Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-17 23:07:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/harbor] Release 21.1.1 (#25120)

Browse Source 
* [bitnami/harbor] Release 21.1.1 updating components versions

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

---------

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot
2024-04-10 22:03:02 +02:00
committed by GitHub
parent 3e6a2418f7
commit 948d6c6b66
4 changed files with 487 additions and 487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bitnami/harbor/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 19.0.1
version: 19.1.0
- name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 15.1.4
version: 15.2.5
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.19.0
digest: sha256:dc97b663198cf44d94be03921d7440f4538f6ed2fedbbbc9254280fe5e8cf27e
generated: "2024-03-25T11:43:59.851792607+01:00"
version: 2.19.1
digest: sha256:cc72b36d4e0eeeabbff3d1d87413f7ca658fd9765c3611f2f7fc9d4743dcd41b
generated: "2024-04-10T19:44:50.378351158Z"

24
bitnami/harbor/Chart.yaml
View File

@@ -6,27 +6,27 @@ annotations:
licenses: Apache-2.0
images: |
- name: harbor-adapter-trivy
image: docker.io/bitnami/harbor-adapter-trivy:2.10.1-debian-12-r0
image: docker.io/bitnami/harbor-adapter-trivy:2.10.2-debian-12-r0
- name: harbor-core
image: docker.io/bitnami/harbor-core:2.10.1-debian-12-r0
image: docker.io/bitnami/harbor-core:2.10.2-debian-12-r0
- name: harbor-exporter
image: docker.io/bitnami/harbor-exporter:2.10.1-debian-12-r0
image: docker.io/bitnami/harbor-exporter:2.10.2-debian-12-r0
- name: harbor-jobservice
image: docker.io/bitnami/harbor-jobservice:2.10.1-debian-12-r0
image: docker.io/bitnami/harbor-jobservice:2.10.2-debian-12-r0
- name: harbor-portal
image: docker.io/bitnami/harbor-portal:2.10.1-debian-12-r0
image: docker.io/bitnami/harbor-portal:2.10.2-debian-12-r0
- name: harbor-registry
image: docker.io/bitnami/harbor-registry:2.10.1-debian-12-r0
image: docker.io/bitnami/harbor-registry:2.10.2-debian-12-r0
- name: harbor-registryctl
image: docker.io/bitnami/harbor-registryctl:2.10.1-debian-12-r0
image: docker.io/bitnami/harbor-registryctl:2.10.2-debian-12-r0
- name: nginx
image: docker.io/bitnami/nginx:1.25.4-debian-12-r3
image: docker.io/bitnami/nginx:1.25.4-debian-12-r7
- name: os-shell
image: docker.io/bitnami/os-shell:12-debian-12-r16
image: docker.io/bitnami/os-shell:12-debian-12-r18
- name: postgresql
image: docker.io/bitnami/postgresql:13.14.0-debian-12-r8
image: docker.io/bitnami/postgresql:13.14.0-debian-12-r14
apiVersion: v2
appVersion: 2.10.1
appVersion: 2.10.2
dependencies:
- condition: redis.enabled
name: redis
@@ -55,4 +55,4 @@ maintainers:
name: harbor
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/harbor
version: 21.1.0
version: 21.1.1

920
bitnami/harbor/README.md
View File

@@ -348,198 +348,198 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
### Volume Permissions parameters
| Name | Description | Value |
| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `volumePermissions.containerSecurityContext.enabled` | Enable init container Security Context | `true` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
| Name | Description | Value |
| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` |
| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` |
| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano` |
| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `volumePermissions.containerSecurityContext.enabled` | Enable init container Security Context | `true` |
| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` |
### NGINX Parameters
| Name | Description | Value |
| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `nginx.image.registry` | NGINX image registry | `REGISTRY_NAME` |
| `nginx.image.repository` | NGINX image repository | `REPOSITORY_NAME/nginx` |
| `nginx.image.digest` | NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `nginx.image.pullPolicy` | NGINX image pull policy | `IfNotPresent` |
| `nginx.image.pullSecrets` | NGINX image pull secrets | `[]` |
| `nginx.image.debug` | Enable NGINX image debug mode | `false` |
| `nginx.tls.enabled` | Enable TLS termination | `true` |
| `nginx.tls.existingSecret` | Existing secret name containing your own TLS certificates. | `""` |
| `nginx.tls.commonName` | The common name used to generate the self-signed TLS certificates | `core.harbor.domain` |
| `nginx.behindReverseProxy` | If NGINX is behind another reverse proxy, set to true | `false` |
| `nginx.command` | Override default container command (useful when using custom images) | `[]` |
| `nginx.args` | Override default container args (useful when using custom images) | `[]` |
| `nginx.extraEnvVars` | Array with extra environment variables to add NGINX pods | `[]` |
| `nginx.extraEnvVarsCM` | ConfigMap containing extra environment variables for NGINX pods | `""` |
| `nginx.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for NGINX pods | `""` |
| `nginx.containerPorts.http` | NGINX HTTP container port | `8080` |
| `nginx.containerPorts.https` | NGINX HTTPS container port | `8443` |
| `nginx.replicaCount` | Number of NGINX replicas | `1` |
| `nginx.livenessProbe.enabled` | Enable livenessProbe on NGINX containers | `true` |
| `nginx.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `nginx.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `nginx.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `nginx.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `nginx.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `nginx.readinessProbe.enabled` | Enable readinessProbe on NGINX containers | `true` |
| `nginx.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `nginx.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `nginx.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `nginx.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `nginx.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `nginx.startupProbe.enabled` | Enable startupProbe on NGINX containers | `false` |
| `nginx.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `nginx.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `nginx.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `nginx.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `nginx.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `nginx.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `nginx.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `nginx.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `nginx.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if nginx.resources is set (nginx.resources is recommended for production). | `small` |
| `nginx.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `nginx.podSecurityContext.enabled` | Enabled NGINX pods' Security Context | `true` |
| `nginx.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `nginx.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `nginx.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `nginx.podSecurityContext.fsGroup` | Set NGINX pod's Security Context fsGroup | `1001` |
| `nginx.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `nginx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `nginx.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `nginx.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `nginx.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `nginx.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `nginx.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `nginx.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `nginx.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `nginx.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `nginx.updateStrategy.type` | NGINX deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `nginx.lifecycleHooks` | LifecycleHook for the NGINX container(s) to automate configuration before or after startup | `{}` |
| `nginx.serviceAccountName` | Set the service account name for the NGINX pods | `""` |
| `nginx.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `nginx.hostAliases` | NGINX pods host aliases | `[]` |
| `nginx.podLabels` | Add additional labels to the NGINX pods (evaluated as a template) | `{}` |
| `nginx.podAnnotations` | Annotations to add to the NGINX pods (evaluated as a template) | `{}` |
| `nginx.podAffinityPreset` | NGINX Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nginx.podAntiAffinityPreset` | NGINX Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nginx.nodeAffinityPreset.type` | NGINX Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nginx.nodeAffinityPreset.key` | NGINX Node label key to match Ignored if `affinity` is set. | `""` |
| `nginx.nodeAffinityPreset.values` | NGINX Node label values to match. Ignored if `affinity` is set. | `[]` |
| `nginx.affinity` | NGINX Affinity for pod assignment | `{}` |
| `nginx.nodeSelector` | NGINX Node labels for pod assignment | `{}` |
| `nginx.tolerations` | NGINX Tolerations for pod assignment | `[]` |
| `nginx.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `nginx.priorityClassName` | Priority Class Name | `""` |
| `nginx.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `nginx.sidecars` | Add additional sidecar containers to the NGINX pods | `[]` |
| `nginx.initContainers` | Add additional init containers to the NGINX pods | `[]` |
| `nginx.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the NGINX pods | `[]` |
| `nginx.extraVolumes` | Optionally specify extra list of additional volumes for the NGINX pods | `[]` |
