Skip to content

H
harbor
Commit 0970b3e0 authored by 舒成's avatar 舒成
Browse files
Options

2.1.6

parent 7d41e5ec
Pipeline #62897 passed with stage
    Hide whitespace changes
    Inline Side-by-side
    Showing with 498 additions and 462 deletions
    .beagle.yml
    View file @ 0970b3e0
    ......@@ -35,7 +35,7 @@ steps:
    "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}",
    "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz",
    "TARGET_ARCH":"amd64",
    "TARGET_VERSION":"v2.1.3"
    "TARGET_VERSION":"v2.1.6"
    }'
    --extra-vars "@ansible/images.yaml"
    ......@@ -49,7 +49,7 @@ steps:
    "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}",
    "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz",
    "TARGET_ARCH":"arm64",
    "TARGET_VERSION":"v2.1.3"
    "TARGET_VERSION":"v2.1.6"
    }'
    --extra-vars "@ansible/images.yaml"
    ......@@ -63,7 +63,21 @@ steps:
    "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}",
    "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz",
    "TARGET_ARCH":"ppc64le",
    "TARGET_VERSION":"v2.1.3"
    "TARGET_VERSION":"v2.1.6"
    }'
    --extra-vars "@ansible/images.yaml"
    - name: ansible-mips64le
    image: registry.cn-qingdao.aliyuncs.com/wod/ansible-image:v1.0
    commands:
    - >-
    ansible-playbook /etc/ansible/linux/main.yml
    --extra-vars
    '{
    "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}",
    "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz",
    "TARGET_ARCH":"mips64le",
    "TARGET_VERSION":"v2.1.6"
    }'
    --extra-vars "@ansible/images.yaml"
    ......
    .gitignore
    View file @ 0970b3e0
    charts/*
    requirements.lock
    \ No newline at end of file
    requirements.lock
    beagle-*.tgz
    \ No newline at end of file
    Chart.yaml
    View file @ 0970b3e0
    apiVersion: v1
    name: beagle-harbor
    version: 2.1.3
    appVersion: 2.1.3
    version: 2.1.6
    appVersion: 2.1.6
    description: An open source trusted cloud native registry that stores, signs, and scans content
    keywords:
    - docker
    ......
    Deploy.md
    View file @ 0970b3e0
    ......@@ -31,76 +31,96 @@ harbor \
    /etc/kubernetes/helm/beagle-harbor \
    -f /etc/kubernetes/helm/beagle-harbor/values-overrides.yaml > /etc/kubernetes/helm/beagle-harbor/dist.yaml
    # package
    helm package . -d C:/Tmp/Charts
    # 5. Package
    ## 打包项目
    helm package .
    ## 部署项目
    helm install \
    harbor \
    /etc/kubernetes/charts/beagle-harbor-2.1.6.tgz \
    --namespace devops \
    -f /etc/kubernetes/charts/beagle-harbor.yaml
    ## 更新项目
    helm upgrade \
    harbor \
    /etc/kubernetes/charts/beagle-harbor-2.1.6.tgz \
    --namespace devops \
    -f /etc/kubernetes/charts/beagle-harbor.yaml
    ## 删除项目
    helm uninstall \
    --namespace devops \
    harbor
    ```
    ## images x86_64
    ```bash
    # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor
    registry.cn-qingdao.aliyuncs.com/wod/harbor-portal:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/harbor-core:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/harbor-portal:v2.1.6
    registry.cn-qingdao.aliyuncs.com/wod/harbor-core:v2.1.6
    registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v2.1.6
    registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl:v2.1.6
    # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-db
    registry.cn-qingdao.aliyuncs.com/wod/harbor-db:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/harbor-db:v2.1.6
    # registry
    registry.cn-qingdao.aliyuncs.com/wod/registry:2.7.1
    registry.cn-qingdao.aliyuncs.com/wod/registry:v2.7.1
    # gitlab.wodcloud.com/cloud/chartmuseum
    registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/chartmuseum:v0.12.0
    # gitlab.wodcloud.com/cloud/clair
    registry.cn-qingdao.aliyuncs.com/wod/harbor-clair:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/clair:v2.1.7
    # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-scanner-clair
    registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-clair:v1.1.1
    # gitlab.wodcloud.com/cloud/harbor-scanner-trivy
    registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-trivy:v0.17.0
    # gitlab.wodcloud.com/cloud/notary
    registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer:v2.1.3
    registry.cn-qingdao.aliyuncs.com/wod/notary-server:v0.6.1
    registry.cn-qingdao.aliyuncs.com/wod/notary-signer:v0.6.1
    # redis
    registry.cn-qingdao.aliyuncs.com/wod/redis:6.0.9
    registry.cn-qingdao.aliyuncs.com/wod/redis:6.2.6
    ```
    ## images arm64
    ```bash
    # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor
    registry.cn-qingdao.aliyuncs.com/wod/harbor-portal:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-core:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-portal:v2.1.6-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-core:v2.1.6-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v2.1.6-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl:v2.1.6-arm64
    # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-db
    registry.cn-qingdao.aliyuncs.com/wod/harbor-db:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-db:v2.1.6-arm64
    # registry
    registry.cn-qingdao.aliyuncs.com/wod/registry:2.7.1-arm64
    registry.cn-qingdao.aliyuncs.com/wod/registry:v2.7.1-arm64
    # gitlab.wodcloud.com/cloud/chartmuseum
    registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/chartmuseum:v0.12.0-arm64
    # gitlab.wodcloud.com/cloud/clair
    registry.cn-qingdao.aliyuncs.com/wod/harbor-clair:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/clair:v2.1.7-arm64
    # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-scanner-clair
    registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-clair:v1.1.1-arm64
    # gitlab.wodcloud.com/cloud/harbor-scanner-trivy
    registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-trivy:v0.17.0-arm64
    # gitlab.wodcloud.com/cloud/notary
    registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer:v2.1.3-arm64
    registry.cn-qingdao.aliyuncs.com/wod/notary-server:v0.6.1-arm64
    registry.cn-qingdao.aliyuncs.com/wod/notary-signer:v0.6.1-arm64
    # redis
    registry.cn-qingdao.aliyuncs.com/wod/redis:6.0.9-arm64
    registry.cn-qingdao.aliyuncs.com/wod/redis:6.2.6-arm64
    ```
    REAME.md
    View file @ 0970b3e0
    ......@@ -271,7 +271,7 @@ The following table lists the configurable parameters of the Harbor chart and th
    | `clair.clair.image.repository` | Repository for clair image | `goharbor/clair-photon` |
    | `clair.clair.image.tag` | Tag for clair image | `dev` |
    | `clair.clair.resources` | The [resources] to allocate for clair container | |
    | `clair.adapter.image.repository` | Repository for clair adapter image | `goharbor/clair-adapter-photon` |
    | `clair.adapter.image.repository` | Repository for clair adapter image | `goharbor/harbor-scanner-clair-photon` |
    | `clair.adapter.image.tag` | Tag for clair adapter image | `dev` |
    | `clair.adapter.resources` | The [resources] to allocate for clair adapter container | |
    | `clair.replicas` | The replica count | `1` |
    ......
    ansible/images.yaml
    View file @ 0970b3e0
    IMAGES:
    - repo: harbor-portal
    tag: "v2.1.3"
    tag: 'v2.1.6'
    - repo: harbor-core
    tag: "v2.1.3"
    tag: 'v2.1.6'
    - repo: harbor-jobservice
    tag: "v2.1.3"
    tag: 'v2.1.6'
    - repo: harbor-db
    tag: "v2.1.3"
    tag: 'v2.1.6'
    - repo: harbor-registryctl
    tag: "v2.1.3"
    - repo: harbor-chartmuseum
    tag: "v2.1.3"
    - repo: harbor-clair
    tag: "v2.1.3"
    - repo: harbor-clair-adapter
    tag: "v2.1.3"
    - repo: harbor-trivy-adapter
    tag: "v2.1.3"
    - repo: harbor-notary-server
    tag: "v2.1.3"
    - repo: harbor-notary-signer
    tag: "v2.1.3"
    tag: 'v2.1.6'
    - repo: chartmuseum
    tag: 'v0.12.0'
    - repo: clair
    tag: 'v2.1.7'
    - repo: harbor-scanner-clair
    tag: 'v1.1.1'
    - repo: harbor-scanner-trivy
    tag: v0.17.0
    - repo: notary-server
    tag: v0.6.1
    - repo: notary-signer
    tag: v0.6.1
    - repo: registry
    tag: "2.7.1"
    tag: 'v2.7.1'
    - repo: redis
    tag: "6.0.9"
    \ No newline at end of file
    tag: '6.2.6'
    raws/values-aliyun.yaml
    View file @ 0970b3e0
    ......@@ -7,7 +7,7 @@ expose:
    core: hub.wodcloud.local
    notary: notary.wodcloud.local
    annotations:
    ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/proxy-body-size: '0'
    externalURL: https://hub.wodcloud.local
    ......@@ -15,41 +15,41 @@ persistence:
    enabled: true
    persistentVolumeClaim:
    registry:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    chartmuseum:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    jobservice:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    database:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    redis:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    trivy:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    size: 5Gi
    imageChartStorage:
    # s3 , filesystem
    type: filesystem
    ......@@ -62,34 +62,34 @@ persistence:
    encrypt: false
    v4auth: true
    chunksize: '5242880'
    rootdirectory: /
    rootdirectory: /
    imagePullPolicy: IfNotPresent
    logLevel: info
    harborAdminPassword: "spaceIN511"
    secretKey: "IpTIscRIgmerlare"
    harborAdminPassword: 'spaceIN511'
    secretKey: 'IpTIscRIgmerlare'
    portal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
    tag: v2.1.3
    tag: v2.1.6
    core:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
    tag: v2.1.3
    tag: v2.1.6
    jobservice:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
    tag: v2.1.3
    tag: v2.1.6
    registry:
    registry:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/registry
    tag: 2.7.1
    tag: v2.7.1
    resources:
    limits:
    memory: 4Gi
    ......@@ -98,12 +98,12 @@ registry:
    controller:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
    tag: v2.1.3
    tag: v2.1.6
    chartmuseum:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum
    tag: v2.1.3
    repository: registry.cn-qingdao.aliyuncs.com/wod/chartmuseum
    tag: v2.1.6
    nodeSelector: {}
    # nodeSelector:
    # harbor: enabled
    ......@@ -111,40 +111,40 @@ chartmuseum:
    type: hostPath
    emptyDir: {}
    hostPath:
    root: /data
    root: /data
    clair:
    clair:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair
    tag: v2.1.3
    repository: registry.cn-qingdao.aliyuncs.com/wod/clair
    tag: v2.1.6
    adapter:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter
    tag: v2.1.3
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-clair
    tag: v2.1.6
    trivy:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter
    tag: v2.1.3
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-trivy
    tag: v2.1.6
    notary:
    server:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server
    tag: v2.1.3
    repository: registry.cn-qingdao.aliyuncs.com/wod/notary-server
    tag: v2.1.6
    signer:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer
    tag: v2.1.3
    repository: registry.cn-qingdao.aliyuncs.com/wod/notary-signer
    tag: v2.1.6
    database:
    type: internal
    internal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
    tag: v2.1.3
    password: "spaceIN511"
    tag: v2.1.6
    password: 'spaceIN511'
    resources:
    limits:
    memory: 4Gi
    ......@@ -156,4 +156,4 @@ redis:
    internal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/redis
    tag: 6.0.9
    \ No newline at end of file
    tag: 6.2.6
    raws/values-arm.yaml
    View file @ 0970b3e0
    ......@@ -7,7 +7,7 @@ expose:
    core: hub.wodcloud.local
    notary: notary.wodcloud.local
    annotations:
    ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/proxy-body-size: '0'
    externalURL: https://hub.wodcloud.local
    ......@@ -15,41 +15,41 @@ persistence:
    enabled: true
    persistentVolumeClaim:
    registry:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    chartmuseum:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    jobservice:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    database:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    redis:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    trivy:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    size: 5Gi
    imageChartStorage:
    # s3 , filesystem
    type: filesystem
    ......@@ -62,34 +62,34 @@ persistence:
    encrypt: false
    v4auth: true
    chunksize: '5242880'
    rootdirectory: /
    rootdirectory: /
    imagePullPolicy: IfNotPresent
    logLevel: info
    harborAdminPassword: "spaceIN511"
    secretKey: "IpTIscRIgmerlare"
    harborAdminPassword: 'spaceIN511'
    secretKey: 'IpTIscRIgmerlare'
    portal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
    tag: v2.1.3-arm64
    tag: v2.1.6-arm64
    core:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
    tag: v2.1.3-arm64
    tag: v2.1.6-arm64
    jobservice:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
    tag: v2.1.3-arm64
    tag: v2.1.6-arm64
    registry:
    registry:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/registry
    tag: 2.7.1-arm64
    tag: v2.7.1-arm64
    resources:
    limits:
    memory: 4Gi
    ......@@ -98,12 +98,12 @@ registry:
    controller:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
    tag: v2.1.3-arm64
    tag: v2.1.6-arm64
    chartmuseum:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum
    tag: v2.1.3-arm64
    repository: registry.cn-qingdao.aliyuncs.com/wod/chartmuseum
    tag: v2.1.6-arm64
    nodeSelector: {}
    # nodeSelector:
    # harbor: enabled
    ......@@ -111,40 +111,40 @@ chartmuseum:
    type: hostPath
    emptyDir: {}
    hostPath:
    root: /data
    root: /data
    clair:
    clair:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair
    tag: v2.1.3-arm64
    repository: registry.cn-qingdao.aliyuncs.com/wod/clair
    tag: v2.1.6-arm64
    adapter:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter
    tag: v2.1.3-arm64
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-clair
    tag: v2.1.6-arm64
    trivy:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter
    tag: v2.1.3-arm64
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-trivy
    tag: v2.1.6-arm64
    notary:
    server:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server
    tag: v2.1.3-arm64
    repository: registry.cn-qingdao.aliyuncs.com/wod/notary-server
    tag: v2.1.6-arm64
    signer:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer
    tag: v2.1.3-arm64
    repository: registry.cn-qingdao.aliyuncs.com/wod/notary-signer
    tag: v2.1.6-arm64
    database:
    type: internal
    internal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
    tag: v2.1.3-arm64
    password: "spaceIN511"
    tag: v2.1.6-arm64
    password: 'spaceIN511'
    resources:
    limits:
    memory: 4Gi
    ......@@ -156,4 +156,4 @@ redis:
    internal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/redis
    tag: 6.0.9-arm64
    \ No newline at end of file
    tag: 6.2.6-arm64
    raws/values-pg.yaml
    View file @ 0970b3e0
    ......@@ -7,7 +7,7 @@ expose:
    core: hub.test.wodcloud.com
    notary: notary.test.wodcloud.com
    annotations:
    ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/proxy-body-size: '0'
    externalURL: https://hub.test.wodcloud.com
    ......@@ -19,21 +19,21 @@ persistence:
    filesystem:
    rootdirectory: /data
    #s3:
    # accesskey: AKIAIOSFODNN7EXAMPLE
    # secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
    # region: us-east-1
    # regionendpoint: https://minio.sxwh.local
    # bucket: registry
    # encrypt: false
    # v4auth: true
    # chunksize: '5242880'
    # rootdirectory: /
    # accesskey: AKIAIOSFODNN7EXAMPLE
    # secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
    # region: us-east-1
    # regionendpoint: https://minio.sxwh.local
    # bucket: registry
    # encrypt: false
    # v4auth: true
    # chunksize: '5242880'
    # rootdirectory: /
    imagePullPolicy: IfNotPresent
    logLevel: info
    harborAdminPassword: "spaceIN511"
    secretKey: "IpTIscRIgmerlare"
    harborAdminPassword: 'spaceIN511'
    secretKey: 'IpTIscRIgmerlare'
    portal:
    image:
    ......@@ -59,14 +59,14 @@ registry:
    registry:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/registry
    tag: 2.7.1
    tag: v2.7.1
    resources:
    limits:
    memory: 4Gi
    requests:
    memory: 256Mi
    nodeSelector:
    harbor: enabled
    harbor: enabled
    storageSpec:
    # type: emptyDir , hostPath , volumeClaimTemplate
    type: hostPath
    ......@@ -76,11 +76,11 @@ registry:
    volumeClaimTemplate:
    spec:
    storageClassName: rook-ceph-block
    accessModes: ["ReadWriteOnce"]
    accessModes: ['ReadWriteOnce']
    resources:
    requests:
    storage: 100Gi
    selector: {}
    selector: {}
    controller:
    image:
    ......@@ -95,12 +95,12 @@ chartmuseum:
    tag: v0.9.0-v1.8.2
    replicas: 1
    nodeSelector:
    harbor: enabled
    harbor: enabled
    storageSpec:
    type: hostPath
    emptyDir: {}
    hostPath:
    root: /data
    root: /data
    clair:
    enabled: true
    ......@@ -128,7 +128,7 @@ database:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
    tag: v1.8.2
    password: "spaceIN511"
    password: 'spaceIN511'
    resources:
    limits:
    memory: 4Gi
    ......@@ -140,11 +140,11 @@ database:
    type: hostPath
    emptyDir: {}
    hostPath:
    root: /data
    root: /data
    volumeClaimTemplate:
    spec:
    storageClassName: rook-ceph-block
    accessModes: ["ReadWriteOnce"]
    accessModes: ['ReadWriteOnce']
    resources:
    requests:
    storage: 20Gi
    ......@@ -155,4 +155,4 @@ redis:
    internal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/redis
    tag: 4.0.14-alpine
    \ No newline at end of file
    tag: 4.0.14-alpine
    raws/values-ppc64le.yaml
    View file @ 0970b3e0
    ......@@ -7,7 +7,7 @@ expose:
    core: hub.wodcloud.local
    notary: notary.wodcloud.local
    annotations:
    ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/proxy-body-size: '0'
    externalURL: https://hub.wodcloud.local
    ......@@ -15,41 +15,41 @@ persistence:
    enabled: true
    persistentVolumeClaim:
    registry:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    chartmuseum:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    jobservice:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    database:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    redis:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    trivy:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    size: 5Gi
    imageChartStorage:
    # s3 , filesystem
    type: filesystem
    ......@@ -62,34 +62,34 @@ persistence:
    encrypt: false
    v4auth: true
    chunksize: '5242880'
    rootdirectory: /
    rootdirectory: /
    imagePullPolicy: IfNotPresent
    logLevel: info
    harborAdminPassword: "spaceIN511"
    secretKey: "IpTIscRIgmerlare"
    harborAdminPassword: 'spaceIN511'
    secretKey: 'IpTIscRIgmerlare'
    portal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
    tag: v2.1.3-ppc64le
    tag: v2.1.6-ppc64le
    core:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
    tag: v2.1.3-ppc64le
    tag: v2.1.6-ppc64le
    jobservice:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
    tag: v2.1.3-ppc64le
    tag: v2.1.6-ppc64le
    registry:
    registry:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/registry
    tag: 2.7.1-ppc64le
    tag: v2.7.1-ppc64le
    resources:
    limits:
    memory: 4Gi
    ......@@ -98,11 +98,11 @@ registry:
    controller:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
    tag: v2.1.3-ppc64le
    tag: v2.1.6-ppc64le
    chartmuseum:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum
    repository: registry.cn-qingdao.aliyuncs.com/wod/chartmuseum
    tag: v2.1.1-ppc64le
    nodeSelector: {}
    # nodeSelector:
    ......@@ -111,31 +111,31 @@ chartmuseum:
    type: hostPath
    emptyDir: {}
    hostPath:
    root: /data
    root: /data
    clair:
    clair:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair
    repository: registry.cn-qingdao.aliyuncs.com/wod/clair
    tag: v2.1.1-ppc64le
    adapter:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-clair
    tag: v2.1.1-ppc64le
    trivy:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-scanner-trivy
    tag: v2.1.1-ppc64le
    notary:
    server:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server
    repository: registry.cn-qingdao.aliyuncs.com/wod/notary-server
    tag: v2.1.1-ppc64le
    signer:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer
    repository: registry.cn-qingdao.aliyuncs.com/wod/notary-signer
    tag: v2.1.1-ppc64le
    database:
    ......@@ -143,8 +143,8 @@ database:
    internal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
    tag: v2.1.3-ppc64le
    password: "spaceIN511"
    tag: v2.1.6-ppc64le
    password: 'spaceIN511'
    resources:
    limits:
    memory: 4Gi
    ......@@ -156,4 +156,4 @@ redis:
    internal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/redis
    tag: 6.0.9-ppc64le
    \ No newline at end of file
    tag: 6.2.6-ppc64le
    raws/values-stolon.yaml
    View file @ 0970b3e0
    ......@@ -7,7 +7,7 @@ expose:
    core: hub.test.wodcloud.com
    notary: notary.test.wodcloud.com
    annotations:
    ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/proxy-body-size: '0'
    externalURL: https://hub.test.wodcloud.com
    ......@@ -19,21 +19,21 @@ persistence:
    filesystem:
    rootdirectory: /data
    #s3:
    # accesskey: AKIAIOSFODNN7EXAMPLE
    # secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
    # region: us-east-1
    # regionendpoint: https://minio.sxwh.local
    # bucket: registry
    # encrypt: false
    # v4auth: true
    # chunksize: '5242880'
    # rootdirectory: /
    # accesskey: AKIAIOSFODNN7EXAMPLE
    # secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
    # region: us-east-1
    # regionendpoint: https://minio.sxwh.local
    # bucket: registry
    # encrypt: false
    # v4auth: true
    # chunksize: '5242880'
    # rootdirectory: /
    imagePullPolicy: IfNotPresent
    logLevel: info
    harborAdminPassword: "spaceIN511"
    secretKey: "IpTIscRIgmerlare"
    harborAdminPassword: 'spaceIN511'
    secretKey: 'IpTIscRIgmerlare'
    portal:
    image:
    ......@@ -59,14 +59,14 @@ registry:
    registry:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/registry
    tag: 2.7.1
    tag: v2.7.1
    resources:
    limits:
    memory: 4Gi
    requests:
    memory: 256Mi
    nodeSelector:
    harbor: enabled
    harbor: enabled
    storageSpec:
    # type: emptyDir , hostPath , volumeClaimTemplate
    type: hostPath
    ......@@ -76,11 +76,11 @@ registry:
    volumeClaimTemplate:
    spec:
    storageClassName: rook-ceph-block
    accessModes: ["ReadWriteOnce"]
    accessModes: ['ReadWriteOnce']
    resources:
    requests:
    storage: 100Gi
    selector: {}
    selector: {}
    controller:
    image:
    ......@@ -95,12 +95,12 @@ chartmuseum:
    tag: v0.9.0-v1.8.2
    replicas: 1
    nodeSelector:
    harbor: enabled
    harbor: enabled
    storageSpec:
    type: hostPath
    emptyDir: {}
    hostPath:
    root: /data
    root: /data
    clair:
    enabled: true
    ......@@ -125,19 +125,19 @@ notary:
    database:
    type: external
    external:
    host: "stolon-proxy.devops"
    port: "5432"
    username: "postgres"
    password: "spaceIN511"
    coreDatabase: "hub_registry"
    clairDatabase: "hub_clair"
    notaryServerDatabase: "hub_notary_server"
    notarySignerDatabase: "hub_notary_signer"
    sslmode: "disable"
    host: 'stolon-proxy.devops'
    port: '5432'
    username: 'postgres'
    password: 'spaceIN511'
    coreDatabase: 'hub_registry'
    clairDatabase: 'hub_clair'
    notaryServerDatabase: 'hub_notary_server'
    notarySignerDatabase: 'hub_notary_signer'
    sslmode: 'disable'
    redis:
    type: internal
    internal:
    image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/redis
    tag: 4.0.14-alpine
    \ No newline at end of file
    tag: 4.0.14-alpine
    raws/values.yaml
    View file @ 0970b3e0
    ......@@ -20,17 +20,17 @@ expose:
    auto:
    # The common name used to generate the certificate, it's necessary
    # when the type isn't "ingress"
    commonName: ""
    commonName: ''
    secret:
    # The name of secret which contains keys named:
    # "tls.crt" - the certificate
    # "tls.key" - the private key
    secretName: ""
    secretName: ''
    # The name of secret which contains keys named:
    # "tls.crt" - the certificate
    # "tls.key" - the private key
    # Only needed when the "expose.type" is "ingress".
    notarySecretName: ""
    notarySecretName: ''
    ingress:
    hosts:
    core: core.harbor.domain
    ......@@ -41,10 +41,10 @@ expose:
    # set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller
    controller: default
    annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/ssl-redirect: 'true'
    ingress.kubernetes.io/proxy-body-size: '0'
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
    clusterIP:
    # The name of ClusterIP service
    name: harbor
    ......@@ -80,7 +80,7 @@ expose:
    # The name of LoadBalancer service
    name: harbor
    # Set the IP if the LoadBalancer supports assigning IP
    IP: ""
    IP: ''
    ports:
    # The service port Harbor listens on when serving with HTTP
    httpPort: 80
    ......@@ -116,65 +116,65 @@ internalTLS:
    # 1) "auto" will generate cert automatically
    # 2) "manual" need provide cert file manually in following value
    # 3) "secret" internal certificates from secret
    certSource: "auto"
    certSource: 'auto'
    # The content of trust ca, only available when `certSource` is "manual"
    trustCa: ""
    trustCa: ''
    # core related cert configuration
    core:
    # secret name for core's tls certs
    secretName: ""
    secretName: ''
    # Content of core's TLS cert file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of core's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # jobservice related cert configuration
    jobservice:
    # secret name for jobservice's tls certs
    secretName: ""
    secretName: ''
    # Content of jobservice's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of jobservice's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # registry related cert configuration
    registry:
    # secret name for registry's tls certs
    secretName: ""
    secretName: ''
    # Content of registry's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of registry's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # portal related cert configuration
    portal:
    # secret name for portal's tls certs
    secretName: ""
    secretName: ''
    # Content of portal's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of portal's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # chartmuseum related cert configuration
    chartmuseum:
    # secret name for chartmuseum's tls certs
    secretName: ""
    secretName: ''
    # Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # clair related cert configuration
    clair:
    # secret name for clair's tls certs
    secretName: ""
    secretName: ''
    # Content of clair's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of clair's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # trivy related cert configuration
    trivy:
    # secret name for trivy's tls certs
    secretName: ""
    secretName: ''
    # Content of trivy's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of trivy's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # The persistence is enabled by default and a default StorageClass
    # is needed in the k8s cluster to provision volumes dynamicly.
    ......@@ -189,51 +189,51 @@ persistence:
    # operation. Leaving it empty will delete PVCs after the chart deleted
    # (this does not apply for PVCs that are created for internal database
    # and redis components, i.e. they are never deleted automatically)
    resourcePolicy: "keep"
    resourcePolicy: 'keep'
    persistentVolumeClaim:
    registry:
    # Use the existing PVC which must be created manually before bound,
    # and specify the "subPath" if the PVC is shared with other components
    existingClaim: ""
    existingClaim: ''
    # Specify the "storageClass" used to provision the volume. Or the default
    # StorageClass will be used(the default).
    # Set it to "-" to disable dynamic provisioning
    storageClass: ""
    subPath: ""
    storageClass: ''
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    chartmuseum:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    existingClaim: ''
    storageClass: ''
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    jobservice:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    existingClaim: ''
    storageClass: ''
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    # If external database is used, the following settings for database will
    # be ignored
    database:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    existingClaim: ''
    storageClass: ''
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    # If external Redis is used, the following settings for Redis will
    # be ignored
    redis:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    existingClaim: ''
    storageClass: ''
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    trivy:
    existingClaim: ""
    storageClass: ""
    subPath: ""
    existingClaim: ''
    storageClass: ''
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    # Define which storage backend is used for registry and chartmuseum to store
    ......@@ -338,15 +338,15 @@ updateStrategy:
    logLevel: info
    # The initial password of Harbor admin. Change it from portal after launching Harbor
    harborAdminPassword: "Harbor12345"
    harborAdminPassword: 'Harbor12345'
    # The name of the secret which contains key named "ca.crt". Setting this enables the
    # download link on portal to download the certificate of CA when the certificate isn't
    # generated automatically
    caSecretName: ""
    caSecretName: ''
    # The secret key used for encryption. Must be a string of 16 chars.
    secretKey: "not-a-secure-key"
    secretKey: 'not-a-secure-key'
    # The proxy settings for updating clair vulnerabilities from the Internet and replicating
    # artifacts from/to the registries that cannot be reached directly
    ......@@ -375,9 +375,9 @@ proxy:
    nginx:
    image:
    repository: goharbor/nginx-photon
    tag: v2.1.3
    tag: v2.1.6
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    replicas: 1
    # resources:
    # requests:
    ......@@ -392,9 +392,9 @@ nginx:
    portal:
    image:
    repository: goharbor/harbor-portal
    tag: v2.1.3
    tag: v2.1.6
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    replicas: 1
    # resources:
    # requests:
    ......@@ -409,9 +409,9 @@ portal:
    core:
    image:
    repository: goharbor/harbor-core
    tag: v2.1.3
    tag: v2.1.6
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    replicas: 1
    ## Startup probe values
    startupProbe:
    ......@@ -429,24 +429,24 @@ core:
    # Secret is used when core server communicates with other components.
    # If a secret key is not specified, Helm will generate one.
    # Must be a string of 16 chars.
    secret: ""
    secret: ''
    # Fill the name of a kubernetes secret if you want to use your own
    # TLS certificate and private key for token encryption/decryption.
    # The secret must contain keys named:
    # "tls.crt" - the certificate
    # "tls.key" - the private key
    # The default key pair will be used if it isn't set
    secretName: ""
    secretName: ''
    # The XSRF key. Will be generated automatically if it isn't specified
    xsrfKey: ""
    xsrfKey: ''
    jobservice:
    image:
    repository: goharbor/harbor-jobservice
    tag: v2.1.3
    tag: v2.1.6
    replicas: 1
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    maxJobWorkers: 10
    # The logger for jobs: "file", "database" or "stdout"
    jobLogger: file
    ......@@ -462,15 +462,15 @@ jobservice:
    # Secret is used when job service communicates with other components.
    # If a secret key is not specified, Helm will generate one.
    # Must be a string of 16 chars.
    secret: ""
    secret: ''
    registry:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    registry:
    image:
    repository: goharbor/registry-photon
    tag: v2.1.3
    tag: v2.1.6
    # resources:
    # requests:
    # memory: 256Mi
    ......@@ -478,7 +478,7 @@ registry:
    controller:
    image:
    repository: goharbor/harbor-registryctl
    tag: v2.1.3
    tag: v2.1.6
    # resources:
    # requests:
    ......@@ -495,15 +495,15 @@ registry:
    # See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http
    # If a secret key is not specified, Helm will generate one.
    # Must be a string of 16 chars.
    secret: ""
    secret: ''
    # If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL.
    relativeurls: false
    credentials:
    username: "harbor_registry_user"
    password: "harbor_registry_password"
    username: 'harbor_registry_user'
    password: 'harbor_registry_password'
    # If you update the username or password of registry, make sure use cli tool htpasswd to generate the bcrypt hash
    # e.g. "htpasswd -nbBC10 $username $password"
    htpasswd: "harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m"
    htpasswd: 'harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m'
    middleware:
    enabled: false
    ......@@ -515,17 +515,17 @@ registry:
    ipfilteredby: none
    # The secret key that should be present is CLOUDFRONT_KEY_DATA, which should be the encoded private key
    # that allows access to CloudFront
    privateKeySecret: "my-secret"
    privateKeySecret: 'my-secret'
    chartmuseum:
    enabled: true
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    # Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true'
    absoluteUrl: false
    image:
    repository: goharbor/chartmuseum-photon
    tag: v2.1.3
    tag: v2.1.6
    replicas: 1
    # resources:
    # requests:
    ......@@ -540,19 +540,19 @@ chartmuseum:
    clair:
    enabled: true
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    clair:
    image:
    repository: goharbor/clair-photon
    tag: v2.1.3
    tag: v2.1.6
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    adapter:
    image:
    repository: goharbor/clair-adapter-photon
    tag: v2.1.3
    repository: goharbor/harbor-scanner-clair-photon
    tag: v2.1.6
    # resources:
    # requests:
    # memory: 256Mi
    ......@@ -574,17 +574,17 @@ trivy:
    # repository the repository for Trivy adapter image
    repository: goharbor/trivy-adapter-photon
    # tag the tag for Trivy adapter image
    tag: v2.1.3
    tag: v2.1.6
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    # replicas the number of Pod replicas
    replicas: 1
    # debugMode the flag to enable Trivy debug mode with more verbose scanning log
    debugMode: false
    # vulnType a comma-separated list of vulnerability types. Possible values are `os` and `library`.
    vulnType: "os,library"
    vulnType: 'os,library'
    # severity a comma-separated list of severities to be checked
    severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
    severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
    # ignoreUnfixed the flag to display only fixed vulnerabilities
    ignoreUnfixed: false
    # insecure the flag to skip verifying registry certificate
    ......@@ -604,7 +604,7 @@ trivy:
    #
    # You can create a GitHub token by following the instructions in
    # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
    gitHubToken: ""
    gitHubToken: ''
    # skipUpdate the flag to disable Trivy DB downloads from GitHub
    #
    # You might want to set the value of this flag to `true` in test or CI/CD environments to avoid GitHub rate limiting issues.
    ......@@ -628,10 +628,10 @@ notary:
    enabled: true
    server:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    image:
    repository: goharbor/notary-server-photon
    tag: v2.1.3
    tag: v2.1.6
    replicas: 1
    # resources:
    # requests:
    ......@@ -639,10 +639,10 @@ notary:
    # cpu: 100m
    signer:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    image:
    repository: goharbor/notary-signer-photon
    tag: v2.1.3
    tag: v2.1.6
    replicas: 1
    # resources:
    # requests:
    ......@@ -659,7 +659,7 @@ notary:
    # The secret must contain keys named ca.crt, tls.crt and tls.key that
    # contain the CA, certificate and private key.
    # They will be generated if not set.
    secretName: ""
    secretName: ''
    database:
    # if external database is used, set "type" to "external"
    ......@@ -667,12 +667,12 @@ database:
    type: internal
    internal:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    image:
    repository: goharbor/harbor-db
    tag: v2.1.3
    tag: v2.1.6
    # The initial superuser password for internal database
    password: "changeit"
    password: 'changeit'
    # resources:
    # requests:
    # memory: 256Mi
    ......@@ -681,14 +681,14 @@ database:
    tolerations: []
    affinity: {}
    external:
    host: "192.168.0.1"
    port: "5432"
    username: "user"
    password: "password"
    coreDatabase: "registry"
    clairDatabase: "clair"
    notaryServerDatabase: "notary_server"
    notarySignerDatabase: "notary_signer"
    host: '192.168.0.1'
    port: '5432'
    username: 'user'
    password: 'password'
    coreDatabase: 'registry'
    clairDatabase: 'clair'
    notaryServerDatabase: 'notary_server'
    notarySignerDatabase: 'notary_signer'
    # "disable" - No SSL
    # "require" - Always SSL (skip verification)
    # "verify-ca" - Always SSL (verify that the certificate presented by the
    ......@@ -696,7 +696,7 @@ database:
    # "verify-full" - Always SSL (verify that the certification presented by the
    # server was signed by a trusted CA and the server host name matches the one
    # in the certificate)
    sslmode: "disable"
    sslmode: 'disable'
    # The maximum number of connections in the idle connection pool.
    # If it <=0, no idle connections are retained.
    maxIdleConns: 50
    ......@@ -713,10 +713,10 @@ redis:
    type: internal
    internal:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    image:
    repository: goharbor/redis-photon
    tag: v2.1.3
    tag: v2.1.6
    # resources:
    # requests:
    # memory: 256Mi
    ......@@ -728,20 +728,20 @@ redis:
    # support redis, redis+sentinel
    # addr for redis: <host_redis>:<port_redis>
    # addr for redis+sentinel: <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
    addr: "192.168.0.2:6379"
    addr: '192.168.0.2:6379'
    # The name of the set of Redis instances to monitor, it must be set to support redis+sentinel
    sentinelMasterSet: ""
    sentinelMasterSet: ''
    # The "coreDatabaseIndex" must be "0" as the library Harbor
    # used doesn't support configuring it
    coreDatabaseIndex: "0"
    jobserviceDatabaseIndex: "1"
    registryDatabaseIndex: "2"
    chartmuseumDatabaseIndex: "3"
    clairAdapterIndex: "4"
    trivyAdapterIndex: "5"
    password: ""
    coreDatabaseIndex: '0'
    jobserviceDatabaseIndex: '1'
    registryDatabaseIndex: '2'
    chartmuseumDatabaseIndex: '3'
    clairAdapterIndex: '4'
    trivyAdapterIndex: '5'
    password: ''
    ## Additional deployment annotations
    podAnnotations: {}
    commonLabels:
    app.bd-apaas.com/cluster-component: registry
    \ No newline at end of file
    app.bd-apaas.com/cluster-component: registry
    values.yaml
    View file @ 0970b3e0
    ......@@ -20,17 +20,17 @@ expose:
    auto:
    # The common name used to generate the certificate, it's necessary
    # when the type isn't "ingress"
    commonName: ""
    commonName: ''
    secret:
    # The name of secret which contains keys named:
    # "tls.crt" - the certificate
    # "tls.key" - the private key
    secretName: ""
    secretName: ''
    # The name of secret which contains keys named:
    # "tls.crt" - the certificate
    # "tls.key" - the private key
    # Only needed when the "expose.type" is "ingress".
    notarySecretName: ""
    notarySecretName: ''
    ingress:
    hosts:
    core: hub
    ......@@ -41,10 +41,10 @@ expose:
    # set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller
    controller: default
    annotations:
    ingress.kubernetes.io/ssl-redirect: "true"
    ingress.kubernetes.io/proxy-body-size: "0"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/ssl-redirect: 'true'
    ingress.kubernetes.io/proxy-body-size: '0'
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
    nginx.ingress.kubernetes.io/proxy-body-size: '0'
    clusterIP:
    # The name of ClusterIP service
    name: harbor
    ......@@ -80,7 +80,7 @@ expose:
    # The name of LoadBalancer service
    name: harbor
    # Set the IP if the LoadBalancer supports assigning IP
    IP: ""
    IP: ''
    ports:
    # The service port Harbor listens on when serving with HTTP
    httpPort: 80
    ......@@ -116,65 +116,65 @@ internalTLS:
    # 1) "auto" will generate cert automatically
    # 2) "manual" need provide cert file manually in following value
    # 3) "secret" internal certificates from secret
    certSource: "auto"
    certSource: 'auto'
    # The content of trust ca, only available when `certSource` is "manual"
    trustCa: ""
    trustCa: ''
    # core related cert configuration
    core:
    # secret name for core's tls certs
    secretName: ""
    secretName: ''
    # Content of core's TLS cert file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of core's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # jobservice related cert configuration
    jobservice:
    # secret name for jobservice's tls certs
    secretName: ""
    secretName: ''
    # Content of jobservice's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of jobservice's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # registry related cert configuration
    registry:
    # secret name for registry's tls certs
    secretName: ""
    secretName: ''
    # Content of registry's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of registry's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # portal related cert configuration
    portal:
    # secret name for portal's tls certs
    secretName: ""
    secretName: ''
    # Content of portal's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of portal's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # chartmuseum related cert configuration
    chartmuseum:
    # secret name for chartmuseum's tls certs
    secretName: ""
    secretName: ''
    # Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # clair related cert configuration
    clair:
    # secret name for clair's tls certs
    secretName: ""
    secretName: ''
    # Content of clair's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of clair's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # trivy related cert configuration
    trivy:
    # secret name for trivy's tls certs
    secretName: ""
    secretName: ''
    # Content of trivy's TLS key file, only available when `certSource` is "manual"
    crt: ""
    crt: ''
    # Content of trivy's TLS key file, only available when `certSource` is "manual"
    key: ""
    key: ''
    # The persistence is enabled by default and a default StorageClass
    # is needed in the k8s cluster to provision volumes dynamicly.
    ......@@ -189,51 +189,51 @@ persistence:
    # operation. Leaving it empty will delete PVCs after the chart deleted
    # (this does not apply for PVCs that are created for internal database
    # and redis components, i.e. they are never deleted automatically)
    resourcePolicy: "keep"
    resourcePolicy: 'keep'
    persistentVolumeClaim:
    registry:
    # Use the existing PVC which must be created manually before bound,
    # and specify the "subPath" if the PVC is shared with other components
    existingClaim: ""
    existingClaim: ''
    # Specify the "storageClass" used to provision the volume. Or the default
    # StorageClass will be used(the default).
    # Set it to "-" to disable dynamic provisioning
    storageClass: "hostpath"
    subPath: ""
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    chartmuseum:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    jobservice:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    # If external database is used, the following settings for database will
    # be ignored
    database:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 10Gi
    # If external Redis is used, the following settings for Redis will
    # be ignored
    redis:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 1Gi
    trivy:
    existingClaim: ""
    storageClass: "hostpath"
    subPath: ""
    existingClaim: ''
    storageClass: 'hostpath'
    subPath: ''
    accessMode: ReadWriteOnce
    size: 5Gi
    # Define which storage backend is used for registry and chartmuseum to store
    ......@@ -338,15 +338,15 @@ updateStrategy:
    logLevel: info
    # The initial password of Harbor admin. Change it from portal after launching Harbor
    harborAdminPassword: "spaceIN511"
    harborAdminPassword: 'spaceIN511'
    # The name of the secret which contains key named "ca.crt". Setting this enables the
    # download link on portal to download the certificate of CA when the certificate isn't
    # generated automatically
    caSecretName: ""
    caSecretName: ''
    # The secret key used for encryption. Must be a string of 16 chars.
    secretKey: "IpTIscRIgmerlare"
    secretKey: 'IpTIscRIgmerlare'
    # The proxy settings for updating clair vulnerabilities from the Internet and replicating
    # artifacts from/to the registries that cannot be reached directly
    ......@@ -375,9 +375,9 @@ proxy:
    nginx:
    image:
    repository: nginx
    tag: v2.1.3
    tag: v2.1.6
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    replicas: 1
    # resources:
    # requests:
    ......@@ -392,9 +392,9 @@ nginx:
    portal:
    image:
    repository: harbor-portal
    tag: v2.1.3
    tag: v2.1.6
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    replicas: 1
    # resources:
    # requests:
    ......@@ -409,9 +409,9 @@ portal:
    core:
    image:
    repository: harbor-core
    tag: v2.1.3
    tag: v2.1.6
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    replicas: 1
    ## Startup probe values
    startupProbe:
    ......@@ -429,24 +429,24 @@ core:
    # Secret is used when core server communicates with other components.
    # If a secret key is not specified, Helm will generate one.
    # Must be a string of 16 chars.
    secret: ""
    secret: ''
    # Fill the name of a kubernetes secret if you want to use your own
    # TLS certificate and private key for token encryption/decryption.
    # The secret must contain keys named:
    # "tls.crt" - the certificate
    # "tls.key" - the private key
    # The default key pair will be used if it isn't set
    secretName: ""
    secretName: ''
    # The XSRF key. Will be generated automatically if it isn't specified
    xsrfKey: ""
    xsrfKey: ''
    jobservice:
    image:
    repository: harbor-jobservice
    tag: v2.1.3
    tag: v2.1.6
    replicas: 1
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    maxJobWorkers: 10
    # The logger for jobs: "file", "database" or "stdout"
    jobLogger: file
    ......@@ -462,15 +462,15 @@ jobservice:
    # Secret is used when job service communicates with other components.
    # If a secret key is not specified, Helm will generate one.
    # Must be a string of 16 chars.
    secret: ""
    secret: ''
    registry:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    registry:
    image:
    repository: registry
    tag: 2.7.1
    tag: v2.7.1
    resources:
    limits:
    memory: 4Gi
    ......@@ -479,7 +479,7 @@ registry:
    controller:
    image:
    repository: harbor-registryctl
    tag: v2.1.3
    tag: v2.1.6
    # resources:
    # requests:
    ......@@ -496,15 +496,15 @@ registry:
    # See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http
    # If a secret key is not specified, Helm will generate one.
    # Must be a string of 16 chars.
    secret: ""
    secret: ''
    # If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL.
    relativeurls: false
    credentials:
    username: "harbor_registry_user"
    password: "harbor_registry_password"
    username: 'harbor_registry_user'
    password: 'harbor_registry_password'
    # If you update the username or password of registry, make sure use cli tool htpasswd to generate the bcrypt hash
    # e.g. "htpasswd -nbBC10 $username $password"
    htpasswd: "harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m"
    htpasswd: 'harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m'
    middleware:
    enabled: false
    ......@@ -516,22 +516,22 @@ registry:
    ipfilteredby: none
    # The secret key that should be present is CLOUDFRONT_KEY_DATA, which should be the encoded private key
    # that allows access to CloudFront
    privateKeySecret: "my-secret"
    privateKeySecret: 'my-secret'
    chartmuseum:
    enabled: true
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    # Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true'
    absoluteUrl: false
    image:
    repository: harbor-chartmuseum
    tag: v2.1.3
    repository: chartmuseum
    tag: v0.12.0
    storageSpec:
    type: hostPath
    emptyDir: {}
    hostPath:
    root: /data
    root: /data
    replicas: 1
    # resources:
    # requests:
    ......@@ -546,19 +546,19 @@ chartmuseum:
    clair:
    enabled: true
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    clair:
    image:
    repository: harbor-clair
    tag: v2.1.3
    repository: clair
    tag: v2.1.7
    # resources:
    # requests:
    # memory: 256Mi
    # cpu: 100m
    adapter:
    image:
    repository: harbor-clair-adapter
    tag: v2.1.3
    repository: harbor-scanner-clair
    tag: v1.1.1
    # resources:
    # requests:
    # memory: 256Mi
    ......@@ -578,19 +578,19 @@ trivy:
    enabled: true
    image:
    # repository the repository for Trivy adapter image
    repository: harbor-trivy-adapter
    repository: harbor-scanner-trivy
    # tag the tag for Trivy adapter image
    tag: v2.1.3
    tag: v0.17.0
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    # replicas the number of Pod replicas
    replicas: 1
    # debugMode the flag to enable Trivy debug mode with more verbose scanning log
    debugMode: false
    # vulnType a comma-separated list of vulnerability types. Possible values are `os` and `library`.
    vulnType: "os,library"
    vulnType: 'os,library'
    # severity a comma-separated list of severities to be checked
    severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
    severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
    # ignoreUnfixed the flag to display only fixed vulnerabilities
    ignoreUnfixed: false
    # insecure the flag to skip verifying registry certificate
    ......@@ -610,7 +610,7 @@ trivy:
    #
    # You can create a GitHub token by following the instructions in
    # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
    gitHubToken: ""
    gitHubToken: ''
    # skipUpdate the flag to disable Trivy DB downloads from GitHub
    #
    # You might want to set the value of this flag to `true` in test or CI/CD environments to avoid GitHub rate limiting issues.
    ......@@ -634,10 +634,10 @@ notary:
    enabled: true
    server:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    image:
    repository: harbor-notary-server
    tag: v2.1.3
    repository: notary-server
    tag: v0.6.1
    replicas: 1
    # resources:
    # requests:
    ......@@ -645,10 +645,10 @@ notary:
    # cpu: 100m
    signer:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    image:
    repository: harbor-notary-signer
    tag: v2.1.3
    repository: notary-signer
    tag: v0.6.1
    replicas: 1
    # resources:
    # requests:
    ......@@ -665,7 +665,7 @@ notary:
    # The secret must contain keys named ca.crt, tls.crt and tls.key that
    # contain the CA, certificate and private key.
    # They will be generated if not set.
    secretName: ""
    secretName: ''
    database:
    # if external database is used, set "type" to "external"
    ......@@ -673,12 +673,12 @@ database:
    type: internal
    internal:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    image:
    repository: harbor-db
    tag: v2.1.3
    tag: v2.1.6
    # The initial superuser password for internal database
    password: "spaceIN511"
    password: 'spaceIN511'
    resources:
    limits:
    memory: 4Gi
    ......@@ -688,14 +688,14 @@ database:
    tolerations: []
    affinity: {}
    external:
    host: "192.168.0.1"
    port: "5432"
    username: "user"
    password: "password"
    coreDatabase: "registry"
    clairDatabase: "clair"
    notaryServerDatabase: "notary_server"
    notarySignerDatabase: "notary_signer"
    host: '192.168.0.1'
    port: '5432'
    username: 'user'
    password: 'password'
    coreDatabase: 'registry'
    clairDatabase: 'clair'
    notaryServerDatabase: 'notary_server'
    notarySignerDatabase: 'notary_signer'
    # "disable" - No SSL
    # "require" - Always SSL (skip verification)
    # "verify-ca" - Always SSL (verify that the certificate presented by the
    ......@@ -703,7 +703,7 @@ database:
    # "verify-full" - Always SSL (verify that the certification presented by the
    # server was signed by a trusted CA and the server host name matches the one
    # in the certificate)
    sslmode: "disable"
    sslmode: 'disable'
    # The maximum number of connections in the idle connection pool.
    # If it <=0, no idle connections are retained.
    maxIdleConns: 50
    ......@@ -720,10 +720,10 @@ redis:
    type: internal
    internal:
    # set the service account to be used, default if left empty
    serviceAccountName: ""
    serviceAccountName: ''
    image:
    repository: redis
    tag: 6.0.9
    tag: 6.2.6
    # resources:
    # requests:
    # memory: 256Mi
    ......@@ -735,20 +735,20 @@ redis:
    # support redis, redis+sentinel
    # addr for redis: <host_redis>:<port_redis>
    # addr for redis+sentinel: <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
    addr: "192.168.0.2:6379"
    addr: '192.168.0.2:6379'
    # The name of the set of Redis instances to monitor, it must be set to support redis+sentinel
    sentinelMasterSet: ""
    sentinelMasterSet: ''
    # The "coreDatabaseIndex" must be "0" as the library Harbor
    # used doesn't support configuring it
    coreDatabaseIndex: "0"
    jobserviceDatabaseIndex: "1"
    registryDatabaseIndex: "2"
    chartmuseumDatabaseIndex: "3"
    clairAdapterIndex: "4"
    trivyAdapterIndex: "5"
    password: ""
    coreDatabaseIndex: '0'
    jobserviceDatabaseIndex: '1'
    registryDatabaseIndex: '2'
    chartmuseumDatabaseIndex: '3'
    clairAdapterIndex: '4'
    trivyAdapterIndex: '5'
    password: ''
    ## Additional deployment annotations
    podAnnotations: {}
    commonLabels:
    app.bd-apaas.com/cluster-component: registry
    \ No newline at end of file
    app.bd-apaas.com/cluster-component: registry
    Markdown is supported
    0% or
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment