persistence: enabled: true externalProtocol: https # The FQDN for Harbor service externalDomain: harbor.my.domain # The Port for Harbor service, leave empty if the service # is to be bound to port 80/443 externalPort: 32700 harborAdminPassword: Harbor12345 authenticationMode: "db_auth" selfRegistration: "on" ldap: url: "ldaps://ldapserver" searchDN: "" searchPassword: "" baseDN: "" filter: "(objectClass=person)" uid: "uid" scope: "2" timeout: "5" verifyCert: "True" email: host: "smtp.mydomain.com" port: "25" username: "sample_admin@mydomain.com" password: "password" ssl: "false" insecure: "false" from: "admin " identity: "" # The secret key used for encryption. Must be a string of 16 chars. secretKey: not-a-secure-key # These annotations allow the registry to work behind the nginx # ingress controller. ingress: enabled: true annotations: ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/proxy-body-size: "0" tls: # Fill the secretName if you want to use the certificate of # yourself when Harbor serves with HTTPS. A certificate will # be generated automatically by the chart if leave it empty secretName: "" # The tag for Harbor docker images. harborImageTag: &harbor_image_tag dev adminserver: image: repository: vmware/harbor-adminserver tag: *harbor_image_tag pullPolicy: IfNotPresent volumes: config: # storageClass: "-" accessMode: ReadWriteOnce size: 1Gi # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} jobservice: image: repository: vmware/harbor-jobservice tag: *harbor_image_tag pullPolicy: IfNotPresent secret: not-a-secure-secret maxWorkers: 50 # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} ui: image: repository: vmware/harbor-ui tag: *harbor_image_tag pullPolicy: IfNotPresent secret: not-a-secure-secret # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} # TODO: change the style to be same with redis database: # if external database is used, set "type" to "external" # and fill the connection informations in "external" section type: internal internal: image: repository: vmware/harbor-db tag: *harbor_image_tag pullPolicy: IfNotPresent # the superuser password of database password: "changeit" volumes: data: # storageClass: "-" accessMode: ReadWriteOnce size: 1Gi # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} external: host: "192.168.0.1" port: "5432" username: "user" password: "password" coreDatabase: "registry" clairDatabase: "clair" notaryServerDatabase: "notary_server" notarySignerDatabase: "notary_signer" registry: image: repository: vmware/registry-photon tag: dev pullPolicy: IfNotPresent httpSecret: not-a-secure-secret logLevel: info storage: # specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift", # "oss" and fill the information needed in the corresponding section type: filesystem filesystem: rootdirectory: /var/lib/registry #maxthreads: 100 azure: accountname: accountname accountkey: base64encodedaccountkey container: containername #realm: core.windows.net gcs: bucket: bucketname # TODO: support the keyfile of gcs #keyfile: /path/to/keyfile #rootdirectory: /gcs/object/name/prefix #chunksize: 5242880 s3: region: us-west-1 bucket: bucketname #accesskey: awsaccesskey #secretkey: awssecretkey #regionendpoint: http://myobjects.local #encrypt: false #keyid: mykeyid #secure: true #v4auth: true #chunksize: 5242880 #rootdirectory: /s3/object/name/prefix #storageclass: STANDARD swift: authurl: https://storage.myprovider.com/v3/auth username: username password: password container: containername #region: fr #tenant: tenantname #tenantid: tenantid #domain: domainname #domainid: domainid #trustid: trustid #insecureskipverify: false #chunksize: 5M #prefix: #secretkey: secretkey #accesskey: accesskey #authversion: 3 #endpointtype: public #tempurlcontainerkey: false #tempurlmethods: oss: accesskeyid: accesskeyid accesskeysecret: accesskeysecret region: regionname bucket: bucketname #endpoint: endpoint #internal: false #encrypt: false #secure: true #chunksize: 10M #rootdirectory: rootdirectory ## Persist data to a persistent volume volumes: data: # storageClass: "-" accessMode: ReadWriteOnce size: 5Gi # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} clair: enabled: true image: repository: vmware/clair-photon tag: dev pullPolicy: IfNotPresent volumes: pgData: # storageClass: "-" accessMode: ReadWriteOnce size: 1Gi # resources: # requests: # memory: 256Mi # cpu: 100m nodeSelector: {} tolerations: [] affinity: {} redis: # if external Redis is used, set "external.enabled" to "true" # and fill the connection informations in "external" section. # or the internal Redis will be used usePassword: false password: "changeit" cluster: enabled: false master: persistence: # TODO: There is a perm issue: Can't open the append-only file: Permission denied # TODO: Setting it to false is a temp workaround. Will re-visit this problem. enabled: false external: enabled: false host: "192.168.0.2" port: "6379" databaseIndex: "0" usePassword: false password: "changeit" notary: enabled: true server: image: repository: vmware/notary-server-photon tag: dev pullPolicy: IfNotPresent signer: image: repository: vmware/notary-signer-photon tag: dev pullPolicy: IfNotPresent env: NOTARY_SIGNER_DEFAULTALIAS: defaultalias # The TLS certificate for Notary Signer. Will auto generate them if unspecified here. caCrt: tlsCrt: tlsKey: nodeSelector: {} tolerations: [] affinity: {}