diff --git a/contrib/helm/harbor/README.md b/contrib/helm/harbor/README.md index 52da97939..23fad1318 100644 --- a/contrib/helm/harbor/README.md +++ b/contrib/helm/harbor/README.md @@ -112,6 +112,16 @@ The following tables lists the configurable parameters of the Harbor chart and t | `adminserver.key` | adminsever key | `not-a-secure-key` | | `adminserver.emailPwd` | password for email | `not-a-secure-password` | | `adminserver.harborAdminPassword` | password for admin user | `Harbor12345` | +| `adminserver.harborAuthenticationMode` | authentication mode for Harbor ( `db_auth` for local database, `ldap_auth` for LDAP, etc...) [Docs](https://github.com/vmware/harbor/blob/master/docs/user_guide.md#user-account) | `db_auth` | +| `adminserver.selfRegistration` | Allows users to register by themselves, otherwise only administrators can add users | `on` | +| `adminserver.authenticationLdapURL` | LDAP server URL for `ldap_auth` authentication | `ldaps://ldapserver` | +| `adminserver.authenticationLdapSearchDN` | LDAP Search DN | `` | +| `adminserver.authenticationLdapBaseDN` | LDAP Base DN | `` | +| `adminserver.authenticationLdapFilter` | LDAP Filter | `(objectClass=person)` | +| `adminserver.authenticationLdapUID` | LDAP UID | `uid` | +| `adminserver.authenticationLdapScope` | LDAP Scope | `2` | +| `adminserver.authenticationLdapTimeout` | LDAP Timeout | `5` | +| `adminserver.authenticationLdapVerifyCert` | LDAP Verify HTTPS Certificate | `True` | | `adminserver.resources` | [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) to allocate for container | undefined | | `adminserver.volumes` | used to create PVCs if persistence is enabled (see instructions in values.yaml) | see values.yaml | | **Jobservice** | diff --git a/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml b/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml index 1ff8f8b8b..6f5a3aa79 100644 --- a/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml +++ b/contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml @@ -29,17 +29,16 @@ data: WITH_NOTARY: "{{ .Values.notary.enabled }}" LOG_LEVEL: "info" IMAGE_STORE_PATH: "/" # This is a temporary hack. - AUTH_MODE: "db_auth" - SELF_REGISTRATION: "on" - LDAP_URL: "ldaps://ldapserver" - LDAP_SEARCH_DN: "" - LDAP_BASE_DN: "" - LDAP_FILTER: "(objectClass=person)" - LDAP_UID: "uid" - LDAP_SCOPE: "2" - LDAP_TIMEOUT: "5" - LDAP_TIMEOUT: "5" - LDAP_VERIFY_CERT: "True" + AUTH_MODE: "{{ .Values.adminserver.harborAuthenticationMode }}" + SELF_REGISTRATION: "{{ .Values.adminserver.selfRegistration }}" + LDAP_URL: "{{ .Values.adminserver.authenticationLdapURL }}" + LDAP_SEARCH_DN: "{{ .Values.adminserver.authenticationLdapSearchDN }}" + LDAP_BASE_DN: "{{ .Values.adminserver.authenticationLdapBaseDN }}" + LDAP_FILTER: "{{ .Values.adminserver.authenticationLdapFilter }}" + LDAP_UID: "{{ .Values.adminserver.authenticationLdapUID }}" + LDAP_SCOPE: "{{ .Values.adminserver.authenticationLdapScope }}" + LDAP_TIMEOUT: "{{ .Values.adminserver.authenticationLdapTimeout }}" + LDAP_VERIFY_CERT: "{{ .Values.adminserver.authenticationLdapVerifyCert }}" DATABASE_TYPE: "mysql" PROJECT_CREATION_RESTRICTION: "everyone" VERIFY_REMOTE_CERT: "off" diff --git a/contrib/helm/harbor/values.yaml b/contrib/helm/harbor/values.yaml index 737bf2b74..39efff4ef 100644 --- a/contrib/helm/harbor/values.yaml +++ b/contrib/helm/harbor/values.yaml @@ -66,6 +66,16 @@ adminserver: emailInsecure: "False" emailPwd: not-a-secure-password harborAdminPassword: Harbor12345 + harborAuthenticationMode: "db_auth" + selfRegistration: "on" + authenticationLdapURL: "ldaps://ldapserver" + authenticationLdapSearchDN: "" + authenticationLdapBaseDN: "" + authenticationLdapFilter: "(objectClass=person)" + authenticationLdapUID: "uid" + authenticationLdapScope: "2" + authenticationLdapTimeout: "5" + authenticationLdapVerifyCert: "True" ## Persist data to a persistent volume volumes: config: