Skip to content

H
harbor
Commit 07226806 authored by root's avatar root
Browse files
Options

update 1.9

parent c8eeeb6e
Expand all Show whitespace changes
Inline Side-by-side
Showing with 1165 additions and 782 deletions
Chart.yaml
View file @ 07226806
name: harbor
version: 1.0.0
appVersion: v1.7.5
version: 1.1.1
appVersion: 1.8.1
description: An open source trusted cloud native registry that stores, signs, and scans content
keywords:
- docker
......
cert/tls.crt 0 → 100644
View file @ 07226806
-----BEGIN CERTIFICATE-----
MIIE0zCCArugAwIBAgIJAPY/OzLMeVq2MA0GCSqGSIb3DQEBCwUAMAAwHhcNMTkw
NDE4MDIyNzM3WhcNMjkwNDE1MDIyNzM3WjAAMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEA3xlUJs2b/aI2NLoy4OIQ+dn/yMb/O99iKDRyZKpH8rSOmS+o
F9unmSAzL65XA/v6nY0OLI/dASDjkqkBpIdTGzogR5f8UiB6osuEY7V71XZdzWLr
PjnJq6ZLAaoKmwG80W5+Wd6V8PygOx52mkr1w7IWKz+1ZLI5izbppon7XVGVRaAT
RvNZDiJ6CeJpcJ5H723lkf5RvJWatZLCYIYDbRfTiKsyQ/SlRcv5BVfHg/LJSH9Q
LGRhPMARldl9wyZCwZZDHxheI4a+26aa8MY3u9st/l0/Oo6VCTGpMiEhiGF2LVjp
UWq/+BP4SFEvJfq/DuinI139W/5aZZ7/HwRPlmYU6pXTRLyIg7jd+19fJwR7X37q
w0o8t06FhjmrCzaYCUjoReqDmHaNmZN/ddvG7jZWBu+jNh0YavsyQyCIVmv6yqSc
jPiD9uivxqTwjJidIBRfuUrz3aERQ7cQgf0qhqjIzflzHbFKhILocBWq7zyNl9hr
vUGT/WZcw0t/OtM72SPaplmTgVbbQRxf2VHzyptGIvtydlXK8thxOMpXo4e+Sl8d
1gdQcC4oisN9F29oNs8P5yFQP//xYuv8C607nCj1DzrId5avG/NVfKB/fbDKEFgN
2WhHInTzPLEcjF4fErcUAEuWW0buX/6FHCG3iTtrqyD92KTVDfN1J56rrcsCAwEA
AaNQME4wHQYDVR0OBBYEFFhNhTo4UAC2PUsf8jYaWj160vGEMB8GA1UdIwQYMBaA
FFhNhTo4UAC2PUsf8jYaWj160vGEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggIBAMAsEtVlELMwdtcifHeOT0kOmf5wo9In/eFSgscCzBMDaRx2B3q36AoS
Il7XWAZpevaR7W7yeARKaAshBLhygUqLD0zWbKlSN9Hprd1wdpM0ffyPpN5dxOYA
er04y12GRnCbMYqi4cvztP4TinXqq2yHSYhLbO9qkI5gbWVxkRuIcMKvixddllNY
Q3obJaDDHmovM3+g/G+1YFgt4qES38XnJ7BrSshHnn5EIQh286xfJriyrK2hHbLJ
qz0YuF6G3DXPeWGgXvj0Hipc0f8UDZkKkk/eGEI6vEkytyvoepoZI2XbAf/ZMy5n
KwuhEn4hhkFMwWaSWp/h0QdMCaxk4BVSOqmNVaLSB7+FjsIj4CasFotYiyJ2gpRB
Nf8QaS4bz0Tn1eBbC8ksj+e3ZWeX2b5wVMjql9jTt2X1ICs8KKe3vEBkjqT2AUi2
52TtKzm73aWrz/GPy/Q2LCor3Fh9FGVSBOBBDXGy6MJpNHJnYVH9EENFGOh85ol1
2pADOBB5vAU/kLB5LHPj2kue/FMiHaNnrSYIGrMlBSX2jj9EYa1uuUH+pd4MBj1F
5uH8ORiaQ6ht2+WHklxic1Rj5yTYQwVlH70CBOn+qVEdo63yQwzAMJKFIwlGUQEX
jiljgc86q4cZtUTFrcwMidbk+8Q6+JbDVg7HV/+pnC+wnv197kwe
-----END CERTIFICATE-----
cert/tls.key 0 → 100644
View file @ 07226806
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA3xlUJs2b/aI2NLoy4OIQ+dn/yMb/O99iKDRyZKpH8rSOmS+o
F9unmSAzL65XA/v6nY0OLI/dASDjkqkBpIdTGzogR5f8UiB6osuEY7V71XZdzWLr
PjnJq6ZLAaoKmwG80W5+Wd6V8PygOx52mkr1w7IWKz+1ZLI5izbppon7XVGVRaAT
RvNZDiJ6CeJpcJ5H723lkf5RvJWatZLCYIYDbRfTiKsyQ/SlRcv5BVfHg/LJSH9Q
LGRhPMARldl9wyZCwZZDHxheI4a+26aa8MY3u9st/l0/Oo6VCTGpMiEhiGF2LVjp
UWq/+BP4SFEvJfq/DuinI139W/5aZZ7/HwRPlmYU6pXTRLyIg7jd+19fJwR7X37q
w0o8t06FhjmrCzaYCUjoReqDmHaNmZN/ddvG7jZWBu+jNh0YavsyQyCIVmv6yqSc
jPiD9uivxqTwjJidIBRfuUrz3aERQ7cQgf0qhqjIzflzHbFKhILocBWq7zyNl9hr
vUGT/WZcw0t/OtM72SPaplmTgVbbQRxf2VHzyptGIvtydlXK8thxOMpXo4e+Sl8d
1gdQcC4oisN9F29oNs8P5yFQP//xYuv8C607nCj1DzrId5avG/NVfKB/fbDKEFgN
2WhHInTzPLEcjF4fErcUAEuWW0buX/6FHCG3iTtrqyD92KTVDfN1J56rrcsCAwEA
AQKCAgEAk8q8s4PrvYby79UVlWJNKqceykwBkxE1fjrYORWQ2hiAirxGV5+8lDT/
k6ujm1EWwb5K0HxxRKkb+PEa1HqNNHE6JxNpJKK9exDlYAQ+x7dFBqVr/2nazmo4
MB8MLYlmIztWWoSYwe8o2mEg4q+bxYs5Imdu7AkhE7dJ63hm23gLMfeMLalRqopu
XBPwE5nXP6aGuUNHtG1K8tQJDlZY+LEbAeOfReNQhT9NdRukYSW579vfKblJrSvz
ulg89sVm3cWEK5pB6rj9wJbK94voKftVqbbuBwWjd1a9pibKhwVBe2L2FWhpSZc5
F/coC7njTaYT6tr91y5VhhJhIZQCf/vv4Zl5XhFHs5VTZNbM/OfqyFQLYXVJO48K
F7tmazAEQQBQwVZqH9C9NQdzPHWmc38Okhtc1wzaqn/rg9+1sgAMD8hWCtQJUe97
b9ymh5A0Z4QXKpyFT0b+pXcD1jRha07UtkX+/zLJ9HpAXcUmzkG+j5CXNpnxsIq5
fJFeq3hBj9w6n4h+50M4W0Fse5YoEUsc3B0fz8BlQBb+YJLFLNH34MH8p1l0ZDYJ
yae0psxlBijg4OPZ+WCBa+jtFW4LiWgEcxwgz8w+hEOAQr2a1Dc7w8jd+Y4IK8Um
lTVs5dbp4mOmPMlRv/GM7kDudFqbMg3YFwXg3QbquVqLZzEzjVkCggEBAPJKZbCW
YfLejkS/fkRyV3VIb54mKwQHoMWub88tPgGuXzjsJyd5QTQ58PpUjXrLHmn8lS2+
viE8GJylKwN1yMlZw40+kZhpHUpCWx/2ZKjAqvqA9OOKo2fv6Hd/wOAnU4CtioC1
pri7lKFYXoP8DtQVwHYvIzCRqDnhc4mwJDqzTC9xduI+svxzl4xH82fx0jrPiFY+
/wOdXjyfIPjyhHC4jPTWbairwXS9dBjSl128aIRT580/yXE/SYAugg05jKtg5zQA
So13MTezXRHXdO0di3tEMHGREEkFpeVnnPQvCCedK0DV36iNwiWc8pwdfLMVneTt
DKwZedCx+o/7ev0CggEBAOu48DGEJJJzHxVR5mY1K2AlZyYtpTOWehK1zX74JvM3
YxN4nd+Zx5n9uSPmmKzqF3TU+44RVtdJK6ejoFE8dMDTNWaSLW/ZDmN1nT0njvOn
IWJn59ynOChWWKZgXZ/9UqGR7Pt6OxSkkex9c/fYBsMX/xusdXQigeogl0iOYVFW
gXIiiLRLHpHJsK/uNxIizj0hTYYn7uD7PRENwFRcCYf8J1eUFbd6DuCVWeQCKWgf
Nd2tSWoi0Vylj4uUX8Iw0tjLNMD5CREJEk4GSv4EDSmvUdv1LiBKJCL2lEcgoPeC
oOD2iCc5KqgnmQraRilFFk8RVXA9PWZGY3C0b6TVmmcCggEANZO2AOKALlCAbTtb
FI+kP08RP4t5H58AMjZsiweaGo0QiWnPDq+Fd6MIYpKn5mtcAlvUMRVovbioSJtN
c6psB/pNf8JCN82mqHEb7WlywM46AMLbZCWYFLe8VBBv+iE4GdBGPEfu4hK4vyTn
YZAvRz64HGo4Adlztbjg76V/nWtggW05uLXcpm55KJAQhv+2WULjBw9PHOGDoSwf
Am2+U567rLht70prsQDj10laJ2QuSHS1YXGlfeFcw3eFUp9TN+JpvdoCol2lCIgl
IHjgZj6ORWfCvpoxW7RgBuZukqCD0R60HdYtavxN3jtiepsapA83pxO0JapMgZWZ
rpURkQKCAQBOcEv9Liu9T/GX9pjkiezVIZ0hZy8B66DTeQvYpFrRtCyT3h8quNFi
vLtO5v0HDR6hEf5jWAG9wet07U37ulJfl+i9KQdVoLTZA9o+71ryWTsSs+DD3CEj
yxfUxVxiULmeaiChzhq608h7GYPthUU6xlFttAWhj5oLfqzYyAg6OL76a+Nxm02g
1ayl3m8U6eAXF23kpoUm+HNpqVnGuJmzVoUA75YKZ+NreEdhSBbfPwN9sJwtZUil
u7H4kHcM95Ix8eysCjKqKIqezBlITbDTnjNvLjcbJ5C+0a6lvIXT1vQR5/eGlc9M
BWE360pNkV/LD8mOf9Jepi2Q43oDL9EhAoIBAQDTWImfy0K9gGzA2rPy169mWYQK
OlcnD3+hQq6x51Zn1e/texFeVlhHn4rrnRdCFOAp47uFkJ2m72GCVD74EwQucK9y
AD5jorqgVHqCKZdkHjb2V60Mzm6g3rtL9WJXFVLvNBb/QGB2vgHVOO0zqiqGZj4e
Ex7l2m//5SE4DLtn70J9CgG1HtXCS8dWrGPL1pzDnk8VXtnoXzb0LChLUFEgZRmh
cV6AFHEK2H8wBHviNyehsRQiDkl2AiWOcJNvkzW68ck2nJjRWyPYK1JL3NCKpB3Q
OohrP0fHcWAXMW97wFXZhRfnQfDxxIOlj3McYT0AlanXd0F4NGc2Nvmphx04
-----END RSA PRIVATE KEY-----
docs/High Availability.md
View file @ 07226806
......@@ -53,7 +53,7 @@ Configure the followings items in `values.yaml`, you can also set them as parame
If you have no PVCs that can be shared across nodes, you can use external object storage to store images and charts and store the job logs in database. Set the `persistence.imageChartStorage.type` to the value you want to use and fill the corresponding section and set `jobservice.jobLogger` to `database`.
