Skip to content

H
harbor
Commit 3c915241 authored by 吕永新's avatar 吕永新
Browse files
Options

update

parent 75fc385a
Show whitespace changes
Inline Side-by-side
Showing with 377 additions and 276 deletions
.github/workflows/integration.yaml deleted 100644 → 0
View file @ 75fc385a
name: Integration test
on:
pull_request:
push:
jobs:
integration-test:
runs-on: ubuntu-latest
strategy:
matrix:
k8s_version: [v1.18.2, v1.17.5, v1.16.9]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Docker
uses: docker-practice/actions-setup-docker@0.0.1
with:
docker_version: 18.09
docker_channel: stable
docker_daemon_json: '{"insecure-registries":["0.0.0.0/0"]}'
- name: Create kind cluster
uses: helm/kind-action@v1.0.0-rc.1
with:
version: v0.8.1
node_image: kindest/node:${{ matrix.k8s_version }}
cluster_name: kind-cluster-${{ matrix.k8s_version }}
config: test/integration/kind-cluster.yaml
- name: Install Nginx ingress controller
run: |
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/ingress-nginx-2.3.0/deploy/static/provider/kind/deploy.yaml
kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=120s
- name: Set up Go 1.13
uses: actions/setup-go@v2
with:
go-version: 1.13
- name: Cache go mod
uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Set /etc/hosts
run: |
sudo -- sh -c "echo '127.0.0.1 harbor.local' >> /etc/hosts"
sudo -- sh -c "echo '127.0.0.1 notary.harbor.local' >> /etc/hosts"
- name: Run integration tests
working-directory: ./test
run:
go test -v -timeout 30m github.com/goharbor/harbor-helm/integration
\ No newline at end of file
.github/workflows/lint.yaml deleted 100644 → 0
View file @ 75fc385a
name: Lint
on:
pull_request:
push:
jobs:
lint:
runs-on: ubuntu-latest
strategy:
matrix:
helm_version: [3.2.3, 2.16.8]
steps:
- name: Checkout
uses: actions/checkout@v2
with:
path: harbor
- name: Set up Helm
uses: azure/setup-helm@v1
with:
version: '${{ matrix.helm_version }}'
- name: Helm version
run:
helm version -c
- name: Run lint
working-directory: ./harbor
run:
helm lint .
- name: Update dependency
working-directory: ./harbor
run:
helm dependency update .
- name: Run template for ingress expose
working-directory: ./harbor
run:
helm template --set "expose.type=ingress" --output-dir $(mktemp -d -t output-XXXXXXXXXX) .
- name: Run template for nodePort expose
working-directory: ./harbor
run:
helm template --set "expose.type=nodePort,expose.tls.auto.commonName=127.0.0.1" --output-dir $(mktemp -d -t output-XXXXXXXXXX) .
\ No newline at end of file
.github/workflows/unittest.yaml deleted 100644 → 0
View file @ 75fc385a
name: Unit test
on:
pull_request:
push:
jobs:
unit-test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up Helm 3.2.3
uses: azure/setup-helm@v1
with:
version: '3.2.3'
- name: Set up Go 1.13
uses: actions/setup-go@v2
with:
go-version: 1.13
- name: Cache go mod
uses: actions/cache@v2
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Run unit tests
working-directory: ./test
run:
go test -v github.com/goharbor/harbor-helm/unittest
templates/chartmuseum/chartmuseum-dpl.yaml
View file @ 3c915241
......@@ -103,8 +103,6 @@ spec:
volumeMounts:
- name: chartmuseum-data
mountPath: /chart_storage
- name: etc-localtime
mountPath: /etc/localtime
subPath: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.subPath }}
{{- if .Values.internalTLS.enabled }}
- name: chart-internal-certs
......@@ -124,15 +122,11 @@ spec:
{{ include "harbor.caBundleVolumeMount" . | indent 8 }}
{{- end }}
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
{{- if eq .Values.chartmuseum.storageSpec.type "hostPath" }}
- name: chartmuseum-data
hostPath:
path: {{.Values.chartmuseum.storageSpec.hostPath.root | default "/data" }}/{{ .Release.Namespace }}/{{ .Release.Name }}/chartmuseum
{{- else if eq .Values.chartmuseum.storageSpec.type "emptyDir" }}
- name: chartmuseum-data
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.persistentVolumeClaim.chartmuseum.existingClaim | default (include "harbor.chartmuseum" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.internalTLS.enabled }}
......
templates/chartmuseum/chartmuseum-pvc.yaml 0 → 100644
View file @ 3c915241
{{- if .Values.chartmuseum.enabled }}
{{- $persistence := .Values.persistence -}}
{{- if $persistence.enabled }}
{{- $chartmuseum := $persistence.persistentVolumeClaim.chartmuseum -}}
{{- if and (not $chartmuseum.existingClaim) (eq $persistence.imageChartStorage.type "filesystem") }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "harbor.chartmuseum" . }}
{{- if eq $persistence.resourcePolicy "keep" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: chartmuseum
spec:
accessModes:
- {{ $chartmuseum.accessMode }}
resources:
requests:
storage: {{ $chartmuseum.size }}
{{- if $chartmuseum.storageClass }}
{{- if eq "-" $chartmuseum.storageClass }}
storageClassName: ""
{{- else }}
storageClassName: {{ $chartmuseum.storageClass }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/chartmuseum/chartmuseum-tls.yaml 0 → 100644
View file @ 3c915241
{{- if and .Values.chartmuseum.enabled .Values.internalTLS.enabled }}
{{- if eq .Values.internalTLS.certSource "manual" }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.chartmuseum.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
tls.ca: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
tls.crt: {{ (required "The \"internalTLS.chartmuseum.crt\" is required!" .Values.internalTLS.chartmuseum.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.chartmuseum.key\" is required!" .Values.internalTLS.chartmuseum.key) | b64enc | quote }}
{{- end }}
{{- end }}
templates/clair/clair-dpl.yaml
View file @ 3c915241
......@@ -139,12 +139,7 @@ spec:
{{ include "harbor.caBundleVolumeMount" . | indent 8 }}
{{- end }}
{{- end }}
- name: etc-localtime
mountPath: /etc/localtime
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: config
secret:
secretName: "{{ template "harbor.clair" . }}"
......
templates/clair/clair-tls.yaml 0 → 100644
View file @ 3c915241
{{- if and .Values.clair.enabled .Values.internalTLS.enabled }}
{{- if eq .Values.internalTLS.certSource "manual" }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.clair.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
tls.crt: {{ (required "The \"internalTLS.clair.crt\" is required!" .Values.internalTLS.clair.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.clair.key\" is required!" .Values.internalTLS.clair.key) | b64enc | quote }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/core/core-dpl.yaml
View file @ 3c915241
......@@ -93,8 +93,6 @@ spec:
ports:
- containerPort: {{ template "harbor.core.containerPort" . }}
volumeMounts:
- name: etc-localtime
mountPath: /etc/localtime
- name: config
mountPath: /etc/core/app.conf
subPath: app.conf
......@@ -127,9 +125,6 @@ spec:
{{ toYaml .Values.core.resources | indent 10 }}
{{- end }}
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: config
configMap:
name: {{ template "harbor.core" . }}
......
templates/core/core-tls.yaml 0 → 100644
View file @ 3c915241
{{- if and .Values.internalTLS.enabled }}
{{- if eq .Values.internalTLS.certSource "manual" }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.core.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
tls.crt: {{ (required "The \"internalTLS.core.crt\" is required!" .Values.internalTLS.core.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.core.key\" is required!" .Values.internalTLS.core.key) | b64enc | quote }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/database/database-ss.yaml
View file @ 3c915241
......@@ -76,24 +76,19 @@ spec:
- secretRef:
name: "{{ template "harbor.database" . }}"
volumeMounts:
- name: etc-localtime
mountPath: /etc/localtime
- name: database-data
mountPath: /var/lib/postgresql/data
subPath: {{ $database.subPath }}
{{- if not .Values.persistence.enabled }}
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
{{- if eq .Values.database.internal.storageSpec.type "hostPath" }}
- name: "database-data"
hostPath:
path: {{.Values.database.internal.storageSpec.hostPath.root | default "/data" }}/{{ .Release.Namespace }}/{{ .Release.Name }}/database
{{- else if eq .Values.database.internal.storageSpec.type "emptyDir" }}
- name: "database-data"
emptyDir: {}
{{- end }}
{{- else if $database.existingClaim }}
volumes:
- name: "database-data"
persistentVolumeClaim:
claimName: {{ $database.existingClaim }}
{{- end -}}
{{- with .Values.database.internal.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
......@@ -106,14 +101,23 @@ spec:
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
{{- if eq .Values.database.internal.storageSpec.type "volumeClaimTemplate" }}
{{- if and .Values.persistence.enabled (not $database.existingClaim) }}
volumeClaimTemplates:
- metadata:
name: "database-data"
labels:
{{ include "harbor.labels" . | indent 8 }}
app: database
spec:
{{ toYaml $.Values.database.internal.storageSpec.volumeClaimTemplate.spec | indent 6 }}
accessModes: [{{ $database.accessMode | quote }}]
{{- if $database.storageClass }}
{{- if (eq "-" $database.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ $database.storageClass }}"
{{- end }}
{{- end }}
resources:
requests:
storage: {{ $database.size | quote }}
{{- end -}}
{{- end -}}
templates/jobservice/jobservice-dpl.yaml
View file @ 3c915241
......@@ -95,6 +95,7 @@ spec:
subPath: config.yml
- name: job-logs
mountPath: /var/log/jobs
subPath: {{ .Values.persistence.persistentVolumeClaim.jobservice.subPath }}
{{- if .Values.internalTLS.enabled }}
- name: jobservice-internal-certs
mountPath: /etc/harbor/ssl/jobservice
......@@ -102,17 +103,17 @@ spec:
{{- if .Values.caBundleSecretName }}
{{ include "harbor.caBundleVolumeMount" . | indent 8 }}
{{- end }}
- name: etc-localtime
mountPath: /etc/localtime
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: jobservice-config
configMap:
name: "{{ template "harbor.jobservice" . }}"
- name: job-logs
{{- if and .Values.persistence.enabled (eq .Values.jobservice.jobLogger "file") }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.persistentVolumeClaim.jobservice.existingClaim | default (include "harbor.jobservice" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: jobservice-internal-certs
secret:
......
templates/jobservice/jobservice-pvc.yaml 0 → 100644
View file @ 3c915241
{{- $jobservice := .Values.persistence.persistentVolumeClaim.jobservice -}}
{{- if and .Values.persistence.enabled (not $jobservice.existingClaim) }}
{{- if eq .Values.jobservice.jobLogger "file" }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "harbor.jobservice" . }}
{{- if eq .Values.persistence.resourcePolicy "keep" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: jobservice
spec:
accessModes:
- {{ $jobservice.accessMode }}
resources:
requests:
storage: {{ $jobservice.size }}
{{- if $jobservice.storageClass }}
{{- if eq "-" $jobservice.storageClass }}
storageClassName: ""
{{- else }}
storageClassName: {{ $jobservice.storageClass }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/jobservice/jobservice-tls.yaml 0 → 100644
View file @ 3c915241
{{- if and .Values.internalTLS.enabled }}
{{- if eq .Values.internalTLS.certSource "manual" }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.jobservice.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
tls.crt: {{ (required "The \"internalTLS.jobservice.crt\" is required!" .Values.internalTLS.jobservice.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.jobservice.key\" is required!" .Values.internalTLS.jobservice.key) | b64enc | quote }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/notary/notary-server.yaml
View file @ 3c915241
......@@ -56,12 +56,7 @@ spec:
- name: signer-certificate
mountPath: /etc/ssl/notary/ca.crt
subPath: ca.crt
- name: etc-localtime
mountPath: /etc/localtime
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: config
secret:
secretName: "{{ template "harbor.notary-server" . }}"
......
templates/notary/notary-signer.yaml
View file @ 3c915241
......@@ -54,12 +54,7 @@ spec:
- name: signer-certificate
mountPath: /etc/ssl/notary/tls.key
subPath: tls.key
- name: etc-localtime
mountPath: /etc/localtime
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: config
secret:
secretName: "{{ template "harbor.notary-server" . }}"
......
templates/portal/deployment.yaml
View file @ 3c915241
......@@ -65,12 +65,7 @@ spec:
- name: portal-internal-certs
mountPath: /etc/harbor/ssl/portal
{{- end }}
- name: etc-localtime
mountPath: /etc/localtime
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: portal-config
configMap:
name: "{{ template "harbor.portal" . }}"
......
templates/portal/tls.yaml 0 → 100644
View file @ 3c915241
{{- if and .Values.internalTLS.enabled }}
{{- if eq .Values.internalTLS.certSource "manual" }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.portal.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
tls.crt: {{ (required "The \"internalTLS.portal.crt\" is required!" .Values.internalTLS.portal.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.portal.key\" is required!" .Values.internalTLS.portal.key) | b64enc | quote }}
{{- end }}
{{- end }}
templates/redis/statefulset.yaml
View file @ 3c915241
......@@ -52,16 +52,11 @@ spec:
{{ toYaml .Values.redis.internal.resources | indent 10 }}
{{- end }}
volumeMounts:
- name: etc-localtime
mountPath: /etc/localtime
- name: data
mountPath: /var/lib/redis
subPath: {{ $redis.subPath }}
{{- if not .Values.persistence.enabled }}
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: data
emptyDir: {}
{{- else if $redis.existingClaim }}
......
templates/registry/registry-dpl.yaml
View file @ 3c915241
......@@ -129,8 +129,6 @@ spec:
{{- if .Values.caBundleSecretName }}
{{ include "harbor.caBundleVolumeMount" . | indent 8 }}
{{- end }}
- name: etc-localtime
mountPath: /etc/localtime
- name: registryctl
image: {{ .Values.registry.controller.image.repository }}:{{ .Values.registry.controller.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
......@@ -205,12 +203,7 @@ spec:
{{- if .Values.caBundleSecretName }}
{{ include "harbor.caBundleVolumeMount" . | indent 8 }}
{{- end }}
- name: etc-localtime
mountPath: /etc/localtime
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
- name: registry-htpasswd
secret:
secretName: {{ template "harbor.registry" . }}
......@@ -227,23 +220,12 @@ spec:
- name: registry-config
configMap:
name: "{{ template "harbor.registry" . }}"
{{- if eq .Values.registry.storageSpec.type "hostPath" }}
- name: registry-data
hostPath:
path: {{.Values.registry.storageSpec.hostPath.root | default "/data" }}/{{ .Release.Namespace }}/{{ .Release.Name }}/registry
{{- else if eq .Values.registry.storageSpec.type "emptyDir" }}
- name: registry-data
{{- if and .Values.persistence.enabled (eq .Values.persistence.imageChartStorage.type "filesystem") }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.persistentVolumeClaim.registry.existingClaim | default (include "harbor.registry" .) }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if eq .Values.registry.storageSpec.type "volumeClaimTemplate" }}
volumeClaimTemplates:
- metadata:
name: registry-data
labels:
{{ include "harbor.labels" . | indent 8 }}
app: registry
spec:
{{ toYaml $.Values.registry.storageSpec.volumeClaimTemplate.spec | indent 6 }}
{{- end }}
{{- if .Values.internalTLS.enabled }}
- name: registry-internal-certs
......
templates/registry/registry-pvc.yaml 0 → 100644
View file @ 3c915241
{{- if .Values.persistence.enabled }}
{{- $registry := .Values.persistence.persistentVolumeClaim.registry -}}
{{- if and (not $registry.existingClaim) (eq .Values.persistence.imageChartStorage.type "filesystem") }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "harbor.registry" . }}
{{- if eq .Values.persistence.resourcePolicy "keep" }}
annotations:
helm.sh/resource-policy: keep
{{- end }}
labels:
{{ include "harbor.labels" . | indent 4 }}
component: registry
spec:
accessModes:
- {{ $registry.accessMode }}
resources:
requests:
storage: {{ $registry.size }}
{{- if $registry.storageClass }}
{{- if eq "-" $registry.storageClass }}
storageClassName: ""
{{- else }}
storageClassName: {{ $registry.storageClass }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/registry/registry-tls.yaml 0 → 100644
View file @ 3c915241
{{- if and .Values.internalTLS.enabled }}
{{- if eq .Values.internalTLS.certSource "manual" }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.registry.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
tls.crt: {{ (required "The \"internalTLS.registry.crt\" is required!" .Values.internalTLS.registry.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.registry.key\" is required!" .Values.internalTLS.registry.key) | b64enc | quote }}
{{- end }}
{{- end }}
\ No newline at end of file
templates/trivy/trivy-sts.yaml
View file @ 3c915241
......@@ -110,8 +110,6 @@ spec:
- name: api-server
containerPort: {{ template "harbor.trivy.containerPort" . }}
volumeMounts:
- name: etc-localtime
mountPath: /etc/localtime
- name: data
mountPath: /home/scanner/.cache
subPath: {{ .Values.persistence.persistentVolumeClaim.trivy.subPath }}
......@@ -145,9 +143,6 @@ spec:
{{ toYaml .Values.trivy.resources | indent 12 }}
{{- if or (or .Values.internalTLS.enabled .Values.caBundleSecretName) (or (not .Values.persistence.enabled) $trivy.existingClaim) }}
volumes:
- name: etc-localtime
hostPath:
path: /etc/localtime
{{- if .Values.internalTLS.enabled }}
- name: trivy-internal-certs
secret:
......
templates/trivy/trivy-tls.yaml 0 → 100644
View file @ 3c915241
{{- if and .Values.trivy.enabled .Values.internalTLS.enabled }}
{{- if eq .Values.internalTLS.certSource "manual" }}
apiVersion: v1
kind: Secret
metadata:
name: "{{ template "harbor.internalTLS.trivy.secretName" . }}"
labels:
{{ include "harbor.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
ca.crt: {{ (required "The \"internalTLS.trustCa\" is required!" .Values.internalTLS.trustCa) | b64enc | quote }}
tls.crt: {{ (required "The \"internalTLS.trivy.crt\" is required!" .Values.internalTLS.trivy.crt) | b64enc | quote }}
tls.key: {{ (required "The \"internalTLS.trivy.key\" is required!" .Values.internalTLS.trivy.key) | b64enc | quote }}
{{- end }}
{{- end }}
values-overrides.yaml
View file @ 3c915241
......@@ -6,6 +6,10 @@ expose:
hosts:
core: hub.ywtest.wodcloud.com
notary: notary.ywtest.wodcloud.com
# set to the type of ingress controller if it has specific requirements.
# leave as `default` for most ingress controllers.
# set to `gce` if using the GCE ingress controller
# set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller
controller: default
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
......@@ -18,7 +22,8 @@ expose:
httpPort: 80
httpsPort: 443
notaryPort: 4443
annotations: {}
sourceRanges: []
externalURL: https://hub.ywtest.wodcloud.com
internalTLS:
......@@ -26,6 +31,57 @@ internalTLS:
persistence:
enabled: false
# Setting it to "keep" to avoid removing PVCs during a helm delete
# operation. Leaving it empty will delete PVCs after the chart deleted
# (this does not apply for PVCs that are created for internal database
# and redis components, i.e. they are never deleted automatically)
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
# Use the existing PVC which must be created manually before bound,
# and specify the "subPath" if the PVC is shared with other components
existingClaim: ""
# Specify the "storageClass" used to provision the volume. Or the default
# StorageClass will be used(the default).
# Set it to "-" to disable dynamic provisioning
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
chartmuseum:
existingClaim: ""
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
jobservice:
existingClaim: ""
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 1Gi
# If external database is used, the following settings for database will
# be ignored
database:
existingClaim: ""
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 1Gi
# If external Redis is used, the following settings for Redis will
# be ignored
redis:
existingClaim: ""
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 1Gi
trivy:
existingClaim: ""
storageClass: ""
subPath: ""
accessMode: ReadWriteOnce
size: 5Gi
# Define which storage backend is used for registry and chartmuseum to store
imageChartStorage:
disableredirect: false
......@@ -36,6 +92,8 @@ persistence:
imagePullPolicy: IfNotPresent
imagePullSecrets:
updateStrategy:
type: RollingUpdate
logLevel: info
......@@ -43,6 +101,8 @@ logLevel: info
harborAdminPassword: "spaceIN511"
secretKey: "not-a-secure-key"
caSecretName: ""
proxy:
httpProxy:
httpsProxy:
......@@ -53,31 +113,61 @@ proxy:
- clair
- trivy
# If expose the service via "ingress", the Nginx will not be used
nginx:
image:
repository: reg.local:5000/wod/nginx-photon
tag: v2.1.0
serviceAccountName: ""
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
portal:
image:
repository: reg.local:5000/wod/harbor-portal
tag: v2.1.0
serviceAccountName: ""
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
core:
image:
repository: reg.local:5000/wod/harbor-core
tag: v2.1.0
serviceAccountName: ""
replicas: 1
startupProbe:
initialDelaySeconds: 10
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: ""
secretName: ""
xsrfKey: ""
jobservice:
image:
repository: reg.local:5000/wod/harbor-jobservice
tag: v2.1.0
replicas: 1
serviceAccountName: ""
maxJobWorkers: 10
jobLogger: file
nodeSelector:
harbor: enabled
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: ""
registry:
serviceAccountName: ""
registry:
image:
repository: reg.local:5000/wod/registry-photon
......@@ -86,48 +176,47 @@ registry:
image:
repository: reg.local:5000/wod/harbor-registryctl
tag: v2.1.0
replicas: 1
nodeSelector:
harbor: enabled
storageSpec:
# type: emptyDir , hostPath , volumeClaimTemplate
type: hostPath
emptyDir: {}
hostPath:
root: /data
volumeClaimTemplate:
spec:
storageClassName: rook-ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 100Gi
selector: {}
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secret: ""
relativeurls: false
credentials:
username: "harbor_registry_user"
password: "harbor_registry_password"
htpasswd: "harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m"
middleware:
enabled: false
type: cloudFront
cloudFront:
baseurl: example.cloudfront.net
keypairid: KEYPAIRID
duration: 3000s
ipfilteredby: none
# The secret key that should be present is CLOUDFRONT_KEY_DATA, which should be the encoded private key
# that allows access to CloudFront
privateKeySecret: "my-secret"
chartmuseum:
enabled: true
serviceAccountName: ""
absoluteUrl: false
image:
repository: reg.local:5000/wod/chartmuseum-photon
tag: v2.1.0
replicas: 1
nodeSelector:
harbor: enabled
storageSpec:
type: hostPath
emptyDir: {}
hostPath:
root: /data
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
clair:
enabled: true
serviceAccountName: ""
clair:
image:
repository: reg.local:5000/wod/clair-photon
......@@ -138,21 +227,24 @@ clair:
tag: v2.1.0
replicas: 1
updatersInterval: 12
nodeSelector:
harbor: enabled
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
trivy:
enabled: true
image:
repository: reg.local:5000/wod/trivy-adapter-photon
tag: v2.1.0
serviceAccountName: ""
replicas: 1
debugMode: false
vulnType: "os,library"
severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
ignoreUnfixed: false
insecure: false
gitHubToken: ""
skipUpdate: false
resources:
requests:
......@@ -161,22 +253,32 @@ trivy:
limits:
cpu: 1
memory: 1Gi
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
notary:
enabled: true
server:
serviceAccountName: ""
image:
repository: reg.local:5000/wod/notary-server-photon
tag: v2.1.0
replicas: 1
signer:
serviceAccountName: ""
image:
repository: reg.local:5000/wod/notary-signer-photon
tag: v2.1.0
replicas: 1
nodeSelector: {}
tolerations: []
affinity: {}
podAnnotations: {}
secretName: ""
database:
# if external database is used, set "type" to "external" and fill the connection informations in "external" section
type: internal
internal:
serviceAccountName: ""
......@@ -184,28 +286,11 @@ database:
repository: reg.local:5000/wod/harbor-db
tag: v2.1.0
password: "spaceIN511"
resources:
limits:
memory: 4Gi
requests:
memory: 256Mi
nodeSelector:
harbor: enabled
storageSpec:
type: hostPath
emptyDir: {}
hostPath:
root: /data
volumeClaimTemplate:
spec:
storageClassName: rook-ceph-block
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 20Gi
selector: {}
nodeSelector: {}
tolerations: []
affinity: {}
external:
host: "harbor-harbor-database.devops"
host: "harbor-db.devops"
port: "5432"
username: "postgres"
password: "spaceIN511"
......@@ -213,10 +298,24 @@ database:
clairDatabase: "clair"
notaryServerDatabase: "notary_server"
notarySignerDatabase: "notary_signer"
podAnnotations: {}
redis:
type: internal
internal:
serviceAccountName: ""
image:
repository: reg.local:5000/wod/redis-photon
tag: v2.1.0
nodeSelector: {}
tolerations: []
affinity: {}
external:
coreDatabaseIndex: "0"
jobserviceDatabaseIndex: "1"
registryDatabaseIndex: "2"
chartmuseumDatabaseIndex: "3"
clairAdapterIndex: "4"
trivyAdapterIndex: "5"
password: ""
podAnnotations: {}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment