diff --git a/.beagle.yml b/.beagle.yml index e25bc0384615c57d1ff6759e6cafed697f113a74..4bd69a42eb2ca93ae48033168689d8cdd19d9b99 100644 --- a/.beagle.yml +++ b/.beagle.yml @@ -35,7 +35,7 @@ steps: "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}", "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz", "TARGET_ARCH":"amd64", - "TARGET_VERSION":"v2.1.3" + "TARGET_VERSION":"v2.1.6" }' --extra-vars "@ansible/images.yaml" @@ -49,7 +49,7 @@ steps: "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}", "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz", "TARGET_ARCH":"arm64", - "TARGET_VERSION":"v2.1.3" + "TARGET_VERSION":"v2.1.6" }' --extra-vars "@ansible/images.yaml" @@ -63,7 +63,21 @@ steps: "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}", "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz", "TARGET_ARCH":"ppc64le", - "TARGET_VERSION":"v2.1.3" + "TARGET_VERSION":"v2.1.6" + }' + --extra-vars "@ansible/images.yaml" + + - name: ansible-mips64le + image: registry.cn-qingdao.aliyuncs.com/wod/ansible-image:v1.0 + commands: + - >- + ansible-playbook /etc/ansible/linux/main.yml + --extra-vars + '{ + "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}", + "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz", + "TARGET_ARCH":"mips64le", + "TARGET_VERSION":"v2.1.6" }' --extra-vars "@ansible/images.yaml" diff --git a/.gitignore b/.gitignore index 79bd21bac969424a42625b9c29cd4a6c94b90941..548dc87547d3023214901622871c50041d6e6b75 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ charts/* -requirements.lock \ No newline at end of file +requirements.lock + +beagle-*.tgz \ No newline at end of file diff --git a/Chart.yaml b/Chart.yaml index 508e0d94c08b7f64a1aba49eb4a844c647813578..69600d3083b39d12362515d5cefc26d5211c547a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: beagle-harbor -version: 2.1.3 -appVersion: 2.1.3 +version: 2.1.6 +appVersion: 2.1.6 description: An open source trusted cloud native registry that stores, signs, and scans content keywords: - docker diff --git a/Deploy.md b/Deploy.md index ba604c7350063ba50b8248c0872490ee027228f8..fb3c42903d63ddbf8ce308f33f8893a1092cc23a 100644 --- a/Deploy.md +++ b/Deploy.md @@ -31,76 +31,96 @@ harbor \ /etc/kubernetes/helm/beagle-harbor \ -f /etc/kubernetes/helm/beagle-harbor/values-overrides.yaml > /etc/kubernetes/helm/beagle-harbor/dist.yaml -# package -helm package . -d C:/Tmp/Charts +# 5. Package +## 打包项目 +helm package . + +## 部署项目 +helm install \ +harbor \ +/etc/kubernetes/charts/beagle-harbor-2.1.6.tgz \ +--namespace devops \ +-f /etc/kubernetes/charts/beagle-harbor.yaml + +## 更新项目 +helm upgrade \ +harbor \ +/etc/kubernetes/charts/beagle-harbor-2.1.6.tgz \ +--namespace devops \ +-f /etc/kubernetes/charts/beagle-harbor.yaml + +## 删除项目 +helm uninstall \ +--namespace devops \ +harbor ``` ## images x86_64 ```bash # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor -registry.cn-qingdao.aliyuncs.com/wod/harbor-portal:v2.1.3 -registry.cn-qingdao.aliyuncs.com/wod/harbor-core:v2.1.3 -registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v2.1.3 -registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl:v2.1.3 +registry.cn-qingdao.aliyuncs.com/wod/harbor-portal:v2.1.6 +registry.cn-qingdao.aliyuncs.com/wod/harbor-core:v2.1.6 +registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v2.1.6 +registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl:v2.1.6 # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-db -registry.cn-qingdao.aliyuncs.com/wod/harbor-db:v2.1.3 +registry.cn-qingdao.aliyuncs.com/wod/harbor-db:v2.1.6 # registry -registry.cn-qingdao.aliyuncs.com/wod/registry:2.7.1 +registry.cn-qingdao.aliyuncs.com/wod/registry:v2.7.1 # gitlab.wodcloud.com/cloud/chartmuseum -registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum:v2.1.3 +registry.cn-qingdao.aliyuncs.com/wod/chartmuseum:v0.12.0 # gitlab.wodcloud.com/cloud/clair -registry.cn-qingdao.aliyuncs.com/wod/harbor-clair:v2.1.3 +registry.cn-qingdao.aliyuncs.com/wod/clair:v2.1.7 # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-scanner-clair -registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter:v2.1.3 +registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-clair:v1.1.1 # gitlab.wodcloud.com/cloud/harbor-scanner-trivy -registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter:v2.1.3 +registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-trivy:v0.17.0 # gitlab.wodcloud.com/cloud/notary -registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server:v2.1.3 -registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer:v2.1.3 +registry.cn-qingdao.aliyuncs.com/wod/notary-server:v0.6.1 +registry.cn-qingdao.aliyuncs.com/wod/notary-signer:v0.6.1 # redis -registry.cn-qingdao.aliyuncs.com/wod/redis:6.0.9 +registry.cn-qingdao.aliyuncs.com/wod/redis:6.2.6 ``` ## images arm64 ```bash # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor -registry.cn-qingdao.aliyuncs.com/wod/harbor-portal:v2.1.3-arm64 -registry.cn-qingdao.aliyuncs.com/wod/harbor-core:v2.1.3-arm64 -registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v2.1.3-arm64 -registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl:v2.1.3-arm64 +registry.cn-qingdao.aliyuncs.com/wod/harbor-portal:v2.1.6-arm64 +registry.cn-qingdao.aliyuncs.com/wod/harbor-core:v2.1.6-arm64 +registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v2.1.6-arm64 +registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl:v2.1.6-arm64 # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-db -registry.cn-qingdao.aliyuncs.com/wod/harbor-db:v2.1.3-arm64 +registry.cn-qingdao.aliyuncs.com/wod/harbor-db:v2.1.6-arm64 # registry -registry.cn-qingdao.aliyuncs.com/wod/registry:2.7.1-arm64 +registry.cn-qingdao.aliyuncs.com/wod/registry:v2.7.1-arm64 # gitlab.wodcloud.com/cloud/chartmuseum -registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum:v2.1.3-arm64 +registry.cn-qingdao.aliyuncs.com/wod/chartmuseum:v0.12.0-arm64 # gitlab.wodcloud.com/cloud/clair -registry.cn-qingdao.aliyuncs.com/wod/harbor-clair:v2.1.3-arm64 +registry.cn-qingdao.aliyuncs.com/wod/clair:v2.1.7-arm64 # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-scanner-clair -registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter:v2.1.3-arm64 +registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-clair:v1.1.1-arm64 # gitlab.wodcloud.com/cloud/harbor-scanner-trivy -registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter:v2.1.3-arm64 +registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-trivy:v0.17.0-arm64 # gitlab.wodcloud.com/cloud/notary -registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server:v2.1.3-arm64 -registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer:v2.1.3-arm64 +registry.cn-qingdao.aliyuncs.com/wod/notary-server:v0.6.1-arm64 +registry.cn-qingdao.aliyuncs.com/wod/notary-signer:v0.6.1-arm64 # redis -registry.cn-qingdao.aliyuncs.com/wod/redis:6.0.9-arm64 +registry.cn-qingdao.aliyuncs.com/wod/redis:6.2.6-arm64 ``` diff --git a/REAME.md b/REAME.md index db5a5812641974a6e7e1b2a94e4455f3aa66fb6a..348301e04a1c42b7a315c799874d22635801659d 100644 --- a/REAME.md +++ b/REAME.md @@ -271,7 +271,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `clair.clair.image.repository` | Repository for clair image | `goharbor/clair-photon` | | `clair.clair.image.tag` | Tag for clair image | `dev` | | `clair.clair.resources` | The [resources] to allocate for clair container | | -| `clair.adapter.image.repository` | Repository for clair adapter image | `goharbor/clair-adapter-photon` | +| `clair.adapter.image.repository` | Repository for clair adapter image | `goharbor/harbor-scanner-clair-photon` | | `clair.adapter.image.tag` | Tag for clair adapter image | `dev` | | `clair.adapter.resources` | The [resources] to allocate for clair adapter container | | | `clair.replicas` | The replica count | `1` | diff --git a/ansible/images.yaml b/ansible/images.yaml index 520a315c76d3bbf8d1decfc02a36999e9b446b02..83ab61224d0fa8b010db727e0f7de996f2c593d9 100644 --- a/ansible/images.yaml +++ b/ansible/images.yaml @@ -1,27 +1,27 @@ IMAGES: - repo: harbor-portal - tag: "v2.1.3" + tag: 'v2.1.6' - repo: harbor-core - tag: "v2.1.3" + tag: 'v2.1.6' - repo: harbor-jobservice - tag: "v2.1.3" + tag: 'v2.1.6' - repo: harbor-db - tag: "v2.1.3" + tag: 'v2.1.6' - repo: harbor-registryctl - tag: "v2.1.3" - - repo: harbor-chartmuseum - tag: "v2.1.3" - - repo: harbor-clair - tag: "v2.1.3" - - repo: harbor-clair-adapter - tag: "v2.1.3" - - repo: harbor-trivy-adapter - tag: "v2.1.3" - - repo: harbor-notary-server - tag: "v2.1.3" - - repo: harbor-notary-signer - tag: "v2.1.3" + tag: 'v2.1.6' + - repo: chartmuseum + tag: 'v0.12.0' + - repo: clair + tag: 'v2.1.7' + - repo: harbor-scanner-clair + tag: 'v1.1.1' + - repo: harbor-scanner-trivy + tag: v0.17.0 + - repo: notary-server + tag: v0.6.1 + - repo: notary-signer + tag: v0.6.1 - repo: registry - tag: "2.7.1" + tag: 'v2.7.1' - repo: redis - tag: "6.0.9" \ No newline at end of file + tag: '6.2.6' diff --git a/raws/values-aliyun.yaml b/raws/values-aliyun.yaml index 5078a0b34f3fb1fb0c45b78b582291edc68a2b1d..d29a4c7603bb4d737b740fe1c306471e5732c5bb 100644 --- a/raws/values-aliyun.yaml +++ b/raws/values-aliyun.yaml @@ -7,7 +7,7 @@ expose: core: hub.wodcloud.local notary: notary.wodcloud.local annotations: - ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/proxy-body-size: '0' externalURL: https://hub.wodcloud.local @@ -15,41 +15,41 @@ persistence: enabled: true persistentVolumeClaim: registry: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 5Gi chartmuseum: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 5Gi jobservice: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi database: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi redis: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi trivy: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce - size: 5Gi + size: 5Gi imageChartStorage: # s3 , filesystem type: filesystem @@ -62,34 +62,34 @@ persistence: encrypt: false v4auth: true chunksize: '5242880' - rootdirectory: / + rootdirectory: / imagePullPolicy: IfNotPresent logLevel: info -harborAdminPassword: "spaceIN511" -secretKey: "IpTIscRIgmerlare" +harborAdminPassword: 'spaceIN511' +secretKey: 'IpTIscRIgmerlare' portal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal - tag: v2.1.3 + tag: v2.1.6 core: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core - tag: v2.1.3 + tag: v2.1.6 jobservice: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice - tag: v2.1.3 + tag: v2.1.6 registry: registry: image: repository: registry.cn-qingdao.aliyuncs.com/wod/registry - tag: 2.7.1 + tag: v2.7.1 resources: limits: memory: 4Gi @@ -98,12 +98,12 @@ registry: controller: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl - tag: v2.1.3 + tag: v2.1.6 chartmuseum: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum - tag: v2.1.3 + repository: registry.cn-qingdao.aliyuncs.com/wod/chartmuseum + tag: v2.1.6 nodeSelector: {} # nodeSelector: # harbor: enabled @@ -111,40 +111,40 @@ chartmuseum: type: hostPath emptyDir: {} hostPath: - root: /data + root: /data clair: clair: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair - tag: v2.1.3 + repository: registry.cn-qingdao.aliyuncs.com/wod/clair + tag: v2.1.6 adapter: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter - tag: v2.1.3 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-clair + tag: v2.1.6 trivy: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter - tag: v2.1.3 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-trivy + tag: v2.1.6 notary: server: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server - tag: v2.1.3 + repository: registry.cn-qingdao.aliyuncs.com/wod/notary-server + tag: v2.1.6 signer: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer - tag: v2.1.3 + repository: registry.cn-qingdao.aliyuncs.com/wod/notary-signer + tag: v2.1.6 database: type: internal internal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db - tag: v2.1.3 - password: "spaceIN511" + tag: v2.1.6 + password: 'spaceIN511' resources: limits: memory: 4Gi @@ -156,4 +156,4 @@ redis: internal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/redis - tag: 6.0.9 \ No newline at end of file + tag: 6.2.6 diff --git a/raws/values-arm.yaml b/raws/values-arm.yaml index 4ccc29faf47851e661f8352e9172a566cc8f7321..9419a870c5b0732438fc1aea4c53bfab1263b4b4 100644 --- a/raws/values-arm.yaml +++ b/raws/values-arm.yaml @@ -7,7 +7,7 @@ expose: core: hub.wodcloud.local notary: notary.wodcloud.local annotations: - ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/proxy-body-size: '0' externalURL: https://hub.wodcloud.local @@ -15,41 +15,41 @@ persistence: enabled: true persistentVolumeClaim: registry: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 5Gi chartmuseum: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 5Gi jobservice: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi database: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi redis: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi trivy: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce - size: 5Gi + size: 5Gi imageChartStorage: # s3 , filesystem type: filesystem @@ -62,34 +62,34 @@ persistence: encrypt: false v4auth: true chunksize: '5242880' - rootdirectory: / + rootdirectory: / imagePullPolicy: IfNotPresent logLevel: info -harborAdminPassword: "spaceIN511" -secretKey: "IpTIscRIgmerlare" +harborAdminPassword: 'spaceIN511' +secretKey: 'IpTIscRIgmerlare' portal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal - tag: v2.1.3-arm64 + tag: v2.1.6-arm64 core: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core - tag: v2.1.3-arm64 + tag: v2.1.6-arm64 jobservice: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice - tag: v2.1.3-arm64 + tag: v2.1.6-arm64 registry: registry: image: repository: registry.cn-qingdao.aliyuncs.com/wod/registry - tag: 2.7.1-arm64 + tag: v2.7.1-arm64 resources: limits: memory: 4Gi @@ -98,12 +98,12 @@ registry: controller: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl - tag: v2.1.3-arm64 + tag: v2.1.6-arm64 chartmuseum: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum - tag: v2.1.3-arm64 + repository: registry.cn-qingdao.aliyuncs.com/wod/chartmuseum + tag: v2.1.6-arm64 nodeSelector: {} # nodeSelector: # harbor: enabled @@ -111,40 +111,40 @@ chartmuseum: type: hostPath emptyDir: {} hostPath: - root: /data + root: /data clair: clair: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair - tag: v2.1.3-arm64 + repository: registry.cn-qingdao.aliyuncs.com/wod/clair + tag: v2.1.6-arm64 adapter: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter - tag: v2.1.3-arm64 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-clair + tag: v2.1.6-arm64 trivy: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter - tag: v2.1.3-arm64 + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-trivy + tag: v2.1.6-arm64 notary: server: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server - tag: v2.1.3-arm64 + repository: registry.cn-qingdao.aliyuncs.com/wod/notary-server + tag: v2.1.6-arm64 signer: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer - tag: v2.1.3-arm64 + repository: registry.cn-qingdao.aliyuncs.com/wod/notary-signer + tag: v2.1.6-arm64 database: type: internal internal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db - tag: v2.1.3-arm64 - password: "spaceIN511" + tag: v2.1.6-arm64 + password: 'spaceIN511' resources: limits: memory: 4Gi @@ -156,4 +156,4 @@ redis: internal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/redis - tag: 6.0.9-arm64 \ No newline at end of file + tag: 6.2.6-arm64 diff --git a/raws/values-pg.yaml b/raws/values-pg.yaml index 7c44aafd3fab0e0744077f3cc38414059aeccaa1..9990e76c284a1d4a349b465381cdacd6a96d2c81 100644 --- a/raws/values-pg.yaml +++ b/raws/values-pg.yaml @@ -7,7 +7,7 @@ expose: core: hub.test.wodcloud.com notary: notary.test.wodcloud.com annotations: - ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/proxy-body-size: '0' externalURL: https://hub.test.wodcloud.com @@ -19,21 +19,21 @@ persistence: filesystem: rootdirectory: /data #s3: - # accesskey: AKIAIOSFODNN7EXAMPLE - # secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY - # region: us-east-1 - # regionendpoint: https://minio.sxwh.local - # bucket: registry - # encrypt: false - # v4auth: true - # chunksize: '5242880' - # rootdirectory: / + # accesskey: AKIAIOSFODNN7EXAMPLE + # secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + # region: us-east-1 + # regionendpoint: https://minio.sxwh.local + # bucket: registry + # encrypt: false + # v4auth: true + # chunksize: '5242880' + # rootdirectory: / imagePullPolicy: IfNotPresent logLevel: info -harborAdminPassword: "spaceIN511" -secretKey: "IpTIscRIgmerlare" +harborAdminPassword: 'spaceIN511' +secretKey: 'IpTIscRIgmerlare' portal: image: @@ -59,14 +59,14 @@ registry: registry: image: repository: registry.cn-qingdao.aliyuncs.com/wod/registry - tag: 2.7.1 + tag: v2.7.1 resources: limits: memory: 4Gi requests: memory: 256Mi nodeSelector: - harbor: enabled + harbor: enabled storageSpec: # type: emptyDir , hostPath , volumeClaimTemplate type: hostPath @@ -76,11 +76,11 @@ registry: volumeClaimTemplate: spec: storageClassName: rook-ceph-block - accessModes: ["ReadWriteOnce"] + accessModes: ['ReadWriteOnce'] resources: requests: storage: 100Gi - selector: {} + selector: {} controller: image: @@ -95,12 +95,12 @@ chartmuseum: tag: v0.9.0-v1.8.2 replicas: 1 nodeSelector: - harbor: enabled + harbor: enabled storageSpec: type: hostPath emptyDir: {} hostPath: - root: /data + root: /data clair: enabled: true @@ -128,7 +128,7 @@ database: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db tag: v1.8.2 - password: "spaceIN511" + password: 'spaceIN511' resources: limits: memory: 4Gi @@ -140,11 +140,11 @@ database: type: hostPath emptyDir: {} hostPath: - root: /data + root: /data volumeClaimTemplate: spec: storageClassName: rook-ceph-block - accessModes: ["ReadWriteOnce"] + accessModes: ['ReadWriteOnce'] resources: requests: storage: 20Gi @@ -155,4 +155,4 @@ redis: internal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/redis - tag: 4.0.14-alpine \ No newline at end of file + tag: 4.0.14-alpine diff --git a/raws/values-ppc64le.yaml b/raws/values-ppc64le.yaml index f3f9209beaabd3fea6b39c9d3c5bb45b0726e292..e01a525bddc7ca16bad34dabd9df7c64580a5b18 100644 --- a/raws/values-ppc64le.yaml +++ b/raws/values-ppc64le.yaml @@ -7,7 +7,7 @@ expose: core: hub.wodcloud.local notary: notary.wodcloud.local annotations: - ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/proxy-body-size: '0' externalURL: https://hub.wodcloud.local @@ -15,41 +15,41 @@ persistence: enabled: true persistentVolumeClaim: registry: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 5Gi chartmuseum: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 5Gi jobservice: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi database: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi redis: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi trivy: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce - size: 5Gi + size: 5Gi imageChartStorage: # s3 , filesystem type: filesystem @@ -62,34 +62,34 @@ persistence: encrypt: false v4auth: true chunksize: '5242880' - rootdirectory: / + rootdirectory: / imagePullPolicy: IfNotPresent logLevel: info -harborAdminPassword: "spaceIN511" -secretKey: "IpTIscRIgmerlare" +harborAdminPassword: 'spaceIN511' +secretKey: 'IpTIscRIgmerlare' portal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal - tag: v2.1.3-ppc64le + tag: v2.1.6-ppc64le core: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core - tag: v2.1.3-ppc64le + tag: v2.1.6-ppc64le jobservice: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice - tag: v2.1.3-ppc64le + tag: v2.1.6-ppc64le registry: registry: image: repository: registry.cn-qingdao.aliyuncs.com/wod/registry - tag: 2.7.1-ppc64le + tag: v2.7.1-ppc64le resources: limits: memory: 4Gi @@ -98,11 +98,11 @@ registry: controller: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl - tag: v2.1.3-ppc64le + tag: v2.1.6-ppc64le chartmuseum: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum + repository: registry.cn-qingdao.aliyuncs.com/wod/chartmuseum tag: v2.1.1-ppc64le nodeSelector: {} # nodeSelector: @@ -111,31 +111,31 @@ chartmuseum: type: hostPath emptyDir: {} hostPath: - root: /data + root: /data clair: clair: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair + repository: registry.cn-qingdao.aliyuncs.com/wod/clair tag: v2.1.1-ppc64le adapter: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-clair tag: v2.1.1-ppc64le trivy: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter + repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-trivy tag: v2.1.1-ppc64le notary: server: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server + repository: registry.cn-qingdao.aliyuncs.com/wod/notary-server tag: v2.1.1-ppc64le signer: image: - repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer + repository: registry.cn-qingdao.aliyuncs.com/wod/notary-signer tag: v2.1.1-ppc64le database: @@ -143,8 +143,8 @@ database: internal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db - tag: v2.1.3-ppc64le - password: "spaceIN511" + tag: v2.1.6-ppc64le + password: 'spaceIN511' resources: limits: memory: 4Gi @@ -156,4 +156,4 @@ redis: internal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/redis - tag: 6.0.9-ppc64le \ No newline at end of file + tag: 6.2.6-ppc64le diff --git a/raws/values-stolon.yaml b/raws/values-stolon.yaml index fd20086f930c8f55609be828584571b9263c8e51..4d96009c587012ec6a0a9e058fd09bca6d9f6d2c 100644 --- a/raws/values-stolon.yaml +++ b/raws/values-stolon.yaml @@ -7,7 +7,7 @@ expose: core: hub.test.wodcloud.com notary: notary.test.wodcloud.com annotations: - ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/proxy-body-size: '0' externalURL: https://hub.test.wodcloud.com @@ -19,21 +19,21 @@ persistence: filesystem: rootdirectory: /data #s3: - # accesskey: AKIAIOSFODNN7EXAMPLE - # secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY - # region: us-east-1 - # regionendpoint: https://minio.sxwh.local - # bucket: registry - # encrypt: false - # v4auth: true - # chunksize: '5242880' - # rootdirectory: / + # accesskey: AKIAIOSFODNN7EXAMPLE + # secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + # region: us-east-1 + # regionendpoint: https://minio.sxwh.local + # bucket: registry + # encrypt: false + # v4auth: true + # chunksize: '5242880' + # rootdirectory: / imagePullPolicy: IfNotPresent logLevel: info -harborAdminPassword: "spaceIN511" -secretKey: "IpTIscRIgmerlare" +harborAdminPassword: 'spaceIN511' +secretKey: 'IpTIscRIgmerlare' portal: image: @@ -59,14 +59,14 @@ registry: registry: image: repository: registry.cn-qingdao.aliyuncs.com/wod/registry - tag: 2.7.1 + tag: v2.7.1 resources: limits: memory: 4Gi requests: memory: 256Mi nodeSelector: - harbor: enabled + harbor: enabled storageSpec: # type: emptyDir , hostPath , volumeClaimTemplate type: hostPath @@ -76,11 +76,11 @@ registry: volumeClaimTemplate: spec: storageClassName: rook-ceph-block - accessModes: ["ReadWriteOnce"] + accessModes: ['ReadWriteOnce'] resources: requests: storage: 100Gi - selector: {} + selector: {} controller: image: @@ -95,12 +95,12 @@ chartmuseum: tag: v0.9.0-v1.8.2 replicas: 1 nodeSelector: - harbor: enabled + harbor: enabled storageSpec: type: hostPath emptyDir: {} hostPath: - root: /data + root: /data clair: enabled: true @@ -125,19 +125,19 @@ notary: database: type: external external: - host: "stolon-proxy.devops" - port: "5432" - username: "postgres" - password: "spaceIN511" - coreDatabase: "hub_registry" - clairDatabase: "hub_clair" - notaryServerDatabase: "hub_notary_server" - notarySignerDatabase: "hub_notary_signer" - sslmode: "disable" + host: 'stolon-proxy.devops' + port: '5432' + username: 'postgres' + password: 'spaceIN511' + coreDatabase: 'hub_registry' + clairDatabase: 'hub_clair' + notaryServerDatabase: 'hub_notary_server' + notarySignerDatabase: 'hub_notary_signer' + sslmode: 'disable' redis: type: internal internal: image: repository: registry.cn-qingdao.aliyuncs.com/wod/redis - tag: 4.0.14-alpine \ No newline at end of file + tag: 4.0.14-alpine diff --git a/raws/values.yaml b/raws/values.yaml index 2329fb3cacdf9391e5638ad3e0bd3e2e2d9f827b..e6b9fa1e297e479b77d0249cb8bdc6704023efdc 100644 --- a/raws/values.yaml +++ b/raws/values.yaml @@ -20,17 +20,17 @@ expose: auto: # The common name used to generate the certificate, it's necessary # when the type isn't "ingress" - commonName: "" + commonName: '' secret: # The name of secret which contains keys named: # "tls.crt" - the certificate # "tls.key" - the private key - secretName: "" + secretName: '' # The name of secret which contains keys named: # "tls.crt" - the certificate # "tls.key" - the private key # Only needed when the "expose.type" is "ingress". - notarySecretName: "" + notarySecretName: '' ingress: hosts: core: core.harbor.domain @@ -41,10 +41,10 @@ expose: # set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller controller: default annotations: - ingress.kubernetes.io/ssl-redirect: "true" - ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/ssl-redirect: 'true' + ingress.kubernetes.io/proxy-body-size: '0' + nginx.ingress.kubernetes.io/ssl-redirect: 'true' + nginx.ingress.kubernetes.io/proxy-body-size: '0' clusterIP: # The name of ClusterIP service name: harbor @@ -80,7 +80,7 @@ expose: # The name of LoadBalancer service name: harbor # Set the IP if the LoadBalancer supports assigning IP - IP: "" + IP: '' ports: # The service port Harbor listens on when serving with HTTP httpPort: 80 @@ -116,65 +116,65 @@ internalTLS: # 1) "auto" will generate cert automatically # 2) "manual" need provide cert file manually in following value # 3) "secret" internal certificates from secret - certSource: "auto" + certSource: 'auto' # The content of trust ca, only available when `certSource` is "manual" - trustCa: "" + trustCa: '' # core related cert configuration core: # secret name for core's tls certs - secretName: "" + secretName: '' # Content of core's TLS cert file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of core's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # jobservice related cert configuration jobservice: # secret name for jobservice's tls certs - secretName: "" + secretName: '' # Content of jobservice's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of jobservice's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # registry related cert configuration registry: # secret name for registry's tls certs - secretName: "" + secretName: '' # Content of registry's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of registry's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # portal related cert configuration portal: # secret name for portal's tls certs - secretName: "" + secretName: '' # Content of portal's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of portal's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # chartmuseum related cert configuration chartmuseum: # secret name for chartmuseum's tls certs - secretName: "" + secretName: '' # Content of chartmuseum's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of chartmuseum's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # clair related cert configuration clair: # secret name for clair's tls certs - secretName: "" + secretName: '' # Content of clair's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of clair's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # trivy related cert configuration trivy: # secret name for trivy's tls certs - secretName: "" + secretName: '' # Content of trivy's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of trivy's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # The persistence is enabled by default and a default StorageClass # is needed in the k8s cluster to provision volumes dynamicly. @@ -189,51 +189,51 @@ persistence: # operation. Leaving it empty will delete PVCs after the chart deleted # (this does not apply for PVCs that are created for internal database # and redis components, i.e. they are never deleted automatically) - resourcePolicy: "keep" + resourcePolicy: 'keep' persistentVolumeClaim: registry: # Use the existing PVC which must be created manually before bound, # and specify the "subPath" if the PVC is shared with other components - existingClaim: "" + existingClaim: '' # Specify the "storageClass" used to provision the volume. Or the default # StorageClass will be used(the default). # Set it to "-" to disable dynamic provisioning - storageClass: "" - subPath: "" + storageClass: '' + subPath: '' accessMode: ReadWriteOnce size: 5Gi chartmuseum: - existingClaim: "" - storageClass: "" - subPath: "" + existingClaim: '' + storageClass: '' + subPath: '' accessMode: ReadWriteOnce size: 5Gi jobservice: - existingClaim: "" - storageClass: "" - subPath: "" + existingClaim: '' + storageClass: '' + subPath: '' accessMode: ReadWriteOnce size: 1Gi # If external database is used, the following settings for database will # be ignored database: - existingClaim: "" - storageClass: "" - subPath: "" + existingClaim: '' + storageClass: '' + subPath: '' accessMode: ReadWriteOnce size: 1Gi # If external Redis is used, the following settings for Redis will # be ignored redis: - existingClaim: "" - storageClass: "" - subPath: "" + existingClaim: '' + storageClass: '' + subPath: '' accessMode: ReadWriteOnce size: 1Gi trivy: - existingClaim: "" - storageClass: "" - subPath: "" + existingClaim: '' + storageClass: '' + subPath: '' accessMode: ReadWriteOnce size: 5Gi # Define which storage backend is used for registry and chartmuseum to store @@ -338,15 +338,15 @@ updateStrategy: logLevel: info # The initial password of Harbor admin. Change it from portal after launching Harbor -harborAdminPassword: "Harbor12345" +harborAdminPassword: 'Harbor12345' # The name of the secret which contains key named "ca.crt". Setting this enables the # download link on portal to download the certificate of CA when the certificate isn't # generated automatically -caSecretName: "" +caSecretName: '' # The secret key used for encryption. Must be a string of 16 chars. -secretKey: "not-a-secure-key" +secretKey: 'not-a-secure-key' # The proxy settings for updating clair vulnerabilities from the Internet and replicating # artifacts from/to the registries that cannot be reached directly @@ -375,9 +375,9 @@ proxy: nginx: image: repository: goharbor/nginx-photon - tag: v2.1.3 + tag: v2.1.6 # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' replicas: 1 # resources: # requests: @@ -392,9 +392,9 @@ nginx: portal: image: repository: goharbor/harbor-portal - tag: v2.1.3 + tag: v2.1.6 # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' replicas: 1 # resources: # requests: @@ -409,9 +409,9 @@ portal: core: image: repository: goharbor/harbor-core - tag: v2.1.3 + tag: v2.1.6 # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' replicas: 1 ## Startup probe values startupProbe: @@ -429,24 +429,24 @@ core: # Secret is used when core server communicates with other components. # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. - secret: "" + secret: '' # Fill the name of a kubernetes secret if you want to use your own # TLS certificate and private key for token encryption/decryption. # The secret must contain keys named: # "tls.crt" - the certificate # "tls.key" - the private key # The default key pair will be used if it isn't set - secretName: "" + secretName: '' # The XSRF key. Will be generated automatically if it isn't specified - xsrfKey: "" + xsrfKey: '' jobservice: image: repository: goharbor/harbor-jobservice - tag: v2.1.3 + tag: v2.1.6 replicas: 1 # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' maxJobWorkers: 10 # The logger for jobs: "file", "database" or "stdout" jobLogger: file @@ -462,15 +462,15 @@ jobservice: # Secret is used when job service communicates with other components. # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. - secret: "" + secret: '' registry: # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' registry: image: repository: goharbor/registry-photon - tag: v2.1.3 + tag: v2.1.6 # resources: # requests: # memory: 256Mi @@ -478,7 +478,7 @@ registry: controller: image: repository: goharbor/harbor-registryctl - tag: v2.1.3 + tag: v2.1.6 # resources: # requests: @@ -495,15 +495,15 @@ registry: # See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. - secret: "" + secret: '' # If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. relativeurls: false credentials: - username: "harbor_registry_user" - password: "harbor_registry_password" + username: 'harbor_registry_user' + password: 'harbor_registry_password' # If you update the username or password of registry, make sure use cli tool htpasswd to generate the bcrypt hash # e.g. "htpasswd -nbBC10 $username $password" - htpasswd: "harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m" + htpasswd: 'harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m' middleware: enabled: false @@ -515,17 +515,17 @@ registry: ipfilteredby: none # The secret key that should be present is CLOUDFRONT_KEY_DATA, which should be the encoded private key # that allows access to CloudFront - privateKeySecret: "my-secret" + privateKeySecret: 'my-secret' chartmuseum: enabled: true # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' # Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true' absoluteUrl: false image: repository: goharbor/chartmuseum-photon - tag: v2.1.3 + tag: v2.1.6 replicas: 1 # resources: # requests: @@ -540,19 +540,19 @@ chartmuseum: clair: enabled: true # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' clair: image: repository: goharbor/clair-photon - tag: v2.1.3 + tag: v2.1.6 # resources: # requests: # memory: 256Mi # cpu: 100m adapter: image: - repository: goharbor/clair-adapter-photon - tag: v2.1.3 + repository: goharbor/harbor-scanner-clair-photon + tag: v2.1.6 # resources: # requests: # memory: 256Mi @@ -574,17 +574,17 @@ trivy: # repository the repository for Trivy adapter image repository: goharbor/trivy-adapter-photon # tag the tag for Trivy adapter image - tag: v2.1.3 + tag: v2.1.6 # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' # replicas the number of Pod replicas replicas: 1 # debugMode the flag to enable Trivy debug mode with more verbose scanning log debugMode: false # vulnType a comma-separated list of vulnerability types. Possible values are `os` and `library`. - vulnType: "os,library" + vulnType: 'os,library' # severity a comma-separated list of severities to be checked - severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL" + severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' # ignoreUnfixed the flag to display only fixed vulnerabilities ignoreUnfixed: false # insecure the flag to skip verifying registry certificate @@ -604,7 +604,7 @@ trivy: # # You can create a GitHub token by following the instructions in # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line - gitHubToken: "" + gitHubToken: '' # skipUpdate the flag to disable Trivy DB downloads from GitHub # # You might want to set the value of this flag to `true` in test or CI/CD environments to avoid GitHub rate limiting issues. @@ -628,10 +628,10 @@ notary: enabled: true server: # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' image: repository: goharbor/notary-server-photon - tag: v2.1.3 + tag: v2.1.6 replicas: 1 # resources: # requests: @@ -639,10 +639,10 @@ notary: # cpu: 100m signer: # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' image: repository: goharbor/notary-signer-photon - tag: v2.1.3 + tag: v2.1.6 replicas: 1 # resources: # requests: @@ -659,7 +659,7 @@ notary: # The secret must contain keys named ca.crt, tls.crt and tls.key that # contain the CA, certificate and private key. # They will be generated if not set. - secretName: "" + secretName: '' database: # if external database is used, set "type" to "external" @@ -667,12 +667,12 @@ database: type: internal internal: # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' image: repository: goharbor/harbor-db - tag: v2.1.3 + tag: v2.1.6 # The initial superuser password for internal database - password: "changeit" + password: 'changeit' # resources: # requests: # memory: 256Mi @@ -681,14 +681,14 @@ database: tolerations: [] affinity: {} external: - host: "192.168.0.1" - port: "5432" - username: "user" - password: "password" - coreDatabase: "registry" - clairDatabase: "clair" - notaryServerDatabase: "notary_server" - notarySignerDatabase: "notary_signer" + host: '192.168.0.1' + port: '5432' + username: 'user' + password: 'password' + coreDatabase: 'registry' + clairDatabase: 'clair' + notaryServerDatabase: 'notary_server' + notarySignerDatabase: 'notary_signer' # "disable" - No SSL # "require" - Always SSL (skip verification) # "verify-ca" - Always SSL (verify that the certificate presented by the @@ -696,7 +696,7 @@ database: # "verify-full" - Always SSL (verify that the certification presented by the # server was signed by a trusted CA and the server host name matches the one # in the certificate) - sslmode: "disable" + sslmode: 'disable' # The maximum number of connections in the idle connection pool. # If it <=0, no idle connections are retained. maxIdleConns: 50 @@ -713,10 +713,10 @@ redis: type: internal internal: # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' image: repository: goharbor/redis-photon - tag: v2.1.3 + tag: v2.1.6 # resources: # requests: # memory: 256Mi @@ -728,20 +728,20 @@ redis: # support redis, redis+sentinel # addr for redis: : # addr for redis+sentinel: :,:,: - addr: "192.168.0.2:6379" + addr: '192.168.0.2:6379' # The name of the set of Redis instances to monitor, it must be set to support redis+sentinel - sentinelMasterSet: "" + sentinelMasterSet: '' # The "coreDatabaseIndex" must be "0" as the library Harbor # used doesn't support configuring it - coreDatabaseIndex: "0" - jobserviceDatabaseIndex: "1" - registryDatabaseIndex: "2" - chartmuseumDatabaseIndex: "3" - clairAdapterIndex: "4" - trivyAdapterIndex: "5" - password: "" + coreDatabaseIndex: '0' + jobserviceDatabaseIndex: '1' + registryDatabaseIndex: '2' + chartmuseumDatabaseIndex: '3' + clairAdapterIndex: '4' + trivyAdapterIndex: '5' + password: '' ## Additional deployment annotations podAnnotations: {} commonLabels: - app.bd-apaas.com/cluster-component: registry \ No newline at end of file + app.bd-apaas.com/cluster-component: registry diff --git a/values.yaml b/values.yaml index 78568652fcd6c635756ddfbe607ccf422f7cddfe..0d361b9bd7bdd23dfed429cbf85d1c2f372410f4 100644 --- a/values.yaml +++ b/values.yaml @@ -20,17 +20,17 @@ expose: auto: # The common name used to generate the certificate, it's necessary # when the type isn't "ingress" - commonName: "" + commonName: '' secret: # The name of secret which contains keys named: # "tls.crt" - the certificate # "tls.key" - the private key - secretName: "" + secretName: '' # The name of secret which contains keys named: # "tls.crt" - the certificate # "tls.key" - the private key # Only needed when the "expose.type" is "ingress". - notarySecretName: "" + notarySecretName: '' ingress: hosts: core: hub @@ -41,10 +41,10 @@ expose: # set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller controller: default annotations: - ingress.kubernetes.io/ssl-redirect: "true" - ingress.kubernetes.io/proxy-body-size: "0" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/proxy-body-size: "0" + ingress.kubernetes.io/ssl-redirect: 'true' + ingress.kubernetes.io/proxy-body-size: '0' + nginx.ingress.kubernetes.io/ssl-redirect: 'true' + nginx.ingress.kubernetes.io/proxy-body-size: '0' clusterIP: # The name of ClusterIP service name: harbor @@ -80,7 +80,7 @@ expose: # The name of LoadBalancer service name: harbor # Set the IP if the LoadBalancer supports assigning IP - IP: "" + IP: '' ports: # The service port Harbor listens on when serving with HTTP httpPort: 80 @@ -116,65 +116,65 @@ internalTLS: # 1) "auto" will generate cert automatically # 2) "manual" need provide cert file manually in following value # 3) "secret" internal certificates from secret - certSource: "auto" + certSource: 'auto' # The content of trust ca, only available when `certSource` is "manual" - trustCa: "" + trustCa: '' # core related cert configuration core: # secret name for core's tls certs - secretName: "" + secretName: '' # Content of core's TLS cert file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of core's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # jobservice related cert configuration jobservice: # secret name for jobservice's tls certs - secretName: "" + secretName: '' # Content of jobservice's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of jobservice's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # registry related cert configuration registry: # secret name for registry's tls certs - secretName: "" + secretName: '' # Content of registry's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of registry's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # portal related cert configuration portal: # secret name for portal's tls certs - secretName: "" + secretName: '' # Content of portal's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of portal's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # chartmuseum related cert configuration chartmuseum: # secret name for chartmuseum's tls certs - secretName: "" + secretName: '' # Content of chartmuseum's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of chartmuseum's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # clair related cert configuration clair: # secret name for clair's tls certs - secretName: "" + secretName: '' # Content of clair's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of clair's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # trivy related cert configuration trivy: # secret name for trivy's tls certs - secretName: "" + secretName: '' # Content of trivy's TLS key file, only available when `certSource` is "manual" - crt: "" + crt: '' # Content of trivy's TLS key file, only available when `certSource` is "manual" - key: "" + key: '' # The persistence is enabled by default and a default StorageClass # is needed in the k8s cluster to provision volumes dynamicly. @@ -189,51 +189,51 @@ persistence: # operation. Leaving it empty will delete PVCs after the chart deleted # (this does not apply for PVCs that are created for internal database # and redis components, i.e. they are never deleted automatically) - resourcePolicy: "keep" + resourcePolicy: 'keep' persistentVolumeClaim: registry: # Use the existing PVC which must be created manually before bound, # and specify the "subPath" if the PVC is shared with other components - existingClaim: "" + existingClaim: '' # Specify the "storageClass" used to provision the volume. Or the default # StorageClass will be used(the default). # Set it to "-" to disable dynamic provisioning - storageClass: "hostpath" - subPath: "" + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 5Gi chartmuseum: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 5Gi jobservice: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi # If external database is used, the following settings for database will # be ignored database: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 10Gi # If external Redis is used, the following settings for Redis will # be ignored redis: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 1Gi trivy: - existingClaim: "" - storageClass: "hostpath" - subPath: "" + existingClaim: '' + storageClass: 'hostpath' + subPath: '' accessMode: ReadWriteOnce size: 5Gi # Define which storage backend is used for registry and chartmuseum to store @@ -338,15 +338,15 @@ updateStrategy: logLevel: info # The initial password of Harbor admin. Change it from portal after launching Harbor -harborAdminPassword: "spaceIN511" +harborAdminPassword: 'spaceIN511' # The name of the secret which contains key named "ca.crt". Setting this enables the # download link on portal to download the certificate of CA when the certificate isn't # generated automatically -caSecretName: "" +caSecretName: '' # The secret key used for encryption. Must be a string of 16 chars. -secretKey: "IpTIscRIgmerlare" +secretKey: 'IpTIscRIgmerlare' # The proxy settings for updating clair vulnerabilities from the Internet and replicating # artifacts from/to the registries that cannot be reached directly @@ -375,9 +375,9 @@ proxy: nginx: image: repository: nginx - tag: v2.1.3 + tag: v2.1.6 # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' replicas: 1 # resources: # requests: @@ -392,9 +392,9 @@ nginx: portal: image: repository: harbor-portal - tag: v2.1.3 + tag: v2.1.6 # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' replicas: 1 # resources: # requests: @@ -409,9 +409,9 @@ portal: core: image: repository: harbor-core - tag: v2.1.3 + tag: v2.1.6 # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' replicas: 1 ## Startup probe values startupProbe: @@ -429,24 +429,24 @@ core: # Secret is used when core server communicates with other components. # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. - secret: "" + secret: '' # Fill the name of a kubernetes secret if you want to use your own # TLS certificate and private key for token encryption/decryption. # The secret must contain keys named: # "tls.crt" - the certificate # "tls.key" - the private key # The default key pair will be used if it isn't set - secretName: "" + secretName: '' # The XSRF key. Will be generated automatically if it isn't specified - xsrfKey: "" + xsrfKey: '' jobservice: image: repository: harbor-jobservice - tag: v2.1.3 + tag: v2.1.6 replicas: 1 # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' maxJobWorkers: 10 # The logger for jobs: "file", "database" or "stdout" jobLogger: file @@ -462,15 +462,15 @@ jobservice: # Secret is used when job service communicates with other components. # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. - secret: "" + secret: '' registry: # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' registry: image: repository: registry - tag: 2.7.1 + tag: v2.7.1 resources: limits: memory: 4Gi @@ -479,7 +479,7 @@ registry: controller: image: repository: harbor-registryctl - tag: v2.1.3 + tag: v2.1.6 # resources: # requests: @@ -496,15 +496,15 @@ registry: # See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. - secret: "" + secret: '' # If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. relativeurls: false credentials: - username: "harbor_registry_user" - password: "harbor_registry_password" + username: 'harbor_registry_user' + password: 'harbor_registry_password' # If you update the username or password of registry, make sure use cli tool htpasswd to generate the bcrypt hash # e.g. "htpasswd -nbBC10 $username $password" - htpasswd: "harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m" + htpasswd: 'harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m' middleware: enabled: false @@ -516,22 +516,22 @@ registry: ipfilteredby: none # The secret key that should be present is CLOUDFRONT_KEY_DATA, which should be the encoded private key # that allows access to CloudFront - privateKeySecret: "my-secret" + privateKeySecret: 'my-secret' chartmuseum: enabled: true # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' # Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true' absoluteUrl: false image: - repository: harbor-chartmuseum - tag: v2.1.3 + repository: chartmuseum + tag: v0.12.0 storageSpec: type: hostPath emptyDir: {} hostPath: - root: /data + root: /data replicas: 1 # resources: # requests: @@ -546,19 +546,19 @@ chartmuseum: clair: enabled: true # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' clair: image: - repository: harbor-clair - tag: v2.1.3 + repository: clair + tag: v2.1.7 # resources: # requests: # memory: 256Mi # cpu: 100m adapter: image: - repository: harbor-clair-adapter - tag: v2.1.3 + repository: harbor-scanner-clair + tag: v1.1.1 # resources: # requests: # memory: 256Mi @@ -578,19 +578,19 @@ trivy: enabled: true image: # repository the repository for Trivy adapter image - repository: harbor-trivy-adapter + repository: harbor-scanner-trivy # tag the tag for Trivy adapter image - tag: v2.1.3 + tag: v0.17.0 # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' # replicas the number of Pod replicas replicas: 1 # debugMode the flag to enable Trivy debug mode with more verbose scanning log debugMode: false # vulnType a comma-separated list of vulnerability types. Possible values are `os` and `library`. - vulnType: "os,library" + vulnType: 'os,library' # severity a comma-separated list of severities to be checked - severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL" + severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' # ignoreUnfixed the flag to display only fixed vulnerabilities ignoreUnfixed: false # insecure the flag to skip verifying registry certificate @@ -610,7 +610,7 @@ trivy: # # You can create a GitHub token by following the instructions in # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line - gitHubToken: "" + gitHubToken: '' # skipUpdate the flag to disable Trivy DB downloads from GitHub # # You might want to set the value of this flag to `true` in test or CI/CD environments to avoid GitHub rate limiting issues. @@ -634,10 +634,10 @@ notary: enabled: true server: # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' image: - repository: harbor-notary-server - tag: v2.1.3 + repository: notary-server + tag: v0.6.1 replicas: 1 # resources: # requests: @@ -645,10 +645,10 @@ notary: # cpu: 100m signer: # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' image: - repository: harbor-notary-signer - tag: v2.1.3 + repository: notary-signer + tag: v0.6.1 replicas: 1 # resources: # requests: @@ -665,7 +665,7 @@ notary: # The secret must contain keys named ca.crt, tls.crt and tls.key that # contain the CA, certificate and private key. # They will be generated if not set. - secretName: "" + secretName: '' database: # if external database is used, set "type" to "external" @@ -673,12 +673,12 @@ database: type: internal internal: # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' image: repository: harbor-db - tag: v2.1.3 + tag: v2.1.6 # The initial superuser password for internal database - password: "spaceIN511" + password: 'spaceIN511' resources: limits: memory: 4Gi @@ -688,14 +688,14 @@ database: tolerations: [] affinity: {} external: - host: "192.168.0.1" - port: "5432" - username: "user" - password: "password" - coreDatabase: "registry" - clairDatabase: "clair" - notaryServerDatabase: "notary_server" - notarySignerDatabase: "notary_signer" + host: '192.168.0.1' + port: '5432' + username: 'user' + password: 'password' + coreDatabase: 'registry' + clairDatabase: 'clair' + notaryServerDatabase: 'notary_server' + notarySignerDatabase: 'notary_signer' # "disable" - No SSL # "require" - Always SSL (skip verification) # "verify-ca" - Always SSL (verify that the certificate presented by the @@ -703,7 +703,7 @@ database: # "verify-full" - Always SSL (verify that the certification presented by the # server was signed by a trusted CA and the server host name matches the one # in the certificate) - sslmode: "disable" + sslmode: 'disable' # The maximum number of connections in the idle connection pool. # If it <=0, no idle connections are retained. maxIdleConns: 50 @@ -720,10 +720,10 @@ redis: type: internal internal: # set the service account to be used, default if left empty - serviceAccountName: "" + serviceAccountName: '' image: repository: redis - tag: 6.0.9 + tag: 6.2.6 # resources: # requests: # memory: 256Mi @@ -735,20 +735,20 @@ redis: # support redis, redis+sentinel # addr for redis: : # addr for redis+sentinel: :,:,: - addr: "192.168.0.2:6379" + addr: '192.168.0.2:6379' # The name of the set of Redis instances to monitor, it must be set to support redis+sentinel - sentinelMasterSet: "" + sentinelMasterSet: '' # The "coreDatabaseIndex" must be "0" as the library Harbor # used doesn't support configuring it - coreDatabaseIndex: "0" - jobserviceDatabaseIndex: "1" - registryDatabaseIndex: "2" - chartmuseumDatabaseIndex: "3" - clairAdapterIndex: "4" - trivyAdapterIndex: "5" - password: "" + coreDatabaseIndex: '0' + jobserviceDatabaseIndex: '1' + registryDatabaseIndex: '2' + chartmuseumDatabaseIndex: '3' + clairAdapterIndex: '4' + trivyAdapterIndex: '5' + password: '' ## Additional deployment annotations podAnnotations: {} commonLabels: - app.bd-apaas.com/cluster-component: registry \ No newline at end of file + app.bd-apaas.com/cluster-component: registry