Skip to content

H
harbor
Commit 007cbd96 authored by 舒成's avatar 舒成
Browse files
Options

update

parent 5f8168a0
Pipeline #44667 passed with stage
    Hide whitespace changes
    Inline Side-by-side
    Showing with 941 additions and 111 deletions
    conf/notary-server.json
    View file @ 007cbd96
    ......@@ -19,7 +19,7 @@
    "auth": {
    "type": "token",
    "options": {
    "realm": "{{ .Values.externalURL }}/service/token",
    "realm": "{{ .Values.externalURL }}.{{ $.Values.global.host }}/service/token",
    "service": "harbor-notary",
    "issuer": "harbor-token-issuer",
    "rootcertbundle": "/root.crt"
    ......
    values-aliyun.yaml raws/values-aliyun.yaml
    View file @ 007cbd96
    ......@@ -73,17 +73,17 @@ secretKey: "IpTIscRIgmerlare"
    portal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
    tag: v2.1.1
    tag: v2.1.3
    core:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
    tag: v2.1.1
    tag: v2.1.3
    jobservice:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
    tag: v2.1.1
    tag: v2.1.3
    registry:
    registry:
    ......@@ -98,12 +98,12 @@ registry:
    controller:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
    tag: v2.1.1
    tag: v2.1.3
    chartmuseum:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum
    tag: v2.1.1
    tag: v2.1.3
    nodeSelector: {}
    # nodeSelector:
    # harbor: enabled
    ......@@ -117,33 +117,33 @@ clair:
    clair:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair
    tag: v2.1.1
    tag: v2.1.3
    adapter:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter
    tag: v2.1.1
    tag: v2.1.3
    trivy:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter
    tag: v2.1.1
    tag: v2.1.3
    notary:
    server:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server
    tag: v2.1.1
    tag: v2.1.3
    signer:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer
    tag: v2.1.1
    tag: v2.1.3
    database:
    type: internal
    internal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
    tag: v2.1.1
    tag: v2.1.3
    password: "spaceIN511"
    resources:
    limits:
    ......
    values-arm.yaml raws/values-arm.yaml
    View file @ 007cbd96
    ......@@ -73,17 +73,17 @@ secretKey: "IpTIscRIgmerlare"
    portal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    core:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    jobservice:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    registry:
    registry:
    ......@@ -98,12 +98,12 @@ registry:
    controller:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    chartmuseum:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    nodeSelector: {}
    # nodeSelector:
    # harbor: enabled
    ......@@ -117,33 +117,33 @@ clair:
    clair:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    adapter:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    trivy:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    notary:
    server:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    signer:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    database:
    type: internal
    internal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
    tag: v2.1.1-arm64
    tag: v2.1.3-arm64
    password: "spaceIN511"
    resources:
    limits:
    ......
    raws/values.yaml 0 → 100644
    View file @ 007cbd96
    expose:
    # Set the way how to expose the service. Set the type as "ingress",
    # "clusterIP", "nodePort" or "loadBalancer" and fill the information
    # in the corresponding section
    type: ingress
    tls:
    # Enable the tls or not. Note: if the type is "ingress" and the tls
    # is disabled, the port must be included in the command when pull/push
    # images. Refer to https://github.com/goharbor/harbor/issues/5291
    # for the detail.
    enabled: true
    # The source of the tls certificate. Set it as "auto", "secret"
    # or "none" and fill the information in the corresponding section
    # 1) auto: generate the tls certificate automatically
    # 2) secret: read the tls certificate from the specified secret.
    # The tls certificate can be generated manually or by cert manager
    # 3) none: configure no tls certificate for the ingress. If the default
    # tls certificate is configured in the ingress controller, choose this option
    certSource: auto
    auto:
    # The common name used to generate the certificate, it's necessary
    # when the type isn't "ingress"
    commonName: ""
    secret:
    # The name of secret which contains keys named:
    # "tls.crt" - the certificate
    # "tls.key" - the private key
    secretName: ""
    # The name of secret which contains keys named:
    # "tls.crt" - the certificate
    # "tls.key" - the private key
    # Only needed when the "expose.type" is "ingress".
    notarySecretName: ""
    ingress:
    hosts:
    core: core.harbor.domain
    notary: notary.harbor.domain
    # set to the type of ingress controller if it has specific requirements.
    # leave as `default` for most ingress controllers.
    # set to `gce` if using the GCE ingress controller
    # set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller
    controller: default
    annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    clusterIP:
    # The name of ClusterIP service
    name: harbor
    ports:
    # The service port Harbor listens on when serving with HTTP
    httpPort: 80
    # The service port Harbor listens on when serving with HTTPS
    httpsPort: 443
    # The service port Notary listens on. Only needed when notary.enabled
    # is set to true
    notaryPort: 4443
    nodePort:
    # The name of NodePort service
    name: harbor
    ports:
    http:
    # The service port Harbor listens on when serving with HTTP
    port: 80
    # The node port Harbor listens on when serving with HTTP
    nodePort: 30002
    https:
    # The service port Harbor listens on when serving with HTTPS
    port: 443
    # The node port Harbor listens on when serving with HTTPS
    nodePort: 30003
    # Only needed when notary.enabled is set to true
    notary:
    # The service port Notary listens on
    port: 4443
    # The node port Notary listens on
    nodePort: 30004
    loadBalancer:
    # The name of LoadBalancer service
    name: harbor
    # Set the IP if the LoadBalancer supports assigning IP
    IP: ""
    ports:
    # The service port Harbor listens on when serving with HTTP
    httpPort: 80
    # The service port Harbor listens on when serving with HTTPS
    httpsPort: 443
    # The service port Notary listens on. Only needed when notary.enabled
    # is set to true
    notaryPort: 4443
    annotations: {}
    sourceRanges: []