| `nginx.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `nginx.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `nginx.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `nginx.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `nginx.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `nginx.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `nginx.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- |
| `nginx.image.registry` | NGINX image registry | `REGISTRY_NAME` |
| `nginx.image.repository` | NGINX image repository | `REPOSITORY_NAME/nginx` |
| `nginx.image.digest` | NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `nginx.image.pullPolicy` | NGINX image pull policy | `IfNotPresent` |
| `nginx.image.pullSecrets` | NGINX image pull secrets | `[]` |
| `nginx.image.debug` | Enable NGINX image debug mode | `false` |
| `nginx.tls.enabled` | Enable TLS termination | `true` |
| `nginx.tls.existingSecret` | Existing secret name containing your own TLS certificates. | `""` |
| `nginx.tls.commonName` | The common name used to generate the self-signed TLS certificates | `core.harbor.domain` |
| `nginx.behindReverseProxy` | If NGINX is behind another reverse proxy, set to true | `false` |
| `nginx.command` | Override default container command (useful when using custom images) | `[]` |
| `nginx.args` | Override default container args (useful when using custom images) | `[]` |
| `nginx.extraEnvVars` | Array with extra environment variables to add NGINX pods | `[]` |
| `nginx.extraEnvVarsCM` | ConfigMap containing extra environment variables for NGINX pods | `""` |
| `nginx.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for NGINX pods | `""` |
| `nginx.containerPorts.http` | NGINX HTTP container port | `8080` |
| `nginx.containerPorts.https` | NGINX HTTPS container port | `8443` |
| `nginx.replicaCount` | Number of NGINX replicas | `1` |
| `nginx.livenessProbe.enabled` | Enable livenessProbe on NGINX containers | `true` |
| `nginx.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `nginx.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `nginx.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `nginx.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `nginx.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `nginx.readinessProbe.enabled` | Enable readinessProbe on NGINX containers | `true` |
| `nginx.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `nginx.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `nginx.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `nginx.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `nginx.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `nginx.startupProbe.enabled` | Enable startupProbe on NGINX containers | `false` |
| `nginx.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` |
| `nginx.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `nginx.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `nginx.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `nginx.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `nginx.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `nginx.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `nginx.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `nginx.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if nginx.resources is set (nginx.resources is recommended for production). | `small` |
| `nginx.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `nginx.podSecurityContext.enabled` | Enabled NGINX pods' Security Context | `true` |
| `nginx.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `nginx.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `nginx.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `nginx.podSecurityContext.fsGroup` | Set NGINX pod's Security Context fsGroup | `1001` |
| `nginx.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `nginx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `nginx.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `nginx.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `nginx.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `nginx.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `nginx.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `nginx.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `nginx.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `nginx.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `nginx.updateStrategy.type` | NGINX deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `nginx.lifecycleHooks` | LifecycleHook for the NGINX container(s) to automate configuration before or after startup | `{}` |
| `nginx.serviceAccountName` | Set the service account name for the NGINX pods | `""` |
| `nginx.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
| `nginx.hostAliases` | NGINX pods host aliases | `[]` |
| `nginx.podLabels` | Add additional labels to the NGINX pods (evaluated as a template) | `{}` |
| `nginx.podAnnotations` | Annotations to add to the NGINX pods (evaluated as a template) | `{}` |
| `nginx.podAffinityPreset` | NGINX Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nginx.podAntiAffinityPreset` | NGINX Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nginx.nodeAffinityPreset.type` | NGINX Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nginx.nodeAffinityPreset.key` | NGINX Node label key to match Ignored if `affinity` is set. | `""` |
| `nginx.nodeAffinityPreset.values` | NGINX Node label values to match. Ignored if `affinity` is set. | `[]` |
| `nginx.affinity` | NGINX Affinity for pod assignment | `{}` |
| `nginx.nodeSelector` | NGINX Node labels for pod assignment | `{}` |
| `nginx.tolerations` | NGINX Tolerations for pod assignment | `[]` |
| `nginx.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `nginx.priorityClassName` | Priority Class Name | `""` |
| `nginx.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `nginx.sidecars` | Add additional sidecar containers to the NGINX pods | `[]` |
| `nginx.initContainers` | Add additional init containers to the NGINX pods | `[]` |
| `nginx.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the NGINX pods | `[]` |
| `nginx.extraVolumes` | Optionally specify extra list of additional volumes for the NGINX pods | `[]` |
| `nginx.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `nginx.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `nginx.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `nginx.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `nginx.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `nginx.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `nginx.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### Harbor Portal Parameters
| Name | Description | Value |
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------- |
| `portal.image.registry` | Harbor Portal image registry | `REGISTRY_NAME` |
| `portal.image.repository` | Harbor Portal image repository | `REPOSITORY_NAME/harbor-portal` |
| `portal.image.digest` | Harbor Portal image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `portal.image.pullPolicy` | Harbor Portal image pull policy | `IfNotPresent` |
| `portal.image.pullSecrets` | Harbor Portal image pull secrets | `[]` |
| `portal.image.debug` | Enable Harbor Portal image debug mode | `false` |
| `portal.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `portal.command` | Override default container command (useful when using custom images) | `[]` |
| `portal.args` | Override default container args (useful when using custom images) | `[]` |
| `portal.extraEnvVars` | Array with extra environment variables to add Harbor Portal pods | `[]` |
| `portal.extraEnvVarsCM` | ConfigMap containing extra environment variables for Harbor Portal pods | `""` |
| `portal.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Harbor Portal pods | `""` |
| `portal.containerPorts.http` | Harbor Portal HTTP container port | `8080` |
| `portal.containerPorts.https` | Harbor Portal HTTPS container port | `8443` |
| `portal.replicaCount` | Number of Harbor Portal replicas | `1` |
| `portal.livenessProbe.enabled` | Enable livenessProbe on Harbor Portal containers | `true` |
| `portal.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `portal.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `portal.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `portal.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `portal.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `portal.readinessProbe.enabled` | Enable readinessProbe on Harbor Portal containers | `true` |
| `portal.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `portal.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `portal.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `portal.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `portal.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `portal.startupProbe.enabled` | Enable startupProbe on Harbor Portal containers | `false` |
| `portal.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `portal.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `portal.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `portal.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `portal.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `portal.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `portal.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `portal.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `portal.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if portal.resources is set (portal.resources is recommended for production). | `small` |
| `portal.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `portal.podSecurityContext.enabled` | Enabled Harbor Portal pods' Security Context | `true` |
| `portal.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `portal.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `portal.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `portal.podSecurityContext.fsGroup` | Set Harbor Portal pod's Security Context fsGroup | `1001` |
| `portal.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `portal.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `portal.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `portal.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `portal.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `portal.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `portal.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `portal.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `portal.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `portal.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `portal.updateStrategy.type` | Harbor Portal deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `portal.lifecycleHooks` | LifecycleHook for the Harbor Portal container(s) to automate configuration before or after startup | `{}` |
| `portal.hostAliases` | Harbor Portal pods host aliases | `[]` |
| `portal.podLabels` | Add additional labels to the Harbor Portal pods (evaluated as a template) | `{}` |
| `portal.podAnnotations` | Annotations to add to the Harbor Portal pods (evaluated as a template) | `{}` |
| `portal.podAffinityPreset` | Harbor Portal Pod affinity preset. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `portal.podAntiAffinityPreset` | Harbor Portal Pod anti-affinity preset. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `portal.nodeAffinityPreset.type` | Harbor Portal Node affinity preset type. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `portal.nodeAffinityPreset.key` | Harbor Portal Node label key to match Ignored if `portal.affinity` is set. | `""` |
| `portal.nodeAffinityPreset.values` | Harbor Portal Node label values to match. Ignored if `portal.affinity` is set. | `[]` |
| `portal.affinity` | Harbor Portal Affinity for pod assignment | `{}` |
| `portal.nodeSelector` | Harbor Portal Node labels for pod assignment | `{}` |
| `portal.tolerations` | Harbor Portal Tolerations for pod assignment | `[]` |
| `portal.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `portal.priorityClassName` | Priority Class Name | `""` |
| `portal.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `portal.sidecars` | Add additional sidecar containers to the Harbor Portal pods | `[]` |
| `portal.initContainers` | Add additional init containers to the Harbor Portal pods | `[]` |
| `portal.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Harbor Portal pods | `[]` |
| `portal.extraVolumes` | Optionally specify extra list of additional volumes for the Harbor Portal pods | `[]` |
| `portal.serviceAccountName` | Set the service account name for the Harbor Portal pods | `""` |
| `portal.automountServiceAccountToken` | Automount service account token | `false` |
| `portal.service.ports.http` | Harbor Portal HTTP service port | `80` |
| `portal.service.ports.https` | Harbor Portal HTTPS service port | `443` |
| `portal.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `portal.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `portal.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `portal.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `portal.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `portal.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `portal.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| `portal.image.registry` | Harbor Portal image registry | `REGISTRY_NAME` |
| `portal.image.repository` | Harbor Portal image repository | `REPOSITORY_NAME/harbor-portal` |
| `portal.image.digest` | Harbor Portal image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `portal.image.pullPolicy` | Harbor Portal image pull policy | `IfNotPresent` |
| `portal.image.pullSecrets` | Harbor Portal image pull secrets | `[]` |
| `portal.image.debug` | Enable Harbor Portal image debug mode | `false` |
| `portal.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `portal.command` | Override default container command (useful when using custom images) | `[]` |
| `portal.args` | Override default container args (useful when using custom images) | `[]` |
| `portal.extraEnvVars` | Array with extra environment variables to add Harbor Portal pods | `[]` |
| `portal.extraEnvVarsCM` | ConfigMap containing extra environment variables for Harbor Portal pods | `""` |
| `portal.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Harbor Portal pods | `""` |
| `portal.containerPorts.http` | Harbor Portal HTTP container port | `8080` |
| `portal.containerPorts.https` | Harbor Portal HTTPS container port | `8443` |
| `portal.replicaCount` | Number of Harbor Portal replicas | `1` |
| `portal.livenessProbe.enabled` | Enable livenessProbe on Harbor Portal containers | `true` |
| `portal.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `portal.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `portal.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `portal.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `portal.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `portal.readinessProbe.enabled` | Enable readinessProbe on Harbor Portal containers | `true` |
| `portal.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `portal.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `portal.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `portal.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `portal.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `portal.startupProbe.enabled` | Enable startupProbe on Harbor Portal containers | `false` |
| `portal.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `portal.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `portal.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `portal.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `portal.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `portal.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `portal.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `portal.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `portal.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if portal.resources is set (portal.resources is recommended for production). | `small` |
| `portal.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `portal.podSecurityContext.enabled` | Enabled Harbor Portal pods' Security Context | `true` |
| `portal.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `portal.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `portal.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `portal.podSecurityContext.fsGroup` | Set Harbor Portal pod's Security Context fsGroup | `1001` |
| `portal.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `portal.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `portal.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `portal.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `portal.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `portal.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `portal.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `portal.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `portal.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `portal.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `portal.updateStrategy.type` | Harbor Portal deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `portal.lifecycleHooks` | LifecycleHook for the Harbor Portal container(s) to automate configuration before or after startup | `{}` |
| `portal.hostAliases` | Harbor Portal pods host aliases | `[]` |
| `portal.podLabels` | Add additional labels to the Harbor Portal pods (evaluated as a template) | `{}` |
| `portal.podAnnotations` | Annotations to add to the Harbor Portal pods (evaluated as a template) | `{}` |
| `portal.podAffinityPreset` | Harbor Portal Pod affinity preset. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `portal.podAntiAffinityPreset` | Harbor Portal Pod anti-affinity preset. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `portal.nodeAffinityPreset.type` | Harbor Portal Node affinity preset type. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `portal.nodeAffinityPreset.key` | Harbor Portal Node label key to match Ignored if `portal.affinity` is set. | `""` |
| `portal.nodeAffinityPreset.values` | Harbor Portal Node label values to match. Ignored if `portal.affinity` is set. | `[]` |
| `portal.affinity` | Harbor Portal Affinity for pod assignment | `{}` |
| `portal.nodeSelector` | Harbor Portal Node labels for pod assignment | `{}` |
| `portal.tolerations` | Harbor Portal Tolerations for pod assignment | `[]` |
| `portal.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `portal.priorityClassName` | Priority Class Name | `""` |
| `portal.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `portal.sidecars` | Add additional sidecar containers to the Harbor Portal pods | `[]` |
| `portal.initContainers` | Add additional init containers to the Harbor Portal pods | `[]` |
| `portal.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Harbor Portal pods | `[]` |
| `portal.extraVolumes` | Optionally specify extra list of additional volumes for the Harbor Portal pods | `[]` |
| `portal.serviceAccountName` | Set the service account name for the Harbor Portal pods | `""` |
| `portal.automountServiceAccountToken` | Automount service account token | `false` |
| `portal.service.ports.http` | Harbor Portal HTTP service port | `80` |
| `portal.service.ports.https` | Harbor Portal HTTPS service port | `443` |
| `portal.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `portal.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `portal.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `portal.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `portal.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `portal.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `portal.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### Harbor Core Parameters
@@ -594,7 +594,7 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
| `core.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `core.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `core.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `core.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if core.resources is set (core.resources is recommended for production). | `small` |
| `core.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if core.resources is set (core.resources is recommended for production). | `small` |
| `core.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `core.podSecurityContext.enabled` | Enabled Harbor Core pods' Security Context | `true` |
| `core.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
@@ -646,99 +646,99 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
### Harbor Jobservice Parameters
| Name | Description | Value |
| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `jobservice.image.registry` | Harbor Jobservice image registry | `REGISTRY_NAME` |
| `jobservice.image.repository` | Harbor Jobservice image repository | `REPOSITORY_NAME/harbor-jobservice` |
| `jobservice.image.digest` | Harbor Jobservice image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `jobservice.image.pullPolicy` | Harbor Jobservice image pull policy | `IfNotPresent` |
| `jobservice.image.pullSecrets` | Harbor Jobservice image pull secrets | `[]` |
| `jobservice.image.debug` | Enable Harbor Jobservice image debug mode | `false` |
| `jobservice.maxJobWorkers` | The max job workers | `10` |
| `jobservice.redisNamespace` | Redis namespace for jobservice | `harbor_job_service_namespace` |
| `jobservice.jobLogger` | The logger for jobs: `file`, `database` or `stdout` | `file` |
| `jobservice.secret` | Secret used when the job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | `""` |
| `jobservice.existingSecret` | Existing secret for jobservice | `""` |
| `jobservice.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `jobservice.command` | Override default container command (useful when using custom images) | `[]` |
| `jobservice.args` | Override default container args (useful when using custom images) | `[]` |
| `jobservice.extraEnvVars` | Array with extra environment variables to add Harbor Jobservice pods | `[]` |
| `jobservice.extraEnvVarsCM` | ConfigMap containing extra environment variables for Harbor Jobservice pods | `""` |
| `jobservice.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Harbor Jobservice pods | `""` |
| `jobservice.containerPorts.http` | Harbor Jobservice HTTP container port | `8080` |
| `jobservice.containerPorts.https` | Harbor Jobservice HTTPS container port | `8443` |
| `jobservice.containerPorts.metrics` | Harbor Jobservice metrics container port | `8001` |
| `jobservice.replicaCount` | Number of Harbor Jobservice replicas | `1` |
| `jobservice.livenessProbe.enabled` | Enable livenessProbe on Harbor Jobservice containers | `true` |
| `jobservice.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `jobservice.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `jobservice.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `jobservice.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `jobservice.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `jobservice.readinessProbe.enabled` | Enable readinessProbe on Harbor Jobservice containers | `true` |
| `jobservice.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `jobservice.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `jobservice.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `jobservice.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `jobservice.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `jobservice.startupProbe.enabled` | Enable startupProbe on Harbor Jobservice containers | `false` |
| `jobservice.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `jobservice.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `jobservice.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `jobservice.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `jobservice.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `jobservice.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `jobservice.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `jobservice.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `jobservice.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if jobservice.resources is set (jobservice.resources is recommended for production). | `small` |
| `jobservice.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `jobservice.podSecurityContext.enabled` | Enabled Harbor Jobservice pods' Security Context | `true` |
| `jobservice.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `jobservice.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `jobservice.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `jobservice.podSecurityContext.fsGroup` | Set Harbor Jobservice pod's Security Context fsGroup | `1001` |
| `jobservice.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `jobservice.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `jobservice.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `jobservice.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `jobservice.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `jobservice.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `jobservice.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `jobservice.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `jobservice.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `jobservice.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `jobservice.updateStrategy.type` | Harbor Jobservice deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `jobservice.lifecycleHooks` | LifecycleHook for the Harbor Jobservice container(s) to automate configuration before or after startup | `{}` |
| `jobservice.hostAliases` | Harbor Jobservice pods host aliases | `[]` |
| `jobservice.podLabels` | Add additional labels to the Harbor Jobservice pods (evaluated as a template) | `{}` |
| `jobservice.podAnnotations` | Annotations to add to the Harbor Jobservice pods (evaluated as a template) | `{}` |
| `jobservice.podAffinityPreset` | Harbor Jobservice Pod affinity preset. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `jobservice.podAntiAffinityPreset` | Harbor Jobservice Pod anti-affinity preset. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `jobservice.nodeAffinityPreset.type` | Harbor Jobservice Node affinity preset type. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `jobservice.nodeAffinityPreset.key` | Harbor Jobservice Node label key to match Ignored if `jobservice.affinity` is set. | `""` |
| `jobservice.nodeAffinityPreset.values` | Harbor Jobservice Node label values to match. Ignored if `jobservice.affinity` is set. | `[]` |
| `jobservice.affinity` | Harbor Jobservice Affinity for pod assignment | `{}` |
| `jobservice.nodeSelector` | Harbor Jobservice Node labels for pod assignment | `{}` |
| `jobservice.tolerations` | Harbor Jobservice Tolerations for pod assignment | `[]` |
| `jobservice.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `jobservice.priorityClassName` | Priority Class Name | `""` |
| `jobservice.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `jobservice.sidecars` | Add additional sidecar containers to the Harbor Jobservice pods | `[]` |
| `jobservice.initContainers` | Add additional init containers to the Harbor Jobservice pods | `[]` |
| `jobservice.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Harbor Jobservice pods | `[]` |
| `jobservice.extraVolumes` | Optionally specify extra list of additional volumes for the Harbor Jobservice pods | `[]` |
| `jobservice.serviceAccountName` | Set the service account name for the Harbor Jobservice pods | `""` |
| `jobservice.automountServiceAccountToken` | Automount service account token | `false` |
| `jobservice.service.ports.http` | Harbor Jobservice HTTP service port | `80` |
| `jobservice.service.ports.https` | Harbor Jobservice HTTPS service port | `443` |
| `jobservice.service.ports.metrics` | Harbor Jobservice HTTPS service port | `8001` |
| `jobservice.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `jobservice.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `jobservice.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `jobservice.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `jobservice.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `jobservice.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `jobservice.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `jobservice.image.registry` | Harbor Jobservice image registry | `REGISTRY_NAME` |
| `jobservice.image.repository` | Harbor Jobservice image repository | `REPOSITORY_NAME/harbor-jobservice` |
| `jobservice.image.digest` | Harbor Jobservice image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `jobservice.image.pullPolicy` | Harbor Jobservice image pull policy | `IfNotPresent` |
| `jobservice.image.pullSecrets` | Harbor Jobservice image pull secrets | `[]` |
| `jobservice.image.debug` | Enable Harbor Jobservice image debug mode | `false` |
| `jobservice.maxJobWorkers` | The max job workers | `10` |
| `jobservice.redisNamespace` | Redis namespace for jobservice | `harbor_job_service_namespace` |
| `jobservice.jobLogger` | The logger for jobs: `file`, `database` or `stdout` | `file` |
| `jobservice.secret` | Secret used when the job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | `""` |
| `jobservice.existingSecret` | Existing secret for jobservice | `""` |
| `jobservice.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `jobservice.command` | Override default container command (useful when using custom images) | `[]` |
| `jobservice.args` | Override default container args (useful when using custom images) | `[]` |
| `jobservice.extraEnvVars` | Array with extra environment variables to add Harbor Jobservice pods | `[]` |
| `jobservice.extraEnvVarsCM` | ConfigMap containing extra environment variables for Harbor Jobservice pods | `""` |
| `jobservice.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Harbor Jobservice pods | `""` |
| `jobservice.containerPorts.http` | Harbor Jobservice HTTP container port | `8080` |
| `jobservice.containerPorts.https` | Harbor Jobservice HTTPS container port | `8443` |
| `jobservice.containerPorts.metrics` | Harbor Jobservice metrics container port | `8001` |
| `jobservice.replicaCount` | Number of Harbor Jobservice replicas | `1` |
| `jobservice.livenessProbe.enabled` | Enable livenessProbe on Harbor Jobservice containers | `true` |
| `jobservice.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `jobservice.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `jobservice.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `jobservice.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `jobservice.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `jobservice.readinessProbe.enabled` | Enable readinessProbe on Harbor Jobservice containers | `true` |
| `jobservice.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `jobservice.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `jobservice.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `jobservice.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `jobservice.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `jobservice.startupProbe.enabled` | Enable startupProbe on Harbor Jobservice containers | `false` |
| `jobservice.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `jobservice.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `jobservice.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `jobservice.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `jobservice.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `jobservice.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `jobservice.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `jobservice.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `jobservice.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if jobservice.resources is set (jobservice.resources is recommended for production). | `small` |
| `jobservice.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `jobservice.podSecurityContext.enabled` | Enabled Harbor Jobservice pods' Security Context | `true` |
| `jobservice.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `jobservice.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `jobservice.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `jobservice.podSecurityContext.fsGroup` | Set Harbor Jobservice pod's Security Context fsGroup | `1001` |
| `jobservice.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `jobservice.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `jobservice.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `jobservice.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `jobservice.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `jobservice.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `jobservice.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `jobservice.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `jobservice.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `jobservice.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `jobservice.updateStrategy.type` | Harbor Jobservice deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `jobservice.lifecycleHooks` | LifecycleHook for the Harbor Jobservice container(s) to automate configuration before or after startup | `{}` |
| `jobservice.hostAliases` | Harbor Jobservice pods host aliases | `[]` |
| `jobservice.podLabels` | Add additional labels to the Harbor Jobservice pods (evaluated as a template) | `{}` |
| `jobservice.podAnnotations` | Annotations to add to the Harbor Jobservice pods (evaluated as a template) | `{}` |
| `jobservice.podAffinityPreset` | Harbor Jobservice Pod affinity preset. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `jobservice.podAntiAffinityPreset` | Harbor Jobservice Pod anti-affinity preset. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `jobservice.nodeAffinityPreset.type` | Harbor Jobservice Node affinity preset type. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `jobservice.nodeAffinityPreset.key` | Harbor Jobservice Node label key to match Ignored if `jobservice.affinity` is set. | `""` |
| `jobservice.nodeAffinityPreset.values` | Harbor Jobservice Node label values to match. Ignored if `jobservice.affinity` is set. | `[]` |
| `jobservice.affinity` | Harbor Jobservice Affinity for pod assignment | `{}` |
| `jobservice.nodeSelector` | Harbor Jobservice Node labels for pod assignment | `{}` |
| `jobservice.tolerations` | Harbor Jobservice Tolerations for pod assignment | `[]` |
| `jobservice.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `jobservice.priorityClassName` | Priority Class Name | `""` |
| `jobservice.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `jobservice.sidecars` | Add additional sidecar containers to the Harbor Jobservice pods | `[]` |
| `jobservice.initContainers` | Add additional init containers to the Harbor Jobservice pods | `[]` |
| `jobservice.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Harbor Jobservice pods | `[]` |
| `jobservice.extraVolumes` | Optionally specify extra list of additional volumes for the Harbor Jobservice pods | `[]` |
| `jobservice.serviceAccountName` | Set the service account name for the Harbor Jobservice pods | `""` |
| `jobservice.automountServiceAccountToken` | Automount service account token | `false` |
| `jobservice.service.ports.http` | Harbor Jobservice HTTP service port | `80` |
| `jobservice.service.ports.https` | Harbor Jobservice HTTPS service port | `443` |
| `jobservice.service.ports.metrics` | Harbor Jobservice HTTPS service port | `8001` |
| `jobservice.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `jobservice.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `jobservice.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `jobservice.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `jobservice.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `jobservice.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `jobservice.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### Harbor Registry Parameters
@@ -827,7 +827,7 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
| `registry.server.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `registry.server.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `registry.server.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `registry.server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if registry.server.resources is set (registry.server.resources is recommended for production). | `small` |
| `registry.server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if registry.server.resources is set (registry.server.resources is recommended for production). | `small` |
| `registry.server.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `registry.server.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `registry.server.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
@@ -878,7 +878,7 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
| `registry.controller.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `registry.controller.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `registry.controller.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `registry.controller.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if registry.controller.resources is set (registry.controller.resources is recommended for production). | `small` |
| `registry.controller.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if registry.controller.resources is set (registry.controller.resources is recommended for production). | `small` |
| `registry.controller.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `registry.controller.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `registry.controller.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
@@ -897,187 +897,187 @@ You can enable this initContainer by setting `volumePermissions.enabled` to `tru
### Harbor Adapter Trivy Parameters
| Name | Description | Value |
| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- |
| `trivy.image.registry` | Harbor Adapter Trivy image registry | `REGISTRY_NAME` |
| `trivy.image.repository` | Harbor Adapter Trivy image repository | `REPOSITORY_NAME/harbor-adapter-trivy` |
| `trivy.image.digest` | Harbor Adapter Trivy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `trivy.image.pullPolicy` | Harbor Adapter Trivy image pull policy | `IfNotPresent` |
| `trivy.image.pullSecrets` | Harbor Adapter Trivy image pull secrets | `[]` |
| `trivy.image.debug` | Enable Harbor Adapter Trivy image debug mode | `false` |
| `trivy.enabled` | Enable Trivy | `true` |
| `trivy.debugMode` | The flag to enable Trivy debug mode | `false` |
| `trivy.vulnType` | Comma-separated list of vulnerability types. Possible values `os` and `library`. | `os,library` |
| `trivy.severity` | Comma-separated list of severities to be checked | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` |
| `trivy.ignoreUnfixed` | The flag to display only fixed vulnerabilities | `false` |
| `trivy.insecure` | The flag to skip verifying registry certificate | `false` |
| `trivy.gitHubToken` | The GitHub access token to download Trivy DB | `""` |
| `trivy.skipUpdate` | The flag to disable Trivy DB downloads from GitHub | `false` |
| `trivy.cacheDir` | Directory to store the cache | `/bitnami/harbor-adapter-trivy/.cache` |
| `trivy.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `trivy.command` | Override default container command (useful when using custom images) | `[]` |
| `trivy.args` | Override default container args (useful when using custom images) | `[]` |
| `trivy.extraEnvVars` | Array with extra environment variables to add Trivy pods | `[]` |
| `trivy.extraEnvVarsCM` | ConfigMap containing extra environment variables for Trivy pods | `""` |
| `trivy.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Trivy pods | `""` |
| `trivy.containerPorts.http` | Trivy HTTP container port | `8080` |
| `trivy.containerPorts.https` | Trivy HTTPS container port | `8443` |
| `trivy.replicaCount` | Number of Trivy replicas | `1` |
| `trivy.livenessProbe.enabled` | Enable livenessProbe on Trivy containers | `true` |
| `trivy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `trivy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `trivy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `trivy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `trivy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `trivy.readinessProbe.enabled` | Enable readinessProbe on Trivy containers | `true` |
| `trivy.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `trivy.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `trivy.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `trivy.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `trivy.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `trivy.startupProbe.enabled` | Enable startupProbe on Trivy containers | `false` |
| `trivy.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `trivy.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `trivy.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `trivy.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `trivy.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `trivy.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `trivy.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `trivy.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `trivy.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if trivy.resources is set (trivy.resources is recommended for production). | `small` |
| `trivy.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `trivy.podSecurityContext.enabled` | Enabled Trivy pods' Security Context | `true` |
| `trivy.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `trivy.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `trivy.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `trivy.podSecurityContext.fsGroup` | Set Trivy pod's Security Context fsGroup | `1001` |
| `trivy.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `trivy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `trivy.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `trivy.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `trivy.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `trivy.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `trivy.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `trivy.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `trivy.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `trivy.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `trivy.updateStrategy.type` | Trivy deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `trivy.lifecycleHooks` | LifecycleHook for the Trivy container(s) to automate configuration before or after startup | `{}` |
| `trivy.hostAliases` | Trivy pods host aliases | `[]` |
| `trivy.podLabels` | Add additional labels to the Trivy pods (evaluated as a template) | `{}` |
| `trivy.podAnnotations` | Annotations to add to the Trivy pods (evaluated as a template) | `{}` |
| `trivy.podAffinityPreset` | Trivy Pod affinity preset. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `trivy.podAntiAffinityPreset` | Trivy Pod anti-affinity preset. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `trivy.nodeAffinityPreset.type` | Trivy Node affinity preset type. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `trivy.nodeAffinityPreset.key` | Trivy Node label key to match Ignored if `trivy.affinity` is set. | `""` |
| `trivy.nodeAffinityPreset.values` | Trivy Node label values to match. Ignored if `trivy.affinity` is set. | `[]` |
| `trivy.affinity` | Trivy Affinity for pod assignment | `{}` |
| `trivy.nodeSelector` | Trivy Node labels for pod assignment | `{}` |
| `trivy.tolerations` | Trivy Tolerations for pod assignment | `[]` |
| `trivy.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `trivy.priorityClassName` | Priority Class Name | `""` |
| `trivy.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `trivy.sidecars` | Add additional sidecar containers to the Trivy pods | `[]` |
| `trivy.initContainers` | Add additional init containers to the Trivy pods | `[]` |
| `trivy.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Trivy pods | `[]` |
| `trivy.extraVolumes` | Optionally specify extra list of additional volumes for the Trivy pods | `[]` |
| `trivy.serviceAccountName` | Set the service account name for the Trivy pods | `""` |
| `trivy.automountServiceAccountToken` | Automount service account token | `false` |
| `trivy.service.ports.http` | Trivy HTTP service port | `8080` |
| `trivy.service.ports.https` | Trivy HTTPS service port | `8443` |
| `trivy.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `trivy.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `trivy.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `trivy.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `trivy.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `trivy.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `trivy.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- |
| `trivy.image.registry` | Harbor Adapter Trivy image registry | `REGISTRY_NAME` |
| `trivy.image.repository` | Harbor Adapter Trivy image repository | `REPOSITORY_NAME/harbor-adapter-trivy` |
| `trivy.image.digest` | Harbor Adapter Trivy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `trivy.image.pullPolicy` | Harbor Adapter Trivy image pull policy | `IfNotPresent` |
| `trivy.image.pullSecrets` | Harbor Adapter Trivy image pull secrets | `[]` |
| `trivy.image.debug` | Enable Harbor Adapter Trivy image debug mode | `false` |
| `trivy.enabled` | Enable Trivy | `true` |
| `trivy.debugMode` | The flag to enable Trivy debug mode | `false` |
| `trivy.vulnType` | Comma-separated list of vulnerability types. Possible values `os` and `library`. | `os,library` |
| `trivy.severity` | Comma-separated list of severities to be checked | `UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL` |
| `trivy.ignoreUnfixed` | The flag to display only fixed vulnerabilities | `false` |
| `trivy.insecure` | The flag to skip verifying registry certificate | `false` |
| `trivy.gitHubToken` | The GitHub access token to download Trivy DB | `""` |
| `trivy.skipUpdate` | The flag to disable Trivy DB downloads from GitHub | `false` |
| `trivy.cacheDir` | Directory to store the cache | `/bitnami/harbor-adapter-trivy/.cache` |
| `trivy.tls.existingSecret` | Name of an existing secret with the certificates for internal TLS access | `""` |
| `trivy.command` | Override default container command (useful when using custom images) | `[]` |
| `trivy.args` | Override default container args (useful when using custom images) | `[]` |
| `trivy.extraEnvVars` | Array with extra environment variables to add Trivy pods | `[]` |
| `trivy.extraEnvVarsCM` | ConfigMap containing extra environment variables for Trivy pods | `""` |
| `trivy.extraEnvVarsSecret` | Secret containing extra environment variables (in case of sensitive data) for Trivy pods | `""` |
| `trivy.containerPorts.http` | Trivy HTTP container port | `8080` |
| `trivy.containerPorts.https` | Trivy HTTPS container port | `8443` |
| `trivy.replicaCount` | Number of Trivy replicas | `1` |
| `trivy.livenessProbe.enabled` | Enable livenessProbe on Trivy containers | `true` |
| `trivy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `trivy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `trivy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `trivy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `trivy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `trivy.readinessProbe.enabled` | Enable readinessProbe on Trivy containers | `true` |
| `trivy.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `trivy.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `trivy.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `trivy.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `trivy.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `trivy.startupProbe.enabled` | Enable startupProbe on Trivy containers | `false` |
| `trivy.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `trivy.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `trivy.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `trivy.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `trivy.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `trivy.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `trivy.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `trivy.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `trivy.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if trivy.resources is set (trivy.resources is recommended for production). | `small` |
| `trivy.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `trivy.podSecurityContext.enabled` | Enabled Trivy pods' Security Context | `true` |
| `trivy.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `trivy.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `trivy.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `trivy.podSecurityContext.fsGroup` | Set Trivy pod's Security Context fsGroup | `1001` |
| `trivy.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `trivy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `trivy.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `trivy.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `trivy.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `trivy.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `trivy.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `trivy.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `trivy.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `trivy.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `trivy.updateStrategy.type` | Trivy deployment strategy type - only really applicable for deployments with RWO PVs attached | `RollingUpdate` |
| `trivy.lifecycleHooks` | LifecycleHook for the Trivy container(s) to automate configuration before or after startup | `{}` |
| `trivy.hostAliases` | Trivy pods host aliases | `[]` |
| `trivy.podLabels` | Add additional labels to the Trivy pods (evaluated as a template) | `{}` |
| `trivy.podAnnotations` | Annotations to add to the Trivy pods (evaluated as a template) | `{}` |
| `trivy.podAffinityPreset` | Trivy Pod affinity preset. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `trivy.podAntiAffinityPreset` | Trivy Pod anti-affinity preset. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `trivy.nodeAffinityPreset.type` | Trivy Node affinity preset type. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `trivy.nodeAffinityPreset.key` | Trivy Node label key to match Ignored if `trivy.affinity` is set. | `""` |
| `trivy.nodeAffinityPreset.values` | Trivy Node label values to match. Ignored if `trivy.affinity` is set. | `[]` |
| `trivy.affinity` | Trivy Affinity for pod assignment | `{}` |
| `trivy.nodeSelector` | Trivy Node labels for pod assignment | `{}` |
| `trivy.tolerations` | Trivy Tolerations for pod assignment | `[]` |
| `trivy.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `trivy.priorityClassName` | Priority Class Name | `""` |
| `trivy.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` |
| `trivy.sidecars` | Add additional sidecar containers to the Trivy pods | `[]` |
| `trivy.initContainers` | Add additional init containers to the Trivy pods | `[]` |
| `trivy.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Trivy pods | `[]` |
| `trivy.extraVolumes` | Optionally specify extra list of additional volumes for the Trivy pods | `[]` |
| `trivy.serviceAccountName` | Set the service account name for the Trivy pods | `""` |
| `trivy.automountServiceAccountToken` | Automount service account token | `false` |
| `trivy.service.ports.http` | Trivy HTTP service port | `8080` |
| `trivy.service.ports.https` | Trivy HTTPS service port | `8443` |
| `trivy.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `trivy.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `trivy.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `trivy.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `trivy.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `trivy.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `trivy.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### Harbor Exporter Parameters
| Name | Description | Value |
| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `exporter.image.registry` | Harbor Exporter image registry | `REGISTRY_NAME` |
| `exporter.image.repository` | Harbor Exporter image repository | `REPOSITORY_NAME/harbor-exporter` |
| `exporter.image.digest` | Harbor Exporter image image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `exporter.image.pullPolicy` | Harbor exporter image pull policy | `IfNotPresent` |
| `exporter.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `exporter.image.debug` | Specify if debug logs should be enabled | `false` |
| `exporter.command` | Override default container command (useful when using custom images) | `[]` |
| `exporter.args` | Override default container args (useful when using custom images) | `[]` |
| `exporter.extraEnvVars` | Array containing extra env vars | `[]` |
| `exporter.extraEnvVarsCM` | ConfigMap containing extra env vars | `""` |
| `exporter.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` |
| `exporter.containerPorts.metrics` | Harbor Exporter HTTP container port | `8001` |
| `exporter.replicaCount` | The replica count | `1` |
| `exporter.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `exporter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `exporter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `exporter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `exporter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `exporter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `exporter.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `exporter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `exporter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `exporter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `exporter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `exporter.startupProbe.enabled` | Enable startupProbe on Harbor Exporter containers | `false` |
| `exporter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `exporter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `exporter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `exporter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `exporter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `exporter.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `exporter.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `exporter.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `exporter.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if exporter.resources is set (exporter.resources is recommended for production). | `nano` |
| `exporter.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `exporter.podSecurityContext.enabled` | Enabled Exporter pods' Security Context | `true` |
| `exporter.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `exporter.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `exporter.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `exporter.podSecurityContext.fsGroup` | Set Exporter pod's Security Context fsGroup | `1001` |
| `exporter.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `exporter.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `exporter.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `exporter.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `exporter.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `exporter.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `exporter.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `exporter.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `exporter.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `exporter.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `exporter.updateStrategy.type` | The update strategy for deployments with persistent volumes: RollingUpdate or Recreate. Set it as Recreate when RWM for volumes isn't supported | `RollingUpdate` |
| `exporter.lifecycleHooks` | LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template | `{}` |
| `exporter.hostAliases` | Exporter pods host aliases | `[]` |
| `exporter.podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` |
| `exporter.podAnnotations` | Annotations to add to the exporter pod | `{}` |
| `exporter.podAffinityPreset` | Harbor Exporter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `exporter.podAntiAffinityPreset` | Harbor Exporter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `exporter.nodeAffinityPreset.type` | Harbor Exporter Node affinity preset type. Ignored if `exporter.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `exporter.nodeAffinityPreset.key` | Harbor Exporter Node label key to match Ignored if `exporter.affinity` is set. | `""` |
| `exporter.nodeAffinityPreset.values` | Harbor Exporter Node label values to match. Ignored if `exporter.affinity` is set. | `[]` |
| `exporter.affinity` | Harbor Exporter Affinity for pod assignment | `{}` |
| `exporter.priorityClassName` | Exporter pods Priority Class Name | `""` |
| `exporter.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `exporter.serviceAccountName` | Name of the serviceAccountName for Harbor Exporter pods | `""` |
| `exporter.nodeSelector` | Harbor Exporter Node labels for pod assignment | `{}` |
| `exporter.tolerations` | Harbor Exporter Tolerations for pod assignment | `[]` |
| `exporter.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `exporter.initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` |
| `exporter.extraVolumeMounts` | | `[]` |
| `exporter.extraVolumes` | | `[]` |
| `exporter.sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` |
| `exporter.automountServiceAccountToken` | Automount service account token | `false` |
| `exporter.service.ports.metrics` | Exporter HTTP service port | `8001` |
| `exporter.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `exporter.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `exporter.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `exporter.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `exporter.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `exporter.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `exporter.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
| Name | Description | Value |
| ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `exporter.image.registry` | Harbor Exporter image registry | `REGISTRY_NAME` |
| `exporter.image.repository` | Harbor Exporter image repository | `REPOSITORY_NAME/harbor-exporter` |
| `exporter.image.digest` | Harbor Exporter image image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `exporter.image.pullPolicy` | Harbor exporter image pull policy | `IfNotPresent` |
| `exporter.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
| `exporter.image.debug` | Specify if debug logs should be enabled | `false` |
| `exporter.command` | Override default container command (useful when using custom images) | `[]` |
| `exporter.args` | Override default container args (useful when using custom images) | `[]` |
| `exporter.extraEnvVars` | Array containing extra env vars | `[]` |
| `exporter.extraEnvVarsCM` | ConfigMap containing extra env vars | `""` |
| `exporter.extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` |
| `exporter.containerPorts.metrics` | Harbor Exporter HTTP container port | `8001` |
| `exporter.replicaCount` | The replica count | `1` |
| `exporter.livenessProbe.enabled` | Enable livenessProbe | `true` |
| `exporter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `20` |
| `exporter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `exporter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `exporter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `exporter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `exporter.readinessProbe.enabled` | Enable readinessProbe | `true` |
| `exporter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `20` |
| `exporter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `exporter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `exporter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `exporter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `exporter.startupProbe.enabled` | Enable startupProbe on Harbor Exporter containers | `false` |
| `exporter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
| `exporter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `exporter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` |
| `exporter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` |
| `exporter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `exporter.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `exporter.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `exporter.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `exporter.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if exporter.resources is set (exporter.resources is recommended for production). | `nano` |
| `exporter.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
| `exporter.podSecurityContext.enabled` | Enabled Exporter pods' Security Context | `true` |
| `exporter.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
| `exporter.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` |
| `exporter.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
| `exporter.podSecurityContext.fsGroup` | Set Exporter pod's Security Context fsGroup | `1001` |
| `exporter.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
| `exporter.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `exporter.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `exporter.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `exporter.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
| `exporter.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
| `exporter.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `true` |
| `exporter.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
| `exporter.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `exporter.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `exporter.updateStrategy.type` | The update strategy for deployments with persistent volumes: RollingUpdate or Recreate. Set it as Recreate when RWM for volumes isn't supported | `RollingUpdate` |
| `exporter.lifecycleHooks` | LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template | `{}` |
| `exporter.hostAliases` | Exporter pods host aliases | `[]` |
| `exporter.podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` |
| `exporter.podAnnotations` | Annotations to add to the exporter pod | `{}` |
| `exporter.podAffinityPreset` | Harbor Exporter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `exporter.podAntiAffinityPreset` | Harbor Exporter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `exporter.nodeAffinityPreset.type` | Harbor Exporter Node affinity preset type. Ignored if `exporter.affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `exporter.nodeAffinityPreset.key` | Harbor Exporter Node label key to match Ignored if `exporter.affinity` is set. | `""` |
| `exporter.nodeAffinityPreset.values` | Harbor Exporter Node label values to match. Ignored if `exporter.affinity` is set. | `[]` |
| `exporter.affinity` | Harbor Exporter Affinity for pod assignment | `{}` |
| `exporter.priorityClassName` | Exporter pods Priority Class Name | `""` |
| `exporter.schedulerName` | Name of the k8s scheduler (other than default) | `""` |
| `exporter.serviceAccountName` | Name of the serviceAccountName for Harbor Exporter pods | `""` |
| `exporter.nodeSelector` | Harbor Exporter Node labels for pod assignment | `{}` |
| `exporter.tolerations` | Harbor Exporter Tolerations for pod assignment | `[]` |
| `exporter.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `exporter.initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` |
| `exporter.extraVolumeMounts` | | `[]` |
| `exporter.extraVolumes` | | `[]` |
| `exporter.sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` |
| `exporter.automountServiceAccountToken` | Automount service account token | `false` |
| `exporter.service.ports.metrics` | Exporter HTTP service port | `8001` |
| `exporter.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
| `exporter.networkPolicy.allowExternal` | Don't require server label for connections | `true` |
| `exporter.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
| `exporter.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
| `exporter.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
| `exporter.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
| `exporter.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
### PostgreSQL Parameters

20
bitnami/harbor/values.yaml
View File

@@ -599,7 +599,7 @@ volumePermissions:
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r16
tag: 12-debian-12-r18
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
@@ -654,7 +654,7 @@ nginx:
image:
registry: docker.io
repository: bitnami/nginx
tag: 1.25.4-debian-12-r3
tag: 1.25.4-debian-12-r7
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1007,7 +1007,7 @@ portal:
image:
registry: docker.io
repository: bitnami/harbor-portal
tag: 2.10.1-debian-12-r0
tag: 2.10.2-debian-12-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1354,7 +1354,7 @@ core:
image:
registry: docker.io
repository: bitnami/harbor-core
tag: 2.10.1-debian-12-r0
tag: 2.10.2-debian-12-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -1761,7 +1761,7 @@ jobservice:
image:
registry: docker.io
repository: bitnami/harbor-jobservice
tag: 2.10.1-debian-12-r0
tag: 2.10.2-debian-12-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -2368,7 +2368,7 @@ registry:
image:
registry: docker.io
repository: bitnami/harbor-registry
tag: 2.10.1-debian-12-r0
tag: 2.10.2-debian-12-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -2540,7 +2540,7 @@ registry:
image:
registry: docker.io
repository: bitnami/harbor-registryctl
tag: 2.10.1-debian-12-r0
tag: 2.10.2-debian-12-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -2706,7 +2706,7 @@ trivy:
image:
registry: docker.io
repository: bitnami/harbor-adapter-trivy
tag: 2.10.1-debian-12-r0
tag: 2.10.2-debian-12-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -3097,7 +3097,7 @@ exporter:
image:
registry: docker.io
repository: bitnami/harbor-exporter
tag: 2.10.1-debian-12-r0
tag: 2.10.2-debian-12-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
@@ -3431,7 +3431,7 @@ postgresql:
image:
registry: docker.io
repository: bitnami/postgresql
tag: 13.14.0-debian-12-r8
tag: 13.14.0-debian-12-r14
digest: ""
auth:
enablePostgresUser: true