add files

.drone.yml

+clone:
+  git:
+    image: registry-vpc.cn-qingdao.aliyuncs.com/wod/drone-plugin-git:1.4.0
+pipeline:
+  docker:
+    image: harbor.wodcloud.com/devops/drone-plugin-docker:1.0
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    base: registry-vpc.cn-qingdao.aliyuncs.com/wod-k8s/data:1.0.0
+    repo: wod/harbor-chart
+    registry: registry-vpc.cn-qingdao.aliyuncs.com
+    secrets: 
+      - source: REGISTRY_USER_ALIYUN
+        target: REGISTRY_USER
+      - source: REGISTRY_PASSWORD_ALIYUN
+        target: REGISTRY_PASSWORD        
+branches: [master]
\ No newline at end of file

.gitignore

+charts/*
+requirements.lock
\ No newline at end of file

CONTRIBUTING.md

+# Contributing to Helm Chart for Harbor
+
+Please follow [Harbor contributing guide](https://github.com/vmware/harbor/blob/master/CONTRIBUTING.md) to learn how to make code contribution.
+
+# Contributers
+
+Thanks very much to all contributers who submitted pull requests to Helm Chart for Harbor.
+
+- [Paul Czarkowski @paulczar](https://github.com/paulczar)
+- [Luca Innocenti Mirri @lucaim](https://github.com/lucaim)
+- [Steven Arnott @ArcticSnowman](https://github.com/ArcticSnowman)
+- [Alex M @draeron](https://github.com/draeron)
+- [SangJun Yun](https://github.com/YunSangJun)

Chart.yaml

+name: harbor
+version: 0.2.0
+appVersion: 1.5.0
+description: An Enterprise-class Docker Registry by VMware
+keywords:
+- vmware
+- docker
+- registry
+- harbor
+home: https://github.com/vmware/harbor
+icon: https://raw.githubusercontent.com/vmware/harbor/master/docs/img/harbor_logo.png
+sources:
+- https://github.com/vmware/harbor/tree/master/contrib/helm/harbor
+maintainers:
+- name: Jesse Hu
+  email: huh@vmware.com
+- name: paulczar
+  email: username.taken@gmail.com
+engine: gotpl

build/dockerfile

+FROM {{ BASEIMAGE }}
+MAINTAINER mengkzhaoyun <mengkzhaoyun@gmail.com>
+
+ADD . /data/input
\ No newline at end of file

package.json

+{
+  "name": "harbor-chart",
+  "version": "v1.6.0"
+}
\ No newline at end of file

readme.md

+# images
+```bash
+docker pull goharbor/harbor-ui:dev && \
+docker tag goharbor/harbor-ui:dev  registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui:dev  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui:dev 
+
+docker pull goharbor/harbor-adminserver:dev && \
+docker tag goharbor/harbor-adminserver:dev  registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver:dev  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver:dev 
+
+docker pull goharbor/harbor-jobservice:dev && \
+docker tag goharbor/harbor-jobservice:dev  registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:dev  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:dev 
+
+docker pull goharbor/harbor-db:dev && \
+docker tag goharbor/harbor-db:dev  registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db:dev  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db:dev 
+
+docker pull goharbor/registry-photon:dev && \
+docker tag goharbor/registry-photon:dev  registry-vpc.cn-qingdao.aliyuncs.com/wod/registry-photon:dev  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/registry-photon:dev 
+
+docker pull goharbor/chartmuseum-photon:dev && \
+docker tag goharbor/chartmuseum-photon:dev  registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum-photon:dev  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum-photon:dev 
+
+docker pull goharbor/clair-photon:dev && \
+docker tag goharbor/clair-photon:dev  registry-vpc.cn-qingdao.aliyuncs.com/wod/clair-photon:dev  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/clair-photon:dev 
+
+docker pull goharbor/notary-server-photon:dev && \
+docker tag goharbor/notary-server-photon:dev  registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server-photon:dev  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server-photon:dev 
+
+docker pull registry:2.6.2 && \
+docker tag registry:2.6.2  registry-vpc.cn-qingdao.aliyuncs.com/wod/registry:2.6.2  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/registry:2.6.2 
+
+docker pull nginx:1.15.2-alpine && \
+docker tag nginx:1.15.2-alpine  registry-vpc.cn-qingdao.aliyuncs.com/wod/nginx:1.15.2-alpine  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/nginx:1.15.2-alpine 
+
+docker pull redis:4.0.1-alpine && \
+docker tag redis:4.0.1-alpine  registry-vpc.cn-qingdao.aliyuncs.com/wod/redis:4.0.1-alpine  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/redis:4.0.1-alpine
+```
+
+# setup
+```powershell
+# 1.template
+cd /etc/kubernetes/helm/harbor && helm template . --name harbor --namespace devops > ./dist/harbor.yaml
+
+# 2.helm install
+helm install /etc/kubernetes/helm/harbor \
+--name harbor \
+--namespace devops \
+--set harborAdminPassword=spaceIN511 \
+--set nodeSelector.kubernetes\.io/hostname=172.31.14.41 \
+--set externalDomain=harbor.wodcloud.com
+```
+
+
+# images
+```bash
+docker pull goharbor/harbor-ui:v1.6.0 && \
+docker tag goharbor/harbor-ui:v1.6.0  registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui:v1.6.0  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui:v1.6.0 
+
+docker pull goharbor/harbor-adminserver:v1.6.0 && \
+docker tag goharbor/harbor-adminserver:v1.6.0  registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver:v1.6.0  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver:v1.6.0 
+
+docker pull goharbor/harbor-jobservice:v1.6.0 && \
+docker tag goharbor/harbor-jobservice:v1.6.0  registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v1.6.0  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice:v1.6.0 
+
+docker pull goharbor/harbor-db:v1.6.0 && \
+docker tag goharbor/harbor-db:v1.6.0  registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db:v1.6.0  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db:v1.6.0 
+
+docker pull chartmuseum/chartmuseum:v0.7.1 && \
+docker tag chartmuseum/chartmuseum:v0.7.1  registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum:v0.7.1  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum:v0.7.1 
+
+docker pull quay.io/coreos/clair:v2.0.6 && \
+docker tag quay.io/coreos/clair:v2.0.6  registry-vpc.cn-qingdao.aliyuncs.com/wod/clair:v2.0.6  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/clair:v2.0.6
+
+docker pull notary:server-0.5.0 && \
+docker tag notary:server-0.5.0  registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server:0.5.0  && \
+docker push registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server:0.5.0
+```
\ No newline at end of file

templates/NOTES.txt

+Please wait for several minutes for Harbor deployment to complete.
+Then you should be able to visit the UI portal at {{ template "harbor.externalURL" . }}. 
+For more details, please visit https://github.com/vmware/harbor.
\ No newline at end of file

templates/_helpers.tpl

+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "harbor.name" -}}
+{{- default "harbor" .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "harbor.fullname" -}}
+{{- $name := default "harbor" .Values.nameOverride -}}
+{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Helm required labels */}}
+{{- define "harbor.labels" -}}
+heritage: {{ .Release.Service }}
+release: {{ .Release.Name }}
+chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+app: "{{ template "harbor.name" . }}"
+{{- end -}}
+
+{{/* matchLabels */}}
+{{- define "harbor.matchLabels" -}}
+release: {{ .Release.Name }}
+app: "{{ template "harbor.name" . }}"
+{{- end -}}
+
+{{- define "harbor.externalURL" -}}
+{{- if .Values.externalPort -}}
+{{- printf "%s://%s:%s" .Values.externalProtocol .Values.externalDomain (toString .Values.externalPort) -}}
+{{- else -}}
+{{- printf "%s://%s" .Values.externalProtocol .Values.externalDomain -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Use *.domain.com as the Common Name in the certificate,
+so it can match Harbor service FQDN and Notary service FQDN.
+*/}}
+{{- define "harbor.certCommonName" -}}
+{{- $list := splitList "." .Values.externalDomain -}}
+{{- $list := prepend (rest $list) "*" -}}
+{{- $cn := join "." $list -}}
+{{- printf "%s" $cn -}}
+{{- end -}}
+
+{{/* The external FQDN of Notary server. */}}
+{{- define "harbor.notaryFQDN" -}}
+{{- printf "notary-%s" .Values.externalDomain -}}
+{{- end -}}
+
+{{- define "harbor.notaryServiceName" -}}
+{{- printf "%s-notary-server" (include "harbor.fullname" .) -}}
+{{- end -}}
+
+{{- define "harbor.database.host" -}}
+  {{- if eq .Values.database.type "internal" -}}
+    {{- template "harbor.fullname" . }}-database
+  {{- else -}}
+    {{- .Values.database.external.host -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.database.port" -}}
+  {{- if eq .Values.database.type "internal" -}}
+    {{- printf "%s" "5432" -}}
+  {{- else -}}
+    {{- .Values.database.external.port -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.database.username" -}}
+  {{- if eq .Values.database.type "internal" -}}
+    {{- printf "%s" "postgres" -}}
+  {{- else -}}
+    {{- .Values.database.external.username -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.database.password" -}}
+  {{- if eq .Values.database.type "internal" -}}
+    {{- .Values.database.internal.password | b64enc | quote -}}
+  {{- else -}}
+    {{- .Values.database.external.password | b64enc | quote -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.database.rawPassword" -}}
+  {{- if eq .Values.database.type "internal" -}}
+    {{- .Values.database.internal.password -}}
+  {{- else -}}
+    {{- .Values.database.external.password -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.database.coreDatabase" -}}
+  {{- if eq .Values.database.type "internal" -}}
+    {{- printf "%s" "registry" -}}
+  {{- else -}}
+    {{- .Values.database.external.coreDatabase -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.database.clairDatabase" -}}
+  {{- if eq .Values.database.type "internal" -}}
+    {{- printf "%s" "postgres" -}}
+  {{- else -}}
+    {{- .Values.database.external.clairDatabase -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.database.notaryServerDatabase" -}}
+  {{- if eq .Values.database.type "internal" -}}
+    {{- printf "%s" "notaryserver" -}}
+  {{- else -}}
+    {{- .Values.database.external.notaryServerDatabase -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.database.notarySignerDatabase" -}}
+  {{- if eq .Values.database.type "internal" -}}
+    {{- printf "%s" "notarysigner" -}}
+  {{- else -}}
+    {{- .Values.database.external.notarySignerDatabase -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.database.clair" -}}
+postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.clairDatabase" . }}?sslmode=disable
+{{- end -}}
+
+{{- define "harbor.database.notaryServer" -}}
+postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notaryServerDatabase" . }}?sslmode=disable
+{{- end -}}
+
+{{- define "harbor.database.notarySigner" -}}
+postgres://{{ template "harbor.database.username" . }}:{{ template "harbor.database.rawPassword" . }}@{{ template "harbor.database.host" . }}:{{ template "harbor.database.port" . }}/{{ template "harbor.database.notarySignerDatabase" . }}?sslmode=disable
+{{- end -}}
+
+{{- define "harbor.redis.host" -}}
+  {{- if .Values.redis.external.enabled -}}
+    {{- .Values.redis.external.host -}}
+  {{- else -}}
+    {{- .Release.Name }}-redis
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.redis.port" -}}
+  {{- if .Values.redis.external.enabled -}}
+    {{- .Values.redis.external.port -}}
+  {{- else -}}
+    6379
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.redis.databaseIndex" -}}
+  {{- if .Values.redis.external.enabled -}}
+    {{- .Values.redis.external.databaseIndex -}}
+  {{- else -}}
+    {{- printf "%s" "0" }}
+  {{- end -}}
+{{- end -}}
+
+{{- define "harbor.redis.password" -}}
+  {{- if and .Values.redis.external.enabled .Values.redis.external.usePassword -}}
+    {{- .Values.redis.external.password -}}
+  {{- else if and (not .Values.redis.external.enabled) .Values.redis.usePassword -}}
+    {{- .Values.redis.password -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*the username redis is used for a placeholder as no username needed in redis*/}}
+{{- define "harbor.redisForJobservice" -}}
+  {{- if and .Values.redis.external.enabled .Values.redis.external.usePassword -}}
+    redis:{{ template "harbor.redis.password" . }}@{{ template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}/{{ template "harbor.redis.databaseIndex" }}
+  {{- else if and (not .Values.redis.external.enabled) .Values.redis.usePassword -}}
+    redis:{{ template "harbor.redis.password" . }}@{{ template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}/{{ template "harbor.redis.databaseIndex" }}
+  {{- else }}
+    {{- template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}/{{ template "harbor.redis.databaseIndex" }}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+host:port,pool_size,password
+100 is the default value of pool size
+*/}}
+{{- define "harbor.redisForUI" -}}
+  {{- template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }},100,{{ template "harbor.redis.password" . }}
+{{- end -}}

templates/adminserver/adminserver-cm.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ template "harbor.fullname" . }}-adminserver"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: adminserver
+data:
+  POSTGRESQL_HOST: "{{ template "harbor.database.host" . }}"
+  POSTGRESQL_PORT: "{{ template "harbor.database.port" . }}"
+  POSTGRESQL_USERNAME: "{{ template "harbor.database.username" . }}"
+  POSTGRESQL_DATABASE: "{{ template "harbor.database.coreDatabase" . }}"
+  EMAIL_HOST: "{{ .Values.email.host }}"
+  EMAIL_PORT: "{{ .Values.email.port }}"
+  EMAIL_USR: "{{ .Values.email.username }}"
+  EMAIL_SSL: "{{ .Values.email.ssl }}"
+  EMAIL_FROM: "{{ .Values.email.from }}"
+  EMAIL_IDENTITY: "{{ .Values.email.identity }}"
+  EMAIL_INSECURE: "{{ .Values.email.insecure }}"
+  EXT_ENDPOINT: "{{ template "harbor.externalURL" . }}"
+  UI_URL: "http://{{ template "harbor.fullname" . }}-ui"
+  JOBSERVICE_URL: "http://{{ template "harbor.fullname" . }}-jobservice"
+  REGISTRY_URL: "http://{{ template "harbor.fullname" . }}-registry:5000"
+  TOKEN_SERVICE_URL: "http://{{ template "harbor.fullname" . }}-ui/service/token"
+  WITH_NOTARY: "{{ .Values.notary.enabled }}"
+  NOTARY_URL: "http://{{ template "harbor.notaryServiceName" . }}:4443"
+  LOG_LEVEL: "info"
+  IMAGE_STORE_PATH: "/" # This is a temporary hack.
+  AUTH_MODE: "{{ .Values.authenticationMode }}"
+  SELF_REGISTRATION: "{{ .Values.selfRegistration }}"
+  LDAP_URL: "{{ .Values.ldap.url }}"
+  LDAP_SEARCH_DN: "{{ .Values.ldap.searchDN }}"
+  LDAP_BASE_DN: "{{ .Values.ldap.baseDN }}"
+  LDAP_FILTER: "{{ .Values.ldap.filter }}"
+  LDAP_UID: "{{ .Values.ldap.uid }}"
+  LDAP_SCOPE: "{{ .Values.ldap.scope }}"
+  LDAP_TIMEOUT: "{{ .Values.ldap.timeout }}"
+  LDAP_VERIFY_CERT: "{{ .Values.ldap.verifyCert }}"
+  DATABASE_TYPE: "postgresql"
+  PROJECT_CREATION_RESTRICTION: "everyone"
+  VERIFY_REMOTE_CERT: "off"
+  MAX_JOB_WORKERS: "3"
+  TOKEN_EXPIRATION: "30"
+  CFG_EXPIRATION: "5"
+  GODEBUG: "netdns=cgo"
+  ADMIRAL_URL: "NA"
+  RESET: "false"
+  WITH_CLAIR: "{{ .Values.clair.enabled }}"
+  CLAIR_DB_HOST: "{{ template "harbor.database.host" . }}"
+  CLAIR_DB_PORT: "{{ template "harbor.database.port" . }}"
+  CLAIR_DB_USERNAME: "{{ template "harbor.database.username" . }}"
+  CLAIR_DB: "{{ template "harbor.database.clairDatabase" . }}"
+  CLAIR_URL: "http://{{ template "harbor.fullname" . }}-clair:6060"
+  UAA_ENDPOINT: ""
+  UAA_CLIENTID: ""
+  UAA_CLIENTSECRET: ""
+  UAA_VERIFY_CERT: "True"
+  REGISTRY_STORAGE_PROVIDER_NAME: "{{ .Values.registry.storage.type }}"
+  WITH_CHARTMUSEUM: "{{ .Values.chartmuseum.enabled }}"
+  CHART_REPOSITORY_URL: "http://{{ template "harbor.fullname" . }}-chartmuseum"
\ No newline at end of file

templates/adminserver/adminserver-secrets.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ template "harbor.fullname" . }}-adminserver"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: adminserver
+type: Opaque
+data:
+  secretKey: {{ .Values.secretKey | b64enc | quote }}
+  EMAIL_PWD: {{ .Values.email.password | b64enc | quote }}
+  HARBOR_ADMIN_PASSWORD: {{ .Values.harborAdminPassword | b64enc | quote }}
+  POSTGRESQL_PASSWORD: {{ template "harbor.database.password" . }}
+  JOBSERVICE_SECRET: {{ .Values.jobservice.secret | b64enc | quote }}
+  UI_SECRET: {{ .Values.ui.secret | b64enc | quote }}
+{{- if eq .Values.authenticationMode "ldap_auth" }} 
+  LDAP_SEARCH_PWD: {{ .Values.ldap.searchPassword | b64enc | quote }} 
+{{- end }}
+{{ if .Values.clair.enabled }}
+  CLAIR_DB_PASSWORD: {{ template "harbor.database.password" . }}
+{{ end }}

templates/adminserver/adminserver-ss.yaml

+apiVersion: apps/v1beta2
+kind: StatefulSet
+metadata:
+  name: "{{ template "harbor.fullname" . }}-adminserver"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: adminserver
+spec:
+  replicas: 1
+  serviceName: "{{ template "harbor.fullname" . }}-adminserver"
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: adminserver
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: adminserver
+    spec:
+      containers:
+      - name: adminserver
+        image: "{{ .Values.adminserver.image.repository }}:{{ .Values.adminserver.image.tag }}"
+        imagePullPolicy: "{{ .Values.adminserver.image.pullPolicy }}"
+        resources:
+{{ toYaml .Values.adminserver.resources | indent 10 }}
+        envFrom:
+        - configMapRef:
+            name: "{{ template "harbor.fullname" . }}-adminserver"
+        - secretRef:
+            name: "{{ template "harbor.fullname" . }}-adminserver"
+        env:
+          - name: PORT
+            value: "8080"
+          - name: JSON_CFG_STORE_PATH
+            value: /etc/adminserver/config/config.json
+          - name: KEY_PATH
+            value: /etc/adminserver/key
+        ports:
+        - containerPort: 8080
+        volumeMounts:
+        - name: data
+          mountPath: /etc/adminserver/config
+        - name: adminserver-key
+          mountPath: /etc/adminserver/key
+          subPath: key
+      volumes:
+      {{- if not .Values.persistence.enabled }}
+      - name: data
+        emptyDir: {}
+      {{- end }}
+      - name: adminserver-key
+        secret:
+          secretName: "{{ template "harbor.fullname" . }}-adminserver"
+          items:
+          - key: secretKey
+            path: key
+    {{- with .Values.adminserver.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.adminserver.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.adminserver.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+  {{- if .Values.persistence.enabled }}
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes: [{{ .Values.adminserver.volumes.config.accessMode | quote }}]
+      {{- if .Values.adminserver.volumes.config.storageClass }}
+      {{- if (eq "-" .Values.adminserver.volumes.config.storageClass) }}
+      storageClassName: ""
+      {{- else }}
+      storageClassName: "{{ .Values.adminserver.volumes.config.storageClass }}"
+      {{- end }}
+      {{- end }}
+      resources:
+        requests:
+          storage: {{ .Values.adminserver.volumes.config.size | quote }}
+  {{- end -}}

templates/adminserver/adminserver-svc.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "harbor.fullname" . }}-adminserver"
+spec:
+  ports:
+    - port: 80
+      targetPort: 8080
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: adminserver
\ No newline at end of file

templates/chartmuseum/chartmuseum-cm.yaml

+{{- if .Values.chartmuseum.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ template "harbor.fullname" . }}-chartmuseum"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+data:
+  PORT: "9999"
+  CACHE: "redis"
+  CACHE_REDIS_ADDR: "{{ template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}"
+  CACHE_REDIS_DB: "{{ template "harbor.redis.databaseIndex" }}"
+  BASIC_AUTH_USER: "chart_controller"
+  DEPTH: "1"
+  STORAGE: "local"
+  STORAGE_LOCAL_ROOTDIR: "/chart_storage"
+  DEBUG: "false"
+  LOG_JSON: "true"
+  DISABLE_METRICS: "false"
+  DISABLE_API: "false"
+  DISABLE_STATEFILES: "false"
+  ALLOW_OVERWRITE: "true"
+  CHART_URL: ""
+  AUTH_ANONYMOUS_GET: "false"
+  TLS_CERT: ""
+  TLS_KEY: ""
+  CONTEXT_PATH: ""
+  INDEX_LIMIT: "0"
+  MAX_STORAGE_OBJECTS: "0"
+  MAX_UPLOAD_SIZE: "20971520"
+  CHART_POST_FORM_FIELD_NAME: "chart"
+  PROV_POST_FORM_FIELD_NAME: "prov"
+{{- end }}
\ No newline at end of file

templates/chartmuseum/chartmuseum-secret.yaml

+{{- if .Values.chartmuseum.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ template "harbor.fullname" . }}-chartmuseum"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+type: Opaque
+data:
+  CACHE_REDIS_PASSWORD: "{{ template "harbor.redis.password" }}"
+  BASIC_AUTH_PASS: {{ .Values.ui.secret | b64enc | quote }}
+{{- end }}
\ No newline at end of file

templates/chartmuseum/chartmuseum-ss.yaml

+{{- if .Values.chartmuseum.enabled }}
+apiVersion: apps/v1beta2
+kind: StatefulSet
+metadata:
+  name: "{{ template "harbor.fullname" . }}-chartmuseum"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: chartmuseum
+spec:
+  replicas: 1
+  serviceName: "{{ template "harbor.fullname" . }}-chartmuseum"
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: chartmuseum
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: chartmuseum
+    spec:
+      containers:
+      - name: chartmuseum
+        image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
+        imagePullPolicy: {{ .Values.chartmuseum.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.chartmuseum.resources | indent 10 }}
+        envFrom:
+        - configMapRef:
+            name: "{{ template "harbor.fullname" . }}-chartmuseum"
+        - secretRef:
+            name: "{{ template "harbor.fullname" . }}-chartmuseum"
+        ports:
+        - containerPort: 9999
+        # TODO: update it after moving the storage out of registry scope
+        {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }}
+        volumeMounts:
+        - name: data
+          mountPath: /chart_storage
+        {{- end }}
+      {{- with .Values.chartmuseum.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.chartmuseum.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with .Values.chartmuseum.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+  {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }}
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+    spec:
+      accessModes: [{{ .Values.chartmuseum.volumes.data.accessMode | quote }}]
+      {{- if .Values.chartmuseum.volumes.data.storageClass }}
+      {{- if (eq "-" .Values.chartmuseum.volumes.data.storageClass) }}
+      storageClassName: ""
+      {{- else }}
+      storageClassName: "{{ .Values.chartmuseum.volumes.data.storageClass }}"
+      {{- end }}
+      {{- end }}
+      resources:
+        requests:
+          storage: {{ .Values.chartmuseum.volumes.data.size | quote }}
+  {{- end -}}
+{{- end }}
\ No newline at end of file

templates/chartmuseum/chartmuseum-svc.yaml

+{{- if .Values.chartmuseum.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "harbor.fullname" . }}-chartmuseum"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+    - port: 80
+      targetPort: 9999
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: chartmuseum
+{{- end }}
\ No newline at end of file

templates/clair/clair-cm.yaml

+{{ if .Values.clair.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "harbor.fullname" . }}-clair
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: clair
+data:
+  config.yaml: |
+    clair:
+      database:
+        type: pgsql
+        options:
+          source: "{{ template "harbor.database.clair" . }}"
+          # Number of elements kept in the cache
+          # Values unlikely to change (e.g. namespaces) are cached in order to save prevent needless roundtrips to the database.
+          cachesize: 16384
+
+      api:
+        # API server port
+        port: 6060
+        healthport: 6061
+
+        # Deadline before an API request will respond with a 503
+        timeout: 300s
+      updater:
+        interval: 12h
+
+      notifier:
+        attempts: 3
+        renotifyinterval: 2h
+        http:
+          endpoint: "http://{{ template "harbor.fullname" . }}-ui/service/notifications/clair"
+{{ end }}

templates/clair/clair-dpl.yaml

+{{ if .Values.clair.enabled }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ template "harbor.fullname" . }}-clair
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: clair
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: clair
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: clair
+    spec:
+      containers:
+      - name: clair
+        image: {{ .Values.clair.image.repository }}:{{ .Values.clair.image.tag }}
+        imagePullPolicy: {{ .Values.clair.image.pullPolicy }}
+        args: ["-insecure-tls", "-config", "/etc/clair/config.yaml"]
+        resources:
+{{ toYaml .Values.clair.resources | indent 10 }}
+        ports:
+        - containerPort: 6060
+        volumeMounts:
+        - name: clair-config
+          mountPath: /etc/clair/config.yaml
+          subPath: config.yaml
+      volumes:
+      - name: clair-config
+        configMap:
+          name: "{{ template "harbor.fullname" . }}-clair"
+          items:
+            - key: config.yaml
+              path: config.yaml
+    {{- with .Values.clair.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.clair.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.clair.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+{{ end }}

templates/clair/clair-svc.yaml

+{{ if .Values.clair.enabled }}
+# clair host isn't configurable yet.  this creates a service
+# to get it working for now.
+# see https://github.com/vmware/harbor/issues/3250
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "harbor.fullname" . }}-clair"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+    - port: 6060
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: clair
+{{ end }}

templates/database/database-secret.yaml

+{{- if eq .Values.database.type "internal" -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ template "harbor.fullname" . }}-database"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+type: Opaque
+data:
+  POSTGRES_PASSWORD: {{ template "harbor.database.password" . }}
+{{- end -}}

templates/database/database-ss.yaml

+{{- if eq .Values.database.type "internal" -}}
+apiVersion: apps/v1beta2
+kind: StatefulSet
+metadata:
+  name: "{{ template "harbor.fullname" . }}-database"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: database
+spec:
+  replicas: 1
+  serviceName: "{{ template "harbor.fullname" . }}-database"
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: database
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: database
+    spec:
+      initContainers:
+      - name: "remove-lost-found"
+        image: "{{ .Values.busybox.image.repository }}:{{ .Values.busybox.image.tag }}"
+        command: ["rm", "-Rf", "/var/lib/postgresql/data/lost+found"]
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/postgresql/data
+      containers:
+      - name: database
+        image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
+        imagePullPolicy: {{ .Values.database.internal.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.database.internal.resources | indent 10 }}
+        envFrom:
+          - secretRef:
+              name: "{{ template "harbor.fullname" . }}-database"
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/postgresql/data
+      {{- if not .Values.persistence.enabled }}
+      volumes:
+      - name: "data"
+        emptyDir: {}
+      {{- end -}}
+    {{- with .Values.database.internal.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.database.internal.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.database.internal.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+  {{- if .Values.persistence.enabled }}
+  volumeClaimTemplates:
+  - metadata:
+      name: "data"
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+    spec:
+      accessModes: [{{ .Values.database.internal.volumes.data.accessMode | quote }}]
+      {{- if .Values.database.internal.volumes.data.storageClass }}
+      {{- if (eq "-" .Values.database.internal.volumes.data.storageClass) }}
+      storageClassName: ""
+      {{- else }}
+      storageClassName: "{{ .Values.database.internal.volumes.data.storageClass }}"
+      {{- end }}
+      {{- end }}
+      resources:
+        requests:
+          storage: {{ .Values.database.internal.volumes.data.size | quote }}
+  {{- end -}}
+  {{- end -}}

templates/database/database-svc.yaml

+{{- if eq .Values.database.type "internal" -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "harbor.fullname" . }}-database"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+    - port: 5432
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: database
+{{- end -}}
\ No newline at end of file

templates/ingress/ingress.yaml

+{{ if .Values.ingress.enabled }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: "{{ template "harbor.fullname" . }}-ingress"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+  annotations:
+{{ toYaml .Values.ingress.annotations | indent 4 }}
+spec:
+# {{ if eq .Values.externalProtocol "https" }}
+#   tls:
+#   - hosts:
+#     - "{{ .Values.externalDomain }}"
+#     - "{{ template "harbor.notaryFQDN" . }}"
+#     {{ if eq .Values.ingress.tls.secretName "" }}
+#     secretName: "{{ template "harbor.fullname" . }}-ingress"
+#     {{ else }}
+#     secretName: {{ .Values.ingress.tls.secretName }}
+#     {{ end }}
+# {{ end }}
+  rules:
+  - host: "{{ .Values.externalDomain }}"
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: {{ template "harbor.fullname" . }}-ui
+          servicePort: 80
+  - host: "{{ template "harbor.notaryFQDN" . }}"
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: {{ template "harbor.notaryServiceName" . }}
+          servicePort: 4443
+{{ end }}
\ No newline at end of file

templates/ingress/secret.yaml

+{{ if eq .Values.externalProtocol "https" }}
+{{ if .Values.ingress.enabled }}
+{{ if eq .Values.ingress.tls.secretName "" }}
+{{ $ca := genCA "harbor-ca" 3650 }}
+{{ $cert := genSignedCert (include "harbor.certCommonName" .) nil nil 3650 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ template "harbor.fullname" . }}-ingress"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .Values.tlsCrt | default $cert.Cert | b64enc | quote }}
+  tls.key: {{ .Values.tlsKey | default $cert.Key | b64enc | quote }}
+  ca.crt: {{ .Values.caCrt | default $ca.Cert | b64enc | quote }}
+{{ end }}
+{{ end }}
+{{ end }}
\ No newline at end of file

templates/jobservice/jobservice-cm.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ template "harbor.fullname" . }}-jobservice"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+data:
+  config.yml: |+
+    protocol: "http"
+    port: 8080
+    worker_pool:
+      workers: {{ .Values.jobservice.maxWorkers }}
+      backend: "redis"
+      redis_pool:
+        redis_url: "{{ template "harbor.redisForJobservice" . }}"
+        namespace: "harbor_job_service_namespace"
+    logger:
+      path: "/var/log/jobs"
+      level: "INFO"
+      archive_period: 14 #days
+    admin_server: "http://{{ template "harbor.fullname" . }}-adminserver"

templates/jobservice/jobservice-dpl.yaml

+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: "{{ template "harbor.fullname" . }}-jobservice"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: jobservice
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: jobservice
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: jobservice
+    spec:
+      containers:
+      - name: jobservice
+        image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }}
+        imagePullPolicy: {{ .Values.jobservice.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.jobservice.resources | indent 10 }}
+        envFrom:
+        - secretRef:
+            name: "{{ template "harbor.fullname" . }}-jobservice"
+        env:
+          - name: LOG_LEVEL
+            value: debug
+          - name: GODEBUG
+            value: netdns=cgo
+        ports:
+        - containerPort: 8080
+        volumeMounts:
+        - name: jobservice-config
+          mountPath: /etc/jobservice/config.yml
+          subPath: config.yml
+        - name: job-logs
+          mountPath: /var/log/jobs
+      volumes:
+      - name: jobservice-config
+        configMap:
+          name: "{{ template "harbor.fullname" . }}-jobservice"
+      - name: job-logs
+        emptyDir: {}
+    {{- with .Values.jobservice.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.jobservice.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.jobservice.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}

templates/jobservice/jobservice-secrets.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ template "harbor.fullname" . }}-jobservice"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+type: Opaque
+data:
+  secretKey: {{ .Values.secretKey | b64enc | quote }}
+  JOBSERVICE_SECRET: {{ .Values.jobservice.secret | b64enc | quote }}
+  UI_SECRET: {{ .Values.ui.secret | b64enc | quote }}
\ No newline at end of file

templates/jobservice/jobservice-svc.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "harbor.fullname" . }}-jobservice"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+    - port: 80
+      targetPort: 8080
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: jobservice

templates/notary/notary-cm.yaml

+{{ if .Values.notary.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "harbor.fullname" . }}-notary
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: notary
+data:
+  {{ $ca := genCA "harbor-notary-ca" 3650 }}
+  {{ $cert := genSignedCert (printf "%s-notary-signer" (include "harbor.fullname" .)) nil nil 3650 $ca }}
+  notary-signer-ca.crt: |
+{{ .Values.notary.signer.caCrt  | default $ca.Cert   | indent 4 }}
+  notary-signer.crt: |
+{{ .Values.notary.signer.tlsCrt | default $cert.Cert | indent 4 }}
+  notary-signer.key: |
+{{ .Values.notary.signer.tlsKey | default $cert.Key  | indent 4 }}
+  server-config.postgres.json: |
+    {
+      "server": {
+        "http_addr": ":4443"
+      },
+      "trust_service": {
+        "type": "remote",
+        "hostname": "{{ template "harbor.fullname" . }}-notary-signer",
+        "port": "7899",
+        "tls_ca_file": "./notary-signer-ca.crt",
+        "key_algorithm": "ecdsa"
+      },
+      "logging": {
+        "level": "debug"
+      },
+      "storage": {
+        "backend": "postgres",
+        "db_url": "{{ template "harbor.database.notaryServer" . }}"
+      },
+      "auth": {
+          "type": "token",
+          "options": {
+              "realm": "{{ template "harbor.externalURL" . }}/service/token",
+              "service": "harbor-notary",
+              "issuer": "harbor-token-issuer",
+              "rootcertbundle": "/root.crt"
+          }
+      }
+    }
+  signer-config.postgres.json: |
+    {
+      "server": {
+        "grpc_addr": ":7899",
+        "tls_cert_file": "./notary-signer.crt",
+        "tls_key_file": "./notary-signer.key"
+      },
+      "logging": {
+        "level": "debug"
+      },
+      "storage": {
+        "backend": "postgres",
+        "db_url": "{{ template "harbor.database.notarySigner" . }}",
+        "default_alias": "defaultalias"
+      }
+    }
+{{ end }}

templates/notary/notary-server.yaml

+{{ if .Values.notary.enabled }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ template "harbor.fullname" . }}-notary-server
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: notary-server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: notary-server
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: notary-server
+    spec:
+      containers:
+      - name: notary-server
+        image: {{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }}
+        imagePullPolicy: {{ .Values.notary.server.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.notary.server.resources | indent 10 }}
+        env:
+        - name: MIGRATIONS_PATH
+          value: migrations/server/postgresql
+        - name: DB_URL
+          value: {{ template "harbor.database.notaryServer" . }}
+        volumeMounts:
+        - name: notary-config
+          mountPath: /etc/notary
+        - name: root-certificate
+          mountPath: /root.crt
+          subPath: tokenServiceRootCertBundle
+      volumes:
+      - name: notary-config
+        configMap:
+          name: "{{ template "harbor.fullname" . }}-notary"
+      - name: root-certificate
+        secret:
+          secretName: "{{ template "harbor.fullname" . }}-ui"
+    {{- with .Values.notary.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.notary.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.notary.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+{{ end }}

templates/notary/notary-signer.yaml

+{{ if .Values.notary.enabled }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ template "harbor.fullname" . }}-notary-signer
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: notary-signer
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: notary-signer
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: notary-signer
+    spec:
+      containers:
+      - name: notary-signer
+        image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }}
+        imagePullPolicy: {{ .Values.notary.signer.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.notary.signer.resources | indent 10 }}
+        env:
+        - name: MIGRATIONS_PATH
+          value: migrations/signer/postgresql
+        - name: DB_URL
+          value: {{ template "harbor.database.notarySigner" . }}
+        - name: NOTARY_SIGNER_DEFAULTALIAS
+          value: {{ .Values.notary.signer.env.NOTARY_SIGNER_DEFAULTALIAS }}
+        volumeMounts:
+        - name: notary-config
+          mountPath: /etc/notary
+      volumes:
+      - name: notary-config
+        configMap:
+          name: "{{ template "harbor.fullname" . }}-notary"
+{{ end }}

templates/notary/notary-svc.yaml

+{{ if .Values.notary.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "harbor.notaryServiceName" . }}
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+  - port: 4443
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: notary-server
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "harbor.fullname" . }}-notary-signer
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+  - port: 7899
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: notary-signer
+{{ end }}
\ No newline at end of file

templates/redis/redis.dp.yml

+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ template "harbor.fullname" . }}-redis
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: redis
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: redis
+    spec:
+      containers:
+      - name: redis
+        image: {{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
+        imagePullPolicy: {{ .Values.redis.image.pullPolicy }}
+        args: ["--save","''","--appendonly","no"]
+        ports:
+        - name: redis
+          containerPort: 6379
\ No newline at end of file

templates/redis/redis.svc.yml

+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "harbor.fullname" . }}-redis
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: redis  
+spec:
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: redis
+  ports:
+  - name: redis
+    port: 6379
\ No newline at end of file

templates/registry/registry-cm.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ template "harbor.fullname" . }}-registry"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+data:
+  config.yml: |+
+    version: 0.1
+    log:
+      level: {{ .Values.registry.logLevel }}
+      fields:
+        service: registry
+    storage:
+      {{- $storage := .Values.registry.storage }}
+      {{- $type := $storage.type }}
+      {{- if eq $type "filesystem" }}
+      filesystem:
+        rootdirectory: {{ $storage.filesystem.rootdirectory }}
+        {{- if $storage.filesystem.maxthreads }}
+        maxthreads: {{ $storage.filesystem.maxthreads }}
+        {{- end }}
+      {{- else if eq $type "azure" }}
+      azure:
+        accountname: {{ $storage.azure.accountname }}
+        container: {{ $storage.azure.container }}
+        {{- if $storage.azure.realm }}
+        realm: {{ $storage.azure.realm }}
+        {{- end }}
+      {{- else if eq $type "gcs" }}
+      gcs:
+        bucket: {{ $storage.gcs.bucket }}
+        {{- if $storage.gcs.rootdirectory }}
+        rootdirectory: {{ $storage.gcs.rootdirectory }}
+        {{- end }}
+        {{- if $storage.gcs.chunksize }}
+        chunksize: {{ $storage.gcs.chunksize }}
+        {{- end }}
+      {{- else if eq $type "s3" }}
+      s3:
+        region: {{ $storage.s3.region }}
+        bucket: {{ $storage.s3.bucket }}
+        {{- if $storage.s3.regionendpoint }}
+        regionendpoint: {{ $storage.s3.regionendpoint }}
+        {{- end }}
+        {{- if $storage.s3.encrypt }}
+        encrypt: {{ $storage.s3.encrypt }}
+        {{- end }}
+        {{- if $storage.s3.secure }}
+        secure: {{ $storage.s3.secure }}
+        {{- end }}
+        {{- if $storage.s3.v4auth }}
+        v4auth: {{ $storage.s3.v4auth }}
+        {{- end }}
+        {{- if $storage.s3.chunksize }}
+        chunksize: {{ $storage.s3.chunksize }}
+        {{- end }}
+        {{- if $storage.s3.rootdirectory }}
+        rootdirectory: {{ $storage.s3.rootdirectory }}
+        {{- end }}
+        {{- if $storage.s3.storageclass }}
+        storageclass: {{ $storage.s3.storageclass }}
+        {{- end }}
+      {{- else if eq $type "swift" }}
+      swift:
+        authurl: {{ $storage.swift.authurl }}
+        username: {{ $storage.swift.username }}
+        container: {{ $storage.swift.container }}
+        {{- if $storage.swift.region }}
+        region: {{ $storage.swift.region }}
+        {{- end }}
+        {{- if $storage.swift.tenant }}
+        tenant: {{ $storage.swift.tenant }}
+        {{- end }}
+        {{- if $storage.swift.tenantid }}
+        tenantid: {{ $storage.swift.tenantid }}
+        {{- end }}
+        {{- if $storage.swift.domain }}
+        domain: {{ $storage.swift.domain }}
+        {{- end }}
+        {{- if $storage.swift.domainid }}
+        domainid: {{ $storage.swift.domainid }}
+        {{- end }}
+        {{- if $storage.swift.trustid }}
+        trustid: {{ $storage.swift.trustid }}
+        {{- end }}
+        {{- if $storage.swift.insecureskipverify }}
+        insecureskipverify: {{ $storage.swift.insecureskipverify }}
+        {{- end }}
+        {{- if $storage.swift.chunksize }}
+        chunksize: {{ $storage.swift.chunksize }}
+        {{- end }}
+        {{- if $storage.swift.prefix }}
+        prefix: {{ $storage.swift.prefix }}
+        {{- end }}
+        {{- if $storage.swift.authversion }}
+        authversion: {{ $storage.swift.authversion }}
+        {{- end }}
+        {{- if $storage.swift.endpointtype }}
+        endpointtype: {{ $storage.swift.endpointtype }}
+        {{- end }}
+        {{- if $storage.swift.tempurlcontainerkey }}
+        tempurlcontainerkey: {{ $storage.swift.tempurlcontainerkey }}
+        {{- end }}
+        {{- if $storage.swift.tempurlmethods }}
+        tempurlmethods: {{ $storage.swift.tempurlmethods }}
+        {{- end }}
+      {{- else if eq $type "oss" }}
+      oss:
+        accesskeyid: {{ $storage.oss.accesskeyid }}
+        region: {{ $storage.oss.region }}
+        bucket: {{ $storage.oss.bucket }}
+        {{- if $storage.oss.endpoint }}
+        endpoint: {{ $storage.oss.endpoint }}
+        {{- end }}
+        {{- if $storage.oss.internal }}
+        internal: {{ $storage.oss.internal }}
+        {{- end }}
+        {{- if $storage.oss.encrypt }}
+        encrypt: {{ $storage.oss.encrypt }}
+        {{- end }}
+        {{- if $storage.oss.secure }}
+        secure: {{ $storage.oss.secure }}
+        {{- end }}
+        {{- if $storage.oss.chunksize }}
+        chunksize: {{ $storage.oss.chunksize }}
+        {{- end }}
+        {{- if $storage.oss.rootdirectory }}
+        rootdirectory: {{ $storage.oss.rootdirectory }}
+        {{- end }}
+      {{- end }}
+      cache:
+        layerinfo: redis
+      maintenance:
+        uploadpurging:
+          enabled: false
+      delete:
+        enabled: true
+    redis:
+      addr: "{{ template "harbor.redis.host" . }}:{{ template "harbor.redis.port" . }}"
+      password: {{ template "harbor.redis.password" . }}
+      db: {{ template "harbor.redis.databaseIndex" . }}
+    http:
+      addr: :5000
+      # set via environment variable
+      # secret: placeholder
+      debug:
+        addr: localhost:5001
+    auth:
+      token:
+        issuer: harbor-token-issuer
+        realm: "{{ template "harbor.externalURL" . }}/service/token"
+        rootcertbundle: /etc/registry/root.crt
+        service: harbor-registry
+    notifications:
+      endpoints:
+        - name: harbor
+          disabled: false
+          url: http://{{ template "harbor.fullname" . }}-ui/service/notifications
+          timeout: 3000ms
+          threshold: 5
+          backoff: 1s

templates/registry/registry-secret.yaml

+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ template "harbor.fullname" . }}-registry"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+type: Opaque
+data:
+  httpSecret: {{ .Values.registry.httpSecret | b64enc | quote }}
+  {{- $storage := .Values.registry.storage }}
+  {{- $type := $storage.type }}
+  {{- if eq $type "azure" }}
+  accountkey: {{ $storage.azure.accountkey | b64enc | quote }}
+  {{- else if eq $type "s3" }}
+  {{- if $storage.s3.accesskey }}
+  accesskey: {{ $storage.s3.accesskey | b64enc | quote }}
+  {{- end }}
+  {{- if $storage.s3.secretkey }}
+  secretkey: {{ $storage.s3.secretkey | b64enc | quote }}
+  {{- end }}
+  {{- else if eq $type "swift" }}
+  password: {{ $storage.swift.password }}
+  {{- if $storage.swift.secretkey }}
+  secretkey: {{ $storage.swift.secretkey }}
+  {{- end }}
+  {{- if $storage.swift.accesskey }}
+  accesskey: {{ $storage.swift.accesskey }}
+  {{- end }}
+  {{- else if eq $type "oss" }}
+  accesskeysecret: {{ $storage.oss.accesskeysecret }}
+  {{- end }}
\ No newline at end of file

templates/registry/registry-ss.yaml

+apiVersion: apps/v1beta2
+kind: StatefulSet
+metadata:
+  name: "{{ template "harbor.fullname" . }}-registry"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: registry
+spec:
+  replicas: 1
+  serviceName: "{{ template "harbor.fullname" . }}-registry"
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: registry
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: registry
+    spec:
+      containers:
+      - name: registry
+        image: {{ .Values.registry.image.repository }}:{{ .Values.registry.image.tag }}
+        imagePullPolicy: {{ .Values.registry.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.registry.resources | indent 10 }}
+        args: ["serve", "/etc/registry/config.yml"]
+        env:
+          - name: REGISTRY_HTTP_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: "{{ template "harbor.fullname" . }}-registry"
+                key: httpSecret
+          {{- $storage := .Values.registry.storage }}
+          {{- $type := $storage.type }}
+          {{- if eq $type "azure" }}
+          - name: REGISTRY_STORAGE_AZURE_ACCOUNTKEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ template "harbor.fullname" . }}-registry"
+                key: accountkey
+          {{- else if eq $type "s3" }}
+          {{- if $storage.s3.accesskey }}
+          - name: REGISTRY_STORAGE_S3_ACCESSKEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ template "harbor.fullname" . }}-registry"
+                key: accesskey
+          {{- end }}
+          {{- if $storage.s3.secretkey }}
+          - name: REGISTRY_STORAGE_S3_SECRETKEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ template "harbor.fullname" . }}-registry"
+                key: secretkey
+          {{- end }}
+          {{- else if eq $type "swift" }}
+          - name: REGISTRY_STORAGE_SWIFT_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: "{{ template "harbor.fullname" . }}-registry"
+                key: password
+          {{- if $storage.swift.secretkey }}
+          - name: REGISTRY_STORAGE_SWIFT_SECRETKEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ template "harbor.fullname" . }}-registry"
+                key: secretkey
+          {{- end }}
+          {{- if $storage.swift.accesskey }}
+          - name: REGISTRY_STORAGE_SWIFT_ACCESSKEY
+            valueFrom:
+              secretKeyRef:
+                name: "{{ template "harbor.fullname" . }}-registry"
+                key: accesskey
+          {{- end }}
+          {{- else if eq $type "oss" }}
+          - name: REGISTRY_STORAGE_OSS_ACCESSKEYSECRET
+            valueFrom:
+              secretKeyRef:
+                name: "{{ template "harbor.fullname" . }}-registry"
+                key: accesskeysecret
+          {{- end }}
+        ports:
+        - containerPort: 5000
+        - containerPort: 5001
+        volumeMounts:
+        {{- if (.Values.persistence.enabled) and eq .Values.registry.storage.type "filesystem" }}
+        - name: registry-data
+          mountPath: {{ .Values.registry.storage.filesystem.rootdirectory }}
+        {{- end }}
+        - name: registry-root-certificate
+          mountPath: /etc/registry/root.crt
+          subPath: tokenServiceRootCertBundle
+        - name: registry-config
+          mountPath: /etc/registry/config.yml
+          subPath: config.yml
+      volumes:
+      - name: registry-root-certificate
+        secret:
+          secretName: "{{ template "harbor.fullname" . }}-ui"
+      - name: registry-config
+        configMap:
+          name: "{{ template "harbor.fullname" . }}-registry"
+      - name: registry-data
+        hostPath:
+          path: /etc/kubernetes/data/registry          
+    {{- with .Values.registry.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.registry.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.registry.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}

templates/registry/registry-svc.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "harbor.fullname" . }}-registry"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+    - port: 5000
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: registry
\ No newline at end of file

templates/ui/ui-cm.yaml

+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: "{{ template "harbor.fullname" . }}-ui"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+data:
+  app.conf: |+
+    appname = Harbor
+    runmode = prod
+    enablegzip = true
+
+    [prod]
+    httpport = 8080

templates/ui/ui-dpl.yaml

+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: "{{ template "harbor.fullname" . }}-ui"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: ui
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+{{ include "harbor.matchLabels" . | indent 8 }}
+        component: ui
+    spec:
+      containers:
+      - name: ui
+        image: {{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}
+        imagePullPolicy: {{ .Values.ui.image.pullPolicy }}
+        env:
+          - name: UI_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: "{{ template "harbor.fullname" . }}-ui"
+                key: secret
+          - name: JOBSERVICE_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: "{{ template "harbor.fullname" . }}-ui"
+                key: jobserviceSecret
+          - name: _REDIS_URL
+            value: {{ template "harbor.redisForUI" . }}
+          - name: GODEBUG
+            value: netdns=cgo
+          - name: LOG_LEVEL
+            value: debug
+          - name: CONFIG_PATH
+            value: /etc/ui/app.conf
+          - name: ENABLE_HARBOR_SCAN_ON_PUSH
+            value: "1"
+          - name: ADMINSERVER_URL
+            value: "http://{{ template "harbor.fullname" . }}-adminserver"
+          - name: CHART_CACHE_DRIVER
+            value: "redis"
+        ports:
+        - containerPort: 8080
+        volumeMounts:
+        - name: ui-config
+          mountPath: /etc/ui/app.conf
+          subPath: app.conf
+        - name: ui-secrets-key
+          mountPath: /etc/ui/key
+          subPath: key
+        - name: ui-secrets-private-key
+          mountPath: /etc/ui/private_key.pem
+          subPath: tokenServicePrivateKey
+        {{- if eq .Values.externalProtocol "https" }}
+        {{- if .Values.ingress.enabled }}
+        {{- if eq .Values.ingress.tls.secretName "" }}
+        - name: ca-download
+          mountPath: /etc/ui/ca/ca.crt
+          subPath: ca.crt
+        {{- end }}
+        {{- end }}
+        {{- end }}
+        - name: psc
+          mountPath: /etc/ui/token
+      volumes:
+      - name: ui-config
+        configMap:
+          name: "{{ template "harbor.fullname" . }}-ui"
+      - name: ui-secrets-key
+        secret:
+          secretName: "{{ template "harbor.fullname" . }}-ui"
+          items:
+            - key: secretKey
+              path: key
+      - name: ui-secrets-private-key
+        secret:
+          secretName: "{{ template "harbor.fullname" . }}-ui"
+      {{- if eq .Values.externalProtocol "https" }}
+      {{- if .Values.ingress.enabled }}
+      {{- if eq .Values.ingress.tls.secretName "" }}
+      - name: ca-download
+        secret:
+          secretName: "{{ template "harbor.fullname" . }}-ingress"
+          items:
+            - key: ca.crt
+              path: ca.crt
+      {{- end }}
+      {{- end }}
+      {{- end }}
+      - name: psc
+        emptyDir: {}
+    {{- with .Values.ui.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.ui.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.ui.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}

templates/ui/ui-secrets.yaml

+{{- $cert := genSelfSignedCert "harbor" nil nil 365 }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "{{ template "harbor.fullname" . }}-ui"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+type: Opaque
+data:
+  secretKey: {{ .Values.secretKey | b64enc | quote }}
+  secret: {{ .Values.ui.secret | b64enc | quote }}
+  jobserviceSecret: {{ .Values.jobservice.secret | b64enc | quote }}
+  tokenServiceRootCertBundle: {{ $cert.Cert | b64enc | quote }}
+  tokenServicePrivateKey: {{ $cert.Key | b64enc | quote }}
+  
\ No newline at end of file

templates/ui/ui-svc.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "harbor.fullname" . }}-ui"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+    - port: 80
+      targetPort: 8080
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: ui

values.yaml

+persistence:
+  enabled: true
+externalProtocol: https
+# The FQDN for Harbor service
+externalDomain: harbor.wodcloud.com
+# The Port for Harbor service, leave empty if the service 
+# is to be bound to port 80/443
+externalPort: 
+harborAdminPassword: "58772015"
+authenticationMode: "db_auth"
+selfRegistration: "on"
+ldap:
+  url: "ldaps://ldapserver"
+  searchDN: ""
+  searchPassword: ""
+  baseDN: ""
+  filter: "(objectClass=person)"
+  uid: "uid"
+  scope: "2"
+  timeout: "5"
+  verifyCert: "True"
+email:
+  host: "smtp.mydomain.com"
+  port: "25"
+  username: "sample_admin@mydomain.com"
+  password: "password"
+  ssl: "false"
+  insecure: "false"
+  from: "admin <sample_admin@mydomain.com>"
+  identity: ""
+
+# The secret key used for encryption. Must be a string of 16 chars.
+secretKey: "nQImBn5SVCHL7ehq"
+
+# These annotations allow the registry to work behind the nginx
+# ingress controller.
+ingress:
+  enabled: true
+  annotations:
+  tls:
+    # Fill the secretName if you want to use the certificate of 
+    # yourself when Harbor serves with HTTPS. A certificate will 
+    # be generated automatically by the chart if leave it empty
+    secretName: ""
+
+# The tag for Harbor docker images.
+harborImageTag: &harbor_image_tag dev
+
+adminserver:
+  image:
+    repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-adminserver
+    tag: *harbor_image_tag
+    pullPolicy: IfNotPresent
+  volumes:
+    config:
+      storageClass: "storageos"
+      accessMode: ReadWriteOnce
+      size: 1Gi
+  # resources:
+  #  requests:
+  #    memory: 256Mi
+  #    cpu: 100m
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
+jobservice:
+  image:
+    repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-jobservice
+    tag: *harbor_image_tag
+    pullPolicy: IfNotPresent
+  secret: "BBRQwySksiHZqJUh"
+  maxWorkers: 50
+# resources:
+#   requests:
+#     memory: 256Mi
+#     cpu: 100m
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
+ui:
+  image:
+    repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-ui
+    tag: *harbor_image_tag
+    pullPolicy: IfNotPresent
+  secret: "BBRQwySksiHZqJUh"
+# resources:
+#  requests:
+#    memory: 256Mi
+#    cpu: 100m
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
+busybox:
+  image:
+    repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/busybox
+    tag: 1.29
+
+# TODO: change the style to be same with redis
+database:
+  # if external database is used, set "type" to "external"
+  # and fill the connection informations in "external" section
+  type: internal
+  internal:
+    image:
+      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/harbor-db
+      tag: *harbor_image_tag
+      pullPolicy: IfNotPresent
+    # the superuser password of database
+    password: "spaceIN511"
+    volumes:
+      data:
+        storageClass: "storageos"
+        accessMode: ReadWriteOnce
+        size: 1Gi
+    # resources:
+    #  requests:
+    #    memory: 256Mi
+    #    cpu: 100m
+    nodeSelector: {}
+    tolerations: []
+    affinity: {}
+  external:
+    host: "192.168.0.1"
+    port: "5432"
+    username: "user"
+    password: "password"
+    coreDatabase: "registry"
+    clairDatabase: "clair"
+    notaryServerDatabase: "notary_server"
+    notarySignerDatabase: "notary_signer"
+
+registry:
+  image:
+    repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/registry-photon
+    tag: dev
+    pullPolicy: IfNotPresent
+  httpSecret: "BBRQwySksiHZqJUh"
+  logLevel: info
+  storage:
+    # specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift", 
+    # "oss" and fill the information needed in the corresponding section
+    type: filesystem
+    filesystem:
+      rootdirectory: /var/lib/registry
+      #maxthreads: 100
+    azure:
+      accountname: accountname
+      accountkey: base64encodedaccountkey
+      container: containername
+      #realm: core.windows.net
+    gcs:
+      bucket: bucketname
+      # TODO: support the keyfile of gcs
+      #keyfile: /path/to/keyfile
+      #rootdirectory: /gcs/object/name/prefix
+      #chunksize: 5242880
+    s3:
+      region: us-west-1
+      bucket: bucketname
+      #accesskey: awsaccesskey
+      #secretkey: awssecretkey
+      #regionendpoint: http://myobjects.local
+      #encrypt: false
+      #keyid: mykeyid
+      #secure: true
+      #v4auth: true
+      #chunksize: 5242880
+      #rootdirectory: /s3/object/name/prefix
+      #storageclass: STANDARD
+    swift:
+      authurl: https://storage.myprovider.com/v3/auth
+      username: username
+      password: password
+      container: containername
+      #region: fr
+      #tenant: tenantname
+      #tenantid: tenantid
+      #domain: domainname
+      #domainid: domainid
+      #trustid: trustid
+      #insecureskipverify: false
+      #chunksize: 5M
+      #prefix:
+      #secretkey: secretkey
+      #accesskey: accesskey
+      #authversion: 3
+      #endpointtype: public
+      #tempurlcontainerkey: false
+      #tempurlmethods:
+    oss:
+      accesskeyid: accesskeyid
+      accesskeysecret: accesskeysecret
+      region: regionname
+      bucket: bucketname
+      #endpoint: endpoint
+      #internal: false
+      #encrypt: false
+      #secure: true
+      #chunksize: 10M
+      #rootdirectory: rootdirectory
+  ## Persist data to a persistent volume
+  volumes:
+    data:
+      # storageClass: "-"
+      accessMode: ReadWriteOnce
+      size: 5Gi
+  # resources:
+  #  requests:
+  #    memory: 256Mi
+  #    cpu: 100m
+  nodeSelector: 
+    kubernetes.io/hostname: 172.31.14.41
+  tolerations: []
+  affinity: {}
+
+chartmuseum:
+  enabled: true
+  image:
+    repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/chartmuseum-photon
+    tag: dev
+    pullPolicy: IfNotPresent
+  volumes:
+    data:
+      storageClass: "storageos"
+      accessMode: ReadWriteOnce
+      size: 5Gi
+  # resources:
+  #  requests:
+  #    memory: 256Mi
+  #    cpu: 100m
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
+clair:
+  enabled: true
+  image:
+    repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/clair-photon
+    tag: dev
+    pullPolicy: IfNotPresent
+  volumes:
+    pgData:
+      storageClass: "storageos"
+      accessMode: ReadWriteOnce
+      size: 1Gi
+  # resources:
+  #  requests:
+  #    memory: 256Mi
+  #    cpu: 100m
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
+redis:
+  image:
+    repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/redis
+    tag: 4.0.1-alpine
+    pullPolicy: IfNotPresent
+  # if external Redis is used, set "external.enabled" to "true"
+  # and fill the connection informations in "external" section.
+  # or the internal Redis will be used
+  usePassword: false
+  password: "spaceIN511"
+  cluster:
+    enabled: false
+  master:
+    persistence:
+# TODO: There is a perm issue: Can't open the append-only file: Permission denied
+# TODO: Setting it to false is a temp workaround.  Will re-visit this problem.
+      enabled: false
+  external:
+    enabled: false
+    host: "192.168.0.2"
+    port: "6379"
+    databaseIndex: "0"
+    usePassword: false
+    password: "spaceIN511"
+
+notary:
+  enabled: true
+  server:
+    image:
+      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-server-photon
+      tag: dev
+      pullPolicy: IfNotPresent
+  signer:
+    image:
+      repository: registry-vpc.cn-qingdao.aliyuncs.com/wod/notary-signer-photon
+      tag: dev
+      pullPolicy: IfNotPresent
+    env:
+      NOTARY_SIGNER_DEFAULTALIAS: defaultalias
+    # The TLS certificate for Notary Signer. Will auto generate them if unspecified here.
+    caCrt:
+    tlsCrt:
+    tlsKey:
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}