    # The external URL for Harbor core service. It is used to
    # 1) populate the docker/helm commands showed on portal
    # 2) populate the token service URL returned to docker/notary client
    #
    # Format: protocol://domain[:port]. Usually:
    # 1) if "expose.type" is "ingress", the "domain" should be
    # the value of "expose.ingress.hosts.core"
    # 2) if "expose.type" is "clusterIP", the "domain" should be
    # the value of "expose.clusterIP.name"
    # 3) if "expose.type" is "nodePort", the "domain" should be
    # the IP address of k8s node
    #
    # If Harbor is deployed behind the proxy, set it as the URL of proxy
    externalURL: https://core.harbor.domain
    # The internal TLS used for harbor components secure communicating. In order to enable https
    # in each components tls cert files need to provided in advance.
    internalTLS:
    # If internal TLS enabled
    enabled: false
    # There are three ways to provide tls
    # 1) "auto" will generate cert automatically
    # 2) "manual" need provide cert file manually in following value
    # 3) "secret" internal certificates from secret
    certSource: "auto"
    # The content of trust ca, only available when `certSource` is "manual"
    trustCa: ""
    # core related cert configuration
    core:
    # secret name for core's tls certs
    secretName: ""
    # Content of core's TLS cert file, only available when `certSource` is "manual"
    crt: ""
    # Content of core's TLS key file, only available when `certSource` is "manual"
    key: ""
    # jobservice related cert configuration
    jobservice:
    # secret name for jobservice's tls certs
    secretName: ""
    # Content of jobservice's TLS key file, only available when `certSource` is "manual"
    crt: ""
    # Content of jobservice's TLS key file, only available when `certSource` is "manual"
    key: ""
    # registry related cert configuration
    registry:
    # secret name for registry's tls certs
    secretName: ""
    # Content of registry's TLS key file, only available when `certSource` is "manual"
    crt: ""
    # Content of registry's TLS key file, only available when `certSource` is "manual"
    key: ""
    # portal related cert configuration
    portal:
    # secret name for portal's tls certs
    secretName: ""
    # Content of portal's TLS key file, only available when `certSource` is "manual"
    crt: ""
    # Content of portal's TLS key file, only available when `certSource` is "manual"
    key: ""
    # chartmuseum related cert configuration
    chartmuseum:
    # secret name for chartmuseum's tls certs
    secretName: ""
    # Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
    crt: ""
    # Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
    key: ""
    # clair related cert configuration
    clair:
    # secret name for clair's tls certs
    secretName: ""
    # Content of clair's TLS key file, only available when `certSource` is "manual"
    crt: ""
    # Content of clair's TLS key file, only available when `certSource` is "manual"
    key: ""
    # trivy related cert configuration
    trivy:
    # secret name for trivy's tls certs
    secretName: ""
    # Content of trivy's TLS key file, only available when `certSource` is "manual"
    crt: ""
    # Content of trivy's TLS key file, only available when `certSource` is "manual"
    key: ""
    # The persistence is enabled by default and a default StorageClass
    # is needed in the k8s cluster to provision volumes dynamicly.
    # Specify another StorageClass in the "storageClass" or set "existingClaim"
    # if you have already existing persistent volumes to use
    #
    # For storing images and charts, you can also use "azure", "gcs", "s3",
    # "swift" or "oss". Set it in the "imageChartStorage" section
    persistence:
    enabled: true
    # Setting it to "keep" to avoid removing PVCs during a helm delete
    # operation. Leaving it empty will delete PVCs after the chart deleted
    # (this does not apply for PVCs that are created for internal database
    # and redis components, i.e. they are never deleted automatically)
    resourcePolicy: "keep"
    persistentVolumeClaim:
    registry:
    # Use the existing PVC which must be created manually before bound,
    # and specify the "subPath" if the PVC is shared with other components
    existingClaim: ""
    # Specify the "storageClass" used to provision the volume. Or the default
    # StorageClass will be used(the default).
    # Set it to "-" to disable dynamic provisioning
    storageClass: ""
    subPath: ""
    accessMode: ReadWriteOnce
    size: 5Gi
    chartmuseum:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    accessMode: ReadWriteOnce
    size: 5Gi
    jobservice:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    accessMode: ReadWriteOnce
    size: 1Gi
    # If external database is used, the following settings for database will
    # be ignored
    database:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    accessMode: ReadWriteOnce
    size: 1Gi
    # If external Redis is used, the following settings for Redis will
    # be ignored
    redis:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    accessMode: ReadWriteOnce
    size: 1Gi
    trivy:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    accessMode: ReadWriteOnce
    size: 5Gi
    # Define which storage backend is used for registry and chartmuseum to store
    # images and charts. Refer to
    # https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
    # for the detail.
    imageChartStorage:
    # Specify whether to disable `redirect` for images and chart storage, for
    # backends which not supported it (such as using minio for `s3` storage type), please disable
    # it. To disable redirects, simply set `disableredirect` to `true` instead.
    # Refer to
    # https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect
    # for the detail.
    disableredirect: false
    # Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
    # The secret must contain keys named "ca.crt" which will be injected into the trust store
    # of registry's and chartmuseum's containers.
    # caBundleSecretName:
    # Specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift",
    # "oss" and fill the information needed in the corresponding section. The type
    # must be "filesystem" if you want to use persistent volumes for registry
    # and chartmuseum
    type: filesystem
    filesystem:
    rootdirectory: /storage
    #maxthreads: 100
    azure:
    accountname: accountname
    accountkey: base64encodedaccountkey
    container: containername
    #realm: core.windows.net
    gcs:
    bucket: bucketname
    # The base64 encoded json file which contains the key
    encodedkey: base64-encoded-json-key-file
    #rootdirectory: /gcs/object/name/prefix
    #chunksize: "5242880"
    s3:
    region: us-west-1
    bucket: bucketname
    #accesskey: awsaccesskey
    #secretkey: awssecretkey
    #regionendpoint: http://myobjects.local
    #encrypt: false
    #keyid: mykeyid
    #secure: true
    #skipverify: false
    #v4auth: true
    #chunksize: "5242880"
    #rootdirectory: /s3/object/name/prefix
    #storageclass: STANDARD
    #multipartcopychunksize: "33554432"
    #multipartcopymaxconcurrency: 100
    #multipartcopythresholdsize: "33554432"
    swift:
    authurl: https://storage.myprovider.com/v3/auth
    username: username
    password: password
    container: containername
    #region: fr
    #tenant: tenantname
    #tenantid: tenantid
    #domain: domainname
    #domainid: domainid
    #trustid: trustid
    #insecureskipverify: false
    #chunksize: 5M
    #prefix:
    #secretkey: secretkey
    #accesskey: accesskey
    #authversion: 3
    #endpointtype: public
    #tempurlcontainerkey: false
    #tempurlmethods:
    oss:
    accesskeyid: accesskeyid
    accesskeysecret: accesskeysecret
    region: regionname
    bucket: bucketname
    #endpoint: endpoint
    #internal: false
    #encrypt: false
    #secure: true
    #chunksize: 10M
    #rootdirectory: rootdirectory
    imagePullPolicy: IfNotPresent
    # Use this set to assign a list of default pullSecrets
    imagePullSecrets:
    # - name: docker-registry-secret
    # - name: internal-registry-secret
    # The update strategy for deployments with persistent volumes(jobservice, registry
    # and chartmuseum): "RollingUpdate" or "Recreate"
    # Set it as "Recreate" when "RWM" for volumes isn't supported
    updateStrategy:
    type: RollingUpdate
    # debug, info, warning, error or fatal
    logLevel: info
    # The initial password of Harbor admin. Change it from portal after launching Harbor
    harborAdminPassword: "Harbor12345"
    # The name of the secret which contains key named "ca.crt". Setting this enables the
    # download link on portal to download the certificate of CA when the certificate isn't
    # generated automatically
    caSecretName: ""
    # The secret key used for encryption. Must be a string of 16 chars.
    secretKey: "not-a-secure-key"
    # The proxy settings for updating clair vulnerabilities from the Internet and replicating
    # artifacts from/to the registries that cannot be reached directly
    proxy:
    httpProxy:
    httpsProxy:
    noProxy: 127.0.0.1,localhost,.local,.internal
    components:
    - core
    - jobservice
    - clair
    - trivy
    # The custom ca bundle secret, the secret must contain key named "ca.crt"
    # which will be injected into the trust store for chartmuseum, clair, core, jobservice, registry, trivy components
    # caBundleSecretName: ""
    ## UAA Authentication Options
    # If you're using UAA for authentication behind a self-signed
    # certificate you will need to provide the CA Cert.
    # Set uaaSecretName below to provide a pre-created secret that
    # contains a base64 encoded CA Certificate named `ca.crt`.
    # uaaSecretName:
    # If expose the service via "ingress", the Nginx will not be used
    nginx:
    image:
    repository: goharbor/nginx-photon
    tag: v2.1.3
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    replicas: 1
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    nodeSelector: {}
    tolerations: []
    affinity: {}
    ## Additional deployment annotations
    podAnnotations: {}
    portal:
    image:
    repository: goharbor/harbor-portal
    tag: v2.1.3
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    replicas: 1
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    nodeSelector: {}
    tolerations: []
    affinity: {}
    ## Additional deployment annotations
    podAnnotations: {}
    core:
    image:
    repository: goharbor/harbor-core
    tag: v2.1.3
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    replicas: 1
    ## Startup probe values
    startupProbe:
    enabled: true
    initialDelaySeconds: 10
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    nodeSelector: {}
    tolerations: []
    affinity: {}
    ## Additional deployment annotations
    podAnnotations: {}
    # Secret is used when core server communicates with other components.
    # If a secret key is not specified, Helm will generate one.
    # Must be a string of 16 chars.
    secret: ""
    # Fill the name of a kubernetes secret if you want to use your own
    # TLS certificate and private key for token encryption/decryption.
    # The secret must contain keys named:
    # "tls.crt" - the certificate
    # "tls.key" - the private key
    # The default key pair will be used if it isn't set
    secretName: ""
    # The XSRF key. Will be generated automatically if it isn't specified
    xsrfKey: ""
    jobservice:
    image:
    repository: goharbor/harbor-jobservice
    tag: v2.1.3
    replicas: 1
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    maxJobWorkers: 10
    # The logger for jobs: "file", "database" or "stdout"
    jobLogger: file
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    nodeSelector: {}
    tolerations: []
    affinity: {}
    ## Additional deployment annotations
    podAnnotations: {}
    # Secret is used when job service communicates with other components.
    # If a secret key is not specified, Helm will generate one.
    # Must be a string of 16 chars.
    secret: ""
    registry:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    registry:
    image:
    repository: goharbor/registry-photon
    tag: v2.1.3
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    controller:
    image:
    repository: goharbor/harbor-registryctl
    tag: v2.1.3
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    replicas: 1
    nodeSelector: {}
    tolerations: []
    affinity: {}
    ## Additional deployment annotations
    podAnnotations: {}
    # Secret is used to secure the upload state from client
    # and registry storage backend.
    # See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http
    # If a secret key is not specified, Helm will generate one.
    # Must be a string of 16 chars.
    secret: ""
    # If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL.
    relativeurls: false
    credentials:
    username: "harbor_registry_user"
    password: "harbor_registry_password"
    # If you update the username or password of registry, make sure use cli tool htpasswd to generate the bcrypt hash
    # e.g. "htpasswd -nbBC10 $username $password"
    htpasswd: "harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m"
    middleware:
    enabled: false
    type: cloudFront
    cloudFront:
    baseurl: example.cloudfront.net
    keypairid: KEYPAIRID
    duration: 3000s
    ipfilteredby: none
    # The secret key that should be present is CLOUDFRONT_KEY_DATA, which should be the encoded private key
    # that allows access to CloudFront
    privateKeySecret: "my-secret"
    chartmuseum:
    enabled: true
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    # Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true'
    absoluteUrl: false
    image:
    repository: goharbor/chartmuseum-photon
    tag: v2.1.3
    replicas: 1
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    nodeSelector: {}
    tolerations: []
    affinity: {}
    ## Additional deployment annotations
    podAnnotations: {}
    clair:
    enabled: true
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    clair:
    image:
    repository: goharbor/clair-photon
    tag: v2.1.3
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    adapter:
    image:
    repository: goharbor/clair-adapter-photon
    tag: v2.1.3
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    replicas: 1
    # The interval of clair updaters, the unit is hour, set to 0 to
    # disable the updaters
    updatersInterval: 12
    nodeSelector: {}
    tolerations: []
    affinity: {}
    ## Additional deployment annotations
    podAnnotations: {}
    trivy:
    # enabled the flag to enable Trivy scanner
    enabled: true
    image:
    # repository the repository for Trivy adapter image
    repository: goharbor/trivy-adapter-photon
    # tag the tag for Trivy adapter image
    tag: v2.1.3
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    # replicas the number of Pod replicas
    replicas: 1
    # debugMode the flag to enable Trivy debug mode with more verbose scanning log
    debugMode: false
    # vulnType a comma-separated list of vulnerability types. Possible values are `os` and `library`.
    vulnType: "os,library"
    # severity a comma-separated list of severities to be checked
    severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
    # ignoreUnfixed the flag to display only fixed vulnerabilities
    ignoreUnfixed: false
    # insecure the flag to skip verifying registry certificate
    insecure: false
    # gitHubToken the GitHub access token to download Trivy DB
    #
    # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
    # It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
    # in the local file system (`/home/scanner/.cache/trivy/db/trivy.db`). In addition, the database contains the update
    # timestamp so Trivy can detect whether it should download a newer version from the Internet or use the cached one.
    # Currently, the database is updated every 12 hours and published as a new release to GitHub.
    #
    # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
    # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
    # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
    # https://developer.github.com/v3/#rate-limiting
    #
    # You can create a GitHub token by following the instructions in
    # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
    gitHubToken: ""
    # skipUpdate the flag to disable Trivy DB downloads from GitHub
    #
    # You might want to set the value of this flag to `true` in test or CI/CD environments to avoid GitHub rate limiting issues.
    # If the value is set to `true` you have to manually download the `trivy.db` file and mount it in the
    # `/home/scanner/.cache/trivy/db/trivy.db` path.
    skipUpdate: false
    resources:
    requests:
    cpu: 200m
    memory: 512Mi
    limits:
    cpu: 1
    memory: 1Gi
    nodeSelector: {}
    tolerations: []
    affinity: {}
    ## Additional deployment annotations
    podAnnotations: {}
    notary:
    enabled: true
    server:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
    repository: goharbor/notary-server-photon
    tag: v2.1.3
    replicas: 1
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    signer:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
    repository: goharbor/notary-signer-photon
    tag: v2.1.3
    replicas: 1
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    nodeSelector: {}
    tolerations: []
    affinity: {}
    ## Additional deployment annotations
    podAnnotations: {}
    # Fill the name of a kubernetes secret if you want to use your own
    # TLS certificate authority, certificate and private key for notary
    # communications.
    # The secret must contain keys named ca.crt, tls.crt and tls.key that
    # contain the CA, certificate and private key.
    # They will be generated if not set.
    secretName: ""
    database:
    # if external database is used, set "type" to "external"
    # and fill the connection informations in "external" section
    type: internal
    internal:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
    repository: goharbor/harbor-db
    tag: v2.1.3
    # The initial superuser password for internal database
    password: "changeit"
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    nodeSelector: {}
    tolerations: []
    affinity: {}
    external:
    host: "192.168.0.1"
    port: "5432"
    username: "user"
    password: "password"
    coreDatabase: "registry"
    clairDatabase: "clair"
    notaryServerDatabase: "notary_server"
    notarySignerDatabase: "notary_signer"
    # "disable" - No SSL
    # "require" - Always SSL (skip verification)
    # "verify-ca" - Always SSL (verify that the certificate presented by the
    # server was signed by a trusted CA)
    # "verify-full" - Always SSL (verify that the certification presented by the
    # server was signed by a trusted CA and the server host name matches the one
    # in the certificate)
    sslmode: "disable"
    # The maximum number of connections in the idle connection pool.
    # If it <=0, no idle connections are retained.
    maxIdleConns: 50
    # The maximum number of open connections to the database.
    # If it <= 0, then there is no limit on the number of open connections.
    # Note: the default number of connections is 1024 for postgre of harbor.
    maxOpenConns: 1000
    ## Additional deployment annotations
    podAnnotations: {}
    redis:
    # if external Redis is used, set "type" to "external"
    # and fill the connection informations in "external" section
    type: internal
    internal:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
    repository: goharbor/redis-photon
    tag: v2.1.3
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    nodeSelector: {}
    tolerations: []
    affinity: {}
    external:
    # support redis, redis+sentinel
    # addr for redis: <host_redis>:<port_redis>
    # addr for redis+sentinel: <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
    addr: "192.168.0.2:6379"
    # The name of the set of Redis instances to monitor, it must be set to support redis+sentinel
    sentinelMasterSet: ""
    # The "coreDatabaseIndex" must be "0" as the library Harbor
    # used doesn't support configuring it
    coreDatabaseIndex: "0"
    jobserviceDatabaseIndex: "1"
    registryDatabaseIndex: "2"
    chartmuseumDatabaseIndex: "3"
    clairAdapterIndex: "4"
    trivyAdapterIndex: "5"
    password: ""
    ## Additional deployment annotations
    podAnnotations: {}
    commonLabels:
    app.bd-apaas.com/cluster-component: registry
    \ No newline at end of file
    templates/NOTES.txt
    View file @ 007cbd96
    Please wait for several minutes for Harbor deployment to complete.
