Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-20 12:07:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/harbor] feat: 🔒 Add resource preset support (#23461)

Browse Source 
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-02-16 10:35:40 +01:00
committed by GitHub
parent 9c08219d78
commit 8078caf8a0
12 changed files with 619 additions and 540 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bitnami/harbor/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 18.12.1
version: 18.13.0
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 13.4.4
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.14.1
digest: sha256:49f55036d61c3a75346caddd96eb54503c4ba8afb6158614f16bb7a2a6dd034f
generated: "2024-02-03T07:36:06.827912702Z"
version: 2.15.3
digest: sha256:dd4296369ab03a8c9f1940b4fc34ba57020a63afa6f761220f4f1249ab9e9e08
generated: "2024-02-14T15:02:24.927377185+01:00"

2
bitnami/harbor/Chart.yaml
View File

@@ -55,4 +55,4 @@ maintainers:
name: harbor
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/harbor
version: 19.6.0
version: 19.7.0

922
bitnami/harbor/README.md
View File

@@ -241,196 +241,196 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
### Volume Permissions parameters
| Name | Description | Value |
| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` |
| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` |
| `volumePermissions.containerSecurityContext.enabled` | Enable init container Security Context | `true` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
| Name | Description | Value |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `volumePermissions.containerSecurityContext.enabled` | Enable init container Security Context | `true` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
### NGINX Parameters
| Name | Description | Value |
| --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ----------------------- |
| `nginx.image.registry` | NGINX image registry | `REGISTRY_NAME` |
| `nginx.image.repository` | NGINX image repository | `REPOSITORY_NAME/nginx` |
| `nginx.image.digest` | NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `nginx.image.pullPolicy` | NGINX image pull policy | `IfNotPresent` |
| `nginx.image.pullSecrets` | NGINX image pull secrets | `[]` |
| `nginx.image.debug` | Enable NGINX image debug mode | `false` |
| `nginx.tls.enabled` | Enable TLS termination | `true` |
| `nginx.tls.existingSecret` | Existing secret name containing your own TLS certificates. | `""` |
| `nginx.tls.commonName` | The common name used to generate the self-signed TLS certificates | `core.harbor.domain` |
| `nginx.behindReverseProxy` | If NGINX is behind another reverse proxy, set to true | `false` |
| `nginx.command` | Override default container command (useful when using custom images) | `[]` |
| `nginx.args` | Override default container args (useful when using custom images) | `[]` |
| `nginx.extraEnvVars` | Array with extra environment variables to add NGINX pods | `[]` |
| `nginx.extraEnvVarsCM` | ConfigMap containing extra environment variables for NGINX pods | `""` |
| `nginx.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for NGINX pods | `""` |
| `nginx.containerPorts.http` | NGINX HTTP container port | `8080` |
| `nginx.containerPorts.https` | NGINX HTTPS container port | `8443` |
| `nginx.replicaCount` | Number of NGINX replicas | `1` |
| `nginx.livenessProbe.enabled` | Enable livenessProbe on NGINX containers | `true` |
| `nginx.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `nginx.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `nginx.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `nginx.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `nginx.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `nginx.readinessProbe.enabled` | Enable readinessProbe on NGINX containers | `true` |
| `nginx.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `nginx.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `nginx.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `nginx.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `nginx.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `nginx.startupProbe.enabled` | Enable startupProbe on NGINX containers | `false` |
| `nginx.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `nginx.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `nginx.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `nginx.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `nginx.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `nginx.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `nginx.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `nginx.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `nginx.resources.limits` | The resources limits for the NGINX containers | `{}` |
| `nginx.resources.requests` | The requested resources for the NGINX containers | `{}` |
| `nginx.podSecurityContext.enabled` | Enabled NGINX pods' Security Context | `true` |
| `nginx.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `nginx.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `nginx.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `nginx.podSecurityContext.fsGroup` | Set NGINX pod's Security Context fsGroup | `1001` |
| `nginx.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `nginx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `nginx.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `nginx.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `nginx.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `nginx.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `nginx.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `nginx.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `nginx.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `nginx.updateStrategy.type` | NGINX deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `nginx.lifecycleHooks` | LifecycleHook for the NGINX container(s) to automate configuration before or after startup | `{}` |
| `nginx.serviceAccountName` | Set the service account name for the NGINX pods | `""` |
| `nginx.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `nginx.hostAliases` | NGINX pods host aliases | `[]` |
| `nginx.podLabels` | Add additional labels to the NGINX pods (evaluated as a template) | `{}` |
| `nginx.podAnnotations` | Annotations to add to the NGINX pods (evaluated as a template) | `{}` |
| `nginx.podAffinityPreset` | NGINX Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nginx.podAntiAffinityPreset` | NGINX Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nginx.nodeAffinityPreset.type` | NGINX Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nginx.nodeAffinityPreset.key` | NGINX Node label key to match Ignored if `affinity` is set. | `""` |
| `nginx.nodeAffinityPreset.values` | NGINX Node label values to match. Ignored if `affinity` is set. | `[]` |
| `nginx.affinity` | NGINX Affinity for pod assignment | `{}` |
| `nginx.nodeSelector` | NGINX Node labels for pod assignment | `{}` |
| `nginx.tolerations` | NGINX Tolerations for pod assignment | `[]` |
| `nginx.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `nginx.priorityClassName` | Priority Class Name | `""` |
| `nginx.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `nginx.sidecars` | Add additional sidecar containers to the NGINX pods | `[]` |
| `nginx.initContainers` | Add additional init containers to the NGINX pods | `[]` |
| `nginx.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the NGINX pods | `[]` |
| `nginx.extraVolumes` | Optionally specify extra list of additional volumes for the NGINX pods | `[]` |
| `nginx.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `nginx.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `nginx.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `nginx.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `nginx.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `nginx.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `nginx.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `nginx.image.registry` | NGINX image registry | `REGISTRY_NAME` |
| `nginx.image.repository` | NGINX image repository | `REPOSITORY_NAME/nginx` |
| `nginx.image.digest` | NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `nginx.image.pullPolicy` | NGINX image pull policy | `IfNotPresent` |
| `nginx.image.pullSecrets` | NGINX image pull secrets | `[]` |
| `nginx.image.debug` | Enable NGINX image debug mode | `false` |
| `nginx.tls.enabled` | Enable TLS termination | `true` |
| `nginx.tls.existingSecret` | Existing secret name containing your own TLS certificates. | `""` |
| `nginx.tls.commonName` | The common name used to generate the self-signed TLS certificates | `core.harbor.domain` |
| `nginx.behindReverseProxy` | If NGINX is behind another reverse proxy, set to true | `false` |
| `nginx.command` | Override default container command (useful when using custom images) | `[]` |
| `nginx.args` | Override default container args (useful when using custom images) | `[]` |
| `nginx.extraEnvVars` | Array with extra environment variables to add NGINX pods | `[]` |
| `nginx.extraEnvVarsCM` | ConfigMap containing extra environment variables for NGINX pods | `""` |
| `nginx.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for NGINX pods | `""` |
| `nginx.containerPorts.http` | NGINX HTTP container port | `8080` |
| `nginx.containerPorts.https` | NGINX HTTPS container port | `8443` |
| `nginx.replicaCount` | Number of NGINX replicas | `1` |
| `nginx.livenessProbe.enabled` | Enable livenessProbe on NGINX containers | `true` |
| `nginx.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `nginx.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `nginx.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `nginx.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `nginx.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `nginx.readinessProbe.enabled` | Enable readinessProbe on NGINX containers | `true` |
| `nginx.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `nginx.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `nginx.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `nginx.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `nginx.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `nginx.startupProbe.enabled` | Enable startupProbe on NGINX containers | `false` |
| `nginx.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `nginx.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `nginx.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `nginx.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `nginx.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `nginx.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `nginx.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `nginx.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `nginx.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if nginx.resources is set (nginx.resources is recommended for production). | `none` |
| `nginx.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `nginx.podSecurityContext.enabled` | Enabled NGINX pods' Security Context | `true` |
| `nginx.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `nginx.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `nginx.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `nginx.podSecurityContext.fsGroup` | Set NGINX pod's Security Context fsGroup | `1001` |
| `nginx.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `nginx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `nginx.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `nginx.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `nginx.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `nginx.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `nginx.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `nginx.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `nginx.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `nginx.updateStrategy.type` | NGINX deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `nginx.lifecycleHooks` | LifecycleHook for the NGINX container(s) to automate configuration before or after startup | `{}` |
| `nginx.serviceAccountName` | Set the service account name for the NGINX pods | `""` |
| `nginx.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `nginx.hostAliases` | NGINX pods host aliases | `[]` |
| `nginx.podLabels` | Add additional labels to the NGINX pods (evaluated as a template) | `{}` |
| `nginx.podAnnotations` | Annotations to add to the NGINX pods (evaluated as a template) | `{}` |
| `nginx.podAffinityPreset` | NGINX Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nginx.podAntiAffinityPreset` | NGINX Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nginx.nodeAffinityPreset.type` | NGINX Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nginx.nodeAffinityPreset.key` | NGINX Node label key to match Ignored if `affinity` is set. | `""` |
| `nginx.nodeAffinityPreset.values` | NGINX Node label values to match. Ignored if `affinity` is set. | `[]` |
| `nginx.affinity` | NGINX Affinity for pod assignment | `{}` |
| `nginx.nodeSelector` | NGINX Node labels for pod assignment | `{}` |
| `nginx.tolerations` | NGINX Tolerations for pod assignment | `[]` |
| `nginx.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `nginx.priorityClassName` | Priority Class Name | `""` |
| `nginx.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `nginx.sidecars` | Add additional sidecar containers to the NGINX pods | `[]` |
| `nginx.initContainers` | Add additional init containers to the NGINX pods | `[]` |
| `nginx.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the NGINX pods | `[]` |
| `nginx.extraVolumes` | Optionally specify extra list of additional volumes for the NGINX pods | `[]` |
| `nginx.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `nginx.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `nginx.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `nginx.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `nginx.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `nginx.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `nginx.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### Harbor Portal Parameters
| Name | Description | Value |
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------------- |
| `portal.image.registry` | Harbor Portal image registry | `REGISTRY_NAME` |
| `portal.image.repository` | Harbor Portal image repository | `REPOSITORY_NAME/harbor-portal` |
| `portal.image.digest` | Harbor Portal image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `portal.image.pullPolicy` | Harbor Portal image pull policy | `IfNotPresent` |
| `portal.image.pullSecrets` | Harbor Portal image pull secrets | `[]` |
| `portal.image.debug` | Enable Harbor Portal image debug mode | `false` |
| `portal.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `portal.command` | Override default container command (useful when using custom images) | `[]` |
| `portal.args` | Override default container args (useful when using custom images) | `[]` |
| `portal.extraEnvVars` | Array with extra environment variables to add Harbor Portal pods | `[]` |
| `portal.extraEnvVarsCM` | ConfigMap containing extra environment variables for Harbor Portal pods | `""` |
| `portal.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Harbor Portal pods | `""` |
| `portal.containerPorts.http` | Harbor Portal HTTP container port | `8080` |
| `portal.containerPorts.https` | Harbor Portal HTTPS container port | `8443` |
| `portal.replicaCount` | Number of Harbor Portal replicas | `1` |
| `portal.livenessProbe.enabled` | Enable livenessProbe on Harbor Portal containers | `true` |
| `portal.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `portal.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `portal.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `portal.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `portal.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `portal.readinessProbe.enabled` | Enable readinessProbe on Harbor Portal containers | `true` |
| `portal.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `portal.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `portal.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `portal.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `portal.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `portal.startupProbe.enabled` | Enable startupProbe on Harbor Portal containers | `false` |
| `portal.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `portal.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `portal.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `portal.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `portal.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `portal.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `portal.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `portal.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `portal.resources.limits` | The resources limits for the Harbor Portal containers | `{}` |
| `portal.resources.requests` | The requested resources for the Harbor Portal containers | `{}` |
| `portal.podSecurityContext.enabled` | Enabled Harbor Portal pods' Security Context | `true` |
| `portal.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `portal.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `portal.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `portal.podSecurityContext.fsGroup` | Set Harbor Portal pod's Security Context fsGroup | `1001` |
| `portal.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `portal.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `portal.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `portal.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `portal.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `portal.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `portal.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `portal.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `portal.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `portal.updateStrategy.type` | Harbor Portal deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `portal.lifecycleHooks` | LifecycleHook for the Harbor Portal container(s) to automate configuration before or after startup | `{}` |
| `portal.hostAliases` | Harbor Portal pods host aliases | `[]` |
| `portal.podLabels` | Add additional labels to the Harbor Portal pods (evaluated as a template) | `{}` |
| `portal.podAnnotations` | Annotations to add to the Harbor Portal pods (evaluated as a template) | `{}` |
| `portal.podAffinityPreset` | Harbor Portal Pod affinity preset. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `portal.podAntiAffinityPreset` | Harbor Portal Pod anti-affinity preset. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `portal.nodeAffinityPreset.type` | Harbor Portal Node affinity preset type. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `portal.nodeAffinityPreset.key` | Harbor Portal Node label key to match Ignored if `portal.affinity` is set. | `""` |
| `portal.nodeAffinityPreset.values` | Harbor Portal Node label values to match. Ignored if `portal.affinity` is set. | `[]` |
| `portal.affinity` | Harbor Portal Affinity for pod assignment | `{}` |
| `portal.nodeSelector` | Harbor Portal Node labels for pod assignment | `{}` |
| `portal.tolerations` | Harbor Portal Tolerations for pod assignment | `[]` |
| `portal.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `portal.priorityClassName` | Priority Class Name | `""` |
| `portal.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `portal.sidecars` | Add additional sidecar containers to the Harbor Portal pods | `[]` |
| `portal.initContainers` | Add additional init containers to the Harbor Portal pods | `[]` |
| `portal.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Harbor Portal pods | `[]` |
| `portal.extraVolumes` | Optionally specify extra list of additional volumes for the Harbor Portal pods | `[]` |
| `portal.serviceAccountName` | Set the service account name for the Harbor Portal pods | `""` |
| `portal.automountServiceAccountToken` | Automount service account token | `false` |
| `portal.service.ports.http` | Harbor Portal HTTP service port | `80` |
| `portal.service.ports.https` | Harbor Portal HTTPS service port | `443` |
| `portal.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `portal.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `portal.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `portal.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `portal.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `portal.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `portal.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------- |
| `portal.image.registry` | Harbor Portal image registry | `REGISTRY_NAME` |
| `portal.image.repository` | Harbor Portal image repository | `REPOSITORY_NAME/harbor-portal` |
| `portal.image.digest` | Harbor Portal image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `portal.image.pullPolicy` | Harbor Portal image pull policy | `IfNotPresent` |
| `portal.image.pullSecrets` | Harbor Portal image pull secrets | `[]` |
| `portal.image.debug` | Enable Harbor Portal image debug mode | `false` |
| `portal.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `portal.command` | Override default container command (useful when using custom images) | `[]` |
| `portal.args` | Override default container args (useful when using custom images) | `[]` |
| `portal.extraEnvVars` | Array with extra environment variables to add Harbor Portal pods | `[]` |
| `portal.extraEnvVarsCM` | ConfigMap containing extra environment variables for Harbor Portal pods | `""` |
| `portal.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Harbor Portal pods | `""` |
| `portal.containerPorts.http` | Harbor Portal HTTP container port | `8080` |
| `portal.containerPorts.https` | Harbor Portal HTTPS container port | `8443` |
| `portal.replicaCount` | Number of Harbor Portal replicas | `1` |
| `portal.livenessProbe.enabled` | Enable livenessProbe on Harbor Portal containers | `true` |
| `portal.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `portal.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `portal.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `portal.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `portal.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `portal.readinessProbe.enabled` | Enable readinessProbe on Harbor Portal containers | `true` |
| `portal.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `portal.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `portal.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `portal.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `portal.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `portal.startupProbe.enabled` | Enable startupProbe on Harbor Portal containers | `false` |
| `portal.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `portal.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `portal.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `portal.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `portal.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `portal.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `portal.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `portal.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `portal.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if portal.resources is set (portal.resources is recommended for production). | `none` |
| `portal.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `portal.podSecurityContext.enabled` | Enabled Harbor Portal pods' Security Context | `true` |
| `portal.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `portal.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `portal.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `portal.podSecurityContext.fsGroup` | Set Harbor Portal pod's Security Context fsGroup | `1001` |
| `portal.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `portal.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `portal.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `portal.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `portal.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `portal.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `portal.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `portal.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `portal.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `portal.updateStrategy.type` | Harbor Portal deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `portal.lifecycleHooks` | LifecycleHook for the Harbor Portal container(s) to automate configuration before or after startup | `{}` |
| `portal.hostAliases` | Harbor Portal pods host aliases | `[]` |
| `portal.podLabels` | Add additional labels to the Harbor Portal pods (evaluated as a template) | `{}` |
| `portal.podAnnotations` | Annotations to add to the Harbor Portal pods (evaluated as a template) | `{}` |
| `portal.podAffinityPreset` | Harbor Portal Pod affinity preset. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `portal.podAntiAffinityPreset` | Harbor Portal Pod anti-affinity preset. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `portal.nodeAffinityPreset.type` | Harbor Portal Node affinity preset type. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `portal.nodeAffinityPreset.key` | Harbor Portal Node label key to match Ignored if `portal.affinity` is set. | `""` |
| `portal.nodeAffinityPreset.values` | Harbor Portal Node label values to match. Ignored if `portal.affinity` is set. | `[]` |
| `portal.affinity` | Harbor Portal Affinity for pod assignment | `{}` |
| `portal.nodeSelector` | Harbor Portal Node labels for pod assignment | `{}` |
| `portal.tolerations` | Harbor Portal Tolerations for pod assignment | `[]` |
| `portal.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `portal.priorityClassName` | Priority Class Name | `""` |
| `portal.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `portal.sidecars` | Add additional sidecar containers to the Harbor Portal pods | `[]` |
| `portal.initContainers` | Add additional init containers to the Harbor Portal pods | `[]` |
| `portal.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Harbor Portal pods | `[]` |
| `portal.extraVolumes` | Optionally specify extra list of additional volumes for the Harbor Portal pods | `[]` |
| `portal.serviceAccountName` | Set the service account name for the Harbor Portal pods | `""` |
| `portal.automountServiceAccountToken` | Automount service account token | `false` |
| `portal.service.ports.http` | Harbor Portal HTTP service port | `80` |
| `portal.service.ports.https` | Harbor Portal HTTPS service port | `443` |
| `portal.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `portal.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `portal.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `portal.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `portal.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `portal.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `portal.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### Harbor Core Parameters
@@ -485,8 +485,8 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
| `core.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `core.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `core.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `core.resources.limits` | The resources limits for the Harbor Core containers | `{}` |
| `core.resources.requests` | The requested resources for the Harbor Core containers | `{}` |
| `core.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if core.resources is set (core.resources is recommended for production). | `none` |
| `core.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `core.podSecurityContext.enabled` | Enabled Harbor Core pods' Security Context | `true` |
| `core.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `core.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
@@ -536,98 +536,98 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
### Harbor Jobservice Parameters
| Name | Description | Value |
| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- |
| `jobservice.image.registry` | Harbor Jobservice image registry | `REGISTRY_NAME` |
| `jobservice.image.repository` | Harbor Jobservice image repository | `REPOSITORY_NAME/harbor-jobservice` |
| `jobservice.image.digest` | Harbor Jobservice image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `jobservice.image.pullPolicy` | Harbor Jobservice image pull policy | `IfNotPresent` |
| `jobservice.image.pullSecrets` | Harbor Jobservice image pull secrets | `[]` |
| `jobservice.image.debug` | Enable Harbor Jobservice image debug mode | `false` |
| `jobservice.maxJobWorkers` | The max job workers | `10` |
| `jobservice.redisNamespace` | Redis namespace for jobservice | `harbor_job_service_namespace` |
| `jobservice.jobLogger` | The logger for jobs: `file`, `database` or `stdout` | `file` |
| `jobservice.secret` | Secret used when the job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | `""` |
| `jobservice.existingSecret` | Existing secret for jobservice | `""` |
| `jobservice.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `jobservice.command` | Override default container command (useful when using custom images) | `[]` |
| `jobservice.args` | Override default container args (useful when using custom images) | `[]` |
| `jobservice.extraEnvVars` | Array with extra environment variables to add Harbor Jobservice pods | `[]` |
| `jobservice.extraEnvVarsCM` | ConfigMap containing extra environment variables for Harbor Jobservice pods | `""` |
| `jobservice.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Harbor Jobservice pods | `""` |
| `jobservice.containerPorts.http` | Harbor Jobservice HTTP container port | `8080` |
| `jobservice.containerPorts.https` | Harbor Jobservice HTTPS container port | `8443` |
| `jobservice.containerPorts.metrics` | Harbor Jobservice metrics container port | `8001` |
| `jobservice.replicaCount` | Number of Harbor Jobservice replicas | `1` |
| `jobservice.livenessProbe.enabled` | Enable livenessProbe on Harbor Jobservice containers | `true` |
| `jobservice.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `jobservice.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `jobservice.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `jobservice.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `jobservice.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `jobservice.readinessProbe.enabled` | Enable readinessProbe on Harbor Jobservice containers | `true` |
| `jobservice.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `jobservice.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `jobservice.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `jobservice.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `jobservice.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `jobservice.startupProbe.enabled` | Enable startupProbe on Harbor Jobservice containers | `false` |
| `jobservice.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `jobservice.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `jobservice.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `jobservice.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `jobservice.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `jobservice.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `jobservice.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `jobservice.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `jobservice.resources.limits` | The resources limits for the Harbor Jobservice containers | `{}` |
| `jobservice.resources.requests` | The requested resources for the Harbor Jobservice containers | `{}` |
| `jobservice.podSecurityContext.enabled` | Enabled Harbor Jobservice pods' Security Context | `true` |
| `jobservice.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `jobservice.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `jobservice.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `jobservice.podSecurityContext.fsGroup` | Set Harbor Jobservice pod's Security Context fsGroup | `1001` |
| `jobservice.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `jobservice.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `jobservice.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `jobservice.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `jobservice.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `jobservice.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `jobservice.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `jobservice.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `jobservice.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `jobservice.updateStrategy.type` | Harbor Jobservice deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `jobservice.lifecycleHooks` | LifecycleHook for the Harbor Jobservice container(s) to automate configuration before or after startup | `{}` |
| `jobservice.hostAliases` | Harbor Jobservice pods host aliases | `[]` |
| `jobservice.podLabels` | Add additional labels to the Harbor Jobservice pods (evaluated as a template) | `{}` |
| `jobservice.podAnnotations` | Annotations to add to the Harbor Jobservice pods (evaluated as a template) | `{}` |
| `jobservice.podAffinityPreset` | Harbor Jobservice Pod affinity preset. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `jobservice.podAntiAffinityPreset` | Harbor Jobservice Pod anti-affinity preset. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `jobservice.nodeAffinityPreset.type` | Harbor Jobservice Node affinity preset type. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `jobservice.nodeAffinityPreset.key` | Harbor Jobservice Node label key to match Ignored if `jobservice.affinity` is set. | `""` |
| `jobservice.nodeAffinityPreset.values` | Harbor Jobservice Node label values to match. Ignored if `jobservice.affinity` is set. | `[]` |
| `jobservice.affinity` | Harbor Jobservice Affinity for pod assignment | `{}` |
| `jobservice.nodeSelector` | Harbor Jobservice Node labels for pod assignment | `{}` |
| `jobservice.tolerations` | Harbor Jobservice Tolerations for pod assignment | `[]` |
| `jobservice.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `jobservice.priorityClassName` | Priority Class Name | `""` |
| `jobservice.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `jobservice.sidecars` | Add additional sidecar containers to the Harbor Jobservice pods | `[]` |
| `jobservice.initContainers` | Add additional init containers to the Harbor Jobservice pods | `[]` |
| `jobservice.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Harbor Jobservice pods | `[]` |
| `jobservice.extraVolumes` | Optionally specify extra list of additional volumes for the Harbor Jobservice pods | `[]` |
| `jobservice.serviceAccountName` | Set the service account name for the Harbor Jobservice pods | `""` |
| `jobservice.automountServiceAccountToken` | Automount service account token | `false` |
| `jobservice.service.ports.http` | Harbor Jobservice HTTP service port | `80` |
| `jobservice.service.ports.https` | Harbor Jobservice HTTPS service port | `443` |
| `jobservice.service.ports.metrics` | Harbor Jobservice HTTPS service port | `8001` |
| `jobservice.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `jobservice.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `jobservice.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `jobservice.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `jobservice.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `jobservice.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `jobservice.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `jobservice.image.registry` | Harbor Jobservice image registry | `REGISTRY_NAME` |
| `jobservice.image.repository` | Harbor Jobservice image repository | `REPOSITORY_NAME/harbor-jobservice` |
| `jobservice.image.digest` | Harbor Jobservice image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `jobservice.image.pullPolicy` | Harbor Jobservice image pull policy | `IfNotPresent` |
| `jobservice.image.pullSecrets` | Harbor Jobservice image pull secrets | `[]` |
| `jobservice.image.debug` | Enable Harbor Jobservice image debug mode | `false` |
| `jobservice.maxJobWorkers` | The max job workers | `10` |
| `jobservice.redisNamespace` | Redis namespace for jobservice | `harbor_job_service_namespace` |
| `jobservice.jobLogger` | The logger for jobs: `file`, `database` or `stdout` | `file` |
| `jobservice.secret` | Secret used when the job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | `""` |
| `jobservice.existingSecret` | Existing secret for jobservice | `""` |
| `jobservice.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `jobservice.command` | Override default container command (useful when using custom images) | `[]` |
| `jobservice.args` | Override default container args (useful when using custom images) | `[]` |
| `jobservice.extraEnvVars` | Array with extra environment variables to add Harbor Jobservice pods | `[]` |
| `jobservice.extraEnvVarsCM` | ConfigMap containing extra environment variables for Harbor Jobservice pods | `""` |
| `jobservice.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Harbor Jobservice pods | `""` |
| `jobservice.containerPorts.http` | Harbor Jobservice HTTP container port | `8080` |
| `jobservice.containerPorts.https` | Harbor Jobservice HTTPS container port | `8443` |
| `jobservice.containerPorts.metrics` | Harbor Jobservice metrics container port | `8001` |
| `jobservice.replicaCount` | Number of Harbor Jobservice replicas | `1` |
| `jobservice.livenessProbe.enabled` | Enable livenessProbe on Harbor Jobservice containers | `true` |
| `jobservice.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `jobservice.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `jobservice.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `jobservice.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `jobservice.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `jobservice.readinessProbe.enabled` | Enable readinessProbe on Harbor Jobservice containers | `true` |
| `jobservice.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `jobservice.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `jobservice.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `jobservice.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `jobservice.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `jobservice.startupProbe.enabled` | Enable startupProbe on Harbor Jobservice containers | `false` |
| `jobservice.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `jobservice.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `jobservice.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `jobservice.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `jobservice.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `jobservice.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `jobservice.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `jobservice.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `jobservice.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if jobservice.resources is set (jobservice.resources is recommended for production). | `none` |
| `jobservice.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `jobservice.podSecurityContext.enabled` | Enabled Harbor Jobservice pods' Security Context | `true` |
| `jobservice.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `jobservice.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `jobservice.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `jobservice.podSecurityContext.fsGroup` | Set Harbor Jobservice pod's Security Context fsGroup | `1001` |
| `jobservice.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `jobservice.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `jobservice.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `jobservice.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `jobservice.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `jobservice.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `jobservice.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `jobservice.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `jobservice.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `jobservice.updateStrategy.type` | Harbor Jobservice deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `jobservice.lifecycleHooks` | LifecycleHook for the Harbor Jobservice container(s) to automate configuration before or after startup | `{}` |
| `jobservice.hostAliases` | Harbor Jobservice pods host aliases | `[]` |
| `jobservice.podLabels` | Add additional labels to the Harbor Jobservice pods (evaluated as a template) | `{}` |
| `jobservice.podAnnotations` | Annotations to add to the Harbor Jobservice pods (evaluated as a template) | `{}` |
| `jobservice.podAffinityPreset` | Harbor Jobservice Pod affinity preset. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `jobservice.podAntiAffinityPreset` | Harbor Jobservice Pod anti-affinity preset. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `jobservice.nodeAffinityPreset.type` | Harbor Jobservice Node affinity preset type. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `jobservice.nodeAffinityPreset.key` | Harbor Jobservice Node label key to match Ignored if `jobservice.affinity` is set. | `""` |
| `jobservice.nodeAffinityPreset.values` | Harbor Jobservice Node label values to match. Ignored if `jobservice.affinity` is set. | `[]` |
| `jobservice.affinity` | Harbor Jobservice Affinity for pod assignment | `{}` |
| `jobservice.nodeSelector` | Harbor Jobservice Node labels for pod assignment | `{}` |
| `jobservice.tolerations` | Harbor Jobservice Tolerations for pod assignment | `[]` |
| `jobservice.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `jobservice.priorityClassName` | Priority Class Name | `""` |
| `jobservice.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `jobservice.sidecars` | Add additional sidecar containers to the Harbor Jobservice pods | `[]` |
| `jobservice.initContainers` | Add additional init containers to the Harbor Jobservice pods | `[]` |
| `jobservice.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Harbor Jobservice pods | `[]` |
| `jobservice.extraVolumes` | Optionally specify extra list of additional volumes for the Harbor Jobservice pods | `[]` |
| `jobservice.serviceAccountName` | Set the service account name for the Harbor Jobservice pods | `""` |
| `jobservice.automountServiceAccountToken` | Automount service account token | `false` |
| `jobservice.service.ports.http` | Harbor Jobservice HTTP service port | `80` |
| `jobservice.service.ports.https` | Harbor Jobservice HTTPS service port | `443` |
| `jobservice.service.ports.metrics` | Harbor Jobservice HTTPS service port | `8001` |
| `jobservice.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `jobservice.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `jobservice.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `jobservice.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `jobservice.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `jobservice.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `jobservice.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### Harbor Registry Parameters
@@ -716,8 +716,8 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
| `registry.server.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `registry.server.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `registry.server.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `registry.server.resources.limits` | The resources limits for the Harbor Registry main containers | `{}` |
| `registry.server.resources.requests` | The requested resources for the Harbor Registry main containers | `{}` |
| `registry.server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if registry.server.resources is set (registry.server.resources is recommended for production). | `none` |
| `registry.server.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `registry.server.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `registry.server.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `registry.server.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
@@ -766,8 +766,8 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
| `registry.controller.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `registry.controller.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `registry.controller.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `registry.controller.resources.limits` | The resources limits for the Harbor Registryctl containers | `{}` |
| `registry.controller.resources.requests` | The requested resources for the Harbor Registryctl containers | `{}` |
| `registry.controller.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if registry.controller.resources is set (registry.controller.resources is recommended for production). | `none` |
| `registry.controller.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `registry.controller.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `registry.controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `registry.controller.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
@@ -784,185 +784,185 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua
### Harbor Adapter Trivy Parameters
| Name | Description | Value |
| --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------------- |
| `trivy.image.registry` | Harbor Adapter Trivy image registry | `REGISTRY_NAME` |
| `trivy.image.repository` | Harbor Adapter Trivy image repository | `REPOSITORY_NAME/harbor-adapter-trivy` |
| `trivy.image.digest` | Harbor Adapter Trivy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `trivy.image.pullPolicy` | Harbor Adapter Trivy image pull policy | `IfNotPresent` |
| `trivy.image.pullSecrets` | Harbor Adapter Trivy image pull secrets | `[]` |
| `trivy.image.debug` | Enable Harbor Adapter Trivy image debug mode | `false` |
| `trivy.enabled` | Enable Trivy | `true` |
| `trivy.debugMode` | The flag to enable Trivy debug mode | `false` |
| `trivy.vulnType` | Comma-separated list of vulnerability types. Possible values `os` and `library`. | `os,library` |
| `trivy.severity` | Comma-separated list of severities to be checked | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` |
| `trivy.ignoreUnfixed` | The flag to display only fixed vulnerabilities | `false` |
| `trivy.insecure` | The flag to skip verifying registry certificate | `false` |
| `trivy.gitHubToken` | The GitHub access token to download Trivy DB | `""` |
| `trivy.skipUpdate` | The flag to disable Trivy DB downloads from GitHub | `false` |
| `trivy.cacheDir` | Directory to store the cache | `/bitnami/harbor-adapter-trivy/.cache` |
| `trivy.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `trivy.command` | Override default container command (useful when using custom images) | `[]` |
| `trivy.args` | Override default container args (useful when using custom images) | `[]` |
| `trivy.extraEnvVars` | Array with extra environment variables to add Trivy pods | `[]` |
| `trivy.extraEnvVarsCM` | ConfigMap containing extra environment variables for Trivy pods | `""` |
| `trivy.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Trivy pods | `""` |
| `trivy.containerPorts.http` | Trivy HTTP container port | `8080` |
| `trivy.containerPorts.https` | Trivy HTTPS container port | `8443` |
| `trivy.replicaCount` | Number of Trivy replicas | `1` |
| `trivy.livenessProbe.enabled` | Enable livenessProbe on Trivy containers | `true` |
