diff --git a/contrib/helm/harbor/templates/_helpers.tpl b/contrib/helm/harbor/templates/_helpers.tpl
index b6ecef0b0..7e10948be 100644
--- a/contrib/helm/harbor/templates/_helpers.tpl
+++ b/contrib/helm/harbor/templates/_helpers.tpl
@@ -30,6 +30,14 @@ release: {{ .Release.Name }}
 app: "{{ template "harbor.name" . }}"
 {{- end -}}
 
+{{- define "harbor.externalURL" -}}
+{{- if .Values.externalPort -}}
+{{- printf "%s:%s" .Values.externalDomain (toString .Values.externalPort) -}}
+{{- else -}}
+{{- .Values.externalDomain -}}
+{{- end -}}
+{{- end -}}
+
 {{/*
 Use *.domain.com as the Common Name in the certificate,
 so it can match Harbor service FQDN and Notary service FQDN.
diff --git a/contrib/helm/harbor/templates/notary/notary-cm.yaml b/contrib/helm/harbor/templates/notary/notary-cm.yaml
index c5b5c3aea..9b76ce02a 100644
--- a/contrib/helm/harbor/templates/notary/notary-cm.yaml
+++ b/contrib/helm/harbor/templates/notary/notary-cm.yaml
@@ -56,7 +56,7 @@ data:
       "auth": {
           "type": "token",
           "options": {
-              "realm": "https://{{ .Values.externalDomain }}/service/token",
+              "realm": "https://{{ template "harbor.externalURL" . }}/service/token",
               "service": "harbor-notary",
               "issuer": "harbor-token-issuer",
               "rootcertbundle": "/root.crt"
diff --git a/contrib/helm/harbor/templates/registry/registry-cm.yaml b/contrib/helm/harbor/templates/registry/registry-cm.yaml
index e835f7df0..4be545a82 100644
--- a/contrib/helm/harbor/templates/registry/registry-cm.yaml
+++ b/contrib/helm/harbor/templates/registry/registry-cm.yaml
@@ -38,7 +38,7 @@ data:
     auth:
       token:
         issuer: harbor-token-issuer
-        realm: "https://{{ .Values.externalDomain }}/service/token"
+        realm: "https://{{ template "harbor.externalURL" . }}/service/token"
         rootcertbundle: /etc/registry/root.crt
         service: harbor-registry
 
diff --git a/contrib/helm/harbor/templates/registry/registry-ss.yaml b/contrib/helm/harbor/templates/registry/registry-ss.yaml
index 4cfd7fefc..af3d2ff28 100644
--- a/contrib/helm/harbor/templates/registry/registry-ss.yaml
+++ b/contrib/helm/harbor/templates/registry/registry-ss.yaml
@@ -35,7 +35,7 @@ spec:
         - containerPort: 5000
         - containerPort: 5001
         volumeMounts:
-{{- if not .Values.registry.objectStorage }}
+{{- if and (not .Values.registry.objectStorage) .Values.persistence.enabled }}
         - name: registry-data
           mountPath: /var/lib/registry
 {{- end }}
diff --git a/contrib/helm/harbor/values.yaml b/contrib/helm/harbor/values.yaml
index 6bc6c3a80..4abcd29e9 100644
--- a/contrib/helm/harbor/values.yaml
+++ b/contrib/helm/harbor/values.yaml
@@ -33,6 +33,9 @@ harborImageTag: &harbor_image_tag v1.5.0-chart-patch
 
 # The FQDN for Harbor service.
 externalDomain: harbor.my.domain
+# externalPort is the Port for Harbor service, leave empty if the service is to be bound to
+# port 80/443
+externalPort: 32700
 # If set to true, you don't need to set tlsCrt/tlsKey/caCrt, but must add
 # Harbor FQDN as insecure-registries for your docker client.
 insecureRegistry: false