Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-19 11:37:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
6ccd8044fe73d7ebe01a4d1af54edd3b25bfbd49
charts/bitnami/harbor
History

README.md

Harbor packaged by Bitnami

Harbor is an open source trusted cloud-native registry to store, sign, and scan content. It adds functionalities like security, identity, and management to the open source Docker distribution.

Overview of Harbor

TL;DR

helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-release bitnami/harbor

Introduction

This Helm chart installs Harbor in a Kubernetes cluster. Welcome to contribute to Helm Chart for Harbor.

This Helm chart has been developed based on goharbor/harbor-helm chart but including some features common to the Bitnami chart library. For example, the following changes have been introduced:

  • Possibility to pull all the required images from a private registry through the Global Docker image parameters.
  • Redis™ and PostgreSQL are managed as chart dependencies.
  • Liveness and Readiness probes for all deployments are exposed to the values.yaml.
  • Uses new Helm chart labels formatting.
  • Uses Bitnami container images:
    • non-root by default
    • published for debian-10 and ol-7
  • This chart support the Harbor optional components Chartmuseum, Clair and Notary integrations.

Prerequisites

  • Kubernetes 1.19+
  • Helm 3.2.0+
  • PV provisioner support in the underlying infrastructure
  • ReadWriteMany volumes for deployment scaling

Installing the Chart

Install the Harbor helm chart with a release name my-release:

helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-release bitnami/harbor

Uninstalling the Chart

To uninstall/delete the my-release deployment:

helm delete --purge my-release

Additionally, if persistence.resourcePolicy is set to keep, you should manually delete the PVCs.

Parameters

Global parameters

Name Description Value
global.imageRegistry Global Docker image registry ""
global.imagePullSecrets Global Docker registry secret names as an array []
global.storageClass Global StorageClass for Persistent Volume(s) ""

Common Parameters

Name Description Value
nameOverride String to partially override common.names.fullname template (will maintain the release name) ""
fullnameOverride String to fully override common.names.fullname template with a string ""
kubeVersion Force target Kubernetes version (using Helm capabilities if not set) ""
clusterDomain Kubernetes Cluster Domain cluster.local
commonAnnotations Annotations to add to all deployed objects {}
commonLabels Labels to add to all deployed objects {}
extraDeploy Array of extra objects to deploy with the release (evaluated as a template). []
diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) false
diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s) ["sleep"]
diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s) ["infinity"]

Harbor common parameters

Name Description Value
adminPassword The initial password of Harbor admin. Change it from portal after launching Harbor ""
externalURL The external URL for Harbor Core service https://core.harbor.domain
proxy.httpProxy The URL of the HTTP proxy server ""
proxy.httpsProxy The URL of the HTTPS proxy server ""
proxy.noProxy The URLs that the proxy settings not apply to 127.0.0.1,localhost,.local,.internal
proxy.components The component list that the proxy settings apply to ["core","jobservice","clair","trivy"]
logLevel The log level used for Harbor services. Allowed values are [ fatal | error | warn | info | debug | trace ] debug
internalTLS.enabled Use TLS in all the supported containers: chartmuseum, clair, core, jobservice, portal, registry and trivy false
internalTLS.caBundleSecret Name of an existing secret with a custom CA that will be injected into the trust store for chartmuseum, clair, core, jobservice, registry, trivy components ""
ipFamily.ipv6.enabled Enable listening on IPv6 ([::]) for NGINX-based components (NGINX,portal) true
ipFamily.ipv4.enabled Enable listening on IPv4 for NGINX-based components (NGINX,portal) true

Traffic Exposure Parameters

Name Description Value
exposureType The way to expose Harbor. Allowed values are [ ingress | proxy ] proxy
service.type NGINX proxy service type LoadBalancer
service.ports.http NGINX proxy service HTTP port 80
service.ports.https NGINX proxy service HTTPS port 443
service.ports.notary Notary service port 4443
service.nodePorts.http Node port for HTTP ""
service.nodePorts.https Node port for HTTPS ""
service.nodePorts.notary Node port for Notary ""
service.sessionAffinity Control where client requests go, to the same pod or round-robin None
service.clusterIP NGINX proxy service Cluster IP ""
service.loadBalancerIP NGINX proxy service Load Balancer IP ""
service.loadBalancerSourceRanges NGINX proxy service Load Balancer sources []
service.externalTrafficPolicy NGINX proxy service external traffic policy Cluster
service.annotations Additional custom annotations for NGINX proxy service {}
service.extraPorts Extra port to expose on NGINX proxy service []
ingress.core.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ""
ingress.core.pathType Ingress path type ImplementationSpecific
ingress.core.apiVersion Force Ingress API version (automatically detected if not set) ""
ingress.core.controller The ingress controller type. Currently supports default, gce and ncp default
ingress.core.hostname Default host for the ingress record core.harbor.domain
ingress.core.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. {}
ingress.core.tls Enable TLS configuration for the host defined at ingress.core.hostname parameter false
ingress.core.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm false
ingress.core.extraHosts An array with additional hostname(s) to be covered with the ingress record []
ingress.core.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host []
ingress.core.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record []
ingress.core.secrets Custom TLS certificates as secrets []
ingress.core.extraRules Additional rules to be covered with this ingress record []
ingress.notary.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ""
ingress.notary.pathType Ingress path type ImplementationSpecific
ingress.notary.apiVersion Force Ingress API version (automatically detected if not set) ""
ingress.notary.controller The ingress controller type. Currently supports default, gce and ncp default
ingress.notary.hostname Default host for the ingress record notary.harbor.domain
ingress.notary.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. {}
ingress.notary.tls Enable TLS configuration for the host defined at ingress.hostname parameter false
ingress.notary.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm false
ingress.notary.extraHosts An array with additional hostname(s) to be covered with the ingress record []
ingress.notary.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host []
ingress.notary.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record []
ingress.notary.secrets Custom TLS certificates as secrets []
ingress.notary.extraRules Additional rules to be covered with this ingress record []

Persistence Parameters

Name Description Value
persistence.enabled Enable the data persistence or not true
persistence.resourcePolicy Setting it to keep to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted keep
persistence.persistentVolumeClaim.registry.existingClaim Name of an existing PVC to use ""
persistence.persistentVolumeClaim.registry.storageClass PVC Storage Class for Harbor Registry data volume ""
persistence.persistentVolumeClaim.registry.subPath The sub path used in the volume ""
persistence.persistentVolumeClaim.registry.accessModes The access mode of the volume ["ReadWriteOnce"]
persistence.persistentVolumeClaim.registry.size The size of the volume 5Gi
persistence.persistentVolumeClaim.registry.annotations Annotations for the PVC {}
persistence.persistentVolumeClaim.registry.selector Selector to match an existing Persistent Volume {}
persistence.persistentVolumeClaim.jobservice.existingClaim Name of an existing PVC to use ""
persistence.persistentVolumeClaim.jobservice.storageClass PVC Storage Class for Harbor Jobservice data volume ""
persistence.persistentVolumeClaim.jobservice.subPath The sub path used in the volume ""
persistence.persistentVolumeClaim.jobservice.accessModes The access mode of the volume ["ReadWriteOnce"]
persistence.persistentVolumeClaim.jobservice.size The size of the volume 1Gi
persistence.persistentVolumeClaim.jobservice.annotations Annotations for the PVC {}
persistence.persistentVolumeClaim.jobservice.selector Selector to match an existing Persistent Volume {}
persistence.persistentVolumeClaim.chartmuseum.existingClaim Name of an existing PVC to use ""
persistence.persistentVolumeClaim.chartmuseum.storageClass PVC Storage Class for Chartmuseum data volume ""
persistence.persistentVolumeClaim.chartmuseum.subPath The sub path used in the volume ""
persistence.persistentVolumeClaim.chartmuseum.accessModes The access mode of the volume ["ReadWriteOnce"]
persistence.persistentVolumeClaim.chartmuseum.size The size of the volume 5Gi
persistence.persistentVolumeClaim.chartmuseum.annotations Annotations for the PVC {}
persistence.persistentVolumeClaim.chartmuseum.selector Selector to match an existing Persistent Volume {}
persistence.persistentVolumeClaim.trivy.storageClass PVC Storage Class for Trivy data volume ""
persistence.persistentVolumeClaim.trivy.accessModes The access mode of the volume ["ReadWriteOnce"]
persistence.persistentVolumeClaim.trivy.size The size of the volume 5Gi
persistence.persistentVolumeClaim.trivy.annotations Annotations for the PVC {}
persistence.persistentVolumeClaim.trivy.selector Selector to match an existing Persistent Volume {}
persistence.imageChartStorage.caBundleSecret Specify the caBundleSecret if the storage service uses a self-signed certificate. The secret must contain keys named ca.crt which will be injected into the trust store of registry's and chartmuseum's containers. ""
persistence.imageChartStorage.disableredirect The configuration for managing redirects from content backends. For backends which do not supported it (such as using MinIO® for s3 storage type), please set it to true to disable redirects. Refer to the guide for more information about the detail false
persistence.imageChartStorage.type The type of storage for images and charts: filesystem, azure, gcs, s3, swift or oss. The type must be filesystem if you want to use persistent volumes for registry and chartmuseum. Refer to the guide for more information about the detail filesystem
persistence.imageChartStorage.filesystem.rootdirectory Filesystem storage type setting: Storage root directory /storage
persistence.imageChartStorage.filesystem.maxthreads Filesystem storage type setting: Maximum threads directory ""
persistence.imageChartStorage.azure.accountname Azure storage type setting: Name of the Azure account accountname
persistence.imageChartStorage.azure.accountkey Azure storage type setting: Key of the Azure account base64encodedaccountkey
persistence.imageChartStorage.azure.container Azure storage type setting: Container containername
persistence.imageChartStorage.azure.storagePrefix Azure storage type setting: Storage prefix /azure/harbor/charts
persistence.imageChartStorage.azure.realm Azure storage type setting: Realm of the Azure account ""
persistence.imageChartStorage.gcs.bucket GCS storage type setting: Bucket name bucketname
persistence.imageChartStorage.gcs.encodedkey GCS storage type setting: Base64 encoded key base64-encoded-json-key-file
persistence.imageChartStorage.gcs.rootdirectory GCS storage type setting: Root directory name ""
persistence.imageChartStorage.gcs.chunksize GCS storage type setting: Chunk size name ""
persistence.imageChartStorage.s3.region S3 storage type setting: Region us-west-1
persistence.imageChartStorage.s3.bucket S3 storage type setting: Bucket name bucketname
persistence.imageChartStorage.s3.accesskey S3 storage type setting: Access key name ""
persistence.imageChartStorage.s3.secretkey S3 storage type setting: Secret Key name ""
persistence.imageChartStorage.s3.regionendpoint S3 storage type setting: Region Endpoint ""
persistence.imageChartStorage.s3.encrypt S3 storage type setting: Encrypt ""
persistence.imageChartStorage.s3.keyid S3 storage type setting: Key ID ""
persistence.imageChartStorage.s3.secure S3 storage type setting: Secure ""
persistence.imageChartStorage.s3.skipverify S3 storage type setting: TLS skip verification ""
persistence.imageChartStorage.s3.v4auth S3 storage type setting: V4 authorization ""
persistence.imageChartStorage.s3.chunksize S3 storage type setting: V4 authorization ""
persistence.imageChartStorage.s3.rootdirectory S3 storage type setting: Root directory name ""
persistence.imageChartStorage.s3.storageClass S3 storage type setting: Storage class ""
persistence.imageChartStorage.s3.sse S3 storage type setting: SSE name ""
persistence.imageChartStorage.swift.authurl Swift storage type setting: Authentication url https://storage.myprovider.com/v3/auth
persistence.imageChartStorage.swift.username Swift storage type setting: Authentication url ""
persistence.imageChartStorage.swift.password Swift storage type setting: Password ""
persistence.imageChartStorage.swift.container Swift storage type setting: Container ""
persistence.imageChartStorage.swift.region Swift storage type setting: Region ""
persistence.imageChartStorage.swift.tenant Swift storage type setting: Tenant ""
persistence.imageChartStorage.swift.tenantid Swift storage type setting: TenantID ""
persistence.imageChartStorage.swift.domain Swift storage type setting: Domain ""
persistence.imageChartStorage.swift.domainid Swift storage type setting: DomainID ""
persistence.imageChartStorage.swift.trustid Swift storage type setting: TrustID ""
persistence.imageChartStorage.swift.insecureskipverify Swift storage type setting: Verification ""
persistence.imageChartStorage.swift.chunksize Swift storage type setting: Chunk ""
persistence.imageChartStorage.swift.prefix Swift storage type setting: Prefix ""
persistence.imageChartStorage.swift.secretkey Swift storage type setting: Secre Key ""
persistence.imageChartStorage.swift.accesskey Swift storage type setting: Access Key ""
persistence.imageChartStorage.swift.authversion Swift storage type setting: Auth ""
persistence.imageChartStorage.swift.endpointtype Swift storage type setting: Endpoint ""
persistence.imageChartStorage.swift.tempurlcontainerkey Swift storage type setting: Temp URL container key ""
persistence.imageChartStorage.swift.tempurlmethods Swift storage type setting: Temp URL methods ""
persistence.imageChartStorage.oss.accesskeyid OSS storage type setting: Access key ID ""
persistence.imageChartStorage.oss.accesskeysecret OSS storage type setting: Access key secret name containing the token ""
persistence.imageChartStorage.oss.region OSS storage type setting: Region name ""
persistence.imageChartStorage.oss.bucket OSS storage type setting: Bucket name ""
persistence.imageChartStorage.oss.endpoint OSS storage type setting: Endpoint ""
persistence.imageChartStorage.oss.internal OSS storage type setting: Internal ""
persistence.imageChartStorage.oss.encrypt OSS storage type setting: Encrypt ""
persistence.imageChartStorage.oss.secure OSS storage type setting: Secure ""
persistence.imageChartStorage.oss.chunksize OSS storage type setting: Chunk ""
persistence.imageChartStorage.oss.rootdirectory OSS storage type setting: Directory ""
persistence.imageChartStorage.oss.secretkey OSS storage type setting: Secret key ""

Volume Permissions parameters

Name Description Value
volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume false
volumePermissions.image.registry Init container volume-permissions image registry docker.io
volumePermissions.image.repository Init container volume-permissions image repository bitnami/bitnami-shell
volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) 10-debian-10-r424
volumePermissions.image.pullPolicy Init container volume-permissions image pull policy IfNotPresent
volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets []
volumePermissions.resources.limits Init container volume-permissions resource limits {}
volumePermissions.resources.requests Init container volume-permissions resource requests {}
volumePermissions.containerSecurityContext.enabled Enable init container Security Context true
volumePermissions.containerSecurityContext.runAsUser User ID for the init container 0

NGINX Parameters

Name Description Value
nginx.image.registry NGINX image registry docker.io
nginx.image.repository NGINX image repository bitnami/nginx
nginx.image.tag NGINX image tag (immutable tags are recommended) 1.21.6-debian-10-r107
nginx.image.pullPolicy NGINX image pull policy IfNotPresent
nginx.image.pullSecrets NGINX image pull secrets []
nginx.image.debug Enable NGINX image debug mode false
nginx.tls.enabled Enable TLS termination true
nginx.tls.existingSecret Existing secret name containing your own TLS certificates. ""
nginx.tls.commonName The common name used to generate the self-signed TLS certificates core.harbor.domain
nginx.behindReverseProxy If NGINX is behind another reverse proxy, set to true false
nginx.command Override default container command (useful when using custom images) []
nginx.args Override default container args (useful when using custom images) []
nginx.extraEnvVars Array with extra environment variables to add NGINX pods []
nginx.extraEnvVarsCM ConfigMap containing extra environment variables for NGINX pods ""
nginx.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for NGINX pods ""
nginx.containerPorts.http NGINX HTTP container port 8080
nginx.containerPorts.https NGINX HTTPS container port 8443
nginx.containerPorts.notary NGINX container port where Notary svc is exposed 4443
nginx.replicaCount Number of NGINX replicas 1
nginx.livenessProbe.enabled Enable livenessProbe on NGINX containers true
nginx.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
nginx.livenessProbe.periodSeconds Period seconds for livenessProbe 10
nginx.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
nginx.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
nginx.livenessProbe.successThreshold Success threshold for livenessProbe 1
nginx.readinessProbe.enabled Enable readinessProbe on NGINX containers true
nginx.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
nginx.readinessProbe.periodSeconds Period seconds for readinessProbe 10
nginx.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
nginx.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
nginx.readinessProbe.successThreshold Success threshold for readinessProbe 1
nginx.startupProbe.enabled Enable startupProbe on NGINX containers false
nginx.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 10
nginx.startupProbe.periodSeconds Period seconds for startupProbe 10
nginx.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
nginx.startupProbe.failureThreshold Failure threshold for startupProbe 15
nginx.startupProbe.successThreshold Success threshold for startupProbe 1
nginx.customLivenessProbe Custom livenessProbe that overrides the default one {}
nginx.customReadinessProbe Custom readinessProbe that overrides the default one {}
nginx.customStartupProbe Custom startupProbe that overrides the default one {}
nginx.resources.limits The resources limits for the NGINX containers {}
nginx.resources.requests The requested resources for the NGINX containers {}
nginx.podSecurityContext.enabled Enabled NGINX pods' Security Context true
nginx.podSecurityContext.fsGroup Set NGINX pod's Security Context fsGroup 1001
nginx.containerSecurityContext.enabled Enabled NGINX containers' Security Context true
nginx.containerSecurityContext.runAsUser Set NGINX containers' Security Context runAsUser 1001
nginx.containerSecurityContext.runAsNonRoot Set NGINX containers' Security Context runAsNonRoot true
nginx.updateStrategy.type NGINX deployment strategy type - only really applicable for deployments with RWO PVs attached RollingUpdate
nginx.lifecycleHooks LifecycleHook for the NGINX container(s) to automate configuration before or after startup {}
nginx.hostAliases NGINX pods host aliases []
nginx.podLabels Add additional labels to the NGINX pods (evaluated as a template) {}
nginx.podAnnotations Annotations to add to the NGINX pods (evaluated as a template) {}
nginx.podAffinityPreset NGINX Pod affinity preset. Ignored if affinity is set. Allowed values: soft or hard ""
nginx.podAntiAffinityPreset NGINX Pod anti-affinity preset. Ignored if affinity is set. Allowed values: soft or hard soft
nginx.nodeAffinityPreset.type NGINX Node affinity preset type. Ignored if affinity is set. Allowed values: soft or hard ""
nginx.nodeAffinityPreset.key NGINX Node label key to match Ignored if affinity is set. ""
nginx.nodeAffinityPreset.values NGINX Node label values to match. Ignored if affinity is set. []
nginx.affinity NGINX Affinity for pod assignment {}
nginx.nodeSelector NGINX Node labels for pod assignment {}
nginx.tolerations NGINX Tolerations for pod assignment []
nginx.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
nginx.priorityClassName Priority Class Name ""
nginx.schedulerName Use an alternate scheduler, e.g. "stork". ""
nginx.sidecars Add additional sidecar containers to the NGINX pods []
nginx.initContainers Add additional init containers to the NGINX pods []
nginx.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the NGINX pods []
nginx.extraVolumes Optionally specify extra list of additional volumes for the NGINX pods []

Harbor Portal Parameters

Name Description Value
portal.image.registry Harbor Portal image registry docker.io
portal.image.repository Harbor Portal image repository bitnami/harbor-portal
portal.image.tag Harbor Portal image tag (immutable tags are recommended) 2.5.0-debian-10-r33
portal.image.pullPolicy Harbor Portal image pull policy IfNotPresent
portal.image.pullSecrets Harbor Portal image pull secrets []
portal.image.debug Enable Harbor Portal image debug mode false
portal.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ""
portal.command Override default container command (useful when using custom images) []
portal.args Override default container args (useful when using custom images) []
portal.extraEnvVars Array with extra environment variables to add Harbor Portal pods []
portal.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Portal pods ""
portal.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Portal pods ""
portal.containerPorts.http Harbor Portal HTTP container port 8080
portal.containerPorts.https Harbor Portal HTTPS container port 8443
portal.replicaCount Number of Harbor Portal replicas 1
portal.livenessProbe.enabled Enable livenessProbe on Harbor Portal containers true
portal.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
portal.livenessProbe.periodSeconds Period seconds for livenessProbe 10
portal.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
portal.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
portal.livenessProbe.successThreshold Success threshold for livenessProbe 1
portal.readinessProbe.enabled Enable readinessProbe on Harbor Portal containers true
portal.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
portal.readinessProbe.periodSeconds Period seconds for readinessProbe 10
portal.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
portal.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
portal.readinessProbe.successThreshold Success threshold for readinessProbe 1
portal.startupProbe.enabled Enable startupProbe on Harbor Portal containers false
portal.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
portal.startupProbe.periodSeconds Period seconds for startupProbe 10
portal.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
portal.startupProbe.failureThreshold Failure threshold for startupProbe 15
portal.startupProbe.successThreshold Success threshold for startupProbe 1
portal.customLivenessProbe Custom livenessProbe that overrides the default one {}
portal.customReadinessProbe Custom readinessProbe that overrides the default one {}
portal.customStartupProbe Custom startupProbe that overrides the default one {}
portal.resources.limits The resources limits for the Harbor Portal containers {}
portal.resources.requests The requested resources for the Harbor Portal containers {}
portal.podSecurityContext.enabled Enabled Harbor Portal pods' Security Context true
portal.podSecurityContext.fsGroup Set Harbor Portal pod's Security Context fsGroup 1001
portal.containerSecurityContext.enabled Enabled Harbor Portal containers' Security Context true
portal.containerSecurityContext.runAsUser Set Harbor Portal containers' Security Context runAsUser 1001
portal.containerSecurityContext.runAsNonRoot Set Harbor Portal containers' Security Context runAsNonRoot true
portal.updateStrategy.type Harbor Portal deployment strategy type - only really applicable for deployments with RWO PVs attached RollingUpdate
portal.lifecycleHooks LifecycleHook for the Harbor Portal container(s) to automate configuration before or after startup {}
portal.hostAliases Harbor Portal pods host aliases []
portal.podLabels Add additional labels to the Harbor Portal pods (evaluated as a template) {}
portal.podAnnotations Annotations to add to the Harbor Portal pods (evaluated as a template) {}
portal.podAffinityPreset Harbor Portal Pod affinity preset. Ignored if portal.affinity is set. Allowed values: soft or hard ""
portal.podAntiAffinityPreset Harbor Portal Pod anti-affinity preset. Ignored if portal.affinity is set. Allowed values: soft or hard soft
portal.nodeAffinityPreset.type Harbor Portal Node affinity preset type. Ignored if portal.affinity is set. Allowed values: soft or hard ""
portal.nodeAffinityPreset.key Harbor Portal Node label key to match Ignored if portal.affinity is set. ""
portal.nodeAffinityPreset.values Harbor Portal Node label values to match. Ignored if portal.affinity is set. []
portal.affinity Harbor Portal Affinity for pod assignment {}
portal.nodeSelector Harbor Portal Node labels for pod assignment {}
portal.tolerations Harbor Portal Tolerations for pod assignment []
portal.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
portal.priorityClassName Priority Class Name ""
portal.schedulerName Use an alternate scheduler, e.g. "stork". ""
portal.sidecars Add additional sidecar containers to the Harbor Portal pods []
portal.initContainers Add additional init containers to the Harbor Portal pods []
portal.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Portal pods []
portal.extraVolumes Optionally specify extra list of additional volumes for the Harbor Portal pods []
portal.automountServiceAccountToken Automount service account token false
portal.service.ports.http Harbor Portal HTTP service port 80
portal.service.ports.https Harbor Portal HTTPS service port 443

Harbor Core Parameters

Name Description Value
core.image.registry Harbor Core image registry docker.io
core.image.repository Harbor Core image repository bitnami/harbor-core
core.image.tag Harbor Core image tag (immutable tags are recommended) 2.5.0-debian-10-r34
core.image.pullPolicy Harbor Core image pull policy IfNotPresent
core.image.pullSecrets Harbor Core image pull secrets []
core.image.debug Enable Harbor Core image debug mode false
core.sessionLifetime Explicitly set a session timeout (in seconds) overriding the backend default. ""
core.uaaSecret If using external UAA auth which has a self signed cert, you can provide a pre-created secret containing it under the key ca.crt. ""
core.secretKey The key used for encryption. Must be a string of 16 chars ""
core.secret Secret used when the core server communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. ""
core.secretName Fill the name of a kubernetes secret if you want to use your own TLS certificate and private key for token encryption/decryption. The secret must contain two keys named: tls.crt - the certificate and tls.key - the private key. The default key pair will be used if it isn't set ""
core.csrfKey The CSRF key. Will be generated automatically if it isn't specified ""
core.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ""
core.command Override default container command (useful when using custom images) []
core.args Override default container args (useful when using custom images) []
core.extraEnvVars Array with extra environment variables to add Harbor Core pods []
core.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Core pods ""
core.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Core pods ""
core.configOverwriteJson String containing a JSON with configuration overrides ""
core.configOverwriteJsonSecret Secret containing the JSON configuration overrides ""
core.containerPorts.http Harbor Core HTTP container port 8080
core.containerPorts.https Harbor Core HTTPS container port 8443
core.containerPorts.metrics Harbor Core metrics container port 8001
core.replicaCount Number of Harbor Core replicas 1
core.livenessProbe.enabled Enable livenessProbe on Harbor Core containers true
core.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
core.livenessProbe.periodSeconds Period seconds for livenessProbe 10
core.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
core.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
core.livenessProbe.successThreshold Success threshold for livenessProbe 1
core.readinessProbe.enabled Enable readinessProbe on Harbor Core containers true
core.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
core.readinessProbe.periodSeconds Period seconds for readinessProbe 10
core.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
core.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
core.readinessProbe.successThreshold Success threshold for readinessProbe 1
core.startupProbe.enabled Enable startupProbe on Harbor Core containers false
core.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
core.startupProbe.periodSeconds Period seconds for startupProbe 10
core.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
core.startupProbe.failureThreshold Failure threshold for startupProbe 15
core.startupProbe.successThreshold Success threshold for startupProbe 1
core.customLivenessProbe Custom livenessProbe that overrides the default one {}
core.customReadinessProbe Custom readinessProbe that overrides the default one {}
core.customStartupProbe Custom startupProbe that overrides the default one {}
core.resources.limits The resources limits for the Harbor Core containers {}
core.resources.requests The requested resources for the Harbor Core containers {}
core.podSecurityContext.enabled Enabled Harbor Core pods' Security Context true
core.podSecurityContext.fsGroup Set Harbor Core pod's Security Context fsGroup 1001
core.containerSecurityContext.enabled Enabled Harbor Core containers' Security Context true
core.containerSecurityContext.runAsUser Set Harbor Core containers' Security Context runAsUser 1001
core.containerSecurityContext.runAsNonRoot Set Harbor Core containers' Security Context runAsNonRoot true
core.updateStrategy.type Harbor Core deployment strategy type - only really applicable for deployments with RWO PVs attached RollingUpdate
core.lifecycleHooks LifecycleHook for the Harbor Core container(s) to automate configuration before or after startup {}
core.hostAliases Harbor Core pods host aliases []
core.podLabels Add additional labels to the Harbor Core pods (evaluated as a template) {}
core.podAnnotations Annotations to add to the Harbor Core pods (evaluated as a template) {}
core.podAffinityPreset Harbor Core Pod affinity preset. Ignored if core.affinity is set. Allowed values: soft or hard ""
core.podAntiAffinityPreset Harbor Core Pod anti-affinity preset. Ignored if core.affinity is set. Allowed values: soft or hard soft
core.nodeAffinityPreset.type Harbor Core Node affinity preset type. Ignored if core.affinity is set. Allowed values: soft or hard ""
core.nodeAffinityPreset.key Harbor Core Node label key to match Ignored if core.affinity is set. ""
core.nodeAffinityPreset.values Harbor Core Node label values to match. Ignored if core.affinity is set. []
core.affinity Harbor Core Affinity for pod assignment {}
core.nodeSelector Harbor Core Node labels for pod assignment {}
core.tolerations Harbor Core Tolerations for pod assignment []
core.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
core.priorityClassName Priority Class Name ""
core.schedulerName Use an alternate scheduler, e.g. "stork". ""
core.sidecars Add additional sidecar containers to the Harbor Core pods []
core.initContainers Add additional init containers to the Harbor Core pods []
core.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Core pods []
core.extraVolumes Optionally specify extra list of additional volumes for the Harbor Core pods []
core.automountServiceAccountToken Automount service account token false
core.service.ports.http Harbor Core HTTP service port 80
core.service.ports.https Harbor Core HTTPS service port 443
core.service.ports.metrics Harbor Core metrics service port 8001

Harbor Jobservice Parameters

Name Description Value
jobservice.image.registry Harbor Jobservice image registry docker.io
jobservice.image.repository Harbor Jobservice image repository bitnami/harbor-jobservice
jobservice.image.tag Harbor Jobservice image tag (immutable tags are recommended) 2.5.0-debian-10-r24
jobservice.image.pullPolicy Harbor Jobservice image pull policy IfNotPresent
jobservice.image.pullSecrets Harbor Jobservice image pull secrets []
jobservice.image.debug Enable Harbor Jobservice image debug mode false
jobservice.maxJobWorkers The max job workers 10
jobservice.redisNamespace Redis namespace for jobservice harbor_job_service_namespace
jobservice.jobLogger The logger for jobs: file, database or stdout file
jobservice.secret Secret used when the job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. ""
jobservice.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ""
jobservice.command Override default container command (useful when using custom images) []
jobservice.args Override default container args (useful when using custom images) []
jobservice.extraEnvVars Array with extra environment variables to add Harbor Jobservice pods []
jobservice.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Jobservice pods ""
jobservice.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Jobservice pods ""
jobservice.containerPorts.http Harbor Jobservice HTTP container port 8080
jobservice.containerPorts.https Harbor Jobservice HTTPS container port 8443
jobservice.containerPorts.metrics Harbor Jobservice metrics container port 8001
jobservice.replicaCount Number of Harbor Jobservice replicas 1
jobservice.livenessProbe.enabled Enable livenessProbe on Harbor Jobservice containers true
jobservice.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
jobservice.livenessProbe.periodSeconds Period seconds for livenessProbe 10
jobservice.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
jobservice.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
jobservice.livenessProbe.successThreshold Success threshold for livenessProbe 1
jobservice.readinessProbe.enabled Enable readinessProbe on Harbor Jobservice containers true
jobservice.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
jobservice.readinessProbe.periodSeconds Period seconds for readinessProbe 10
jobservice.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
jobservice.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
jobservice.readinessProbe.successThreshold Success threshold for readinessProbe 1
jobservice.startupProbe.enabled Enable startupProbe on Harbor Jobservice containers false
jobservice.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
jobservice.startupProbe.periodSeconds Period seconds for startupProbe 10
jobservice.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
jobservice.startupProbe.failureThreshold Failure threshold for startupProbe 15
jobservice.startupProbe.successThreshold Success threshold for startupProbe 1
jobservice.customLivenessProbe Custom livenessProbe that overrides the default one {}
jobservice.customReadinessProbe Custom readinessProbe that overrides the default one {}
jobservice.customStartupProbe Custom startupProbe that overrides the default one {}
jobservice.resources.limits The resources limits for the Harbor Jobservice containers {}
jobservice.resources.requests The requested resources for the Harbor Jobservice containers {}
jobservice.podSecurityContext.enabled Enabled Harbor Jobservice pods' Security Context true
jobservice.podSecurityContext.fsGroup Set Harbor Jobservice pod's Security Context fsGroup 1001
jobservice.containerSecurityContext.enabled Enabled Harbor Jobservice containers' Security Context true
jobservice.containerSecurityContext.runAsUser Set Harbor Jobservice containers' Security Context runAsUser 1001
jobservice.containerSecurityContext.runAsNonRoot Set Harbor Jobservice containers' Security Context runAsNonRoot true
jobservice.updateStrategy.type Harbor Jobservice deployment strategy type - only really applicable for deployments with RWO PVs attached RollingUpdate
jobservice.lifecycleHooks LifecycleHook for the Harbor Jobservice container(s) to automate configuration before or after startup {}
jobservice.hostAliases Harbor Jobservice pods host aliases []
jobservice.podLabels Add additional labels to the Harbor Jobservice pods (evaluated as a template) {}
jobservice.podAnnotations Annotations to add to the Harbor Jobservice pods (evaluated as a template) {}
jobservice.podAffinityPreset Harbor Jobservice Pod affinity preset. Ignored if jobservice.affinity is set. Allowed values: soft or hard ""
jobservice.podAntiAffinityPreset Harbor Jobservice Pod anti-affinity preset. Ignored if jobservice.affinity is set. Allowed values: soft or hard soft
jobservice.nodeAffinityPreset.type Harbor Jobservice Node affinity preset type. Ignored if jobservice.affinity is set. Allowed values: soft or hard ""
jobservice.nodeAffinityPreset.key Harbor Jobservice Node label key to match Ignored if jobservice.affinity is set. ""
jobservice.nodeAffinityPreset.values Harbor Jobservice Node label values to match. Ignored if jobservice.affinity is set. []
jobservice.affinity Harbor Jobservice Affinity for pod assignment {}
jobservice.nodeSelector Harbor Jobservice Node labels for pod assignment {}
jobservice.tolerations Harbor Jobservice Tolerations for pod assignment []
jobservice.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
jobservice.priorityClassName Priority Class Name ""
jobservice.schedulerName Use an alternate scheduler, e.g. "stork". ""
jobservice.sidecars Add additional sidecar containers to the Harbor Jobservice pods []
jobservice.initContainers Add additional init containers to the Harbor Jobservice pods []
jobservice.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Jobservice pods []
jobservice.extraVolumes Optionally specify extra list of additional volumes for the Harbor Jobservice pods []
jobservice.automountServiceAccountToken Automount service account token false
jobservice.service.ports.http Harbor Jobservice HTTP service port 80
jobservice.service.ports.https Harbor Jobservice HTTPS service port 443
jobservice.service.ports.metrics Harbor Jobservice HTTPS service port 8001

Harbor Registry Parameters

Name Description Value
registry.secret Secret is used to secure the upload state from client and registry storage backend. See: https://github.com/docker/distribution/blob/master/docs/configuration.md ""
registry.relativeurls Make the registry return relative URLs in Location headers. The client is responsible for resolving the correct URL. false
registry.credentials.username The username for accessing the registry instance, which is hosted by htpasswd auth mode. More details see official docs harbor_registry_user
registry.credentials.password The password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see official docs. It is suggested you update this value before installation. harbor_registry_password
registry.credentials.htpasswd The content of htpasswd file based on the value of registry.credentials.username registry.credentials.password. Currently helm does not support bcrypt in the template script, if the credential is updated you need to manually generated by calling harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m
registry.middleware.enabled Middleware is used to add support for a CDN between backend storage and docker pull recipient. See false
registry.middleware.type CDN type for the middleware cloudFront
registry.middleware.cloudFront.baseurl CloudFront CDN settings: Base URL example.cloudfront.net
registry.middleware.cloudFront.keypairid CloudFront CDN settings: Keypair ID KEYPAIRID
registry.middleware.cloudFront.duration CloudFront CDN settings: Duration 3000s
registry.middleware.cloudFront.ipfilteredby CloudFront CDN settings: IP filters none
registry.middleware.cloudFront.privateKeySecret CloudFront CDN settings: Secret name with the private key my-secret
registry.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ""
registry.replicaCount Number of Harbor Registry replicas 1
registry.podSecurityContext.enabled Enabled Harbor Registry pods' Security Context true
registry.podSecurityContext.fsGroup Set Harbor Registry pod's Security Context fsGroup 1001
registry.updateStrategy.type Harbor Registry deployment strategy type - only really applicable for deployments with RWO PVs attached RollingUpdate
registry.hostAliases Harbor Registry pods host aliases []
registry.podLabels Add additional labels to the Harbor Registry pods (evaluated as a template) {}
registry.podAnnotations Annotations to add to the Harbor Registry pods (evaluated as a template) {}
registry.podAffinityPreset Harbor Registry Pod affinity preset. Ignored if registry.affinity is set. Allowed values: soft or hard ""
registry.podAntiAffinityPreset Harbor Registry Pod anti-affinity preset. Ignored if registry.affinity is set. Allowed values: soft or hard soft
registry.nodeAffinityPreset.type Harbor Registry Node affinity preset type. Ignored if registry.affinity is set. Allowed values: soft or hard ""
registry.nodeAffinityPreset.key Harbor Registry Node label key to match Ignored if registry.affinity is set. ""
registry.nodeAffinityPreset.values Harbor Registry Node label values to match. Ignored if registry.affinity is set. []
registry.affinity Harbor Registry Affinity for pod assignment {}
registry.nodeSelector Harbor Registry Node labels for pod assignment {}
registry.tolerations Harbor Registry Tolerations for pod assignment []
registry.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
registry.priorityClassName Priority Class Name ""
registry.schedulerName Use an alternate scheduler, e.g. "stork". ""
registry.sidecars Add additional sidecar containers to the Harbor Registry pods []
registry.initContainers Add additional init containers to the Harbor Registry pods []
registry.extraVolumes Optionally specify extra list of additional volumes for the Harbor Registry pods []
registry.automountServiceAccountToken Automount service account token false
registry.server.image.registry Harbor Registry image registry docker.io
registry.server.image.repository Harbor Registry image repository bitnami/harbor-registry
registry.server.image.tag Harbor Registry image tag (immutable tags are recommended) 2.5.0-debian-10-r32
registry.server.image.pullPolicy Harbor Registry image pull policy IfNotPresent
registry.server.image.pullSecrets Harbor Registry image pull secrets []
registry.server.image.debug Enable Harbor Registry image debug mode false
registry.server.command Override default container command (useful when using custom images) []
registry.server.args Override default container args (useful when using custom images) []
registry.server.extraEnvVars Array with extra environment variables to add Harbor Registry main containers []
registry.server.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Registry main containers ""
registry.server.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Registry main containers ""
registry.server.containerPorts.http Harbor Registry HTTP container port 5000
registry.server.containerPorts.https Harbor Registry HTTPS container port 5443
registry.server.containerPorts.debug Harbor Registry debug container port 5001
registry.server.containerPorts.metrics Harbor Registry metrics container port 8001
registry.server.livenessProbe.enabled Enable livenessProbe on Harbor Registry main containers true
registry.server.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
registry.server.livenessProbe.periodSeconds Period seconds for livenessProbe 10
registry.server.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
registry.server.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
registry.server.livenessProbe.successThreshold Success threshold for livenessProbe 1
registry.server.readinessProbe.enabled Enable readinessProbe on Harbor Registry main containers true
registry.server.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
registry.server.readinessProbe.periodSeconds Period seconds for readinessProbe 10
registry.server.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
registry.server.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
registry.server.readinessProbe.successThreshold Success threshold for readinessProbe 1
registry.server.startupProbe.enabled Enable startupProbe on Harbor Registry main containers false
registry.server.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
registry.server.startupProbe.periodSeconds Period seconds for startupProbe 10
registry.server.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
registry.server.startupProbe.failureThreshold Failure threshold for startupProbe 15
registry.server.startupProbe.successThreshold Success threshold for startupProbe 1
registry.server.customLivenessProbe Custom livenessProbe that overrides the default one {}
registry.server.customReadinessProbe Custom readinessProbe that overrides the default one {}
registry.server.customStartupProbe Custom startupProbe that overrides the default one {}
registry.server.resources.limits The resources limits for the Harbor Registry main containers {}
registry.server.resources.requests The requested resources for the Harbor Registry main containers {}
registry.server.containerSecurityContext.enabled Enabled Harbor Registry main containers' Security Context true
registry.server.containerSecurityContext.runAsUser Set Harbor Registry main containers' Security Context runAsUser 1001
registry.server.containerSecurityContext.runAsNonRoot Set Harbor Registry main containers' Security Context runAsNonRoot true
registry.server.lifecycleHooks LifecycleHook for the Harbor Registry main container(s) to automate configuration before or after startup {}
registry.server.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Registry main pods []
registry.server.service.ports.http Harbor Registry HTTP service port 5000
registry.server.service.ports.https Harbor Registry HTTPS service port 5443
registry.server.service.ports.metrics Harbor Registry metrics service port 8001
registry.controller.image.registry Harbor Registryctl image registry docker.io
registry.controller.image.repository Harbor Registryctl image repository bitnami/harbor-registryctl
registry.controller.image.tag Harbor Registryctl image tag (immutable tags are recommended) 2.5.0-debian-10-r32
registry.controller.image.pullPolicy Harbor Registryctl image pull policy IfNotPresent
registry.controller.image.pullSecrets Harbor Registryctl image pull secrets []
registry.controller.image.debug Enable Harbor Registryctl image debug mode false
registry.controller.command Override default container command (useful when using custom images) []
registry.controller.args Override default container args (useful when using custom images) []
registry.controller.extraEnvVars Array with extra environment variables to add Harbor Registryctl containers []
registry.controller.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Registryctl containers ""
registry.controller.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Registryctl containers ""
registry.controller.containerPorts.http Harbor Registryctl HTTP container port 8080
registry.controller.containerPorts.https Harbor Registryctl HTTPS container port 8443
registry.controller.livenessProbe.enabled Enable livenessProbe on Harbor Registryctl containers true
registry.controller.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
registry.controller.livenessProbe.periodSeconds Period seconds for livenessProbe 10
registry.controller.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
registry.controller.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
registry.controller.livenessProbe.successThreshold Success threshold for livenessProbe 1
registry.controller.readinessProbe.enabled Enable readinessProbe on Harbor Registryctl containers true
registry.controller.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
registry.controller.readinessProbe.periodSeconds Period seconds for readinessProbe 10
registry.controller.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
registry.controller.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
registry.controller.readinessProbe.successThreshold Success threshold for readinessProbe 1
registry.controller.startupProbe.enabled Enable startupProbe on Harbor Registryctl containers false
registry.controller.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
registry.controller.startupProbe.periodSeconds Period seconds for startupProbe 10
registry.controller.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
registry.controller.startupProbe.failureThreshold Failure threshold for startupProbe 15
registry.controller.startupProbe.successThreshold Success threshold for startupProbe 1
registry.controller.customLivenessProbe Custom livenessProbe that overrides the default one {}
registry.controller.customReadinessProbe Custom readinessProbe that overrides the default one {}
registry.controller.customStartupProbe Custom startupProbe that overrides the default one {}
registry.controller.resources.limits The resources limits for the Harbor Registryctl containers {}
registry.controller.resources.requests The requested resources for the Harbor Registryctl containers {}
registry.controller.containerSecurityContext.enabled Enabled Harbor Registryctl containers' Security Context true
registry.controller.containerSecurityContext.runAsUser Set Harbor Registryctl containers' Security Context runAsUser 1001
registry.controller.containerSecurityContext.runAsNonRoot Set Harbor Registryctl containers' Security Context runAsNonRoot true
registry.controller.lifecycleHooks LifecycleHook for the Harbor Registryctl container(s) to automate configuration before or after startup {}
registry.controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Registryctl pods []
registry.controller.service.ports.http Harbor Registryctl HTTP service port 8080
registry.controller.service.ports.https Harbor Registryctl HTTPS service port 8443

ChartMuseum Parameters

Name Description Value
chartmuseum.image.registry ChartMuseum image registry docker.io
chartmuseum.image.repository ChartMuseum image repository bitnami/chartmuseum
chartmuseum.image.tag ChartMuseum image tag (immutable tags are recommended) 0.14.0-debian-10-r99
chartmuseum.image.pullPolicy ChartMuseum image pull policy IfNotPresent
chartmuseum.image.pullSecrets ChartMuseum image pull secrets []
chartmuseum.image.debug Enable ChartMuseum image debug mode false
chartmuseum.enabled Enable ChartMuseum true
chartmuseum.useRedisCache Specify if ChartMuseum will use redis cache true
chartmuseum.absoluteUrl Specify an absolute URL for ChartMuseum registry false
chartmuseum.chartRepoName Specify the endpoint for the chartmuseum registry. Only applicable if chartmuseum.absoluteUrl is true chartsRepo
chartmuseum.depth Support for multitenancy. More info here 1
chartmuseum.logJson Print logs on JSON format false
chartmuseum.disableMetrics Disable prometheus metrics exposure false
chartmuseum.disableApi Disable all the routes prefixed with /api false
chartmuseum.disableStatefiles Disable use of index-cache.yaml false
chartmuseum.allowOverwrite Allow chart versions to be re-uploaded without force querystring true
chartmuseum.anonymousGet Allow anonymous GET operations false
chartmuseum.contextPath Set the base context path for ChartMuseum ""
chartmuseum.indexLimit Limit the number of parallels indexes for ChartMuseum ""
chartmuseum.chartPostFormFieldName Form field which will be queried for the chart file content ""
chartmuseum.provPostFormFieldName Form field which will be queried for the provenance file content ""
chartmuseum.maxStorageObjects Maximum storage objects ""
chartmuseum.maxUploadSize Maximum upload size ""
chartmuseum.storageTimestampTolerance Timestamp tolerance size 1s
chartmuseum.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ""
chartmuseum.command Override default container command (useful when using custom images) []
chartmuseum.args Override default container args (useful when using custom images) []
chartmuseum.extraEnvVars Array with extra environment variables to add Chartmuseum pods []
chartmuseum.extraEnvVarsCM ConfigMap containing extra environment variables for Chartmuseum pods ""
chartmuseum.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Chartmuseum pods ""
chartmuseum.containerPorts.http Chartmuseum HTTP container port 9999
chartmuseum.containerPorts.https Chartmuseum HTTPS container port 9443
chartmuseum.replicaCount Number of Chartmuseum replicas 1
chartmuseum.livenessProbe.enabled Enable livenessProbe on Chartmuseum containers true
chartmuseum.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
chartmuseum.livenessProbe.periodSeconds Period seconds for livenessProbe 10
chartmuseum.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
chartmuseum.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
chartmuseum.livenessProbe.successThreshold Success threshold for livenessProbe 1
chartmuseum.readinessProbe.enabled Enable readinessProbe on Chartmuseum containers true
chartmuseum.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
chartmuseum.readinessProbe.periodSeconds Period seconds for readinessProbe 10
chartmuseum.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
chartmuseum.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
chartmuseum.readinessProbe.successThreshold Success threshold for readinessProbe 1
chartmuseum.startupProbe.enabled Enable startupProbe on Chartmuseum containers false
chartmuseum.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
chartmuseum.startupProbe.periodSeconds Period seconds for startupProbe 10
chartmuseum.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
chartmuseum.startupProbe.failureThreshold Failure threshold for startupProbe 15
chartmuseum.startupProbe.successThreshold Success threshold for startupProbe 1
chartmuseum.customLivenessProbe Custom livenessProbe that overrides the default one {}
chartmuseum.customReadinessProbe Custom readinessProbe that overrides the default one {}
chartmuseum.customStartupProbe Custom startupProbe that overrides the default one {}
chartmuseum.resources.limits The resources limits for the Chartmuseum containers {}
chartmuseum.resources.requests The requested resources for the Chartmuseum containers {}
chartmuseum.podSecurityContext.enabled Enabled Chartmuseum pods' Security Context true
chartmuseum.podSecurityContext.fsGroup Set Chartmuseum pod's Security Context fsGroup 1001
chartmuseum.containerSecurityContext.enabled Enabled Chartmuseum containers' Security Context true
chartmuseum.containerSecurityContext.runAsUser Set Chartmuseum containers' Security Context runAsUser 1001
chartmuseum.containerSecurityContext.runAsNonRoot Set Chartmuseum containers' Security Context runAsNonRoot true
chartmuseum.updateStrategy.type Chartmuseum deployment strategy type - only really applicable for deployments with RWO PVs attached RollingUpdate
chartmuseum.lifecycleHooks LifecycleHook for the Chartmuseum container(s) to automate configuration before or after startup {}
chartmuseum.hostAliases Chartmuseum pods host aliases []
chartmuseum.podLabels Add additional labels to the Chartmuseum pods (evaluated as a template) {}
chartmuseum.podAnnotations Annotations to add to the Chartmuseum pods (evaluated as a template) {}
chartmuseum.podAffinityPreset Chartmuseum Pod affinity preset. Ignored if chartmuseum.affinity is set. Allowed values: soft or hard ""
chartmuseum.podAntiAffinityPreset Chartmuseum Pod anti-affinity preset. Ignored if chartmuseum.affinity is set. Allowed values: soft or hard soft
chartmuseum.nodeAffinityPreset.type Chartmuseum Node affinity preset type. Ignored if chartmuseum.affinity is set. Allowed values: soft or hard ""
chartmuseum.nodeAffinityPreset.key Chartmuseum Node label key to match Ignored if chartmuseum.affinity is set. ""
chartmuseum.nodeAffinityPreset.values Chartmuseum Node label values to match. Ignored if chartmuseum.affinity is set. []
chartmuseum.affinity Chartmuseum Affinity for pod assignment {}
chartmuseum.nodeSelector Chartmuseum Node labels for pod assignment {}
chartmuseum.tolerations Chartmuseum Tolerations for pod assignment []
chartmuseum.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
chartmuseum.priorityClassName Priority Class Name ""
chartmuseum.schedulerName Use an alternate scheduler, e.g. "stork". ""
chartmuseum.sidecars Add additional sidecar containers to the Chartmuseum pods []
chartmuseum.initContainers Add additional init containers to the Chartmuseum pods []
chartmuseum.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Chartmuseum pods []
chartmuseum.extraVolumes Optionally specify extra list of additional volumes for the Chartmuseum pods []
chartmuseum.automountServiceAccountToken Automount service account token false
chartmuseum.service.ports.http Chartmuseum HTTP service port 80
chartmuseum.service.ports.https Chartmuseum HTTPS service port 443

Clair Parameters

Name Description Value
clair.enabled Enable Clair scanner. Add it as an additional interrogation service by following https://goharbor.io/docs/latest/administration/vulnerability-scanning/pluggable-scanners false
clair.httpProxy The http proxy used to update vulnerabilities database from internet ""
clair.httpsProxy The https proxy used to update vulnerabilities database from internet ""
clair.updatersInterval The interval of clair updaters (hours), set to 0 to disable 12
clair.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ""
clair.replicaCount Number of Clair replicas 1
clair.podSecurityContext.enabled Enabled Clair pods' Security Context true
clair.podSecurityContext.fsGroup Set Clair pod's Security Context fsGroup 1001
clair.updateStrategy.type Clair deployment strategy type - only really applicable for deployments with RWO PVs attached RollingUpdate
clair.hostAliases Clair pods host aliases []
clair.podLabels Add additional labels to the Clair pods (evaluated as a template) {}
clair.podAnnotations Annotations to add to the Clair pods (evaluated as a template) {}
clair.podAffinityPreset Clair Pod affinity preset. Ignored if clair.affinity is set. Allowed values: soft or hard ""
clair.podAntiAffinityPreset Clair Pod anti-affinity preset. Ignored if clair.affinity is set. Allowed values: soft or hard soft
clair.nodeAffinityPreset.type Clair Node affinity preset type. Ignored if clair.affinity is set. Allowed values: soft or hard ""
clair.nodeAffinityPreset.key Clair Node label key to match Ignored if clair.affinity is set. ""
clair.nodeAffinityPreset.values Clair Node label values to match. Ignored if clair.affinity is set. []
clair.affinity Clair Affinity for pod assignment {}
clair.nodeSelector Clair Node labels for pod assignment {}
clair.tolerations Clair Tolerations for pod assignment []
clair.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
clair.priorityClassName Priority Class Name ""
clair.schedulerName Use an alternate scheduler, e.g. "stork". ""
clair.sidecars Add additional sidecar containers to the Clair pods []
clair.initContainers Add additional init containers to the Clair pods []
clair.extraVolumes Optionally specify extra list of additional volumes for the Clair pods []
clair.automountServiceAccountToken Automount service account token false
clair.adapter.image.registry Harbor Adapter for Clair image registry docker.io
clair.adapter.image.repository Harbor Adapter for Clair image repository bitnami/harbor-adapter-clair
clair.adapter.image.tag Harbor Adapter for Clair image tag (immutable tags are recommended) 2.5.0-debian-10-r31
clair.adapter.image.pullPolicy Harbor Adapter for Clair image pull policy IfNotPresent
clair.adapter.image.pullSecrets Harbor Adapter for Clair image pull secrets []
clair.adapter.image.debug Enable Harbor Adapter for Clair image debug mode false
clair.adapter.command Override default container command (useful when using custom images) []
clair.adapter.args Override default container args (useful when using custom images) []
clair.adapter.extraEnvVars Array with extra environment variables to add Harbor Adapter for Clair containers []
clair.adapter.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Adapter for Clair containers ""
clair.adapter.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Adapter for Clair containers ""
clair.adapter.containerPorts.http Harbor Adapter for Clair HTTP container port 8080
clair.adapter.containerPorts.https Harbor Adapter for Clair HTTPS container port 8443
clair.adapter.livenessProbe.enabled Enable livenessProbe on Harbor Adapter for Clair containers true
clair.adapter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
clair.adapter.livenessProbe.periodSeconds Period seconds for livenessProbe 10
clair.adapter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
clair.adapter.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
clair.adapter.livenessProbe.successThreshold Success threshold for livenessProbe 1
clair.adapter.readinessProbe.enabled Enable readinessProbe on Harbor Adapter for Clair containers true
clair.adapter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
clair.adapter.readinessProbe.periodSeconds Period seconds for readinessProbe 10
clair.adapter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
clair.adapter.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
clair.adapter.readinessProbe.successThreshold Success threshold for readinessProbe 1
clair.adapter.startupProbe.enabled Enable startupProbe on Harbor Adapter for Clair containers false
clair.adapter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
clair.adapter.startupProbe.periodSeconds Period seconds for startupProbe 10
clair.adapter.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
clair.adapter.startupProbe.failureThreshold Failure threshold for startupProbe 15
clair.adapter.startupProbe.successThreshold Success threshold for startupProbe 1
clair.adapter.customLivenessProbe Custom livenessProbe that overrides the default one {}
clair.adapter.customReadinessProbe Custom readinessProbe that overrides the default one {}
clair.adapter.customStartupProbe Custom startupProbe that overrides the default one {}
clair.adapter.resources.limits The resources limits for the Harbor Adapter for Clair containers {}
clair.adapter.resources.requests The requested resources for the Harbor Adapter for Clair containers {}
clair.adapter.containerSecurityContext.enabled Enabled Harbor Adapter for Clair containers' Security Context true
clair.adapter.containerSecurityContext.runAsUser Set Harbor Adapter for Clair containers' Security Context runAsUser 1001
clair.adapter.containerSecurityContext.runAsNonRoot Set Harbor Adapter for Clair containers' Security Context runAsNonRoot true
clair.adapter.lifecycleHooks LifecycleHook for the Harbor Adapter for Clair container(s) to automate configuration before or after startup {}
clair.adapter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Adapter for Clair pods []
clair.adapter.service.ports.http Harbor Adapter for Clair HTTP service port 8080
clair.adapter.service.ports.https Harbor Adapter for Clair HTTPS service port 8443
clair.server.image.registry Harbor Clair image registry docker.io
clair.server.image.repository Harbor Clair image repository bitnami/harbor-clair
clair.server.image.tag Harbor Clair image tag (immutable tags are recommended) 2.5.0-debian-10-r32
clair.server.image.pullPolicy Harbor Clair image pull policy IfNotPresent
clair.server.image.pullSecrets Harbor Clair image pull secrets []
clair.server.image.debug Enable Harbor Clair image debug mode false
clair.server.command Override default container command (useful when using custom images) []
clair.server.args Override default container args (useful when using custom images) []
clair.server.extraEnvVars Array with extra environment variables to add Harbor Clair containers []
clair.server.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Clair containers ""
clair.server.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Clair containers ""
clair.server.containerPorts.api Harbor Clair API container port 6060
clair.server.containerPorts.health Harbor Clair health container port 6061
clair.server.livenessProbe.enabled Enable livenessProbe on Harbor Clair containers true
clair.server.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
clair.server.livenessProbe.periodSeconds Period seconds for livenessProbe 10
clair.server.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
clair.server.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
clair.server.livenessProbe.successThreshold Success threshold for livenessProbe 1
clair.server.readinessProbe.enabled Enable readinessProbe on Harbor Clair containers true
clair.server.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
clair.server.readinessProbe.periodSeconds Period seconds for readinessProbe 10
clair.server.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
clair.server.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
clair.server.readinessProbe.successThreshold Success threshold for readinessProbe 1
clair.server.startupProbe.enabled Enable startupProbe on Harbor Clair containers false
clair.server.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
clair.server.startupProbe.periodSeconds Period seconds for startupProbe 10
clair.server.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
clair.server.startupProbe.failureThreshold Failure threshold for startupProbe 15
clair.server.startupProbe.successThreshold Success threshold for startupProbe 1
clair.server.customLivenessProbe Custom livenessProbe that overrides the default one {}
clair.server.customReadinessProbe Custom readinessProbe that overrides the default one {}
clair.server.customStartupProbe Custom startupProbe that overrides the default one {}
clair.server.resources.limits The resources limits for the Harbor Clair containers {}
clair.server.resources.requests The requested resources for the Harbor Clair containers {}
clair.server.containerSecurityContext.enabled Enabled Harbor Clair containers' Security Context true
clair.server.containerSecurityContext.runAsUser Set Harbor Clair containers' Security Context runAsUser 1001
clair.server.containerSecurityContext.runAsNonRoot Set Harbor Clair containers' Security Context runAsNonRoot true
clair.server.lifecycleHooks LifecycleHook for the Harbor Clair container(s) to automate configuration before or after startup {}
clair.server.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Clair pods []
clair.server.service.ports.api Harbor Clair API service port 6060
clair.server.service.ports.health Harbor Clair health service port 6061

Notary Parameters

Name Description Value
notary.enabled Enable Notary true
notary.secretName Fill the name of a kubernetes secret if you want to use your own TLS certificate authority, certificate and private key for notary communications. The secret must contain keys named notary-signer-ca.crt, notary-signer.key and notary-signer.crt that contain the CA, certificate and private key. They will be generated if not set. ""
notary.server.image.registry Harbor Notary Server image registry docker.io
notary.server.image.repository Harbor Notary Server image repository bitnami/harbor-notary-server
notary.server.image.tag Harbor Notary Server image tag (immutable tags are recommended) 2.5.0-debian-10-r32
notary.server.image.pullPolicy Harbor Notary Server image pull policy IfNotPresent
notary.server.image.pullSecrets Harbor Notary Server image pull secrets []
notary.server.image.debug Enable Harbor Notary Server image debug mode false
notary.server.command Override default container command (useful when using custom images) []
notary.server.args Override default container args (useful when using custom images) []
notary.server.extraEnvVars Array with extra environment variables to add Harbor Notary Server pods []
notary.server.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Notary Server pods ""
notary.server.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Notary Server pods ""
notary.server.containerPorts.server Harbor Notary Server container port 4443
notary.server.replicaCount Number of Harbor Notary Server replicas 1
notary.server.livenessProbe.enabled Enable livenessProbe on Harbor Notary Server containers true
notary.server.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
notary.server.livenessProbe.periodSeconds Period seconds for livenessProbe 10
notary.server.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
notary.server.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
notary.server.livenessProbe.successThreshold Success threshold for livenessProbe 1
notary.server.readinessProbe.enabled Enable readinessProbe on Harbor Notary Server containers true
notary.server.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
notary.server.readinessProbe.periodSeconds Period seconds for readinessProbe 10
notary.server.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
notary.server.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
notary.server.readinessProbe.successThreshold Success threshold for readinessProbe 1
notary.server.startupProbe.enabled Enable startupProbe on Harbor Notary Server containers false
notary.server.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
notary.server.startupProbe.periodSeconds Period seconds for startupProbe 10
notary.server.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
notary.server.startupProbe.failureThreshold Failure threshold for startupProbe 15
notary.server.startupProbe.successThreshold Success threshold for startupProbe 1
notary.server.customLivenessProbe Custom livenessProbe that overrides the default one {}
notary.server.customReadinessProbe Custom readinessProbe that overrides the default one {}
notary.server.customStartupProbe Custom startupProbe that overrides the default one {}
notary.server.resources.limits The resources limits for the Harbor Notary Server containers {}
notary.server.resources.requests The requested resources for the Harbor Notary Server containers {}
notary.server.podSecurityContext.enabled Enabled Harbor Notary Server pods' Security Context true
notary.server.podSecurityContext.fsGroup Set Harbor Notary Server pod's Security Context fsGroup 1001
notary.server.containerSecurityContext.enabled Enabled Harbor Notary Server containers' Security Context true
notary.server.containerSecurityContext.runAsUser Set Harbor Notary Server containers' Security Context runAsUser 1001
notary.server.containerSecurityContext.runAsNonRoot Set Harbor Notary Server containers' Security Context runAsNonRoot true
notary.server.updateStrategy.type Harbor Notary Server deployment strategy type - only really applicable for deployments with RWO PVs attached RollingUpdate
notary.server.lifecycleHooks LifecycleHook for the Harbor Notary Server container(s) to automate configuration before or after startup {}
notary.server.hostAliases Harbor Notary Server pods host aliases []
notary.server.podLabels Add additional labels to the Harbor Notary Server pods (evaluated as a template) {}
notary.server.podAnnotations Annotations to add to the Harbor Notary Server pods (evaluated as a template) {}
notary.server.podAffinityPreset Harbor Notary Server Pod affinity preset. Ignored if notary.server.affinity is set. Allowed values: soft or hard ""
notary.server.podAntiAffinityPreset Harbor Notary Server Pod anti-affinity preset. Ignored if notary.server.affinity is set. Allowed values: soft or hard soft
notary.server.nodeAffinityPreset.type Harbor Notary Server Node affinity preset type. Ignored if notary.server.affinity is set. Allowed values: soft or hard ""
notary.server.nodeAffinityPreset.key Harbor Notary Server Node label key to match Ignored if notary.server.affinity is set. ""
notary.server.nodeAffinityPreset.values Harbor Notary Server Node label values to match. Ignored if notary.server.affinity is set. []
notary.server.affinity Harbor Notary Server Affinity for pod assignment {}
notary.server.nodeSelector Harbor Notary Server Node labels for pod assignment {}
notary.server.tolerations Harbor Notary Server Tolerations for pod assignment []
notary.server.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
notary.server.priorityClassName Priority Class Name ""
notary.server.schedulerName Use an alternate scheduler, e.g. "stork". ""
notary.server.sidecars Add additional sidecar containers to the Harbor Notary Server pods []
notary.server.initContainers Add additional init containers to the Harbor Notary Server pods []
notary.server.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Notary Server pods []
notary.server.extraVolumes Optionally specify extra list of additional volumes for the Harbor Notary Server pods []
notary.server.automountServiceAccountToken Automount service account token false
notary.signer.image.registry Harbor Notary Signer image registry docker.io
notary.signer.image.repository Harbor Notary Signer image repository bitnami/harbor-notary-signer
notary.signer.image.tag Harbor Notary Signer image tag (immutable tags are recommended) 2.5.0-debian-10-r32
notary.signer.image.pullPolicy Harbor Notary Signer image pull policy IfNotPresent
notary.signer.image.pullSecrets Harbor Notary Signer image pull secrets []
notary.signer.image.debug Enable Harbor Notary Signer image debug mode false
notary.signer.command Override default container command (useful when using custom images) []
notary.signer.args Override default container args (useful when using custom images) []
notary.signer.extraEnvVars Array with extra environment variables to add Harbor Notary Signer pods []
notary.signer.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Notary Signer pods ""
notary.signer.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Notary Signer pods ""
notary.signer.containerPorts.signer Harbor Notary Signer container port 7899
notary.signer.replicaCount Number of Harbor Notary Signer replicas 1
notary.signer.livenessProbe.enabled Enable livenessProbe on Harbor Notary Signer containers true
notary.signer.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
notary.signer.livenessProbe.periodSeconds Period seconds for livenessProbe 10
notary.signer.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
notary.signer.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
notary.signer.livenessProbe.successThreshold Success threshold for livenessProbe 1
notary.signer.readinessProbe.enabled Enable readinessProbe on Harbor Notary Signer containers true
notary.signer.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
notary.signer.readinessProbe.periodSeconds Period seconds for readinessProbe 10
notary.signer.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
notary.signer.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
notary.signer.readinessProbe.successThreshold Success threshold for readinessProbe 1
notary.signer.startupProbe.enabled Enable startupProbe on Harbor Notary Signer containers false
notary.signer.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
notary.signer.startupProbe.periodSeconds Period seconds for startupProbe 10
notary.signer.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
notary.signer.startupProbe.failureThreshold Failure threshold for startupProbe 15
notary.signer.startupProbe.successThreshold Success threshold for startupProbe 1
notary.signer.customLivenessProbe Custom livenessProbe that overrides the default one {}
notary.signer.customReadinessProbe Custom readinessProbe that overrides the default one {}
notary.signer.customStartupProbe Custom startupProbe that overrides the default one {}
notary.signer.resources.limits The resources limits for the Harbor Notary Signer containers {}
notary.signer.resources.requests The requested resources for the Harbor Notary Signer containers {}
notary.signer.podSecurityContext.enabled Enabled Harbor Notary Signer pods' Security Context true
notary.signer.podSecurityContext.fsGroup Set Harbor Notary Signer pod's Security Context fsGroup 1001
notary.signer.containerSecurityContext.enabled Enabled Harbor Notary Signer containers' Security Context true
notary.signer.containerSecurityContext.runAsUser Set Harbor Notary Signer containers' Security Context runAsUser 1001
notary.signer.containerSecurityContext.runAsNonRoot Set Harbor Notary Signer containers' Security Context runAsNonRoot true
notary.signer.updateStrategy.type Harbor Notary Signer deployment strategy type - only really applicable for deployments with RWO PVs attached RollingUpdate
notary.signer.lifecycleHooks LifecycleHook for the Harbor Notary Signer container(s) to automate configuration before or after startup {}
notary.signer.hostAliases Harbor Notary Signer pods host aliases []
notary.signer.podLabels Add additional labels to the Harbor Notary Signer pods (evaluated as a template) {}
notary.signer.podAnnotations Annotations to add to the Harbor Notary Signer pods (evaluated as a template) {}
notary.signer.podAffinityPreset Harbor Notary Signer Pod affinity preset. Ignored if notary.signer.affinity is set. Allowed values: soft or hard ""
notary.signer.podAntiAffinityPreset Harbor Notary Signer Pod anti-affinity preset. Ignored if notary.signer.affinity is set. Allowed values: soft or hard soft
notary.signer.nodeAffinityPreset.type Harbor Notary Signer Node affinity preset type. Ignored if notary.signer.affinity is set. Allowed values: soft or hard ""
notary.signer.nodeAffinityPreset.key Harbor Notary Signer Node label key to match Ignored if notary.signer.affinity is set. ""
notary.signer.nodeAffinityPreset.values Harbor Notary Signer Node label values to match. Ignored if notary.signer.affinity is set. []
notary.signer.affinity Harbor Notary Signer Affinity for pod assignment {}
notary.signer.nodeSelector Harbor Notary Signer Node labels for pod assignment {}
notary.signer.tolerations Harbor Notary Signer Tolerations for pod assignment []
notary.signer.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
notary.signer.priorityClassName Priority Class Name ""
notary.signer.schedulerName Use an alternate scheduler, e.g. "stork". ""
notary.signer.sidecars Add additional sidecar containers to the Harbor Notary Signer pods []
notary.signer.initContainers Add additional init containers to the Harbor Notary Signer pods []
notary.signer.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Notary Signer pods []
notary.signer.extraVolumes Optionally specify extra list of additional volumes for the Harbor Notary Signer pods []
notary.signer.automountServiceAccountToken Automount service account token false
notary.service.ports.server Harbor Notary server service port 4443
notary.service.ports.signer Harbor Notary signer service port 7899

Harbor Adapter Trivy Parameters

Name Description Value
trivy.image.registry Harbor Adapter Trivy image registry docker.io
trivy.image.repository Harbor Adapter Trivy image repository bitnami/harbor-adapter-trivy
trivy.image.tag Harbor Adapter Trivy image tag (immutable tags are recommended) 2.5.0-debian-10-r33
trivy.image.pullPolicy Harbor Adapter Trivy image pull policy IfNotPresent
trivy.image.pullSecrets Harbor Adapter Trivy image pull secrets []
trivy.image.debug Enable Harbor Adapter Trivy image debug mode false
trivy.enabled Enable Trivy true
trivy.debugMode The flag to enable Trivy debug mode false
trivy.vulnType Comma-separated list of vulnerability types. Possible values os and library. os,library
trivy.severity Comma-separated list of severities to be checked UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
trivy.ignoreUnfixed The flag to display only fixed vulnerabilities false
trivy.insecure The flag to skip verifying registry certificate false
trivy.gitHubToken The GitHub access token to download Trivy DB ""
trivy.skipUpdate The flag to disable Trivy DB downloads from GitHub false
trivy.cacheDir Directory to store the cache /bitnami/harbor-adapter-trivy/.cache
trivy.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ""
trivy.command Override default container command (useful when using custom images) []
trivy.args Override default container args (useful when using custom images) []
trivy.extraEnvVars Array with extra environment variables to add Trivy pods []
trivy.extraEnvVarsCM ConfigMap containing extra environment variables for Trivy pods ""
trivy.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Trivy pods ""
trivy.containerPorts.http Trivy HTTP container port 8080
trivy.containerPorts.https Trivy HTTPS container port 8443
trivy.replicaCount Number of Trivy replicas 1
trivy.livenessProbe.enabled Enable livenessProbe on Trivy containers true
trivy.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
trivy.livenessProbe.periodSeconds Period seconds for livenessProbe 10
trivy.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
trivy.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
trivy.livenessProbe.successThreshold Success threshold for livenessProbe 1
trivy.readinessProbe.enabled Enable readinessProbe on Trivy containers true
trivy.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
trivy.readinessProbe.periodSeconds Period seconds for readinessProbe 10
trivy.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
trivy.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
trivy.readinessProbe.successThreshold Success threshold for readinessProbe 1
trivy.startupProbe.enabled Enable startupProbe on Trivy containers false
trivy.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
trivy.startupProbe.periodSeconds Period seconds for startupProbe 10
trivy.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
trivy.startupProbe.failureThreshold Failure threshold for startupProbe 15
trivy.startupProbe.successThreshold Success threshold for startupProbe 1
trivy.customLivenessProbe Custom livenessProbe that overrides the default one {}
trivy.customReadinessProbe Custom readinessProbe that overrides the default one {}
trivy.customStartupProbe Custom startupProbe that overrides the default one {}
trivy.resources.limits The resources limits for the Trivy containers {}
trivy.resources.requests The requested resources for the Trivy containers {}
trivy.podSecurityContext.enabled Enabled Trivy pods' Security Context true
trivy.podSecurityContext.fsGroup Set Trivy pod's Security Context fsGroup 1001
trivy.containerSecurityContext.enabled Enabled Trivy containers' Security Context true
trivy.containerSecurityContext.runAsUser Set Trivy containers' Security Context runAsUser 1001
trivy.containerSecurityContext.runAsNonRoot Set Trivy containers' Security Context runAsNonRoot true
trivy.updateStrategy.type Trivy deployment strategy type - only really applicable for deployments with RWO PVs attached RollingUpdate
trivy.lifecycleHooks LifecycleHook for the Trivy container(s) to automate configuration before or after startup {}
trivy.hostAliases Trivy pods host aliases []
trivy.podLabels Add additional labels to the Trivy pods (evaluated as a template) {}
trivy.podAnnotations Annotations to add to the Trivy pods (evaluated as a template) {}
trivy.podAffinityPreset Trivy Pod affinity preset. Ignored if trivy.affinity is set. Allowed values: soft or hard ""
trivy.podAntiAffinityPreset Trivy Pod anti-affinity preset. Ignored if trivy.affinity is set. Allowed values: soft or hard soft
trivy.nodeAffinityPreset.type Trivy Node affinity preset type. Ignored if trivy.affinity is set. Allowed values: soft or hard ""
trivy.nodeAffinityPreset.key Trivy Node label key to match Ignored if trivy.affinity is set. ""
trivy.nodeAffinityPreset.values Trivy Node label values to match. Ignored if trivy.affinity is set. []
trivy.affinity Trivy Affinity for pod assignment {}
trivy.nodeSelector Trivy Node labels for pod assignment {}
trivy.tolerations Trivy Tolerations for pod assignment []
trivy.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
trivy.priorityClassName Priority Class Name ""
trivy.schedulerName Use an alternate scheduler, e.g. "stork". ""
trivy.sidecars Add additional sidecar containers to the Trivy pods []
trivy.initContainers Add additional init containers to the Trivy pods []
trivy.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Trivy pods []
trivy.extraVolumes Optionally specify extra list of additional volumes for the Trivy pods []
trivy.automountServiceAccountToken Automount service account token false
trivy.service.ports.http Trivy HTTP service port 8080
trivy.service.ports.https Trivy HTTPS service port 8443

Harbor Exporter Parameters

Name Description Value
exporter.image.registry Registry for exporter image docker.io
exporter.image.repository Repository for exporter image bitnami/harbor-exporter
exporter.image.tag Tag for exporter image 2.5.0-debian-10-r32
exporter.image.pullPolicy Harbor exporter image pull policy IfNotPresent
exporter.image.pullSecrets Specify docker-registry secret names as an array []
exporter.image.debug Specify if debug logs should be enabled false
exporter.command Override default container command (useful when using custom images) []
exporter.args Override default container args (useful when using custom images) []
exporter.extraEnvVars Array containing extra env vars []
exporter.extraEnvVarsCM ConfigMap containing extra env vars ""
exporter.extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) ""
exporter.containerPorts.metrics Harbor Exporter HTTP container port 8001
exporter.replicaCount The replica count 1
exporter.livenessProbe.enabled Enable livenessProbe true
exporter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe 20
exporter.livenessProbe.periodSeconds Period seconds for livenessProbe 10
exporter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe 5
exporter.livenessProbe.failureThreshold Failure threshold for livenessProbe 6
exporter.livenessProbe.successThreshold Success threshold for livenessProbe 1
exporter.readinessProbe.enabled Enable readinessProbe true
exporter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe 20
exporter.readinessProbe.periodSeconds Period seconds for readinessProbe 10
exporter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe 5
exporter.readinessProbe.failureThreshold Failure threshold for readinessProbe 6
exporter.readinessProbe.successThreshold Success threshold for readinessProbe 1
exporter.startupProbe.enabled Enable startupProbe on Harbor Exporter containers false
exporter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe 5
exporter.startupProbe.periodSeconds Period seconds for startupProbe 10
exporter.startupProbe.timeoutSeconds Timeout seconds for startupProbe 1
exporter.startupProbe.failureThreshold Failure threshold for startupProbe 15
exporter.startupProbe.successThreshold Success threshold for startupProbe 1
exporter.customLivenessProbe Custom livenessProbe that overrides the default one {}
exporter.customReadinessProbe Custom readinessProbe that overrides the default one {}
exporter.customStartupProbe Custom startupProbe that overrides the default one {}
exporter.resources.limits The resources limits for the Harbor Exporter containers {}
exporter.resources.requests The requested resources for the Harbor Exporter containers {}
exporter.podSecurityContext.enabled Enabled Exporter pods' Security Context true
exporter.podSecurityContext.fsGroup Set Exporter pod's Security Context fsGroup 1001
exporter.containerSecurityContext.enabled Enabled Exporter containers' Security Context true
exporter.containerSecurityContext.runAsUser Set Exporter containers' Security Context runAsUser 1001
exporter.containerSecurityContext.runAsNonRoot Set Exporter containers' Security Context runAsNonRoot true
exporter.updateStrategy.type The update strategy for deployments with persistent volumes: RollingUpdate or Recreate. Set it as Recreate when RWM for volumes isn't supported RollingUpdate
exporter.lifecycleHooks LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template {}
exporter.hostAliases Exporter pods host aliases []
exporter.podLabels Add additional labels to the pod (evaluated as a template) {}
exporter.podAnnotations Annotations to add to the exporter pod {}
exporter.podAffinityPreset Harbor Exporter Pod affinity preset. Ignored if affinity is set. Allowed values: soft or hard ""
exporter.podAntiAffinityPreset Harbor Exporter Pod anti-affinity preset. Ignored if affinity is set. Allowed values: soft or hard soft
exporter.nodeAffinityPreset.type Harbor Exporter Node affinity preset type. Ignored if exporter.affinity is set. Allowed values: soft or hard ""
exporter.nodeAffinityPreset.key Harbor Exporter Node label key to match Ignored if exporter.affinity is set. ""
exporter.nodeAffinityPreset.values Harbor Exporter Node label values to match. Ignored if exporter.affinity is set. []
exporter.affinity Harbor Exporter Affinity for pod assignment {}
exporter.priorityClassName Exporter pods Priority Class Name ""
exporter.nodeSelector Harbor Exporter Node labels for pod assignment {}
exporter.tolerations Harbor Exporter Tolerations for pod assignment []
exporter.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template {}
exporter.initContainers Add additional init containers to the pod (evaluated as a template) []
exporter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Chartmuseum pods []
exporter.extraVolumes Optionally specify extra list of additional volumes for the Chartmuseum pods []
exporter.sidecars Attach additional containers to the pod (evaluated as a template) []
exporter.automountServiceAccountToken Automount service account token false
exporter.service.ports.metrics Exporter HTTP service port 8001

PostgreSQL Parameters

Name Description Value
postgresql.enabled Switch to enable or disable the PostgreSQL helm chart true
postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user true
postgresql.auth.postgresPassword Password for the "postgres" admin user not-secure-database-password
postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials ""
postgresql.architecture PostgreSQL architecture (standalone or replication) standalone
postgresql.primary.extendedConfiguration Extended PostgreSQL Primary configuration (appended to main or default configuration) `max_connections = 1024
`
postgresql.primary.initdb.scripts Initdb scripts to create Harbor databases {}
postgresql.image.registry PostgreSQL image registry docker.io
postgresql.image.repository PostgreSQL image repository bitnami/postgresql
postgresql.image.tag PostgreSQL image tag (immutable tags are recommended) 13.7.0-debian-10-r0
externalDatabase.host Database host localhost
externalDatabase.port Database port number 5432
externalDatabase.user Non-root username for Harbor bn_harbor
externalDatabase.password Password for the non-root username for Harbor ""
externalDatabase.sslmode External database ssl mode disable
externalDatabase.coreDatabase External database name for core ""
externalDatabase.clairDatabase External database name for clair ""
externalDatabase.clairUsername External database username for clair ""
externalDatabase.clairPassword External database password for clair ""
externalDatabase.notaryServerDatabase External database name for notary server ""
externalDatabase.notaryServerUsername External database username for notary server ""
externalDatabase.notaryServerPassword External database password for notary server ""
externalDatabase.notarySignerDatabase External database name for notary signer ""
externalDatabase.notarySignerUsername External database username for notary signer ""
externalDatabase.notarySignerPassword External database password for notary signer ""

Redis™ parameters

Name Description Value
redis.enabled Switch to enable or disable the Redis™ helm true
redis.auth.enabled Enable password authentication false
redis.auth.password Redis™ password ""
redis.auth.existingSecret The name of an existing secret with Redis™ credentials ""
redis.architecture Redis™ architecture. Allowed values: standalone or replication standalone
externalRedis.host Redis™ host localhost
externalRedis.port Redis™ port number 6379
externalRedis.password Redis™ password ""
externalRedis.coreDatabaseIndex Index for core database 0
externalRedis.jobserviceDatabaseIndex Index for jobservice database 1
externalRedis.registryDatabaseIndex Index for registry database 2
externalRedis.chartmuseumDatabaseIndex Index for chartmuseum database 3
externalRedis.clairAdapterDatabaseIndex Index for chartmuseum database 4
externalRedis.trivyAdapterDatabaseIndex Index for chartmuseum database 5
externalRedis.sentinel.enabled If external redis with sentinal is used, set it to true false
externalRedis.sentinel.masterSet Name of sentinel masterSet if sentinel is used mymaster
externalRedis.sentinel.hosts Sentinel hosts and ports in the format ""

Harbor metrics parameters

Name Description Value
metrics.enabled Whether or not to enable metrics for different false
metrics.path Path where metrics are exposed /metrics
metrics.serviceMonitor.enabled if true, creates a Prometheus Operator ServiceMonitor (requires metrics.enabled to be true) false
metrics.serviceMonitor.namespace Namespace in which Prometheus is running ""
metrics.serviceMonitor.interval Interval at which metrics should be scraped ""
metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ""
metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus {}
metrics.serviceMonitor.selector Prometheus instance selector labels {}
metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping []
metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion []
metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint false
metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. ""

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

$ helm install my-release \
  --set adminPassword=password \
    bitnami/harbor

The above command sets the Harbor administrator account password to password.

NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,

$ helm install my-release -f values.yaml bitnami/harbor

Configuration and installation details

Rolling VS Immutable tags

It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.

Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.

Configure the way how to expose Harbor core

You can expose Harbor core using two methods:

  • An Ingress Controller, exposureType should be set to ingress.
    • An ingress controller must be installed in the Kubernetes cluster.
    • If the TLS is disabled, the port must be included in the command when pulling/pushing images. Refer to issue #5291 for the detail.
  • An NGINX Proxy, exposureType should be set to proxy. There are three ways to do so depending on the NGINX Proxy service type:
    • ClusterIP: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster:
    • NodePort: Exposes the service on each Node's IP at a static port (the NodePort). You'll be able to contact the NodePort service, from outside the cluster, by requesting NodeIP:NodePort.
    • LoadBalancer: Exposes the service externally using a cloud provider's load balancer.

Configure the external URL

The external URL for Harbor core service is used to:

  1. populate the docker/helm commands showed on portal
  2. populate the token service URL returned to docker/notary client

Format: protocol://domain[:port]. Usually:

  • if expose Harbor core service via Ingress, the domain should be the value of ingress.core.hostname.
  • if expose Harbor core via NGINX proxy using a ClusterIP service type, the domain should be the value of service.clusterIP.
  • if expose Harbor core via NGINX proxy using a NodePort service type, the domain should be the IP address of one Kubernetes node.
  • if expose Harbor core via NGINX proxy using a LoadBalancer service type, set the domain as your own domain name and add a CNAME record to map the domain name to the one you got from the cloud provider.

If Harbor is deployed behind the proxy, set it as the URL of proxy.

Sidecars and Init Containers

If you have a need for additional containers to run within the same pod as any of the Harbor components (e.g. an additional metrics or logging exporter), you can do so via the sidecars config parameter inside each component subsection. Simply define your container according to the Kubernetes container spec.

core:
  sidecars:
    - name: your-image-name
      image: your-image
      imagePullPolicy: Always
      ports:
        - name: portname
        containerPort: 1234

Similarly, you can add extra init containers using the initContainers parameter.

core:
  initContainers:
    - name: your-image-name
      image: your-image
      imagePullPolicy: Always
      ports:
        - name: portname
          containerPort: 1234

Adding extra environment variables

In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the extraEnvVars property inside each component subsection.

core:
  extraEnvVars:
    - name: LOG_LEVEL
      value: error

Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the extraEnvVarsCM or the extraEnvVarsSecret values inside each component subsection.

Configure data persistence

  • Disable: The data does not survive the termination of a pod.
  • Persistent Volume Claim(default): A default StorageClass is needed in the Kubernetes cluster to dynamically provision the volumes. Specify another StorageClass in the storageClass or set existingClaim if you have already existing persistent volumes to use.
  • External Storage(only for images and charts): For images and charts, the external storages are supported: azure, gcs, s3 swift and oss.

Configure the secrets

  • Secret keys: Secret keys are used for secure communication between components. Fill core.secret, jobservice.secret and registry.secret to configure.
  • Certificates: Used for token encryption/decryption. Fill core.secretName to configure.

Secrets and certificates must be setup to avoid changes on every Helm upgrade (see: #107).

Setting Pod's affinity

This chart allows you to set your custom affinity using the XXX.affinity parameter(s). Find more information about Pod's affinity in the kubernetes documentation.

As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the bitnami/common chart. To do so, set the XXX.podAffinityPreset, XXX.podAntiAffinityPreset, or XXX.nodeAffinityPreset parameters.

Adjust permissions of persistent volume mountpoint

As the images run as non-root by default, it is necessary to adjust the ownership of the persistent volumes so that the containers can write data into it.

By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination.

You can enable this initContainer by setting volumePermissions.enabled to true.

Troubleshooting

Find more information about how to deal with common errors related to Bitnami's Helm charts in this troubleshooting guide.

Upgrading

Refer to the chart documentation for more information about how to upgrade from previous releases.

License

Copyright © 2022 Bitnami

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Reference in New Issue View Git Blame Copy Permalink