dory-engine 重启dory-engine的时候,自动清理等待输入的流水线数据 28 | - dory-engine 修复并行执行多个自定义步骤的时候,从代码仓库拉取自定义步骤代码会存在写入冲突的问题 29 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/jobservice/jobservice-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- $jobLog := .Values.persistence.persistentVolumeClaim.jobservice.jobLog -}} 2 | {{- if and .Values.persistence.enabled (not $jobLog.existingClaim) (has "file" .Values.jobservice.jobLoggers) }} 3 | kind: PersistentVolumeClaim 4 | apiVersion: v1 5 | metadata: 6 | name: {{ template "harbor.jobservice" . }} 7 | namespace: {{ .Release.Namespace | quote }} 8 | annotations: 9 | {{- range $key, $value := $jobLog.annotations }} 10 | {{ $key }}: {{ $value | quote }} 11 | {{- end }} 12 | {{- if eq .Values.persistence.resourcePolicy "keep" }} 13 | helm.sh/resource-policy: keep 14 | {{- end }} 15 | labels: 16 | {{ include "harbor.labels" . | indent 4 }} 17 | component: jobservice 18 | app.kubernetes.io/component: jobservice 19 | spec: 20 | accessModes: 21 | - {{ $jobLog.accessMode }} 22 | resources: 23 | requests: 24 | storage: {{ $jobLog.size }} 25 | {{- if $jobLog.storageClass }} 26 | {{- if eq "-" $jobLog.storageClass }} 27 | storageClassName: "" 28 | {{- else }} 29 | storageClassName: {{ $jobLog.storageClass }} 30 | {{- end }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor_update_docker_certs.sh: -------------------------------------------------------------------------------- 1 | {{ $certPath := "" }}{{- if eq $.kubernetes.runtime "docker" }}{{ $certPath = "/etc/docker" }}{{- else if eq $.kubernetes.runtime "containerd" }}{{ $certPath = "/etc/containerd" }}{{- else if eq $.kubernetes.runtime "crio" }}{{ $certPath = "/etc/containers" }}{{- end }} 2 | export CERT_PATH="{{ $certPath }}/certs.d" 3 | rm -rf ${CERT_PATH}/{{ $.imageRepoDomainName }} 4 | mkdir -p ${CERT_PATH}/{{ $.imageRepoDomainName }} 5 | export INGRESS_SECRET_NAME=$(kubectl -n {{ $.dory.imageRepo.internal.namespace }} get secrets | grep "ingress" | awk '{print $1}') 6 | kubectl -n {{ $.dory.imageRepo.internal.namespace }} get secrets ${INGRESS_SECRET_NAME} -o jsonpath='{ .data.ca\.crt }' | base64 -d > ${CERT_PATH}/{{ $.imageRepoDomainName }}/ca.crt 7 | kubectl -n {{ $.dory.imageRepo.internal.namespace }} get secrets ${INGRESS_SECRET_NAME} -o jsonpath='{ .data.tls\.crt }' | base64 -d > ${CERT_PATH}/{{ $.imageRepoDomainName }}/{{ $.imageRepoDomainName }}.cert 8 | kubectl -n {{ $.dory.imageRepo.internal.namespace }} get secrets ${INGRESS_SECRET_NAME} -o jsonpath='{ .data.tls\.key }' | base64 -d > ${CERT_PATH}/{{ $.imageRepoDomainName }}/{{ $.imageRepoDomainName }}.key 9 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.18.2 2 | 3 | LABEL maintainer="cookeem" 4 | LABEL email="cookeem@qq.com" 5 | LABEL version="v1.7.1" 6 | 7 | COPY dorycli /usr/bin 8 | RUN apk --update add ca-certificates bash-completion bash git tree htop curl zip jq && \ 9 | update-ca-certificates && \ 10 | rm -rf /var/cache/apk/* && \ 11 | adduser -h /home/dory -s /bin/bash -u 1000 -D dory && \ 12 | mkdir -p /etc/bash_completion.d/ 13 | RUN dorycli completion bash > /etc/bash_completion.d/dorycli 14 | COPY .bashrc /home/dory/ 15 | COPY .bashrc /root/ 16 | WORKDIR /home/dory 17 | USER dory 18 | 19 | # docker rmi doryengine/dorycli:v1.7.1-alpine 20 | # DOCKER_BUILDKIT=0 docker build --platform linux/amd64 -t doryengine/dorycli:v1.7.1-alpine . 21 | # docker push doryengine/dorycli:v1.7.1-alpine 22 | 23 | # 创建外部目录保存.dorycli/config.yaml 24 | # mkdir -p .dorycli && sudo chown -R 1000:1000 .dorycli 25 | # docker run -ti --rm -v $PWD/.dorycli:/home/dory/.dorycli doryengine/dorycli:v1.7.1-alpine bash 26 | 27 | # docker save -o dorycli__v1.7.1-alpine doryengine/dorycli:v1.7.1-alpine 28 | # scp -r dorycli__v1.7.1-alpine root@itdev-master03:/root/docker-images/ 29 | # scp -r dorycli__v1.7.1-alpine root@gditdev-master03:/root/docker-images/ 30 | -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.7.1.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.7.1 2 | 3 | **新特性:** 4 | 5 | - dory-engine 优化docker exec执行过程中日志输出逻辑 6 | - dory-engine .dockerignore默认增加默认配置 7 | - dory-engine packageImage镜像打包步骤支持输出build context文件数量进度 8 | - dory-engine 自定义步骤设置的时候,租户管理员不允许使用gitRepo,避免租户管理员可以拉取任意代码 9 | - dory-engine 容器部署定义和环境组件设置的时候,service可以选择的类型支持loadbalancer 10 | - dory-engine 调整流水线gitPull.timeout默认为0,默认代码拉取不设置超时 11 | - dory-engine 支持设置租户可以分配的环境总资源配额,如果不设置表示不限制 12 | - dory-engine 租户新增、修改项目、给项目分配新环境的时候检查租户环境配额 13 | - dory-engine 支持管理员创建自定义资源模板 14 | - dory-engine 项目管理员可以通过项目控制台在kubernetes环境创建自定义资源,自定义资源类似helm模板,用户设置模板参数,在kubernetes环境中创建对应的自定义资源对象 15 | 16 | - dory-console 项目定义界面支持模块名字过滤,可以过滤显示对应模块的定义 17 | - dory-console 运行日志支持下载到文件 18 | - dory-console 审计日志支持下载到文件 19 | 20 | - dorycli install pull 镜像拉取与镜像构建新增platform参数 21 | - dorycli project get新增ignore-demo参数,output新增name参数 22 | - dorycli admin/console/def/pipeline/project/run get -o 支持name参数 23 | 24 | **问题修复:** 25 | 26 | - dory-engine 修复运行日志中输出的表格错乱问题 27 | - dory-engine 解决trivy扫描的时候,因为db读写冲突导致不能并行扫描的问题 28 | - dory-engine 修复流水线日志写入残缺不完整的问题 29 | - dory-engine 修复使用csi作为环境的共享存储的时候,创建项目的pv路径异常问题 30 | 31 | - dorycli 修复表格输出对齐问题 32 | - dorycli 修复admin get custom-step重复显示问题 33 | - dorycli 修复trivy漏洞库下载操作指引错误问题 34 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/registry/registry-pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.persistence.enabled }} 2 | {{- $registry := .Values.persistence.persistentVolumeClaim.registry -}} 3 | {{- if and (not $registry.existingClaim) (eq .Values.persistence.imageChartStorage.type "filesystem") }} 4 | kind: PersistentVolumeClaim 5 | apiVersion: v1 6 | metadata: 7 | name: {{ template "harbor.registry" . }} 8 | namespace: {{ .Release.Namespace | quote }} 9 | annotations: 10 | {{- range $key, $value := $registry.annotations }} 11 | {{ $key }}: {{ $value | quote }} 12 | {{- end }} 13 | {{- if eq .Values.persistence.resourcePolicy "keep" }} 14 | helm.sh/resource-policy: keep 15 | {{- end }} 16 | labels: 17 | {{ include "harbor.labels" . | indent 4 }} 18 | component: registry 19 | app.kubernetes.io/component: registry 20 | spec: 21 | accessModes: 22 | - {{ $registry.accessMode }} 23 | resources: 24 | requests: 25 | storage: {{ $registry.size }} 26 | {{- if $registry.storageClass }} 27 | {{- if eq "-" $registry.storageClass }} 28 | storageClassName: "" 29 | {{- else }} 30 | storageClassName: {{ $registry.storageClass }} 31 | {{- end }} 32 | {{- end }} 33 | {{- end }} 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/metrics/metrics-svcmon.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "harbor.fullname" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: {{ include "harbor.labels" . | nindent 4 }} 8 | {{- if .Values.metrics.serviceMonitor.additionalLabels }} 9 | {{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} 10 | {{- end }} 11 | spec: 12 | jobLabel: app.kubernetes.io/name 13 | endpoints: 14 | - port: {{ template "harbor.metricsPortName" . }} 15 | {{- if .Values.metrics.serviceMonitor.interval }} 16 | interval: {{ .Values.metrics.serviceMonitor.interval }} 17 | {{- end }} 18 | honorLabels: true 19 | {{- if .Values.metrics.serviceMonitor.metricRelabelings }} 20 | metricRelabelings: 21 | {{ tpl (toYaml .Values.metrics.serviceMonitor.metricRelabelings | indent 4) . }} 22 | {{- end }} 23 | {{- if .Values.metrics.serviceMonitor.relabelings }} 24 | relabelings: 25 | {{ toYaml .Values.metrics.serviceMonitor.relabelings | indent 4 }} 26 | {{- end }} 27 | selector: 28 | matchLabels: {{ include "harbor.matchLabels" . | nindent 6 }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/metrics/metrics-svcmon.yaml: -------------------------------------------------------------------------------- 1 | {{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} 2 | apiVersion: monitoring.coreos.com/v1 3 | kind: ServiceMonitor 4 | metadata: 5 | name: {{ template "harbor.fullname" . }} 6 | labels: {{ include "harbor.labels" . | nindent 4 }} 7 | {{- if .Values.metrics.serviceMonitor.additionalLabels }} 8 | {{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} 9 | {{- end }} 10 | spec: 11 | jobLabel: app.kubernetes.io/name 12 | endpoints: 13 | - port: {{ template "harbor.metricsPortName" . }} 14 | {{- if .Values.metrics.serviceMonitor.interval }} 15 | interval: {{ .Values.metrics.serviceMonitor.interval }} 16 | {{- end }} 17 | honorLabels: true 18 | {{- if .Values.metrics.serviceMonitor.metricRelabelings }} 19 | metricRelabelings: 20 | {{ tpl (toYaml .Values.metrics.serviceMonitor.metricRelabelings | indent 4) . }} 21 | {{- end }} 22 | {{- if .Values.metrics.serviceMonitor.relabelings }} 23 | relabelings: 24 | {{ toYaml .Values.metrics.serviceMonitor.relabelings | indent 4 }} 25 | {{- end }} 26 | selector: 27 | matchLabels: {{ include "harbor.matchLabels" . | nindent 6 }} 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /pkg/install_scripts/dory/docker/docker_certs.sh: -------------------------------------------------------------------------------- 1 | export DORY_DOCKER_NAME={{ $.dory.docker.dockerName }} 2 | export DORY_DOCKER_NAMESPACE={{ $.dory.namespace }} 3 | 4 | sudo rm -rf docker-certs/ 5 | mkdir -p docker-certs/ 6 | cd docker-certs/ 7 | 8 | openssl genrsa -out ca.key 4096 9 | openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/CN=${DORY_DOCKER_NAME}" -key ca.key -out ca.crt 10 | openssl genrsa -out tls.key 4096 11 | openssl req -sha512 -new -subj "/CN=${DORY_DOCKER_NAME}" -key tls.key -out tls.csr 12 | cat << EOF > v3.ext 13 | authorityKeyIdentifier=keyid,issuer 14 | basicConstraints=CA:FALSE 15 | keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment 16 | extendedKeyUsage = serverAuth, clientAuth 17 | subjectAltName = @alt_names 18 | 19 | [alt_names] 20 | DNS.1=${DORY_DOCKER_NAME} 21 | DNS.2=*.${DORY_DOCKER_NAME} 22 | DNS.3=*.${DORY_DOCKER_NAME}.${DORY_DOCKER_NAMESPACE} 23 | DNS.4=*.${DORY_DOCKER_NAMESPACE} 24 | DNS.5=localhost 25 | EOF 26 | openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in tls.csr -out tls.crt 27 | # echo "[INFO] # check docker certificates info" 28 | # echo "[CMD] openssl x509 -noout -text -in tls.crt" 29 | # openssl x509 -noout -text -in tls.crt 30 | cd .. 31 | sudo chown -R 1000:1000 docker-certs 32 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/core/core-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ template "harbor.core" . }} 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | type: Opaque 8 | data: 9 | {{- if not .Values.existingSecretSecretKey }} 10 | secretKey: {{ .Values.secretKey | b64enc | quote }} 11 | {{- end }} 12 | secret: {{ .Values.core.secret | default (randAlphaNum 16) | b64enc | quote }} 13 | {{- if not .Values.core.secretName }} 14 | {{- $ca := genCA "harbor-token-ca" 3650 }} 15 | tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }} 16 | tls.crt: {{ .Values.core.tokenCert | default $ca.Cert | b64enc | quote }} 17 | {{- end }} 18 | {{- if not .Values.existingSecretAdminPassword }} 19 | HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }} 20 | {{- end }} 21 | {{- if not .Values.database.external.existingSecret }} 22 | POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} 23 | {{- end }} 24 | {{- if not .Values.registry.credentials.existingSecret }} 25 | REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }} 26 | {{- end }} 27 | CSRF_KEY: {{ .Values.core.xsrfKey | default (randAlphaNum 32) | b64enc | quote }} 28 | {{- template "harbor.traceJaegerPassword" . }} 29 | -------------------------------------------------------------------------------- /cmd/project.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | "os" 8 | "sort" 9 | "strings" 10 | ) 11 | 12 | func NewCmdProject() *cobra.Command { 13 | baseName := pkg.GetCmdBaseName() 14 | msgUse := fmt.Sprintf("project") 15 | 16 | _ = OptCommon.GetOptionsCommon() 17 | msgShort := OptCommon.TransLang("cmd_project_short") 18 | msgLong := OptCommon.TransLang("cmd_project_long") 19 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_project_example", baseName, baseName)) 20 | 21 | cmd := &cobra.Command{ 22 | Use: msgUse, 23 | DisableFlagsInUseLine: true, 24 | Short: msgShort, 25 | Long: msgLong, 26 | Example: msgExample, 27 | Run: func(cmd *cobra.Command, args []string) { 28 | if len(args) == 0 { 29 | cmd.Help() 30 | os.Exit(0) 31 | } else { 32 | var found bool 33 | subcommands := []string{"get", "execute"} 34 | sort.Strings(subcommands) 35 | for _, subcommand := range subcommands { 36 | if args[0] == subcommand { 37 | found = true 38 | break 39 | } 40 | } 41 | if !found { 42 | log.Error(fmt.Sprintf("subcommand options: %s\n", strings.Join(subcommands, " / "))) 43 | cmd.Help() 44 | os.Exit(0) 45 | } 46 | } 47 | }, 48 | } 49 | 50 | cmd.AddCommand(NewCmdProjectGet()) 51 | cmd.AddCommand(NewCmdProjectExecute()) 52 | return cmd 53 | } 54 | -------------------------------------------------------------------------------- /cmd/pipeline.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | "os" 8 | "sort" 9 | "strings" 10 | ) 11 | 12 | func NewCmdPipeline() *cobra.Command { 13 | baseName := pkg.GetCmdBaseName() 14 | msgUse := fmt.Sprintf("pipeline") 15 | 16 | _ = OptCommon.GetOptionsCommon() 17 | msgShort := OptCommon.TransLang("cmd_pipeline_short") 18 | msgLong := OptCommon.TransLang("cmd_pipeline_long") 19 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_pipeline_example", baseName, baseName)) 20 | 21 | cmd := &cobra.Command{ 22 | Use: msgUse, 23 | DisableFlagsInUseLine: true, 24 | Short: msgShort, 25 | Long: msgLong, 26 | Example: msgExample, 27 | Run: func(cmd *cobra.Command, args []string) { 28 | if len(args) == 0 { 29 | cmd.Help() 30 | os.Exit(0) 31 | } else { 32 | var found bool 33 | subcommands := []string{"get", "execute"} 34 | sort.Strings(subcommands) 35 | for _, subcommand := range subcommands { 36 | if args[0] == subcommand { 37 | found = true 38 | break 39 | } 40 | } 41 | if !found { 42 | log.Error(fmt.Sprintf("subcommand options: %s\n", strings.Join(subcommands, " / "))) 43 | cmd.Help() 44 | os.Exit(0) 45 | } 46 | } 47 | }, 48 | } 49 | 50 | cmd.AddCommand(NewCmdPipelineGet()) 51 | cmd.AddCommand(NewCmdPipelineExecute()) 52 | return cmd 53 | } 54 | -------------------------------------------------------------------------------- /cmd/install_ha.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | "os" 8 | "sort" 9 | "strings" 10 | ) 11 | 12 | func NewCmdInstallHa() *cobra.Command { 13 | baseName := pkg.GetCmdBaseName() 14 | msgUse := fmt.Sprintf("ha") 15 | 16 | _ = OptCommon.GetOptionsCommon() 17 | msgShort := OptCommon.TransLang("cmd_install_ha_short") 18 | msgLong := OptCommon.TransLang("cmd_install_ha_long") 19 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_install_ha_example", baseName, baseName)) 20 | 21 | cmd := &cobra.Command{ 22 | Use: msgUse, 23 | DisableFlagsInUseLine: true, 24 | Short: msgShort, 25 | Long: msgLong, 26 | Example: msgExample, 27 | Run: func(cmd *cobra.Command, args []string) { 28 | if len(args) == 0 { 29 | cmd.Help() 30 | os.Exit(0) 31 | } else { 32 | var found bool 33 | subcommands := []string{"print", "script"} 34 | sort.Strings(subcommands) 35 | for _, subcommand := range subcommands { 36 | if args[0] == subcommand { 37 | found = true 38 | break 39 | } 40 | } 41 | if !found { 42 | log.Error(fmt.Sprintf("subcommand options: %s\n", strings.Join(subcommands, " / "))) 43 | cmd.Help() 44 | os.Exit(0) 45 | } 46 | } 47 | }, 48 | } 49 | 50 | cmd.AddCommand(NewCmdInstallHaPrint()) 51 | cmd.AddCommand(NewCmdInstallHaScript()) 52 | return cmd 53 | } 54 | -------------------------------------------------------------------------------- /cmd/run.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | "os" 8 | "sort" 9 | "strings" 10 | ) 11 | 12 | func NewCmdRun() *cobra.Command { 13 | baseName := pkg.GetCmdBaseName() 14 | msgUse := fmt.Sprintf("run") 15 | 16 | _ = OptCommon.GetOptionsCommon() 17 | msgShort := OptCommon.TransLang("cmd_run_short") 18 | msgLong := OptCommon.TransLang("cmd_run_long") 19 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_run_example", baseName, baseName, baseName)) 20 | 21 | cmd := &cobra.Command{ 22 | Use: msgUse, 23 | DisableFlagsInUseLine: true, 24 | Short: msgShort, 25 | Long: msgLong, 26 | Example: msgExample, 27 | Run: func(cmd *cobra.Command, args []string) { 28 | if len(args) == 0 { 29 | cmd.Help() 30 | os.Exit(0) 31 | } else { 32 | var found bool 33 | subcommands := []string{"get", "logs", "abort"} 34 | sort.Strings(subcommands) 35 | for _, subcommand := range subcommands { 36 | if args[0] == subcommand { 37 | found = true 38 | break 39 | } 40 | } 41 | if !found { 42 | log.Error(fmt.Sprintf("subcommand options: %s\n", strings.Join(subcommands, " / "))) 43 | cmd.Help() 44 | os.Exit(0) 45 | } 46 | } 47 | }, 48 | } 49 | 50 | cmd.AddCommand(NewCmdRunGet()) 51 | cmd.AddCommand(NewCmdRunLog()) 52 | cmd.AddCommand(NewCmdRunAbort()) 53 | return cmd 54 | } 55 | -------------------------------------------------------------------------------- /cmd/admin.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | "os" 8 | "sort" 9 | "strings" 10 | ) 11 | 12 | func NewCmdAdmin() *cobra.Command { 13 | baseName := pkg.GetCmdBaseName() 14 | msgUse := fmt.Sprintf("admin") 15 | 16 | _ = OptCommon.GetOptionsCommon() 17 | msgShort := OptCommon.TransLang("cmd_admin_short") 18 | msgLong := OptCommon.TransLang("cmd_admin_long") 19 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_admin_example", baseName, pkg.AdminKindAll, baseName, baseName, pkg.AdminKindCustomStep)) 20 | 21 | cmd := &cobra.Command{ 22 | Use: msgUse, 23 | DisableFlagsInUseLine: true, 24 | Short: msgShort, 25 | Long: msgLong, 26 | Example: msgExample, 27 | Run: func(cmd *cobra.Command, args []string) { 28 | if len(args) == 0 { 29 | cmd.Help() 30 | os.Exit(0) 31 | } else { 32 | var found bool 33 | subcommands := []string{"get", "apply", "delete"} 34 | sort.Strings(subcommands) 35 | for _, subcommand := range subcommands { 36 | if args[0] == subcommand { 37 | found = true 38 | break 39 | } 40 | } 41 | if !found { 42 | log.Error(fmt.Sprintf("subcommand options: %s\n", strings.Join(subcommands, " / "))) 43 | cmd.Help() 44 | os.Exit(0) 45 | } 46 | } 47 | }, 48 | } 49 | 50 | cmd.AddCommand(NewCmdAdminGet()) 51 | cmd.AddCommand(NewCmdAdminApply()) 52 | cmd.AddCommand(NewCmdAdminDelete()) 53 | return cmd 54 | } 55 | -------------------------------------------------------------------------------- /cmd/console.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | "os" 8 | "sort" 9 | "strings" 10 | ) 11 | 12 | func NewCmdConsole() *cobra.Command { 13 | baseName := pkg.GetCmdBaseName() 14 | msgUse := fmt.Sprintf("console") 15 | 16 | _ = OptCommon.GetOptionsCommon() 17 | msgShort := OptCommon.TransLang("cmd_console_short") 18 | msgLong := OptCommon.TransLang("cmd_console_long") 19 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_console_example", baseName, pkg.ConsoleKindAll, baseName, baseName, pkg.ConsoleKindMember)) 20 | 21 | cmd := &cobra.Command{ 22 | Use: msgUse, 23 | DisableFlagsInUseLine: true, 24 | Short: msgShort, 25 | Long: msgLong, 26 | Example: msgExample, 27 | Run: func(cmd *cobra.Command, args []string) { 28 | if len(args) == 0 { 29 | cmd.Help() 30 | os.Exit(0) 31 | } else { 32 | var found bool 33 | subcommands := []string{"get", "apply", "delete"} 34 | sort.Strings(subcommands) 35 | for _, subcommand := range subcommands { 36 | if args[0] == subcommand { 37 | found = true 38 | break 39 | } 40 | } 41 | if !found { 42 | log.Error(fmt.Sprintf("subcommand options: %s\n", strings.Join(subcommands, " / "))) 43 | cmd.Help() 44 | os.Exit(0) 45 | } 46 | } 47 | }, 48 | } 49 | 50 | cmd.AddCommand(NewCmdConsoleGet()) 51 | cmd.AddCommand(NewCmdConsoleApply()) 52 | cmd.AddCommand(NewCmdConsoleDelete()) 53 | return cmd 54 | } 55 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/step03-service.yaml: -------------------------------------------------------------------------------- 1 | {{- range $_, $deploy := $.deploys }} 2 | {{- if $deploy.deployNodePort }} 3 | --- 4 | apiVersion: v1 5 | kind: Service 6 | metadata: 7 | name: {{ $deploy.deployName }} 8 | namespace: {{ $.dory.namespace }} 9 | labels: 10 | app: {{ $deploy.deployName }} 11 | spec: 12 | type: NodePort 13 | selector: 14 | app: {{ $deploy.deployName }} 15 | ports: 16 | {{- range $_, $deployPort := $deploy.deployNodePort }} 17 | - name: port-{{ $deployPort.port }} 18 | port: {{ $deployPort.port }} 19 | nodePort: {{ $deployPort.nodePort }} 20 | {{- end }} 21 | 22 | --- 23 | apiVersion: v1 24 | kind: Service 25 | metadata: 26 | name: {{ $deploy.deployName }}-headless 27 | namespace: {{ $.dory.namespace }} 28 | labels: 29 | app: {{ $deploy.deployName }} 30 | spec: 31 | clusterIP: None 32 | selector: 33 | app: {{ $deploy.deployName }} 34 | ports: 35 | {{- range $_, $deployPort := $deploy.deployNodePort }} 36 | - name: port-{{ $deployPort.port }} 37 | port: {{ $deployPort.port }} 38 | {{- end }} 39 | 40 | {{- else if $deploy.deployLocalPort }} 41 | --- 42 | apiVersion: v1 43 | kind: Service 44 | metadata: 45 | name: {{ $deploy.deployName }} 46 | namespace: {{ $.dory.namespace }} 47 | labels: 48 | app: {{ $deploy.deployName }} 49 | spec: 50 | clusterIP: None 51 | selector: 52 | app: {{ $deploy.deployName }} 53 | ports: 54 | {{- range $_, $deployPort := $deploy.deployLocalPort }} 55 | - name: port-{{ $deployPort.port }} 56 | port: {{ $deployPort.port }} 57 | {{- end }} 58 | {{- end }} 59 | 60 | {{- end }} 61 | -------------------------------------------------------------------------------- /cmd/install.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | "os" 8 | "sort" 9 | "strings" 10 | ) 11 | 12 | func NewCmdInstall() *cobra.Command { 13 | baseName := pkg.GetCmdBaseName() 14 | msgUse := fmt.Sprintf("install") 15 | 16 | _ = OptCommon.GetOptionsCommon() 17 | msgShort := OptCommon.TransLang("cmd_install_short") 18 | msgLong := OptCommon.TransLang("cmd_install_long") 19 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_install_example", baseName, baseName, baseName, baseName, baseName)) 20 | 21 | cmd := &cobra.Command{ 22 | Use: msgUse, 23 | DisableFlagsInUseLine: true, 24 | Short: msgShort, 25 | Long: msgLong, 26 | Example: msgExample, 27 | Run: func(cmd *cobra.Command, args []string) { 28 | if len(args) == 0 { 29 | cmd.Help() 30 | os.Exit(0) 31 | } else { 32 | var found bool 33 | subcommands := []string{"check", "print", "pull", "run", "script", "ha"} 34 | sort.Strings(subcommands) 35 | for _, subcommand := range subcommands { 36 | if args[0] == subcommand { 37 | found = true 38 | break 39 | } 40 | } 41 | if !found { 42 | log.Error(fmt.Sprintf("subcommand options: %s\n", strings.Join(subcommands, " / "))) 43 | cmd.Help() 44 | os.Exit(0) 45 | } 46 | } 47 | }, 48 | } 49 | 50 | cmd.AddCommand(NewCmdInstallCheck()) 51 | cmd.AddCommand(NewCmdInstallPrint()) 52 | cmd.AddCommand(NewCmdInstallPull()) 53 | cmd.AddCommand(NewCmdInstallScript()) 54 | cmd.AddCommand(NewCmdInstallHa()) 55 | return cmd 56 | } 57 | -------------------------------------------------------------------------------- /cmd/def.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | "os" 8 | "sort" 9 | "strings" 10 | ) 11 | 12 | func NewCmdDef() *cobra.Command { 13 | baseName := pkg.GetCmdBaseName() 14 | msgUse := fmt.Sprintf("def") 15 | 16 | _ = OptCommon.GetOptionsCommon() 17 | msgShort := OptCommon.TransLang("cmd_def_short") 18 | msgLong := OptCommon.TransLang("cmd_def_long") 19 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_def_example", baseName, pkg.DefKindAll, baseName, baseName, pkg.DefKindDeployContainer, baseName, pkg.DefKindBuild, baseName, pkg.DefKindBuild)) 20 | 21 | cmd := &cobra.Command{ 22 | Use: msgUse, 23 | DisableFlagsInUseLine: true, 24 | Short: msgShort, 25 | Long: msgLong, 26 | Example: msgExample, 27 | Run: func(cmd *cobra.Command, args []string) { 28 | if len(args) == 0 { 29 | cmd.Help() 30 | os.Exit(0) 31 | } else { 32 | var found bool 33 | subcommands := []string{"get", "apply", "delete", "clone", "patch"} 34 | sort.Strings(subcommands) 35 | for _, subcommand := range subcommands { 36 | if args[0] == subcommand { 37 | found = true 38 | break 39 | } 40 | } 41 | if !found { 42 | log.Error(fmt.Sprintf("subcommand options: %s\n", strings.Join(subcommands, " / "))) 43 | cmd.Help() 44 | os.Exit(0) 45 | } 46 | } 47 | }, 48 | } 49 | 50 | cmd.AddCommand(NewCmdDefGet()) 51 | cmd.AddCommand(NewCmdDefApply()) 52 | cmd.AddCommand(NewCmdDefDelete()) 53 | cmd.AddCommand(NewCmdDefClone()) 54 | cmd.AddCommand(NewCmdDefPatch()) 55 | return cmd 56 | } 57 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/jobservice/jobservice-cm-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{ template "harbor.jobservice" . }}-env" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | data: 8 | CORE_URL: "{{ template "harbor.coreURL" . }}" 9 | TOKEN_SERVICE_URL: "{{ template "harbor.tokenServiceURL" . }}" 10 | REGISTRY_URL: "{{ template "harbor.registryURL" . }}" 11 | REGISTRY_CONTROLLER_URL: "{{ template "harbor.registryControllerURL" . }}" 12 | REGISTRY_CREDENTIAL_USERNAME: "{{ .Values.registry.credentials.username }}" 13 | 14 | JOBSERVICE_WEBHOOK_JOB_MAX_RETRY: "{{ .Values.jobservice.notification.webhook_job_max_retry }}" 15 | JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "{{ .Values.jobservice.notification.webhook_job_http_client_timeout }}" 16 | 17 | {{- if has "jobservice" .Values.proxy.components }} 18 | HTTP_PROXY: "{{ .Values.proxy.httpProxy }}" 19 | HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}" 20 | NO_PROXY: "{{ template "harbor.noProxy" . }}" 21 | {{- end }} 22 | {{- if .Values.metrics.enabled}} 23 | METRIC_NAMESPACE: harbor 24 | METRIC_SUBSYSTEM: jobservice 25 | {{- end }} 26 | {{- template "harbor.traceEnvsForJobservice" . }} 27 | {{- if .Values.cache.enabled }} 28 | _REDIS_URL_CORE: "{{ template "harbor.redis.urlForCore" . }}" 29 | CACHE_ENABLED: "true" 30 | CACHE_EXPIRE_HOURS: "{{ .Values.cache.expireHours }}" 31 | {{- end }} 32 | {{- if or (and (eq .Values.redis.type "internal") .Values.redis.internal.cacheLayerDatabaseIndex) (and (eq .Values.redis.type "external") .Values.redis.external.cacheLayerDatabaseIndex) }} 33 | _REDIS_URL_CACHE_LAYER: "{{ template "harbor.redis.urlForCache" . }}" 34 | {{- end }} 35 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes-ha/zh-README.md: -------------------------------------------------------------------------------- 1 | # 高可用kubernetes集群部署 2 | 3 | - 安装详细参见文档: [https://github.com/cookeem/kubeadm-ha](https://github.com/cookeem/kubeadm-ha/blob/master/README.md) 4 | 5 | ## 目录结构如下 6 | 7 | ```text 8 | {{- range $_, $host := $.masterHosts }} 9 | ├── {{ $host.hostname }} # 请把该目录复制到 {{ $host.hostname }} 节点主机 10 | │ ├── keepalived # keepalived服务的docker-compose文件以及配置文件目录 11 | │ │ ├── check_apiserver.sh # keepalived的kubernetes apiserver检查脚本 12 | │ │ ├── docker-compose.yaml # 使用 'docker-compose up -d' 启动keepalived服务 13 | │ │ └── keepalived.conf # keepalived配置文件 14 | │ └── nginx-lb # nginx-lb服务的docker-compose文件以及配置文件目录 15 | │ ├── docker-compose.yaml # 使用 'docker-compose up -d' 启动nginx-lb服务 16 | │ └── nginx-lb.conf # nginx-lb配置文件 17 | {{- end }} 18 | └── kubeadm-config.yaml # kubeadm的高可用集群初始化配置文件 19 | ``` 20 | 21 | ## 执行以下命令,在各个master节点启动kubernetes高可用集群的load balancer 22 | 23 | ```bash 24 | # 设置各个master节点的kubernetes高可用集群load balancer的路径 25 | export LB_DIR=/data/k8s-lb 26 | {{ range $i, $host := $.masterHosts }} 27 | # 把load balancer配置文件复制到 {{ $host.hostname }} 节点上 28 | ssh {{ $host.hostname }} mkdir -p ${LB_DIR} && \ 29 | scp -r {{ $host.hostname }}/nginx-lb {{ $host.hostname }}/keepalived root@{{ $host.hostname }}:${LB_DIR} && \ 30 | pwd 31 | 32 | # 在 {{ $host.hostname }} 节点上启动load balancer 33 | ssh {{ $host.hostname }} "cd ${LB_DIR}/keepalived/ && docker-compose stop && docker-compose rm -f && docker-compose up -d" && \ 34 | ssh {{ $host.hostname }} "cd ${LB_DIR}/nginx-lb/ && docker-compose stop && docker-compose rm -f && docker-compose up -d" && \ 35 | pwd 36 | {{ end }} 37 | {{ $firstHost := first $.masterHosts }} 38 | 39 | # 在第一个master节点执行kubernetes controll-plane 初始化 40 | kubeadm init --config=kubeadm-config.yaml --upload-certs 41 | ``` -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/jobservice/jobservice-cm-env.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{ template "harbor.jobservice" . }}-env" 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | data: 9 | CORE_URL: "{{ template "harbor.coreURL" . }}" 10 | TOKEN_SERVICE_URL: "{{ template "harbor.tokenServiceURL" . }}" 11 | REGISTRY_URL: "{{ template "harbor.registryURL" . }}" 12 | REGISTRY_CONTROLLER_URL: "{{ template "harbor.registryControllerURL" . }}" 13 | REGISTRY_CREDENTIAL_USERNAME: "{{ .Values.registry.credentials.username }}" 14 | 15 | JOBSERVICE_WEBHOOK_JOB_MAX_RETRY: "{{ .Values.jobservice.notification.webhook_job_max_retry }}" 16 | JOBSERVICE_WEBHOOK_JOB_HTTP_CLIENT_TIMEOUT: "{{ .Values.jobservice.notification.webhook_job_http_client_timeout }}" 17 | 18 | LOG_LEVEL: "{{ .Values.logLevel }}" 19 | 20 | {{- if has "jobservice" .Values.proxy.components }} 21 | HTTP_PROXY: "{{ .Values.proxy.httpProxy }}" 22 | HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}" 23 | NO_PROXY: "{{ template "harbor.noProxy" . }}" 24 | {{- end }} 25 | {{- if .Values.metrics.enabled}} 26 | METRIC_NAMESPACE: harbor 27 | METRIC_SUBSYSTEM: jobservice 28 | {{- end }} 29 | {{- template "harbor.traceEnvsForJobservice" . }} 30 | {{- if .Values.cache.enabled }} 31 | _REDIS_URL_CORE: "{{ template "harbor.redis.urlForCore" . }}" 32 | CACHE_ENABLED: "true" 33 | CACHE_EXPIRE_HOURS: "{{ .Values.cache.expireHours }}" 34 | {{- end }} 35 | {{- if or (and (eq .Values.redis.type "internal") .Values.redis.internal.cacheLayerDatabaseIndex) (and (eq .Values.redis.type "external") .Values.redis.external.cacheLayerDatabaseIndex) }} 36 | _REDIS_URL_CACHE_LAYER: "{{ template "harbor.redis.urlForCache" . }}" 37 | {{- end }} 38 | -------------------------------------------------------------------------------- /pkg/install_scripts/dory/docker/config.json: -------------------------------------------------------------------------------- 1 | { 2 | {{- if or (eq $.dory.imageRepo.type "harbor") (eq $.dory.artifactRepo.type "nexus") }} 3 | {{- if and (eq $.dory.imageRepo.type "harbor") (eq $.dory.artifactRepo.type "nexus") }} 4 | "auths": { 5 | "{{ $.imageRepoDomainName }}": { 6 | "auth": {{ printf "%s:%s" $.imageRepoUsername $.imageRepoPassword | b64enc | quote }} 7 | }, 8 | "{{ $.artifactRepoIp }}:{{ $.artifactRepoPortHub }}": { 9 | "auth": {{ printf "%s:%s" $.artifactRepoPublicUser $.artifactRepoPublicPassword | b64enc | quote }} 10 | }, 11 | "{{ $.artifactRepoIp }}:{{ $.artifactRepoPortGcr }}": { 12 | "auth": {{ printf "%s:%s" $.artifactRepoPublicUser $.artifactRepoPublicPassword | b64enc | quote }} 13 | }, 14 | "{{ $.artifactRepoIp }}:{{ $.artifactRepoPortQuay }}": { 15 | "auth": {{ printf "%s:%s" $.artifactRepoPublicUser $.artifactRepoPublicPassword | b64enc | quote }} 16 | } 17 | } 18 | {{- else if eq $.dory.imageRepo.type "harbor" }} 19 | "auths": { 20 | "{{ $.imageRepoDomainName }}": { 21 | "auth": {{ printf "%s:%s" $.imageRepoUsername $.imageRepoPassword | b64enc | quote }} 22 | } 23 | } 24 | {{- else if eq $.dory.artifactRepo.type "nexus" }} 25 | "auths": { 26 | "{{ $.artifactRepoIp }}:{{ $.artifactRepoPortHub }}": { 27 | "auth": {{ printf "%s:%s" $.artifactRepoPublicUser $.artifactRepoPublicPassword | b64enc | quote }} 28 | }, 29 | "{{ $.artifactRepoIp }}:{{ $.artifactRepoPortGcr }}": { 30 | "auth": {{ printf "%s:%s" $.artifactRepoPublicUser $.artifactRepoPublicPassword | b64enc | quote }} 31 | }, 32 | "{{ $.artifactRepoIp }}:{{ $.artifactRepoPortQuay }}": { 33 | "auth": {{ printf "%s:%s" $.artifactRepoPublicUser $.artifactRepoPublicPassword | b64enc | quote }} 34 | } 35 | } 36 | {{- end }} 37 | {{- end }} 38 | } 39 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/exporter/exporter-cm-env.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: "{{ template "harbor.exporter" . }}-env" 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | data: 9 | {{- if has "jobservice" .Values.proxy.components }} 10 | HTTP_PROXY: "{{ .Values.proxy.httpProxy }}" 11 | HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}" 12 | NO_PROXY: "{{ template "harbor.noProxy" . }}" 13 | {{- end }} 14 | LOG_LEVEL: "{{ .Values.logLevel }}" 15 | HARBOR_EXPORTER_PORT: "{{ .Values.metrics.exporter.port }}" 16 | HARBOR_EXPORTER_METRICS_PATH: "{{ .Values.metrics.exporter.path }}" 17 | HARBOR_EXPORTER_METRICS_ENABLED: "{{ .Values.metrics.enabled }}" 18 | HARBOR_EXPORTER_CACHE_TIME: "{{ .Values.exporter.cacheDuration }}" 19 | HARBOR_EXPORTER_CACHE_CLEAN_INTERVAL: "{{ .Values.exporter.cacheCleanInterval }}" 20 | HARBOR_METRIC_NAMESPACE: harbor 21 | HARBOR_METRIC_SUBSYSTEM: exporter 22 | HARBOR_REDIS_URL: "{{ template "harbor.redis.urlForJobservice" . }}" 23 | HARBOR_REDIS_NAMESPACE: harbor_job_service_namespace 24 | HARBOR_REDIS_TIMEOUT: "3600" 25 | HARBOR_SERVICE_SCHEME: "{{ template "harbor.component.scheme" . }}" 26 | HARBOR_SERVICE_HOST: "{{ template "harbor.core" . }}" 27 | HARBOR_SERVICE_PORT: "{{ template "harbor.core.servicePort" . }}" 28 | HARBOR_DATABASE_HOST: "{{ template "harbor.database.host" . }}" 29 | HARBOR_DATABASE_PORT: "{{ template "harbor.database.port" . }}" 30 | HARBOR_DATABASE_USERNAME: "{{ template "harbor.database.username" . }}" 31 | HARBOR_DATABASE_DBNAME: "{{ template "harbor.database.coreDatabase" . }}" 32 | HARBOR_DATABASE_SSLMODE: "{{ template "harbor.database.sslmode" . }}" 33 | HARBOR_DATABASE_MAX_IDLE_CONNS: "{{ .Values.database.maxIdleConns }}" 34 | HARBOR_DATABASE_MAX_OPEN_CONNS: "{{ .Values.database.maxOpenConns }}" 35 | {{- end}} -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/dory-engine/dorycli 2 | 3 | go 1.24.0 4 | 5 | toolchain go1.24.3 6 | 7 | require ( 8 | github.com/Masterminds/sprig v2.22.0+incompatible 9 | github.com/Xuanwo/go-locale v1.1.3 10 | github.com/fatih/color v1.18.0 11 | github.com/go-playground/validator/v10 v10.27.0 12 | github.com/gorilla/websocket v1.5.3 13 | github.com/nicksnyder/go-i18n/v2 v2.6.0 14 | github.com/olekukonko/tablewriter v1.0.9 15 | github.com/spf13/cobra v1.9.1 16 | github.com/tidwall/gjson v1.18.0 17 | github.com/tidwall/sjson v1.2.5 18 | golang.org/x/crypto v0.41.0 19 | golang.org/x/text v0.28.0 20 | gopkg.in/yaml.v3 v3.0.1 21 | ) 22 | 23 | require ( 24 | github.com/Masterminds/goutils v1.1.1 // indirect 25 | github.com/Masterminds/semver v1.5.0 // indirect 26 | github.com/gabriel-vasile/mimetype v1.4.9 // indirect 27 | github.com/go-playground/locales v0.14.1 // indirect 28 | github.com/go-playground/universal-translator v0.18.1 // indirect 29 | github.com/google/uuid v1.6.0 // indirect 30 | github.com/huandu/xstrings v1.5.0 // indirect 31 | github.com/imdario/mergo v0.3.16 // indirect 32 | github.com/inconshreveable/mousetrap v1.1.0 // indirect 33 | github.com/leodido/go-urn v1.4.0 // indirect 34 | github.com/mattn/go-colorable v0.1.14 // indirect 35 | github.com/mattn/go-isatty v0.0.20 // indirect 36 | github.com/mattn/go-runewidth v0.0.16 // indirect 37 | github.com/mitchellh/copystructure v1.2.0 // indirect 38 | github.com/mitchellh/reflectwalk v1.0.2 // indirect 39 | github.com/olekukonko/errors v1.1.0 // indirect 40 | github.com/olekukonko/ll v0.0.9 // indirect 41 | github.com/rivo/uniseg v0.4.7 // indirect 42 | github.com/spf13/pflag v1.0.6 // indirect 43 | github.com/tidwall/match v1.1.1 // indirect 44 | github.com/tidwall/pretty v1.2.1 // indirect 45 | golang.org/x/net v0.42.0 // indirect 46 | golang.org/x/sys v0.35.0 // indirect 47 | golang.org/x/term v0.34.0 // indirect 48 | ) 49 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/exporter/exporter-cm-env.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.metrics.enabled}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: "{{ template "harbor.exporter" . }}-env" 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | data: 10 | {{- if has "jobservice" .Values.proxy.components }} 11 | HTTP_PROXY: "{{ .Values.proxy.httpProxy }}" 12 | HTTPS_PROXY: "{{ .Values.proxy.httpsProxy }}" 13 | NO_PROXY: "{{ template "harbor.noProxy" . }}" 14 | {{- end }} 15 | LOG_LEVEL: "{{ .Values.logLevel }}" 16 | HARBOR_EXPORTER_PORT: "{{ .Values.metrics.exporter.port }}" 17 | HARBOR_EXPORTER_METRICS_PATH: "{{ .Values.metrics.exporter.path }}" 18 | HARBOR_EXPORTER_METRICS_ENABLED: "{{ .Values.metrics.enabled }}" 19 | HARBOR_EXPORTER_CACHE_TIME: "{{ .Values.exporter.cacheDuration }}" 20 | HARBOR_EXPORTER_CACHE_CLEAN_INTERVAL: "{{ .Values.exporter.cacheCleanInterval }}" 21 | HARBOR_METRIC_NAMESPACE: harbor 22 | HARBOR_METRIC_SUBSYSTEM: exporter 23 | HARBOR_REDIS_URL: "{{ template "harbor.redis.urlForJobservice" . }}" 24 | HARBOR_REDIS_NAMESPACE: harbor_job_service_namespace 25 | HARBOR_REDIS_TIMEOUT: "3600" 26 | HARBOR_SERVICE_SCHEME: "{{ template "harbor.component.scheme" . }}" 27 | HARBOR_SERVICE_HOST: "{{ template "harbor.core" . }}" 28 | HARBOR_SERVICE_PORT: "{{ template "harbor.core.servicePort" . }}" 29 | HARBOR_DATABASE_HOST: "{{ template "harbor.database.host" . }}" 30 | HARBOR_DATABASE_PORT: "{{ template "harbor.database.port" . }}" 31 | HARBOR_DATABASE_USERNAME: "{{ template "harbor.database.username" . }}" 32 | HARBOR_DATABASE_DBNAME: "{{ template "harbor.database.coreDatabase" . }}" 33 | HARBOR_DATABASE_SSLMODE: "{{ template "harbor.database.sslmode" . }}" 34 | HARBOR_DATABASE_MAX_IDLE_CONNS: "{{ .Values.database.maxIdleConns }}" 35 | HARBOR_DATABASE_MAX_OPEN_CONNS: "{{ .Values.database.maxOpenConns }}" 36 | {{- end}} 37 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/core/core-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.core" .) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "harbor.core" . }} 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: Opaque 10 | data: 11 | {{- if not .Values.existingSecretSecretKey }} 12 | secretKey: {{ .Values.secretKey | b64enc | quote }} 13 | {{- end }} 14 | {{- if not .Values.core.existingSecret }} 15 | secret: {{ .Values.core.secret | default (include "harbor.secretKeyHelper" (dict "key" "secret" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }} 16 | {{- end }} 17 | {{- if not .Values.core.secretName }} 18 | {{- $ca := genCA "harbor-token-ca" 3650 }} 19 | tls.key: {{ .Values.core.tokenKey | default $ca.Key | b64enc | quote }} 20 | tls.crt: {{ .Values.core.tokenCert | default $ca.Cert | b64enc | quote }} 21 | {{- end }} 22 | {{- if not .Values.existingSecretAdminPassword }} 23 | HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }} 24 | {{- end }} 25 | {{- if not .Values.database.external.existingSecret }} 26 | POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }} 27 | {{- end }} 28 | {{- if not .Values.registry.credentials.existingSecret }} 29 | REGISTRY_CREDENTIAL_PASSWORD: {{ .Values.registry.credentials.password | b64enc | quote }} 30 | {{- end }} 31 | {{- if not .Values.core.existingXsrfSecret }} 32 | CSRF_KEY: {{ .Values.core.xsrfKey | default (include "harbor.secretKeyHelper" (dict "key" "CSRF_KEY" "data" $existingSecret.data)) | default (randAlphaNum 32) | b64enc | quote }} 33 | {{- end }} 34 | {{- if .Values.core.configureUserSettings }} 35 | CONFIG_OVERWRITE_JSON: {{ .Values.core.configureUserSettings | b64enc | quote }} 36 | {{- end }} 37 | {{- template "harbor.traceJaegerPassword" . }} 38 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/project-data-pod.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: StatefulSet 4 | metadata: 5 | labels: 6 | app: project-data-pod 7 | name: project-data-pod 8 | namespace: {{ $.dory.namespace }} 9 | spec: 10 | replicas: 1 11 | selector: 12 | matchLabels: 13 | app: project-data-pod 14 | serviceName: project-data-pod 15 | template: 16 | metadata: 17 | labels: 18 | app: project-data-pod 19 | spec: 20 | containers: 21 | - command: 22 | - cat 23 | tty: true 24 | image: {{ if eq $.dory.imageRepo.type "harbor" }}{{ $.imageRepoDomainName }}/public/{{ else }}doryengine/{{ end }}alpine:3.17.2-dory 25 | imagePullPolicy: IfNotPresent 26 | name: project-data-pod 27 | volumeMounts: 28 | - mountPath: /etc/timezone 29 | name: configmap-timezone 30 | readOnly: true 31 | subPath: timezone 32 | - mountPath: /etc/localtime 33 | name: zoneinfo 34 | readOnly: true 35 | subPath: {{ $.kubernetes.timezone }} 36 | - mountPath: /usr/share/zoneinfo 37 | name: zoneinfo 38 | readOnly: true 39 | - mountPath: /project-data 40 | name: project-data-pvc 41 | subPath: . 42 | env: 43 | - name: TZ 44 | value: {{ $.kubernetes.timezone }} 45 | {{- if eq $.dory.imageRepo.type "harbor" }} 46 | imagePullSecrets: 47 | - name: {{ $.imageRepoDomainName }} 48 | {{- end }} 49 | volumes: 50 | - name: configmap-timezone 51 | configMap: 52 | name: configmap-timezone 53 | items: 54 | - key: timezone 55 | path: timezone 56 | - name: zoneinfo 57 | hostPath: 58 | path: /usr/share/zoneinfo 59 | type: Directory 60 | - name: project-data-pvc 61 | persistentVolumeClaim: 62 | claimName: project-data-pvc 63 | -------------------------------------------------------------------------------- /pkg/install_scripts/zh-push-images.sh: -------------------------------------------------------------------------------- 1 | # 在 {{ $.dory.imageRepo.type }} 中创建 public, hub, gcr, quay 四个项目 2 | curl -k -X POST -u {{ $.imageRepoUsername }}:{{ $.imageRepoPassword }} -H 'Content-Type: application/json' -d '{"project_name": "public", "public": true}' 'https://{{ $.imageRepoDomainName }}/api/v2.0/projects' 3 | curl -k -X POST -u {{ $.imageRepoUsername }}:{{ $.imageRepoPassword }} -H 'Content-Type: application/json' -d '{"project_name": "hub", "public": true}' 'https://{{ $.imageRepoDomainName }}/api/v2.0/projects' 4 | curl -k -X POST -u {{ $.imageRepoUsername }}:{{ $.imageRepoPassword }} -H 'Content-Type: application/json' -d '{"project_name": "gcr", "public": true}' 'https://{{ $.imageRepoDomainName }}/api/v2.0/projects' 5 | curl -k -X POST -u {{ $.imageRepoUsername }}:{{ $.imageRepoPassword }} -H 'Content-Type: application/json' -d '{"project_name": "quay", "public": true}' 'https://{{ $.imageRepoDomainName }}/api/v2.0/projects' 6 | 7 | # 设置只有管理员可以创建项目 8 | curl -k -X PUT -u {{ $.imageRepoUsername }}:{{ $.imageRepoPassword }} -H 'Content-Type: application/json' -d '{"project_creation_restriction": "adminonly"}' 'https://{{ $.imageRepoDomainName }}/api/v2.0/configurations' 9 | 10 | # 设置 {{ $.kubernetes.runtime }} 客户端登录到 {{ $.dory.imageRepo.type }} 11 | {{ $.cmdLogin }} --username {{ $.imageRepoUsername }} --password {{ $.imageRepoPassword }} {{ $.imageRepoDomainName }} 12 | 13 | # 把之前拉取的容器镜像推送到 {{ $.dory.imageRepo.type }} 14 | {{- range $_, $image := $.dockerImages }} 15 | {{ $.cmdTag }} {{ if $image.dockerFile }}{{ $image.built }}{{ else }}{{ $image.source }}{{ end }} {{ $.imageRepoDomainName }}/{{ $image.target }} 16 | {{- if $image.arm64 }} 17 | {{ $.cmdTag }} {{ if $image.dockerFile }}{{ $image.built }}-arm64v8{{ else }}{{ $image.arm64 }}{{ end }} {{ $.imageRepoDomainName }}/{{ $image.target }}-arm64v8 18 | {{- end }} 19 | {{- end }} 20 | 21 | {{ range $_, $image := $.dockerImages }} 22 | {{ $.cmdPush }} {{ $.imageRepoDomainName }}/{{ $image.target }} 23 | {{- if $image.arm64 }} 24 | {{ $.cmdPush }} {{ $.imageRepoDomainName }}/{{ $image.target }}-arm64v8 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes-ha/zh-kubernetes-ha.yaml: -------------------------------------------------------------------------------- 1 | # 需要安装的kubernetes的版本 2 | version: "v1.27.3" 3 | # kubernetes的镜像仓库设置,如果不设置,那么使用官方的默认镜像仓库 4 | imageRepository: "registry.cn-hangzhou.aliyuncs.com/google_containers" 5 | # keepalived镜像 6 | keepalivedImage: "osixia/keepalived:release-2.1.5-dev" 7 | # nginx-lb镜像 8 | nginxlbImage: "nginx:1.27.0-alpine" 9 | # 使用keepalived创建的高可用kubernetes集群的浮动ip地址 10 | virtualIp: 192.168.0.100 11 | # 使用nginx映射的高可用kubernetes集群的apiserver映射端口 12 | virtualPort: 16443 13 | # 浮动ip地址映射的主机名,请在/etc/hosts配置文件中进行主机名映射设置 14 | virtualHostname: k8s-vip 15 | # kubernetes的容器运行时socket 16 | # docker情况下: unix:///var/run/cri-dockerd.sock 17 | # containerd情况下: unix:///var/run/containerd/containerd.sock 18 | # cri-o情况下: unix:///var/run/crio/crio.sock 19 | criSocket: unix:///var/run/cri-dockerd.sock 20 | # kubernetes集群的pod子网地址,如果不设置,使用默认的pod子网地址 21 | podSubnet: "10.244.0.0/24" 22 | # kubernetes集群的service子网地址,如果不设置,使用默认的service子网地址 23 | serviceSubnet: "10.96.0.0/16" 24 | # keepalived的鉴权密码,如果不设置那么使用随机生成的密码 25 | keepAlivedAuthPass: "input_your_password" 26 | # keepalived的virtual_router_id设置 27 | keepAlivedVirtualRouterId: 101 28 | # kubernetes的controlplane控制平面的主机配置,高可用master节点数量必须为单数并且至少3台 29 | masterHosts: 30 | # master节点的主机名,请在/etc/hosts配置文件中进行主机名映射设置 31 | - hostname: k8s-master01 32 | # master节点的IP地址 33 | ipAddress: 192.168.0.1 34 | # master节点互访使用的网卡名字,用于keepalived网卡绑定 35 | networkInterface: eth0 36 | # keepalived选举优先级,数值越大优先级越高,各个master节点的优先级不能一样 37 | keepalivedPriority: 120 38 | # master节点的主机名,请在/etc/hosts配置文件中进行主机名映射设置 39 | - hostname: k8s-master02 40 | # master节点的IP地址 41 | ipAddress: 192.168.0.2 42 | # master节点互访使用的网卡名字,用于keepalived网卡绑定 43 | networkInterface: eth0 44 | # keepalived选举优先级,数值越大优先级越高,各个master节点的优先级不能一样 45 | keepalivedPriority: 110 46 | # master节点的主机名,请在/etc/hosts配置文件中进行主机名映射设置 47 | - hostname: k8s-master03 48 | # master节点的IP地址 49 | ipAddress: 192.168.0.3 50 | # master节点互访使用的网卡名字,用于keepalived网卡绑定 51 | networkInterface: eth0 52 | # keepalived选举优先级,数值越大优先级越高,各个master节点的优先级不能一样 53 | keepalivedPriority: 100 54 | -------------------------------------------------------------------------------- /cmd/install_ha_print.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | ) 8 | 9 | type OptionsInstallHaPrint struct { 10 | *OptionsCommon `yaml:"optionsCommon" json:"optionsCommon" bson:"optionsCommon" validate:""` 11 | } 12 | 13 | func NewOptionsInstallHaPrint() *OptionsInstallHaPrint { 14 | var o OptionsInstallHaPrint 15 | o.OptionsCommon = OptCommon 16 | return &o 17 | } 18 | 19 | func NewCmdInstallHaPrint() *cobra.Command { 20 | o := NewOptionsInstallHaPrint() 21 | 22 | baseName := pkg.GetCmdBaseName() 23 | msgUse := fmt.Sprintf("print") 24 | 25 | _ = OptCommon.GetOptionsCommon() 26 | msgShort := OptCommon.TransLang("cmd_install_ha_print_short") 27 | msgLong := OptCommon.TransLang("cmd_install_ha_print_long") 28 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_install_ha_print_example", baseName)) 29 | 30 | cmd := &cobra.Command{ 31 | Use: msgUse, 32 | DisableFlagsInUseLine: true, 33 | Short: msgShort, 34 | Long: msgLong, 35 | Example: msgExample, 36 | Run: func(cmd *cobra.Command, args []string) { 37 | CheckError(o.Validate(args)) 38 | CheckError(o.Run(args)) 39 | }, 40 | } 41 | 42 | CheckError(o.Complete(cmd)) 43 | return cmd 44 | } 45 | 46 | func (o *OptionsInstallHaPrint) Complete(cmd *cobra.Command) error { 47 | var err error 48 | 49 | err = o.GetOptionsCommon() 50 | if err != nil { 51 | return err 52 | } 53 | 54 | return err 55 | } 56 | 57 | func (o *OptionsInstallHaPrint) Validate(args []string) error { 58 | var err error 59 | 60 | err = o.GetOptionsCommon() 61 | if err != nil { 62 | return err 63 | } 64 | 65 | return err 66 | } 67 | 68 | // Run executes the appropriate steps to print a model's documentation 69 | func (o *OptionsInstallHaPrint) Run(args []string) error { 70 | var err error 71 | 72 | bs, err := pkg.FsInstallScripts.ReadFile(fmt.Sprintf("%s/kubernetes-ha/%s-kubernetes-ha.yaml", pkg.DirInstallScripts, o.Language)) 73 | if err != nil { 74 | return err 75 | } 76 | fmt.Println(string(bs)) 77 | return err 78 | } 79 | -------------------------------------------------------------------------------- /pkg/install_scripts/docker-files/Dockerfile-ansible: -------------------------------------------------------------------------------- 1 | FROM {{ $.source }} 2 | 3 | LABEL maintainer="cookeem" 4 | LABEL email="cookeem@qq.com" 5 | LABEL version="2.12.2" 6 | 7 | RUN echo "===> Installing sudo to emulate normal OS behavior..." && \ 8 | sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \ 9 | apk --update add sudo && \ 10 | echo "===> Adding Python runtime..." && \ 11 | apk --update add git curl zip jq tree htop bash && \ 12 | apk --update add python3 py3-pip openssl ca-certificates && \ 13 | apk --update add --virtual build-dependencies python3-dev libffi-dev openssl-dev build-base cargo && \ 14 | apk --update add gcc python3-dev musl-dev linux-headers && \ 15 | update-ca-certificates && \ 16 | \ 17 | mkdir -p ~/.pip/ && \ 18 | echo '[global]' >> ~/.pip/pip.conf && \ 19 | echo 'index-url = https://mirrors.aliyun.com/pypi/simple/' >> ~/.pip/pip.conf && \ 20 | echo '[install]' >> ~/.pip/pip.conf && \ 21 | echo 'trusted-host=mirrors.aliyun.com' >> ~/.pip/pip.conf && \ 22 | \ 23 | pip install --upgrade pip cffi && \ 24 | \ 25 | echo "===> Installing Ansible..." && \ 26 | pip install setuptools_rust && \ 27 | pip install ansible==5.3.0 && \ 28 | \ 29 | echo "===> Installing handy tools (not absolutely required)..." && \ 30 | pip install --upgrade pycrypto pywinrm psutil openstacksdk && \ 31 | apk --update add sshpass openssh-client rsync && \ 32 | \ 33 | echo "===> Removing package list..." && \ 34 | apk del build-dependencies && \ 35 | rm -rf /var/cache/apk/* && \ 36 | \ 37 | echo "===> Adding hosts for convenience..." && \ 38 | mkdir -p /etc/ansible && \ 39 | echo 'localhost' > /etc/ansible/hosts && \ 40 | ansible-playbook --version && \ 41 | adduser -u 1000 -D -h /home/dory dory 42 | 43 | 44 | # docker build -t {{ $.target }}{{ if $.isArm64}}-arm64v8{{ end }} -f Dockerfile-ansible-{{ $.tagName }}{{ if $.isArm64}}-arm64v8{{ end }} . 45 | -------------------------------------------------------------------------------- /pkg/install_scripts/en-push-images.sh: -------------------------------------------------------------------------------- 1 | # create public, hub, gcr, quay projects in {{ $.dory.imageRepo.type }} 2 | curl -k -X POST -u {{ $.imageRepoUsername }}:{{ $.imageRepoPassword }} -H 'Content-Type: application/json' -d '{"project_name": "public", "public": true}' 'https://{{ $.imageRepoDomainName }}/api/v2.0/projects' 3 | curl -k -X POST -u {{ $.imageRepoUsername }}:{{ $.imageRepoPassword }} -H 'Content-Type: application/json' -d '{"project_name": "hub", "public": true}' 'https://{{ $.imageRepoDomainName }}/api/v2.0/projects' 4 | curl -k -X POST -u {{ $.imageRepoUsername }}:{{ $.imageRepoPassword }} -H 'Content-Type: application/json' -d '{"project_name": "gcr", "public": true}' 'https://{{ $.imageRepoDomainName }}/api/v2.0/projects' 5 | curl -k -X POST -u {{ $.imageRepoUsername }}:{{ $.imageRepoPassword }} -H 'Content-Type: application/json' -d '{"project_name": "quay", "public": true}' 'https://{{ $.imageRepoDomainName }}/api/v2.0/projects' 6 | 7 | # set configuration only admin can create projects 8 | curl -k -X PUT -u {{ $.imageRepoUsername }}:{{ $.imageRepoPassword }} -H 'Content-Type: application/json' -d '{"project_creation_restriction": "adminonly"}' 'https://{{ $.imageRepoDomainName }}/api/v2.0/configurations' 9 | 10 | # {{ $.kubernetes.runtime }} client login to {{ $.dory.imageRepo.type }} 11 | {{ $.cmdLogin }} --username {{ $.imageRepoUsername }} --password {{ $.imageRepoPassword }} {{ $.imageRepoDomainName }} 12 | 13 | # push container images to {{ $.dory.imageRepo.type }} 14 | {{- range $_, $image := $.dockerImages }} 15 | {{ $.cmdTag }} {{ if $image.dockerFile }}{{ $image.built }}{{ else }}{{ $image.source }}{{ end }} {{ $.imageRepoDomainName }}/{{ $image.target }} 16 | {{- if $image.arm64 }} 17 | {{ $.cmdTag }} {{ if $image.dockerFile }}{{ $image.built }}-arm64v8{{ else }}{{ $image.arm64 }}{{ end }} {{ $.imageRepoDomainName }}/{{ $image.target }}-arm64v8 18 | {{- end }} 19 | {{- end }} 20 | 21 | {{ range $_, $image := $.dockerImages }} 22 | {{ $.cmdPush }} {{ $.imageRepoDomainName }}/{{ $image.target }} 23 | {{- if $image.arm64 }} 24 | {{ $.cmdPush }} {{ $.imageRepoDomainName }}/{{ $image.target }}-arm64v8 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/step04-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: docker 6 | namespace: {{ $.dory.namespace }} 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | app: docker 11 | policyTypes: 12 | - Ingress 13 | ingress: 14 | - from: 15 | - namespaceSelector: 16 | matchLabels: 17 | kubernetes.io/metadata.name: {{ $.dory.namespace }} 18 | podSelector: 19 | matchLabels: 20 | app: dory-engine 21 | 22 | --- 23 | apiVersion: networking.k8s.io/v1 24 | kind: NetworkPolicy 25 | metadata: 26 | name: project-data-pod 27 | namespace: {{ $.dory.namespace }} 28 | spec: 29 | podSelector: 30 | matchLabels: 31 | app: project-data-pod 32 | policyTypes: 33 | - Ingress 34 | ingress: 35 | - from: 36 | - namespaceSelector: 37 | matchLabels: 38 | kubernetes.io/metadata.name: {{ $.dory.namespace }} 39 | podSelector: 40 | matchLabels: 41 | app: dory-engine 42 | 43 | --- 44 | apiVersion: networking.k8s.io/v1 45 | kind: NetworkPolicy 46 | metadata: 47 | name: mongo-dory 48 | namespace: {{ $.dory.namespace }} 49 | spec: 50 | podSelector: 51 | matchLabels: 52 | app: mongo-dory 53 | policyTypes: 54 | - Ingress 55 | ingress: 56 | - from: 57 | - namespaceSelector: 58 | matchLabels: 59 | kubernetes.io/metadata.name: {{ $.dory.namespace }} 60 | podSelector: 61 | matchLabels: 62 | app: dory-engine 63 | 64 | --- 65 | apiVersion: networking.k8s.io/v1 66 | kind: NetworkPolicy 67 | metadata: 68 | name: redis-dory 69 | namespace: {{ $.dory.namespace }} 70 | spec: 71 | podSelector: 72 | matchLabels: 73 | app: redis-dory 74 | policyTypes: 75 | - Ingress 76 | ingress: 77 | - from: 78 | - namespaceSelector: 79 | matchLabels: 80 | kubernetes.io/metadata.name: {{ $.dory.namespace }} 81 | podSelector: 82 | matchLabels: 83 | app: dory-engine 84 | 85 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes-ha/en-README.md: -------------------------------------------------------------------------------- 1 | # High availability kubernetes cluster deployment 2 | 3 | - Please refer to the documentation for installation details: [https://github.com/cookeem/kubeadm-ha](https://github.com/cookeem/kubeadm-ha/blob/master/README-EN.md) 4 | 5 | ## The directory structure is as follows 6 | 7 | ```text 8 | {{- range $_, $host := $.masterHosts }} 9 | ├── {{ $host.hostname }} # Please copy this directory to {{ $host.hostname }} node host 10 | │ ├── keepalived # docker-compose file and configuration file directory of keepalived service 11 | │ │ ├── check_apiserver.sh # kubernetes apiserver check script for keepalived 12 | │ │ ├── docker-compose.yaml # Use 'docker-compose up -d' to start the keepalived service 13 | │ │ └── keepalived.conf # keepalived configuration file 14 | │ └── nginx-lb # docker-compose file and configuration file directory of nginx-lb service 15 | │ ├── docker-compose.yaml # Use 'docker-compose up -d' to start nginx-lb service 16 | │ └── nginx-lb.conf # nginx-lb configuration file 17 | {{- end }} 18 | └── kubeadm-config.yaml # kubeadm high availability cluster initialization configuration file 19 | ``` 20 | 21 | ## Execute the following command to start the load balancer of the kubernetes high-availability cluster on each master node 22 | 23 | ```bash 24 | # Set the path of the kubernetes high-availability cluster load balancer of each master node 25 | export LB_DIR=/data/k8s-lb 26 | {{ range $i, $host := $.masterHosts }} 27 | # Copy the load balancer configuration file to {{ $host.hostname }} node 28 | ssh {{ $host.hostname }} mkdir -p ${LB_DIR} && \ 29 | scp -r {{ $host.hostname }}/nginx-lb {{ $host.hostname }}/keepalived root@{{ $host.hostname }}:${LB_DIR} && \ 30 | pwd 31 | 32 | # Start load balancer on {{ $host.hostname }} node 33 | ssh {{ $host.hostname }} "cd ${LB_DIR}/keepalived/ && docker-compose stop && docker-compose rm -f && docker-compose up -d" && \ 34 | ssh {{ $host.hostname }} "cd ${LB_DIR}/nginx-lb/ && docker-compose stop && docker-compose rm -f && docker-compose up -d" && \ 35 | pwd 36 | {{ end }} 37 | {{ $firstHost := first $.masterHosts }} 38 | 39 | # Execute kubernetes controll-plane initialization on the first master node 40 | kubeadm init --config=kubeadm-config.yaml --upload-certs 41 | ``` -------------------------------------------------------------------------------- /cmd/logout.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | "os" 8 | ) 9 | 10 | type OptionsLogout struct { 11 | *OptionsCommon `yaml:"optionsCommon" json:"optionsCommon" bson:"optionsCommon" validate:""` 12 | } 13 | 14 | func NewOptionsLogout() *OptionsLogout { 15 | var o OptionsLogout 16 | o.OptionsCommon = OptCommon 17 | return &o 18 | } 19 | 20 | func NewCmdLogout() *cobra.Command { 21 | o := NewOptionsLogout() 22 | 23 | baseName := pkg.GetCmdBaseName() 24 | msgUse := fmt.Sprintf("logout") 25 | 26 | _ = OptCommon.GetOptionsCommon() 27 | msgShort := OptCommon.TransLang("cmd_logout_short") 28 | msgLong := OptCommon.TransLang("cmd_logout_long", baseName) 29 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_logout_example", baseName)) 30 | 31 | cmd := &cobra.Command{ 32 | Use: msgUse, 33 | DisableFlagsInUseLine: true, 34 | Short: msgShort, 35 | Long: msgLong, 36 | Example: msgExample, 37 | Run: func(cmd *cobra.Command, args []string) { 38 | CheckError(o.Validate(args)) 39 | CheckError(o.Run(args)) 40 | }, 41 | } 42 | 43 | CheckError(o.Complete(cmd)) 44 | return cmd 45 | } 46 | 47 | func (o *OptionsLogout) Complete(cmd *cobra.Command) error { 48 | var err error 49 | 50 | err = o.GetOptionsCommon() 51 | if err != nil { 52 | return err 53 | } 54 | 55 | return err 56 | } 57 | 58 | func (o *OptionsLogout) Validate(args []string) error { 59 | var err error 60 | 61 | err = o.GetOptionsCommon() 62 | if err != nil { 63 | return err 64 | } 65 | 66 | if len(args) > 0 { 67 | err = fmt.Errorf("command args must be empty") 68 | return err 69 | } 70 | 71 | return err 72 | } 73 | 74 | func (o *OptionsLogout) Run(args []string) error { 75 | var err error 76 | doryConfig := pkg.DoryConfig{ 77 | ServerURL: "", 78 | Insecure: o.Insecure, 79 | Timeout: o.Timeout, 80 | AccessToken: "", 81 | Language: o.Language, 82 | } 83 | bs, _ := pkg.YamlIndent(doryConfig) 84 | err = os.WriteFile(o.ConfigFile, bs, 0600) 85 | if err != nil { 86 | return err 87 | } 88 | 89 | log.Success("logout success") 90 | log.Debug(fmt.Sprintf("update %s success", o.ConfigFile)) 91 | 92 | return err 93 | } 94 | -------------------------------------------------------------------------------- /cmd/version.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | "net/http" 8 | ) 9 | 10 | type OptionsVersionRun struct { 11 | *OptionsCommon `yaml:"optionsCommon" json:"optionsCommon" bson:"optionsCommon" validate:""` 12 | } 13 | 14 | func NewOptionsVersionRun() *OptionsVersionRun { 15 | var o OptionsVersionRun 16 | o.OptionsCommon = OptCommon 17 | return &o 18 | } 19 | 20 | func NewCmdVersion() *cobra.Command { 21 | o := NewOptionsVersionRun() 22 | 23 | baseName := pkg.GetCmdBaseName() 24 | msgUse := fmt.Sprintf("version") 25 | 26 | _ = OptCommon.GetOptionsCommon() 27 | msgShort := OptCommon.TransLang("cmd_version_short") 28 | msgLong := OptCommon.TransLang("cmd_version_long", baseName) 29 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_version_example", baseName, baseName)) 30 | 31 | cmd := &cobra.Command{ 32 | Use: msgUse, 33 | DisableFlagsInUseLine: true, 34 | Short: msgShort, 35 | Long: msgLong, 36 | Example: msgExample, 37 | Run: func(cmd *cobra.Command, args []string) { 38 | CheckError(o.Complete(cmd)) 39 | CheckError(o.Validate(args)) 40 | CheckError(o.Run(args)) 41 | }, 42 | } 43 | 44 | return cmd 45 | } 46 | 47 | func (o *OptionsVersionRun) Complete(cmd *cobra.Command) error { 48 | var err error 49 | err = o.GetOptionsCommon() 50 | return err 51 | } 52 | 53 | func (o *OptionsVersionRun) Validate(args []string) error { 54 | var err error 55 | return err 56 | } 57 | 58 | func (o *OptionsVersionRun) Run(args []string) error { 59 | var err error 60 | baseName := pkg.GetCmdBaseName() 61 | fmt.Println(fmt.Sprintf("%s version: %s", baseName, pkg.VersionDoryCli)) 62 | fmt.Println(fmt.Sprintf("# install dory-engine version: %s", pkg.VersionDoryEngine)) 63 | fmt.Println(fmt.Sprintf("# install dory-console version: %s", pkg.VersionDoryFrontend)) 64 | if o.ServerURL != "" { 65 | fmt.Println(fmt.Sprintf("connected Dory-Engine URL: %s", o.ServerURL)) 66 | if o.AccessToken != "" { 67 | param := map[string]interface{}{} 68 | result, _, err := o.QueryAPI(fmt.Sprintf("api/public/about"), http.MethodGet, "", param, false) 69 | if err != nil { 70 | return err 71 | } 72 | appInfo := result.Get("data.app").String() 73 | versionInfo := result.Get("data.version").String() 74 | fmt.Println(fmt.Sprintf("connected Dory-Engine version: %s:%s", appInfo, versionInfo)) 75 | } 76 | } 77 | 78 | return err 79 | } 80 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/registry/registry-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: "{{ template "harbor.registry" . }}" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | type: Opaque 8 | data: 9 | REGISTRY_HTTP_SECRET: {{ .Values.registry.secret | default (randAlphaNum 16) | b64enc | quote }} 10 | {{- if not .Values.redis.external.existingSecret }} 11 | REGISTRY_REDIS_PASSWORD: {{ include "harbor.redis.password" . | b64enc | quote }} 12 | {{- end }} 13 | {{- $storage := .Values.persistence.imageChartStorage }} 14 | {{- $type := $storage.type }} 15 | {{- if and (eq $type "azure") (not $storage.azure.existingSecret) }} 16 | REGISTRY_STORAGE_AZURE_ACCOUNTKEY: {{ $storage.azure.accountkey | b64enc | quote }} 17 | {{- else if and (and (eq $type "gcs") (not $storage.gcs.existingSecret)) (not $storage.gcs.useWorkloadIdentity) }} 18 | GCS_KEY_DATA: {{ $storage.gcs.encodedkey | quote }} 19 | {{- else if eq $type "s3" }} 20 | {{- if and (not $storage.s3.existingSecret) ($storage.s3.accesskey) }} 21 | REGISTRY_STORAGE_S3_ACCESSKEY: {{ $storage.s3.accesskey | b64enc | quote }} 22 | {{- end }} 23 | {{- if and (not $storage.s3.existingSecret) ($storage.s3.secretkey) }} 24 | REGISTRY_STORAGE_S3_SECRETKEY: {{ $storage.s3.secretkey | b64enc | quote }} 25 | {{- end }} 26 | {{- else if eq $type "swift" }} 27 | REGISTRY_STORAGE_SWIFT_PASSWORD: {{ $storage.swift.password | b64enc | quote }} 28 | {{- if $storage.swift.secretkey }} 29 | REGISTRY_STORAGE_SWIFT_SECRETKEY: {{ $storage.swift.secretkey | b64enc | quote }} 30 | {{- end }} 31 | {{- if $storage.swift.accesskey }} 32 | REGISTRY_STORAGE_SWIFT_ACCESSKEY: {{ $storage.swift.accesskey | b64enc | quote }} 33 | {{- end }} 34 | {{- else if eq $type "oss" }} 35 | REGISTRY_STORAGE_OSS_ACCESSKEYSECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }} 36 | {{- end }} 37 | {{- if not .Values.registry.credentials.existingSecret }} 38 | --- 39 | apiVersion: v1 40 | kind: Secret 41 | metadata: 42 | name: "{{ template "harbor.registry" . }}-htpasswd" 43 | labels: 44 | {{ include "harbor.labels" . | indent 4 }} 45 | type: Opaque 46 | data: 47 | {{- if .Values.registry.credentials.htpasswdString }} 48 | REGISTRY_HTPASSWD: {{ .Values.registry.credentials.htpasswdString | b64enc | quote }} 49 | {{- else }} 50 | REGISTRY_HTPASSWD: {{ htpasswd .Values.registry.credentials.username .Values.registry.credentials.password | b64enc | quote }} 51 | {{- end }} 52 | {{- end }} 53 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/jobservice/jobservice-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{ template "harbor.jobservice" . }}" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | data: 8 | config.yml: |+ 9 | #Server listening port 10 | protocol: "{{ template "harbor.component.scheme" . }}" 11 | port: {{ template "harbor.jobservice.containerPort". }} 12 | {{- if .Values.internalTLS.enabled }} 13 | https_config: 14 | cert: "/etc/harbor/ssl/jobservice/tls.crt" 15 | key: "/etc/harbor/ssl/jobservice/tls.key" 16 | {{- end }} 17 | worker_pool: 18 | workers: {{ .Values.jobservice.maxJobWorkers }} 19 | backend: "redis" 20 | redis_pool: 21 | redis_url: "{{ template "harbor.redis.urlForJobservice" . }}" 22 | namespace: "harbor_job_service_namespace" 23 | idle_timeout_second: 3600 24 | job_loggers: 25 | {{- if has "file" .Values.jobservice.jobLoggers }} 26 | - name: "FILE" 27 | level: {{ .Values.logLevel | upper }} 28 | settings: # Customized settings of logger 29 | base_dir: "/var/log/jobs" 30 | sweeper: 31 | duration: {{ .Values.jobservice.loggerSweeperDuration }} #days 32 | settings: # Customized settings of sweeper 33 | work_dir: "/var/log/jobs" 34 | {{- end }} 35 | {{- if has "database" .Values.jobservice.jobLoggers }} 36 | - name: "DB" 37 | level: {{ .Values.logLevel | upper }} 38 | sweeper: 39 | duration: {{ .Values.jobservice.loggerSweeperDuration }} #days 40 | {{- end }} 41 | {{- if has "stdout" .Values.jobservice.jobLoggers }} 42 | - name: "STD_OUTPUT" 43 | level: {{ .Values.logLevel | upper }} 44 | {{- end }} 45 | metric: 46 | enabled: {{ .Values.metrics.enabled }} 47 | path: {{ .Values.metrics.jobservice.path }} 48 | port: {{ .Values.metrics.jobservice.port }} 49 | #Loggers for the job service 50 | loggers: 51 | - name: "STD_OUTPUT" 52 | level: {{ .Values.logLevel | upper }} 53 | reaper: 54 | # the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24 55 | max_update_hours: {{ .Values.jobservice.reaper.max_update_hours }} 56 | # the max time for execution in running state without new task created 57 | max_dangling_hours: {{ .Values.jobservice.reaper.max_dangling_hours }} 58 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/core/core-pre-upgrade-job.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enableMigrateHelmHook }} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: migration-job 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | component: migrator 9 | annotations: 10 | # This is what defines this resource as a hook. Without this line, the 11 | # job is considered part of the release. 12 | "helm.sh/hook": pre-upgrade 13 | "helm.sh/hook-weight": "-5" 14 | spec: 15 | template: 16 | metadata: 17 | labels: 18 | {{ include "harbor.matchLabels" . | indent 8 }} 19 | component: migrator 20 | spec: 21 | restartPolicy: Never 22 | securityContext: 23 | runAsUser: 10000 24 | fsGroup: 10000 25 | {{- if .Values.core.serviceAccountName }} 26 | serviceAccountName: {{ .Values.core.serviceAccountName }} 27 | {{- end -}} 28 | {{- with .Values.imagePullSecrets }} 29 | imagePullSecrets: 30 | {{- toYaml . | nindent 8 }} 31 | {{- end }} 32 | terminationGracePeriodSeconds: 120 33 | containers: 34 | - name: core-job 35 | image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }} 36 | imagePullPolicy: {{ .Values.imagePullPolicy }} 37 | command: ["/harbor/harbor_core", "-mode=migrate"] 38 | envFrom: 39 | - configMapRef: 40 | name: "{{ template "harbor.core" . }}" 41 | - secretRef: 42 | name: "{{ template "harbor.core" . }}" 43 | {{- if .Values.database.external.existingSecret }} 44 | env: 45 | - name: POSTGRESQL_PASSWORD 46 | valueFrom: 47 | secretKeyRef: 48 | name: {{ .Values.database.external.existingSecret }} 49 | key: password 50 | {{- end }} 51 | volumeMounts: 52 | - name: config 53 | mountPath: /etc/core/app.conf 54 | subPath: app.conf 55 | volumes: 56 | - name: config 57 | configMap: 58 | name: {{ template "harbor.core" . }} 59 | items: 60 | - key: app.conf 61 | path: app.conf 62 | {{- with .Values.core.nodeSelector }} 63 | nodeSelector: 64 | {{ toYaml . | indent 8 }} 65 | {{- end }} 66 | {{- with .Values.core.affinity }} 67 | affinity: 68 | {{ toYaml . | indent 8 }} 69 | {{- end }} 70 | {{- with .Values.core.tolerations }} 71 | tolerations: 72 | {{ toYaml . | indent 8 }} 73 | {{- end }} 74 | {{- end }} -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/jobservice/jobservice-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{ template "harbor.jobservice" . }}" 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | data: 9 | config.yml: |+ 10 | #Server listening port 11 | protocol: "{{ template "harbor.component.scheme" . }}" 12 | port: {{ template "harbor.jobservice.containerPort". }} 13 | {{- if .Values.internalTLS.enabled }} 14 | https_config: 15 | cert: "/etc/harbor/ssl/jobservice/tls.crt" 16 | key: "/etc/harbor/ssl/jobservice/tls.key" 17 | {{- end }} 18 | worker_pool: 19 | workers: {{ .Values.jobservice.maxJobWorkers }} 20 | backend: "redis" 21 | redis_pool: 22 | redis_url: "{{ template "harbor.redis.urlForJobservice" . }}" 23 | namespace: "harbor_job_service_namespace" 24 | idle_timeout_second: 3600 25 | job_loggers: 26 | {{- if has "file" .Values.jobservice.jobLoggers }} 27 | - name: "FILE" 28 | level: {{ .Values.logLevel | upper }} 29 | settings: # Customized settings of logger 30 | base_dir: "/var/log/jobs" 31 | sweeper: 32 | duration: {{ .Values.jobservice.loggerSweeperDuration }} #days 33 | settings: # Customized settings of sweeper 34 | work_dir: "/var/log/jobs" 35 | {{- end }} 36 | {{- if has "database" .Values.jobservice.jobLoggers }} 37 | - name: "DB" 38 | level: {{ .Values.logLevel | upper }} 39 | sweeper: 40 | duration: {{ .Values.jobservice.loggerSweeperDuration }} #days 41 | {{- end }} 42 | {{- if has "stdout" .Values.jobservice.jobLoggers }} 43 | - name: "STD_OUTPUT" 44 | level: {{ .Values.logLevel | upper }} 45 | {{- end }} 46 | metric: 47 | enabled: {{ .Values.metrics.enabled }} 48 | path: {{ .Values.metrics.jobservice.path }} 49 | port: {{ .Values.metrics.jobservice.port }} 50 | #Loggers for the job service 51 | loggers: 52 | - name: "STD_OUTPUT" 53 | level: {{ .Values.logLevel | upper }} 54 | reaper: 55 | # the max time to wait for a task to finish, if unfinished after max_update_hours, the task will be mark as error, but the task will continue to run, default value is 24 56 | max_update_hours: {{ .Values.jobservice.reaper.max_update_hours }} 57 | # the max time for execution in running state without new task created 58 | max_dangling_hours: {{ .Values.jobservice.reaper.max_dangling_hours }} 59 | -------------------------------------------------------------------------------- /.github/workflows/build-release.yml: -------------------------------------------------------------------------------- 1 | name: Go 2 | 3 | on: 4 | push: 5 | tags: 6 | - "*" 7 | 8 | jobs: 9 | createRelease: 10 | runs-on: ubuntu-latest 11 | outputs: 12 | tag_name: ${{ steps.get_tag_name.outputs.tag_name }} 13 | upload_url: ${{ steps.get_upload_url.outputs.upload_url }} 14 | steps: 15 | - uses: actions/checkout@master 16 | - id: get_tag_name 17 | run: echo "::set-output name=tag_name::${GITHUB_REF#refs/*/}" 18 | - name: Create Release 19 | id: create_release 20 | uses: actions/create-release@v1 21 | env: 22 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 23 | with: 24 | tag_name: ${{ steps.get_tag_name.outputs.tag_name }} 25 | release_name: dorycli ${{ steps.get_tag_name.outputs.tag_name }} 26 | draft: false 27 | prerelease: false 28 | body_path: CHANGELOGS/CHANGELOG-${{ steps.get_tag_name.outputs.tag_name }}.md 29 | - id: get_upload_url 30 | run: echo "::set-output name=upload_url::${{ steps.create_release.outputs.upload_url }}" 31 | 32 | build: 33 | needs: createRelease 34 | runs-on: ubuntu-latest 35 | strategy: 36 | matrix: 37 | include: 38 | - goarch: amd64 39 | goos: linux 40 | - goarch: amd64 41 | goos: darwin 42 | - goarch: arm64 43 | goos: linux 44 | - goarch: arm64 45 | goos: darwin 46 | - goarch: amd64 47 | goos: windows 48 | steps: 49 | - uses: actions/checkout@master 50 | - name: Set go build environment 51 | uses: actions/setup-go@v2 52 | with: 53 | go-version: 1.24 54 | - name: Building dorycli 55 | working-directory: . 56 | run: go mod tidy && go build 57 | env: 58 | GOOS: ${{ matrix.goos }} 59 | GOARCH: ${{ matrix.goarch }} 60 | - name: Packaging 61 | working-directory: . 62 | run: tar czvf dorycli-${{ needs.createRelease.outputs.tag_name }}-${{ matrix.goos }}-${{ matrix.goarch }}.tgz dorycli* 63 | - name: Uploading Release assets 64 | id: upload-release-asset 65 | uses: actions/upload-release-asset@v1 66 | env: 67 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 68 | with: 69 | upload_url: ${{ needs.createRelease.outputs.upload_url }} 70 | asset_path: ./dorycli-${{ needs.createRelease.outputs.tag_name }}-${{ matrix.goos }}-${{ matrix.goarch }}.tgz 71 | asset_name: dorycli-${{ needs.createRelease.outputs.tag_name }}-${{ matrix.goos }}-${{ matrix.goarch }}.tgz 72 | asset_content_type: application/gzip 73 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/portal/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{ template "harbor.portal" . }}" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | data: 8 | nginx.conf: |+ 9 | worker_processes auto; 10 | pid /tmp/nginx.pid; 11 | events { 12 | worker_connections 1024; 13 | } 14 | http { 15 | client_body_temp_path /tmp/client_body_temp; 16 | proxy_temp_path /tmp/proxy_temp; 17 | fastcgi_temp_path /tmp/fastcgi_temp; 18 | uwsgi_temp_path /tmp/uwsgi_temp; 19 | scgi_temp_path /tmp/scgi_temp; 20 | server { 21 | {{- if .Values.internalTLS.enabled }} 22 | {{- if .Values.ipFamily.ipv4.enabled}} 23 | listen {{ template "harbor.portal.containerPort" . }} ssl; 24 | {{- end }} 25 | {{- if .Values.ipFamily.ipv6.enabled}} 26 | listen [::]:{{ template "harbor.portal.containerPort" . }} ssl; 27 | {{- end }} 28 | # SSL 29 | ssl_certificate /etc/harbor/ssl/portal/tls.crt; 30 | ssl_certificate_key /etc/harbor/ssl/portal/tls.key; 31 | 32 | # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html 33 | ssl_protocols TLSv1.2; 34 | ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:'; 35 | ssl_prefer_server_ciphers on; 36 | ssl_session_cache shared:SSL:10m; 37 | {{- else }} 38 | {{- if .Values.ipFamily.ipv4.enabled }} 39 | listen {{ template "harbor.portal.containerPort" . }}; 40 | {{- end }} 41 | {{- if .Values.ipFamily.ipv6.enabled}} 42 | listen [::]:{{ template "harbor.portal.containerPort" . }}; 43 | {{- end }} 44 | {{- end }} 45 | server_name localhost; 46 | root /usr/share/nginx/html; 47 | index index.html index.htm; 48 | include /etc/nginx/mime.types; 49 | gzip on; 50 | gzip_min_length 1000; 51 | gzip_proxied expired no-cache no-store private auth; 52 | gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; 53 | location /devcenter-api-2.0 { 54 | try_files $uri $uri/ /swagger-ui-index.html; 55 | } 56 | location / { 57 | try_files $uri $uri/ /index.html; 58 | } 59 | location = /index.html { 60 | add_header Cache-Control "no-store, no-cache, must-revalidate"; 61 | } 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/core/core-pre-upgrade-job.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.enableMigrateHelmHook }} 2 | apiVersion: batch/v1 3 | kind: Job 4 | metadata: 5 | name: migration-job 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | component: migrator 10 | annotations: 11 | # This is what defines this resource as a hook. Without this line, the 12 | # job is considered part of the release. 13 | "helm.sh/hook": pre-upgrade 14 | "helm.sh/hook-weight": "-5" 15 | spec: 16 | template: 17 | metadata: 18 | labels: 19 | {{ include "harbor.matchLabels" . | indent 8 }} 20 | component: migrator 21 | spec: 22 | restartPolicy: Never 23 | securityContext: 24 | runAsUser: 10000 25 | fsGroup: 10000 26 | {{- if .Values.core.serviceAccountName }} 27 | serviceAccountName: {{ .Values.core.serviceAccountName }} 28 | {{- end -}} 29 | {{- with .Values.imagePullSecrets }} 30 | imagePullSecrets: 31 | {{- toYaml . | nindent 8 }} 32 | {{- end }} 33 | terminationGracePeriodSeconds: 120 34 | containers: 35 | - name: core-job 36 | image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }} 37 | imagePullPolicy: {{ .Values.imagePullPolicy }} 38 | command: ["/harbor/harbor_core", "-mode=migrate"] 39 | envFrom: 40 | - configMapRef: 41 | name: "{{ template "harbor.core" . }}" 42 | - secretRef: 43 | name: "{{ template "harbor.core" . }}" 44 | {{- if .Values.database.external.existingSecret }} 45 | env: 46 | - name: POSTGRESQL_PASSWORD 47 | valueFrom: 48 | secretKeyRef: 49 | name: {{ .Values.database.external.existingSecret }} 50 | key: password 51 | {{- end }} 52 | {{- if not (empty .Values.containerSecurityContext) }} 53 | securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }} 54 | {{- end }} 55 | volumeMounts: 56 | - name: config 57 | mountPath: /etc/core/app.conf 58 | subPath: app.conf 59 | volumes: 60 | - name: config 61 | configMap: 62 | name: {{ template "harbor.core" . }} 63 | items: 64 | - key: app.conf 65 | path: app.conf 66 | {{- with .Values.core.nodeSelector }} 67 | nodeSelector: 68 | {{ toYaml . | indent 8 }} 69 | {{- end }} 70 | {{- with .Values.core.affinity }} 71 | affinity: 72 | {{ toYaml . | indent 8 }} 73 | {{- end }} 74 | {{- with .Values.core.tolerations }} 75 | tolerations: 76 | {{ toYaml . | indent 8 }} 77 | {{- end }} 78 | {{- end }} 79 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/internal/auto-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }} 2 | {{- $ca := genCA "harbor-internal-ca" 3650 }} 3 | {{- $coreCN := (include "harbor.core" .) }} 4 | {{- $coreCrt := genSignedCert $coreCN (list "127.0.0.1") (list "localhost" $coreCN) 3650 $ca }} 5 | {{- $jsCN := (include "harbor.jobservice" .) }} 6 | {{- $jsCrt := genSignedCert $jsCN nil (list $jsCN) 3650 $ca }} 7 | {{- $regCN := (include "harbor.registry" .) }} 8 | {{- $regCrt := genSignedCert $regCN nil (list $regCN) 3650 $ca }} 9 | {{- $portalCN := (include "harbor.portal" .) }} 10 | {{- $portalCrt := genSignedCert $portalCN nil (list $portalCN) 3650 $ca }} 11 | 12 | --- 13 | apiVersion: v1 14 | kind: Secret 15 | metadata: 16 | name: "{{ template "harbor.internalTLS.core.secretName" . }}" 17 | labels: 18 | {{ include "harbor.labels" . | indent 4 }} 19 | type: kubernetes.io/tls 20 | data: 21 | ca.crt: {{ $ca.Cert | b64enc | quote }} 22 | tls.crt: {{ $coreCrt.Cert | b64enc | quote }} 23 | tls.key: {{ $coreCrt.Key | b64enc | quote }} 24 | 25 | --- 26 | apiVersion: v1 27 | kind: Secret 28 | metadata: 29 | name: "{{ template "harbor.internalTLS.jobservice.secretName" . }}" 30 | labels: 31 | {{ include "harbor.labels" . | indent 4 }} 32 | type: kubernetes.io/tls 33 | data: 34 | ca.crt: {{ $ca.Cert | b64enc | quote }} 35 | tls.crt: {{ $jsCrt.Cert | b64enc | quote }} 36 | tls.key: {{ $jsCrt.Key | b64enc | quote }} 37 | 38 | --- 39 | apiVersion: v1 40 | kind: Secret 41 | metadata: 42 | name: "{{ template "harbor.internalTLS.registry.secretName" . }}" 43 | labels: 44 | {{ include "harbor.labels" . | indent 4 }} 45 | type: kubernetes.io/tls 46 | data: 47 | ca.crt: {{ $ca.Cert | b64enc | quote }} 48 | tls.crt: {{ $regCrt.Cert | b64enc | quote }} 49 | tls.key: {{ $regCrt.Key | b64enc | quote }} 50 | 51 | --- 52 | apiVersion: v1 53 | kind: Secret 54 | metadata: 55 | name: "{{ template "harbor.internalTLS.portal.secretName" . }}" 56 | labels: 57 | {{ include "harbor.labels" . | indent 4 }} 58 | type: kubernetes.io/tls 59 | data: 60 | ca.crt: {{ $ca.Cert | b64enc | quote }} 61 | tls.crt: {{ $portalCrt.Cert | b64enc | quote }} 62 | tls.key: {{ $portalCrt.Key | b64enc | quote }} 63 | 64 | {{- if and .Values.trivy.enabled}} 65 | --- 66 | {{- $trivyCN := (include "harbor.trivy" .) }} 67 | {{- $trivyCrt := genSignedCert $trivyCN nil (list $trivyCN) 3650 $ca }} 68 | apiVersion: v1 69 | kind: Secret 70 | metadata: 71 | name: "{{ template "harbor.internalTLS.trivy.secretName" . }}" 72 | labels: 73 | {{ include "harbor.labels" . | indent 4 }} 74 | type: kubernetes.io/tls 75 | data: 76 | ca.crt: {{ $ca.Cert | b64enc | quote }} 77 | tls.crt: {{ $trivyCrt.Cert | b64enc | quote }} 78 | tls.key: {{ $trivyCrt.Key | b64enc | quote }} 79 | {{- end }} 80 | 81 | {{- end }} -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/step01-namespace.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: {{ $.currentNamespace }} 6 | labels: 7 | ns: {{ $.currentNamespace }} 8 | 9 | {{- if eq $.dory.imageRepo.type "harbor" }} 10 | {{- $harborDockerConfigJson := printf `{"auths": {"%s": {"username": "%s", "password": "%s", "email": "%s", "auth": "%s"}}}` $.imageRepoDomainName $.imageRepoUsername $.imageRepoPassword $.imageRepoEmail (printf "%s:%s" $.imageRepoUsername $.imageRepoPassword | b64enc) }} 11 | --- 12 | apiVersion: v1 13 | kind: Secret 14 | metadata: 15 | name: {{ $.imageRepoDomainName }} 16 | namespace: {{ $.currentNamespace }} 17 | type: kubernetes.io/dockerconfigjson 18 | data: 19 | .dockerconfigjson: | 20 | {{ $harborDockerConfigJson | b64enc | nindent 4 }} 21 | {{- end }} 22 | 23 | {{- if eq $.dory.artifactRepo.type "nexus"}} 24 | {{- $nexusDockerhubConfigJson := printf `{"auths": {"%s:%d": {"username": "%s", "password": "%s", "email": "%s", "auth": "%s"}}}` $.artifactRepoIp $.artifactRepoPortHub $.artifactRepoPublicUser $.artifactRepoPublicPassword $.artifactRepoPublicEmail (printf "%s:%s" $.artifactRepoPublicUser $.artifactRepoPublicPassword | b64enc) }} 25 | --- 26 | apiVersion: v1 27 | kind: Secret 28 | metadata: 29 | name: nexus-hub 30 | namespace: {{ $.currentNamespace }} 31 | type: kubernetes.io/dockerconfigjson 32 | data: 33 | .dockerconfigjson: | 34 | {{ $nexusDockerhubConfigJson | b64enc | nindent 4 }} 35 | 36 | {{- $nexusGcrConfigJson := printf `{"auths": {"%s:%d": {"username": "%s", "password": "%s", "email": "%s", "auth": "%s"}}}` $.artifactRepoIp $.artifactRepoPortGcr $.artifactRepoPublicUser $.artifactRepoPublicPassword $.artifactRepoPublicEmail (printf "%s:%s" $.artifactRepoPublicUser $.artifactRepoPublicPassword | b64enc) }} 37 | --- 38 | apiVersion: v1 39 | kind: Secret 40 | metadata: 41 | name: nexus-gcr 42 | namespace: {{ $.currentNamespace }} 43 | type: kubernetes.io/dockerconfigjson 44 | data: 45 | .dockerconfigjson: | 46 | {{ $nexusGcrConfigJson | b64enc | nindent 4 }} 47 | 48 | {{- $nexusQuayConfigJson := printf `{"auths": {"%s:%d": {"username": "%s", "password": "%s", "email": "%s", "auth": "%s"}}}` $.artifactRepoIp $.artifactRepoPortQuay $.artifactRepoPublicUser $.artifactRepoPublicPassword $.artifactRepoPublicEmail (printf "%s:%s" $.artifactRepoPublicUser $.artifactRepoPublicPassword | b64enc) }} 49 | --- 50 | apiVersion: v1 51 | kind: Secret 52 | metadata: 53 | name: nexus-quay 54 | namespace: {{ $.currentNamespace }} 55 | type: kubernetes.io/dockerconfigjson 56 | data: 57 | .dockerconfigjson: | 58 | {{ $nexusQuayConfigJson | b64enc | nindent 4 }} 59 | {{- end }} 60 | 61 | --- 62 | apiVersion: v1 63 | kind: ConfigMap 64 | metadata: 65 | name: configmap-timezone 66 | namespace: {{ $.currentNamespace }} 67 | data: 68 | timezone: {{ $.kubernetes.timezone }} 69 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/registry/registry-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "harbor.registry" .) }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: "{{ template "harbor.registry" . }}" 6 | namespace: {{ .Release.Namespace | quote }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | type: Opaque 10 | data: 11 | {{- if not .Values.registry.existingSecret }} 12 | REGISTRY_HTTP_SECRET: {{ .Values.registry.secret | default (include "harbor.secretKeyHelper" (dict "key" "REGISTRY_HTTP_SECRET" "data" $existingSecret.data)) | default (randAlphaNum 16) | b64enc | quote }} 13 | {{- end }} 14 | {{- if not .Values.redis.external.existingSecret }} 15 | REGISTRY_REDIS_PASSWORD: {{ include "harbor.redis.password" . | b64enc | quote }} 16 | {{- end }} 17 | {{- $storage := .Values.persistence.imageChartStorage }} 18 | {{- $type := $storage.type }} 19 | {{- if and (eq $type "azure") (not $storage.azure.existingSecret) }} 20 | REGISTRY_STORAGE_AZURE_ACCOUNTKEY: {{ $storage.azure.accountkey | b64enc | quote }} 21 | {{- else if and (and (eq $type "gcs") (not $storage.gcs.existingSecret)) (not $storage.gcs.useWorkloadIdentity) }} 22 | GCS_KEY_DATA: {{ $storage.gcs.encodedkey | quote }} 23 | {{- else if eq $type "s3" }} 24 | {{- if and (not $storage.s3.existingSecret) ($storage.s3.accesskey) }} 25 | REGISTRY_STORAGE_S3_ACCESSKEY: {{ $storage.s3.accesskey | b64enc | quote }} 26 | {{- end }} 27 | {{- if and (not $storage.s3.existingSecret) ($storage.s3.secretkey) }} 28 | REGISTRY_STORAGE_S3_SECRETKEY: {{ $storage.s3.secretkey | b64enc | quote }} 29 | {{- end }} 30 | {{- else if and (eq $type "swift") (not ($storage.swift.existingSecret)) }} 31 | REGISTRY_STORAGE_SWIFT_PASSWORD: {{ $storage.swift.password | b64enc | quote }} 32 | {{- if $storage.swift.secretkey }} 33 | REGISTRY_STORAGE_SWIFT_SECRETKEY: {{ $storage.swift.secretkey | b64enc | quote }} 34 | {{- end }} 35 | {{- if $storage.swift.accesskey }} 36 | REGISTRY_STORAGE_SWIFT_ACCESSKEY: {{ $storage.swift.accesskey | b64enc | quote }} 37 | {{- end }} 38 | {{- else if and (eq $type "oss") ((not ($storage.oss.existingSecret))) }} 39 | REGISTRY_STORAGE_OSS_ACCESSKEYSECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }} 40 | {{- end }} 41 | {{- if not .Values.registry.credentials.existingSecret }} 42 | --- 43 | apiVersion: v1 44 | kind: Secret 45 | metadata: 46 | name: "{{ template "harbor.registry" . }}-htpasswd" 47 | namespace: {{ .Release.Namespace | quote }} 48 | labels: 49 | {{ include "harbor.labels" . | indent 4 }} 50 | type: Opaque 51 | data: 52 | {{- if .Values.registry.credentials.htpasswdString }} 53 | REGISTRY_HTPASSWD: {{ .Values.registry.credentials.htpasswdString | b64enc | quote }} 54 | {{- else }} 55 | REGISTRY_HTPASSWD: {{ htpasswd .Values.registry.credentials.username .Values.registry.credentials.password | b64enc | quote }} 56 | {{- end }} 57 | {{- end }} 58 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/portal/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: "{{ template "harbor.portal" . }}" 5 | namespace: {{ .Release.Namespace | quote }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | data: 9 | nginx.conf: |+ 10 | worker_processes auto; 11 | pid /tmp/nginx.pid; 12 | events { 13 | worker_connections 1024; 14 | } 15 | http { 16 | client_body_temp_path /tmp/client_body_temp; 17 | proxy_temp_path /tmp/proxy_temp; 18 | fastcgi_temp_path /tmp/fastcgi_temp; 19 | uwsgi_temp_path /tmp/uwsgi_temp; 20 | scgi_temp_path /tmp/scgi_temp; 21 | server { 22 | {{- if .Values.internalTLS.enabled }} 23 | {{- if .Values.ipFamily.ipv4.enabled}} 24 | listen {{ template "harbor.portal.containerPort" . }} ssl; 25 | {{- end }} 26 | {{- if .Values.ipFamily.ipv6.enabled}} 27 | listen [::]:{{ template "harbor.portal.containerPort" . }} ssl; 28 | {{- end }} 29 | # SSL 30 | ssl_certificate /etc/harbor/ssl/portal/tls.crt; 31 | ssl_certificate_key /etc/harbor/ssl/portal/tls.key; 32 | 33 | # Recommendations from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html 34 | ssl_protocols TLSv1.2 TLSv1.3; 35 | {{- if .Values.internalTLS.strong_ssl_ciphers }} 36 | ssl_ciphers ECDHE+AESGCM:DHE+AESGCM:ECDHE+RSA+SHA256:DHE+RSA+SHA256:!AES128; 37 | {{ else }} 38 | ssl_ciphers '!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:'; 39 | {{- end }} 40 | ssl_prefer_server_ciphers on; 41 | ssl_session_cache shared:SSL:10m; 42 | {{- else }} 43 | {{- if .Values.ipFamily.ipv4.enabled }} 44 | listen {{ template "harbor.portal.containerPort" . }}; 45 | {{- end }} 46 | {{- if .Values.ipFamily.ipv6.enabled}} 47 | listen [::]:{{ template "harbor.portal.containerPort" . }}; 48 | {{- end }} 49 | {{- end }} 50 | server_name localhost; 51 | root /usr/share/nginx/html; 52 | index index.html index.htm; 53 | include /etc/nginx/mime.types; 54 | gzip on; 55 | gzip_min_length 1000; 56 | gzip_proxied expired no-cache no-store private auth; 57 | gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; 58 | location /devcenter-api-2.0 { 59 | try_files $uri $uri/ /swagger-ui-index.html; 60 | } 61 | location / { 62 | try_files $uri $uri/ /index.html; 63 | } 64 | location = /index.html { 65 | add_header Cache-Control "no-store, no-cache, must-revalidate"; 66 | } 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/internal/auto-tls.