    Then you should be able to visit the Harbor portal at {{ .Values.externalURL }}
    Then you should be able to visit the Harbor portal at {{ .Values.externalURL }}.{{ $.Values.global.host }}
    For more details, please visit https://github.com/goharbor/harbor
    templates/_helpers.tpl
    View file @ 007cbd96
    {{/*
    Create chart arch suffix.
    */}}
    {{- define "beagle.arch" -}}
    {{- if not (eq "amd64" .Values.global.arch) -}}
    {{- print "-" .Values.global.arch -}}
    {{- else -}}
    {{- print "" -}}
    {{- end -}}
    {{- end }}
    {{/* vim: set filetype=mustache: */}}
    {{/*
    Expand the name of the chart.
    ......
    templates/chartmuseum/chartmuseum-cm.yaml
    View file @ 007cbd96
    ......@@ -21,7 +21,7 @@ data:
    CACHE_REDIS_DB: "{{ template "harbor.redis.dbForChartmuseum" . }}"
    BASIC_AUTH_USER: "chart_controller"
    {{- if .Values.chartmuseum.absoluteUrl }}
    CHART_URL: {{ .Values.externalURL }}/chartrepo
    CHART_URL: {{ .Values.externalURL }}.{{ $.Values.global.host }}/chartrepo
    {{- end }}
    DEPTH: "1"
    {{- if eq .Values.logLevel "debug" }}
    ......
    templates/chartmuseum/chartmuseum-dpl.yaml
    View file @ 007cbd96
    ......@@ -46,8 +46,12 @@ spec:
    {{- end }}
    containers:
    - name: chartmuseum
    image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.chartmuseum.image.repository }}
    image: "{{ .Values.chartmuseum.image.repository }}"
    {{- else }}
    image: "{{ .Values.chartmuseum.image.hub | default .Values.global.hub }}/{{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    livenessProbe:
    httpGet:
    path: /health
    ......
    templates/clair/clair-dpl.yaml
    View file @ 007cbd96
    ......@@ -39,8 +39,12 @@ spec:
    {{- end }}
    containers:
    - name: clair
    image: {{ .Values.clair.clair.image.repository }}:{{ .Values.clair.clair.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.clair.clair.image.repository }}
    image: "{{ .Values.clair.clair.image.repository }}"
    {{- else }}
    image: "{{ .Values.clair.clair.image.hub | default .Values.global.hub }}/{{ .Values.clair.clair.image.repository }}:{{ .Values.clair.clair.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    livenessProbe:
    httpGet:
    path: /health
    ......
    templates/core/core-cm.yaml
    View file @ 007cbd96
    ......@@ -21,7 +21,7 @@ data:
    POSTGRESQL_SSLMODE: "{{ template "harbor.database.sslmode" . }}"
    POSTGRESQL_MAX_IDLE_CONNS: "{{ .Values.database.maxIdleConns }}"
    POSTGRESQL_MAX_OPEN_CONNS: "{{ .Values.database.maxOpenConns }}"
    EXT_ENDPOINT: "{{ .Values.externalURL }}"
    EXT_ENDPOINT: "{{ .Values.externalURL }}.{{ $.Values.global.host }}"
    CORE_URL: "{{ template "harbor.coreURL" . }}"
    JOBSERVICE_URL: "{{ template "harbor.jobserviceURL" . }}"
    REGISTRY_URL: "{{ template "harbor.registryURL" . }}"
    ......
    templates/core/core-dpl.yaml
    View file @ 007cbd96
    ......@@ -40,8 +40,12 @@ spec:
    {{- end }}
    containers:
    - name: core
    image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.core.image.repository }}
    image: "{{ .Values.core.image.repository }}"
    {{- else }}
    image: "{{ .Values.core.image.hub | default .Values.global.hub }}/{{ .Values.core.image.repository }}:{{ .Values.core.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    {{- if .Values.core.startupProbe.enabled }}
    startupProbe:
    httpGet:
    ......
    templates/database/database-ss.yaml
    View file @ 007cbd96
    ......@@ -36,8 +36,12 @@ spec:
    - name: "change-permission-of-directory"
    securityContext:
    runAsUser: 0
    image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.database.internal.image.repository }}
    image: "{{ .Values.database.internal.image.repository }}"
    {{- else }}
    image: "{{ .Values.database.internal.image.hub | default .Values.global.hub }}/{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    command: ["/bin/sh"]
    args: ["-c", "chown -R postgres:postgres /var/lib/postgresql/data"]
    volumeMounts:
    ......@@ -45,8 +49,12 @@ spec:
    mountPath: /var/lib/postgresql/data
    subPath: {{ $database.subPath }}
    - name: "remove-lost-found"
    image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.database.internal.image.repository }}
    image: "{{ .Values.database.internal.image.repository }}"
    {{- else }}
    image: "{{ .Values.database.internal.image.hub | default .Values.global.hub }}/{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    command: ["rm", "-Rf", "/var/lib/postgresql/data/lost+found"]
    volumeMounts:
    - name: database-data
    ......@@ -54,8 +62,12 @@ spec:
    subPath: {{ $database.subPath }}
    containers:
    - name: database
    image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.database.internal.image.repository }}
    image: "{{ .Values.database.internal.image.repository }}"
    {{- else }}
    image: "{{ .Values.database.internal.image.hub | default .Values.global.hub }}/{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    livenessProbe:
    exec:
    command:
    ......
    templates/ingress/ingress.yaml
    View file @ 007cbd96
    ......@@ -28,6 +28,7 @@
    {{- end }}
    ---
    {{- if not (.Capabilities.APIVersions.Has "bcc.bd-apaas.com/v1alpha1") -}}
    {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion }}
    apiVersion: extensions/v1beta1
    {{- else }}
    ......@@ -55,7 +56,7 @@ spec:
    - secretName: {{ template "harbor.tlsCoreSecretForIngress" . }}
    {{- if $ingress.hosts.core }}
    hosts:
    - {{ $ingress.hosts.core }}
    - {{ $ingress.hosts.core }}.{{ $.Values.global.host }}
    {{- end }}
    {{- end }}
    rules:
    ......@@ -86,7 +87,7 @@ spec:
    serviceName: {{ template "harbor.core" . }}
    servicePort: {{ template "harbor.core.servicePort" . }}
    {{- if $ingress.hosts.core }}
    host: {{ $ingress.hosts.core }}
    host: {{ $ingress.hosts.core }}.{{ $.Values.global.host }}
    {{- end }}
    {{- if .Values.notary.enabled }}
    ......@@ -115,7 +116,7 @@ spec:
    - secretName: {{ template "harbor.tlsNotarySecretForIngress" . }}
    {{- if $ingress.hosts.notary }}
    hosts:
    - {{ $ingress.hosts.notary }}
    - {{ $ingress.hosts.notary }}.{{ $.Values.global.host }}
    {{- end }}
    {{- end }}
    rules:
    ......@@ -126,8 +127,9 @@ spec:
    serviceName: {{ template "harbor.notary-server" . }}
    servicePort: 4443
    {{- if $ingress.hosts.notary }}
    host: {{ $ingress.hosts.notary }}
    host: {{ $ingress.hosts.notary }}.{{ $.Values.global.host }}
    {{- end }}
    {{- end }}
    {{- end }}
    {{- end }}
    \ No newline at end of file
    templates/ingress/ingresshost.yaml
    View file @ 007cbd96
    ......@@ -11,7 +11,7 @@ metadata:
    labels:
    {{ include "harbor.labels" . | nindent 4 }}
    spec:
    host: "{{ .Values.expose.ingress.hosts.core }}"
    host: "{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}"
    ---
    apiVersion: bcc.bd-apaas.com/v1alpha1
    kind: IngressHost
    ......@@ -24,5 +24,5 @@ metadata:
    labels:
    {{ include "harbor.labels" . | nindent 4 }}
    spec:
    host: "{{ .Values.expose.ingress.hosts.notary }}"
    host: "{{ .Values.expose.ingress.hosts.notary }}.{{ $.Values.global.host }}"
    {{- end -}}
    templates/ingress/ingressroute.yaml
    View file @ 007cbd96
    ......@@ -14,39 +14,39 @@ spec:
    entryPoints:
    - websecure
    routes:
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/`)
    kind: Rule
    services:
    - name: {{ template "harbor.portal" . }}
    port: {{ template "harbor.portal.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/api/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/api/`)
    kind: Rule
    services:
    - name: {{ template "harbor.core" . }}
    port: {{ template "harbor.core.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/service/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/service/`)
    kind: Rule
    services:
    - name: {{ template "harbor.core" . }}
    port: {{ template "harbor.core.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/v2/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/v2/`)
    kind: Rule
    middlewares:
    - name: "{{ template "harbor.ingress" . }}-https"
    services:
    - name: {{ template "harbor.core" . }}
    port: {{ template "harbor.core.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/chartrepo/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/chartrepo/`)
    kind: Rule
    services:
    - name: {{ template "harbor.core" . }}
    port: {{ template "harbor.core.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/c/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/c/`)
    kind: Rule
    services:
    - name: {{ template "harbor.core" . }}
    port: {{ template "harbor.core.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.notary }}`) && PathPrefix(`/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.notary }}.{{ $.Values.global.host }}`) && PathPrefix(`/`)
    kind: Rule
    services:
    - name: {{ template "harbor.notary-server" . }}
    ......@@ -68,37 +68,37 @@ spec:
    entryPoints:
    - web
    routes:
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/`)
    kind: Rule
    services:
    - name: {{ template "harbor.portal" . }}
    port: {{ template "harbor.portal.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/api/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/api/`)
    kind: Rule
    services:
    - name: {{ template "harbor.core" . }}
    port: {{ template "harbor.core.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/service/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/service/`)
    kind: Rule
    services:
    - name: {{ template "harbor.core" . }}
    port: {{ template "harbor.core.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/v2/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/v2/`)
    kind: Rule
    services:
    - name: {{ template "harbor.core" . }}
    port: {{ template "harbor.core.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/chartrepo/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/chartrepo/`)
    kind: Rule
    services:
    - name: {{ template "harbor.core" . }}
    port: {{ template "harbor.core.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/c/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/c/`)
    kind: Rule
    services:
    - name: {{ template "harbor.core" . }}
    port: {{ template "harbor.core.servicePort" . }}
    - match: Host(`{{ .Values.expose.ingress.hosts.notary }}`) && PathPrefix(`/`)
    - match: Host(`{{ .Values.expose.ingress.hosts.notary }}.{{ $.Values.global.host }}`) && PathPrefix(`/`)
    kind: Rule
    services:
    - name: {{ template "harbor.notary-server" . }}
    ......
    templates/jobservice/jobservice-dpl.yaml
    View file @ 007cbd96
    ......@@ -46,8 +46,12 @@ spec:
    {{- end }}
    containers:
    - name: jobservice
    image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.jobservice.image.repository }}
    image: "{{ .Values.jobservice.image.repository }}"
    {{- else }}
    image: "{{ .Values.jobservice.image.hub | default .Values.global.hub }}/{{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    livenessProbe:
    httpGet:
    path: /api/v1/stats
    ......
    templates/nginx/deployment.yaml
    View file @ 007cbd96
    ......@@ -41,8 +41,12 @@ spec:
    {{- end }}
    containers:
    - name: nginx
    image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}"
    imagePullPolicy: "{{ .Values.imagePullPolicy }}"
    {{- if contains "/" .Values.nginx.image.repository }}
    image: "{{ .Values.nginx.image.repository }}"
    {{- else }}
    image: "{{ .Values.nginx.image.hub | default .Values.global.hub }}/{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    {{- $_ := set . "scheme" "HTTP" -}}
    {{- $_ := set . "port" "8080" -}}
    {{- if .Values.expose.tls.enabled }}
    ......
    templates/notary/notary-server.yaml
    View file @ 007cbd96
    ......@@ -35,8 +35,12 @@ spec:
    {{- end }}
    containers:
    - name: notary-server
    image: {{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.notary.server.image.repository }}
    image: "{{ .Values.notary.server.image.repository }}"
    {{- else }}
    image: "{{ .Values.notary.server.image.hub | default .Values.global.hub }}/{{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    {{- if .Values.notary.server.resources }}
    resources:
    {{ toYaml .Values.notary.server.resources | indent 10 }}
    ......
    templates/notary/notary-signer.yaml
    View file @ 007cbd96
    ......@@ -31,8 +31,12 @@ spec:
    {{- end }}
    containers:
    - name: notary-signer
    image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.notary.signer.image.repository }}
    image: "{{ .Values.notary.signer.image.repository }}"
    {{- else }}
    image: "{{ .Values.notary.signer.image.hub | default .Values.global.hub }}/{{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    {{- if .Values.notary.signer.resources }}
    resources:
    {{ toYaml .Values.notary.signer.resources | indent 10 }}
    ......
    templates/portal/deployment.yaml
    View file @ 007cbd96
    ......@@ -35,8 +35,12 @@ spec:
    {{- end }}
    containers:
    - name: portal
    image: {{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.portal.image.repository }}
    image: "{{ .Values.portal.image.repository }}"
    {{- else }}
    image: "{{ .Values.portal.image.hub | default .Values.global.hub }}/{{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    {{- if .Values.portal.resources }}
    resources:
    {{ toYaml .Values.portal.resources | indent 10 }}
    ......
    templates/redis/statefulset.yaml
    View file @ 007cbd96
    ......@@ -37,6 +37,12 @@ spec:
    - name: redis
    image: {{ .Values.redis.internal.image.repository }}:{{ .Values.redis.internal.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.chartmuseum.image.repository }}
    image: "{{ .Values.chartmuseum.image.repository }}"
    {{- else }}
    image: "{{ .Values.chartmuseum.image.hub | default .Values.global.hub }}/{{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    livenessProbe:
    tcpSocket:
    port: 6379
    ......
    templates/registry/registry-dpl.yaml
    View file @ 007cbd96
    ......@@ -46,8 +46,12 @@ spec:
    {{- end }}
    containers:
    - name: registry
    image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.registry.image.repository }}
    image: "{{ .Values.registry.image.repository }}"
    {{- else }}
    image: "{{ .Values.registry.image.hub | default .Values.global.hub }}/{{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    livenessProbe:
    httpGet:
    path: /
    ......
    templates/trivy/trivy-sts.yaml
    View file @ 007cbd96
    ......@@ -44,8 +44,12 @@ spec:
    automountServiceAccountToken: false
    containers:
    - name: trivy
    image: {{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag }}
    imagePullPolicy: {{ .Values.imagePullPolicy }}
    {{- if contains "/" .Values.trivy.image.repository }}
    image: "{{ .Values.trivy.image.repository }}"
    {{- else }}
    image: "{{ .Values.trivy.image.hub | default .Values.global.hub }}/{{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
    {{- end }}
    imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
    securityContext:
    privileged: false
    allowPrivilegeEscalation: false
    ......
    values-operator.yaml 0 → 100644
    View file @ 007cbd96
    global:
    hub: registry.cn-qingdao.aliyuncs.com/wod
    imagePullPolicy: "IfNotPresent"
    arch: amd64
    host: wodcloud.local
    \ No newline at end of file
    values.yaml
    View file @ 007cbd96
    ......@@ -8,7 +8,7 @@ expose:
    # is disabled, the port must be included in the command when pull/push
    # images. Refer to https://github.com/goharbor/harbor/issues/5291
    # for the detail.
    enabled: true
    enabled: false
    # The source of the tls certificate. Set it as "auto", "secret"
    # or "none" and fill the information in the corresponding section
    # 1) auto: generate the tls certificate automatically
    ......@@ -33,8 +33,8 @@ expose:
    notarySecretName: ""
    ingress:
    hosts:
    core: core.harbor.domain
    notary: notary.harbor.domain
    core: hub
    notary: notary
    # set to the type of ingress controller if it has specific requirements.
    # leave as `default` for most ingress controllers.
    # set to `gce` if using the GCE ingress controller
    ......@@ -105,7 +105,7 @@ expose:
    # the IP address of k8s node
    #
    # If Harbor is deployed behind the proxy, set it as the URL of proxy
    externalURL: https://core.harbor.domain
    externalURL: https://hub
    # The internal TLS used for harbor components secure communicating. In order to enable https
    # in each components tls cert files need to provided in advance.
    ......@@ -198,19 +198,19 @@ persistence:
    # Specify the "storageClass" used to provision the volume. Or the default
    # StorageClass will be used(the default).
    # Set it to "-" to disable dynamic provisioning
    storageClass: ""
    storageClass: "hostpath"
    subPath: ""
    accessMode: ReadWriteOnce
    size: 5Gi
    size: 500Gi
    chartmuseum:
    existingClaim: ""
    storageClass: ""
    storageClass: "hostpath"
    subPath: ""
    accessMode: ReadWriteOnce
    size: 5Gi
    jobservice:
    existingClaim: ""
    storageClass: ""
    storageClass: "hostpath"
    subPath: ""
    accessMode: ReadWriteOnce
    size: 1Gi
    ......@@ -218,21 +218,21 @@ persistence:
    # be ignored
    database:
    existingClaim: ""
    storageClass: ""
    storageClass: "hostpath"
    subPath: ""
    accessMode: ReadWriteOnce
    size: 1Gi
    size: 10Gi
    # If external Redis is used, the following settings for Redis will
    # be ignored
    redis:
    existingClaim: ""
    storageClass: ""
    storageClass: "hostpath"
    subPath: ""
    accessMode: ReadWriteOnce
    size: 1Gi
    trivy:
    existingClaim: ""
    storageClass: ""
    storageClass: "hostpath"
    subPath: ""
    accessMode: ReadWriteOnce
    size: 5Gi
    ......@@ -338,7 +338,7 @@ updateStrategy:
    logLevel: info
    # The initial password of Harbor admin. Change it from portal after launching Harbor
    harborAdminPassword: "Harbor12345"
    harborAdminPassword: "spaceIN511"
    # The name of the secret which contains key named "ca.crt". Setting this enables the
    # download link on portal to download the certificate of CA when the certificate isn't
    ......@@ -346,7 +346,7 @@ harborAdminPassword: "Harbor12345"
    caSecretName: ""
    # The secret key used for encryption. Must be a string of 16 chars.
    secretKey: "not-a-secure-key"
    secretKey: "IpTIscRIgmerlare"
    # The proxy settings for updating clair vulnerabilities from the Internet and replicating
    # artifacts from/to the registries that cannot be reached directly
    ......@@ -374,7 +374,7 @@ proxy:
    # If expose the service via "ingress", the Nginx will not be used
    nginx:
    image:
    repository: goharbor/nginx-photon
    repository: nginx
    tag: v2.1.3
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    ......@@ -391,7 +391,7 @@ nginx:
    portal:
    image:
    repository: goharbor/harbor-portal
    repository: harbor-portal
    tag: v2.1.3
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    ......@@ -408,7 +408,7 @@ portal:
    core:
    image:
    repository: goharbor/harbor-core
    repository: harbor-core
    tag: v2.1.3
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    ......@@ -442,7 +442,7 @@ core:
    jobservice:
    image:
    repository: goharbor/harbor-jobservice
    repository: harbor-jobservice
    tag: v2.1.3
    replicas: 1
    # set the service account to be used, default if left empty
    ......@@ -469,15 +469,16 @@ registry:
    serviceAccountName: ""
    registry:
    image:
    repository: goharbor/registry-photon
    tag: v2.1.3
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    repository: registry
    tag: 2.7.1
    resources:
    limits:
    memory: 4Gi
    requests:
    memory: 256Mi
    controller:
    image:
    repository: goharbor/harbor-registryctl
    repository: harbor-registryctl
    tag: v2.1.3
    # resources:
    ......@@ -524,8 +525,13 @@ chartmuseum:
    # Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true'
    absoluteUrl: false
    image:
    repository: goharbor/chartmuseum-photon
    repository: harbor-chartmuseum
    tag: v2.1.3
    storageSpec:
    type: hostPath
    emptyDir: {}
    hostPath:
    root: /data
    replicas: 1
    # resources:
    # requests:
    ......@@ -543,7 +549,7 @@ clair:
    serviceAccountName: ""
    clair:
    image:
    repository: goharbor/clair-photon
    repository: harbor-clair
    tag: v2.1.3
    # resources:
    # requests:
    ......@@ -551,7 +557,7 @@ clair:
    # cpu: 100m
    adapter:
    image:
    repository: goharbor/clair-adapter-photon
    repository: harbor-clair-adapter
    tag: v2.1.3
    # resources:
    # requests:
    ......@@ -572,7 +578,7 @@ trivy:
    enabled: true
    image:
    # repository the repository for Trivy adapter image
    repository: goharbor/trivy-adapter-photon
    repository: harbor-trivy-adapter
    # tag the tag for Trivy adapter image
    tag: v2.1.3
    # set the service account to be used, default if left empty
    ......@@ -630,7 +636,7 @@ notary:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
    repository: goharbor/notary-server-photon
    repository: harbor-notary-server
    tag: v2.1.3
    replicas: 1
    # resources:
    ......@@ -641,7 +647,7 @@ notary:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
    repository: goharbor/notary-signer-photon
    repository: harbor-notary-signer
    tag: v2.1.3
    replicas: 1
    # resources:
    ......@@ -669,14 +675,15 @@ database:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
    repository: goharbor/harbor-db
    repository: harbor-db
    tag: v2.1.3
    # The initial superuser password for internal database
    password: "changeit"
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    password: "spaceIN511"
    resources:
    limits:
    memory: 4Gi
    requests:
    memory: 256Mi
    nodeSelector: {}
    tolerations: []
    affinity: {}
    ......@@ -715,8 +722,8 @@ redis:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
    repository: goharbor/redis-photon
    tag: v2.1.3
    repository: redis
    tag: 6.0.9
    # resources:
    # requests:
    # memory: 256Mi
    ......
    Markdown is supported
    0% or
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment