Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: change preheat document Harbor #162

Merged
merged 5 commits into from
Sep 27, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 40 additions & 37 deletions docs/advanced-guides/preheat.md
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,46 @@ If the status is `FAILURE`, the preheating is failure and an error log is displa
Use harbor for preheating image, please refer to the
[harbor](https://goharbor.io/docs/2.11.0/administration/p2p-preheat/) documentation for details.

### Configure self-signed certificates for registry

> Notice: If harbor is not configured self-signed certificates, please ignore the following.

To support preheating for harbor with self-signed certificates,
the Manager configuration needs to be modified.

Configure Manager yaml file, The default path in Linux is `/etc/dragonfly/manager.yaml` in linux,
refer to [Manager](../reference/configuration/manager.md).

> Notice: `yourdomain.crt` is Harbor's ca.crt.

```shell
job:
# Preheat configuration.
preheat:
# registryTimeout is the timeout for requesting registry to get token and manifest.
registryTimeout: 1m
tls:
# insecureSkipVerify controls whether a client verifies the server's certificate chain and hostname.
insecureSkipVerify: false
# # caCert is the CA certificate for preheat tls handshake, it can be path or PEM format string.
caCert: /etc/certs/yourdomain.crt
```

Skip TLS verification, set `job.preheat.tls.insecureSkipVerify` to true.

```shell
job:
# Preheat configuration.
preheat:
# registryTimeout is the timeout for requesting registry to get token and manifest.
registryTimeout: 1m
tls:
# insecureSkipVerify controls whether a client verifies the server's certificate chain and hostname.
insecureSkipVerify: true
# # caCert is the CA certificate for preheat tls handshake, it can be path or PEM format string.
# caCert: ''
```

### Create personal access token {#harbor-create-personal-access-token}

Click the `ADD PERSONAL ACCESS TOKENS` button to create personal access token.
Expand Down Expand Up @@ -356,40 +396,3 @@ Click the executions `ID` to view the detailed information of the preheating tas
The expected output is as follows.

![log](../resource/advanced-guides/preheat/log.png)

## Harbor using self-signed certificates

If you use harbor with a self-signed certificate for preheating, you will need to modify the Manager configuration.

Configure Manager yaml file, The default path in Linux is `/etc/dragonfly/manager.yaml` in linux,
refer to [Manager](../reference/configuration/manager.md).

> Notice: `yourdomain.crt` is Harbor's ca.crt.

```shell
job:
# Preheat configuration.
preheat:
# registryTimeout is the timeout for requesting registry to get token and manifest.
registryTimeout: 1m
tls:
# insecureSkipVerify controls whether a client verifies the server's certificate chain and hostname.
insecureSkipVerify: false
# # caCert is the CA certificate for preheat tls handshake, it can be path or PEM format string.
caCert: /etc/certs/yourdomain.crt
```

Skip TLS verification, set `job.preheat.tls.insecureSkipVerify` to true.

```shell
job:
# Preheat configuration.
preheat:
# registryTimeout is the timeout for requesting registry to get token and manifest.
registryTimeout: 1m
tls:
# insecureSkipVerify controls whether a client verifies the server's certificate chain and hostname.
insecureSkipVerify: true
# # caCert is the CA certificate for preheat tls handshake, it can be path or PEM format string.
# caCert: ''
```