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }} 2 | {{- $ca := genCA "harbor-internal-ca" 3650 }} 3 | {{- $coreCN := (include "harbor.core" .) }} 4 | {{- $coreCrt := genSignedCert $coreCN (list "127.0.0.1") (list "localhost" $coreCN) 3650 $ca }} 5 | {{- $jsCN := (include "harbor.jobservice" .) }} 6 | {{- $jsCrt := genSignedCert $jsCN nil (list $jsCN) 3650 $ca }} 7 | {{- $regCN := (include "harbor.registry" .) }} 8 | {{- $regCrt := genSignedCert $regCN nil (list $regCN) 3650 $ca }} 9 | {{- $portalCN := (include "harbor.portal" .) }} 10 | {{- $portalCrt := genSignedCert $portalCN nil (list $portalCN) 3650 $ca }} 11 | 12 | --- 13 | apiVersion: v1 14 | kind: Secret 15 | metadata: 16 | name: "{{ template "harbor.internalTLS.core.secretName" . }}" 17 | namespace: {{ .Release.Namespace | quote }} 18 | labels: 19 | {{ include "harbor.labels" . | indent 4 }} 20 | type: kubernetes.io/tls 21 | data: 22 | ca.crt: {{ $ca.Cert | b64enc | quote }} 23 | tls.crt: {{ $coreCrt.Cert | b64enc | quote }} 24 | tls.key: {{ $coreCrt.Key | b64enc | quote }} 25 | 26 | --- 27 | apiVersion: v1 28 | kind: Secret 29 | metadata: 30 | name: "{{ template "harbor.internalTLS.jobservice.secretName" . }}" 31 | namespace: {{ .Release.Namespace | quote }} 32 | labels: 33 | {{ include "harbor.labels" . | indent 4 }} 34 | type: kubernetes.io/tls 35 | data: 36 | ca.crt: {{ $ca.Cert | b64enc | quote }} 37 | tls.crt: {{ $jsCrt.Cert | b64enc | quote }} 38 | tls.key: {{ $jsCrt.Key | b64enc | quote }} 39 | 40 | --- 41 | apiVersion: v1 42 | kind: Secret 43 | metadata: 44 | name: "{{ template "harbor.internalTLS.registry.secretName" . }}" 45 | namespace: {{ .Release.Namespace | quote }} 46 | labels: 47 | {{ include "harbor.labels" . | indent 4 }} 48 | type: kubernetes.io/tls 49 | data: 50 | ca.crt: {{ $ca.Cert | b64enc | quote }} 51 | tls.crt: {{ $regCrt.Cert | b64enc | quote }} 52 | tls.key: {{ $regCrt.Key | b64enc | quote }} 53 | 54 | --- 55 | apiVersion: v1 56 | kind: Secret 57 | metadata: 58 | name: "{{ template "harbor.internalTLS.portal.secretName" . }}" 59 | namespace: {{ .Release.Namespace | quote }} 60 | labels: 61 | {{ include "harbor.labels" . | indent 4 }} 62 | type: kubernetes.io/tls 63 | data: 64 | ca.crt: {{ $ca.Cert | b64enc | quote }} 65 | tls.crt: {{ $portalCrt.Cert | b64enc | quote }} 66 | tls.key: {{ $portalCrt.Key | b64enc | quote }} 67 | 68 | {{- if and .Values.trivy.enabled}} 69 | --- 70 | {{- $trivyCN := (include "harbor.trivy" .) }} 71 | {{- $trivyCrt := genSignedCert $trivyCN nil (list $trivyCN) 3650 $ca }} 72 | apiVersion: v1 73 | kind: Secret 74 | metadata: 75 | name: "{{ template "harbor.internalTLS.trivy.secretName" . }}" 76 | namespace: {{ .Release.Namespace | quote }} 77 | labels: 78 | {{ include "harbor.labels" . | indent 4 }} 79 | type: kubernetes.io/tls 80 | data: 81 | ca.crt: {{ $ca.Cert | b64enc | quote }} 82 | tls.crt: {{ $trivyCrt.Cert | b64enc | quote }} 83 | tls.key: {{ $trivyCrt.Key | b64enc | quote }} 84 | {{- end }} 85 | 86 | {{- end }} 87 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/nginx/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (eq .Values.expose.type "clusterIP") (eq .Values.expose.type "nodePort") (eq .Values.expose.type "loadBalancer") }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | {{- if eq .Values.expose.type "clusterIP" }} 6 | {{- $clusterIP := .Values.expose.clusterIP }} 7 | name: {{ $clusterIP.name }} 8 | labels: 9 | {{ include "harbor.labels" . | indent 4 }} 10 | {{- with $clusterIP.annotations }} 11 | annotations: 12 | {{- toYaml . | nindent 4 }} 13 | {{- end }} 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: http 18 | port: {{ $clusterIP.ports.httpPort }} 19 | targetPort: 8080 20 | {{- if .Values.expose.tls.enabled }} 21 | - name: https 22 | port: {{ $clusterIP.ports.httpsPort }} 23 | targetPort: 8443 24 | {{- end }} 25 | {{- if .Values.notary.enabled }} 26 | - name: notary 27 | port: {{ $clusterIP.ports.notaryPort }} 28 | targetPort: 4443 29 | {{- end }} 30 | {{- else if eq .Values.expose.type "nodePort" }} 31 | {{- $nodePort := .Values.expose.nodePort }} 32 | name: {{ $nodePort.name }} 33 | labels: 34 | {{ include "harbor.labels" . | indent 4 }} 35 | spec: 36 | type: NodePort 37 | ports: 38 | - name: http 39 | port: {{ $nodePort.ports.http.port }} 40 | targetPort: 8080 41 | {{- if $nodePort.ports.http.nodePort }} 42 | nodePort: {{ $nodePort.ports.http.nodePort }} 43 | {{- end }} 44 | {{- if .Values.expose.tls.enabled }} 45 | - name: https 46 | port: {{ $nodePort.ports.https.port }} 47 | targetPort: 8443 48 | {{- if $nodePort.ports.https.nodePort }} 49 | nodePort: {{ $nodePort.ports.https.nodePort }} 50 | {{- end }} 51 | {{- end }} 52 | {{- if .Values.notary.enabled }} 53 | - name: notary 54 | port: {{ $nodePort.ports.notary.port }} 55 | targetPort: 4443 56 | {{- if $nodePort.ports.notary.nodePort }} 57 | nodePort: {{ $nodePort.ports.notary.nodePort }} 58 | {{- end }} 59 | {{- end }} 60 | {{- else if eq .Values.expose.type "loadBalancer" }} 61 | {{- $loadBalancer := .Values.expose.loadBalancer }} 62 | name: {{ $loadBalancer.name }} 63 | labels: 64 | {{ include "harbor.labels" . | indent 4 }} 65 | {{- with $loadBalancer.annotations }} 66 | annotations: 67 | {{- toYaml . | nindent 4 }} 68 | {{- end }} 69 | spec: 70 | type: LoadBalancer 71 | {{- with $loadBalancer.sourceRanges }} 72 | loadBalancerSourceRanges: 73 | {{- toYaml . | nindent 4 }} 74 | {{- end }} 75 | {{- if $loadBalancer.IP }} 76 | loadBalancerIP: {{ $loadBalancer.IP }} 77 | {{- end }} 78 | ports: 79 | - name: http 80 | port: {{ $loadBalancer.ports.httpPort }} 81 | targetPort: 8080 82 | {{- if .Values.expose.tls.enabled }} 83 | - name: https 84 | port: {{ $loadBalancer.ports.httpsPort }} 85 | targetPort: 8443 86 | {{- end }} 87 | {{- if .Values.notary.enabled }} 88 | - name: notary 89 | port: {{ $loadBalancer.ports.notaryPort }} 90 | targetPort: 4443 91 | {{- end }} 92 | {{- end }} 93 | selector: 94 | {{ include "harbor.matchLabels" . | indent 4 }} 95 | component: nginx 96 | {{- end }} 97 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor/templates/nginx/service.yaml: -------------------------------------------------------------------------------- 1 | {{- if or (eq .Values.expose.type "clusterIP") (eq .Values.expose.type "nodePort") (eq .Values.expose.type "loadBalancer") }} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | {{- if eq .Values.expose.type "clusterIP" }} 6 | {{- $clusterIP := .Values.expose.clusterIP }} 7 | name: {{ $clusterIP.name }} 8 | namespace: {{ .Release.Namespace | quote }} 9 | labels: 10 | {{ include "harbor.labels" . | indent 4 }} 11 | {{- if .Values.expose.clusterIP.labels }} 12 | {{ toYaml $clusterIP.labels | indent 4 }} 13 | {{- end }} 14 | {{- with $clusterIP.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | type: ClusterIP 20 | {{- if .Values.expose.clusterIP.staticClusterIP }} 21 | clusterIP: {{ .Values.expose.clusterIP.staticClusterIP }} 22 | {{- end }} 23 | ports: 24 | - name: http 25 | port: {{ $clusterIP.ports.httpPort }} 26 | targetPort: 8080 27 | {{- if .Values.expose.tls.enabled }} 28 | - name: https 29 | port: {{ $clusterIP.ports.httpsPort }} 30 | targetPort: 8443 31 | {{- end }} 32 | {{- else if eq .Values.expose.type "nodePort" }} 33 | {{- $nodePort := .Values.expose.nodePort }} 34 | name: {{ $nodePort.name }} 35 | labels: 36 | {{ include "harbor.labels" . | indent 4 }} 37 | {{- if .Values.expose.nodePort.labels }} 38 | {{ toYaml $nodePort.labels | indent 4 }} 39 | {{- end }} 40 | {{- with $nodePort.annotations }} 41 | annotations: 42 | {{- toYaml . | nindent 4 }} 43 | {{- end }} 44 | spec: 45 | type: NodePort 46 | ports: 47 | - name: http 48 | port: {{ $nodePort.ports.http.port }} 49 | targetPort: 8080 50 | {{- if $nodePort.ports.http.nodePort }} 51 | nodePort: {{ $nodePort.ports.http.nodePort }} 52 | {{- end }} 53 | {{- if .Values.expose.tls.enabled }} 54 | - name: https 55 | port: {{ $nodePort.ports.https.port }} 56 | targetPort: 8443 57 | {{- if $nodePort.ports.https.nodePort }} 58 | nodePort: {{ $nodePort.ports.https.nodePort }} 59 | {{- end }} 60 | {{- end }} 61 | {{- else if eq .Values.expose.type "loadBalancer" }} 62 | {{- $loadBalancer := .Values.expose.loadBalancer }} 63 | name: {{ $loadBalancer.name }} 64 | labels: 65 | {{ include "harbor.labels" . | indent 4 }} 66 | {{- if .Values.expose.loadBalancer.labels }} 67 | {{ toYaml $loadBalancer.labels | indent 4 }} 68 | {{- end }} 69 | {{- with $loadBalancer.annotations }} 70 | annotations: 71 | {{- toYaml . | nindent 4 }} 72 | {{- end }} 73 | spec: 74 | type: LoadBalancer 75 | {{- with $loadBalancer.sourceRanges }} 76 | loadBalancerSourceRanges: 77 | {{- toYaml . | nindent 4 }} 78 | {{- end }} 79 | {{- if $loadBalancer.IP }} 80 | loadBalancerIP: {{ $loadBalancer.IP }} 81 | {{- end }} 82 | ports: 83 | - name: http 84 | port: {{ $loadBalancer.ports.httpPort }} 85 | targetPort: 8080 86 | {{- if .Values.expose.tls.enabled }} 87 | - name: https 88 | port: {{ $loadBalancer.ports.httpsPort }} 89 | targetPort: 8443 90 | {{- end }} 91 | {{- end }} 92 | selector: 93 | {{ include "harbor.matchLabels" . | indent 4 }} 94 | component: nginx 95 | {{- end }} 96 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes-ha/en-kubernetes-ha.yaml: -------------------------------------------------------------------------------- 1 | # The version of kubernetes that needs to be installed 2 | version: "v1.27.3" 3 | # The kubernete image registry settings, if not set, then use the official default image registry 4 | imageRepository: "registry.cn-hangzhou.aliyuncs.com/google_containers" 5 | # keepalived image 6 | keepalivedImage: "osixia/keepalived:release-2.1.5-dev" 7 | # nginx-lb image 8 | nginxlbImage: "nginx:1.27.0-alpine" 9 | # The virtual ip address of the highly available kubernetes cluster created using keepalived 10 | virtualIp: 192.168.0.100 11 | # Use the apiserver mapping port of the highly available kubernetes cluster mapped by nginx 12 | virtualPort: 16443 13 | # The host name of the virtual ip address mapping, please set the host name mapping in the /etc/hosts configuration file 14 | virtualHostname: k8s-vip 15 | # kubernetes container runtime socket 16 | # In the case of docker: unix:///var/run/cri-dockerd.sock 17 | # In the case of containerd: unix:///var/run/containerd/containerd.sock 18 | # In case of cri-o: unix:///var/run/crio/crio.sock 19 | criSocket: unix:///var/run/cri-dockerd.sock 20 | # The pod subnet address of the kubernetes cluster, if not set, use the default pod subnet address 21 | podSubnet: "10.244.0.0/24" 22 | # The service subnet address of the kubernetes cluster, if not set, use the default service subnet address 23 | serviceSubnet: "10.96.0.0/16" 24 | # The authentication password of keepalived, if not set then use a randomly generated password 25 | keepAlivedAuthPass: "input_your_password" 26 | # keepalived virtual_router_id settings 27 | keepAlivedVirtualRouterId: 101 28 | # The host configuration of the controlplane control plane of kubernetes, the number of highly available master nodes must be singular and at least 3 29 | masterHosts: 30 | # The host name of the master node, please set the host name mapping in the /etc/hosts configuration file 31 | - hostname: k8s-master01 32 | # The IP address of the master node 33 | ipAddress: 192.168.0.1 34 | # The name of the network card used by the master node for mutual access, used for keepalived network interface binding 35 | networkInterface: eth0 36 | # keepalived election priority, the larger the value, the higher the priority, the priority of each master node cannot be the same 37 | keepalivedPriority: 120 38 | # The host name of the master node, please set the host name mapping in the /etc/hosts configuration file 39 | - hostname: k8s-master02 40 | # The IP address of the master node 41 | ipAddress: 192.168.0.2 42 | # The name of the network card used by the master node for mutual access, used for keepalived network interface binding 43 | networkInterface: eth0 44 | # keepalived election priority, the larger the value, the higher the priority, the priority of each master node cannot be the same 45 | keepalivedPriority: 110 46 | # The host name of the master node, please set the host name mapping in the /etc/hosts configuration file 47 | - hostname: k8s-master03 48 | # The IP address of the master node 49 | ipAddress: 192.168.0.3 50 | # The name of the network card used by the master node for mutual access, used for keepalived network interface binding 51 | networkInterface: eth0 52 | # keepalived election priority, the larger the value, the higher the priority, the priority of each master node cannot be the same 53 | keepalivedPriority: 100 54 | -------------------------------------------------------------------------------- /cmd/install_print.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dory-engine/dorycli/pkg" 6 | "github.com/spf13/cobra" 7 | ) 8 | 9 | type OptionsInstallPrint struct { 10 | *OptionsCommon `yaml:"optionsCommon" json:"optionsCommon" bson:"optionsCommon" validate:""` 11 | Runtime string `yaml:"runtime" json:"runtime" bson:"runtime" validate:""` 12 | Full bool `yaml:"full" json:"full" bson:"full" validate:""` 13 | } 14 | 15 | func NewOptionsInstallPrint() *OptionsInstallPrint { 16 | var o OptionsInstallPrint 17 | o.OptionsCommon = OptCommon 18 | return &o 19 | } 20 | 21 | func NewCmdInstallPrint() *cobra.Command { 22 | o := NewOptionsInstallPrint() 23 | 24 | baseName := pkg.GetCmdBaseName() 25 | msgUse := fmt.Sprintf("print") 26 | 27 | _ = OptCommon.GetOptionsCommon() 28 | msgShort := OptCommon.TransLang("cmd_install_print_short") 29 | msgLong := OptCommon.TransLang("cmd_install_print_long") 30 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_install_print_example", baseName)) 31 | 32 | cmd := &cobra.Command{ 33 | Use: msgUse, 34 | DisableFlagsInUseLine: true, 35 | Short: msgShort, 36 | Long: msgLong, 37 | Example: msgExample, 38 | Run: func(cmd *cobra.Command, args []string) { 39 | CheckError(o.Validate(args)) 40 | CheckError(o.Run(args)) 41 | }, 42 | } 43 | cmd.Flags().StringVar(&o.Runtime, "runtime", "", OptCommon.TransLang("param_install_print_runtime")) 44 | cmd.Flags().BoolVarP(&o.Full, "full", "", false, OptCommon.TransLang("param_install_print_full")) 45 | 46 | CheckError(o.Complete(cmd)) 47 | return cmd 48 | } 49 | 50 | func (o *OptionsInstallPrint) Complete(cmd *cobra.Command) error { 51 | var err error 52 | 53 | err = o.GetOptionsCommon() 54 | if err != nil { 55 | return err 56 | } 57 | 58 | err = cmd.RegisterFlagCompletionFunc("runtime", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { 59 | return []string{"docker", "containerd", "crio"}, cobra.ShellCompDirectiveNoFileComp 60 | }) 61 | if err != nil { 62 | return err 63 | } 64 | 65 | err = cmd.MarkFlagRequired("runtime") 66 | if err != nil { 67 | return err 68 | } 69 | 70 | return err 71 | } 72 | 73 | func (o *OptionsInstallPrint) Validate(args []string) error { 74 | var err error 75 | 76 | err = o.GetOptionsCommon() 77 | if err != nil { 78 | return err 79 | } 80 | 81 | if o.Runtime != "docker" && o.Runtime != "containerd" && o.Runtime != "crio" { 82 | err = fmt.Errorf("--runtime must be docker, containerd or crio") 83 | return err 84 | } 85 | 86 | return err 87 | } 88 | 89 | // Run executes the appropriate steps to print a model's documentation 90 | func (o *OptionsInstallPrint) Run(args []string) error { 91 | var err error 92 | 93 | bs, err := pkg.FsInstallConfigs.ReadFile(fmt.Sprintf("%s/%s-install-config.yaml", pkg.DirInstallConfigs, o.Language)) 94 | if err != nil { 95 | return err 96 | } 97 | vals := map[string]interface{}{ 98 | "runtime": o.Runtime, 99 | "full": o.Full, 100 | "language": o.Language, 101 | "baseName": pkg.GetCmdBaseName(), 102 | } 103 | strInstallConfig, err := pkg.ParseTplFromVals(vals, string(bs)) 104 | if err != nil { 105 | err = fmt.Errorf("parse install config error: %s", err.Error()) 106 | return err 107 | } 108 | fmt.Println(strInstallConfig) 109 | return err 110 | } 111 | -------------------------------------------------------------------------------- /cmd/run_logs.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | "github.com/dory-engine/dorycli/pkg" 7 | "github.com/spf13/cobra" 8 | "net/http" 9 | "strings" 10 | ) 11 | 12 | type OptionsRunLog struct { 13 | *OptionsCommon `yaml:"optionsCommon" json:"optionsCommon" bson:"optionsCommon" validate:""` 14 | Param struct { 15 | RunName string `yaml:"runName" json:"runName" bson:"runName" validate:""` 16 | } 17 | } 18 | 19 | func NewOptionsRunLog() *OptionsRunLog { 20 | var o OptionsRunLog 21 | o.OptionsCommon = OptCommon 22 | return &o 23 | } 24 | 25 | func NewCmdRunLog() *cobra.Command { 26 | o := NewOptionsRunLog() 27 | 28 | baseName := pkg.GetCmdBaseName() 29 | msgUse := fmt.Sprintf("logs [runName]") 30 | 31 | _ = OptCommon.GetOptionsCommon() 32 | msgShort := OptCommon.TransLang("cmd_run_logs_short") 33 | msgLong := OptCommon.TransLang("cmd_run_logs_long") 34 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_run_logs_example", baseName)) 35 | 36 | cmd := &cobra.Command{ 37 | Use: msgUse, 38 | DisableFlagsInUseLine: true, 39 | Short: msgShort, 40 | Long: msgLong, 41 | Example: msgExample, 42 | Run: func(cmd *cobra.Command, args []string) { 43 | CheckError(o.Validate(args)) 44 | CheckError(o.Run(args)) 45 | }, 46 | } 47 | 48 | CheckError(o.Complete(cmd)) 49 | return cmd 50 | } 51 | 52 | func (o *OptionsRunLog) Complete(cmd *cobra.Command) error { 53 | var err error 54 | 55 | err = o.GetOptionsCommon() 56 | if err != nil { 57 | return err 58 | } 59 | 60 | cmd.ValidArgsFunction = func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { 61 | if len(args) == 0 { 62 | runNames, err := o.GetRunNames() 63 | if err != nil { 64 | return nil, cobra.ShellCompDirectiveNoFileComp 65 | } 66 | return runNames, cobra.ShellCompDirectiveNoFileComp 67 | } 68 | return nil, cobra.ShellCompDirectiveNoFileComp 69 | } 70 | 71 | return err 72 | } 73 | 74 | func (o *OptionsRunLog) Validate(args []string) error { 75 | var err error 76 | 77 | err = o.GetOptionsCommon() 78 | if err != nil { 79 | return err 80 | } 81 | 82 | if len(args) != 1 { 83 | err = fmt.Errorf("runName error: only accept one runName") 84 | return err 85 | } 86 | 87 | s := args[0] 88 | s = strings.Trim(s, " ") 89 | err = pkg.ValidateRunName(s) 90 | if err != nil { 91 | err = fmt.Errorf("runName error: %s", err.Error()) 92 | return err 93 | } 94 | o.Param.RunName = s 95 | return err 96 | } 97 | 98 | func (o *OptionsRunLog) Run(args []string) error { 99 | var err error 100 | 101 | bs, _ := pkg.YamlIndent(o) 102 | log.Debug(fmt.Sprintf("command options:\n%s", string(bs))) 103 | 104 | param := map[string]interface{}{} 105 | result, _, err := o.QueryAPI(fmt.Sprintf("api/cicd/run/%s", o.Param.RunName), http.MethodGet, "", param, false) 106 | if err != nil { 107 | return err 108 | } 109 | run := pkg.Run{} 110 | err = json.Unmarshal([]byte(result.Get("data.run").Raw), &run) 111 | if err != nil { 112 | return err 113 | } 114 | 115 | if run.RunName == "" { 116 | err = fmt.Errorf("runName %s not exists", o.Param.RunName) 117 | return err 118 | } 119 | 120 | url := fmt.Sprintf("api/ws/log/run/%s", o.Param.RunName) 121 | err = o.QueryWebsocket(url, o.Param.RunName) 122 | if err != nil { 123 | return err 124 | } 125 | 126 | return err 127 | } 128 | -------------------------------------------------------------------------------- /pkg/install_scripts/zh-README-1-config.md: -------------------------------------------------------------------------------- 1 | # 如何访问dory 2 | 3 | ## 如何访问dory以及相关组件的文件 4 | 5 | - dory以及相关组件的文件位于kubernetes中部署的 `project-data-pod` 容器中的 `/project-data/` 目录 6 | 7 | ```shell script 8 | # 执行以下命令进入project-data-pod,可以查看dory的配置文件 9 | kubectl -n {{ $.dory.namespace }} exec -ti project-data-pod-0 -- ash 10 | cd /project-data 11 | ``` 12 | 13 | ## trivy镜像扫描漏洞库更新 14 | 15 | - 如果需要启用镜像扫描功能,请执行trivy漏洞库更新 16 | 17 | ```shell script 18 | # 下载trivy漏洞库 19 | {{ $.cmdRun }} --rm -v $PWD/trivy:/root/.cache/trivy aquasec/trivy:0.37.2 image --download-db-only 20 | {{ $.cmdRun }} --rm -v $PWD/trivy:/root/.cache/trivy aquasec/trivy:0.37.2 image --download-java-db-only 21 | 22 | # 把trivy漏洞库上传到kubernetes共享存储 23 | kubectl -n {{ $.dory.namespace }} cp trivy project-data-pod-0:/project-data/{{ $.dory.namespace }}/dory-engine/dory-data/ 24 | kubectl -n {{ $.dory.namespace }} exec project-data-pod-0 -- chown -R 1000:1000 /project-data/{{ $.dory.namespace }}/dory-engine/dory-data/trivy 25 | ``` 26 | 27 | ## 访问各个dory服务 28 | 29 | ### dory-engine 管理界面 30 | 31 | - url: {{ $.viewURL }}:{{ $.dory.doryengine.port }} 32 | - 管理员用户: {{ $.account.adminUser.username }} 33 | - 管理员账号密码存放在: `/project-data/{{ $.dory.namespace }}/dory-engine/dory-data/admin.password` 34 | - dory-engine数据和配置存放在: `/project-data/{{ $.dory.namespace }}/dory-engine` 35 | - dory-engine配置文件存放在: `/project-data/{{ $.dory.namespace }}/dory-engine/config/config.yaml` 36 | 37 | {{- if $.imageRepoInternal }} 38 | 39 | ### {{ $.dory.imageRepo.type }} 容器镜像仓库 40 | 41 | - url: https://{{ $.imageRepoDomainName }} 42 | - 管理员账号: admin / {{ $.imageRepoPassword }} 43 | - 数据存放在: `/project-data/{{ $.dory.imageRepo.internal.namespace }}` 44 | {{- end }} 45 | 46 | {{- if $.gitRepoInternal }} 47 | 48 | ### {{ $.dory.gitRepo.type }} 代码仓库 49 | 50 | - url: {{ $.viewURL }}:{{ $.dory.gitRepo.internal.port }} 51 | - 管理员账号: root / {{ $.gitRepoPassword }} 52 | - 数据存放在: `/project-data/{{ $.dory.namespace }}/{{ $.dory.gitRepo.type }}` 53 | {{- end }} 54 | 55 | {{- if $.artifactRepoInternal }} 56 | 57 | ### {{ $.dory.artifactRepo.type }} 依赖与制品仓库 58 | 59 | - url: {{ $.artifactRepoViewUrl }} 60 | - 管理员账号: admin / {{ $.artifactRepoPassword }} 61 | - 公共用户账号: {{ $.artifactRepoPublicUser }} / {{ $.artifactRepoPublicPassword }} 62 | - docker.io镜像代理地址: {{ $.artifactRepoIp }}:{{ $.artifactRepoPortHub }} 63 | - gcr.io镜像代理地址: {{ $.artifactRepoIp }}:{{ $.artifactRepoPortGcr }} 64 | - quay.io镜像代理地址: {{ $.artifactRepoIp }}:{{ $.artifactRepoPortQuay }} 65 | 66 | - 数据存放在: `/project-data/{{ $.dory.namespace }}/{{ $.dory.artifactRepo.type }}` 67 | {{- end }} 68 | 69 | {{- if $.scanCodeRepoInternal }} 70 | 71 | ### {{ $.dory.scanCodeRepo.type }} 代码扫描仓库 72 | 73 | - url: {{ $.scanCodeRepoViewUrl }} 74 | - 管理员账号: admin / {{ $.scanCodeRepoPassword }} 75 | {{- end }} 76 | 77 | ### openldap 账号管理中心 78 | 79 | - url: {{ $.viewURL | replace "http://" "https://" }}:{{ $.dory.openldap.port }} 80 | - 管理员用户: cn=admin,{{ $.dory.openldap.baseDN }} / {{ $.dory.openldap.password }} 81 | 82 | {{- if $.demoDatabaseInternal }} 83 | 84 | ### 项目演示数据库 85 | 86 | - jdbc 连接 url: {{ $.demoDatabaseUrl }} 87 | - 用户: {{ $.demoDatabaseUsername }} / {{ $.demoDatabasePassword }} 88 | {{- end }} 89 | 90 | {{- if $.demoHostInternal }} 91 | 92 | ### 项目演示ssh主机 93 | 94 | - ssh 命令: `ssh -p {{ $.demoHostPort }} root@{{ $.demoHostAddr }}` 95 | - 密码: {{ $.demoHostPassword }} 96 | - 演示ssh主机暴露的web服务 url: http://{{ $.demoHostAddr }}:{{ $.demoHostNodePortWeb }} 97 | {{- end }} 98 | 99 | ### 注意,本目录非常重要,建议保留 100 | -------------------------------------------------------------------------------- /CHANGELOGS/CHANGELOG-v1.7.0.md: -------------------------------------------------------------------------------- 1 | # dorycli changelog v1.7.0 2 | 3 | **新特性:** 4 | 5 | - dorycli console get 命令去掉 --items 参数,改为使用args 6 | - dorycli console delete 命令去掉 --items 参数,改为使用args 7 | - dorycli install 命令安装dory,新增以下构建环境: maven-jdk12 gradle-jdk12 8 | - dorycli install 命令安装harbor,harbor证书从365天改为3650天 9 | - dorycli admin get 命令支持 --filter 参数 10 | - dorycli admin get 命令 支持 --name 参数,只显示名字 11 | - dorycli install pull 命令不执行tag镜像操作,仅pull必需的镜像 12 | - dorycli install script 命令自动输出自动配置nexus的脚本 13 | - dorycli install script 命令自动输出自动配置gitlab或者gitea的脚本 14 | - dorycli install script 命令自动输出自动配置sonarqube的脚本 15 | - dorycli install script 命令自动输出自动配置harbor的脚本 16 | - dorycli install 命令安装dory支持使用csi共享存储 17 | - dorycli install pull 命令可以自动拉取harbor需要的镜像 18 | - dorycli install 命令安装dory无需mount共享存储,自动通过kubectl cp命令把安装的初始化文件发送到共享存储 19 | - dorycli install 命令升级 harbor 版本为 v2.13.1 20 | - dorycli install 命令升级 gitea 版本为 1.24.3 21 | - dorycli install 命令升级 gitlab 版本为 17.11.6-ce.0 22 | - dorycli install 命令升级 nexus 版本为 3.82.0 23 | - dorycli install 命令升级 sonarqube 版本为 10.1.0-community 24 | 25 | - dory-engine 环境组件支持job和cronjob方式进行部署 26 | - dory-engine 环境组件支持部署configmaps和secrets到kubernetes集群 27 | - dory-engine 一个kubernetes集群,支持通过不同的namespace部署多个不同的dory-engine实例 28 | - dory-engine checkDeploy步骤无论成功还是失败,都显示部署的event事件 29 | - dory-engine 环境管理支持使用insecure方式连接kubernetes集群 30 | - dory-engine scanImage步骤设置的时候,漏洞数量设置为-1表示不检测漏洞数量 31 | - dory-engine packageImage步骤在推送镜像的时候,可以显示build context上传到docker daemon的进度 32 | - dory-engine 开通项目的时候自动开通项目的npm以及pypi项目依赖库 33 | - dory-engine 升级所有go mod依赖库为最新版本,提升稳定性 34 | - dory-engine 控制台环境信息可以显示kubernetes环境的节点信息 35 | - dory-engine kubernetes环境支持使用csi共享存储,内置支持csi-cephfs以及csi-nfs共享存储 36 | - dory-engine kubernetes环境支持设置自定义csi的pv/pvc模板 37 | - dory-engine 项目开通的时候,可以设置项目的harbor空间配额 38 | - dory-engine 项目开通的时候,可以设置不允许使用那些名字作为项目的projectName 39 | - dory-engine 项目开通的时候,可以设置检测对应的projectName是否在环境中已经存在对应的namespace,如果namespace存在那么不允许创建项目 40 | - dory-engine 优化运行日志中表格的显示方式 41 | - dory-engine gitPull、artifact步骤支持设置超时时间,超时可以直接终止流水线 42 | - dory-engine 步骤支持设置超时时间,超时可以直接终止流水线 43 | - dory-engine 流水线点击终止按钮,无论执行到哪个步骤,都可以即时终止流水线 44 | - dory-engine 流水线执行结束后,执行日志写入到文件中,不再从redis读取流水线执行日志 45 | - dory-engine 控制台的异步操作执行结束后,审计日志写入到文件中,不再从redis读取审计日志,大幅节约redis内存消耗 46 | - dory-engine getRunSettings步骤支持设置是否在日志的表格中显示所有步骤概要 47 | - dory-engine gitPull步骤进行git pull或者git clone的时候,步骤执行日志可以正常处理\r换行问题 48 | - dory-engine 调试容器更新为 doryengine/debian-vnc-ssh,支持web方式访问vnc图形界面 49 | 50 | - dory-console 开发空间和控制台项目列表页支持按照projectDesc搜索 51 | - dory-console 环境组件以及调试组件页面的pod信息可以链接到kubernetes-dashboard查看pod信息 52 | - dory-console deploy / checkDeloy / undo / syncImage 步骤执行记录的pod信息可以链接到kubernetes-dashboard查看pod信息 53 | - dory-console 开发空间和控制台项目列表页项目团队支持下拉选择 54 | 55 | **功能弃用:** 56 | 57 | - dory-engine 移除kubernetes环境的glusterfs和rbd持久化存储的支持 58 | - dorycli install 移除 run 命令 59 | - dorycli install 移除 docker 模式的支持,仅支持把dory部署到kubernetes集群中 60 | 61 | **问题修复:** 62 | 63 | - dory-engine 修复程序异常: update runs not finish and not running error 64 | - dory-engine 修复假如kubernetes环境无法访问的情况下,界面会出现卡死的问题 65 | - dory-engine 修复假如kubernetes环境无法访问的情况下,无法删除环境的问题 66 | - dory-engine 修复自定义步骤实际执行失败的情况下,步骤执行记录依然显示成功的问题 67 | - dory-engine 项目定义假如没有修改,不再提示no change错误 68 | - dory-engine checkDeploy步骤执行kubectl logs和kubectl describe执行异常情况下,不会结束步骤执行 69 | - dory-engine 修复在项目控制台更新token的之后,没有使用最新的token更新kubernets环境中的项目secret配置的问题 70 | - dory-engine 修复调试容器的proxy代理configmap的解析问题 71 | - dory-engine 修复新增arm架构的kubernetes环境的时候,project-data-pod创建异常问题 72 | - dory-engine 修复gitPull步骤过程中获取git diff处理逻辑会出现卡死的问题 73 | - dory-engine 优化程序性能,getRunSettings 步骤执行时间从10秒下降到毫秒级 74 | - dory-engine 优化程序性能,获取运行列表性能优化 75 | - dory-engine 优化程序性能,查看容器部署定义生成的yaml接口执行时间从32秒下降到0.5秒 76 | - dory-engine 优化程序性能,查看项目定义的历史记录 77 | - dory-engine 优化程序性能,优化gitPull步骤过程中获取git diff处理逻辑,提升执行速度 78 | 79 | - dory-console 修复开发空间页面点击搜索后,流水线定义的保存按钮更新的目标项目不正确的问题 80 | - dory-console 修复环境管理页面无法进行分页的问题 81 | - dory-console 修复commit提交记录页面修改每页显示多少记录操作无效的问题 82 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/portal/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: "{{ template "harbor.portal" . }}" 5 | labels: 6 | {{ include "harbor.labels" . | indent 4 }} 7 | component: portal 8 | spec: 9 | replicas: {{ .Values.portal.replicas }} 10 | revisionHistoryLimit: {{ .Values.portal.revisionHistoryLimit }} 11 | selector: 12 | matchLabels: 13 | {{ include "harbor.matchLabels" . | indent 6 }} 14 | component: portal 15 | template: 16 | metadata: 17 | labels: 18 | {{ include "harbor.matchLabels" . | indent 8 }} 19 | component: portal 20 | annotations: 21 | {{- if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "auto") }} 22 | checksum/tls: {{ include (print $.Template.BasePath "/internal/auto-tls.yaml") . | sha256sum }} 23 | {{- else if and .Values.internalTLS.enabled (eq .Values.internalTLS.certSource "manual") }} 24 | checksum/tls: {{ include (print $.Template.BasePath "/portal/tls.yaml") . | sha256sum }} 25 | {{- end }} 26 | checksum/configmap: {{ include (print $.Template.BasePath "/portal/configmap.yaml") . | sha256sum }} 27 | {{- if .Values.portal.podAnnotations }} 28 | {{ toYaml .Values.portal.podAnnotations | indent 8 }} 29 | {{- end }} 30 | spec: 31 | securityContext: 32 | runAsUser: 10000 33 | fsGroup: 10000 34 | {{- with .Values.imagePullSecrets }} 35 | imagePullSecrets: 36 | {{- toYaml . | nindent 8 }} 37 | {{- end }} 38 | {{- if .Values.portal.serviceAccountName }} 39 | serviceAccountName: {{ .Values.portal.serviceAccountName }} 40 | {{- end }} 41 | automountServiceAccountToken: {{ .Values.portal.automountServiceAccountToken | default false }} 42 | containers: 43 | - name: portal 44 | image: {{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }} 45 | imagePullPolicy: {{ .Values.imagePullPolicy }} 46 | {{- if .Values.portal.resources }} 47 | resources: 48 | {{ toYaml .Values.portal.resources | indent 10 }} 49 | {{- end }} 50 | livenessProbe: 51 | httpGet: 52 | path: / 53 | scheme: {{ include "harbor.component.scheme" . | upper }} 54 | port: {{ template "harbor.portal.containerPort" . }} 55 | initialDelaySeconds: 300 56 | periodSeconds: 10 57 | readinessProbe: 58 | httpGet: 59 | path: / 60 | scheme: {{ include "harbor.component.scheme" . | upper }} 61 | port: {{ template "harbor.portal.containerPort" . }} 62 | initialDelaySeconds: 1 63 | periodSeconds: 10 64 | ports: 65 | - containerPort: {{ template "harbor.portal.containerPort" . }} 66 | volumeMounts: 67 | - name: portal-config 68 | mountPath: /etc/nginx/nginx.conf 69 | subPath: nginx.conf 70 | {{- if .Values.internalTLS.enabled }} 71 | - name: portal-internal-certs 72 | mountPath: /etc/harbor/ssl/portal 73 | {{- end }} 74 | volumes: 75 | - name: portal-config 76 | configMap: 77 | name: "{{ template "harbor.portal" . }}" 78 | {{- if .Values.internalTLS.enabled }} 79 | - name: portal-internal-certs 80 | secret: 81 | secretName: {{ template "harbor.internalTLS.portal.secretName" . }} 82 | {{- end }} 83 | {{- with .Values.portal.nodeSelector }} 84 | nodeSelector: 85 | {{ toYaml . | indent 8 }} 86 | {{- end }} 87 | {{- with .Values.portal.affinity }} 88 | affinity: 89 | {{ toYaml . | indent 8 }} 90 | {{- end }} 91 | {{- with .Values.portal.tolerations }} 92 | tolerations: 93 | {{ toYaml . | indent 8 }} 94 | {{- end }} 95 | {{- if .Values.portal.priorityClassName }} 96 | priorityClassName: {{ .Values.portal.priorityClassName }} 97 | {{- end }} 98 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/redis/statefulset.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq .Values.redis.type "internal" -}} 2 | {{- $redis := .Values.persistence.persistentVolumeClaim.redis -}} 3 | apiVersion: apps/v1 4 | kind: StatefulSet 5 | metadata: 6 | name: {{ template "harbor.redis" . }} 7 | labels: 8 | {{ include "harbor.labels" . | indent 4 }} 9 | component: redis 10 | spec: 11 | replicas: 1 12 | serviceName: {{ template "harbor.redis" . }} 13 | selector: 14 | matchLabels: 15 | {{ include "harbor.matchLabels" . | indent 6 }} 16 | component: redis 17 | template: 18 | metadata: 19 | labels: 20 | {{ include "harbor.labels" . | indent 8 }} 21 | component: redis 22 | {{- if .Values.redis.podAnnotations }} 23 | annotations: 24 | {{ toYaml .Values.redis.podAnnotations | indent 8 }} 25 | {{- end }} 26 | spec: 27 | securityContext: 28 | runAsUser: 999 29 | fsGroup: 999 30 | {{- if .Values.redis.internal.serviceAccountName }} 31 | serviceAccountName: {{ .Values.redis.internal.serviceAccountName }} 32 | {{- end -}} 33 | {{- with .Values.imagePullSecrets }} 34 | imagePullSecrets: 35 | {{- toYaml . | nindent 8 }} 36 | {{- end }} 37 | automountServiceAccountToken: {{ .Values.redis.internal.automountServiceAccountToken | default false }} 38 | terminationGracePeriodSeconds: 120 39 | containers: 40 | - name: redis 41 | image: {{ .Values.redis.internal.image.repository }}:{{ .Values.redis.internal.image.tag }} 42 | imagePullPolicy: {{ .Values.imagePullPolicy }} 43 | livenessProbe: 44 | tcpSocket: 45 | port: 6379 46 | initialDelaySeconds: 300 47 | periodSeconds: 10 48 | readinessProbe: 49 | tcpSocket: 50 | port: 6379 51 | initialDelaySeconds: 1 52 | periodSeconds: 10 53 | {{- if .Values.redis.internal.resources }} 54 | resources: 55 | {{ toYaml .Values.redis.internal.resources | indent 10 }} 56 | {{- end }} 57 | volumeMounts: 58 | - name: data 59 | mountPath: /var/lib/redis 60 | subPath: {{ $redis.subPath }} 61 | {{- if not .Values.persistence.enabled }} 62 | volumes: 63 | - name: data 64 | emptyDir: {} 65 | {{- else if $redis.existingClaim }} 66 | volumes: 67 | - name: data 68 | persistentVolumeClaim: 69 | claimName: {{ $redis.existingClaim }} 70 | {{- end -}} 71 | {{- with .Values.redis.internal.nodeSelector }} 72 | nodeSelector: 73 | {{ toYaml . | indent 8 }} 74 | {{- end }} 75 | {{- with .Values.redis.internal.affinity }} 76 | affinity: 77 | {{ toYaml . | indent 8 }} 78 | {{- end }} 79 | {{- with .Values.redis.internal.tolerations }} 80 | tolerations: 81 | {{ toYaml . | indent 8 }} 82 | {{- end }} 83 | {{- if .Values.redis.internal.priorityClassName }} 84 | priorityClassName: {{ .Values.redis.internal.priorityClassName }} 85 | {{- end }} 86 | {{- if and .Values.persistence.enabled (not $redis.existingClaim) }} 87 | volumeClaimTemplates: 88 | - metadata: 89 | name: data 90 | labels: 91 | {{ include "harbor.labels" . | indent 8 }} 92 | annotations: 93 | {{- range $key, $value := $redis.annotations }} 94 | {{ $key }}: {{ $value | quote }} 95 | {{- end }} 96 | spec: 97 | accessModes: [{{ $redis.accessMode | quote }}] 98 | {{- if $redis.storageClass }} 99 | {{- if (eq "-" $redis.storageClass) }} 100 | storageClassName: "" 101 | {{- else }} 102 | storageClassName: "{{ $redis.storageClass }}" 103 | {{- end }} 104 | {{- end }} 105 | resources: 106 | requests: 107 | storage: {{ $redis.size | quote }} 108 | {{- end -}} 109 | {{- end -}} 110 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/notary/notary-signer.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.notary.enabled }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ template "harbor.notary-signer" . }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | component: notary-signer 9 | spec: 10 | replicas: {{ .Values.notary.signer.replicas }} 11 | selector: 12 | matchLabels: 13 | {{ include "harbor.matchLabels" . | indent 6 }} 14 | component: notary-signer 15 | template: 16 | metadata: 17 | labels: 18 | {{ include "harbor.labels" . | indent 8 }} 19 | component: notary-signer 20 | annotations: 21 | checksum/secret: {{ include (print $.Template.BasePath "/notary/notary-secret.yaml") . | sha256sum }} 22 | {{- if .Values.notary.signer.podAnnotations }} 23 | {{ toYaml .Values.notary.signer.podAnnotations | indent 8 }} 24 | {{- end }} 25 | spec: 26 | securityContext: 27 | runAsUser: 10000 28 | fsGroup: 10000 29 | {{- if .Values.notary.signer.serviceAccountName }} 30 | serviceAccountName: {{ .Values.notary.signer.serviceAccountName }} 31 | {{- end -}} 32 | {{- with .Values.imagePullSecrets }} 33 | imagePullSecrets: 34 | {{- toYaml . | nindent 8 }} 35 | {{- end }} 36 | automountServiceAccountToken: {{ .Values.notary.signer.automountServiceAccountToken | default false }} 37 | containers: 38 | - name: notary-signer 39 | image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }} 40 | imagePullPolicy: {{ .Values.imagePullPolicy }} 41 | livenessProbe: 42 | httpGet: 43 | path: / 44 | scheme: "HTTPS" 45 | port: 7899 46 | initialDelaySeconds: 300 47 | periodSeconds: 10 48 | readinessProbe: 49 | httpGet: 50 | path: / 51 | scheme: "HTTPS" 52 | port: 7899 53 | initialDelaySeconds: 20 54 | periodSeconds: 10 55 | {{- if .Values.notary.signer.resources }} 56 | resources: 57 | {{ toYaml .Values.notary.signer.resources | indent 10 }} 58 | {{- end }} 59 | env: 60 | - name: MIGRATIONS_PATH 61 | value: migrations/signer/postgresql 62 | - name: DB_URL 63 | valueFrom: 64 | secretKeyRef: 65 | name: {{ template "harbor.notary-server" . }} 66 | key: NOTARY_SIGNER_DB_URL 67 | - name: NOTARY_SIGNER_DEFAULTALIAS 68 | value: defaultalias 69 | volumeMounts: 70 | - name: config 71 | mountPath: /etc/notary/signer-config.postgres.json 72 | subPath: signer.json 73 | - name: signer-certificate 74 | mountPath: /etc/ssl/notary/tls.crt 75 | subPath: tls.crt 76 | - name: signer-certificate 77 | mountPath: /etc/ssl/notary/tls.key 78 | subPath: tls.key 79 | volumes: 80 | - name: config 81 | secret: 82 | secretName: "{{ template "harbor.notary-server" . }}" 83 | - name: signer-certificate 84 | secret: 85 | {{- if .Values.notary.secretName }} 86 | secretName: {{ .Values.notary.secretName }} 87 | {{- else }} 88 | secretName: {{ template "harbor.notary-server" . }} 89 | {{- end }} 90 | {{- with .Values.notary.signer.nodeSelector }} 91 | nodeSelector: 92 | {{ toYaml . | indent 8 }} 93 | {{- end }} 94 | {{- with .Values.notary.signer.affinity }} 95 | affinity: 96 | {{ toYaml . | indent 8 }} 97 | {{- end }} 98 | {{- with .Values.notary.signer.tolerations }} 99 | tolerations: 100 | {{ toYaml . | indent 8 }} 101 | {{- end }} 102 | {{- if .Values.notary.signer.priorityClassName }} 103 | priorityClassName: {{ .Values.notary.signer.priorityClassName }} 104 | {{- end }} 105 | {{ end }} 106 | -------------------------------------------------------------------------------- /cmd/run_abort.go: -------------------------------------------------------------------------------- 1 | package cmd 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | "github.com/dory-engine/dorycli/pkg" 7 | "github.com/spf13/cobra" 8 | "net/http" 9 | "strings" 10 | ) 11 | 12 | type OptionsRunAbort struct { 13 | *OptionsCommon `yaml:"optionsCommon" json:"optionsCommon" bson:"optionsCommon" validate:""` 14 | Log bool `yaml:"log" json:"log" bson:"log" validate:""` 15 | Param struct { 16 | RunName string `yaml:"runName" json:"runName" bson:"runName" validate:""` 17 | } 18 | } 19 | 20 | func NewOptionsRunAbort() *OptionsRunAbort { 21 | var o OptionsRunAbort 22 | o.OptionsCommon = OptCommon 23 | return &o 24 | } 25 | 26 | func NewCmdRunAbort() *cobra.Command { 27 | o := NewOptionsRunAbort() 28 | 29 | baseName := pkg.GetCmdBaseName() 30 | msgUse := fmt.Sprintf("abort [runName]") 31 | 32 | _ = OptCommon.GetOptionsCommon() 33 | msgShort := OptCommon.TransLang("cmd_run_abort_short") 34 | msgLong := OptCommon.TransLang("cmd_run_abort_long") 35 | msgExample := pkg.Indent(OptCommon.TransLang("cmd_run_abort_example", baseName)) 36 | 37 | cmd := &cobra.Command{ 38 | Use: msgUse, 39 | DisableFlagsInUseLine: true, 40 | Short: msgShort, 41 | Long: msgLong, 42 | Example: msgExample, 43 | Run: func(cmd *cobra.Command, args []string) { 44 | CheckError(o.Validate(args)) 45 | CheckError(o.Run(args)) 46 | }, 47 | } 48 | cmd.Flags().BoolVarP(&o.Log, "logs", "l", false, OptCommon.TransLang("param_run_abort_logs")) 49 | 50 | CheckError(o.Complete(cmd)) 51 | return cmd 52 | } 53 | 54 | func (o *OptionsRunAbort) Complete(cmd *cobra.Command) error { 55 | var err error 56 | 57 | err = o.GetOptionsCommon() 58 | if err != nil { 59 | return err 60 | } 61 | 62 | cmd.ValidArgsFunction = func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { 63 | if len(args) == 0 { 64 | runNames, err := o.GetRunNames() 65 | if err != nil { 66 | return nil, cobra.ShellCompDirectiveNoFileComp 67 | } 68 | return runNames, cobra.ShellCompDirectiveNoFileComp 69 | } 70 | return nil, cobra.ShellCompDirectiveNoFileComp 71 | } 72 | 73 | return err 74 | } 75 | 76 | func (o *OptionsRunAbort) Validate(args []string) error { 77 | var err error 78 | 79 | err = o.GetOptionsCommon() 80 | if err != nil { 81 | return err 82 | } 83 | 84 | if len(args) != 1 { 85 | err = fmt.Errorf("runName error: only accept one runName") 86 | return err 87 | } 88 | 89 | s := args[0] 90 | s = strings.Trim(s, " ") 91 | err = pkg.ValidateRunName(s) 92 | if err != nil { 93 | err = fmt.Errorf("runName error: %s", err.Error()) 94 | return err 95 | } 96 | o.Param.RunName = s 97 | return err 98 | } 99 | 100 | func (o *OptionsRunAbort) Run(args []string) error { 101 | var err error 102 | 103 | bs, _ := pkg.YamlIndent(o) 104 | log.Debug(fmt.Sprintf("command options:\n%s", string(bs))) 105 | 106 | param := map[string]interface{}{} 107 | result, _, err := o.QueryAPI(fmt.Sprintf("api/cicd/run/%s", o.Param.RunName), http.MethodGet, "", param, false) 108 | if err != nil { 109 | return err 110 | } 111 | run := pkg.Run{} 112 | err = json.Unmarshal([]byte(result.Get("data.run").Raw), &run) 113 | if err != nil { 114 | return err 115 | } 116 | 117 | if run.RunName == "" { 118 | err = fmt.Errorf("runName %s not exists", o.Param.RunName) 119 | return err 120 | } 121 | if run.Status.Duration != "" { 122 | err = fmt.Errorf("runName %s already stop, status: %s", o.Param.RunName, run.Status.Result) 123 | return err 124 | } 125 | 126 | result, _, err = o.QueryAPI(fmt.Sprintf("api/cicd/run/%s", o.Param.RunName), http.MethodPatch, "", param, false) 127 | if err != nil { 128 | return err 129 | } 130 | log.Success(result.Get("msg").String()) 131 | 132 | if o.Log { 133 | url := fmt.Sprintf("api/ws/log/run/%s", o.Param.RunName) 134 | err = o.QueryWebsocket(url, o.Param.RunName) 135 | if err != nil { 136 | return err 137 | } 138 | } 139 | 140 | return err 141 | } 142 | -------------------------------------------------------------------------------- /pkg/install_scripts/zh-README-0-install.md: -------------------------------------------------------------------------------- 1 | # 以kubernetes方式部署dory 2 | 3 | ## 概要 4 | 5 | 1. 请根据 `README-0-install.md` 的说明手工安装dory 6 | 2. 请根据 `README-1-config.md` 的说明在完成安装后访问dory 7 | 3. 假如安装失败,请根据 `README-2-reset.md` 的说明停止所有dory服务并重新安装 8 | 9 | {{ if eq $.dory.imageRepo.type "harbor" }} 10 | ## 把harbor镜像复制到kubernetes所有节点 11 | 12 | 1. 请在所有kubernetes节点上手工加载以下镜像: 13 | - {{ $.imageRepoDomainName }}/public/alpine:3.17.2-dory 14 | 15 | {{ if $.dory.imageRepo.internal.version }} 16 | 2. 请在所有kubernetes节点上手工加载以下harbor镜像: 17 | - goharbor/harbor-core:{{ $.dory.imageRepo.internal.version }} 18 | - goharbor/harbor-db:{{ $.dory.imageRepo.internal.version }} 19 | - goharbor/harbor-jobservice:{{ $.dory.imageRepo.internal.version }} 20 | - goharbor/harbor-portal:{{ $.dory.imageRepo.internal.version }} 21 | - goharbor/harbor-registryctl:{{ $.dory.imageRepo.internal.version }} 22 | - goharbor/redis-photon:{{ $.dory.imageRepo.internal.version }} 23 | - goharbor/registry-photon:{{ $.dory.imageRepo.internal.version }} 24 | {{- end }} 25 | {{- end }} 26 | 27 | - 请保证 {{ $.kubernetes.pvType }} 中目录 {{ $.kubernetes.pvPath }} 已经存在,否则project-data-pod会无法启动 28 | 29 | ## == 创建dory组件相关文件并复制到kubernetes的共享存储,以及在kubernetes创建相关部署 30 | 31 | ```shell script 32 | sh create-dory-files.sh 33 | ``` 34 | 35 | {{ if eq $.dory.imageRepo.type "harbor" }} 36 | ## == {{ $.dory.imageRepo.type }} 初始化配置 37 | 38 | ```shell script 39 | {{ $certPath := "" }}{{- if eq $.kubernetes.runtime "docker" }}{{ $certPath = "/etc/docker" }}{{- else if eq $.kubernetes.runtime "containerd" }}{{ $certPath = "/etc/containerd" }}{{- else if eq $.kubernetes.runtime "crio" }}{{ $certPath = "/etc/containers" }}{{- end }} 40 | {{- if $.imageRepoInternal }} 41 | # 把{{ $.dory.imageRepo.type }}服务器({{ $.imageRepoIp }})上的证书复制到所有kubernetes节点的 {{ $certPath }}/certs.d/{{ $.imageRepoDomainName }} 目录 42 | scp -r {{ $certPath }}/certs.d root@${KUBERNETES_HOST}:{{ $certPath }}/ 43 | {{- else }} 44 | # 把{{ $.dory.imageRepo.type }}服务器({{ $.imageRepoIp }})上的证书复制到所有kubernetes节点的 {{ $certPath }}/certs.d/{{ $.imageRepoDomainName }} 目录 45 | # 证书文件包括: ca.crt, {{ $.imageRepoDomainName }}.cert, {{ $.imageRepoDomainName }}.key 46 | {{- end }} 47 | 48 | {{- if eq $.kubernetes.runtime "containerd" }} 49 | 50 | # 设置所有kubernetes节点的containerd的证书路径 51 | vi /etc/containerd/config.toml 52 | # 寻找以下路径 53 | [plugins."io.containerd.grpc.v1.cri".registry.configs] 54 | ... 55 | # 添加ca.crt的证书路径 56 | [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ $.imageRepoDomainName }}".tls] 57 | ca_file = "/etc/containerd/certs.d/{{ $.imageRepoDomainName }}/ca.crt" 58 | 59 | # 重启所有kubernetes节点的containerd服务 60 | systemctl restart containerd 61 | {{- end }} 62 | 63 | # 在当前主机以及所有kubernetes节点主机上,把 {{ $.dory.imageRepo.type }} 的域名记录添加到 /etc/hosts 64 | vi /etc/hosts 65 | {{ $.imageRepoIp }} {{ $.imageRepoDomainName }} 66 | 67 | # 把之前拉取的容器镜像推送到 {{ $.dory.imageRepo.type }} 68 | sh push-images.sh 69 | ``` 70 | {{- end }} 71 | 72 | ## == 把dory组件部署到kubernetes中 73 | 74 | ```shell script 75 | sh deploy-dory.sh 76 | ``` 77 | 78 | {{- if and $.gitRepoInternal (eq $.dory.gitRepo.type "gitea") }} 79 | 80 | ## == 自动配置 {{ $.dory.gitRepo.type }} 81 | 82 | ```shell script 83 | {{ $.cmdRun }} --rm -ti -v $PWD:/src doryengine/python:3.11.2-alpine3.17-dory python /src/gitea-config.py 84 | ``` 85 | {{- else if and $.gitRepoInternal (eq $.dory.gitRepo.type "gitlab") }} 86 | 87 | ## == 自动配置 {{ $.dory.gitRepo.type }} 88 | 89 | ```shell script 90 | sh gitlab-config.sh 91 | ``` 92 | {{- end }} 93 | 94 | {{- if $.artifactRepoInternal }} 95 | 96 | ## == 自动配置 {{ $.dory.artifactRepo.type }} 97 | 98 | ```shell script 99 | sh nexus-config.sh 100 | ``` 101 | {{- end }} 102 | 103 | {{- if $.scanCodeRepoInternal }} 104 | 105 | ## == 自动配置 {{ $.dory.scanCodeRepo.type }} 106 | 107 | ```shell script 108 | sh sonarqube-config.sh 109 | ``` 110 | {{- end }} 111 | 112 | ## == 重启 dory-engine 和 dory-console 服务 113 | 114 | ```shell script 115 | sh restart-dory.sh 116 | ``` 117 | 118 | ## 访问dory 119 | 120 | - 请根据 `README-1-config.md` 的说明在完成安装后访问dory 121 | -------------------------------------------------------------------------------- /pkg/install_scripts/kubernetes/harbor-v2.8.4/templates/nginx/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if ne .Values.expose.type "ingress" }} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ template "harbor.nginx" . }} 6 | labels: 7 | {{ include "harbor.labels" . | indent 4 }} 8 | component: nginx 9 | spec: 10 | replicas: {{ .Values.nginx.replicas }} 11 | revisionHistoryLimit: {{ .Values.nginx.revisionHistoryLimit }} 12 | selector: 13 | matchLabels: 14 | {{ include "harbor.matchLabels" . | indent 6 }} 15 | component: nginx 16 | template: 17 | metadata: 18 | labels: 19 | {{ include "harbor.labels" . | indent 8 }} 20 | component: nginx 21 | annotations: 22 | {{- if not .Values.expose.tls.enabled }} 23 | checksum/configmap: {{ include (print $.Template.BasePath "/nginx/configmap-http.yaml") . | sha256sum }} 24 | {{- else }} 25 | checksum/configmap: {{ include (print $.Template.BasePath "/nginx/configmap-https.yaml") . | sha256sum }} 26 | {{- end }} 27 | {{- if eq (include "harbor.autoGenCertForNginx" .) "true" }} 28 | checksum/secret: {{ include (print $.Template.BasePath "/nginx/secret.yaml") . | sha256sum }} 29 | {{- end }} 30 | {{- if .Values.nginx.podAnnotations }} 31 | {{ toYaml .Values.nginx.podAnnotations | indent 8 }} 32 | {{- end }} 33 | spec: 34 | {{- if .Values.nginx.serviceAccountName }} 35 | serviceAccountName: {{ .Values.nginx.serviceAccountName }} 36 | {{- end }} 37 | securityContext: 38 | runAsUser: 10000 39 | fsGroup: 10000 40 | {{- with .Values.imagePullSecrets }} 41 | imagePullSecrets: 42 | {{- toYaml . | nindent 8 }} 43 | {{- end }} 44 | automountServiceAccountToken: {{ .Values.nginx.automountServiceAccountToken | default false }} 45 | containers: 46 | - name: nginx 47 | image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}" 48 | imagePullPolicy: "{{ .Values.imagePullPolicy }}" 49 | {{- $_ := set . "scheme" "HTTP" -}} 50 | {{- $_ := set . "port" "8080" -}} 51 | {{- if .Values.expose.tls.enabled }} 52 | {{- $_ := set . "scheme" "HTTPS" -}} 53 | {{- $_ := set . "port" "8443" -}} 54 | {{- end }} 55 | livenessProbe: 56 | httpGet: 57 | scheme: {{ .scheme }} 58 | path: / 59 | port: {{ .port }} 60 | initialDelaySeconds: 300 61 | periodSeconds: 10 62 | readinessProbe: 63 | httpGet: 64 | scheme: {{ .scheme }} 65 | path: / 66 | port: {{ .port }} 67 | initialDelaySeconds: 1 68 | periodSeconds: 10 69 | {{- if .Values.nginx.resources }} 70 | resources: 71 | {{ toYaml .Values.nginx.resources | indent 10 }} 72 | {{- end }} 73 | ports: 74 | - containerPort: 8080 75 | - containerPort: 8443 76 | - containerPort: 4443 77 | volumeMounts: 78 | - name: config 79 | mountPath: /etc/nginx/nginx.conf 80 | subPath: nginx.conf 81 | {{- if .Values.expose.tls.enabled }} 82 | - name: certificate 83 | mountPath: /etc/nginx/cert 84 | {{- end }} 85 | volumes: 86 | - name: config 87 | configMap: 88 | name: {{ template "harbor.nginx" . }} 89 | {{- if .Values.expose.tls.enabled }} 90 | - name: certificate 91 | secret: 92 | secretName: {{ template "harbor.tlsSecretForNginx" . }} 93 | {{- end }} 94 | {{- with .Values.nginx.nodeSelector }} 95 | nodeSelector: 96 | {{ toYaml . | indent 8 }} 97 | {{- end }} 98 | {{- with .Values.nginx.affinity }} 99 | affinity: 100 | {{ toYaml . | indent 8 }} 101 | {{- end }} 102 | {{- with .Values.nginx.tolerations }} 103 | tolerations: 104 | {{ toYaml . | indent 8 }} 105 | {{- end }} 106 | {{- if .Values.nginx.priorityClassName }} 107 | priorityClassName: {{ .Values.nginx.priorityClassName }} 108 | {{- end }} 109 | {{- end }} 110 | -------------------------------------------------------------------------------- /pkg/install_scripts/en-README-1-config.md: -------------------------------------------------------------------------------- 1 | # how to connect dory 2 | 3 | ## how to access dory and related components files 4 | 5 | - the files of dory and related components are located in the `/project-data/` directory of the `project-data-pod` container deployed in Kubernetes 6 | 7 | ```shell script 8 | # execute the following command to enter project-data-pod and check the configuration file of dory 9 | kubectl -n {{ $.dory.namespace }} exec -ti project-data-pod-0 -- ash 10 | cd /project-data 11 | ``` 12 | 13 | ### trivy scan image vulnerabilities database update 14 | 15 | - If you need to enable the image scanning function, please perform trivy vulnerability library update 16 | 17 | ```shell 18 | # download trivy vulnerabilities database 19 | {{ $.cmdRun }} --rm -v $PWD/trivy:/root/.cache/trivy aquasec/trivy:0.37.2 image --download-db-only 20 | {{ $.cmdRun }} --rm -v $PWD/trivy:/root/.cache/trivy aquasec/trivy:0.37.2 image --download-java-db-only 21 | 22 | # copy trivy vulnerabilities database to kubernetes shared storage 23 | kubectl -n {{ $.dory.namespace }} cp trivy project-data-pod-0:/project-data/{{ $.dory.namespace }}/dory-engine/dory-data/ 24 | kubectl -n {{ $.dory.namespace }} exec project-data-pod-0 -- chown -R 1000:1000 /project-data/{{ $.dory.namespace }}/dory-engine/dory-data/trivy 25 | ``` 26 | 27 | ## connect your dory 28 | 29 | ### dory-engine dashboard 30 | 31 | - url: {{ $.viewURL }}:{{ $.dory.doryengine.port }} 32 | - user: {{ $.account.adminUser.username }} 33 | - password file located at: `/project-data/{{ $.dory.namespace }}/dory-engine/dory-data/admin.password` 34 | - dory-engine data located at: `/project-data/{{ $.dory.namespace }}/dory-engine` 35 | - dory-engine config file located at: `/project-data/{{ $.dory.namespace }}/dory-engine/config/config.yaml` 36 | 37 | {{- if $.imageRepoInternal }} 38 | 39 | ### {{ $.dory.imageRepo.type }} image repository 40 | 41 | - url: https://{{ $.imageRepoDomainName }} 42 | - admin user: admin / {{ $.imageRepoPassword }} 43 | - data located at: `/project-data/{{ $.dory.imageRepo.internal.namespace }}` 44 | {{- end }} 45 | 46 | {{- if $.dory.gitRepo.internal.image }} 47 | 48 | ### {{ $.dory.gitRepo.type }} git repository 49 | 50 | - url: {{ $.viewURL }}:{{ $.dory.gitRepo.internal.port }} 51 | - admin user: root / {{ $.gitRepoPassword }} 52 | - data located at: `/project-data/{{ $.dory.namespace }}/{{ $.dory.gitRepo.type }}` 53 | {{- end }} 54 | 55 | {{- if $.artifactRepoInternal }} 56 | 57 | ### {{ $.dory.artifactRepo.type }} artifact and dependency repository 58 | 59 | - url: {{ $.artifactRepoViewUrl }} 60 | - admin user: admin / {{ $.artifactRepoPassword }} 61 | - public user: {{ $.artifactRepoPublicUser }} / {{ $.artifactRepoPublicPassword }} 62 | - docker.io registry proxy: {{ $.artifactRepoIp }}:{{ $.artifactRepoPortHub }} 63 | - gcr.io registry proxy: {{ $.artifactRepoIp }}:{{ $.artifactRepoPortGcr }} 64 | - quay.io registry proxy: {{ $.artifactRepoIp }}:{{ $.artifactRepoPortQuay }} 65 | 66 | - data located at: `/project-data/{{ $.dory.namespace }}/{{ $.dory.artifactRepo.type }}` 67 | {{- end }} 68 | 69 | {{- if $.scanCodeRepoInternal }} 70 | 71 | ### {{ $.dory.scanCodeRepo.type }} scan code repository 72 | 73 | - url: {{ $.scanCodeRepoViewUrl }} 74 | - admin user: admin / {{ $.scanCodeRepoPassword }} 75 | {{- end }} 76 | 77 | ### openldap account management 78 | 79 | - url: {{ $.viewURL | replace "http://" "https://" }}:{{ $.dory.openldap.port }} 80 | - user: cn=admin,{{ $.dory.openldap.baseDN }} / {{ $.dory.openldap.password }} 81 | 82 | {{- if $.demoDatabaseInternal }} 83 | 84 | ### project demo database 85 | 86 | - connect jdbc url: {{ $.demoDatabaseUrl }} 87 | - user: {{ $.demoDatabaseUsername }} / {{ $.demoDatabasePassword }} 88 | {{- end }} 89 | 90 | {{- if $.demoHostInternal }} 91 | 92 | ### project demo ssh host 93 | 94 | - ssh command: `ssh -p {{ $.demoHostPort }} root@{{ $.demoHostAddr }}` 95 | - password: {{ $.demoHostPassword }} 96 | - demo ssh host expose web service url: http://{{ $.demoHostAddr }}:{{ $.demoHostNodePortWeb }} 97 | {{- end }} 98 | 99 | ### caution: this folder is very important, please keep it 100 | --------------------------------------------------------------------------------