| `trivy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `trivy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `trivy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `trivy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `trivy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `trivy.readinessProbe.enabled` | Enable readinessProbe on Trivy containers | `true` |
| `trivy.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `trivy.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `trivy.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `trivy.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `trivy.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `trivy.startupProbe.enabled` | Enable startupProbe on Trivy containers | `false` |
| `trivy.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `trivy.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `trivy.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `trivy.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `trivy.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `trivy.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `trivy.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `trivy.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `trivy.resources.limits` | The resources limits for the Trivy containers | `{}` |
| `trivy.resources.requests` | The requested resources for the Trivy containers | `{}` |
| `trivy.podSecurityContext.enabled` | Enabled Trivy pods' Security Context | `true` |
| `trivy.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `trivy.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `trivy.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `trivy.podSecurityContext.fsGroup` | Set Trivy pod's Security Context fsGroup | `1001` |
| `trivy.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `trivy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `trivy.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `trivy.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `trivy.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `trivy.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `trivy.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `trivy.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `trivy.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `trivy.updateStrategy.type` | Trivy deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `trivy.lifecycleHooks` | LifecycleHook for the Trivy container(s) to automate configuration before or after startup | `{}` |
| `trivy.hostAliases` | Trivy pods host aliases | `[]` |
| `trivy.podLabels` | Add additional labels to the Trivy pods (evaluated as a template) | `{}` |
| `trivy.podAnnotations` | Annotations to add to the Trivy pods (evaluated as a template) | `{}` |
| `trivy.podAffinityPreset` | Trivy Pod affinity preset. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `trivy.podAntiAffinityPreset` | Trivy Pod anti-affinity preset. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `trivy.nodeAffinityPreset.type` | Trivy Node affinity preset type. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `trivy.nodeAffinityPreset.key` | Trivy Node label key to match Ignored if `trivy.affinity` is set. | `""` |
| `trivy.nodeAffinityPreset.values` | Trivy Node label values to match. Ignored if `trivy.affinity` is set. | `[]` |
| `trivy.affinity` | Trivy Affinity for pod assignment | `{}` |
| `trivy.nodeSelector` | Trivy Node labels for pod assignment | `{}` |
| `trivy.tolerations` | Trivy Tolerations for pod assignment | `[]` |
| `trivy.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `trivy.priorityClassName` | Priority Class Name | `""` |
| `trivy.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `trivy.sidecars` | Add additional sidecar containers to the Trivy pods | `[]` |
| `trivy.initContainers` | Add additional init containers to the Trivy pods | `[]` |
| `trivy.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Trivy pods | `[]` |
| `trivy.extraVolumes` | Optionally specify extra list of additional volumes for the Trivy pods | `[]` |
| `trivy.serviceAccountName` | Set the service account name for the Trivy pods | `""` |
| `trivy.automountServiceAccountToken` | Automount service account token | `false` |
| `trivy.service.ports.http` | Trivy HTTP service port | `8080` |
| `trivy.service.ports.https` | Trivy HTTPS service port | `8443` |
| `trivy.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `trivy.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `trivy.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `trivy.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `trivy.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `trivy.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `trivy.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- |
| `trivy.image.registry` | Harbor Adapter Trivy image registry | `REGISTRY_NAME` |
| `trivy.image.repository` | Harbor Adapter Trivy image repository | `REPOSITORY_NAME/harbor-adapter-trivy` |
| `trivy.image.digest` | Harbor Adapter Trivy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `trivy.image.pullPolicy` | Harbor Adapter Trivy image pull policy | `IfNotPresent` |
| `trivy.image.pullSecrets` | Harbor Adapter Trivy image pull secrets | `[]` |
| `trivy.image.debug` | Enable Harbor Adapter Trivy image debug mode | `false` |
| `trivy.enabled` | Enable Trivy | `true` |
| `trivy.debugMode` | The flag to enable Trivy debug mode | `false` |
| `trivy.vulnType` | Comma-separated list of vulnerability types. Possible values `os` and `library`. | `os,library` |
| `trivy.severity` | Comma-separated list of severities to be checked | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` |
| `trivy.ignoreUnfixed` | The flag to display only fixed vulnerabilities | `false` |
| `trivy.insecure` | The flag to skip verifying registry certificate | `false` |
| `trivy.gitHubToken` | The GitHub access token to download Trivy DB | `""` |
| `trivy.skipUpdate` | The flag to disable Trivy DB downloads from GitHub | `false` |
| `trivy.cacheDir` | Directory to store the cache | `/bitnami/harbor-adapter-trivy/.cache` |
| `trivy.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `trivy.command` | Override default container command (useful when using custom images) | `[]` |
| `trivy.args` | Override default container args (useful when using custom images) | `[]` |
| `trivy.extraEnvVars` | Array with extra environment variables to add Trivy pods | `[]` |
| `trivy.extraEnvVarsCM` | ConfigMap containing extra environment variables for Trivy pods | `""` |
| `trivy.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Trivy pods | `""` |
| `trivy.containerPorts.http` | Trivy HTTP container port | `8080` |
| `trivy.containerPorts.https` | Trivy HTTPS container port | `8443` |
| `trivy.replicaCount` | Number of Trivy replicas | `1` |
| `trivy.livenessProbe.enabled` | Enable livenessProbe on Trivy containers | `true` |
| `trivy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `trivy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `trivy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `trivy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `trivy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `trivy.readinessProbe.enabled` | Enable readinessProbe on Trivy containers | `true` |
| `trivy.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `trivy.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `trivy.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `trivy.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `trivy.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `trivy.startupProbe.enabled` | Enable startupProbe on Trivy containers | `false` |
| `trivy.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `trivy.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `trivy.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `trivy.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `trivy.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `trivy.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `trivy.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `trivy.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `trivy.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if trivy.resources is set (trivy.resources is recommended for production). | `none` |
| `trivy.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `trivy.podSecurityContext.enabled` | Enabled Trivy pods' Security Context | `true` |
| `trivy.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `trivy.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `trivy.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `trivy.podSecurityContext.fsGroup` | Set Trivy pod's Security Context fsGroup | `1001` |
| `trivy.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `trivy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `trivy.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `trivy.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `trivy.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `trivy.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `trivy.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `trivy.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `trivy.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `trivy.updateStrategy.type` | Trivy deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `trivy.lifecycleHooks` | LifecycleHook for the Trivy container(s) to automate configuration before or after startup | `{}` |
| `trivy.hostAliases` | Trivy pods host aliases | `[]` |
| `trivy.podLabels` | Add additional labels to the Trivy pods (evaluated as a template) | `{}` |
| `trivy.podAnnotations` | Annotations to add to the Trivy pods (evaluated as a template) | `{}` |
| `trivy.podAffinityPreset` | Trivy Pod affinity preset. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `trivy.podAntiAffinityPreset` | Trivy Pod anti-affinity preset. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `trivy.nodeAffinityPreset.type` | Trivy Node affinity preset type. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `trivy.nodeAffinityPreset.key` | Trivy Node label key to match Ignored if `trivy.affinity` is set. | `""` |
| `trivy.nodeAffinityPreset.values` | Trivy Node label values to match. Ignored if `trivy.affinity` is set. | `[]` |
| `trivy.affinity` | Trivy Affinity for pod assignment | `{}` |
| `trivy.nodeSelector` | Trivy Node labels for pod assignment | `{}` |
| `trivy.tolerations` | Trivy Tolerations for pod assignment | `[]` |
| `trivy.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `trivy.priorityClassName` | Priority Class Name | `""` |
| `trivy.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `trivy.sidecars` | Add additional sidecar containers to the Trivy pods | `[]` |
| `trivy.initContainers` | Add additional init containers to the Trivy pods | `[]` |
| `trivy.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Trivy pods | `[]` |
| `trivy.extraVolumes` | Optionally specify extra list of additional volumes for the Trivy pods | `[]` |
| `trivy.serviceAccountName` | Set the service account name for the Trivy pods | `""` |
| `trivy.automountServiceAccountToken` | Automount service account token | `false` |
| `trivy.service.ports.http` | Trivy HTTP service port | `8080` |
| `trivy.service.ports.https` | Trivy HTTPS service port | `8443` |
| `trivy.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `trivy.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `trivy.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `trivy.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `trivy.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `trivy.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `trivy.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### Harbor Exporter Parameters
| Name | Description | Value |
| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `exporter.image.registry` | Harbor Exporter image registry | `REGISTRY_NAME` |
| `exporter.image.repository` | Harbor Exporter image repository | `REPOSITORY_NAME/harbor-exporter` |
| `exporter.image.digest` | Harbor Exporter image image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `exporter.image.pullPolicy` | Harbor exporter image pull policy | `IfNotPresent` |
| `exporter.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `exporter.image.debug` | Specify if debug logs should be enabled | `false` |
| `exporter.command` | Override default container command (useful when using custom images) | `[]` |
| `exporter.args` | Override default container args (useful when using custom images) | `[]` |
| `exporter.extraEnvVars` | Array containing extra env vars | `[]` |
| `exporter.extraEnvVarsCM` | ConfigMap containing extra env vars | `""` |
| `exporter.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` |
| `exporter.containerPorts.metrics` | Harbor Exporter HTTP container port | `8001` |
| `exporter.replicaCount` | The replica count | `1` |
| `exporter.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `exporter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `exporter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `exporter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `exporter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `exporter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `exporter.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `exporter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `exporter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `exporter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `exporter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `exporter.startupProbe.enabled` | Enable startupProbe on Harbor Exporter containers | `false` |
| `exporter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `exporter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `exporter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `exporter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `exporter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `exporter.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `exporter.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `exporter.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `exporter.resources.limits` | The resources limits for the Harbor Exporter containers | `{}` |
| `exporter.resources.requests` | The requested resources for the Harbor Exporter containers | `{}` |
| `exporter.podSecurityContext.enabled` | Enabled Exporter pods' Security Context | `true` |
| `exporter.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `exporter.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `exporter.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `exporter.podSecurityContext.fsGroup` | Set Exporter pod's Security Context fsGroup | `1001` |
| `exporter.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `exporter.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `exporter.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `exporter.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `exporter.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `exporter.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `exporter.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `exporter.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `exporter.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `exporter.updateStrategy.type` | The update strategy for deployments with persistent volumes: RollingUpdate or Recreate. Set it as Recreate when RWM for volumes isn't supported | `RollingUpdate` |
| `exporter.lifecycleHooks` | LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template | `{}` |
| `exporter.hostAliases` | Exporter pods host aliases | `[]` |
| `exporter.podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` |
| `exporter.podAnnotations` | Annotations to add to the exporter pod | `{}` |
| `exporter.podAffinityPreset` | Harbor Exporter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `exporter.podAntiAffinityPreset` | Harbor Exporter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `exporter.nodeAffinityPreset.type` | Harbor Exporter Node affinity preset type. Ignored if `exporter.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `exporter.nodeAffinityPreset.key` | Harbor Exporter Node label key to match Ignored if `exporter.affinity` is set. | `""` |
| `exporter.nodeAffinityPreset.values` | Harbor Exporter Node label values to match. Ignored if `exporter.affinity` is set. | `[]` |
| `exporter.affinity` | Harbor Exporter Affinity for pod assignment | `{}` |
| `exporter.priorityClassName` | Exporter pods Priority Class Name | `""` |
| `exporter.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `exporter.serviceAccountName` | Name of the serviceAccountName for Harbor Exporter pods | `""` |
| `exporter.nodeSelector` | Harbor Exporter Node labels for pod assignment | `{}` |
| `exporter.tolerations` | Harbor Exporter Tolerations for pod assignment | `[]` |
| `exporter.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `exporter.initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` |
| `exporter.extraVolumeMounts` | | `[]` |
| `exporter.extraVolumes` | | `[]` |
| `exporter.sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` |
| `exporter.automountServiceAccountToken` | Automount service account token | `false` |
| `exporter.service.ports.metrics` | Exporter HTTP service port | `8001` |
| `exporter.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `exporter.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `exporter.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `exporter.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `exporter.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `exporter.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `exporter.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `exporter.image.registry` | Harbor Exporter image registry | `REGISTRY_NAME` |
| `exporter.image.repository` | Harbor Exporter image repository | `REPOSITORY_NAME/harbor-exporter` |
| `exporter.image.digest` | Harbor Exporter image image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `exporter.image.pullPolicy` | Harbor exporter image pull policy | `IfNotPresent` |
| `exporter.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `exporter.image.debug` | Specify if debug logs should be enabled | `false` |
| `exporter.command` | Override default container command (useful when using custom images) | `[]` |
| `exporter.args` | Override default container args (useful when using custom images) | `[]` |
| `exporter.extraEnvVars` | Array containing extra env vars | `[]` |
| `exporter.extraEnvVarsCM` | ConfigMap containing extra env vars | `""` |
| `exporter.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` |
| `exporter.containerPorts.metrics` | Harbor Exporter HTTP container port | `8001` |
| `exporter.replicaCount` | The replica count | `1` |
| `exporter.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `exporter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `exporter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `exporter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `exporter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `exporter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `exporter.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `exporter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `exporter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `exporter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `exporter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `exporter.startupProbe.enabled` | Enable startupProbe on Harbor Exporter containers | `false` |
| `exporter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `exporter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `exporter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `exporter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `exporter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `exporter.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `exporter.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `exporter.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `exporter.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if exporter.resources is set (exporter.resources is recommended for production). | `none` |
| `exporter.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `exporter.podSecurityContext.enabled` | Enabled Exporter pods' Security Context | `true` |
| `exporter.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `exporter.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `exporter.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `exporter.podSecurityContext.fsGroup` | Set Exporter pod's Security Context fsGroup | `1001` |
| `exporter.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `exporter.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
| `exporter.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `exporter.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `exporter.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `exporter.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
| `exporter.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `exporter.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `exporter.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `exporter.updateStrategy.type` | The update strategy for deployments with persistent volumes: RollingUpdate or Recreate. Set it as Recreate when RWM for volumes isn't supported | `RollingUpdate` |
| `exporter.lifecycleHooks` | LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template | `{}` |
| `exporter.hostAliases` | Exporter pods host aliases | `[]` |
| `exporter.podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` |
| `exporter.podAnnotations` | Annotations to add to the exporter pod | `{}` |
| `exporter.podAffinityPreset` | Harbor Exporter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `exporter.podAntiAffinityPreset` | Harbor Exporter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `exporter.nodeAffinityPreset.type` | Harbor Exporter Node affinity preset type. Ignored if `exporter.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `exporter.nodeAffinityPreset.key` | Harbor Exporter Node label key to match Ignored if `exporter.affinity` is set. | `""` |
| `exporter.nodeAffinityPreset.values` | Harbor Exporter Node label values to match. Ignored if `exporter.affinity` is set. | `[]` |
| `exporter.affinity` | Harbor Exporter Affinity for pod assignment | `{}` |
| `exporter.priorityClassName` | Exporter pods Priority Class Name | `""` |
| `exporter.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `exporter.serviceAccountName` | Name of the serviceAccountName for Harbor Exporter pods | `""` |
| `exporter.nodeSelector` | Harbor Exporter Node labels for pod assignment | `{}` |
| `exporter.tolerations` | Harbor Exporter Tolerations for pod assignment | `[]` |
| `exporter.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `exporter.initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` |
| `exporter.extraVolumeMounts` | | `[]` |
| `exporter.extraVolumes` | | `[]` |
| `exporter.sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` |
| `exporter.automountServiceAccountToken` | Automount service account token | `false` |
| `exporter.service.ports.metrics` | Exporter HTTP service port | `8001` |
| `exporter.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `exporter.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `exporter.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `exporter.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `exporter.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `exporter.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `exporter.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### PostgreSQL Parameters
@@ -1050,6 +1050,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/harbo
## Configuration and installation details
### Resource requests and limits
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.

1
bitnami/harbor/templates/NOTES.txt
View File

@@ -48,3 +48,4 @@ APP VERSION: {{ .Chart.AppVersion }}
{{ include "harbor.validateValues" . }}
{{ include "harbor.checkRollingTags" . }}
{{- include "common.warnings.resources" (dict "sections" (list "core" "exporter" "jobservice" "nginx" "portal" "registry.controller" "registry.server" "trivy" "volumePermissions") "context" $) }}

2
bitnami/harbor/templates/core/core-dpl.yaml
View File

@@ -198,6 +198,8 @@ spec:
{{- end }}
{{- if .Values.core.resources }}
resources: {{- toYaml .Values.core.resources | nindent 12 }}
{{- else if ne .Values.core.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.core.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: config

2
bitnami/harbor/templates/exporter/exporter-dpl.yaml
View File

@@ -164,6 +164,8 @@ spec:
{{- end }}
{{- if .Values.exporter.resources }}
resources: {{- toYaml .Values.exporter.resources | nindent 12 }}
{{- else if ne .Values.exporter.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.exporter.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.internalTLS.enabled }}

4
bitnami/harbor/templates/jobservice/jobservice-dpl.yaml
View File

@@ -93,6 +93,8 @@ spec:
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: job-logs
@@ -209,6 +211,8 @@ spec:
{{- end }}
{{- if .Values.jobservice.resources }}
resources: {{- toYaml .Values.jobservice.resources | nindent 12 }}
{{- else if ne .Values.jobservice.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.jobservice.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: jobservice-config

2
bitnami/harbor/templates/nginx/deployment.yaml
View File

@@ -148,6 +148,8 @@ spec:
{{- end }}
{{- if .Values.nginx.resources }}
resources: {{- toYaml .Values.nginx.resources | nindent 12 }}
{{- else if ne .Values.nginx.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.nginx.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: config

2
bitnami/harbor/templates/portal/portal-dpl.yaml
View File

@@ -140,6 +140,8 @@ spec:
{{- end }}
{{- if .Values.portal.resources }}
resources: {{- toYaml .Values.portal.resources | nindent 12 }}
{{- else if ne .Values.portal.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.portal.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: portal-config

6
bitnami/harbor/templates/registry/registry-dpl.yaml
View File

@@ -91,6 +91,8 @@ spec:
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: registry-data
@@ -189,6 +191,8 @@ spec:
{{- end }}
{{- if .Values.registry.server.resources }}
resources: {{- toYaml .Values.registry.server.resources | nindent 12 }}
{{- else if ne .Values.registry.server.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.registry.server.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: registry-data
@@ -340,6 +344,8 @@ spec:
{{- end }}
{{- if .Values.registry.controller.resources }}
resources: {{- toYaml .Values.registry.controller.resources | nindent 12 }}
{{- else if ne .Values.registry.controller.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.registry.controller.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: registry-data

4
bitnami/harbor/templates/trivy/trivy-sts.yaml
View File

@@ -89,6 +89,8 @@ spec:
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
@@ -168,6 +170,8 @@ spec:
{{- end }}
{{- if .Values.trivy.resources }}
resources: {{- toYaml .Values.trivy.resources | nindent 12 }}
{{- else if ne .Values.trivy.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.trivy.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data

204
bitnami/harbor/values.yaml
View File

@@ -19,7 +19,6 @@ global:
##
imagePullSecrets: []
storageClass: ""
## @section Common Parameters
##
@@ -58,7 +57,6 @@ diagnosticMode:
##
args:
- infinity
## @section Harbor common parameters
##
@@ -120,7 +118,6 @@ ipFamily:
##
ipv4:
enabled: true
## @section Traffic Exposure Parameters
##
@@ -129,7 +126,6 @@ ipFamily:
## Use "ingress" to use an Ingress Controller as proxy
##
exposureType: proxy
## Service parameters
##
service:
@@ -187,7 +183,6 @@ service:
## @param service.extraPorts Extra port to expose on NGINX proxy service
##
extraPorts: []
ingress:
## Configure the ingress resource that allows you to access Harbor Core
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
@@ -296,8 +291,7 @@ ingress:
## name: http
##
extraRules: []
##
##
## @section Persistence Parameters
##
@@ -516,7 +510,6 @@ persistence:
chunksize: ""
rootdirectory: ""
secretkey: ""
## @section Tracing parameters
##
@@ -539,7 +532,6 @@ tracing:
## application: harbor
##
attributes: {}
## @extra tracing.jaeger Configuration for exporting to jaeger. If using jaeger collector mode, use endpoint, username and password. If using jaeger agent mode, use agentHostname and agentPort.
## e.g:
## jaeger:
@@ -576,7 +568,6 @@ tracing:
compression: false
timeout: 10s
insecure: true
## @section Volume Permissions parameters
##
@@ -610,12 +601,21 @@ volumePermissions:
pullSecrets: []
## Init container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param volumePermissions.resources.limits Init container volume-permissions resource limits
## @param volumePermissions.resources.requests Init container volume-permissions resource requests
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
limits: {}
requests: {}
resourcesPreset: "none"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Init container' Security Context
## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
## and not the below volumePermissions.containerSecurityContext.runAsUser
@@ -627,10 +627,8 @@ volumePermissions:
enabled: true
seLinuxOptions: null
runAsUser: 0
## @section NGINX Parameters
##
nginx:
## Bitnami NGINX image
## ref: https://hub.docker.com/r/bitnami/nginx/tags/
@@ -764,12 +762,21 @@ nginx:
customStartupProbe: {}
## NGINX resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param nginx.resources.limits The resources limits for the NGINX containers
## @param nginx.resources.requests The requested resources for the NGINX containers
## @param nginx.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if nginx.resources is set (nginx.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
limits: {}
requests: {}
resourcesPreset: "none"
## @param nginx.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure NGINX pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param nginx.podSecurityContext.enabled Enabled NGINX pods' Security Context
@@ -971,10 +978,8 @@ nginx:
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section Harbor Portal Parameters
##
portal:
## Bitnami Harbor Portal image
## ref: https://hub.docker.com/r/bitnami/harbor-portal/tags/
@@ -1094,12 +1099,21 @@ portal:
customStartupProbe: {}
## Harbor Portal resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param portal.resources.limits The resources limits for the Harbor Portal containers
## @param portal.resources.requests The requested resources for the Harbor Portal containers
## @param portal.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if portal.resources is set (portal.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
limits: {}
requests: {}
resourcesPreset: "none"
## @param portal.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Harbor Portal pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param portal.podSecurityContext.enabled Enabled Harbor Portal pods' Security Context
@@ -1309,10 +1323,8 @@ portal:
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section Harbor Core Parameters
##
core:
## Bitnami Harbor Core image
## ref: https://hub.docker.com/r/bitnami/harbor-core/tags/
@@ -1345,7 +1357,6 @@ core:
## Enable debug mode
##
debug: false
## @param core.sessionLifetime Explicitly set a session timeout (in seconds) overriding the backend default.
##
sessionLifetime: ""
@@ -1491,12 +1502,21 @@ core:
customStartupProbe: {}
## Harbor Core resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param core.resources.limits The resources limits for the Harbor Core containers
## @param core.resources.requests The requested resources for the Harbor Core containers
## @param core.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if core.resources is set (core.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
limits: {}
requests: {}
resourcesPreset: "none"
## @param core.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Harbor Core pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param core.podSecurityContext.enabled Enabled Harbor Core pods' Security Context
@@ -1708,10 +1728,8 @@ core:
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section Harbor Jobservice Parameters
##
jobservice:
## Bitnami Harbor Jobservice image
## ref: https://hub.docker.com/r/bitnami/harbor-jobservice/tags/
@@ -1852,12 +1870,21 @@ jobservice:
customStartupProbe: {}
## Harbor Jobservice resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param jobservice.resources.limits The resources limits for the Harbor Jobservice containers
## @param jobservice.resources.requests The requested resources for the Harbor Jobservice containers
## @param jobservice.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if jobservice.resources is set (jobservice.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
limits: {}
requests: {}
resourcesPreset: "none"
## @param jobservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Harbor Jobservice pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param jobservice.podSecurityContext.enabled Enabled Harbor Jobservice pods' Security Context
@@ -2069,7 +2096,6 @@ jobservice:
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section Harbor Registry Parameters
##
@@ -2421,12 +2447,21 @@ registry:
customStartupProbe: {}
## Harbor Registry main resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param registry.server.resources.limits The resources limits for the Harbor Registry main containers
## @param registry.server.resources.requests The requested resources for the Harbor Registry main containers
## @param registry.server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if registry.server.resources is set (registry.server.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
limits: {}
requests: {}
resourcesPreset: "none"
## @param registry.server.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Harbor Registry main containers (only main one) Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param registry.server.containerSecurityContext.enabled Enabled containers' Security Context
@@ -2578,12 +2613,21 @@ registry:
customStartupProbe: {}
## Harbor Registryctl resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param registry.controller.resources.limits The resources limits for the Harbor Registryctl containers
## @param registry.controller.resources.requests The requested resources for the Harbor Registryctl containers
## @param registry.controller.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if registry.controller.resources is set (registry.controller.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
limits: {}
requests: {}
resourcesPreset: "none"
## @param registry.controller.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Harbor Registryctl containers (only main one) Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param registry.controller.containerSecurityContext.enabled Enabled containers' Security Context
@@ -2623,10 +2667,8 @@ registry:
ports:
http: 8080
https: 8443
## @section Harbor Adapter Trivy Parameters
##
trivy:
## Bitnami Harbor Adapter Trivy image
## ref: https://hub.docker.com/r/bitnami/harbor-adapter-trivy/tags/
@@ -2790,16 +2832,21 @@ trivy:
customStartupProbe: {}
## Trivy resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param trivy.resources.limits [object] The resources limits for the Trivy containers
## @param trivy.resources.requests [object] The requested resources for the Trivy containers
## @param trivy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if trivy.resources is set (trivy.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
requests:
cpu: 200m
memory: 512Mi
limits:
cpu: 1
memory: 1Gi
resourcesPreset: "none"
## @param trivy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Trivy pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param trivy.podSecurityContext.enabled Enabled Trivy pods' Security Context
@@ -3009,10 +3056,8 @@ trivy:
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section Harbor Exporter Parameters
##
exporter:
## Bitnami Harbor Exporter image
## ref: https://hub.docker.com/r/bitnami/harbor-exporter/tags/
@@ -3127,12 +3172,21 @@ exporter:
customStartupProbe: {}
## Harbor Exporter resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param exporter.resources.limits The resources limits for the Harbor Exporter containers
## @param exporter.resources.requests The requested resources for the Harbor Exporter containers
## @param exporter.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if exporter.resources is set (exporter.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resources:
limits: {}
requests: {}
resourcesPreset: "none"
## @param exporter.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Exporter pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param exporter.podSecurityContext.enabled Enabled Exporter pods' Security Context
@@ -3325,7 +3379,6 @@ exporter:
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## @section PostgreSQL Parameters
##
@@ -3383,7 +3436,6 @@ externalDatabase:
password: ""
sslmode: disable
coreDatabase: ""
## @section Redis&reg; parameters
##
@@ -3416,7 +3468,6 @@ redis:
service:
ports:
sentinel: 26379
## External Redis&reg; configuration
## All of these values are only used when redis.enabled is set to false
## @param externalRedis.host Redis&reg; host
@@ -3444,7 +3495,6 @@ externalRedis:
enabled: false
masterSet: "mymaster"
hosts: ""
## @section Harbor metrics parameters
##
metrics: