Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-04 06:47:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1353 from miguelaeh/chartMuseumn

Browse Source 
[bitnami/harbor] Add ChartMuseum component to Harbor Chart
This commit is contained in:
Miguel Ángel Cabrera Miñagorri
2019-08-13 17:30:14 +02:00
committed by GitHub
parent 9a62996436 6eadb142cc
commit 74d7cba665
11 changed files with 758 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bitnami/harbor/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v1
name: harbor
version: 2.2.0
version: 2.3.0
appVersion: 1.8.1
description: Harbor is an an open source trusted cloud native registry project that stores, signs, and scans content
keywords:

34
bitnami/harbor/README.md
View File

@@ -117,8 +117,8 @@ The following table lists the configurable parameters of the Harbor chart and th
| --------------------------------------------------------------------------- | ----------------------------------------------------------------------- | ------------------------------------------------------- |
| **Expose** |
| `service.type` | The way how to expose the service: `Ingress`, `ClusterIP`, `NodePort` or `LoadBalancer` | `ingress` |
| `service.tls.enabled` | Enable the tls or not | `true` |
| `service.ingress.controller` | The ingress controller type. Currently supports `default`, `gce` and `ncp` | `default` |
| `service.tls.enabled` | Enable the tls or not | `true` |
| `service.ingress.controller` | The ingress controller type. Currently supports `default`, `gce` and `ncp` | `default` |
| `service.tls.secretName` | Fill the name of secret if you want to use your own TLS certificate and private key. The secret must contain two keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS. Will be generated automatically if not set | `nil` |
| `service.tls.notarySecretName` | By default, the Notary service will use the same cert and key as described above. Fill the name of secret if you want to use a separated one. Only needed when the `service.type` is `ingress`. | `nil` |
| `service.tls.commonName` | The common name used to generate the certificate, it's necessary when the `service.type` is `ClusterIP` or `NodePort` and `service.tls.secretName` is null | `nil` |
@@ -258,6 +258,36 @@ The following table lists the configurable parameters of the Harbor chart and th
| `registry.affinity` | Node/Pod affinities | `{}` (The value is evaluated as a template) |
| `registry.podAnnotations` | Annotations to add to the registry pod | `{}` |
| `registry.secret` | Secret is used to secure the upload state from client and registry storage backend. See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | `nil` |
| **Chartmuseum** |
| `chartMuseumImage.registry` | Registry for ChartMuseum image | `docker.io` |
| `chartMuseumImage.repository` | Repository for clair image | `bitnami/chartmuseum` |
| `chartMuseumImage.tag` | Tag for ChartMuseum image | `0.9.0-debian-9-r6` |
| `chartMuseumImage.pullPolicy` | ChartMuseum image pull policy | `IfNotPresent` |
| `chartMuseumImage.debug` | Specify if debug logs should be enabled | `false` |
| `chartmuseum.enabled` | Enable ChartMuseum | `true` |
| `chartmuseum.replicas` | Number of ChartMuseum replicas | `1` |
| `chartmuseum.port` | ChartMuseum listen port | `8080` |
| `chartmuseum.useRedisCache` | Specify if ChartMuseum will use redis cache | `true` |
| `chartmuseum.absoluteUrl` | Specify an absolute URL for ChartMuseum registry | `false` |
| `chartmuseum.chartRepoName` | Specify the endpoint for the chartmuseum registry. Only applicable if `chartmuseum.absoluteUrl` is `true` | `chartsRepo` |
| `chartmuseum.basicAuth.enabled` | Enable ChartMuseum basic authentication | `true` |
| `chartmuseum.basicAuth.basicAuthUser` | Chartmuseum's user | `chart_controller` |
| `chartmuseum.basicAuth.basicAuthPass` | Chartmuseum's password | Random value |
| `chartmuseum.depth` | Support for multitenancy. More info [here](https://chartmuseum.com/docs/#multitenancy) | `0` |
| `chartmuseum.logJson` | Print logs on JSON format | `false` |
| `chartmuseum.disableMetrics` | Disable prometheus metrics exposure | `false` |
| `chartmuseum.disableApi` | Disable all the routes prefixed with `/api` | `false` |
| `chartmuseum.disableStatefiles` | Disable use of index-cache.yaml | `false` |
| `chartmuseum.allowOverwrite` | Allow chart versions to be re-uploaded without force querystring | `true` |
| `chartmuseum.anonymousGet` | Allow anonymous GET operations | `false` |
| `chartmuseum.enableTLS` | Enable use of TLS access | `false` |
| `chartmuseum.contextPath` | Set the base context path for ChartMuseum | `nil` |
| `chartmuseum.indexLimit` | Limit the number of parallels indexes for ChartMuseum | `nil` |
| `chartmuseum.chartPostFormFieldName` | Form field which will be queried for the chart file content | `nil` |
| `chartmuseum.provPostFormFieldName` | Form field which will be queried for the provenance file content | `nil` |
| `chartmuseum.extraEnvVars` | Allow to pass extra environment variables to the chartmuseum image | `nil` |
| `chartmuseum.livenessProbe` | Liveness probe configuration | `Check values.yaml file` |
| `chartmuseum.readinessProbe` | Readiness probe configuration | `Check values.yaml file` |
| **Clair** |
| `clairImage.registry` | Registry for clair image | `docker.io` |
| `clairImage.repository` | Repository for clair image | `bitnami/harbor-clair` |

2
bitnami/harbor/requirements.yaml
View File

@@ -4,6 +4,6 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
- name: redis
version: 8.x.x
version: 9.x.x
repository: https://charts.bitnami.com/bitnami
condition: redis.enabled

23
bitnami/harbor/templates/_helpers.tpl
View File

@@ -389,6 +389,29 @@ Also, we can't use a single if because lazy evaluation is not an option
{{- end -}}
{{- end -}}
{{/*
Return the proper ChartMuseum image name
*/}}
{{- define "harbor.chartMuseumImage" -}}
{{- $registryName := .Values.chartMuseumImage.registry -}}
{{- $repositoryName := .Values.chartMuseumImage.repository -}}
{{- $tag := .Values.chartMuseumImage.tag | toString -}}
{{/*
Helm 2.11 supports the assignment of a value to a variable defined in a different scope,
but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic.
Also, we can't use a single if because lazy evaluation is not an option
*/}}
{{- if .Values.global }}
{{- if .Values.global.imageRegistry }}
{{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- else -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Harbor Notary Server image name
*/}}

109
bitnami/harbor/templates/chartmuseum/chartmuseum-cm-envvars.yaml Normal file
View File

@@ -0,0 +1,109 @@
{{- if .Values.chartmuseum.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.chartmuseum" . }}-envvars"
labels: {{ include "harbor.labels" . | nindent 4 }}
app.kubernetes.io/component: chartmuseum
data:
PORT: {{ .Values.chartmuseum.port | quote }}
{{- if .Values.chartmuseum.useRedisCache }}
CACHE: "redis"
CACHE_REDIS_ADDR: "{{ include "harbor.redis.host" . }}:{{ include "harbor.redis.port" . }}"
CACHE_REDIS_DB: "{{ include "harbor.redis.chartmuseumDatabaseIndex" . }}"
{{- end }}
{{- if .Values.chartmuseum.basicAuth.enabled }}
BASIC_AUTH_USER: {{ .Values.chartmuseum.basicAuth.basicAuthUser | quote }}
{{- end }}
{{- if .Values.chartmuseum.absoluteUrl }}
CHART_URL: "{{ .Values.externalURL }}/{{ .Values.chartmuseum.chartRepoName }}"
{{- end }}
DEPTH: {{ .Values.chartmuseum.depth | quote }}
{{- if or (eq .Values.logLevel "debug") .Values.chartMuseumImage.debug }}
DEBUG: "1"
{{- else }}
DEBUG: "0"
{{- end }}
LOG_JSON: {{ .Values.chartmuseum.logJson | quote }}
DISABLE_METRICS: {{ .Values.chartmuseum.disableMetrics | quote }}
DISABLE_API: {{ .Values.chartmuseum.disableApi | quote }}
DISABLE_STATEFILES: {{ .Values.chartmuseum.disableStatefiles | quote }}
ALLOW_OVERWRITE: {{ .Values.chartmuseum.allowOverwrite | quote }}
AUTH_ANONYMOUS_GET: {{ .Values.chartmuseum.anonymousGet | quote }}
{{- if .Values.chartmuseum.contextPath }}
CONTEXT_PATH: {{ .Values.chartmuseum.contextPath | quote }}
{{- end }}
{{- if .Values.chartmuseum.indexLimit }}
INDEX_LIMIT: {{ .Values.chartmuseum.indexLimit | quote }}
{{- end }}
{{- if .Values.chartmuseum.chartPostFormFieldName }}
CHART_POST_FORM_FIELD_NAME: {{ .Values.chartmuseum.chartPostFormFieldName | quote }}
{{- end }}
{{- if .Values.chartmuseum.provPostFormFieldName }}
PROV_POST_FORM_FIELD_NAME: {{ .Values.chartmuseum.provPostFormFieldName | quote }}
{{- end }}
{{- $storage := .Values.persistence.imageChartStorage }}
{{- $storageType := $storage.type }}
{{- if eq $storageType "filesystem" }}
STORAGE: "local"
STORAGE_LOCAL_ROOTDIR: "/bitnami/data"
{{- else if eq $storageType "azure" }}
STORAGE: "microsoft"
STORAGE_MICROSOFT_CONTAINER: {{ $storage.azure.container }}
AZURE_STORAGE_ACCOUNT: {{ $storage.azure.accountname }}
STORAGE_MICROSOFT_PREFIX: {{ $storage.azure.storagePrefix }}
{{- else if eq $storageType "gcs" }}
STORAGE: "google"
STORAGE_GOOGLE_BUCKET: {{ $storage.gcs.bucket }}
GOOGLE_APPLICATION_CREDENTIALS: /etc/chartmuseum/gcs-key.json
{{- if $storage.gcs.rootdirectory }}
STORAGE_GOOGLE_PREFIX: {{ $storage.gcs.rootdirectory }}
{{- end }}
{{- else if eq $storageType "s3" }}
STORAGE: "amazon"
STORAGE_AMAZON_BUCKET: {{ $storage.s3.bucket }}
{{- if $storage.s3.rootdirectory }}
STORAGE_AMAZON_PREFIX: {{ $storage.s3.rootdirectory }}
{{- end }}
STORAGE_AMAZON_REGION: {{ $storage.s3.region }}
{{- if $storage.s3.regionendpoint }}
STORAGE_AMAZON_ENDPOINT: {{ $storage.s3.regionendpoint }}
{{- end }}
{{- if $storage.s3.accesskey }}
AWS_ACCESS_KEY_ID: {{ $storage.s3.accesskey }}
{{- end }}
{{- else if eq $storageType "swift" }}
STORAGE: "openstack"
STORAGE_OPENSTACK_CONTAINER: {{ $storage.swift.container }}
{{- if $storage.swift.secretkey }}
STORAGE_OPENSTACK_PREFIX: {{ $storage.swift.prefix }}
{{- end }}
{{- if $storage.swift.secretkey }}
STORAGE_OPENSTACK_REGION: {{ $storage.swift.region }}
{{- end }}
OS_AUTH_URL: {{ $storage.swift.authurl }}
OS_USERNAME: {{ $storage.swift.username }}
{{- if $storage.swift.secretkey }}
OS_PROJECT_ID: {{ $storage.swift.tenantid }}
{{- end }}
{{- if $storage.swift.secretkey }}
OS_PROJECT_NAME: {{ $storage.swift.tenant }}
{{- end }}
{{- if $storage.swift.secretkey }}
OS_DOMAIN_ID: {{ $storage.swift.domainid }}
{{- end }}
{{- if $storage.swift.secretkey }}
OS_DOMAIN_NAME: {{ $storage.swift.domain }}
{{- end }}
{{- else if eq $storageType "oss" }}
STORAGE: "alibaba"
STORAGE_ALIBABA_BUCKET: {{ $storage.oss.bucket }}
{{- if $storage.oss.secretkey }}
STORAGE_ALIBABA_PREFIX: {{ $storage.oss.rootdirectory }}
{{- end }}
{{- if $storage.oss.secretkey }}
STORAGE_ALIBABA_ENDPOINT: {{ $storage.oss.endpoint }}
{{- end }}
ALIBABA_CLOUD_ACCESS_KEY_ID: {{ $storage.oss.accesskeyid }}
{{- end }}
{{- end }}

128
bitnami/harbor/templates/chartmuseum/chartmuseum-dpl.yaml Normal file
View File

@@ -0,0 +1,128 @@
{{- if .Values.chartmuseum.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ template "harbor.chartmuseum" . }}"
labels: {{ include "harbor.labels" . | nindent 4 }}
app.kubernetes.io/component: chartmuseum
spec:
replicas: {{ .Values.chartmuseum.replicas }}
selector:
matchLabels:
{{ include "harbor.matchLabels" . | nindent 6 }}
app.kubernetes.io/component: chartmuseum
template:
metadata:
labels:
{{ include "harbor.matchLabels" . | nindent 8 }}
app.kubernetes.io/component: chartmuseum
annotations:
checksum/configmap-envvars: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm-envvars.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }}
{{- if .Values.chartmuseum.podAnnotations }}
{{ toYaml .Values.chartmuseum.podAnnotations | indent 8 }}
{{- end }}
spec:
{{- if .Values.securityContext.enabled }}
securityContext:
fsGroup: {{ .Values.securityContext.fsGroup }}
runAsUser: {{ .Values.securityContext.runAsUser }}
{{- end }}
{{- with .Values.chartmuseum.nodeSelector }}
nodeSelector: {{ tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.chartmuseum.affinity }}
affinity: {{ tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- with .Values.chartmuseum.tolerations }}
tolerations: {{ tpl (toYaml .) $ | nindent 8 }}
{{- end }}
containers:
- name: chartmuseum
image: "{{ template "harbor.chartMuseumImage" . }}"
imagePullPolicy: {{ .Values.chartMuseumImage.imagePullPolicy | quote }}
imagePullSecrets:
{{- range .Values.chartMuseumImage.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- if .Values.chartmuseum.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /health
port: http
{{- if .Values.chartmuseum.enableTLS }}
scheme: "HTTPS"
{{- end }}
initialDelaySeconds: {{ .Values.chartmuseum.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.chartmuseum.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.chartmuseum.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.chartmuseum.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.chartmuseum.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.chartmuseum.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /health
port: http
{{- if .Values.chartmuseum.enableTLS }}
scheme: "HTTPS"
{{- end }}
initialDelaySeconds: {{ .Values.chartmuseum.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.chartmuseum.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.chartmuseum.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.chartmuseum.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.chartmuseum.readinessProbe.failureThreshold }}
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "harbor.chartmuseum" . }}-envvars"
- secretRef:
name: "{{ template "harbor.chartmuseum" . }}-secret"
env:
- name: DEBUG
value: {{ ternary "1" "0" .Values.chartMuseumImage.debug | quote }}
{{- if .Values.extraEnvVars }}
{{ toYaml .Values.extraEnvVars | indent 8 }}
{{- end }}
ports:
- containerPort: {{ .Values.chartmuseum.port }}
name: http
volumeMounts:
- name: chartmuseum-data
mountPath: /bitnami/data
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }}
- name: gcs-key
mountPath: /etc/chartmuseum/gcs-key.json
subPath: gcs-key.json
{{- end }}
{{- if .Values.chartmuseum.enableTLS }}
- name: tls-certs
mountPath: /bitnami/certs
{{- end }}
volumes:
- name: chartmuseum-data
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.existingClaim | default (include "harbor.chartmuseum" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }}
- name: gcs-key
secret:
secretName: "{{ template "harbor.chartmuseum" . }}-secret"
items:
- key: GCS_KEY_DATA
path: gcs-key.json
{{- end }}
{{- if .Values.chartmuseum.enableTLS }}
- name: tls-certs
secret:
secretName: "{{ template "harbor.chartmuseum" . }}-secret"
items:
- key: TLS_CERT
path: server.crt
- key: TLS_KEY
path: server.key
{{- end }}
{{- end }}

31
bitnami/harbor/templates/chartmuseum/chartmuseum-pvc.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.chartmuseum.enabled }}
{{- $persistence := .Values.persistence -}}
{{- if $persistence.enabled }}
{{- $chartmuseum := $persistence.persistentVolumeClaim.chartmuseum -}}
{{- if and (not $chartmuseum.existingClaim) (eq $persistence.imageChartStorage.type "filesystem") }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "harbor.chartmuseum" . }}
{{- if eq $persistence.resourcePolicy "keep" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
labels: {{ include "harbor.labels" . | nindent 4 }}
app.kubernetes.io/component: chartmuseum
spec:
accessModes:
- {{ $chartmuseum.accessMode }}
resources:
requests:
storage: {{ $chartmuseum.size }}
{{- if $chartmuseum.storageClass }}
{{- if eq "-" $chartmuseum.storageClass }}
storageClassName: ""
{{- else }}
storageClassName: {{ $chartmuseum.storageClass }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

37
bitnami/harbor/templates/chartmuseum/chartmuseum-secret.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{- if .Values.chartmuseum.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.chartmuseum" . }}-secret"
labels: {{ include "harbor.labels" . | nindent 4 }}
app.kubernetes.io/component: chartmuseum
type: Opaque
data:
{{- if .Values.chartmuseum.useRedisCache }}
CACHE_REDIS_PASSWORD: {{ include "harbor.redis.rawPassword" . | b64enc | quote }}
{{- end }}
{{- $storage := .Values.persistence.imageChartStorage }}
{{- $storageType := $storage.type }}
{{- if eq $storageType "azure" }}
AZURE_STORAGE_ACCESS_KEY: {{ $storage.azure.accountkey | b64enc | quote }}
{{- else if eq $storageType "gcs" }}
GCS_KEY_DATA: {{ $storage.gcs.encodedkey | b64enc | quote }}
{{- else if eq $storageType "s3" }}
{{- if $storage.s3.secretkey }}
AWS_SECRET_ACCESS_KEY: {{ $storage.s3.secretkey | b64enc | quote }}
{{- end }}
{{- else if eq $storageType "swift" }}
OS_PASSWORD: {{ $storage.swift.password | b64enc | quote }}
{{- else if eq $storageType "oss" }}
ALIBABA_CLOUD_ACCESS_KEY_SECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }}
{{- end }}
{{- if and .Values.chartmuseum.basicAuth.enabled ( eq .Values.chartmuseum.basicAuth.basicAuthPass "" ) }}
BASIC_AUTH_PASS: {{ randAlphaNum 10 | b64enc | quote }}
{{- else if .Values.chartmuseum.basicAuth.enabled }}
BASIC_AUTH_PASS: {{ .Values.chartmuseum.basicAuth.basicAuthPass | b64enc | quote }}
{{- end }}
{{- if .Values.chartmuseum.enableTLS }}
TLS_CERT: {{ .Files.Get "cert/tls.crt" | b64enc }}
TLS_KEY: {{ .Files.Get "cert/tls.key" | b64enc }}
{{- end }}
{{- end }}

15
bitnami/harbor/templates/chartmuseum/chartmuseum-svc.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- if .Values.chartmuseum.enabled }}
apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.chartmuseum" . }}"
labels: {{ include "harbor.labels" . | nindent 4 }}
app.kubernetes.io/component: chartmuseum
spec:
ports:
- port: 80
name: http
targetPort: http
selector: {{ include "harbor.matchLabels" . | nindent 4 }}
component: chartmuseum
{{- end }}

193
bitnami/harbor/values-production.yaml
View File

@@ -79,6 +79,30 @@ jobserviceImage:
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
debug: false
## Bitnami ChartMuseum image
## ref: https://hub.docker.com/r/bitnami/chartmuseum/tags/
##
chartMuseumImage:
registry: docker.io
repository: bitnami/chartmuseum
tag: 0.9.0-debian-9-r6
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## It turns BASH and NAMI debugging in minideb
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
debug: false
## Bitnami Harbor Registry image
## ref: https://hub.docker.com/r/bitnami/harbor-registry/tags/
##
@@ -397,6 +421,14 @@ persistence:
subPath: ""
accessMode: ReadWriteOnce
size: 1Gi
chartmuseum:
existingClaim: ""
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
# Define which storage backend is used for registry and chartmuseum to store
# images and charts. Refer to
# https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
@@ -424,7 +456,7 @@ persistence:
#realm: core.windows.net
gcs:
bucket: bucketname
# The base64 encoded json file which contains the key
# The base64 encoded json file which contains the gcs key (file's content)
encodedkey: base64-encoded-json-key-file
#rootdirectory: /gcs/object/name/prefix
#chunksize: "5242880"
@@ -497,10 +529,22 @@ nginx:
# requests:
# memory: 256Mi
# cpu: 100m
## These values are evaluated as a template (nodeSelector, tolerations and affinity)
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## When setting up Harbor behind another reverse proxy, such as a nginx instance, set this value to true
@@ -531,10 +575,22 @@ portal:
# requests:
# memory: 256Mi
# cpu: 100m
## These values are evaluated as a template (nodeSelector, tolerations and affinity)
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## Configure extra options for liveness and readiness probes
@@ -561,10 +617,22 @@ core:
# requests:
# memory: 256Mi
# cpu: 100m
## These values are evaluated as a template (nodeSelector, tolerations and affinity)
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
# Secret is used when core server communicates with other components.
@@ -605,10 +673,22 @@ jobservice:
# requests:
# memory: 256Mi
# cpu: 100m
## These values are evaluated as a template (nodeSelector, tolerations and affinity)
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
# Secret is used when job service communicates with other components.
@@ -679,10 +759,22 @@ registry:
# memory: 256Mi
# cpu: 100m
replicas: 1
## These values are evaluated as a template (nodeSelector, tolerations and affinity)
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
# Secret is used to secure the upload state from client
@@ -692,9 +784,81 @@ registry:
# Must be a string of 16 chars.
secret: ""
# Enable Chartmuseum is not supported yet.
chartmuseum:
enabled: false
enabled: true
replicas: 1
port: 8080
## Set the use of the Redis cache.
useRedisCache: true
## Set the absolute URL to access the chartmuseum repository and the
## endpoint where it will be available.
absoluteUrl: false
chartRepoName: "chartsRepo"
## Configure basic authentication to access the ChartMuseum server.
basicAuth:
enabled: true
basicAuthUser: "chart_controller"
basicAuthPass: "password"
depth: 1
logJson: false
disableMetrics: false
disableApi: false
disableStatefiles: false
allowOverwrite: true
anonymousGet: false
## Optional parameters for ChartMuseum not used by default.
## ref: https://chartmuseum.com/docs/#other-cli-options
# contextPath: ""
# indexLimit: 0
# chartPostFormFieldName: "chart"
# provPostFormFieldName: "prov"
## Enable the TLS access to the ChartMuseum server.
enableTLS: true
## An array to add extra env vars to chartmuseum
## For example:
## extraEnvVars:
## - name: BEARER_AUTH
## value: true
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 20
failureThreshold: 10
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 20
failureThreshold: 10
successThreshold: 1
clair:
enabled: true
@@ -709,9 +873,22 @@ clair:
# requests:
# memory: 256Mi
# cpu: 100m
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## Configure extra options for liveness and readiness probes

205
bitnami/harbor/values.yaml
View File

@@ -1,3 +1,4 @@
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
@@ -79,6 +80,30 @@ jobserviceImage:
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
debug: false
## Bitnami ChartMuseum image
## ref: https://hub.docker.com/r/bitnami/chartmuseum/tags/
##
chartMuseumImage:
registry: docker.io
repository: bitnami/chartmuseum
tag: 0.9.0-debian-9-r6
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
# pullSecrets:
# - myRegistryKeySecretName
## Set to true if you would like to see extra information on logs
## It turns BASH and NAMI debugging in minideb
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
debug: false
## Bitnami Harbor Registry image
## ref: https://hub.docker.com/r/bitnami/harbor-registry/tags/
##
@@ -231,7 +256,7 @@ nginxImage:
##
# fullnameOverride:
## Init containers parameters:
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
@@ -397,6 +422,14 @@ persistence:
subPath: ""
accessMode: ReadWriteOnce
size: 1Gi
chartmuseum:
existingClaim: ""
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
# Define which storage backend is used for registry and chartmuseum to store
# images and charts. Refer to
# https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
@@ -421,10 +454,11 @@ persistence:
accountname: accountname
accountkey: base64encodedaccountkey
container: containername
storagePrefix: "/azure/harbor/charts"
#realm: core.windows.net
gcs:
bucket: bucketname
# The base64 encoded json file which contains the key
# The base64 encoded json file which contains the gcs key (file's content)
encodedkey: base64-encoded-json-key-file
#rootdirectory: /gcs/object/name/prefix
#chunksize: "5242880"
@@ -497,10 +531,22 @@ nginx:
# requests:
# memory: 256Mi
# cpu: 100m
## These values are evaluated as a template (nodeSelector, tolerations and affinity)
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## When setting up Harbor behind another reverse proxy, such as a nginx instance, set this value to true
@@ -531,10 +577,22 @@ portal:
# requests:
# memory: 256Mi
# cpu: 100m
## These values are evaluated as a template (nodeSelector, tolerations and affinity)
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## Configure extra options for liveness and readiness probes
@@ -561,10 +619,22 @@ core:
# requests:
# memory: 256Mi
# cpu: 100m
## These values are evaluated as a template (nodeSelector, tolerations and affinity)
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
# Secret is used when core server communicates with other components.
@@ -605,10 +675,22 @@ jobservice:
# requests:
# memory: 256Mi
# cpu: 100m
## These values are evaluated as a template (nodeSelector, tolerations and affinity)
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
# Secret is used when job service communicates with other components.
@@ -679,10 +761,22 @@ registry:
# memory: 256Mi
# cpu: 100m
replicas: 1
## These values are evaluated as a template (nodeSelector, tolerations and affinity)
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
# Secret is used to secure the upload state from client
@@ -692,9 +786,89 @@ registry:
# Must be a string of 16 chars.
secret: ""
# Enable Chartmuseum is not supported yet.
chartmuseum:
enabled: false
enabled: true
replicas: 1
port: 8080
## Set the use of the Redis cache.
useRedisCache: true
## Set the absolute URL to access the chartmuseum repository and the
## endpoint where it will be available.
absoluteUrl: false
chartRepoName: "chartsRepo"
## Configure basic authentication to access the ChartMuseum server.
basicAuth:
enabled: true
basicAuthUser: "chart_controller"
basicAuthPass: ""
depth: 0
logJson: false
disableMetrics: false
disableApi: false
disableStatefiles: false
allowOverwrite: true
anonymousGet: false
## Optional parameters for ChartMuseum not used by default.
## ref: https://chartmuseum.com/docs/#other-cli-options
##
# contextPath: ""
# indexLimit: 0
# chartPostFormFieldName: "chart"
# provPostFormFieldName: "prov"
## Enable the TLS access to the ChartMuseum server.
enableTLS: false
## An array to add extra env vars to chartmuseum
## For example:
## extraEnvVars:
## - name: BEARER_AUTH
## value: true
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## Configure extra options for liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
##
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 20
failureThreshold: 10
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 20
failureThreshold: 10
successThreshold: 1
clair:
enabled: true
@@ -709,9 +883,22 @@ clair:
# requests:
# memory: 256Mi
# cpu: 100m
## Node labels for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## Tolerations for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## Affinity for pod assignment. Evaluated as a template.
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
##
affinity: {}
## Additional deployment annotations
podAnnotations: {}
## Configure extra options for liveness and readiness probes