1 deň pred · 2c508a20b9
--- a/quay/integrate/clair-config.yaml
+++ b/quay/integrate/clair-config.yaml
@@ -0,0 +1,24 @@
 
				+http_listen_addr: :8081
			
 
				+introspection_addr: :8088
			
 
				+log_level: debug
			
 
				+indexer:
			
 
				+  connstring: host=postgresql port=5432 dbname=clair user=quay password=secret sslmode=disable
			
 
				+  scanlock_retry: 10
			
 
				+  layer_scan_concurrency: 5
			
 
				+  migrations: true
			
 
				+matcher:
			
 
				+  connstring: host=postgresql port=5432 dbname=clair user=quay password=secret sslmode=disable
			
 
				+  max_conn_pool: 100
			
 
				+  migrations: true
			
 
				+  indexer_addr: clair-indexer
			
 
				+notifier:
			
 
				+  connstring: host=postgresql port=5432 dbname=clair user=quay password=secret sslmode=disable
			
 
				+  delivery_interval: 1m
			
 
				+  poll_interval: 5m
			
 
				+  migrations: true
			
 
				+auth:
			
 
				+  psk:
			
 
				+    key: "NjA1aWhnNWk4MWhqNw=="
			
 
				+    iss: ["quay"]
			
 
				+metrics:
			
 
				+  name: "prometheus"
			
--- a/quay/integrate/clair.service
+++ b/quay/integrate/clair.service
@@ -0,0 +1,28 @@
 
				+[Unit]
			
 
				+Description=Clair Container
			
 
				+Wants=network-online.target
			
 
				+After=network-online.target
			
 
				+
			
 
				+[Service]
			
 
				+Restart=on-failure
			
 
				+TimeoutStopSec=30
			
 
				+ExecStartPre=/usr/bin/podman rm --ignore -f clair
			
 
				+ExecStart=/usr/bin/podman run \
			
 
				+              --conmon-pidfile %t/%n-pid \
			
 
				+              --cidfile %t/%n-cid \
			
 
				+              --cgroups=no-conmon \
			
 
				+              --name=clair -d \
			
 
				+              --network=quay \
			
 
				+              -e CLAIR_CONF=/clair/config.yaml \
			
 
				+              -e CLAIR_MODE=combo \
			
 
				+              -v ./clair:/clair:Z \
			
 
				+	      -v ./tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:Z \
			
 
				+              registry.redhat.io/quay/clair-rhel8:v3.14
			
 
				+ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%n-cid -t 30 && \
			
 
				+             /bin/rm -f %t/%n-pid %t/%n-cid
			
 
				+Type=forking
			
 
				+PIDFile=%t/%n-pid
			
 
				+KillMode=none
			
 
				+
			
 
				+[Install]
			
 
				+WantedBy=default.target
			
--- a/quay/integrate/quay-config.yaml
+++ b/quay/integrate/quay-config.yaml
@@ -0,0 +1,30 @@
 
				+BUILDLOGS_REDIS:
			
 
				+  host: redis
			
 
				+  password: verysecret
			
 
				+  port: 6379
			
 
				+CREATE_NAMESPACE_ON_PUSH: true
			
 
				+DATABASE_SECRET_KEY: 410c87de-8ad8-4f4c-9670-2ec25bc87191
			
 
				+DB_URI: postgresql://quay:secret@postgresql:5432/quay
			
 
				+DISTRIBUTED_STORAGE_CONFIG:
			
 
				+  default:
			
 
				+    - LocalStorage
			
 
				+    - storage_path: /registry
			
 
				+DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: []
			
 
				+DISTRIBUTED_STORAGE_PREFERENCE:
			
 
				+  - default
			
 
				+FEATURE_MAILING: false
			
 
				+FEATURE_SECURITY_SCANNER: true
			
 
				+SECRET_KEY: 7ce58d4d-b6f5-4400-ba6b-77b9f728a115
			
 
				+SECURITY_SCANNER_INDEXING_INTERVAL: 30
			
 
				+SECURITY_SCANNER_V4_ENDPOINT: http://clair:8081
			
 
				+SECURITY_SCANNER_V4_PSK: NjA1aWhnNWk4MWhqNw==
			
 
				+SERVER_HOSTNAME: registry.ocp4.example.com
			
 
				+PREFERRED_URL_SCHEME: https
			
 
				+SETUP_COMPLETE: true
			
 
				+SUPER_USERS:
			
 
				+  - admin
			
 
				+TESTING: false
			
 
				+USER_EVENTS_REDIS:
			
 
				+  host: redis
			
 
				+  password: verysecret
			
 
				+  port: 6379