- **Replica**
Set `portal.replicas`, `adminserver.replicas`, `core.replicas`, `jobservice.replicas`, `registry.replicas`, `chartmuseum.replicas`, `clair.replicas`, `notary.server.replicas` and `notary.signer.replicas` to `n`(`n`>=2).
Set `portal.replicas`, `core.replicas`, `jobservice.replicas`, `registry.replicas`, `chartmuseum.replicas`, `clair.replicas`, `notary.server.replicas` and `notary.signer.replicas` to `n`(`n`>=2).
### Installation
Install the Harbor helm chart with a release name `my-release`:
......
readme.md
View file @ 07226806
This diff is collapsed.
templates/_helpers.tpl
View file @ 07226806
......@@ -13,7 +13,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
*/}}
{{- define "harbor.fullname" -}}
{{- $name := default "harbor" .Values.nameOverride -}}
{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Helm required labels */}}
......@@ -21,11 +21,13 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
chart: {{ .Chart.Name }}
app: "{{ template "harbor.name" . }}"
{{- end -}}
{{/* matchLabels */}}
{{- define "harbor.matchLabels" -}}
release: {{ .Release.Name }}
app: "{{ template "harbor.name" . }}"
{{- end -}}
{{- define "harbor.autoGenCert" -}}
......@@ -84,6 +86,10 @@ release: {{ .Release.Name }}
{{- end -}}
{{- end -}}
{{- define "harbor.database.escapedRawPassword" -}}
{{- include "harbor.database.rawPassword" . | urlquery | replace "+" "%20" -}}
{{- end -}}
{{- define "harbor.database.encryptedPassword" -}}
{{- include "harbor.database.rawPassword" . | b64enc | quote -}}
{{- end -}}
......@@ -129,15 +135,15 @@ release: {{ .Release.Name }}
{{- end -}}
{{- define "harbor.database.clair" -}}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.clairDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.clairDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
{{- end -}}
{{- define "harbor.database.notaryServer" -}}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notaryServerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notaryServerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
{{- end -}}
{{- define "harbor.database.notarySigner" -}}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notarySignerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.escapedRawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notarySignerDatabase" . }}?sslmode={{ template "harbor.database.sslmode" . }}
{{- end -}}
{{- define "harbor.redis.host" -}}
......@@ -194,10 +200,16 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{- end -}}
{{- end -}}
{{- define "harbor.redis.escapedRawPassword" -}}
{{- if (include "harbor.redis.rawPassword" . ) -}}
{{- include "harbor.redis.rawPassword" . | urlquery | replace "+" "%20" -}}
{{- end -}}
{{- end -}}
{{/*the username redis is used for a placeholder as no username needed in redis*/}}
{{- define "harbor.redisForJobservice" -}}
{{- if (include "harbor.redis.rawPassword" . ) -}}
{{- printf "redis://redis:%s@%s:%s/%s" (include "harbor.redis.rawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.jobserviceDatabaseIndex" . ) }}
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
{{- printf "redis://redis:%s@%s:%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.jobserviceDatabaseIndex" . ) }}
{{- else }}
{{- template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}/{{ template "harbor.redis.jobserviceDatabaseIndex" . }}
{{- end -}}
......@@ -205,8 +217,8 @@ postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.datab
{{/*the username redis is used for a placeholder as no username needed in redis*/}}
{{- define "harbor.redisForGC" -}}
{{- if (include "harbor.redis.rawPassword" . ) -}}
{{- printf "redis://redis:%s@%s:%s/%s" (include "harbor.redis.rawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.registryDatabaseIndex" . ) }}
{{- if (include "harbor.redis.escapedRawPassword" . ) -}}
{{- printf "redis://redis:%s@%s:%s/%s" (include "harbor.redis.escapedRawPassword" . ) (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.registryDatabaseIndex" . ) }}
{{- else }}
{{- printf "redis://%s:%s/%s" (include "harbor.redis.host" . ) (include "harbor.redis.port" . ) (include "harbor.redis.registryDatabaseIndex" . ) -}}
{{- end -}}
......@@ -232,10 +244,6 @@ host:port,pool_size,password
{{- printf "%s-redis" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.adminserver" -}}
{{- printf "%s-adminserver" (include "harbor.fullname" .) -}}
{{- end -}}
{{- define "harbor.jobservice" -}}
{{- printf "%s-jobservice" (include "harbor.fullname" .) -}}
{{- end -}}
......@@ -269,5 +277,5 @@ host:port,pool_size,password
{{- end -}}
{{- define "harbor.ingress" -}}
{{- printf "%s" (include "harbor.fullname" .) -}}
{{- printf "%s-ingress" (include "harbor.fullname" .) -}}
{{- end -}}
\ No newline at end of file
templates/adminserver/adminserver-cm.yaml deleted 100644 → 0
View file @ c8eeeb6e
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ template "harbor.adminserver" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
app: adminserver
data:
DATABASE_TYPE: "postgresql"
POSTGRESQL_HOST: "{{ template "harbor.database.host" . }}"
POSTGRESQL_PORT: "{{ template "harbor.database.port" . }}"
POSTGRESQL_USERNAME: "{{ template "harbor.database.username" . }}"
POSTGRESQL_DATABASE: "{{ template "harbor.database.coreDatabase" . }}"
POSTGRESQL_SSLMODE: "{{ template "harbor.database.sslmode" . }}"
EXT_ENDPOINT: "{{ .Values.externalURL }}"
CORE_URL: "http://{{ template "harbor.core" . }}"
JOBSERVICE_URL: "http://{{ template "harbor.fullname" . }}-jobservice"
REGISTRY_URL: "http://{{ template "harbor.registry" . }}:5000"
TOKEN_SERVICE_URL: "http://{{ template "harbor.core" . }}/service/token"
WITH_NOTARY: "{{ .Values.notary.enabled }}"
NOTARY_URL: "http://{{ template "harbor.notary-server" . }}:4443"
LOG_LEVEL: "{{ .Values.logLevel }}"
IMAGE_STORE_PATH: "/" # This is a temporary hack.
