## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry and imagePullSecrets ## # global: # imageRegistry: myRegistryName # imagePullSecrets: # - myRegistryKeySecretName # storageClass: myStorageClass ## Bitnami Harbor Core image ## ref: https://hub.docker.com/r/bitnami/harbor-core/tags/ ## coreImage: registry: docker.io repository: bitnami/harbor-core tag: 1.10.2-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## Bitnami Harbor Portal image ## ref: https://hub.docker.com/r/bitnami/harbor-portal/tags/ ## portalImage: registry: docker.io repository: bitnami/harbor-portal tag: 1.10.2-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## Bitnami Harbor Job Service image ## ref: https://hub.docker.com/r/bitnami/harbor-jobservice/tags/ ## jobserviceImage: registry: docker.io repository: bitnami/harbor-jobservice tag: 1.10.2-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## Bitnami ChartMuseum image ## ref: https://hub.docker.com/r/bitnami/chartmuseum/tags/ ## chartMuseumImage: registry: docker.io repository: bitnami/chartmuseum tag: 0.12.0-debian-10-r26 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## Bitnami Harbor Registry image ## ref: https://hub.docker.com/r/bitnami/harbor-registry/tags/ ## registryImage: registry: docker.io repository: bitnami/harbor-registry tag: 1.10.2-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## Bitnami Harbor Registryctl image ## ref: https://hub.docker.com/r/bitnami/harbor-registryctl/tags/ ## registryctlImage: registry: docker.io repository: bitnami/harbor-registryctl tag: 1.10.2-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## Bitnami Harbor Clair image ## ref: https://hub.docker.com/r/bitnami/harbor-clair/tags/ ## clairImage: registry: docker.io repository: bitnami/harbor-clair tag: 1.10.2-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## Bitnami Harbor Adapter Clair image ## ref: https://hub.docker.com/r/bitnami/harbor-adapter-clair/tags/ ## clairAdapterImage: registry: docker.io repository: bitnami/harbor-adapter-clair tag: 1.0.2-debian-10-r8 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## Bitnami Harbor Notary Server image ## ref: https://hub.docker.com/r/bitnami/harbor-notary-server/tags/ ## notaryServerImage: registry: docker.io repository: bitnami/harbor-notary-server tag: 1.10.2-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## Bitnami Harbor Notary Signer image ## ref: https://hub.docker.com/r/bitnami/harbor-notary-signer/tags/ ## notarySignerImage: registry: docker.io repository: bitnami/harbor-notary-signer tag: 1.10.2-debian-10-r13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## Bitnami Nginx image ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ ## nginxImage: registry: docker.io repository: bitnami/nginx tag: 1.16.1-debian-10-r94 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Set to true if you would like to see extra information on logs ## It turns BASH and NAMI debugging in minideb ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging debug: false ## String to partially override harbor.fullname template (will maintain the release name) ## # nameOverride: ## String to fully override harbor.fullname template ## # fullnameOverride: ## Init containers parameters: ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. ## volumePermissions: enabled: false image: registry: docker.io repository: bitnami/minideb tag: buster pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## # pullSecrets: # - myRegistryKeySecretName ## Init containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 100m # memory: 128Mi requests: {} # cpu: 100m # memory: 128Mi ## Service parameters ## service: ## K8s service type ## Allowed values are "Ingress", "ClusterIP", "NodePort" or "LoadBalancer" ## type: ClusterIP ## TLS parameters ## tls: ## Enable TLS ## Note: When type is "Ingress" and TLS is disabled, the port must be included ## in the command when pulling/pushing images. ## ref: https://github.com/goharbor/harbor/issues/5291 ## enabled: true ## Fill the name of secret if you want to use your own TLS certificate. ## The secret contains keys named: ## "tls.crt" - the certificate (required) ## "tls.key" - the private key (required) ## "ca.crt" - the certificate of CA (optional), this enables the download ## link on portal to download the certificate of CA ## These files will be generated automatically if the "secretName" is not set ## secretName: "" ## By default, the Notary service will use the same certificat described above. ## Fill the name of secret if you want to use a separated on for Notary. ## notarySecretName: "" ## The common name used to automatically generate the certificates. ## Mandatory when "secretName" is not provided or type is not "Ingress". ## commonName: "core.harbor.domain" ## Ingress parameters ## ingress: ## The list of hostnames to be covered with this ingress record ## hosts: core: core.harbor.domain notary: notary.harbor.domain ## Set to the type of ingress controller if it has specific requirements. ## leave as `default` for most ingress controllers. ## set to `gce` if using the GCE ingress controller ## set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller ## controller: default ## Ingress annotations done as key:value pairs ## For a full list of possible ingress annotations, please see ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md ## annotations: ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/proxy-body-size: "0" ## Service parameters when type is "clusterIP" ## clusterIP: name: harbor ports: # The service port Harbor listens on when serving with HTTP httpPort: 80 # The service port Harbor listens on when serving with HTTPS httpsPort: 443 # The service port Notary listens on. Only needed when notary.enabled # is set to true notaryPort: 4443 ## Service parameters when type is "nodePort" ## nodePort: name: harbor ports: http: ## The service port Harbor listens on when serving with HTTP ## port: 80 ## The node port Harbor listens on when serving with HTTP ## nodePort: 30002 https: ## The service port Harbor listens on when serving with HTTPS ## port: 443 ## The node port Harbor listens on when serving with HTTPS ## nodePort: 30003 notary: ## The service port Notary listens on ## port: 4443 ## The node port Notary listens on ## nodePort: 30004 ## Service parameters when type is "loadBalancer" ## loadBalancer: name: harbor ports: ## The service port Harbor listens on when serving with HTTP ## httpPort: 80 ## The service port Harbor listens on when serving with HTTPS ## httpsPort: 443 ## The service port Notary listens on ## notaryPort: 4443 ## loadBalancerIP for the PrestaShop Service (optional, cloud specific) ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer ## # loadBalancerIP: ## Provide any additional annotations which may be required. This can be used to ## set the LoadBalancer service type to internal only. ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer ## annotations: {} sourceRanges: [] ## The external URL for Harbor core service. It is used to ## 1) populate the docker/helm commands showed on portal ## 2) populate the token service URL returned to docker/notary client ## ## Format: protocol://domain[:port]. Usually: ## 1) if "service.type" is "ingress", the "domain" should be ## the value of "service.ingress.hosts.core" ## 2) if "service.type" is "clusterIP", the "domain" should be ## the value of "service.clusterIP.name" ## 3) if "service.type" is "nodePort", the "domain" should be ## the IP address of k8s node. If Harbor is deployed behind the proxy, ## set it as the URL of proxy ## externalURL: https://core.harbor.domain ## UAA Authentication Options ## If you're using UAA for authentication behind a self-signed ## certificate you will need to provide the CA Cert. ## Set uaaSecretName below to provide a pre-created secret that ## contains a base64 encoded CA Certificate named `ca.crt`. # uaaSecretName: ## Kubernetes Security Context ## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## securityContext: enabled: true fsGroup: 1001 runAsUser: 1001 ## The persistence is enabled by default and a default StorageClass ## is needed in the k8s cluster to provision volumes dynamicly. ## Specify another StorageClass in the "storageClass" or set "existingClaim" ## if you have already existing persistent volumes to use ## ## For storing images and charts, you can also use "azure", "gcs", "s3", ## "swift" or "oss". Set it in the "imageChartStorage" section ## persistence: enabled: true ## Resource Policy ## Setting it to "keep" to avoid removing PVCs during a helm delete operation ## resourcePolicy: "keep" persistentVolumeClaim: registry: ## If you want to reuse an existing claim, you can pass the name of the PVC using ## the existingClaim variable ## existingClaim: "" ## Specify the "storageClass" used to provision the volume. ## Set it to "-" to disable dynamic provisioning ## storageClass: "" subPath: "" accessMode: ReadWriteOnce size: 5Gi jobservice: ## If you want to reuse an existing claim, you can pass the name of the PVC using ## the existingClaim variable ## existingClaim: "" ## Specify the "storageClass" used to provision the volume. ## Set it to "-" to disable dynamic provisioning ## storageClass: "" subPath: "" accessMode: ReadWriteOnce size: 1Gi chartmuseum: ## If you want to reuse an existing claim, you can pass the name of the PVC using ## the existingClaim variable ## existingClaim: "" ## Specify the "storageClass" used to provision the volume. ## Set it to "-" to disable dynamic provisioning ## storageClass: "" subPath: "" accessMode: ReadWriteOnce size: 5Gi ## Define which storage backend is used for registry and chartmuseum to store ## images and charts. ## ref: https://github.com/docker/distribution/blob/master/docs/configuration.md#storage ## imageChartStorage: ## Specify whether to disable `redirect` for images and chart storage, for ## backends which not supported it (such as using minio for `s3` storage type), please disable ## it. To disable redirects, simply set `disableredirect` to `true` instead. ## ref: https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect ## disableredirect: false ## Specify the type of storage. Allowed values are [ filesystem | azure | gcs | s3 | swift | oss ] ## type: filesystem ## Images/charts storage parameters when type is "filesystem" ## filesystem: rootdirectory: /storage # maxthreads: 100 ## Images/charts storage parameters when type is "azure" ## azure: accountname: accountname accountkey: base64encodedaccountkey container: containername storagePrefix: /azure/harbor/charts # realm: core.windows.net ## Images/charts storage parameters when type is "gcs" ## gcs: bucket: bucketname # The base64 encoded json file which contains the gcs key (file's content) encodedkey: base64-encoded-json-key-file # rootdirectory: /gcs/object/name/prefix # chunksize: "5242880" ## Images/charts storage parameters when type is "s3" ## s3: region: us-west-1 bucket: bucketname # accesskey: awsaccesskey # secretkey: awssecretkey # regionendpoint: http://myobjects.local # encrypt: false # keyid: mykeyid # secure: true # v4auth: true # chunksize: "5242880" # rootdirectory: /s3/object/name/prefix # storageclass: STANDARD ## Images/charts storage parameters when type is "swift" ## swift: authurl: https://storage.myprovider.com/v3/auth username: username password: password container: containername # region: fr # tenant: tenantname # tenantid: tenantid # domain: domainname # domainid: domainid # trustid: trustid # insecureskipverify: false # chunksize: 5M # prefix: # secretkey: secretkey # accesskey: accesskey # authversion: 3 # endpointtype: public # tempurlcontainerkey: false # tempurlmethods: ## Images/charts storage parameters when type is "oss" ## oss: accesskeyid: accesskeyid accesskeysecret: accesskeysecret region: regionname bucket: bucketname # endpoint: endpoint # internal: false # encrypt: false # secure: true # chunksize: 10M # rootdirectory: rootdirectory ## The log level used for Harbor services. Allowed values are [ fatal | error | warn | info | debug | trace ] ## logLevel: debug ## Option to force users to specify passwords (core.secret, harborAdminPassword, and secretKey). That is required for 'helm upgrade' to work properly. ## If it is not forced, random values will be generated. ## forcePassword: false ## The initial password of Harbor admin. Change it from portal after launching Harbor ## ## harborAdminPassword: ## The secret key used for encryption. Must be a string of 16 chars. ## ## secretKey: "not-a-secure-key" ## If expose the service via Ingress, the NGINX server will not be used ## nginx: replicas: 1 ## NGINX containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi ## Node labels for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## Tolerations for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Affinity for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} ## Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## When setting up Harbor behind another reverse proxy, such as a nginx instance, set this value to true ## if the reverse proxy already provides the 'X-Forwarded-Proto' header field. ## This is, for example, the case for the OpenShift HAProxy router. ## behindReverseProxy: false ## NGINX containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Harbor Portal parameters ## portal: replicas: 1 ## Harbor Portal containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi ## Node labels for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## Tolerations for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Affinity for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} ## Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## Harbor Portal containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Harbor Core parameters ## core: replicas: 1 ## Harbor Core containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi ## Node labels for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## Tolerations for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Affinity for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} ## Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## Secret is used when core server communicates with other components. ## If a secret key is not specified, Helm will generate one. ## Must be a string of 16 chars. ## secret: "" ## Fill the name of a kubernetes secret if you want to use your own ## TLS certificate and private key for token encryption/decryption. ## The secret must contain keys named: ## "tls.crt" - the certificate ## "tls.key" - the private key ## The default key pair will be used if it isn't set ## secretName: "" ## Harbor Core containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Harbor Jobservice parameters ## jobservice: replicas: 1 maxJobWorkers: 10 # The logger for jobs: "file", "database" or "stdout" jobLogger: file ## Harbor Jobservice containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi ## Node labels for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## Tolerations for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Affinity for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} ## Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## Secret is used when job service communicates with other components. ## If a secret key is not specified, Helm will generate one. ## Must be a string of 16 chars. ## secret: "" ## Harbor Jobservice containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 registry: replicas: 1 ## Harbor Registry parameters ## registry: ## Harbor Registry containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi ## Harbor Registry containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Harbor Registryctl parameters ## controller: ## Harbor Registryctl containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi ## Harbor Registryctl containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Node labels for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## Tolerations for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Affinity for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} ## Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## Secret is used to secure the upload state from client ## and registry storage backend. ## See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http ## If a secret key is not specified, Helm will generate one. ## Must be a string of 16 chars. ## secret: "" ## Chartmuseum parameters ## chartmuseum: enabled: true replicas: 1 port: 8080 ## Set the use of the Redis cache. useRedisCache: true ## Set the absolute URL to access the chartmuseum repository and the ## endpoint where it will be available. absoluteUrl: false chartRepoName: "chartsRepo" depth: 1 logJson: false disableMetrics: false disableApi: false disableStatefiles: false allowOverwrite: true anonymousGet: false ## Optional parameters for ChartMuseum not used by default. ## ref: https://chartmuseum.com/docs/#other-cli-options ## # contextPath: "" # indexLimit: 0 # chartPostFormFieldName: "chart" # provPostFormFieldName: "prov" ## Enable the TLS access to the ChartMuseum server. enableTLS: false ## An array to add extra env vars to chartmuseum ## For example: ## extraEnvVars: ## - name: BEARER_AUTH ## value: true ## Chartmuseum containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi ## Node labels for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## Tolerations for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Affinity for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} ## Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## Chartmuseum containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 20 failureThreshold: 10 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 20 failureThreshold: 10 successThreshold: 1 ## Clair parameters ## clair: enabled: true # Harbor needs Clair adapter to comunicate with Clair API. adapter: resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi replicas: 1 # The http(s) proxy used to update vulnerabilities database from internet httpProxy: httpsProxy: # The interval of clair updaters, the unit is hour, set to 0 to # disable the updaters updatersInterval: 12 ## Clair containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi ## Node labels for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## Tolerations for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## Affinity for pod assignment. Evaluated as a template. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## affinity: {} ## Pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## Clair containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Notary parameters ## notary: enabled: true server: replicas: 1 ## Notary server containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi ## Notary server containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 signer: replicas: 1 ## Notary signer containers' resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: {} # cpu: 500m # memory: 1Gi requests: {} # cpu: 250m # memory: 256Mi ## Notary signer containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## livenessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 readinessProbe: enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 nodeSelector: {} tolerations: [] affinity: {} ## Additional deployment annotations podAnnotations: {} # Fill the name of a kubernetes secret if you want to use your own # TLS certificate authority, certificate and private key for notary # communications. # The secret must contain keys named ca.crt, tls.crt and tls.key that # contain the CA, certificate and private key. # They will be generated if not set. secretName: "" ## Redis chart configuration ## ref: https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml ## redis: enabled: true # image: # tag: # password: "" usePassword: false cluster: enabled: false master: persistence: enabled: true slave: persistence: enabled: true ## If the Redis included in the chart is disabled, Harbor will use below ## Redis parameters to connect to an external Redis server. ## externalRedis: ## Redis host ## host: localhost ## Redis port number ## port: 6379 ## Redis password ## password: "" ## The "coreDatabaseIndex" must be "0" as the library Harbor ## used doesn't support configuring it ## coreDatabaseIndex: "0" jobserviceDatabaseIndex: "1" registryDatabaseIndex: "2" chartmuseumDatabaseIndex: "3" ## PostgreSQL chart configuration ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml ## postgresql: enabled: true postgresqlUsername: postgres postgresqlPassword: not-secure-database-password replication: enabled: false persistence: enabled: true ## PostgreSQL initdb initdbScripts ## initdbScripts: initial-notaryserver.sql: | CREATE DATABASE notaryserver; CREATE USER server; alter user server with encrypted password 'password'; GRANT ALL PRIVILEGES ON DATABASE notaryserver TO server; initial-notarysigner.sql: | CREATE DATABASE notarysigner; CREATE USER signer; alter user signer with encrypted password 'password'; GRANT ALL PRIVILEGES ON DATABASE notarysigner TO signer; initial-registry.sql: | CREATE DATABASE registry ENCODING 'UTF8'; \c registry; CREATE TABLE schema_migrations(version bigint not null primary key, dirty boolean not null); ## If the PostgreSQL database included in the chart is disabled, Harbor will ## use below parameters to connect to an external PostgreSQL server. ## externalDatabase: ## Database host ## host: localhost ## non-root Username for portal Database ## user: bn_harbor ## Database password ## password: "" ## Database name ## database: bitnami_harbor ## Database port number ## port: 5432 ## External database ssl mode ## sslmode: ## External database name for core ## coreDatabase: ## External database name for clair ## clairDatabase: ## External database name for notaryserver ## notaryServerDatabase: ## External database name for notaryserver ## notarySignerDatabase: