mirror of https://github.com/goharbor/harbor.git
359 lines
12 KiB
YAML
359 lines
12 KiB
YAML
persistence:
|
|
enabled: true
|
|
externalProtocol: https
|
|
# The FQDN for Harbor service
|
|
externalDomain: harbor.my.domain
|
|
# The Port for Harbor service, leave empty if the service
|
|
# is to be bound to port 80/443
|
|
externalPort: 32700
|
|
harborAdminPassword: Harbor12345
|
|
authenticationMode: "db_auth"
|
|
selfRegistration: "on"
|
|
ldap:
|
|
url: "ldaps://ldapserver"
|
|
searchDN: ""
|
|
searchPassword: ""
|
|
baseDN: ""
|
|
filter: "(objectClass=person)"
|
|
uid: "uid"
|
|
scope: "2"
|
|
timeout: "5"
|
|
verifyCert: "True"
|
|
email:
|
|
host: "smtp.mydomain.com"
|
|
port: "25"
|
|
username: "sample_admin@mydomain.com"
|
|
password: "password"
|
|
ssl: "false"
|
|
insecure: "false"
|
|
from: "admin <sample_admin@mydomain.com>"
|
|
identity: ""
|
|
|
|
# The secret key used for encryption. Must be a string of 16 chars.
|
|
secretKey: not-a-secure-key
|
|
|
|
# These annotations allow the registry to work behind the nginx
|
|
# ingress controller.
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
ingress.kubernetes.io/proxy-body-size: "0"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
|
tls:
|
|
# Fill the secretName if you want to use the certificate of
|
|
# yourself when Harbor serves with HTTPS. A certificate will
|
|
# be generated automatically by the chart if leave it empty
|
|
secretName: ""
|
|
|
|
# The tag for Harbor docker images.
|
|
harborImageTag: &harbor_image_tag dev
|
|
|
|
adminserver:
|
|
image:
|
|
repository: vmware/harbor-adminserver
|
|
tag: *harbor_image_tag
|
|
pullPolicy: IfNotPresent
|
|
volumes:
|
|
config:
|
|
# storageClass: "-"
|
|
accessMode: ReadWriteOnce
|
|
size: 1Gi
|
|
# resources:
|
|
# requests:
|
|
# memory: 256Mi
|
|
# cpu: 100m
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
jobservice:
|
|
image:
|
|
repository: vmware/harbor-jobservice
|
|
tag: *harbor_image_tag
|
|
pullPolicy: IfNotPresent
|
|
secret: not-a-secure-secret
|
|
maxWorkers: 50
|
|
# resources:
|
|
# requests:
|
|
# memory: 256Mi
|
|
# cpu: 100m
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
ui:
|
|
image:
|
|
repository: vmware/harbor-ui
|
|
tag: *harbor_image_tag
|
|
pullPolicy: IfNotPresent
|
|
secret: not-a-secure-secret
|
|
privateKeyPem: |
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
MIIJKAIBAAKCAgEA4WYbxdrFGG6RnfyYKlHYML3lEqtA9cYWWOynE9BeaEr/cMnM
|
|
bBr1dd91/Nm6RiYhQvTDU2Kc6NejqjdliW5B9xUoVKayri8OU81a8ViXeNgKwCPR
|
|
AiTTla1zoX5DnvoxpO9G3lxyNvTKXc0cw8NjQDAXpaDbzJYLkshCeuyD9bco8R96
|
|
/zrpBEX8tADN3+3yA3fMcZzVXsBm4BTpHJRk/qBpHYEPSHzxyH3iGMNKk3vMUBZz
|
|
e0EYkK8NCA2CuEKMnC3acx9IdRwkx10abGvHQCLRCVY7rGoak+b0oZ99RJIRQ9Iq
|
|
YXsn8fsMBQly6xxvSeY5XuSP7Xb6JKDt3y8Spi4gR1M/5aEzhuOyu201rMna7Rs/
|
|
GPfaKjBlbX0jiLDa7v4zjsBPsPaf/c4uooz3ICLsdukaom+E538R0EiOkXt/wyw2
|
|
2YmaWNCsYlEpke7cVC33e/0dPBq4IHsVflawSF9OWS23ikVAs/n+76KjuucEDmbT
|
|
aKUYAJjvAmZL14j+EKc/CoplhCe6pKhavjmNIOfCSdlreIPBhOVbf1f817wKoSIZ
|
|
qVyCA1AYNkI9RYS00axtJGBGMlKbdQqCNpLL58c6To2awmckIZCEcATKOp++NoGm
|
|
Ib0bhdSasdGB5VCtwZVluN8bLl13zBKoxTGjNlEatUGDRnDAnLdZbXXffjsCAwEA
|
|
AQKCAgBEUigO8/4UJse6xKr3APHv7E94NjKtjMqPT8RhDCLhqAH/lRuClTVb8k0Y
|
|
RILi6oHggsKGDvkS1vJEESCU5LfYBjDAX/r/M0I7gp6TU1AukAXKMdETvkfoMbg/
|
|
9j7W/G152hF4KztvjwmcHyUd7aay+SDh0n1taPm/FzaXfgONwmQFmo40uQ2SfwhX
|
|
I3tD6iMWjASLV4eRfe5w88WpJQ3r5IGYMNuKFF1RcV7MNL3xMHBAwl1kudmRWY4w
|
|
p6+83Gc0m+2AQbY70TkQuRbeUFkIBsWn99yEqXC+7h2us+JLm57iGN1ByQvVnEwL
|
|
Zs7Pl0Hge4leSxeZWhv+aE1R/jm/VdG4dglInuhED0ug8WAJg58IkDYfMKOOALHx
|
|
+0CNHE02XqqUIFwboZJSYTjMYvFL1i14L30FWnqH/0kDs4whXHbnGWhVustsMSK9
|
|
iyIGepuGhMnvtUF1wa/SrBd12qfDj68QHDXsKKbs6eTNYHfn3QL9uisrfMIa5HAt
|
|
nX2YOsAVxg+yvxkWD6n1DU+a/+pAu6iAgiwyxSZiyn6vJUE2zO6pJNbk1kJW6jU3
|
|
A69srtbO4jQn4EM859XYSqdqwXgJL+XJEYNbBcHalmiIOvRg9CCvDSKS7M5rJ0M1
|
|
L7oCzl6EW+zUb4JHkSO7V5uxIZu2sEduw5gofQ3OT9L/qDhDIQKCAQEA8T/8okF2
|
|
Q7SOj3su6KKX6H/ab31SvHECf/oeJtH8ZfLBYL55Yof0pZwq8iXQ26d8cH7FPKBo
|
|
hz0RZ9i2S3bYkzEVCPv9ISFg1NACxL3dU0PMBnmbmg2vPhMzEuQI2JOUu6ILOXEN
|
|
mImvfjZXps/b8OjQgzicH0skBBcbUlXT3a4fF52ktC8FiXgBG9JYg5CsXmfPRxci
|
|
ITa4w4ZLEuECmtJieS0MdKXPLwUVv3e2BlNS6c1JzXyp6EyX/euJ8cCe3n/GHbTY
|
|
2j1OO+xTQfQJVf6S9f2mSzjdHe9KZwWKgyxQ9dZ9Qtho2z/gUN9/UkL52fdljjlw
|
|
++b/z9Ppcl9K0QKCAQEA7y4Fv8dPFLLnr0R/S7eoAKa0S95xVe97EJHVUhWyOI09
|
|
K9VdZHp6be8W0Yd9h/Ks8Zi4EPRiTTaF3yA3iADwdKFeZt49jGzeM+Gl7Q2Ll98W
|
|
I5gOdJkHSVAP2uK7qSjZ8lPCu4iUYRsae+Psam7Yd6X17RP0M966PlUFj1nnrJjQ
|
|
EN4zeh/m01q9vqebB9C1W/ZiJ6rpt6VVHAcOQQ69F/lKdTif4XCvbMIhIXTYNifk
|
|
1oIv2qTDnfzzv+bgrlvpBJPpPYR0Oc7WoEpyd1Y9IzienLZi8RnujV//FXEmJ45E
|
|
F9GE1HOmoERdEWA1bMYhOO5OfRY1HSMuFMA4+5ojSwKCAQEAmwubio/1uMemw3HQ
|
|
kPRGGsdolDR/4tniWGtfy2UzCDY+r7Vaf8eOpIy8UQmatEBsykO+8RrKcvf9Yrc1
|
|
WUSVJevqb+67HPq9p6fTz6uSPXwZ+KNZLGXVFVjzfxWM1dvrP7eB7TXKHhmG7t9v
|
|
76Yw3SBTObI9LCN3jyVmisDcO+E23E+VVbPOpC260K2b81ocXUPsQ+0LIztu/UIm
|
|
p4hyyxug6+3WznTttXNYKch+9IvCgr5Ly0NuUvw+xpMFAZjgwXBu3BKpN4Ek8YAN
|
|
dhqnkVveCTguErQF78IlGBbIkUr+8TAbKsW4hggEWxV4V17yAnJsEz65bTtldqTj
|
|
qHyzsQKCAQBGhv6g/2d9Rgf1cbBLpns+vel6Wbx3x6c1SptpmgY0kMlR7JeeclM5
|
|
qX/EBzzn4pJGp27XaQi3lfVBxyE41HYTHiZVFQF3L/8Rs18XGKBqBxljI4pXrWwt
|
|
nRMfyy3lAqvJvhM082A1hiV4FMx40fi4x1JON00SIoIusSlzjOI4zdLEtpDdWRza
|
|
g+5hktCvLEbeODfXVJmYUoNXQWldm7f8osDm8eyLMIw5+MCGOgsrZPYgnsD3qxAX
|
|
vSgvFSh5oZaDiA4F2tHe3fQBzhIUyHQ8t4xlz447ZBcozv7L1tKWZWgE0f5mGzgu
|
|
GBqNbh4y1fWj8Plp/ytoTSBgdBIZdukjAoIBAELJPSVFnlf/gv6OWRCHyKxquGjv
|
|
fEn/E8bw5WSqMcj/7wiSJozr0Y8oyWjtWXObliLRQXcEhC8w3lLMjNqnFzQOAI7s
|
|
Oa6BQPigqyXZPXG5GK+V0TlUYvZQn9sfCq4YCxUBNtQ4GHbKKl3FGQL3rJiuFr6G
|
|
fVcetuDFNCiIGYbUF+giJ2cEN3a/Q+7fR6V4xC7VDdL+BqM09wZ6R98G48XzCKKp
|
|
ekNpEfmvJiuk9tFFQwDPWcQ6uyHqesK/Wiweo5nh5y2ZPipwcb0uBoYOQH60NqEL
|
|
6MXRVNdtKujjl1XZkG053Nvcz/YfF6lFjDekwgfd9m49b/s0EGTrl7z9z8Y=
|
|
-----END RSA PRIVATE KEY-----
|
|
# resources:
|
|
# requests:
|
|
# memory: 256Mi
|
|
# cpu: 100m
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
# TODO: change the style to be same with redis
|
|
database:
|
|
# if external database is used, set "type" to "external"
|
|
# and fill the connection informations in "external" section
|
|
type: internal
|
|
internal:
|
|
image:
|
|
repository: vmware/harbor-db
|
|
tag: *harbor_image_tag
|
|
pullPolicy: IfNotPresent
|
|
# the superuser password of database
|
|
password: "changeit"
|
|
volumes:
|
|
data:
|
|
# storageClass: "-"
|
|
accessMode: ReadWriteOnce
|
|
size: 1Gi
|
|
# resources:
|
|
# requests:
|
|
# memory: 256Mi
|
|
# cpu: 100m
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
external:
|
|
host: "192.168.0.1"
|
|
port: "5432"
|
|
username: "user"
|
|
password: "password"
|
|
coreDatabase: "registry"
|
|
clairDatabase: "clair"
|
|
notaryServerDatabase: "notary_server"
|
|
notarySignerDatabase: "notary_signer"
|
|
|
|
registry:
|
|
image:
|
|
repository: vmware/registry-photon
|
|
tag: dev
|
|
pullPolicy: IfNotPresent
|
|
httpSecret: not-a-secure-secret
|
|
logLevel: info
|
|
storage:
|
|
# specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift",
|
|
# "oss" and fill the information needed in the corresponding section
|
|
type: filesystem
|
|
filesystem:
|
|
rootdirectory: /var/lib/registry
|
|
#maxthreads: 100
|
|
azure:
|
|
accountname: accountname
|
|
accountkey: base64encodedaccountkey
|
|
container: containername
|
|
#realm: core.windows.net
|
|
gcs:
|
|
bucket: bucketname
|
|
# TODO: support the keyfile of gcs
|
|
#keyfile: /path/to/keyfile
|
|
#rootdirectory: /gcs/object/name/prefix
|
|
#chunksize: 5242880
|
|
s3:
|
|
region: us-west-1
|
|
bucket: bucketname
|
|
#accesskey: awsaccesskey
|
|
#secretkey: awssecretkey
|
|
#regionendpoint: http://myobjects.local
|
|
#encrypt: false
|
|
#keyid: mykeyid
|
|
#secure: true
|
|
#v4auth: true
|
|
#chunksize: 5242880
|
|
#rootdirectory: /s3/object/name/prefix
|
|
#storageclass: STANDARD
|
|
swift:
|
|
authurl: https://storage.myprovider.com/v3/auth
|
|
username: username
|
|
password: password
|
|
container: containername
|
|
#region: fr
|
|
#tenant: tenantname
|
|
#tenantid: tenantid
|
|
#domain: domainname
|
|
#domainid: domainid
|
|
#trustid: trustid
|
|
#insecureskipverify: false
|
|
#chunksize: 5M
|
|
#prefix:
|
|
#secretkey: secretkey
|
|
#accesskey: accesskey
|
|
#authversion: 3
|
|
#endpointtype: public
|
|
#tempurlcontainerkey: false
|
|
#tempurlmethods:
|
|
oss:
|
|
accesskeyid: accesskeyid
|
|
accesskeysecret: accesskeysecret
|
|
region: regionname
|
|
bucket: bucketname
|
|
#endpoint: endpoint
|
|
#internal: false
|
|
#encrypt: false
|
|
#secure: true
|
|
#chunksize: 10M
|
|
#rootdirectory: rootdirectory
|
|
rootCrt: |
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIE0zCCArugAwIBAgIJAIgs3S+hsjhmMA0GCSqGSIb3DQEBCwUAMAAwHhcNMTcx
|
|
MTA5MTcyNzQ5WhcNMjcxMTA3MTcyNzQ5WjAAMIICIjANBgkqhkiG9w0BAQEFAAOC
|
|
Ag8AMIICCgKCAgEA4WYbxdrFGG6RnfyYKlHYML3lEqtA9cYWWOynE9BeaEr/cMnM
|
|
bBr1dd91/Nm6RiYhQvTDU2Kc6NejqjdliW5B9xUoVKayri8OU81a8ViXeNgKwCPR
|
|
AiTTla1zoX5DnvoxpO9G3lxyNvTKXc0cw8NjQDAXpaDbzJYLkshCeuyD9bco8R96
|
|
/zrpBEX8tADN3+3yA3fMcZzVXsBm4BTpHJRk/qBpHYEPSHzxyH3iGMNKk3vMUBZz
|
|
e0EYkK8NCA2CuEKMnC3acx9IdRwkx10abGvHQCLRCVY7rGoak+b0oZ99RJIRQ9Iq
|
|
YXsn8fsMBQly6xxvSeY5XuSP7Xb6JKDt3y8Spi4gR1M/5aEzhuOyu201rMna7Rs/
|
|
GPfaKjBlbX0jiLDa7v4zjsBPsPaf/c4uooz3ICLsdukaom+E538R0EiOkXt/wyw2
|
|
2YmaWNCsYlEpke7cVC33e/0dPBq4IHsVflawSF9OWS23ikVAs/n+76KjuucEDmbT
|
|
aKUYAJjvAmZL14j+EKc/CoplhCe6pKhavjmNIOfCSdlreIPBhOVbf1f817wKoSIZ
|
|
qVyCA1AYNkI9RYS00axtJGBGMlKbdQqCNpLL58c6To2awmckIZCEcATKOp++NoGm
|
|
Ib0bhdSasdGB5VCtwZVluN8bLl13zBKoxTGjNlEatUGDRnDAnLdZbXXffjsCAwEA
|
|
AaNQME4wHQYDVR0OBBYEFCMYYMOL0E/Uyj5wseDfIl7o4ELsMB8GA1UdIwQYMBaA
|
|
FCMYYMOL0E/Uyj5wseDfIl7o4ELsMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
|
|
BQADggIBABG8fPvrrR+erpwQFuB/56j2i6sO+qoOJPpAMYwkzICrT0eerWAavwoy
|
|
f0UAKN7cUeEJXjIR7s7CogGFijWdaWaQsXUD0zJq5aotLYZLimEc1O0uAmJEsfYC
|
|
v7mG07eU6ge22sSo5hxhVplGt52hnXnT0DdgSRZpq2mvgd9lcopAidM+KHlaasXk
|
|
IecHKM99KX9D8smr0AcQ6M/Ygbf2qjO9YRmpBIjyQWEake4y/4LWm+3+v08ecg4B
|
|
g+iMC0Rw1QcPqgwaGaWu71RtYhyTg7SnAknb5nBcHIbLb0hdLgQTa3ZdtXgqchIi
|
|
GuFlEBmHFZP6bLJORRUQ0ari5wpXIsYfrB4T8PybTzva3OCMlEsMjuysFr9ewhzM
|
|
9UGLiSQNDyKA10J8WwlzbeD0AAW944hW4Dbg6SWv4gAo51T+6AukRdup5y6lfQ5a
|
|
h4Lbo6pzaA369IsJBntvKvia6hUf/SghnbG7pCHX/AEilcgTb13HndF/G+7aZgKR
|
|
mi9qvNRSDsE/BrgZawovp81+j6aL4y6UtXYspHr+SuWsKYsaH7pl5HspNCyJ5vV6
|
|
dpJAwosFBqSEnI333wAunpMYmi/jKHH/j4WqjLnCInp0/wouzYu42l8Pmz591BSp
|
|
Jag500bEBxqI2RLELgMt/bUdjp4N2M7mrxdrN+2579HTzb6Hviu9
|
|
-----END CERTIFICATE-----
|
|
## Persist data to a persistent volume
|
|
volumes:
|
|
data:
|
|
# storageClass: "-"
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
# resources:
|
|
# requests:
|
|
# memory: 256Mi
|
|
# cpu: 100m
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
clair:
|
|
enabled: true
|
|
image:
|
|
repository: vmware/clair-photon
|
|
tag: dev
|
|
pullPolicy: IfNotPresent
|
|
volumes:
|
|
pgData:
|
|
# storageClass: "-"
|
|
accessMode: ReadWriteOnce
|
|
size: 1Gi
|
|
# resources:
|
|
# requests:
|
|
# memory: 256Mi
|
|
# cpu: 100m
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
redis:
|
|
# if external Redis is used, set "external.enabled" to "true"
|
|
# and fill the connection informations in "external" section.
|
|
# or the internal Redis will be used
|
|
usePassword: false
|
|
password: "changeit"
|
|
cluster:
|
|
enabled: false
|
|
master:
|
|
persistence:
|
|
# TODO: There is a perm issue: Can't open the append-only file: Permission denied
|
|
# TODO: Setting it to false is a temp workaround. Will re-visit this problem.
|
|
enabled: false
|
|
external:
|
|
enabled: false
|
|
host: "192.168.0.2"
|
|
port: "6379"
|
|
databaseIndex: "0"
|
|
usePassword: false
|
|
password: "changeit"
|
|
|
|
notary:
|
|
enabled: true
|
|
server:
|
|
image:
|
|
repository: vmware/notary-server-photon
|
|
tag: dev
|
|
pullPolicy: IfNotPresent
|
|
signer:
|
|
image:
|
|
repository: vmware/notary-signer-photon
|
|
tag: dev
|
|
pullPolicy: IfNotPresent
|
|
env:
|
|
NOTARY_SIGNER_DEFAULTALIAS: defaultalias
|
|
# The TLS certificate for Notary Signer. Will auto generate them if unspecified here.
|
|
caCrt:
|
|
tlsCrt:
|
|
tlsKey:
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|