mirror of
https://github.com/bitnami/charts.git
synced 2026-03-14 06:47:28 +08:00
1311 lines
43 KiB
YAML
1311 lines
43 KiB
YAML
## Global Docker image parameters
|
|
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
|
## Current available global Docker image parameters: imageRegistry and imagePullSecrets
|
|
##
|
|
# global:
|
|
# imageRegistry: myRegistryName
|
|
# imagePullSecrets:
|
|
# - myRegistryKeySecretName
|
|
# storageClass: myStorageClass
|
|
|
|
## Bitnami Harbor Core image
|
|
## ref: https://hub.docker.com/r/bitnami/harbor-core/tags/
|
|
##
|
|
coreImage:
|
|
registry: docker.io
|
|
repository: bitnami/harbor-core
|
|
tag: 1.10.1-debian-10-r55
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## Bitnami Harbor Portal image
|
|
## ref: https://hub.docker.com/r/bitnami/harbor-portal/tags/
|
|
##
|
|
portalImage:
|
|
registry: docker.io
|
|
repository: bitnami/harbor-portal
|
|
tag: 1.10.2-debian-10-r0
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## Bitnami Harbor Job Service image
|
|
## ref: https://hub.docker.com/r/bitnami/harbor-jobservice/tags/
|
|
##
|
|
jobserviceImage:
|
|
registry: docker.io
|
|
repository: bitnami/harbor-jobservice
|
|
tag: 1.10.2-debian-10-r0
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## Bitnami ChartMuseum image
|
|
## ref: https://hub.docker.com/r/bitnami/chartmuseum/tags/
|
|
##
|
|
chartMuseumImage:
|
|
registry: docker.io
|
|
repository: bitnami/chartmuseum
|
|
tag: 0.12.0-debian-10-r13
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## Bitnami Harbor Registry image
|
|
## ref: https://hub.docker.com/r/bitnami/harbor-registry/tags/
|
|
##
|
|
registryImage:
|
|
registry: docker.io
|
|
repository: bitnami/harbor-registry
|
|
tag: 1.10.1-debian-10-r56
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## Bitnami Harbor Registryctl image
|
|
## ref: https://hub.docker.com/r/bitnami/harbor-registryctl/tags/
|
|
##
|
|
registryctlImage:
|
|
registry: docker.io
|
|
repository: bitnami/harbor-registryctl
|
|
tag: 1.10.2-debian-10-r0
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## Bitnami Harbor Clair image
|
|
## ref: https://hub.docker.com/r/bitnami/harbor-clair/tags/
|
|
##
|
|
clairImage:
|
|
registry: docker.io
|
|
repository: bitnami/harbor-clair
|
|
tag: 1.10.1-debian-10-r55
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## Bitnami Harbor Adapter Clair image
|
|
## ref: https://hub.docker.com/r/bitnami/harbor-adapter-clair/tags/
|
|
##
|
|
clairAdapterImage:
|
|
registry: docker.io
|
|
repository: bitnami/harbor-adapter-clair
|
|
tag: 1.0.1-debian-10-r71
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## Bitnami Harbor Notary Server image
|
|
## ref: https://hub.docker.com/r/bitnami/harbor-notary-server/tags/
|
|
##
|
|
notaryServerImage:
|
|
registry: docker.io
|
|
repository: bitnami/harbor-notary-server
|
|
tag: 1.10.1-debian-10-r56
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## Bitnami Harbor Notary Signer image
|
|
## ref: https://hub.docker.com/r/bitnami/harbor-notary-signer/tags/
|
|
##
|
|
notarySignerImage:
|
|
registry: docker.io
|
|
repository: bitnami/harbor-notary-signer
|
|
tag: 1.10.1-debian-10-r56
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## Bitnami Nginx image
|
|
## ref: https://hub.docker.com/r/bitnami/nginx/tags/
|
|
##
|
|
nginxImage:
|
|
registry: docker.io
|
|
repository: bitnami/nginx
|
|
tag: 1.16.1-debian-10-r81
|
|
## Specify a imagePullPolicy
|
|
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
|
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
|
##
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
|
|
## Set to true if you would like to see extra information on logs
|
|
## It turns BASH and NAMI debugging in minideb
|
|
## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
|
|
debug: false
|
|
|
|
## String to partially override harbor.fullname template (will maintain the release name)
|
|
##
|
|
# nameOverride:
|
|
|
|
## String to fully override harbor.fullname template
|
|
##
|
|
# fullnameOverride:
|
|
|
|
## Init containers parameters:
|
|
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
|
|
##
|
|
volumePermissions:
|
|
enabled: false
|
|
image:
|
|
registry: docker.io
|
|
repository: bitnami/minideb
|
|
tag: buster
|
|
pullPolicy: Always
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
|
##
|
|
# pullSecrets:
|
|
# - myRegistryKeySecretName
|
|
## Init containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
requests: {}
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
## Service parameters
|
|
##
|
|
service:
|
|
## K8s service type
|
|
## Allowed values are "Ingress", "ClusterIP", "NodePort" or "LoadBalancer"
|
|
##
|
|
type: Ingress
|
|
## TLS parameters
|
|
##
|
|
tls:
|
|
## Enable TLS
|
|
## Note: When type is "Ingress" and TLS is disabled, the port must be included
|
|
## in the command when pulling/pushing images.
|
|
## ref: https://github.com/goharbor/harbor/issues/5291
|
|
##
|
|
enabled: true
|
|
## Fill the name of secret if you want to use your own TLS certificate.
|
|
## The secret contains keys named:
|
|
## "tls.crt" - the certificate (required)
|
|
## "tls.key" - the private key (required)
|
|
## "ca.crt" - the certificate of CA (optional), this enables the download
|
|
## link on portal to download the certificate of CA
|
|
## These files will be generated automatically if the "secretName" is not set
|
|
##
|
|
secretName: ""
|
|
## By default, the Notary service will use the same certificat described above.
|
|
## Fill the name of secret if you want to use a separated on for Notary.
|
|
##
|
|
notarySecretName: ""
|
|
## The common name used to automatically generate the certificates.
|
|
## Mandatory when "secretName" is not provided or type is not "Ingress".
|
|
##
|
|
commonName: ""
|
|
## Ingress parameters
|
|
##
|
|
ingress:
|
|
## The list of hostnames to be covered with this ingress record
|
|
##
|
|
hosts:
|
|
core: core.harbor.domain
|
|
notary: notary.harbor.domain
|
|
## Set to the type of ingress controller if it has specific requirements.
|
|
## leave as `default` for most ingress controllers.
|
|
## set to `gce` if using the GCE ingress controller
|
|
## set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller
|
|
##
|
|
controller: default
|
|
## Ingress annotations done as key:value pairs
|
|
## For a full list of possible ingress annotations, please see
|
|
## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md
|
|
##
|
|
annotations:
|
|
ingress.kubernetes.io/ssl-redirect: "true"
|
|
ingress.kubernetes.io/proxy-body-size: "0"
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
## Service parameters when type is "clusterIP"
|
|
##
|
|
clusterIP:
|
|
name: harbor
|
|
ports:
|
|
# The service port Harbor listens on when serving with HTTP
|
|
httpPort: 80
|
|
# The service port Harbor listens on when serving with HTTPS
|
|
httpsPort: 443
|
|
# The service port Notary listens on. Only needed when notary.enabled
|
|
# is set to true
|
|
notaryPort: 4443
|
|
## Service parameters when type is "nodePort"
|
|
##
|
|
nodePort:
|
|
name: harbor
|
|
ports:
|
|
http:
|
|
## The service port Harbor listens on when serving with HTTP
|
|
##
|
|
port: 80
|
|
## The node port Harbor listens on when serving with HTTP
|
|
##
|
|
nodePort: 30002
|
|
https:
|
|
## The service port Harbor listens on when serving with HTTPS
|
|
##
|
|
port: 443
|
|
## The node port Harbor listens on when serving with HTTPS
|
|
##
|
|
nodePort: 30003
|
|
notary:
|
|
## The service port Notary listens on
|
|
##
|
|
port: 4443
|
|
## The node port Notary listens on
|
|
##
|
|
nodePort: 30004
|
|
## Service parameters when type is "loadBalancer"
|
|
##
|
|
loadBalancer:
|
|
name: harbor
|
|
ports:
|
|
## The service port Harbor listens on when serving with HTTP
|
|
##
|
|
httpPort: 80
|
|
## The service port Harbor listens on when serving with HTTPS
|
|
##
|
|
httpsPort: 443
|
|
## The service port Notary listens on
|
|
##
|
|
notaryPort: 4443
|
|
## loadBalancerIP for the PrestaShop Service (optional, cloud specific)
|
|
## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer
|
|
##
|
|
# loadBalancerIP:
|
|
## Provide any additional annotations which may be required. This can be used to
|
|
## set the LoadBalancer service type to internal only.
|
|
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
|
|
##
|
|
annotations: {}
|
|
sourceRanges: []
|
|
|
|
## The external URL for Harbor core service. It is used to
|
|
## 1) populate the docker/helm commands showed on portal
|
|
## 2) populate the token service URL returned to docker/notary client
|
|
##
|
|
## Format: protocol://domain[:port]. Usually:
|
|
## 1) if "service.type" is "ingress", the "domain" should be
|
|
## the value of "service.ingress.hosts.core"
|
|
## 2) if "service.type" is "clusterIP", the "domain" should be
|
|
## the value of "service.clusterIP.name"
|
|
## 3) if "service.type" is "nodePort", the "domain" should be
|
|
## the IP address of k8s node. If Harbor is deployed behind the proxy,
|
|
## set it as the URL of proxy
|
|
##
|
|
externalURL: https://core.harbor.domain
|
|
|
|
## UAA Authentication Options
|
|
## If you're using UAA for authentication behind a self-signed
|
|
## certificate you will need to provide the CA Cert.
|
|
## Set uaaSecretName below to provide a pre-created secret that
|
|
## contains a base64 encoded CA Certificate named `ca.crt`.
|
|
# uaaSecretName:
|
|
|
|
## Kubernetes Security Context
|
|
## https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
##
|
|
securityContext:
|
|
enabled: true
|
|
fsGroup: 1001
|
|
runAsUser: 1001
|
|
|
|
## The persistence is enabled by default and a default StorageClass
|
|
## is needed in the k8s cluster to provision volumes dynamicly.
|
|
## Specify another StorageClass in the "storageClass" or set "existingClaim"
|
|
## if you have already existing persistent volumes to use
|
|
##
|
|
## For storing images and charts, you can also use "azure", "gcs", "s3",
|
|
## "swift" or "oss". Set it in the "imageChartStorage" section
|
|
##
|
|
persistence:
|
|
enabled: true
|
|
## Resource Policy
|
|
## Setting it to "keep" to avoid removing PVCs during a helm delete operation
|
|
##
|
|
resourcePolicy: "keep"
|
|
persistentVolumeClaim:
|
|
registry:
|
|
## If you want to reuse an existing claim, you can pass the name of the PVC using
|
|
## the existingClaim variable
|
|
##
|
|
existingClaim: ""
|
|
## Specify the "storageClass" used to provision the volume.
|
|
## Set it to "-" to disable dynamic provisioning
|
|
##
|
|
storageClass: ""
|
|
subPath: ""
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
jobservice:
|
|
## If you want to reuse an existing claim, you can pass the name of the PVC using
|
|
## the existingClaim variable
|
|
##
|
|
existingClaim: ""
|
|
## Specify the "storageClass" used to provision the volume.
|
|
## Set it to "-" to disable dynamic provisioning
|
|
##
|
|
storageClass: ""
|
|
subPath: ""
|
|
accessMode: ReadWriteOnce
|
|
size: 1Gi
|
|
|
|
chartmuseum:
|
|
## If you want to reuse an existing claim, you can pass the name of the PVC using
|
|
## the existingClaim variable
|
|
##
|
|
existingClaim: ""
|
|
## Specify the "storageClass" used to provision the volume.
|
|
## Set it to "-" to disable dynamic provisioning
|
|
##
|
|
storageClass: ""
|
|
subPath: ""
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
|
|
## Define which storage backend is used for registry and chartmuseum to store
|
|
## images and charts.
|
|
## ref: https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
|
|
##
|
|
imageChartStorage:
|
|
## Specify whether to disable `redirect` for images and chart storage, for
|
|
## backends which not supported it (such as using minio for `s3` storage type), please disable
|
|
## it. To disable redirects, simply set `disableredirect` to `true` instead.
|
|
## ref: https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect
|
|
##
|
|
disableredirect: false
|
|
## Specify the type of storage. Allowed values are [ filesystem | azure | gcs | s3 | swift | oss ]
|
|
##
|
|
type: filesystem
|
|
## Images/charts storage parameters when type is "filesystem"
|
|
##
|
|
filesystem:
|
|
rootdirectory: /storage
|
|
# maxthreads: 100
|
|
## Images/charts storage parameters when type is "azure"
|
|
##
|
|
azure:
|
|
accountname: accountname
|
|
accountkey: base64encodedaccountkey
|
|
container: containername
|
|
storagePrefix: /azure/harbor/charts
|
|
# realm: core.windows.net
|
|
## Images/charts storage parameters when type is "gcs"
|
|
##
|
|
gcs:
|
|
bucket: bucketname
|
|
# The base64 encoded json file which contains the gcs key (file's content)
|
|
encodedkey: base64-encoded-json-key-file
|
|
# rootdirectory: /gcs/object/name/prefix
|
|
# chunksize: "5242880"
|
|
## Images/charts storage parameters when type is "s3"
|
|
##
|
|
s3:
|
|
region: us-west-1
|
|
bucket: bucketname
|
|
# accesskey: awsaccesskey
|
|
# secretkey: awssecretkey
|
|
# regionendpoint: http://myobjects.local
|
|
# encrypt: false
|
|
# keyid: mykeyid
|
|
# secure: true
|
|
# v4auth: true
|
|
# chunksize: "5242880"
|
|
# rootdirectory: /s3/object/name/prefix
|
|
# storageclass: STANDARD
|
|
## Images/charts storage parameters when type is "swift"
|
|
##
|
|
swift:
|
|
authurl: https://storage.myprovider.com/v3/auth
|
|
username: username
|
|
password: password
|
|
container: containername
|
|
# region: fr
|
|
# tenant: tenantname
|
|
# tenantid: tenantid
|
|
# domain: domainname
|
|
# domainid: domainid
|
|
# trustid: trustid
|
|
# insecureskipverify: false
|
|
# chunksize: 5M
|
|
# prefix:
|
|
# secretkey: secretkey
|
|
# accesskey: accesskey
|
|
# authversion: 3
|
|
# endpointtype: public
|
|
# tempurlcontainerkey: false
|
|
# tempurlmethods:
|
|
## Images/charts storage parameters when type is "oss"
|
|
##
|
|
oss:
|
|
accesskeyid: accesskeyid
|
|
accesskeysecret: accesskeysecret
|
|
region: regionname
|
|
bucket: bucketname
|
|
# endpoint: endpoint
|
|
# internal: false
|
|
# encrypt: false
|
|
# secure: true
|
|
# chunksize: 10M
|
|
# rootdirectory: rootdirectory
|
|
|
|
## The log level used for Harbor services. Allowed values are [ fatal | error | warn | info | debug | trace ]
|
|
##
|
|
logLevel: debug
|
|
|
|
## Option to force users to specify passwords (core.secret, harborAdminPassword, and secretKey). That is required for 'helm upgrade' to work properly.
|
|
## If it is not forced, random values will be generated.
|
|
##
|
|
forcePassword: true
|
|
|
|
## The initial password of Harbor admin. Change it from portal after launching Harbor
|
|
##
|
|
## harborAdminPassword:
|
|
|
|
## The secret key used for encryption. Must be a string of 16 chars.
|
|
##
|
|
## secretKey: "not-a-secure-key"
|
|
|
|
## If expose the service via Ingress, the NGINX server will not be used
|
|
##
|
|
nginx:
|
|
replicas: 1
|
|
## NGINX containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
|
|
## Node labels for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
## Tolerations for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
## Affinity for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
## Pod annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
## When setting up Harbor behind another reverse proxy, such as a nginx instance, set this value to true
|
|
## if the reverse proxy already provides the 'X-Forwarded-Proto' header field.
|
|
## This is, for example, the case for the OpenShift HAProxy router.
|
|
##
|
|
behindReverseProxy: false
|
|
## NGINX containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
|
|
## Harbor Portal parameters
|
|
##
|
|
portal:
|
|
replicas: 1
|
|
## Harbor Portal containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
|
|
## Node labels for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Affinity for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## Pod annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Harbor Portal containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
|
|
## Harbor Core parameters
|
|
##
|
|
core:
|
|
replicas: 1
|
|
## Harbor Core containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
|
|
## Node labels for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Affinity for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## Pod annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Secret is used when core server communicates with other components.
|
|
## If a secret key is not specified, Helm will generate one.
|
|
## Must be a string of 16 chars.
|
|
##
|
|
secret: ""
|
|
## Fill the name of a kubernetes secret if you want to use your own
|
|
## TLS certificate and private key for token encryption/decryption.
|
|
## The secret must contain keys named:
|
|
## "tls.crt" - the certificate
|
|
## "tls.key" - the private key
|
|
## The default key pair will be used if it isn't set
|
|
##
|
|
secretName: ""
|
|
|
|
## Harbor Core containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
|
|
## Harbor Jobservice parameters
|
|
##
|
|
jobservice:
|
|
replicas: 1
|
|
maxJobWorkers: 10
|
|
# The logger for jobs: "file", "database" or "stdout"
|
|
jobLogger: file
|
|
## Harbor Jobservice containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
|
|
## Node labels for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Affinity for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## Pod annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Secret is used when job service communicates with other components.
|
|
## If a secret key is not specified, Helm will generate one.
|
|
## Must be a string of 16 chars.
|
|
##
|
|
secret: ""
|
|
|
|
## Harbor Jobservice containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
|
|
registry:
|
|
replicas: 1
|
|
## Harbor Registry parameters
|
|
##
|
|
registry:
|
|
## Harbor Registry containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
## Harbor Registry containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
## Harbor Registryctl parameters
|
|
##
|
|
controller:
|
|
## Harbor Registryctl containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
## Harbor Registryctl containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
|
|
## Node labels for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Affinity for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## Pod annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Secret is used to secure the upload state from client
|
|
## and registry storage backend.
|
|
## See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http
|
|
## If a secret key is not specified, Helm will generate one.
|
|
## Must be a string of 16 chars.
|
|
##
|
|
secret: ""
|
|
|
|
## Chartmuseum parameters
|
|
##
|
|
chartmuseum:
|
|
enabled: true
|
|
replicas: 1
|
|
port: 8080
|
|
|
|
## Set the use of the Redis cache.
|
|
useRedisCache: true
|
|
|
|
## Set the absolute URL to access the chartmuseum repository and the
|
|
## endpoint where it will be available.
|
|
absoluteUrl: false
|
|
chartRepoName: "chartsRepo"
|
|
|
|
depth: 1
|
|
logJson: false
|
|
disableMetrics: false
|
|
disableApi: false
|
|
disableStatefiles: false
|
|
allowOverwrite: true
|
|
anonymousGet: false
|
|
|
|
## Optional parameters for ChartMuseum not used by default.
|
|
## ref: https://chartmuseum.com/docs/#other-cli-options
|
|
##
|
|
# contextPath: ""
|
|
# indexLimit: 0
|
|
# chartPostFormFieldName: "chart"
|
|
# provPostFormFieldName: "prov"
|
|
|
|
## Enable the TLS access to the ChartMuseum server.
|
|
enableTLS: false
|
|
|
|
## An array to add extra env vars to chartmuseum
|
|
## For example:
|
|
## extraEnvVars:
|
|
## - name: BEARER_AUTH
|
|
## value: true
|
|
|
|
## Chartmuseum containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
|
|
## Node labels for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Affinity for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## Pod annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Chartmuseum containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 20
|
|
failureThreshold: 10
|
|
successThreshold: 1
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
timeoutSeconds: 20
|
|
failureThreshold: 10
|
|
successThreshold: 1
|
|
|
|
## Clair parameters
|
|
##
|
|
clair:
|
|
enabled: true
|
|
# Harbor needs Clair adapter to comunicate with Clair API.
|
|
adapter:
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
|
|
replicas: 1
|
|
# The http(s) proxy used to update vulnerabilities database from internet
|
|
httpProxy:
|
|
httpsProxy:
|
|
# The interval of clair updaters, the unit is hour, set to 0 to
|
|
# disable the updaters
|
|
updatersInterval: 12
|
|
|
|
## Clair containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
|
|
## Node labels for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
##
|
|
nodeSelector: {}
|
|
|
|
## Tolerations for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
|
##
|
|
tolerations: []
|
|
|
|
## Affinity for pod assignment. Evaluated as a template.
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
|
##
|
|
affinity: {}
|
|
|
|
## Pod annotations
|
|
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Clair containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
|
|
## Notary parameters
|
|
##
|
|
notary:
|
|
enabled: true
|
|
server:
|
|
replicas: 1
|
|
## Notary server containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
## Notary server containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
signer:
|
|
replicas: 1
|
|
## Notary signer containers' resource requests and limits
|
|
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
|
##
|
|
resources:
|
|
# We usually recommend not to specify default resources and to leave this as a conscious
|
|
# choice for the user. This also increases chances charts run on environments with little
|
|
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
limits: {}
|
|
# cpu: 500m
|
|
# memory: 1Gi
|
|
requests: {}
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
## Notary signer containers' liveness and readiness probes
|
|
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
|
|
##
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
timeoutSeconds: 5
|
|
failureThreshold: 6
|
|
successThreshold: 1
|
|
|
|
## Redis chart configuration
|
|
## ref: https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml
|
|
##
|
|
redis:
|
|
enabled: true
|
|
# image:
|
|
# tag:
|
|
# password: ""
|
|
usePassword: false
|
|
cluster:
|
|
enabled: true
|
|
master:
|
|
persistence:
|
|
enabled: true
|
|
slave:
|
|
persistence:
|
|
enabled: true
|
|
|
|
## If the Redis included in the chart is disabled, Harbor will use below
|
|
## Redis parameters to connect to an external Redis server.
|
|
##
|
|
externalRedis:
|
|
## Redis host
|
|
##
|
|
host: localhost
|
|
## Redis port number
|
|
##
|
|
port: 6379
|
|
## Redis password
|
|
##
|
|
password: ""
|
|
## The "coreDatabaseIndex" must be "0" as the library Harbor
|
|
## used doesn't support configuring it
|
|
##
|
|
coreDatabaseIndex: "0"
|
|
jobserviceDatabaseIndex: "1"
|
|
registryDatabaseIndex: "2"
|
|
chartmuseumDatabaseIndex: "3"
|
|
|
|
|
|
## PostgreSQL chart configuration
|
|
## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml
|
|
##
|
|
postgresql:
|
|
enabled: true
|
|
postgresqlUsername: postgres
|
|
postgresqlPassword: not-secure-database-password
|
|
replication:
|
|
enabled: true
|
|
persistence:
|
|
enabled: true
|
|
## PostgreSQL initdb initdbScripts
|
|
##
|
|
initdbScripts:
|
|
initial-notaryserver.sql: |
|
|
CREATE DATABASE notaryserver;
|
|
CREATE USER server;
|
|
alter user server with encrypted password 'password';
|
|
GRANT ALL PRIVILEGES ON DATABASE notaryserver TO server;
|
|
initial-notarysigner.sql: |
|
|
CREATE DATABASE notarysigner;
|
|
CREATE USER signer;
|
|
alter user signer with encrypted password 'password';
|
|
GRANT ALL PRIVILEGES ON DATABASE notarysigner TO signer;
|
|
initial-registry.sql: |
|
|
CREATE DATABASE registry ENCODING 'UTF8';
|
|
\c registry;
|
|
CREATE TABLE schema_migrations(version bigint not null primary key, dirty boolean not null);
|
|
|
|
## If the PostgreSQL database included in the chart is disabled, Harbor will
|
|
## use below parameters to connect to an external PostgreSQL server.
|
|
##
|
|
externalDatabase:
|
|
## Database host
|
|
##
|
|
host: localhost
|
|
## non-root Username for portal Database
|
|
##
|
|
user: bn_harbor
|
|
## Database password
|
|
##
|
|
password: ""
|
|
## Database name
|
|
##
|
|
database: bitnami_harbor
|
|
## Database port number
|
|
##
|
|
port: 5432
|
|
## External database ssl mode
|
|
## sslmode:
|
|
## External database name for core
|
|
## coreDatabase:
|
|
## External database name for clair
|
|
## clairDatabase:
|
|
## External database name for notaryserver
|
|
## notaryServerDatabase:
|
|
## External database name for notaryserver
|
|
## notarySignerDatabase:
|