mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-22 16:48:30 +01:00
Enhance: Refactor the format
Refactor the whole structure of harbor.yml Signed-off-by: Qian Deng <dengq@vmware.com>
This commit is contained in:
Qian Deng
parent
77ed9a871f
commit
cd65b68ab3
201
make/harbor.yml
201
make/harbor.yml
@ -1,114 +1,139 @@
|
||||
## Configuration file of Harbor
|
||||
|
||||
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
|
||||
_version: 1.7.0
|
||||
#The IP address or hostname to access admin UI and registry service.
|
||||
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
|
||||
#DO NOT comment out this line, modify the value of "hostname" directly, or the installation will fail.
|
||||
hostname: reg.mydomain.com
|
||||
# core, harbor
|
||||
http:
|
||||
port: 80
|
||||
# https:
|
||||
# port: 443
|
||||
# #The path of cert and key files for nginx, they are applied only the protocol is set to https
|
||||
# certificate: /your/certificate/path
|
||||
# private_key: /your/private/key/path
|
||||
|
||||
#The protocol for accessing the UI and token/notification service, by default it is http.
|
||||
#It can be set to https if ssl is enabled on nginx.
|
||||
ui_url_protocol: https
|
||||
# Uncomment extearnal_url if you want to enable external proxy
|
||||
# And when it enabled the hostname will no longger used
|
||||
# external_url: https://reg.mydomain.com:8433
|
||||
|
||||
#Maximum number of job workers in job service
|
||||
max_job_workers: 10
|
||||
# The initial password of Harbor admin
|
||||
# It only works in first time to install harbor
|
||||
# Remember Change the admin password from UI after launching Harbor.
|
||||
harbor_admin_password: Harbor12345
|
||||
|
||||
## Harbor DB configuration
|
||||
database:
|
||||
#The password for the root user of Harbor DB. Change this before any production use.
|
||||
password: root123
|
||||
|
||||
# The default data volume
|
||||
data_volume: /data
|
||||
|
||||
#The path of cert and key files for nginx, they are applied only the protocol is set to https
|
||||
ssl_cert: /data/cert/server.crt
|
||||
ssl_cert_key: /data/cert/server.key
|
||||
# Harbor Storage settings
|
||||
storage_service:
|
||||
# registry_custom_ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
|
||||
# of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
|
||||
ca_bundle:
|
||||
|
||||
#The path of secretkey storage
|
||||
secretkey_path: /data
|
||||
# storaged in $data_volume/
|
||||
# filesystem:
|
||||
# maxthreads: 100
|
||||
# azure:
|
||||
# accountname: accountname
|
||||
# accountkey: base64encodedaccountkey
|
||||
# container: containername
|
||||
# gcs:
|
||||
# bucket: bucketname
|
||||
# keyfile: /path/to/keyfile
|
||||
# rootdirectory: /gcs/object/name/prefix
|
||||
# chunksize: 5242880
|
||||
# s3:
|
||||
# accesskey: awsaccesskey
|
||||
# secretkey: awssecretkey
|
||||
# region: us-west-1
|
||||
# regionendpoint: http://myobjects.local
|
||||
# bucket: bucketname
|
||||
# encrypt: true
|
||||
# keyid: mykeyid
|
||||
# secure: true
|
||||
# v4auth: true
|
||||
# chunksize: 5242880
|
||||
# multipartcopychunksize: 33554432
|
||||
# multipartcopymaxconcurrency: 100
|
||||
# multipartcopythresholdsize: 33554432
|
||||
# rootdirectory: /s3/object/name/prefix
|
||||
# swift:
|
||||
# username: username
|
||||
# password: password
|
||||
# authurl: https://storage.myprovider.com/auth/v1.0 or https://storage.myprovider.com/v2.0 or https://storage.myprovider.com/v3/auth
|
||||
# tenant: tenantname
|
||||
# tenantid: tenantid
|
||||
# domain: domain name for Openstack Identity v3 API
|
||||
# domainid: domain id for Openstack Identity v3 API
|
||||
# insecureskipverify: true
|
||||
# region: fr
|
||||
# container: containername
|
||||
# rootdirectory: /swift/object/name/prefix
|
||||
# oss:
|
||||
# accesskeyid: accesskeyid
|
||||
# accesskeysecret: accesskeysecret
|
||||
# region: OSS region name
|
||||
# endpoint: optional endpoints
|
||||
# internal: optional internal endpoint
|
||||
# bucket: OSS bucket
|
||||
# encrypt: optional data encryption setting
|
||||
# secure: optional ssl setting
|
||||
# chunksize: optional size valye
|
||||
# rootdirectory: optional root directory
|
||||
|
||||
#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone
|
||||
admiral_url: NA
|
||||
# Clair DB configuration
|
||||
clair:
|
||||
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
|
||||
updaters_interval: 12
|
||||
|
||||
# Config http proxy for Clair, e.g. http://my.proxy.com:3128
|
||||
# Clair doesn't need to connect to harbor internal components via http proxy.
|
||||
http_proxy:
|
||||
https_proxy:
|
||||
no_proxy: 127.0.0.1,localhost,core,registry
|
||||
|
||||
jobservice:
|
||||
# Maximum number of job workers in job service
|
||||
max_job_workers: 10
|
||||
|
||||
# Log configurations
|
||||
log:
|
||||
# debug, warn, error
|
||||
level: info
|
||||
# Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
|
||||
rotate_count: 50
|
||||
# Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
|
||||
# If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G
|
||||
# are all valid.
|
||||
rotate_size: 200M
|
||||
# The directory that store log files
|
||||
# The directory on your host that store log
|
||||
location: /var/log/harbor
|
||||
|
||||
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES
|
||||
#only take effect in the first boot, the subsequent changes of these properties
|
||||
#should be performed on web ui
|
||||
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
|
||||
_version: 1.7.0
|
||||
|
||||
##The initial password of Harbor admin, only works for the first time when Harbor starts.
|
||||
#It has no effect after the first launch of Harbor.
|
||||
#Change the admin password from UI after launching Harbor.
|
||||
harbor_admin_password: Harbor12345
|
||||
# Uncomment if using external database. Only support postgres.
|
||||
# external_database:
|
||||
# host: postgresql
|
||||
# port: 5432
|
||||
# username: postgres
|
||||
# password: root123
|
||||
# ssl_mode: disable
|
||||
|
||||
## Harbor DB configuration
|
||||
database:
|
||||
#The address of the Harbor database. Only need to change when using external db.
|
||||
host: postgresql
|
||||
#The port of Harbor database host
|
||||
port: 5432
|
||||
#The user name of Harbor database
|
||||
username: postgres
|
||||
#The password for the root user of Harbor DB. Change this before any production use.
|
||||
password: root123
|
||||
|
||||
|
||||
# Redis server configuration
|
||||
redis:
|
||||
# Redis connection address
|
||||
host: redis
|
||||
# Redis connection port
|
||||
port: 6379
|
||||
# Redis connection password
|
||||
password:
|
||||
# Redis connection db index
|
||||
# db_index 1,2,3 is for registry, jobservice and chartmuseum.
|
||||
# db_index 0 is for UI, it's unchangeable
|
||||
db_index: 1,2,3
|
||||
|
||||
|
||||
# Clair DB configuration
|
||||
clair:
|
||||
# Clair DB host address. Only change it when using an exteral DB.
|
||||
db_host: postgresql
|
||||
# The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair.
|
||||
# Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database.
|
||||
db_password: root123
|
||||
# Clair DB connect port
|
||||
db_port: 5432
|
||||
# Clair DB username
|
||||
db_username: postgres
|
||||
# Clair default database
|
||||
db: postgres
|
||||
# The interval of clair updaters, the unit is hour, set to 0 to disable the updaters.
|
||||
updaters_interval: 12
|
||||
|
||||
#Config http proxy for Clair, e.g. http://my.proxy.com:3128
|
||||
#Clair doesn't need to connect to harbor internal components via http proxy.
|
||||
http_proxy:
|
||||
https_proxy:
|
||||
no_proxy: 127.0.0.1,localhost,core,registry
|
||||
|
||||
# Harbor Storage settings
|
||||
storage:
|
||||
#Please be aware that the following storage settings will be applied to both docker registry and helm chart repository.
|
||||
#registry_storage_provider can be: filesystem, s3, gcs, azure, etc.
|
||||
registry_storage_provider_name: filesystem
|
||||
#registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2".
|
||||
#To avoid duplicated configurations, both docker registry and chart repository follow the same storage configuration specifications of docker registry.
|
||||
#Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration.
|
||||
registry_storage_provider_config:
|
||||
#registry_custom_ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
|
||||
#of registry's and chart repository's containers. This is usually needed when the user hosts a internal storage with self signed certificate.
|
||||
registry_custom_ca_bundle:
|
||||
|
||||
#If reload_config=true, all settings which present in harbor.yml take effect after prepare and restart harbor, it overwrites exsiting settings.
|
||||
#reload_config=true
|
||||
#Regular expression to match skipped environment variables
|
||||
#skip_reload_env_pattern: (^EMAIL.*)|(^LDAP.*)
|
||||
# Umcomments if using external Redis server
|
||||
# external_redis:
|
||||
# # Redis connection address
|
||||
# host: redis
|
||||
# # Redis connection port
|
||||
# port: 6379
|
||||
# # Redis connection password
|
||||
# password:
|
||||
# # db_index 0 is for core, it's unchangeable
|
||||
# registry_db_index: 1
|
||||
# jobservice_db_index: 2
|
||||
# chartmuseum_db_index: 3
|
||||
Loading…
Reference in New Issue
Block a user