update

007cbd96 · 舒成 · 5f8168a0 · 007cbd96 · 007cbd96 · 007cbd96
Commit 007cbd96 authored Mar 31, 2021 by 舒成
28 changed files
--- a/conf/notary-server.json
+++ b/conf/notary-server.json
@@ -19,7 +19,7 @@
  "auth": {
    "type": "token",
    "options": {
-      "realm": "{{ .Values.externalURL }}/service/token",
+      "realm": "{{ .Values.externalURL }}.{{ $.Values.global.host }}/service/token",
      "service": "harbor-notary",
      "issuer": "harbor-token-issuer",
      "rootcertbundle": "/root.crt"

--- a/values-aliyun.yaml
+++ b/values-aliyun.yaml
@@ -73,17 +73,17 @@ secretKey: "IpTIscRIgmerlare"
 portal:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
-    tag: v2.1.1
+    tag: v2.1.3
 core:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
-    tag: v2.1.1
+    tag: v2.1.3
 jobservice:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
-    tag: v2.1.1
+    tag: v2.1.3
 registry:
  registry:
@@ -98,12 +98,12 @@ registry:
  controller:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
-      tag: v2.1.1
+      tag: v2.1.3
 chartmuseum:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum
-    tag: v2.1.1
+    tag: v2.1.3
  nodeSelector: {}
  # nodeSelector:
  #   harbor: enabled
@@ -117,33 +117,33 @@ clair:
  clair:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair
-      tag: v2.1.1
+      tag: v2.1.3
  adapter:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter
-      tag: v2.1.1
+      tag: v2.1.3
 trivy:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter
-    tag: v2.1.1
+    tag: v2.1.3
 notary:
  server:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server
-      tag: v2.1.1
+      tag: v2.1.3
  signer:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer
-      tag: v2.1.1
+      tag: v2.1.3
 database:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
-      tag: v2.1.1
+      tag: v2.1.3
    password: "spaceIN511"
    resources:
      limits:

--- a/values-arm.yaml
+++ b/values-arm.yaml
@@ -73,17 +73,17 @@ secretKey: "IpTIscRIgmerlare"
 portal:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
-    tag: v2.1.1-arm64
+    tag: v2.1.3-arm64
 core:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
-    tag: v2.1.1-arm64
+    tag: v2.1.3-arm64
 jobservice:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
-    tag: v2.1.1-arm64
+    tag: v2.1.3-arm64
 registry:
  registry:
@@ -98,12 +98,12 @@ registry:
  controller:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
-      tag: v2.1.1-arm64
+      tag: v2.1.3-arm64
 chartmuseum:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum
-    tag: v2.1.1-arm64
+    tag: v2.1.3-arm64
  nodeSelector: {}
  # nodeSelector:
  #   harbor: enabled
@@ -117,33 +117,33 @@ clair:
  clair:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair
-      tag: v2.1.1-arm64
+      tag: v2.1.3-arm64
  adapter:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter
-      tag: v2.1.1-arm64
+      tag: v2.1.3-arm64
 trivy:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter
-    tag: v2.1.1-arm64
+    tag: v2.1.3-arm64
 notary:
  server:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server
-      tag: v2.1.1-arm64
+      tag: v2.1.3-arm64
  signer:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer
-      tag: v2.1.1-arm64
+      tag: v2.1.3-arm64
 database:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
-      tag: v2.1.1-arm64
+      tag: v2.1.3-arm64
    password: "spaceIN511"
    resources:
      limits:

--- a/values-pg.yaml
+++ b/values-pg.yaml
--- a/values-ppc64le.yaml
+++ b/values-ppc64le.yaml
--- a/values-stolon.yaml
+++ b/values-stolon.yaml
--- a/raws/values.yaml
+++ b/raws/values.yaml
--- a/templates/NOTES.txt
+++ b/templates/NOTES.txt
 Please wait for several minutes for Harbor deployment to complete.
-Then you should be able to visit the Harbor portal at {{ .Values.externalURL }}
+Then you should be able to visit the Harbor portal at {{ .Values.externalURL }}.{{ $.Values.global.host }}
 For more details, please visit https://github.com/goharbor/harbor
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
+{{/*
+Create chart arch suffix.
+*/}}
+{{- define "beagle.arch" -}}
+{{- if not (eq "amd64" .Values.global.arch) -}}
+{{- print "-" .Values.global.arch -}}
+{{- else -}}
+{{- print "" -}}
+{{- end -}}
+{{- end }}
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.

--- a/templates/chartmuseum/chartmuseum-cm.yaml
+++ b/templates/chartmuseum/chartmuseum-cm.yaml
@@ -21,7 +21,7 @@ data:
  CACHE_REDIS_DB: "{{ template "harbor.redis.dbForChartmuseum" . }}"
  BASIC_AUTH_USER: "chart_controller"
 {{- if .Values.chartmuseum.absoluteUrl }}
-  CHART_URL: {{ .Values.externalURL }}/chartrepo
+  CHART_URL: {{ .Values.externalURL }}.{{ $.Values.global.host }}/chartrepo
 {{- end }}
  DEPTH: "1"
 {{- if eq .Values.logLevel "debug" }}

--- a/templates/chartmuseum/chartmuseum-dpl.yaml
+++ b/templates/chartmuseum/chartmuseum-dpl.yaml
@@ -46,8 +46,12 @@ spec:
      {{- end }}
      containers:
      - name: chartmuseum
-        image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
+{{- if contains "/" .Values.chartmuseum.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.chartmuseum.image.repository }}"
+{{- else }}
+        image: "{{ .Values.chartmuseum.image.hub | default .Values.global.hub }}/{{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        livenessProbe:
          httpGet:
            path: /health

--- a/templates/clair/clair-dpl.yaml
+++ b/templates/clair/clair-dpl.yaml
@@ -39,8 +39,12 @@ spec:
      {{- end }}
      containers:
      - name: clair
-        image: {{ .Values.clair.clair.image.repository }}:{{ .Values.clair.clair.image.tag }}
+{{- if contains "/" .Values.clair.clair.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.clair.clair.image.repository }}"
+{{- else }}
+        image: "{{ .Values.clair.clair.image.hub | default .Values.global.hub }}/{{ .Values.clair.clair.image.repository }}:{{ .Values.clair.clair.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        livenessProbe:
          httpGet:
            path: /health

--- a/templates/core/core-cm.yaml
+++ b/templates/core/core-cm.yaml
@@ -21,7 +21,7 @@ data:
  POSTGRESQL_SSLMODE: "{{ template "harbor.database.sslmode" . }}"
  POSTGRESQL_MAX_IDLE_CONNS: "{{ .Values.database.maxIdleConns }}"
  POSTGRESQL_MAX_OPEN_CONNS: "{{ .Values.database.maxOpenConns }}"
-  EXT_ENDPOINT: "{{ .Values.externalURL }}"
+  EXT_ENDPOINT: "{{ .Values.externalURL }}.{{ $.Values.global.host }}"
  CORE_URL: "{{ template "harbor.coreURL" . }}"
  JOBSERVICE_URL: "{{ template "harbor.jobserviceURL" . }}"
  REGISTRY_URL: "{{ template "harbor.registryURL" . }}"

--- a/templates/core/core-dpl.yaml
+++ b/templates/core/core-dpl.yaml
@@ -40,8 +40,12 @@ spec:
      {{- end }}
      containers:
      - name: core
-        image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
+{{- if contains "/" .Values.core.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.core.image.repository }}"
+{{- else }}
+        image: "{{ .Values.core.image.hub | default .Values.global.hub }}/{{ .Values.core.image.repository }}:{{ .Values.core.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        {{- if .Values.core.startupProbe.enabled }}
        startupProbe:
          httpGet:

--- a/templates/database/database-ss.yaml
+++ b/templates/database/database-ss.yaml
@@ -36,8 +36,12 @@ spec:
      - name: "change-permission-of-directory"
        securityContext:
          runAsUser: 0
-        image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
+{{- if contains "/" .Values.database.internal.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.database.internal.image.repository }}"
+{{- else }}
+        image: "{{ .Values.database.internal.image.hub | default .Values.global.hub }}/{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        command: ["/bin/sh"]
        args: ["-c", "chown -R postgres:postgres /var/lib/postgresql/data"]
        volumeMounts:
@@ -45,8 +49,12 @@ spec:
          mountPath: /var/lib/postgresql/data
          subPath: {{ $database.subPath }}
      - name: "remove-lost-found"
-        image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
+{{- if contains "/" .Values.database.internal.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.database.internal.image.repository }}"
+{{- else }}
+        image: "{{ .Values.database.internal.image.hub | default .Values.global.hub }}/{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        command: ["rm", "-Rf", "/var/lib/postgresql/data/lost+found"]
        volumeMounts:
        - name: database-data
@@ -54,8 +62,12 @@ spec:
          subPath: {{ $database.subPath }}
      containers:
      - name: database
-        image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
+{{- if contains "/" .Values.database.internal.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.database.internal.image.repository }}"
+{{- else }}
+        image: "{{ .Values.database.internal.image.hub | default .Values.global.hub }}/{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        livenessProbe:
          exec:
            command:

--- a/templates/ingress/ingress.yaml
+++ b/templates/ingress/ingress.yaml
@@ -28,6 +28,7 @@
 {{- end }}
 ---
+{{- if not (.Capabilities.APIVersions.Has "bcc.bd-apaas.com/v1alpha1") -}}
 {{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion }}
 apiVersion: extensions/v1beta1
 {{- else }}
@@ -55,7 +56,7 @@ spec:
  - secretName: {{ template "harbor.tlsCoreSecretForIngress" . }}
    {{- if $ingress.hosts.core }}
    hosts:
-    - {{ $ingress.hosts.core }}
+    - {{ $ingress.hosts.core }}.{{ $.Values.global.host }}
    {{- end }}
  {{- end }}
  rules:
@@ -86,7 +87,7 @@ spec:
          serviceName: {{ template "harbor.core" . }}
          servicePort: {{ template "harbor.core.servicePort" . }}
    {{- if $ingress.hosts.core }}
-    host: {{ $ingress.hosts.core }}
+    host: {{ $ingress.hosts.core }}.{{ $.Values.global.host }}
    {{- end }}
 {{- if .Values.notary.enabled  }}
@@ -115,7 +116,7 @@ spec:
  - secretName: {{ template "harbor.tlsNotarySecretForIngress" . }}
    {{- if $ingress.hosts.notary }}
    hosts:
-    - {{ $ingress.hosts.notary }}
+    - {{ $ingress.hosts.notary }}.{{ $.Values.global.host }}
    {{- end }}
  {{- end }}
  rules:
@@ -126,8 +127,9 @@ spec:
          serviceName: {{ template "harbor.notary-server" . }}
          servicePort: 4443
    {{- if $ingress.hosts.notary }}
-    host: {{ $ingress.hosts.notary }}
+    host: {{ $ingress.hosts.notary }}.{{ $.Values.global.host }}
    {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}
\ No newline at end of file
--- a/templates/ingress/ingresshost.yaml
+++ b/templates/ingress/ingresshost.yaml
@@ -11,7 +11,7 @@ metadata:
  labels:
    {{ include "harbor.labels" . | nindent 4 }}
 spec:
-  host: "{{ .Values.expose.ingress.hosts.core }}" 
+  host: "{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}" 
 ---
 apiVersion: bcc.bd-apaas.com/v1alpha1
 kind: IngressHost
@@ -24,5 +24,5 @@ metadata:
  labels:
    {{ include "harbor.labels" . | nindent 4 }}
 spec:
-  host: "{{ .Values.expose.ingress.hosts.notary }}" 
+  host: "{{ .Values.expose.ingress.hosts.notary }}.{{ $.Values.global.host }}" 
 {{- end -}}
--- a/templates/ingress/ingressroute.yaml
+++ b/templates/ingress/ingressroute.yaml
@@ -14,39 +14,39 @@ spec:
  entryPoints:
    - websecure
  routes:
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/`)
      kind: Rule
      services:
      - name: {{ template "harbor.portal" . }}
        port: {{ template "harbor.portal.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/api/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/api/`)
      kind: Rule
      services:
      - name: {{ template "harbor.core" . }}
        port: {{ template "harbor.core.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/service/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/service/`)
      kind: Rule
      services:
      - name: {{ template "harbor.core" . }}
        port: {{ template "harbor.core.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/v2/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/v2/`)
      kind: Rule
      middlewares:
        - name: "{{ template "harbor.ingress" . }}-https"
      services:
      - name: {{ template "harbor.core" . }}
        port: {{ template "harbor.core.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/chartrepo/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/chartrepo/`)
      kind: Rule
      services:
      - name: {{ template "harbor.core" . }}
        port: {{ template "harbor.core.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/c/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/c/`)
      kind: Rule
      services:
      - name: {{ template "harbor.core" . }}
        port: {{ template "harbor.core.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.notary }}`) && PathPrefix(`/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.notary }}.{{ $.Values.global.host }}`) && PathPrefix(`/`)
      kind: Rule
      services:
      - name: {{ template "harbor.notary-server" . }}
@@ -68,37 +68,37 @@ spec:
  entryPoints:
    - web
  routes:
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/`)
      kind: Rule
      services:
      - name: {{ template "harbor.portal" . }}
        port: {{ template "harbor.portal.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/api/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/api/`)
      kind: Rule
      services:
      - name: {{ template "harbor.core" . }}
        port: {{ template "harbor.core.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/service/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/service/`)
      kind: Rule
      services:
      - name: {{ template "harbor.core" . }}
        port: {{ template "harbor.core.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/v2/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/v2/`)
      kind: Rule
      services:
      - name: {{ template "harbor.core" . }}
        port: {{ template "harbor.core.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/chartrepo/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/chartrepo/`)
      kind: Rule
      services:
      - name: {{ template "harbor.core" . }}
        port: {{ template "harbor.core.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.core }}`) && PathPrefix(`/c/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.core }}.{{ $.Values.global.host }}`) && PathPrefix(`/c/`)
      kind: Rule
      services:
      - name: {{ template "harbor.core" . }}
        port: {{ template "harbor.core.servicePort" . }}
-    - match: Host(`{{ .Values.expose.ingress.hosts.notary }}`) && PathPrefix(`/`)
+    - match: Host(`{{ .Values.expose.ingress.hosts.notary }}.{{ $.Values.global.host }}`) && PathPrefix(`/`)
      kind: Rule
      services:
      - name: {{ template "harbor.notary-server" . }}

--- a/templates/jobservice/jobservice-dpl.yaml
+++ b/templates/jobservice/jobservice-dpl.yaml
@@ -46,8 +46,12 @@ spec:
      {{- end }}
      containers:
      - name: jobservice
-        image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }}
+{{- if contains "/" .Values.jobservice.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.jobservice.image.repository }}"
+{{- else }}
+        image: "{{ .Values.jobservice.image.hub | default .Values.global.hub }}/{{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        livenessProbe:
          httpGet:
            path: /api/v1/stats

--- a/templates/nginx/deployment.yaml
+++ b/templates/nginx/deployment.yaml
@@ -41,8 +41,12 @@ spec:
      {{- end }}
      containers:
      - name: nginx
-        image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}"
+{{- if contains "/" .Values.nginx.image.repository }}
-        imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+        image: "{{ .Values.nginx.image.repository }}"
+{{- else }}
+        image: "{{ .Values.nginx.image.hub | default .Values.global.hub }}/{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        {{- $_ := set . "scheme" "HTTP" -}}
        {{- $_ := set . "port" "8080" -}}
        {{- if .Values.expose.tls.enabled }}

--- a/templates/notary/notary-server.yaml
+++ b/templates/notary/notary-server.yaml
@@ -35,8 +35,12 @@ spec:
      {{- end }}
      containers:
      - name: notary-server
-        image: {{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }}
+{{- if contains "/" .Values.notary.server.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.notary.server.image.repository }}"
+{{- else }}
+        image: "{{ .Values.notary.server.image.hub | default .Values.global.hub }}/{{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
 {{- if .Values.notary.server.resources }}
        resources:
 {{ toYaml .Values.notary.server.resources | indent 10 }}

--- a/templates/notary/notary-signer.yaml
+++ b/templates/notary/notary-signer.yaml
@@ -31,8 +31,12 @@ spec:
      {{- end }}
      containers:
      - name: notary-signer
-        image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }}
+{{- if contains "/" .Values.notary.signer.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.notary.signer.image.repository }}"
+{{- else }}
+        image: "{{ .Values.notary.signer.image.hub | default .Values.global.hub }}/{{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
 {{- if .Values.notary.signer.resources }}
        resources:
 {{ toYaml .Values.notary.signer.resources | indent 10 }}

--- a/templates/portal/deployment.yaml
+++ b/templates/portal/deployment.yaml
@@ -35,8 +35,12 @@ spec:
 {{- end }}
      containers:
      - name: portal
-        image: {{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }}
+{{- if contains "/" .Values.portal.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.portal.image.repository }}"
+{{- else }}
+        image: "{{ .Values.portal.image.hub | default .Values.global.hub }}/{{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
 {{- if .Values.portal.resources }}
        resources:
 {{ toYaml .Values.portal.resources | indent 10 }}

--- a/templates/redis/statefulset.yaml
+++ b/templates/redis/statefulset.yaml
@@ -37,6 +37,12 @@ spec:
      - name: redis
        image: {{ .Values.redis.internal.image.repository }}:{{ .Values.redis.internal.image.tag }}
        imagePullPolicy: {{ .Values.imagePullPolicy }}
+{{- if contains "/" .Values.chartmuseum.image.repository }}
+        image: "{{ .Values.chartmuseum.image.repository }}"
+{{- else }}
+        image: "{{ .Values.chartmuseum.image.hub | default .Values.global.hub }}/{{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        livenessProbe:
          tcpSocket:
            port: 6379

--- a/templates/registry/registry-dpl.yaml
+++ b/templates/registry/registry-dpl.yaml
@@ -46,8 +46,12 @@ spec:
      {{- end }}
      containers:
      - name: registry
-        image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }}
+{{- if contains "/" .Values.registry.image.repository }}
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        image: "{{ .Values.registry.image.repository }}"
+{{- else }}
+        image: "{{ .Values.registry.image.hub | default .Values.global.hub }}/{{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+        imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
        livenessProbe:
          httpGet:
            path: /

--- a/templates/trivy/trivy-sts.yaml
+++ b/templates/trivy/trivy-sts.yaml
@@ -44,8 +44,12 @@ spec:
      automountServiceAccountToken: false
      containers:
        - name: trivy
-          image: {{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag }}
+{{- if contains "/" .Values.trivy.image.repository }}
-          imagePullPolicy: {{ .Values.imagePullPolicy }}
+          image: "{{ .Values.trivy.image.repository }}"
+{{- else }}
+          image: "{{ .Values.trivy.image.hub | default .Values.global.hub }}/{{ .Values.trivy.image.repository }}:{{ .Values.trivy.image.tag | default .Values.global.tag }}{{ template "beagle.arch" . }}"
+{{- end }}
+          imagePullPolicy: "{{ .Values.imagePullPolicy | default .Values.global.imagePullPolicy }}"
          securityContext:
            privileged: false
            allowPrivilegeEscalation: false

--- a/values-operator.yaml
+++ b/values-operator.yaml
+global:
+  hub: registry.cn-qingdao.aliyuncs.com/wod
+  imagePullPolicy: "IfNotPresent"
+  arch: amd64
+  host: wodcloud.local
\ No newline at end of file
--- a/values.yaml
+++ b/values.yaml
@@ -8,7 +8,7 @@ expose:
    # is disabled, the port must be included in the command when pull/push
    # images. Refer to https://github.com/goharbor/harbor/issues/5291
    # for the detail.
-    enabled: true
+    enabled: false
    # The source of the tls certificate. Set it as "auto", "secret"
    # or "none" and fill the information in the corresponding section
    # 1) auto: generate the tls certificate automatically
@@ -33,8 +33,8 @@ expose:
      notarySecretName: ""
  ingress:
    hosts:
-      core: core.harbor.domain
+      core: hub
-      notary: notary.harbor.domain
+      notary: notary
    # set to the type of ingress controller if it has specific requirements.
    # leave as `default` for most ingress controllers.
    # set to `gce` if using the GCE ingress controller
@@ -105,7 +105,7 @@ expose:
 # the IP address of k8s node
 #
 # If Harbor is deployed behind the proxy, set it as the URL of proxy
-externalURL: https://core.harbor.domain
+externalURL: https://hub
 # The internal TLS used for harbor components secure communicating. In order to enable https
 # in each components tls cert files need to provided in advance.
@@ -198,19 +198,19 @@ persistence:
      # Specify the "storageClass" used to provision the volume. Or the default
      # StorageClass will be used(the default).
      # Set it to "-" to disable dynamic provisioning
-      storageClass: ""
+      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
-      size: 5Gi
+      size: 500Gi
    chartmuseum:
      existingClaim: ""
-      storageClass: ""
+      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      existingClaim: ""
-      storageClass: ""
+      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
@@ -218,21 +218,21 @@ persistence:
    # be ignored
    database:
      existingClaim: ""
-      storageClass: ""
+      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
-      size: 1Gi
+      size: 10Gi
    # If external Redis is used, the following settings for Redis will
    # be ignored
    redis:
      existingClaim: ""
-      storageClass: ""
+      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    trivy:
      existingClaim: ""
-      storageClass: ""
+      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
@@ -338,7 +338,7 @@ updateStrategy:
 logLevel: info
 # The initial password of Harbor admin. Change it from portal after launching Harbor
-harborAdminPassword: "Harbor12345"
+harborAdminPassword: "spaceIN511"
 # The name of the secret which contains key named "ca.crt". Setting this enables the
 # download link on portal to download the certificate of CA when the certificate isn't
@@ -346,7 +346,7 @@ harborAdminPassword: "Harbor12345"
 caSecretName: ""
 # The secret key used for encryption. Must be a string of 16 chars.
-secretKey: "not-a-secure-key"
+secretKey: "IpTIscRIgmerlare"
 # The proxy settings for updating clair vulnerabilities from the Internet and replicating
 # artifacts from/to the registries that cannot be reached directly
@@ -374,7 +374,7 @@ proxy:
 # If expose the service via "ingress", the Nginx will not be used
 nginx:
  image:
-    repository: goharbor/nginx-photon
+    repository: nginx
    tag: v2.1.3
  # set the service account to be used, default if left empty
  serviceAccountName: ""
@@ -391,7 +391,7 @@ nginx:
 portal:
  image:
-    repository: goharbor/harbor-portal
+    repository: harbor-portal
    tag: v2.1.3
  # set the service account to be used, default if left empty
  serviceAccountName: ""
@@ -408,7 +408,7 @@ portal:
 core:
  image:
-    repository: goharbor/harbor-core
+    repository: harbor-core
    tag: v2.1.3
  # set the service account to be used, default if left empty
  serviceAccountName: ""
@@ -442,7 +442,7 @@ core:
 jobservice:
  image:
-    repository: goharbor/harbor-jobservice
+    repository: harbor-jobservice
    tag: v2.1.3
  replicas: 1
  # set the service account to be used, default if left empty
@@ -469,15 +469,16 @@ registry:
  serviceAccountName: ""
  registry:
    image:
-      repository: goharbor/registry-photon
+      repository: registry
-      tag: v2.1.3
+      tag: 2.7.1
-    # resources:
+    resources:
-    #  requests:
+      limits:
-    #    memory: 256Mi
+        memory: 4Gi
-    #    cpu: 100m
+      requests:
+        memory: 256Mi
  controller:
    image:
-      repository: goharbor/harbor-registryctl
+      repository: harbor-registryctl
      tag: v2.1.3
    # resources:
@@ -524,8 +525,13 @@ chartmuseum:
  # Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true'
  absoluteUrl: false
  image:
-    repository: goharbor/chartmuseum-photon
+    repository: harbor-chartmuseum
    tag: v2.1.3
+  storageSpec:
+    type: hostPath
+    emptyDir: {}
+    hostPath:
+      root: /data 
  replicas: 1
  # resources:
  #  requests:
@@ -543,7 +549,7 @@ clair:
  serviceAccountName: ""
  clair:
    image:
-      repository: goharbor/clair-photon
+      repository: harbor-clair
      tag: v2.1.3
    # resources:
    #  requests:
@@ -551,7 +557,7 @@ clair:
    #    cpu: 100m
  adapter:
    image:
-      repository: goharbor/clair-adapter-photon
+      repository: harbor-clair-adapter
      tag: v2.1.3
    # resources:
    #  requests:
@@ -572,7 +578,7 @@ trivy:
  enabled: true
  image:
    # repository the repository for Trivy adapter image
-    repository: goharbor/trivy-adapter-photon
+    repository: harbor-trivy-adapter
    # tag the tag for Trivy adapter image
    tag: v2.1.3
  # set the service account to be used, default if left empty
@@ -630,7 +636,7 @@ notary:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
-      repository: goharbor/notary-server-photon
+      repository: harbor-notary-server
      tag: v2.1.3
    replicas: 1
    # resources:
@@ -641,7 +647,7 @@ notary:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
-      repository: goharbor/notary-signer-photon
+      repository: harbor-notary-signer
      tag: v2.1.3
    replicas: 1
    # resources:
@@ -669,14 +675,15 @@ database:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
-      repository: goharbor/harbor-db
+      repository: harbor-db
      tag: v2.1.3
    # The initial superuser password for internal database
-    password: "changeit"
+    password: "spaceIN511"
-    # resources:
+    resources:
-    #  requests:
+      limits:
-    #    memory: 256Mi
+        memory: 4Gi
-    #    cpu: 100m
+      requests:
+        memory: 256Mi
    nodeSelector: {}
    tolerations: []
    affinity: {}
@@ -715,8 +722,8 @@ redis:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    image:
-      repository: goharbor/redis-photon
+      repository: redis
-      tag: v2.1.3
+      tag: 6.0.9
    # resources:
    #  requests:
    #    memory: 256Mi