CFG_EXPIRATION: "5"
ADMIRAL_URL: "NA"
RESET: "false"
WITH_CLAIR: "{{ .Values.clair.enabled }}"
CLAIR_DB_HOST: "{{ template "harbor.database.host" . }}"
CLAIR_DB_PORT: "{{ template "harbor.database.port" . }}"
CLAIR_DB_USERNAME: "{{ template "harbor.database.username" . }}"
CLAIR_DB: "{{ template "harbor.database.clairDatabase" . }}"
CLAIR_URL: "http://{{ template "harbor.fullname" . }}-clair:6060"
CLAIR_DB_SSLMODE: "{{ template "harbor.database.sslmode" . }}"
UAA_ENDPOINT: ""
UAA_CLIENTID: ""
UAA_CLIENTSECRET: ""
UAA_VERIFY_CERT: "True"
REGISTRY_STORAGE_PROVIDER_NAME: "{{ .Values.persistence.imageChartStorage.type }}"
WITH_CHARTMUSEUM: "{{ .Values.chartmuseum.enabled }}"
CHART_REPOSITORY_URL: "http://{{ template "harbor.chartmuseum" . }}"
# The following properties have no default value in Harbor core if not
# set via env. They should be removed after the refactoring:
# AUTH_MODE, SELF_REGISTRATION, PROJECT_CREATION_RESTRICTION
AUTH_MODE: "db_auth"
SELF_REGISTRATION: "on"
PROJECT_CREATION_RESTRICTION: "everyone"
TOKEN_EXPIRATION: "30"
EMAIL_HOST: "smtp.mydomain.com"
EMAIL_FROM: "admin <sample_admin@mydomain.com>"
EMAIL_PORT: "25"
\ No newline at end of file
templates/adminserver/adminserver-dpl.yaml deleted 100644 → 0
View file @ c8eeeb6e
apiVersion: apps/v1
kind: Deployment
metadata:
name: "{{ template "harbor.adminserver" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
app: adminserver
spec:
replicas: {{ .Values.adminserver.replicas }}
selector:
matchLabels:
{{ include "harbor.matchLabels" . | indent 6 }}
app: adminserver
template:
metadata:
labels:
{{ include "harbor.labels" . | indent 8 }}
app: adminserver
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/adminserver/adminserver-cm.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/adminserver/adminserver-secrets.yaml") . | sha256sum }}
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
checksum/secret-jobservice: {{ include (print $.Template.BasePath "/jobservice/jobservice-secrets.yaml") . | sha256sum }}
{{- if .Values.adminserver.podAnnotations }}
{{ toYaml .Values.adminserver.podAnnotations | indent 8 }}
{{- end }}
spec:
containers:
- name: adminserver
image: "{{ .Values.adminserver.image.repository }}:{{ .Values.adminserver.image.tag }}"
imagePullPolicy: "{{ .Values.imagePullPolicy }}"
livenessProbe:
httpGet:
path: /api/ping
port: 8080
initialDelaySeconds: 1
periodSeconds: 10
readinessProbe:
httpGet:
path: /api/ping
port: 8080
initialDelaySeconds: 1
periodSeconds: 10
resources:
{{ toYaml .Values.adminserver.resources | indent 10 }}
envFrom:
- configMapRef:
name: "{{ template "harbor.adminserver" . }}"
- secretRef:
name: "{{ template "harbor.adminserver" . }}"
env:
- name: PORT
value: "8080"
- name: JSON_CFG_STORE_PATH
value: /etc/adminserver/config/config.json
- name: KEY_PATH
value: /etc/adminserver/key
- name: CORE_SECRET
valueFrom:
secretKeyRef:
name: "{{ template "harbor.core" . }}"
key: secret
- name: JOBSERVICE_SECRET
valueFrom:
secretKeyRef:
name: "{{ template "harbor.jobservice" . }}"
key: secret
ports:
- containerPort: 8080
volumeMounts:
- name: adminserver-key
mountPath: /etc/adminserver/key
subPath: key
- name: etc-localtime
mountPath: /etc/localtime
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: adminserver-key
secret:
secretName: "{{ template "harbor.adminserver" . }}"
items:
- key: secretKey
path: key
{{- with .Values.adminserver.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.adminserver.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.adminserver.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
\ No newline at end of file
templates/adminserver/adminserver-secrets.yaml deleted 100644 → 0
View file @ c8eeeb6e
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.adminserver" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
app: adminserver
type: Opaque
data:
secretKey: {{ .Values.secretKey | b64enc | quote }}
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
{{ if .Values.clair.enabled }}
CLAIR_DB_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
{{ end }}
templates/adminserver/adminserver-svc.yaml deleted 100644 → 0
View file @ c8eeeb6e
apiVersion: v1
kind: Service
metadata:
name: "{{ template "harbor.adminserver" . }}"
spec:
ports:
- port: 80
targetPort: 8080
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
app: adminserver
\ No newline at end of file
templates/chartmuseum/chartmuseum-cm.yaml
View file @ 07226806
......@@ -22,11 +22,11 @@ data:
DISABLE_API: "false"
DISABLE_STATEFILES: "false"
ALLOW_OVERWRITE: "true"
CHART_URL:
#CHART_URL: {{ .Values.externalURL }}/chartrepo
AUTH_ANONYMOUS_GET: "false"
TLS_CERT:
TLS_KEY:
CONTEXT_PATH:
TLS_CERT: ""
TLS_KEY: ""
CONTEXT_PATH: ""
INDEX_LIMIT: "0"
MAX_STORAGE_OBJECTS: "0"
MAX_UPLOAD_SIZE: "20971520"
......@@ -45,6 +45,7 @@ data:
{{- else if eq $storageType "gcs" }}
STORAGE: "google"
STORAGE_GOOGLE_BUCKET: {{ $storage.gcs.bucket }}
GOOGLE_APPLICATION_CREDENTIALS: /etc/chartmuseum/gcs-key.json
{{- if $storage.gcs.rootdirectory }}
STORAGE_GOOGLE_PREFIX: {{ $storage.gcs.rootdirectory }}
{{- end }}
......
templates/chartmuseum/chartmuseum-dpl.yaml
View file @ 07226806
......@@ -20,13 +20,11 @@ spec:
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-cm.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/chartmuseum/chartmuseum-secret.yaml") . | sha256sum }}
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
{{- if .Values.chartmuseum.podAnnotations }}
{{ toYaml .Values.chartmuseum.podAnnotations | indent 8 }}
{{- end }}
spec:
tolerations:
- effect: NoSchedule
operator: Exists
containers:
- name: chartmuseum
image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
......@@ -43,8 +41,10 @@ spec:
port: 9999
initialDelaySeconds: 1
periodSeconds: 10
{{- if .Values.chartmuseum.resources }}
resources:
{{ toYaml .Values.chartmuseum.resources | indent 10 }}
{{- end }}
envFrom:
- configMapRef:
name: "{{ template "harbor.chartmuseum" . }}"
......@@ -61,15 +61,33 @@ spec:
volumeMounts:
- name: chartmuseum-data
mountPath: /chart_storage
subPath: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.subPath }}
- name: etc-localtime
mountPath: /etc/localtime
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }}
- name: gcs-key
mountPath: /etc/chartmuseum/gcs-key.json
subPath: gcs-key.json
{{- end }}
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: chartmuseum-data
hostPath:
path: /data/{{ .Release.Namespace }}/{{ .Release.Name }}/chartmuseum
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.existingClaim | default (include "harbor.chartmuseum" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "gcs") }}
- name: gcs-key
secret:
secretName: {{ template "harbor.registry" . }}
items:
- key: GCS_KEY_DATA
path: gcs-key.json
{{- end }}
{{- with .Values.chartmuseum.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
......
templates/chartmuseum/chartmuseum-pvc.yaml 0 → 100644
View file @ 07226806
{{- if .Values.chartmuseum.enabled }}
{{- $persistence := .Values.persistence -}}
{{- if $persistence.enabled }}
{{- $chartmuseum := $persistence.persistentVolumeClaim.chartmuseum -}}
{{- if and (not $chartmuseum.existingClaim) (eq $persistence.imageChartStorage.type "filesystem") }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "harbor.chartmuseum" . }}
{{- if eq $persistence.resourcePolicy "keep" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
labels:
{{ include "harbor.labels" . | indent 4 }}
app: chartmuseum
spec:
accessModes:
- {{ $chartmuseum.accessMode }}
resources:
requests:
storage: {{ $chartmuseum.size }}
{{- if $chartmuseum.storageClass }}
{{- if eq "-" $chartmuseum.storageClass }}
storageClassName: ""
{{- else }}
storageClassName: {{ $chartmuseum.storageClass }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/clair/clair-dpl.yaml
View file @ 07226806
......@@ -51,8 +51,10 @@ spec:
{{- end }}
- name: NO_PROXY
value: "{{ template "harbor.registry" . }},{{ template "harbor.core" . }}"
{{- if .Values.clair.resources }}
resources:
{{ toYaml .Values.clair.resources | indent 10 }}
{{- end }}
ports:
- containerPort: 6060
volumeMounts:
......
templates/clair/clair-svc.yaml
View file @ 07226806
......@@ -7,7 +7,10 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
spec:
ports:
- port: 6060
- name: clair
port: 6060
- name: health
port: 6061
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
app: clair
......
templates/common/certificate-secret.yaml deleted 100644 → 0
View file @ c8eeeb6e
{{- if eq (include "harbor.autoGenCert" .) "true" }}
{{- $cn := (required "The \"expose.tls.commonName\" is required!" (include "harbor.common-name" .)) }}
{{- $ca := genCA "harbor-ca" 365 }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.certificate" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
{{- if regexMatch `^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$` $cn }}
{{- $cert := genSignedCert $cn (list $cn) nil 365 $ca }}
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
{{- else }}
{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca }}
tls.crt: {{ $cert.Cert | b64enc | quote }}
tls.key: {{ $cert.Key | b64enc | quote }}
ca.crt: {{ $ca.Cert | b64enc | quote }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/core/core-cm.yaml
View file @ 07226806
......@@ -7,8 +7,41 @@ metadata:
data:
app.conf: |+
appname = Harbor
runmode = prod
runmode = dev
enablegzip = true
[prod]
[dev]
httpport = 8080
DATABASE_TYPE: "postgresql"
POSTGRESQL_HOST: "{{ template "harbor.database.host" . }}"
POSTGRESQL_PORT: "{{ template "harbor.database.port" . }}"
POSTGRESQL_USERNAME: "{{ template "harbor.database.username" . }}"
POSTGRESQL_DATABASE: "{{ template "harbor.database.coreDatabase" . }}"
POSTGRESQL_SSLMODE: "{{ template "harbor.database.sslmode" . }}"
EXT_ENDPOINT: "{{ .Values.externalURL }}"
CORE_URL: "http://{{ template "harbor.core" . }}"
JOBSERVICE_URL: "http://{{ template "harbor.fullname" . }}-jobservice"
REGISTRY_URL: "http://{{ template "harbor.registry" . }}:5000"
TOKEN_SERVICE_URL: "http://{{ template "harbor.core" . }}/service/token"
WITH_NOTARY: "{{ .Values.notary.enabled }}"
NOTARY_URL: "http://{{ template "harbor.notary-server" . }}:4443"
CFG_EXPIRATION: "5"
WITH_CLAIR: "{{ .Values.clair.enabled }}"
CLAIR_DB_HOST: "{{ template "harbor.database.host" . }}"
CLAIR_DB_PORT: "{{ template "harbor.database.port" . }}"
CLAIR_DB_USERNAME: "{{ template "harbor.database.username" . }}"
CLAIR_DB: "{{ template "harbor.database.clairDatabase" . }}"
CLAIR_DB_SSLMODE: "{{ template "harbor.database.sslmode" . }}"
CLAIR_URL: "http://{{ template "harbor.fullname" . }}-clair:6060"
REGISTRY_STORAGE_PROVIDER_NAME: "{{ .Values.persistence.imageChartStorage.type }}"
WITH_CHARTMUSEUM: "{{ .Values.chartmuseum.enabled }}"
CHART_REPOSITORY_URL: "http://{{ template "harbor.chartmuseum" . }}"
LOG_LEVEL: "{{ .Values.logLevel }}"
CONFIG_PATH: "/etc/core/app.conf"
SYNC_REGISTRY: "false"
CHART_CACHE_DRIVER: "redis"
_REDIS_URL: "{{ template "harbor.redisForCore" . }}"
_REDIS_URL_REG: "{{ template "harbor.redisForGC" . }}"
PORTAL_URL: "http://{{ template "harbor.portal" . }}"
REGISTRYCTL_URL: "http://{{ template "harbor.registry" . }}:8080"
CLAIR_HEALTH_CHECK_SERVER_URL: "http://{{ template "harbor.clair" . }}:6061"
\ No newline at end of file
templates/core/core-dpl.yaml
View file @ 07226806
......@@ -19,6 +19,7 @@ spec:
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/core/core-cm.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
checksum/secret-jobservice: {{ include (print $.Template.BasePath "/jobservice/jobservice-secrets.yaml") . | sha256sum }}
{{- if .Values.core.podAnnotations }}
{{ toYaml .Values.core.podAnnotations | indent 8 }}
{{- end }}
......@@ -39,6 +40,11 @@ spec:
port: 8080
initialDelaySeconds: 20
periodSeconds: 10
envFrom:
- configMapRef:
name: "{{ template "harbor.core" . }}"
- secretRef:
name: "{{ template "harbor.core" . }}"
env:
- name: CORE_SECRET
valueFrom:
......@@ -50,20 +56,6 @@ spec:
secretKeyRef:
name: "{{ template "harbor.jobservice" . }}"
key: secret
- name: _REDIS_URL
value: {{ template "harbor.redisForCore" . }}
- name: _REDIS_URL_REG
value: {{ template "harbor.redisForGC" . }}
- name: LOG_LEVEL
value: {{ .Values.logLevel }}
- name: CONFIG_PATH
value: /etc/core/app.conf
- name: SYNC_REGISTRY
value: "false"
- name: ADMINSERVER_URL
value: "http://{{ template "harbor.adminserver" . }}"
- name: CHART_CACHE_DRIVER
value: "redis"
ports:
- containerPort: 8080
volumeMounts:
......@@ -75,20 +67,19 @@ spec:
subPath: key
- name: token-service-private-key
mountPath: /etc/core/private_key.pem
subPath: tokenServicePrivateKey
- name: etc-localtime
mountPath: /etc/localtime
{{- if eq (include "harbor.autoGenCert" .) "true" }}
subPath: tls.key
{{- if .Values.expose.tls.enabled }}
- name: ca-download
mountPath: /etc/core/ca/ca.crt
subPath: ca.crt
{{- end }}
- name: psc
mountPath: /etc/core/token
{{- if .Values.core.resources }}
resources:
{{ toYaml .Values.core.resources | indent 10 }}
{{- end }}
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: config
configMap:
name: {{ template "harbor.core" . }}
......@@ -100,14 +91,20 @@ spec:
path: key
- name: token-service-private-key
secret:
{{- if .Values.core.secretName }}
secretName: {{ .Values.core.secretName }}
{{- else }}
secretName: {{ template "harbor.core" . }}
{{- if eq (include "harbor.autoGenCert" .) "true" }}
{{- end }}
{{- if .Values.expose.tls.enabled }}
- name: ca-download
secret:
{{- if eq (include "harbor.autoGenCertForIngress" .) "true" }}
secretName: "{{ template "harbor.ingress" . }}"
{{- else }}
{{- else if eq (include "harbor.autoGenCertForNginx" .) "true" }}
secretName: {{ template "harbor.nginx" . }}
{{- else }}
secretName: {{ .Values.expose.tls.secretName }}
{{- end }}
items:
- key: ca.crt
......
templates/core/core-secret.yaml
View file @ 07226806
{{- $cert := genSelfSignedCert "harbor" nil nil 365 }}
apiVersion: v1
kind: Secret
metadata:
......@@ -8,7 +7,13 @@ metadata:
type: Opaque
data:
secretKey: {{ .Values.secretKey | b64enc | quote }}
secret: {{ randAlphaNum 16 | b64enc | quote }}
tokenServiceRootCertBundle: {{ $cert.Cert | b64enc | quote }}
tokenServicePrivateKey: {{ $cert.Key | b64enc | quote }}
\ No newline at end of file
secret: {{ .Values.core.secret | default (randAlphaNum 16) | b64enc | quote }}
{{- if not .Values.core.secretName }}
tls.crt: {{ .Files.Get "cert/tls.crt" | b64enc }}
tls.key: {{ .Files.Get "cert/tls.key" | b64enc }}
{{- end }}
HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
POSTGRESQL_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
{{- if .Values.clair.enabled }}
CLAIR_DB_PASSWORD: {{ template "harbor.database.encryptedPassword" . }}
{{- end }}
\ No newline at end of file
templates/core/core-svc.yaml
View file @ 07226806
......@@ -5,6 +5,9 @@ metadata:
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
{{- if (eq .Values.expose.ingress.controller "gce") }}
type: NodePort
{{- end }}
ports:
- port: 80
targetPort: 8080
......
templates/database/database-ss.yaml
View file @ 07226806
{{- if eq .Values.database.type "internal" -}}
{{- $database := .Values.persistence.persistentVolumeClaim.database -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
......@@ -30,6 +31,7 @@ spec:
initContainers:
- name: "remove-lost-found"
image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
command: ["rm", "-Rf", "/var/lib/postgresql/data/lost+found"]
volumeMounts:
- name: data
......@@ -42,7 +44,7 @@ spec:
exec:
command:
- /docker-healthcheck.sh
initialDelaySeconds: 1
initialDelaySeconds: 60
periodSeconds: 10
readinessProbe:
exec:
......@@ -50,16 +52,32 @@ spec:
- /docker-healthcheck.sh
initialDelaySeconds: 1
periodSeconds: 10
{{- if .Values.database.internal.resources }}
resources:
{{ toYaml .Values.database.internal.resources | indent 10 }}
{{- end }}
envFrom:
- secretRef:
name: "{{ template "harbor.database" . }}"
volumeMounts:
- name: etc-localtime
mountPath: /etc/localtime
- name: data
mountPath: /var/lib/postgresql/data
subPath: {{ $database.subPath }}
volumes:
- name: etc-localtime
mountPath: /etc/localtime
hostPath:
path: /etc/localtime
{{- if not .Values.persistence.enabled }}
- name: "data"
emptyDir: {}
{{- else if $database.existingClaim }}
volumes:
- name: "data"
persistentVolumeClaim:
claimName: {{ $database.existingClaim }}
{{- end -}}
{{- with .Values.database.internal.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
......@@ -72,25 +90,23 @@ spec:
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
{{- if .Values.database.internal.storageSpec.hostPath }}
- name: data
hostPath:
path: {{.Values.database.internal.storageSpec.root | default "/data" }}/{{ .Release.Namespace }}/{{ .Release.Name }}/database
{{- else if .Values.database.internal.storageSpec.emptyDir }}
- name: data
emptyDir: {}
{{- else if .Values.database.internal.storageSpec.volumeClaimTemplate }}
{{- if and .Values.persistence.enabled (not $database.existingClaim) }}
volumeClaimTemplates:
- metadata:
name: "data"
labels:
{{ include "harbor.labels" . | indent 8 }}
app: database
spec:
{{ toYaml $.Values.database.internal.storageSpec.volumeClaimTemplate.spec | indent 6 }}
accessModes: [{{ $database.accessMode | quote }}]
{{- if $database.storageClass }}
{{- if (eq "-" $database.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ $database.storageClass }}"
{{- end }}
{{- end -}}
{{- end }}
resources:
requests:
storage: {{ $database.size | quote }}
{{- end -}}
{{- end -}}
templates/ingress/ingress.yaml
View file @ 07226806
{{- if eq .Values.expose.type "ingress" }}
{{- $ingress := .Values.expose.ingress -}}
{{- $tls := .Values.expose.tls -}}
{{- if eq .Values.expose.ingress.controller "gce" }}
{{- $_ := set . "portal_path" "/*" -}}
{{- $_ := set . "api_path" "/api/*" -}}
{{- $_ := set . "service_path" "/service/*" -}}
{{- $_ := set . "v2_path" "/v2/*" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/*" -}}
{{- $_ := set . "controller_path" "/c/*" -}}
{{- else if eq .Values.expose.ingress.controller "ncp" }}
{{- $_ := set . "portal_path" "/" -}}
{{- $_ := set . "api_path" "/api/.*" -}}
{{- $_ := set . "service_path" "/service/.*" -}}
{{- $_ := set . "v2_path" "/v2/.*" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/.*" -}}
{{- $_ := set . "controller_path" "/c/.*" -}}
{{- else }}
{{- $_ := set . "portal_path" "/" -}}
{{- $_ := set . "api_path" "/api/" -}}
{{- $_ := set . "service_path" "/service/" -}}
{{- $_ := set . "v2_path" "/v2/" -}}
{{- $_ := set . "chartrepo_path" "/chartrepo/" -}}
{{- $_ := set . "controller_path" "/c/" -}}
{{- end }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
......@@ -12,60 +34,73 @@ metadata:
spec:
{{- if $tls.enabled }}
tls:
- hosts:
- {{ $ingress.hosts.core }}
{{- if $tls.secretName }}
secretName: {{ $tls.secretName }}
- secretName: {{ $tls.secretName }}
{{- else }}
secretName: "{{ template "harbor.ingress" . }}"
- secretName: "{{ template "harbor.ingress" . }}"
{{- end }}
{{- if $ingress.hosts.core }}
hosts:
- {{ $ingress.hosts.core }}
{{- end }}
{{- if .Values.notary.enabled }}
- hosts:
- {{ $ingress.hosts.notary }}
{{- if $tls.notarySecretName }}
secretName: {{ $tls.notarySecretName }}
- secretName: {{ $tls.notarySecretName }}
{{- else if $tls.secretName }}
secretName: {{ $tls.secretName }}
- secretName: {{ $tls.secretName }}
{{- else }}
secretName: "{{ template "harbor.ingress" . }}"
- secretName: "{{ template "harbor.ingress" . }}"
{{- end }}
{{- if $ingress.hosts.notary }}
hosts:
- {{ $ingress.hosts.notary }}
{{- end }}
{{- end }}
{{- end }}
{{- if eq .Values.expose.ingress.controller "ncp" }}
backend:
serviceName: {{ template "harbor.portal" . }}
servicePort: 80
{{- end }}
rules:
- host: {{ $ingress.hosts.core }}
http:
- http:
paths:
- path: /
- path: {{ .portal_path }}
backend:
serviceName: {{ template "harbor.portal" . }}
servicePort: 80
- path: /api/
- path: {{ .api_path }}
backend:
serviceName: {{ template "harbor.core" . }}
servicePort: 80
- path: /service/
- path: {{ .service_path }}
backend:
serviceName: {{ template "harbor.core" . }}
servicePort: 80
- path: /v2/
- path: {{ .v2_path }}
backend:
serviceName: {{ template "harbor.core" . }}
servicePort: 80
- path: /chartrepo/
- path: {{ .chartrepo_path }}
backend:
serviceName: {{ template "harbor.core" . }}
servicePort: 80
- path: /c/
- path: {{ .controller_path }}
backend:
serviceName: {{ template "harbor.core" . }}
servicePort: 80
{{- if $ingress.hosts.core }}
host: {{ $ingress.hosts.core }}
{{- end }}
{{- if .Values.notary.enabled }}
- host: {{ $ingress.hosts.notary }}
http:
- http:
paths:
- path: /
backend:
serviceName: {{ template "harbor.notary-server" . }}
servicePort: 4443
{{- if $ingress.hosts.notary }}
host: {{ $ingress.hosts.notary }}
{{- end }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/jobservice/jobservice-cm.yaml
View file @ 07226806
......@@ -37,4 +37,3 @@ data:
loggers:
- name: "STD_OUTPUT"
level: {{ .Values.logLevel | upper }}
\ No newline at end of file
admin_server: "http://{{ template "harbor.adminserver" . }}"
templates/jobservice/jobservice-dpl.yaml
View file @ 07226806
......@@ -19,6 +19,7 @@ spec:
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/jobservice/jobservice-cm.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/jobservice/jobservice-secrets.yaml") . | sha256sum }}
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
{{- if .Values.jobservice.podAnnotations }}
{{ toYaml .Values.jobservice.podAnnotations | indent 8 }}
{{- end }}
......@@ -39,8 +40,10 @@ spec:
port: 8080
initialDelaySeconds: 20
periodSeconds: 10
{{- if .Values.jobservice.resources }}
resources:
{{ toYaml .Values.jobservice.resources | indent 10 }}
{{- end }}
env:
- name: CORE_SECRET
valueFrom:
......@@ -52,8 +55,8 @@ spec:
secretKeyRef:
name: "{{ template "harbor.jobservice" . }}"
key: secret
- name: ADMINSERVER_URL
value: "http://{{ template "harbor.adminserver" . }}"
- name: CORE_URL
value: "http://{{ template "harbor.core" . }}"
- name: REGISTRY_CONTROLLER_URL
value: "http://{{ template "harbor.registry" . }}:8080"
- name: LOG_LEVEL
......@@ -66,12 +69,8 @@ spec:
subPath: config.yml
- name: job-logs
mountPath: /var/log/jobs
- name: etc-localtime
mountPath: /etc/localtime
subPath: {{ .Values.persistence.persistentVolumeClaim.jobservice.subPath }}
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: jobservice-config
configMap:
name: "{{ template "harbor.jobservice" . }}"
......
templates/jobservice/jobservice-pvc.yaml 0 → 100644
View file @ 07226806
{{- $jobservice := .Values.persistence.persistentVolumeClaim.jobservice -}}
{{- if and .Values.persistence.enabled (not $jobservice.existingClaim) }}
{{- if eq .Values.jobservice.jobLogger "file" }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "harbor.jobservice" . }}
{{- if eq .Values.persistence.resourcePolicy "keep" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
labels:
{{ include "harbor.labels" . | indent 4 }}
app: jobservice
spec:
accessModes:
- {{ $jobservice.accessMode }}
resources:
requests:
storage: {{ $jobservice.size }}
{{- if $jobservice.storageClass }}
{{- if eq "-" $jobservice.storageClass }}
storageClassName: ""
{{- else }}
storageClassName: {{ $jobservice.storageClass }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/jobservice/jobservice-secrets.yaml
View file @ 07226806
......@@ -6,4 +6,4 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
secret: {{ randAlphaNum 16 | b64enc | quote }}
\ No newline at end of file
secret: {{ .Values.jobservice.secret | default (randAlphaNum 16) | b64enc | quote }}
templates/nginx/configmap-http.yaml
View file @ 07226806
......@@ -68,6 +68,19 @@ data:
proxy_request_buffering off;
}
location /chartrepo/ {
proxy_pass http://core/chartrepo/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /c/ {
proxy_pass http://core/c/;
proxy_set_header Host $host;
......
templates/nginx/configmap-https.yaml
View file @ 07226806
......@@ -126,6 +126,19 @@ data:
proxy_request_buffering off;
}
location /chartrepo/ {
proxy_pass http://core/chartrepo/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# When setting up Harbor behind other proxy, such as an Nginx instance, remove the below line if the proxy already has similar settings.
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
location /c/ {
proxy_pass http://core/c/;
proxy_set_header Host $host;
......
templates/nginx/deployment.yaml
View file @ 07226806
......@@ -46,8 +46,10 @@ spec:
port: 80
initialDelaySeconds: 1
periodSeconds: 10
{{- if .Values.nginx.resources }}
resources:
{{ toYaml .Values.nginx.resources | indent 10 }}
{{- end }}
ports:
- containerPort: 80
- containerPort: 443
......
templates/nginx/service.yaml
View file @ 07226806
{{- if ne .Values.expose.type "ingress" }}
{{- if or (eq .Values.expose.type "clusterIP") (eq .Values.expose.type "nodePort") (eq .Values.expose.type "loadBalancer") }}
apiVersion: v1
kind: Service
metadata:
......@@ -54,6 +54,30 @@ spec:
nodePort: {{ $nodePort.ports.notary.nodePort }}
{{- end }}
{{- end }}
{{- else if eq .Values.expose.type "loadBalancer" }}
{{- $loadBalancer := .Values.expose.loadBalancer }}
name: {{ $loadBalancer.name }}
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
type: LoadBalancer
{{- if $loadBalancer.IP }}
loadBalancerIP: {{ $loadBalancer.IP }}
{{- end }}
ports:
- name: http
port: {{ $loadBalancer.ports.httpPort }}
targetPort: 80
{{- if .Values.expose.tls.enabled }}
- name: https
port: {{ $loadBalancer.ports.httpsPort }}
targetPort: 443
{{- end }}
{{- if .Values.notary.enabled }}
- name: notary
port: {{ $loadBalancer.ports.notaryPort }}
targetPort: 4443
{{- end }}
{{- end }}
selector:
{{ include "harbor.matchLabels" . | indent 4 }}
......
templates/notary/notary-cm.yaml
View file @ 07226806
......@@ -9,12 +9,14 @@ metadata:
data:
{{ $ca := genCA "harbor-notary-ca" 365 }}
{{ $cert := genSignedCert (include "harbor.notary-signer" .) nil nil 365 $ca }}
{{- if not .Values.notary.secretName }}
notary-signer-ca.crt: |
{{ $ca.Cert | indent 4 }}
notary-signer.crt: |
{{ $cert.Cert | indent 4 }}
notary-signer.key: |
{{ $cert.Key | indent 4 }}
{{- end }}
server-config.postgres.json: |
{
"server": {
......@@ -24,7 +26,11 @@ data:
"type": "remote",
"hostname": "{{ template "harbor.notary-signer" . }}",
"port": "7899",
{{- if not .Values.notary.secretName }}
"tls_ca_file": "./notary-signer-ca.crt",
{{- else }}
"tls_ca_file": "/etc/ssl/notary/cert/notary-signer-ca.crt",
{{- end }}
"key_algorithm": "ecdsa"
},
"logging": {
......@@ -48,8 +54,13 @@ data:
{
"server": {
"grpc_addr": ":7899",
{{- if not .Values.notary.secretName }}
"tls_cert_file": "./notary-signer.crt",
"tls_key_file": "./notary-signer.key"
{{- else }}
"tls_cert_file": "/etc/ssl/notary/cert/notary-signer.crt",
"tls_key_file": "/etc/ssl/notary/cert/notary-signer.key"
{{- end }}
},
"logging": {
"level": "{{ .Values.logLevel }}"
......
templates/notary/notary-server.yaml
View file @ 07226806
......@@ -19,6 +19,7 @@ spec:
app: notary-server
annotations:
checksum/configmap: {{ include (print $.Template.BasePath "/notary/notary-cm.yaml") . | sha256sum }}
checksum/secret-core: {{ include (print $.Template.BasePath "/core/core-secret.yaml") . | sha256sum }}
{{- if .Values.notary.podAnnotations }}
{{ toYaml .Values.notary.podAnnotations | indent 8 }}
{{- end }}
......@@ -27,8 +28,10 @@ spec:
- name: notary-server
image: {{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- if .Values.notary.server.resources }}
resources:
{{ toYaml .Values.notary.server.resources | indent 10 }}
{{- end }}
env:
- name: MIGRATIONS_PATH
value: migrations/server/postgresql
......@@ -41,7 +44,12 @@ spec:
mountPath: /etc/localtime
- name: root-certificate
mountPath: /root.crt
subPath: tokenServiceRootCertBundle
subPath: tls.crt
{{- if .Values.notary.secretName }}
- name: notary-ca
mountPath: /etc/ssl/notary/cert/notary-signer-ca.crt
subPath: ca
{{- end }}
volumes:
- name: etc-localtime
hostPath:
......@@ -51,7 +59,16 @@ spec:
name: "{{ template "harbor.notary-server" . }}"
- name: root-certificate
secret:
{{- if .Values.core.secretName }}
secretName: {{ .Values.core.secretName }}
{{- else }}
secretName: {{ template "harbor.core" . }}
{{- end }}
{{- if .Values.notary.secretName }}
- name: notary-ca
secret:
secretName: {{ .Values.notary.secretName }}
{{- end }}
{{- with .Values.notary.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
......
templates/notary/notary-signer.yaml
View file @ 07226806
......@@ -24,8 +24,10 @@ spec:
- name: notary-signer
image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
{{- if .Values.notary.signer.resources }}
resources:
{{ toYaml .Values.notary.signer.resources | indent 10 }}
{{- end }}
env:
- name: MIGRATIONS_PATH
value: migrations/signer/postgresql
......@@ -38,6 +40,17 @@ spec:
mountPath: /etc/notary
- name: etc-localtime
mountPath: /etc/localtime
{{- if .Values.notary.secretName }}
- name: notary-cert
mountPath: /etc/ssl/notary/cert/notary-signer-ca.crt
subPath: ca
- name: notary-cert
mountPath: /etc/ssl/notary/cert/notary-signer.crt
subPath: crt
- name: notary-cert
mountPath: /etc/ssl/notary/cert/notary-signer.key
subPath: key
{{- end }}
volumes:
- name: etc-localtime
hostPath:
......@@ -45,6 +58,11 @@ spec:
- name: notary-config
configMap:
name: "{{ template "harbor.notary-server" . }}"
{{- if .Values.notary.secretName }}
- name: notary-cert
secret:
secretName: {{ .Values.notary.secretName }}
{{- end }}
{{- with .Values.notary.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
......
templates/notary/notary-svc.yaml
View file @ 07226806
......@@ -6,6 +6,9 @@ metadata:
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
{{- if (eq .Values.expose.ingress.controller "gce") }}
type: NodePort
{{- end }}
ports:
- port: 4443
selector:
......
templates/portal/service.yaml
View file @ 07226806
......@@ -5,6 +5,9 @@ metadata:
labels:
{{ include "harbor.labels" . | indent 4 }}
spec:
{{- if (eq .Values.expose.ingress.controller "gce") }}
type: NodePort
{{- end }}
ports:
- port: 80
targetPort: 80
......
templates/redis/statefulset.yaml
View file @ 07226806
{{- if eq .Values.redis.type "internal" -}}
{{- $redis := .Values.persistence.persistentVolumeClaim.redis -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
......@@ -37,8 +38,10 @@ spec:
port: 6379
initialDelaySeconds: 1
periodSeconds: 10
{{- if .Values.redis.internal.resources }}
resources:
{{ toYaml .Values.redis.internal.resources | indent 10 }}
{{- end }}
volumeMounts:
- name: data
mountPath: /var/lib/redis
......@@ -62,4 +65,23 @@ spec:
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if and .Values.persistence.enabled (not $redis.existingClaim) }}
volumeClaimTemplates:
- metadata:
name: data
labels:
{{ include "harbor.labels" . | indent 8 }}
spec:
accessModes: [{{ $redis.accessMode | quote }}]
{{- if $redis.storageClass }}
{{- if (eq "-" $redis.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ $redis.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: {{ $redis.size | quote }}
{{- end -}}
{{- end -}}
templates/registry/registry-cm.yaml
View file @ 07226806
......@@ -12,16 +12,123 @@ data:
fields:
service: registry
storage:
{{- $storage := .Values.registry.storage }}
{{- $storage := .Values.persistence.imageChartStorage }}
{{- $type := $storage.type }}
{{- if eq $type "filesystem" }}
filesystem:
{{ toYaml $storage.filesystem | indent 8 }}
rootdirectory: {{ $storage.filesystem.rootdirectory }}
{{- if $storage.filesystem.maxthreads }}
maxthreads: {{ $storage.filesystem.maxthreads }}
{{- end }}
{{- else if eq $type "azure" }}
azure:
accountname: {{ $storage.azure.accountname }}
container: {{ $storage.azure.container }}
{{- if $storage.azure.realm }}
realm: {{ $storage.azure.realm }}
{{- end }}
{{- else if eq $type "gcs" }}
gcs:
bucket: {{ $storage.gcs.bucket }}
keyfile: /etc/registry/gcs-key.json
{{- if $storage.gcs.rootdirectory }}
rootdirectory: {{ $storage.gcs.rootdirectory }}
{{- end }}
{{- if $storage.gcs.chunksize }}
chunksize: {{ $storage.gcs.chunksize }}
{{- end }}
{{- else if eq $type "s3" }}
s3:
{{ toYaml $storage.s3 | indent 8 }}
redirect:
disable: false
region: {{ $storage.s3.region }}
bucket: {{ $storage.s3.bucket }}
{{- if $storage.s3.regionendpoint }}
regionendpoint: {{ $storage.s3.regionendpoint }}
{{- end }}
{{- if $storage.s3.encrypt }}
encrypt: {{ $storage.s3.encrypt }}
{{- end }}
{{- if $storage.s3.secure }}
secure: {{ $storage.s3.secure }}
{{- end }}
{{- if $storage.s3.v4auth }}
v4auth: {{ $storage.s3.v4auth }}
{{- end }}
{{- if $storage.s3.chunksize }}
chunksize: {{ $storage.s3.chunksize }}
{{- end }}
{{- if $storage.s3.rootdirectory }}
rootdirectory: {{ $storage.s3.rootdirectory }}
{{- end }}
{{- if $storage.s3.storageclass }}
storageclass: {{ $storage.s3.storageclass }}
{{- end }}
{{- else if eq $type "swift" }}
swift:
authurl: {{ $storage.swift.authurl }}
username: {{ $storage.swift.username }}
container: {{ $storage.swift.container }}
{{- if $storage.swift.region }}
region: {{ $storage.swift.region }}
{{- end }}
{{- if $storage.swift.tenant }}
tenant: {{ $storage.swift.tenant }}
{{- end }}
{{- if $storage.swift.tenantid }}
tenantid: {{ $storage.swift.tenantid }}
{{- end }}
{{- if $storage.swift.domain }}
domain: {{ $storage.swift.domain }}
{{- end }}
{{- if $storage.swift.domainid }}
domainid: {{ $storage.swift.domainid }}
{{- end }}
{{- if $storage.swift.trustid }}
trustid: {{ $storage.swift.trustid }}
{{- end }}
{{- if $storage.swift.insecureskipverify }}
insecureskipverify: {{ $storage.swift.insecureskipverify }}
{{- end }}
{{- if $storage.swift.chunksize }}
chunksize: {{ $storage.swift.chunksize }}
{{- end }}
{{- if $storage.swift.prefix }}
prefix: {{ $storage.swift.prefix }}
{{- end }}
{{- if $storage.swift.authversion }}
authversion: {{ $storage.swift.authversion }}
{{- end }}
{{- if $storage.swift.endpointtype }}
endpointtype: {{ $storage.swift.endpointtype }}
{{- end }}
{{- if $storage.swift.tempurlcontainerkey }}
tempurlcontainerkey: {{ $storage.swift.tempurlcontainerkey }}
{{- end }}
{{- if $storage.swift.tempurlmethods }}
tempurlmethods: {{ $storage.swift.tempurlmethods }}
{{- end }}
{{- else if eq $type "oss" }}
oss:
accesskeyid: {{ $storage.oss.accesskeyid }}
region: {{ $storage.oss.region }}
bucket: {{ $storage.oss.bucket }}
{{- if $storage.oss.endpoint }}
endpoint: {{ $storage.oss.endpoint }}
{{- end }}
{{- if $storage.oss.internal }}
internal: {{ $storage.oss.internal }}
{{- end }}
{{- if $storage.oss.encrypt }}
encrypt: {{ $storage.oss.encrypt }}
{{- end }}
{{- if $storage.oss.secure }}
secure: {{ $storage.oss.secure }}
{{- end }}
{{- if $storage.oss.chunksize }}
chunksize: {{ $storage.oss.chunksize }}
{{- end }}
{{- if $storage.oss.rootdirectory }}
rootdirectory: {{ $storage.oss.rootdirectory }}
{{- end }}
{{- end }}
cache:
layerinfo: redis
......@@ -30,9 +137,10 @@ data:
enabled: false
delete:
enabled: true
redirect:
disable: {{ $storage.disableredirect }}
redis:
addr: "{{ template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}"
password: {{ template "harbor.redis.rawPassword" . }}
db: {{ template "harbor.redis.registryDatabaseIndex" . }}
http:
addr: :5000
......@@ -46,6 +154,8 @@ data:
realm: "{{ .Values.externalURL }}/service/token"
rootcertbundle: /etc/registry/root.crt
service: harbor-registry
validation:
disabled: true
notifications:
endpoints:
- name: harbor
......
templates/registry/registry-secret.yaml
View file @ 07226806
......@@ -6,11 +6,14 @@ metadata:
{{ include "harbor.labels" . | indent 4 }}
type: Opaque
data:
REGISTRY_HTTP_SECRET: {{ randAlphaNum 16 | b64enc | quote }}
REGISTRY_HTTP_SECRET: {{ .Values.registry.secret | default (randAlphaNum 16) | b64enc | quote }}
REGISTRY_REDIS_PASSWORD: {{ (include "harbor.redis.rawPassword" .) | b64enc | quote }}
{{- $storage := .Values.persistence.imageChartStorage }}
{{- $type := $storage.type }}
{{- if eq $type "azure" }}
REGISTRY_STORAGE_AZURE_ACCOUNTKEY: {{ $storage.azure.accountkey | b64enc | quote }}
{{- else if eq $type "gcs" }}
GCS_KEY_DATA: {{ $storage.gcs.encodedkey | quote }}
{{- else if eq $type "s3" }}
{{- if $storage.s3.accesskey }}
REGISTRY_STORAGE_S3_ACCESSKEY: {{ $storage.s3.accesskey | b64enc | quote }}
......
values.yaml
View file @ 07226806
expose:
# Set the way how to expose the service. Set the type as "ingress",
# "clusterIP" or "nodePort" and fill the information in the corresponding
# section
# "clusterIP", "nodePort" or "loadBalancer" and fill the information
# in the corresponding section
type: ingress
tls:
# Enable the tls or not. Note: if the type is "ingress" and the tls
......@@ -9,28 +9,34 @@ expose:
# images. Refer to https://github.com/goharbor/harbor/issues/5291
# for the detail.
enabled: true
# Fill the name of secret if you want to use your own TLS certificate
# and private key. The secret must contain keys named tls.crt and
# tls.key that contain the certificate and private key to use for TLS
# The certificate and private key will be generated automatically if
# it is not set
# Fill the name of secret if you want to use your own TLS certificate.
# The secret must contain keys named:
# "tls.crt" - the certificate
# "tls.key" - the private key
# "ca.crt" - the certificate of CA
# These files will be generated automatically if the "secretName" is not set
secretName: ""
# By default, the Notary service will use the same cert and key as
# described above. Fill the name of secret if you want to use a
# separated one. Only needed when the type is "ingress".
notarySecretName: ""
# The commmon name used to generate the certificate, it's necessary
# when the type is "clusterIP" or "nodePort" and "secretName" is null
# The common name used to generate the certificate, it's necessary
# when the type isn't "ingress" and "secretName" is null
commonName: ""
ingress:
hosts:
core: core.harbor.domain
notary: notary.harbor.domain
annotations: {}
# ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# ingress.kubernetes.io/proxy-body-size: "0"
# nginx.ingress.kubernetes.io/proxy-body-size: "0"
# set to the type of ingress controller if it has specific requirements.
# leave as `default` for most ingress controllers.
# set to `gce` if using the GCE ingress controller
# set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller
controller: default
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
clusterIP:
# The name of ClusterIP service
name: harbor
......@@ -62,6 +68,19 @@ expose:
port: 4443
# The node port Notary listens on
nodePort: 30004
loadBalancer:
# The name of LoadBalancer service
name: harbor
# Set the IP if the LoadBalancer supports assigning IP
IP: ""
ports:
# The service port Harbor listens on when serving with HTTP
httpPort: 80
# The service port Harbor listens on when serving with HTTPS
httpsPort: 443
# The service port Notary listens on. Only needed when notary.enabled
# is set to true
notaryPort: 4443
# The external URL for Harbor core service. It is used to
# 1) populate the docker/helm commands showed on portal
......@@ -92,7 +111,8 @@ persistence:
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
# Use the existing PVC which must be created manually before bound
# Use the existing PVC which must be created manually before bound,
# and specify the "subPath" if the PVC is shared with other components
existingClaim: ""
# Specify the "storageClass" used to provision the volume. Or the default
# StorageClass will be used(the default).
......@@ -134,6 +154,13 @@ persistence:
# https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
# for the detail.
imageChartStorage:
# Specify whether to disable `redirect` for images and chart storage, for
# backends which not supported it (such as using minio for `s3` storage type), please disable
# it. To disable redirects, simply set `disableredirect` to `true` instead.
# Refer to
# https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect
# for the detail.
disableredirect: false
# Specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift",
# "oss" and fill the information needed in the corresponding section. The type
# must be "filesystem" if you want to use persistent volumes for registry
......@@ -149,8 +176,8 @@ persistence:
#realm: core.windows.net
gcs:
bucket: bucketname
# TODO: support the keyfile of gcs
#keyfile: /path/to/keyfile
# The base64 encoded json file which contains the key
encodedkey: base64-encoded-json-key-file
#rootdirectory: /gcs/object/name/prefix
#chunksize: "5242880"
s3:
......@@ -210,7 +237,7 @@ secretKey: "not-a-secure-key"
nginx:
image:
repository: goharbor/nginx-photon
tag: v1.7.0
tag: v1.8.2-dev
replicas: 1
# resources:
# requests:
......@@ -225,7 +252,7 @@ nginx:
portal:
image:
repository: goharbor/harbor-portal
tag: v1.7.0
tag: v1.8.2-dev
replicas: 1
# resources:
# requests:
......@@ -240,7 +267,7 @@ portal:
core:
image:
repository: goharbor/harbor-core
tag: v1.7.0
tag: v1.8.2-dev
replicas: 1
# resources:
# requests:
......@@ -251,26 +278,22 @@ core:
affinity: {}
## Additional deployment annotations
podAnnotations: {}
adminserver:
image:
repository: goharbor/harbor-adminserver
tag: v1.7.0
replicas: 1
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
nodeSelector: {}
tolerations: []
affinity: {}
## Additional deployment annotations
podAnnotations: {}
# Secret is used when core server communicates with other components.
# If a secret key is not specified, Helm will generate one.
# Must be a string of 16 chars.
secret: ""
# Fill the name of a kubernetes secret if you want to use your own
# TLS certificate and private key for token encryption/decryption.
# The secret must contain keys named:
# "tls.crt" - the certificate
# "tls.key" - the private key
# The default key pair will be used if it isn't set
secretName: ""
jobservice:
image:
repository: goharbor/harbor-jobservice
tag: v1.7.0
tag: v1.8.2-dev
replicas: 1
maxJobWorkers: 10
# The logger for jobs: "file", "database" or "stdout"
......@@ -284,32 +307,46 @@ jobservice:
affinity: {}
## Additional deployment annotations
podAnnotations: {}
# Secret is used when job service communicates with other components.
# If a secret key is not specified, Helm will generate one.
# Must be a string of 16 chars.
secret: ""
registry:
registry:
image:
repository: goharbor/registry-photon
tag: v2.6.2-v1.7.0
tag: v1.8.2-dev
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
controller:
image:
repository: goharbor/harbor-registryctl
tag: v1.7.0
replicas: 1
tag: v1.8.2-dev
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
## Additional deployment annotations
podAnnotations: {}
# Secret is used to secure the upload state from client
# and registry storage backend.
# See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http
# If a secret key is not specified, Helm will generate one.
# Must be a string of 16 chars.
secret: ""
chartmuseum:
enabled: true
image:
repository: goharbor/chartmuseum-photon
tag: v0.7.1-v1.7.0
tag: v1.8.2-dev
replicas: 1
# resources:
# requests:
......@@ -325,7 +362,7 @@ clair:
enabled: true
image:
repository: goharbor/clair-photon
tag: v2.0.7-v1.7.0
tag: v1.8.2-dev
replicas: 1
# The http(s) proxy used to update vulnerabilities database from internet
httpProxy:
......@@ -348,18 +385,33 @@ notary:
server:
image:
repository: goharbor/notary-server-photon
tag: v0.6.1-v1.7.0
tag: v1.8.2-dev
replicas: 1
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
signer:
image:
repository: goharbor/notary-signer-photon
tag: v0.6.1-v1.7.0
tag: v1.8.2-dev
replicas: 1
# resources:
# requests:
# memory: 256Mi
# cpu: 100m
nodeSelector: {}
tolerations: []
affinity: {}
## Additional deployment annotations
podAnnotations: {}
# Fill the name of a kubernetes secret if you want to use your own
# TLS certificate authority, certificate and private key for notary
# communications.
# The secret must contain keys named tls.ca, tls.crt and tls.key that
# contain the CA, certificate and private key.
# They will be generated if not set.
secretName: ""
database:
# if external database is used, set "type" to "external"
......@@ -368,7 +420,7 @@ database:
internal:
image:
repository: goharbor/harbor-db
tag: v1.7.0
tag: v1.8.2-dev
# The initial superuser password for internal database
password: "changeit"
# resources:
......@@ -398,7 +450,7 @@ redis:
internal:
image:
repository: goharbor/redis-photon
tag: v1.7.0
tag: v1.8.2-dev
# resources:
# requests:
# memory: 256Mi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment