update

7d41e5ec · 舒成 · a06d036a · 7d41e5ec · 7d41e5ec · 7d41e5ec
Commit 7d41e5ec authored Sep 30, 2021 by 舒成
96 changed files
--- a/.beagle.yml
+++ b/.beagle.yml
 kind: pipeline
 name: docker
 trigger:
  branch:
    - release-v2.1
 platform:
  runner: 10.11.92.34
 volumes:
  - name: charts
    host:
      path: /data/downloads/k8s/charts
  - name: docker
    host:
      path: /var/run/docker.sock
 steps:
  - name: charts
    image: registry.cn-qingdao.aliyuncs.com/wod/helm:v3.6.0
    volumes:
      - name: charts
        path: /charts
    commands:
      - helm package . -d /charts/
  - name: ansible-amd64
    image: registry.cn-qingdao.aliyuncs.com/wod/ansible-image:v1.0
    commands:
      - >-
        ansible-playbook /etc/ansible/linux/main.yml
        --extra-vars
        '{
          "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}",
          "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz",
          "TARGET_ARCH":"amd64",
          "TARGET_VERSION":"v2.1.3"
        }'
        --extra-vars "@ansible/images.yaml"
  - name: ansible-arm64
    image: registry.cn-qingdao.aliyuncs.com/wod/ansible-image:v1.0
    commands:
      - >-
        ansible-playbook /etc/ansible/linux/main.yml
        --extra-vars
        '{
          "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}",
          "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz",
          "TARGET_ARCH":"arm64",
          "TARGET_VERSION":"v2.1.3"
        }'
        --extra-vars "@ansible/images.yaml"
  - name: ansible-ppc64le
    image: registry.cn-qingdao.aliyuncs.com/wod/ansible-image:v1.0
    commands:
      - >-
        ansible-playbook /etc/ansible/linux/main.yml
        --extra-vars
        '{
          "REGISTRY_DATA_PATH": "/data/downloads/k8s/registry/{{ TARGET_ARCH }}",
          "REGISTRY_DATA_FILE": "images-harbor-{{ TARGET_VERSION }}.tar.gz",
          "TARGET_ARCH":"ppc64le",
          "TARGET_VERSION":"v2.1.3"
        }'
        --extra-vars "@ansible/images.yaml"
 ---
 kind: secret
 name: REGISTRY_USER_ALIYUN
 get:
  name: USERNAME
  path: devops-registry-aliyun
 ---
 kind: secret
 name: REGISTRY_PASSWORD_ALIYUN
 get:
  name: PASSWORD
  path: devops-registry-aliyun
--- a/.github/workflows/integration.yaml
+++ b/.github/workflows/integration.yaml
 name: Integration test
 on:
  pull_request:
  push:
 jobs:
  integration-test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        k8s_version: [v1.18.2, v1.17.5, v1.16.9]
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Setup Docker
        uses: docker-practice/actions-setup-docker@0.0.1
        with:
          docker_version: 18.09
          docker_channel: stable
          docker_daemon_json: '{"insecure-registries":["0.0.0.0/0"]}'
      - name: Create kind cluster
        uses: helm/kind-action@v1.0.0-rc.1
        with:
          version: v0.8.1
          node_image: kindest/node:${{ matrix.k8s_version }}
          cluster_name: kind-cluster-${{ matrix.k8s_version }}
          config: test/integration/kind-cluster.yaml
      - name: Install Nginx ingress controller
        run: |
          kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/ingress-nginx-2.3.0/deploy/static/provider/kind/deploy.yaml
          kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=120s
      - name: Set up Go 1.13
        uses: actions/setup-go@v2
        with:
          go-version: 1.13
      - name: Cache go mod
        uses: actions/cache@v2
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Set /etc/hosts
        run: |
         sudo -- sh -c "echo '127.0.0.1 harbor.local' >> /etc/hosts"
         sudo -- sh -c "echo '127.0.0.1 notary.harbor.local' >> /etc/hosts"
      - name: Run integration tests
        working-directory: ./test
        run:
          go test -v -timeout 30m github.com/goharbor/harbor-helm/integration
\ No newline at end of file
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
 name: Lint
 on:
  pull_request:
  push:
 jobs:
  lint:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        helm_version: [3.2.3, 2.16.8]
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          path: harbor
      - name: Set up Helm
        uses: azure/setup-helm@v1
        with:
          version: '${{ matrix.helm_version }}'
      - name: Helm version
        run:
          helm version -c
      - name: Run lint
        working-directory: ./harbor
        run:
          helm lint .
      - name: Update dependency
        working-directory: ./harbor
        run:
          helm dependency update .
      - name: Run template for ingress expose
        working-directory: ./harbor
        run:
          helm template --set "expose.type=ingress" --output-dir $(mktemp -d -t output-XXXXXXXXXX) .
      - name: Run template for nodePort expose
        working-directory: ./harbor
        run:
          helm template --set "expose.type=nodePort,expose.tls.auto.commonName=127.0.0.1" --output-dir $(mktemp -d -t output-XXXXXXXXXX) .
\ No newline at end of file
--- a/.github/workflows/unittest.yaml
+++ b/.github/workflows/unittest.yaml
 name: Unit test
 on:
  pull_request:
  push:
 jobs:
  unit-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Set up Helm 3.2.3
        uses: azure/setup-helm@v1
        with:
          version: '3.2.3'
      - name: Set up Go 1.13
        uses: actions/setup-go@v2
        with:
          go-version: 1.13
      - name: Cache go mod
        uses: actions/cache@v2
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-
      - name: Run unit tests
        working-directory: ./test
        run:
          go test -v github.com/goharbor/harbor-helm/unittest
--- a/.gitignore
+++ b/.gitignore
 charts/*
 requirements.lock
\ No newline at end of file
--- a/.helmignore
+++ b/.helmignore
 docs/*
 .git/*
 .gitignore
 CONTRIBUTING.md
 .travis.yaml
 test/*
 raws/*
 .beagle.yml
 CONTRIBUTING.md
 Deploy.md
 .github/*
 values-operator.yaml
\ No newline at end of file
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
 # Contributing to Helm Chart for Harbor
 Please follow [Harbor contributing guide](https://github.com/goharbor/harbor/blob/master/CONTRIBUTING.md) to learn how to make code contribution.
 ## Contributers
 Thanks very much to all contributers who submitted pull requests to Helm Chart for Harbor.
 - [Paul Czarkowski @paulczar](https://github.com/paulczar)
 - [Luca Innocenti Mirri @lucaim](https://github.com/lucaim)
 - [Steven Arnott @ArcticSnowman](https://github.com/ArcticSnowman)
 - [Alex M @draeron](https://github.com/draeron)
 - [SangJun Yun](https://github.com/YunSangJun)
--- a/Chart.yaml
+++ b/Chart.yaml
 apiVersion: v1
 name: beagle-harbor
 version: 2.1.3
 appVersion: 2.1.3
 description: An open source trusted cloud native registry that stores, signs, and scans content
 keywords:
  - docker
  - registry
  - harbor
 home: https://goharbor.io
 icon: https://raw.githubusercontent.com/goharbor/website/master/static/img/logos/harbor-icon-color.png
 sources:
  - https://github.com/goharbor/harbor
  - https://github.com/goharbor/harbor-helm
 maintainers:
  - name: Wenkai Yin
    email: yinw@vmware.com
  - name: Weiwei He
    email: hweiwei@vmware.com
  - name: Qian Deng
    email: dengq@vmware.com
 engine: gotpl
--- a/Deploy.md
+++ b/Deploy.md
 # harbor
 ## install
 ```bash
 # 1.install
 kubectl create ns devops
 helm install \
 --namespace=devops \
 harbor \
 /etc/kubernetes/helm/beagle-harbor \
 -f /etc/kubernetes/helm/beagle-harbor/values-overrides.yaml
 # uninstall
 helm uninstall \
 --namespace=devops \
 harbor
 # update
 helm upgrade \
 --namespace=devops \
 harbor \
 /etc/kubernetes/helm/beagle-harbor \
 -f /etc/kubernetes/helm/beagle-harbor/values-overrides.yaml
 # template
 helm template \
 --namespace=devops \
 harbor \
 /etc/kubernetes/helm/beagle-harbor \
 -f /etc/kubernetes/helm/beagle-harbor/values-overrides.yaml > /etc/kubernetes/helm/beagle-harbor/dist.yaml
 # package
 helm package . -d C:/Tmp/Charts
 ```
 ## images x86_64
 ```bash
 # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor
 registry.cn-qingdao.aliyuncs.com/wod/harbor-portal:v2.1.3
 registry.cn-qingdao.aliyuncs.com/wod/harbor-core:v2.1.3
 registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v2.1.3
 registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl:v2.1.3
 # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-db
 registry.cn-qingdao.aliyuncs.com/wod/harbor-db:v2.1.3
 # registry
 registry.cn-qingdao.aliyuncs.com/wod/registry:2.7.1
 # gitlab.wodcloud.com/cloud/chartmuseum
 registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum:v2.1.3
 # gitlab.wodcloud.com/cloud/clair
 registry.cn-qingdao.aliyuncs.com/wod/harbor-clair:v2.1.3
 # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-scanner-clair
 registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter:v2.1.3
 # gitlab.wodcloud.com/cloud/harbor-scanner-trivy
 registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter:v2.1.3
 # gitlab.wodcloud.com/cloud/notary
 registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server:v2.1.3
 registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer:v2.1.3
 # redis
 registry.cn-qingdao.aliyuncs.com/wod/redis:6.0.9
 ```
 ## images arm64
 ```bash
 # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor
 registry.cn-qingdao.aliyuncs.com/wod/harbor-portal:v2.1.3-arm64
 registry.cn-qingdao.aliyuncs.com/wod/harbor-core:v2.1.3-arm64
 registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v2.1.3-arm64
 registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl:v2.1.3-arm64
 # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-db
 registry.cn-qingdao.aliyuncs.com/wod/harbor-db:v2.1.3-arm64
 # registry
 registry.cn-qingdao.aliyuncs.com/wod/registry:2.7.1-arm64
 # gitlab.wodcloud.com/cloud/chartmuseum
 registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum:v2.1.3-arm64
 # gitlab.wodcloud.com/cloud/clair
 registry.cn-qingdao.aliyuncs.com/wod/harbor-clair:v2.1.3-arm64
 # gitlab.wodcloud.com/cloud/awecloud-goharbor-harbor-scanner-clair
 registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter:v2.1.3-arm64
 # gitlab.wodcloud.com/cloud/harbor-scanner-trivy
 registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter:v2.1.3-arm64
 # gitlab.wodcloud.com/cloud/notary
 registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server:v2.1.3-arm64
 registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer:v2.1.3-arm64
 # redis
 registry.cn-qingdao.aliyuncs.com/wod/redis:6.0.9-arm64
 ```
--- a/LICENSE
+++ b/LICENSE
--- a/REAME.md
+++ b/REAME.md
--- a/ansible/images.yaml
+++ b/ansible/images.yaml
 IMAGES:
  - repo: harbor-portal
    tag: "v2.1.3"
  - repo: harbor-core
    tag: "v2.1.3"
  - repo: harbor-jobservice
    tag: "v2.1.3"
  - repo: harbor-db
    tag: "v2.1.3"
  - repo: harbor-registryctl
    tag: "v2.1.3"
  - repo: harbor-chartmuseum
    tag: "v2.1.3"
  - repo: harbor-clair
    tag: "v2.1.3"
  - repo: harbor-clair-adapter
    tag: "v2.1.3"
  - repo: harbor-trivy-adapter
    tag: "v2.1.3"
  - repo: harbor-notary-server
    tag: "v2.1.3"
  - repo: harbor-notary-signer
    tag: "v2.1.3"
  - repo: registry
    tag: "2.7.1"
  - repo: redis
    tag: "6.0.9"
\ No newline at end of file
--- a/cert/tls.crt
+++ b/cert/tls.crt
 -----BEGIN CERTIFICATE-----
 MIIE0zCCArugAwIBAgIJAPY/OzLMeVq2MA0GCSqGSIb3DQEBCwUAMAAwHhcNMTkw
 NDE4MDIyNzM3WhcNMjkwNDE1MDIyNzM3WjAAMIICIjANBgkqhkiG9w0BAQEFAAOC
 Ag8AMIICCgKCAgEA3xlUJs2b/aI2NLoy4OIQ+dn/yMb/O99iKDRyZKpH8rSOmS+o
 F9unmSAzL65XA/v6nY0OLI/dASDjkqkBpIdTGzogR5f8UiB6osuEY7V71XZdzWLr
 PjnJq6ZLAaoKmwG80W5+Wd6V8PygOx52mkr1w7IWKz+1ZLI5izbppon7XVGVRaAT
 RvNZDiJ6CeJpcJ5H723lkf5RvJWatZLCYIYDbRfTiKsyQ/SlRcv5BVfHg/LJSH9Q
 LGRhPMARldl9wyZCwZZDHxheI4a+26aa8MY3u9st/l0/Oo6VCTGpMiEhiGF2LVjp
 UWq/+BP4SFEvJfq/DuinI139W/5aZZ7/HwRPlmYU6pXTRLyIg7jd+19fJwR7X37q
 w0o8t06FhjmrCzaYCUjoReqDmHaNmZN/ddvG7jZWBu+jNh0YavsyQyCIVmv6yqSc
 jPiD9uivxqTwjJidIBRfuUrz3aERQ7cQgf0qhqjIzflzHbFKhILocBWq7zyNl9hr
 vUGT/WZcw0t/OtM72SPaplmTgVbbQRxf2VHzyptGIvtydlXK8thxOMpXo4e+Sl8d
 1gdQcC4oisN9F29oNs8P5yFQP//xYuv8C607nCj1DzrId5avG/NVfKB/fbDKEFgN
 2WhHInTzPLEcjF4fErcUAEuWW0buX/6FHCG3iTtrqyD92KTVDfN1J56rrcsCAwEA
 AaNQME4wHQYDVR0OBBYEFFhNhTo4UAC2PUsf8jYaWj160vGEMB8GA1UdIwQYMBaA
 FFhNhTo4UAC2PUsf8jYaWj160vGEMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
 BQADggIBAMAsEtVlELMwdtcifHeOT0kOmf5wo9In/eFSgscCzBMDaRx2B3q36AoS
 Il7XWAZpevaR7W7yeARKaAshBLhygUqLD0zWbKlSN9Hprd1wdpM0ffyPpN5dxOYA
 er04y12GRnCbMYqi4cvztP4TinXqq2yHSYhLbO9qkI5gbWVxkRuIcMKvixddllNY
 Q3obJaDDHmovM3+g/G+1YFgt4qES38XnJ7BrSshHnn5EIQh286xfJriyrK2hHbLJ
 qz0YuF6G3DXPeWGgXvj0Hipc0f8UDZkKkk/eGEI6vEkytyvoepoZI2XbAf/ZMy5n
 KwuhEn4hhkFMwWaSWp/h0QdMCaxk4BVSOqmNVaLSB7+FjsIj4CasFotYiyJ2gpRB
 Nf8QaS4bz0Tn1eBbC8ksj+e3ZWeX2b5wVMjql9jTt2X1ICs8KKe3vEBkjqT2AUi2
 52TtKzm73aWrz/GPy/Q2LCor3Fh9FGVSBOBBDXGy6MJpNHJnYVH9EENFGOh85ol1
 2pADOBB5vAU/kLB5LHPj2kue/FMiHaNnrSYIGrMlBSX2jj9EYa1uuUH+pd4MBj1F
 5uH8ORiaQ6ht2+WHklxic1Rj5yTYQwVlH70CBOn+qVEdo63yQwzAMJKFIwlGUQEX
 jiljgc86q4cZtUTFrcwMidbk+8Q6+JbDVg7HV/+pnC+wnv197kwe
 -----END CERTIFICATE-----
--- a/cert/tls.key
+++ b/cert/tls.key
 -----BEGIN RSA PRIVATE KEY-----
 MIIJKQIBAAKCAgEA3xlUJs2b/aI2NLoy4OIQ+dn/yMb/O99iKDRyZKpH8rSOmS+o
 F9unmSAzL65XA/v6nY0OLI/dASDjkqkBpIdTGzogR5f8UiB6osuEY7V71XZdzWLr
 PjnJq6ZLAaoKmwG80W5+Wd6V8PygOx52mkr1w7IWKz+1ZLI5izbppon7XVGVRaAT
 RvNZDiJ6CeJpcJ5H723lkf5RvJWatZLCYIYDbRfTiKsyQ/SlRcv5BVfHg/LJSH9Q
 LGRhPMARldl9wyZCwZZDHxheI4a+26aa8MY3u9st/l0/Oo6VCTGpMiEhiGF2LVjp
 UWq/+BP4SFEvJfq/DuinI139W/5aZZ7/HwRPlmYU6pXTRLyIg7jd+19fJwR7X37q
 w0o8t06FhjmrCzaYCUjoReqDmHaNmZN/ddvG7jZWBu+jNh0YavsyQyCIVmv6yqSc
 jPiD9uivxqTwjJidIBRfuUrz3aERQ7cQgf0qhqjIzflzHbFKhILocBWq7zyNl9hr
 vUGT/WZcw0t/OtM72SPaplmTgVbbQRxf2VHzyptGIvtydlXK8thxOMpXo4e+Sl8d
 1gdQcC4oisN9F29oNs8P5yFQP//xYuv8C607nCj1DzrId5avG/NVfKB/fbDKEFgN
 2WhHInTzPLEcjF4fErcUAEuWW0buX/6FHCG3iTtrqyD92KTVDfN1J56rrcsCAwEA
 AQKCAgEAk8q8s4PrvYby79UVlWJNKqceykwBkxE1fjrYORWQ2hiAirxGV5+8lDT/
 k6ujm1EWwb5K0HxxRKkb+PEa1HqNNHE6JxNpJKK9exDlYAQ+x7dFBqVr/2nazmo4
 MB8MLYlmIztWWoSYwe8o2mEg4q+bxYs5Imdu7AkhE7dJ63hm23gLMfeMLalRqopu
 XBPwE5nXP6aGuUNHtG1K8tQJDlZY+LEbAeOfReNQhT9NdRukYSW579vfKblJrSvz
 ulg89sVm3cWEK5pB6rj9wJbK94voKftVqbbuBwWjd1a9pibKhwVBe2L2FWhpSZc5
 F/coC7njTaYT6tr91y5VhhJhIZQCf/vv4Zl5XhFHs5VTZNbM/OfqyFQLYXVJO48K
 F7tmazAEQQBQwVZqH9C9NQdzPHWmc38Okhtc1wzaqn/rg9+1sgAMD8hWCtQJUe97
 b9ymh5A0Z4QXKpyFT0b+pXcD1jRha07UtkX+/zLJ9HpAXcUmzkG+j5CXNpnxsIq5
 fJFeq3hBj9w6n4h+50M4W0Fse5YoEUsc3B0fz8BlQBb+YJLFLNH34MH8p1l0ZDYJ
 yae0psxlBijg4OPZ+WCBa+jtFW4LiWgEcxwgz8w+hEOAQr2a1Dc7w8jd+Y4IK8Um
 lTVs5dbp4mOmPMlRv/GM7kDudFqbMg3YFwXg3QbquVqLZzEzjVkCggEBAPJKZbCW
 YfLejkS/fkRyV3VIb54mKwQHoMWub88tPgGuXzjsJyd5QTQ58PpUjXrLHmn8lS2+
 viE8GJylKwN1yMlZw40+kZhpHUpCWx/2ZKjAqvqA9OOKo2fv6Hd/wOAnU4CtioC1
 pri7lKFYXoP8DtQVwHYvIzCRqDnhc4mwJDqzTC9xduI+svxzl4xH82fx0jrPiFY+
 /wOdXjyfIPjyhHC4jPTWbairwXS9dBjSl128aIRT580/yXE/SYAugg05jKtg5zQA
 So13MTezXRHXdO0di3tEMHGREEkFpeVnnPQvCCedK0DV36iNwiWc8pwdfLMVneTt
 DKwZedCx+o/7ev0CggEBAOu48DGEJJJzHxVR5mY1K2AlZyYtpTOWehK1zX74JvM3
 YxN4nd+Zx5n9uSPmmKzqF3TU+44RVtdJK6ejoFE8dMDTNWaSLW/ZDmN1nT0njvOn
 IWJn59ynOChWWKZgXZ/9UqGR7Pt6OxSkkex9c/fYBsMX/xusdXQigeogl0iOYVFW
 gXIiiLRLHpHJsK/uNxIizj0hTYYn7uD7PRENwFRcCYf8J1eUFbd6DuCVWeQCKWgf
 Nd2tSWoi0Vylj4uUX8Iw0tjLNMD5CREJEk4GSv4EDSmvUdv1LiBKJCL2lEcgoPeC
 oOD2iCc5KqgnmQraRilFFk8RVXA9PWZGY3C0b6TVmmcCggEANZO2AOKALlCAbTtb
 FI+kP08RP4t5H58AMjZsiweaGo0QiWnPDq+Fd6MIYpKn5mtcAlvUMRVovbioSJtN
 c6psB/pNf8JCN82mqHEb7WlywM46AMLbZCWYFLe8VBBv+iE4GdBGPEfu4hK4vyTn
 YZAvRz64HGo4Adlztbjg76V/nWtggW05uLXcpm55KJAQhv+2WULjBw9PHOGDoSwf
 Am2+U567rLht70prsQDj10laJ2QuSHS1YXGlfeFcw3eFUp9TN+JpvdoCol2lCIgl
 IHjgZj6ORWfCvpoxW7RgBuZukqCD0R60HdYtavxN3jtiepsapA83pxO0JapMgZWZ
 rpURkQKCAQBOcEv9Liu9T/GX9pjkiezVIZ0hZy8B66DTeQvYpFrRtCyT3h8quNFi
 vLtO5v0HDR6hEf5jWAG9wet07U37ulJfl+i9KQdVoLTZA9o+71ryWTsSs+DD3CEj
 yxfUxVxiULmeaiChzhq608h7GYPthUU6xlFttAWhj5oLfqzYyAg6OL76a+Nxm02g
 1ayl3m8U6eAXF23kpoUm+HNpqVnGuJmzVoUA75YKZ+NreEdhSBbfPwN9sJwtZUil
 u7H4kHcM95Ix8eysCjKqKIqezBlITbDTnjNvLjcbJ5C+0a6lvIXT1vQR5/eGlc9M
 BWE360pNkV/LD8mOf9Jepi2Q43oDL9EhAoIBAQDTWImfy0K9gGzA2rPy169mWYQK
 OlcnD3+hQq6x51Zn1e/texFeVlhHn4rrnRdCFOAp47uFkJ2m72GCVD74EwQucK9y
 AD5jorqgVHqCKZdkHjb2V60Mzm6g3rtL9WJXFVLvNBb/QGB2vgHVOO0zqiqGZj4e
 Ex7l2m//5SE4DLtn70J9CgG1HtXCS8dWrGPL1pzDnk8VXtnoXzb0LChLUFEgZRmh
 cV6AFHEK2H8wBHviNyehsRQiDkl2AiWOcJNvkzW68ck2nJjRWyPYK1JL3NCKpB3Q
 OohrP0fHcWAXMW97wFXZhRfnQfDxxIOlj3McYT0AlanXd0F4NGc2Nvmphx04
 -----END RSA PRIVATE KEY-----
--- a/conf/clair.yaml
+++ b/conf/clair.yaml
 clair:
  database:
    type: pgsql
    options:
      source: "{{ template "harbor.database.clair" . }}"
      # Number of elements kept in the cache
      # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
      cachesize: 16384
  api:
    # API server port
    port: 6060
    healthport: 6061
    # Deadline before an API request will respond with a 503
    timeout: 300s
  updater:
    interval: {{ .Values.clair.updatersInterval }}h
--- a/conf/notary-server.json
+++ b/conf/notary-server.json
 {
  "server": {
    "http_addr": ":4443"
  },
  "trust_service": {
    "type": "remote",
    "hostname": "{{ template "harbor.notary-signer" . }}",
    "port": "7899",
    "tls_ca_file": "/etc/ssl/notary/ca.crt",
    "key_algorithm": "ecdsa"
  },
  "logging": {
    "level": "{{ .Values.logLevel }}"
  },
  "storage": {
    "backend": "postgres",
    "db_url": "{{ template "harbor.database.notaryServer" . }}"
  },
  "auth": {
    "type": "token",
    "options": {
      "realm": "{{ .Values.externalURL }}.{{ $.Values.global.host }}/service/token",
      "service": "harbor-notary",
      "issuer": "harbor-token-issuer",
      "rootcertbundle": "/root.crt"
    }
  }
 }
\ No newline at end of file
--- a/conf/notary-signer.json
+++ b/conf/notary-signer.json
 {
  "server": {
    "grpc_addr": ":7899",
    "tls_cert_file": "/etc/ssl/notary/tls.crt",
    "tls_key_file": "/etc/ssl/notary/tls.key"
  },
  "logging": {
    "level": "{{ .Values.logLevel }}"
  },
  "storage": {
    "backend": "postgres",
    "db_url": "{{ template "harbor.database.notarySigner" . }}",
    "default_alias": "defaultalias"
  }
 }
\ No newline at end of file
--- a/docs/High Availability.md
+++ b/docs/High Availability.md
 ---
 title: Harbor High Availability Guide
 ---
 ## Goal
 Deploy Harbor on K8S via helm to make it highly available, that is, if one of node that has Harbor's container running becomes un accessible. Users does not experience interrupt of service of Harbor.
 ## Prerequisites
 - Kubernetes cluster 1.10+
 - Helm 2.10.0+
 - High available ingress controller (Harbor does not manage the external endpoint)
 - High available PostgreSQL database (Harbor does not handle the deployment of HA of database)
 - High available Redis (Harbor does not handle the deployment of HA of Redis)
 - PVC that can be shared across nodes or external object storage
 ## Architecture
 Most of Harbor's components are stateless now.  So we can simply increase the replica of the pods to make sure the components are distributed to multiple worker nodes, and leverage the "Service" mechanism of K8S to ensure the connectivity across pods.
 As for storage layer, it is expected that the user provide high available PostgreSQL, Redis cluster for application data and PVCs or object storage for storing images and charts.
 ![HA](img/ha.png)
 ## Usage
 ### Download Chart
 Download Harbor helm chart:
 ```bash
 helm repo add harbor https://helm.goharbor.io
 helm fetch harbor/harbor --untar
 ```
 ### Configuration
 Configure the followings items in `values.yaml`, you can also set them as parameters via `--set` flag during running `helm install`:
 - **Ingress rule**
   Configure the `expose.ingress.hosts.core` and `expose.ingress.hosts.notary`.
 - **External URL**
   Configure the `externalURL`.
 - **External PostgreSQL**
   Set the `database.type` to `external` and fill the information in `database.external` section.
   Four empty databases should be created manually for `Harbor core`, `Clair`, `Notary server` and `Notary signer` and configure them in the section. Harbor will create tables automatically when starting up.
 - **External Redis**
   Set the `redis.type` to `external` and fill the information in `redis.external` section.
   As the Redis client used by Harbor's upstream projects doesn't support `Sentinel`, Harbor can only work with a single entry point Redis. You can refer to this [guide](https://community.pivotal.io/s/article/How-to-setup-HAProxy-and-Redis-Sentinel-for-automatic-failover-between-Redis-Master-and-Slave-servers) to setup a HAProxy before the Redis to expose a single entry point.
 - **Storage**
   By default, a default `StorageClass` is needed in the K8S cluster to provision volumes to store images, charts and job logs.
   If you want to specify the `StorageClass`, set `persistence.persistentVolumeClaim.registry.storageClass`, `persistence.persistentVolumeClaim.chartmuseum.storageClass` and `persistence.persistentVolumeClaim.jobservice.storageClass`.
   If you use `StorageClass`, for both default or specified one, set `persistence.persistentVolumeClaim.registry.accessMode`, `persistence.persistentVolumeClaim.chartmuseum.accessMode` and `persistence.persistentVolumeClaim.jobservice.accessMode` as `ReadWriteMany`, and make sure that the persistent volumes must can be shared cross different nodes.
   You can also use the existing PVCs to store data, set `persistence.persistentVolumeClaim.registry.existingClaim`, `persistence.persistentVolumeClaim.chartmuseum.existingClaim` and `persistence.persistentVolumeClaim.jobservice.existingClaim`.
   If you have no PVCs that can be shared across nodes, you can use external object storage to store images and charts and store the job logs in database. Set the `persistence.imageChartStorage.type` to the value you want to use and fill the corresponding section and set `jobservice.jobLogger` to `database`.
 - **Replica**
   Set `portal.replicas`, `core.replicas`, `jobservice.replicas`, `registry.replicas`, `chartmuseum.replicas`, `clair.replicas`, `notary.server.replicas` and `notary.signer.replicas` to `n`(`n`>=2).
 ### Installation
 Install the Harbor helm chart with a release name `my-release`:  
 helm 2:
 ```bash
 helm install --name my-release .
 ```
 helm 3:
 ```
 helm install my-release .
 ```
--- a/docs/Upgrade.md
+++ b/docs/Upgrade.md
 ---
 title: Upgrade Guide
 ---
 This guide is used to upgrade Harbor deployed by chart since version 0.3.0.
 ## Notes
 - As the database schema may change between different versions of Harbor, there is a progress to migrate the schema during the upgrade and the downtime cannot be avoid
 - The database schema cannot be downgraded automatically, so the `helm rollback` is not supported
 ## Upgrade
 ### 1. Backup database
 Backup the database used by Harbor in case the upgrade process fails.
 ### 2. Download new chart
 Download the latest version of Harbor chart.
 ### 3. Configure new chart
 Configure the new chart to make sure that the configuration items have the same values with the old one.
 > Note: if TLS is enabled and the certificate is generated by chart automatically, a new certificate will be generated and overwrite the old one during the upgrade, this may cause some issues if you have distributed the certificate. You can follow the below steps to configure the new chart to use the old certificate:
 1) Get the secret name which certificate is stored in:
    ```bash
    kubectl get secret
    ```
    Find the secret whose name ends with `-harbor-ingress` (expose service via `Ingress`) or `-harbor-nginx`(expose service via `ClusterIP` or `NodePort`)
 2) Export the secret as yaml file:
    ```bash
    kubectl get secret <secret-name-from-step-1> -o yaml > secret.yaml
    ```
 3) Rename the secret by setting `metadata.name` in `secret.yaml`
 4) Create a new secret:
    ```bash
    kubectl create -f secret.yaml
    ```
 5) Configure the chart to use the new secret by setting `expose.tls.secretName` as the value you set in step **3**
 ### 4. Upgrade
 Run upgrade command:
 ```bash
 helm upgrade release-name --force .
 ```
 > The `--force` is necessary if upgrade from version 0.3.0 due to issue [#30](https://github.com/goharbor/harbor-helm/issues/30).
 ## Known issues
 - The job logs will be lost if you upgrade from version 0.3.0 as the logs are store in a `emptyDir` in 0.3.0.
--- a/docs/_index.md
+++ b/docs/_index.md
 ---
 title: Managing Harbor with Helm
 weight: 50
 ---
 This documentation focuses on deploying and managing Harbor via [Helm](https://helm.sh). For general documentation for Harbor, please see the [Harbor docs](https://goharbor.io/docs).
\ No newline at end of file
--- a/raws/values-aliyun.yaml
+++ b/raws/values-aliyun.yaml
 expose:
  type: ingress
  tls:
    enabled: false
  ingress:
    hosts:
      core: hub.wodcloud.local
      notary: notary.wodcloud.local
    annotations:
      ingress.kubernetes.io/proxy-body-size: "0"
 externalURL: https://hub.wodcloud.local
 persistence:
  enabled: true
  persistentVolumeClaim:
    registry:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    chartmuseum:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    database:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    redis:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    trivy:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi  
  imageChartStorage:
    # s3 , filesystem
    type: filesystem
    s3:
      accesskey: AKIAIOSFODNN7EXAMPLE
      secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
      region: us-east-1
      regionendpoint: http://minio.wodcloud.local
      bucket: registry
      encrypt: false
      v4auth: true
      chunksize: '5242880'
      rootdirectory: /      
 imagePullPolicy: IfNotPresent
 logLevel: info
 harborAdminPassword: "spaceIN511"
 secretKey: "IpTIscRIgmerlare"
 portal:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
    tag: v2.1.3
 core:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
    tag: v2.1.3
 jobservice:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
    tag: v2.1.3
 registry:
  registry:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/registry
      tag: 2.7.1
    resources:
      limits:
        memory: 4Gi
      requests:
        memory: 256Mi
  controller:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
      tag: v2.1.3
 chartmuseum:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum
    tag: v2.1.3
  nodeSelector: {}
  # nodeSelector:
  #   harbor: enabled
  storageSpec:
    type: hostPath
    emptyDir: {}
    hostPath:
      root: /data    
 clair:
  clair:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair
      tag: v2.1.3
  adapter:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter
      tag: v2.1.3
 trivy:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter
    tag: v2.1.3
 notary:
  server:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server
      tag: v2.1.3
  signer:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer
      tag: v2.1.3
 database:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
      tag: v2.1.3
    password: "spaceIN511"
    resources:
      limits:
        memory: 4Gi
      requests:
        memory: 256Mi
 redis:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/redis
      tag: 6.0.9
\ No newline at end of file
--- a/raws/values-arm.yaml
+++ b/raws/values-arm.yaml
 expose:
  type: ingress
  tls:
    enabled: false
  ingress:
    hosts:
      core: hub.wodcloud.local
      notary: notary.wodcloud.local
    annotations:
      ingress.kubernetes.io/proxy-body-size: "0"
 externalURL: https://hub.wodcloud.local
 persistence:
  enabled: true
  persistentVolumeClaim:
    registry:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    chartmuseum:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    database:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    redis:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    trivy:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi  
  imageChartStorage:
    # s3 , filesystem
    type: filesystem
    s3:
      accesskey: AKIAIOSFODNN7EXAMPLE
      secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
      region: us-east-1
      regionendpoint: http://minio.wodcloud.local
      bucket: registry
      encrypt: false
      v4auth: true
      chunksize: '5242880'
      rootdirectory: /      
 imagePullPolicy: IfNotPresent
 logLevel: info
 harborAdminPassword: "spaceIN511"
 secretKey: "IpTIscRIgmerlare"
 portal:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
    tag: v2.1.3-arm64
 core:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
    tag: v2.1.3-arm64
 jobservice:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
    tag: v2.1.3-arm64
 registry:
  registry:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/registry
      tag: 2.7.1-arm64
    resources:
      limits:
        memory: 4Gi
      requests:
        memory: 256Mi
  controller:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
      tag: v2.1.3-arm64
 chartmuseum:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum
    tag: v2.1.3-arm64
  nodeSelector: {}
  # nodeSelector:
  #   harbor: enabled
  storageSpec:
    type: hostPath
    emptyDir: {}
    hostPath:
      root: /data    
 clair:
  clair:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair
      tag: v2.1.3-arm64
  adapter:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter
      tag: v2.1.3-arm64
 trivy:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter
    tag: v2.1.3-arm64
 notary:
  server:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server
      tag: v2.1.3-arm64
  signer:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer
      tag: v2.1.3-arm64
 database:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
      tag: v2.1.3-arm64
    password: "spaceIN511"
    resources:
      limits:
        memory: 4Gi
      requests:
        memory: 256Mi
 redis:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/redis
      tag: 6.0.9-arm64
\ No newline at end of file
--- a/raws/values-pg.yaml
+++ b/raws/values-pg.yaml
 expose:
  type: ingress
  tls:
    enabled: false
  ingress:
    hosts:
      core: hub.test.wodcloud.com
      notary: notary.test.wodcloud.com
    annotations:
      ingress.kubernetes.io/proxy-body-size: "0"
 externalURL: https://hub.test.wodcloud.com
 persistence:
  enabled: true
  imageChartStorage:
    # s3 , filesystem
    type: filesystem
    filesystem:
      rootdirectory: /data
    #s3:
     # accesskey: AKIAIOSFODNN7EXAMPLE
     # secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
     # region: us-east-1
     # regionendpoint: https://minio.sxwh.local
     # bucket: registry
     # encrypt: false
     # v4auth: true
     # chunksize: '5242880'
     # rootdirectory: /
 imagePullPolicy: IfNotPresent
 logLevel: info
 harborAdminPassword: "spaceIN511"
 secretKey: "IpTIscRIgmerlare"
 portal:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
    tag: v1.8.2
  replicas: 1
 core:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
    tag: v1.8.2
  replicas: 1
 jobservice:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
    tag: v1.8.2
  replicas: 1
  maxJobWorkers: 10
  jobLogger: file
 registry:
  registry:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/registry
      tag: 2.7.1
    resources:
      limits:
        memory: 4Gi
      requests:
        memory: 256Mi
  nodeSelector:
    harbor: enabled  
  storageSpec:
    # type: emptyDir , hostPath , volumeClaimTemplate
    type: hostPath
    emptyDir: {}
    hostPath:
      root: /data
    volumeClaimTemplate:
      spec:
        storageClassName: rook-ceph-block
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 100Gi
      selector: {}    
  controller:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
      tag: v1.8.2
  replicas: 1
 chartmuseum:
  enabled: true
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/chartmuseum-photon
    tag: v0.9.0-v1.8.2
  replicas: 1
  nodeSelector:
    harbor: enabled  
  storageSpec:
    type: hostPath
    emptyDir: {}
    hostPath:
      root: /data    
 clair:
  enabled: true
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/clair-photon
    tag: v2.0.8-v1.8.2
  replicas: 1
 notary:
  enabled: true
  server:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/notary-server-photon
      tag: v0.6.1-v1.8.2
    replicas: 1
  signer:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/notary-signer-photon
      tag: v0.6.1-v1.8.2
    replicas: 1
 database:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
      tag: v1.8.2
    password: "spaceIN511"
    resources:
      limits:
        memory: 4Gi
      requests:
        memory: 256Mi
    nodeSelector:
      harbor: enabled
    storageSpec:
      type: hostPath
      emptyDir: {}
      hostPath:
        root: /data         
      volumeClaimTemplate:
        spec:
          storageClassName: rook-ceph-block
          accessModes: ["ReadWriteOnce"]
          resources:
            requests:
              storage: 20Gi
        selector: {}
 redis:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/redis
      tag: 4.0.14-alpine
\ No newline at end of file
--- a/raws/values-ppc64le.yaml
+++ b/raws/values-ppc64le.yaml
 expose:
  type: ingress
  tls:
    enabled: false
  ingress:
    hosts:
      core: hub.wodcloud.local
      notary: notary.wodcloud.local
    annotations:
      ingress.kubernetes.io/proxy-body-size: "0"
 externalURL: https://hub.wodcloud.local
 persistence:
  enabled: true
  persistentVolumeClaim:
    registry:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    chartmuseum:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    database:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    redis:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 1Gi
    trivy:
      existingClaim: ""
      storageClass: "hostpath"
      subPath: ""
      accessMode: ReadWriteOnce
      size: 5Gi  
  imageChartStorage:
    # s3 , filesystem
    type: filesystem
    s3:
      accesskey: AKIAIOSFODNN7EXAMPLE
      secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
      region: us-east-1
      regionendpoint: http://minio.wodcloud.local
      bucket: registry
      encrypt: false
      v4auth: true
      chunksize: '5242880'
      rootdirectory: /      
 imagePullPolicy: IfNotPresent
 logLevel: info
 harborAdminPassword: "spaceIN511"
 secretKey: "IpTIscRIgmerlare"
 portal:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
    tag: v2.1.3-ppc64le
 core:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
    tag: v2.1.3-ppc64le
 jobservice:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
    tag: v2.1.3-ppc64le
 registry:
  registry:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/registry
      tag: 2.7.1-ppc64le
    resources:
      limits:
        memory: 4Gi
      requests:
        memory: 256Mi
  controller:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
      tag: v2.1.3-ppc64le
 chartmuseum:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-chartmuseum
    tag: v2.1.1-ppc64le
  nodeSelector: {}
  # nodeSelector:
  #   harbor: enabled
  storageSpec:
    type: hostPath
    emptyDir: {}
    hostPath:
      root: /data    
 clair:
  clair:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair
      tag: v2.1.1-ppc64le
  adapter:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-clair-adapter
      tag: v2.1.1-ppc64le
 trivy:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-trivy-adapter
    tag: v2.1.1-ppc64le
 notary:
  server:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-server
      tag: v2.1.1-ppc64le
  signer:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-notary-signer
      tag: v2.1.1-ppc64le
 database:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-db
      tag: v2.1.3-ppc64le
    password: "spaceIN511"
    resources:
      limits:
        memory: 4Gi
      requests:
        memory: 256Mi
 redis:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/redis
      tag: 6.0.9-ppc64le
\ No newline at end of file
--- a/raws/values-stolon.yaml
+++ b/raws/values-stolon.yaml
 expose:
  type: ingress
  tls:
    enabled: false
  ingress:
    hosts:
      core: hub.test.wodcloud.com
      notary: notary.test.wodcloud.com
    annotations:
      ingress.kubernetes.io/proxy-body-size: "0"
 externalURL: https://hub.test.wodcloud.com
 persistence:
  enabled: true
  imageChartStorage:
    # s3 , filesystem
    type: filesystem
    filesystem:
      rootdirectory: /data
    #s3:
     # accesskey: AKIAIOSFODNN7EXAMPLE
     # secretkey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
     # region: us-east-1
     # regionendpoint: https://minio.sxwh.local
     # bucket: registry
     # encrypt: false
     # v4auth: true
     # chunksize: '5242880'
     # rootdirectory: /
 imagePullPolicy: IfNotPresent
 logLevel: info
 harborAdminPassword: "spaceIN511"
 secretKey: "IpTIscRIgmerlare"
 portal:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-portal
    tag: v1.8.2
  replicas: 1
 core:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-core
    tag: v1.8.2
  replicas: 1
 jobservice:
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
    tag: v1.8.2
  replicas: 1
  maxJobWorkers: 10
  jobLogger: file
 registry:
  registry:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/registry
      tag: 2.7.1
    resources:
      limits:
        memory: 4Gi
      requests:
        memory: 256Mi
  nodeSelector:
    harbor: enabled  
  storageSpec:
    # type: emptyDir , hostPath , volumeClaimTemplate
    type: hostPath
    emptyDir: {}
    hostPath:
      root: /data
    volumeClaimTemplate:
      spec:
        storageClassName: rook-ceph-block
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 100Gi
      selector: {}    
  controller:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/harbor-registryctl
      tag: v1.8.2
  replicas: 1
 chartmuseum:
  enabled: true
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/chartmuseum-photon
    tag: v0.9.0-v1.8.2
  replicas: 1
  nodeSelector:
    harbor: enabled  
  storageSpec:
    type: hostPath
    emptyDir: {}
    hostPath:
      root: /data    
 clair:
  enabled: true
  image:
    repository: registry.cn-qingdao.aliyuncs.com/wod/clair-photon
    tag: v2.0.8-v1.8.2
  replicas: 1
 notary:
  enabled: true
  server:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/notary-server-photon
      tag: v0.6.1-v1.8.2
    replicas: 1
  signer:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/notary-signer-photon
      tag: v0.6.1-v1.8.2
    replicas: 1
 database:
  type: external
  external:
    host: "stolon-proxy.devops"
    port: "5432"
    username: "postgres"
    password: "spaceIN511"
    coreDatabase: "hub_registry"
    clairDatabase: "hub_clair"
    notaryServerDatabase: "hub_notary_server"
    notarySignerDatabase: "hub_notary_signer"
    sslmode: "disable"
 redis:
  type: internal
  internal:
    image:
      repository: registry.cn-qingdao.aliyuncs.com/wod/redis
      tag: 4.0.14-alpine
\ No newline at end of file
--- a/raws/values.yaml
+++ b/raws/values.yaml
--- a/templates/NOTES.txt
+++ b/templates/NOTES.txt
 Please wait for several minutes for Harbor deployment to complete.
 Then you should be able to visit the Harbor portal at {{ .Values.externalURL }}.{{ $.Values.global.host }}
 For more details, please visit https://github.com/goharbor/harbor
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
--- a/templates/chartmuseum/chartmuseum-cm.yaml
+++ b/templates/chartmuseum/chartmuseum-cm.yaml
--- a/templates/chartmuseum/chartmuseum-dpl.yaml
+++ b/templates/chartmuseum/chartmuseum-dpl.yaml
--- a/templates/chartmuseum/chartmuseum-pvc.yaml
+++ b/templates/chartmuseum/chartmuseum-pvc.yaml
 {{- if .Values.chartmuseum.enabled }}
 {{- $persistence := .Values.persistence -}}
 {{- if $persistence.enabled }}
 {{- $chartmuseum := $persistence.persistentVolumeClaim.chartmuseum -}}
 {{- if and (not $chartmuseum.existingClaim) (eq $persistence.imageChartStorage.type "filesystem") }}
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ template "harbor.chartmuseum" . }}
  {{- if eq $persistence.resourcePolicy "keep" }}
  annotations:
    helm.sh/resource-policy: keep
  {{- end }}
  labels:
 {{ include "harbor.labels" . | indent 4 }}
    component: chartmuseum
 spec:
  accessModes: 
    - {{ $chartmuseum.accessMode }}
  resources:
    requests:
      storage: {{ $chartmuseum.size }}
  {{- if $chartmuseum.storageClass }}
    {{- if eq "-" $chartmuseum.storageClass }}
  storageClassName: ""
    {{- else }}
  storageClassName: {{ $chartmuseum.storageClass }}
    {{- end }}
  {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
\ No newline at end of file
--- a/templates/chartmuseum/chartmuseum-secret.yaml
+++ b/templates/chartmuseum/chartmuseum-secret.yaml
 {{- if .Values.chartmuseum.enabled }}
 apiVersion: v1
 kind: Secret
 metadata:
  name: "{{ template "harbor.chartmuseum" . }}"
  labels:
 {{ include "harbor.labels" . | indent 4 }}
 type: Opaque
 data:
  CACHE_REDIS_PASSWORD: {{ include "harbor.redis.password" . | b64enc | quote }}
 {{- $storage := .Values.persistence.imageChartStorage }}
 {{- $storageType := $storage.type }}
 {{- if eq $storageType "azure" }}
  AZURE_STORAGE_ACCESS_KEY: {{ $storage.azure.accountkey | b64enc | quote }}
 {{- else if eq $storageType "gcs" }}
  # TODO support the keyfile of gcs
 {{- else if eq $storageType "s3" }}
  {{- if $storage.s3.secretkey }}
  AWS_SECRET_ACCESS_KEY: {{ $storage.s3.secretkey | b64enc | quote }}
  {{- end }}
 {{- else if eq $storageType "swift" }}
  OS_PASSWORD: {{ $storage.swift.password | b64enc | quote }}
 {{- else if eq $storageType "oss" }}
  ALIBABA_CLOUD_ACCESS_KEY_SECRET: {{ $storage.oss.accesskeysecret | b64enc | quote }}
 {{- end }}
 {{- end }}
\ No newline at end of file
--- a/templates/chartmuseum/chartmuseum-svc.yaml
+++ b/templates/chartmuseum/chartmuseum-svc.yaml
 {{- if .Values.chartmuseum.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: "{{ template "harbor.chartmuseum" . }}"
  labels:
 {{ include "harbor.labels" . | indent 4 }}
 spec:
  ports:
    - port: {{ template "harbor.chartmuseum.servicePort" . }}
      targetPort: {{ template "harbor.chartmuseum.containerPort" . }}
  selector:
 {{ include "harbor.matchLabels" . | indent 4 }}
    component: chartmuseum
 {{- end }}
\ No newline at end of file
--- a/templates/chartmuseum/chartmuseum-tls.yaml
+++ b/templates/chartmuseum/chartmuseum-tls.yaml
--- a/templates/clair/clair-dpl.yaml
+++ b/templates/clair/clair-dpl.yaml
--- a/templates/clair/clair-secret.yaml
+++ b/templates/clair/clair-secret.yaml
--- a/templates/clair/clair-svc.yaml
+++ b/templates/clair/clair-svc.yaml
--- a/templates/clair/clair-tls.yaml
+++ b/templates/clair/clair-tls.yaml
--- a/templates/core/core-cm.yaml
+++ b/templates/core/core-cm.yaml
--- a/templates/core/core-dpl.yaml
+++ b/templates/core/core-dpl.yaml
--- a/templates/core/core-secret.yaml
+++ b/templates/core/core-secret.yaml
--- a/templates/core/core-svc.yaml
+++ b/templates/core/core-svc.yaml
--- a/templates/core/core-tls.yaml
+++ b/templates/core/core-tls.yaml
--- a/templates/database/database-secret.yaml
+++ b/templates/database/database-secret.yaml
--- a/templates/database/database-ss.yaml
+++ b/templates/database/database-ss.yaml
--- a/templates/database/database-svc.yaml
+++ b/templates/database/database-svc.yaml
--- a/templates/ingress/ingress.yaml
+++ b/templates/ingress/ingress.yaml
--- a/templates/ingress/ingresshost.yaml
+++ b/templates/ingress/ingresshost.yaml
--- a/templates/ingress/ingressroute.yaml
+++ b/templates/ingress/ingressroute.yaml
--- a/templates/ingress/middleware.yaml
+++ b/templates/ingress/middleware.yaml
--- a/templates/ingress/secret.yaml
+++ b/templates/ingress/secret.yaml
--- a/templates/internal/auto-tls.yaml
+++ b/templates/internal/auto-tls.yaml
--- a/templates/jobservice/jobservice-cm-env.yaml
+++ b/templates/jobservice/jobservice-cm-env.yaml
--- a/templates/jobservice/jobservice-cm.yaml
+++ b/templates/jobservice/jobservice-cm.yaml
--- a/templates/jobservice/jobservice-dpl.yaml
+++ b/templates/jobservice/jobservice-dpl.yaml
--- a/templates/jobservice/jobservice-pvc.yaml
+++ b/templates/jobservice/jobservice-pvc.yaml
--- a/templates/jobservice/jobservice-secrets.yaml
+++ b/templates/jobservice/jobservice-secrets.yaml
--- a/templates/jobservice/jobservice-svc.yaml
+++ b/templates/jobservice/jobservice-svc.yaml
--- a/templates/jobservice/jobservice-tls.yaml
+++ b/templates/jobservice/jobservice-tls.yaml
--- a/templates/nginx/configmap-http.yaml
+++ b/templates/nginx/configmap-http.yaml
--- a/templates/nginx/configmap-https.yaml
+++ b/templates/nginx/configmap-https.yaml
--- a/templates/nginx/deployment.yaml
+++ b/templates/nginx/deployment.yaml
--- a/templates/nginx/secret.yaml
+++ b/templates/nginx/secret.yaml
--- a/templates/nginx/service.yaml
+++ b/templates/nginx/service.yaml
--- a/templates/notary/notary-secret.yaml
+++ b/templates/notary/notary-secret.yaml
--- a/templates/notary/notary-server.yaml
+++ b/templates/notary/notary-server.yaml
--- a/templates/notary/notary-signer.yaml
+++ b/templates/notary/notary-signer.yaml
--- a/templates/notary/notary-svc.yaml
+++ b/templates/notary/notary-svc.yaml
--- a/templates/portal/configmap.yaml
+++ b/templates/portal/configmap.yaml
--- a/templates/portal/deployment.yaml
+++ b/templates/portal/deployment.yaml
--- a/templates/portal/service.yaml
+++ b/templates/portal/service.yaml
--- a/templates/portal/tls.yaml
+++ b/templates/portal/tls.yaml
--- a/templates/redis/service.yaml
+++ b/templates/redis/service.yaml
--- a/templates/redis/statefulset.yaml
+++ b/templates/redis/statefulset.yaml
--- a/templates/registry/registry-cm.yaml
+++ b/templates/registry/registry-cm.yaml
--- a/templates/registry/registry-dpl.yaml
+++ b/templates/registry/registry-dpl.yaml
--- a/templates/registry/registry-pvc.yaml
+++ b/templates/registry/registry-pvc.yaml
--- a/templates/registry/registry-secret.yaml
+++ b/templates/registry/registry-secret.yaml
--- a/templates/registry/registry-svc.yaml
+++ b/templates/registry/registry-svc.yaml
--- a/templates/registry/registry-tls.yaml
+++ b/templates/registry/registry-tls.yaml
--- a/templates/trivy/trivy-secret.yaml
+++ b/templates/trivy/trivy-secret.yaml
--- a/templates/trivy/trivy-sts.yaml
+++ b/templates/trivy/trivy-sts.yaml
--- a/templates/trivy/trivy-svc.yaml
+++ b/templates/trivy/trivy-svc.yaml
--- a/templates/trivy/trivy-tls.yaml
+++ b/templates/trivy/trivy-tls.yaml
--- a/test/go.mod
+++ b/test/go.mod
--- a/test/go.sum
+++ b/test/go.sum
--- a/test/install_helm.sh
+++ b/test/install_helm.sh
--- a/test/integration/base.go
+++ b/test/integration/base.go
--- a/test/integration/ingress_test.go
+++ b/test/integration/ingress_test.go
--- a/test/integration/kind-cluster.yaml
+++ b/test/integration/kind-cluster.yaml
--- a/test/integration/node_port_test.go
+++ b/test/integration/node_port_test.go
--- a/test/test.go
+++ b/test/test.go
 package test
--- a/test/unittest/trivy_stateful_set_test.go
+++ b/test/unittest/trivy_stateful_set_test.go
--- a/test/verify.sh
+++ b/test/verify.sh
--- a/values-operator.yaml
+++ b/values-operator.yaml
 global:
  hub: registry.cn-qingdao.aliyuncs.com/wod
  imagePullPolicy: "IfNotPresent"
  imageArch: amd64
  host: wodcloud.local
\ No newline at end of file
--- a/values.yaml
+++ b/values.yaml