## @section Global parameters ## Global Docker image parameters ## Please, note that this will override the image parameters, including dependencies, configured to use the global value ## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass ## ## @param global.imageRegistry Global Docker image registry ## @param global.imagePullSecrets Global Docker registry secret names as an array ## @param global.storageClass Global StorageClass for Persistent Volume(s) ## global: imageRegistry: "" ## E.g. ## imagePullSecrets: ## - myRegistryKeySecretName ## imagePullSecrets: [] storageClass: "" ## @section Common Parameters ## ## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) ## nameOverride: "" ## @param fullnameOverride String to fully override common.names.fullname template with a string ## fullnameOverride: "" ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) ## kubeVersion: "" ## @param clusterDomain Kubernetes Cluster Domain ## clusterDomain: cluster.local ## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} ## @param commonLabels Labels to add to all deployed objects ## commonLabels: {} ## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). ## extraDeploy: [] ## Enable diagnostic mode in the deployment(s)/statefulset(s) ## diagnosticMode: ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) ## enabled: false ## @param diagnosticMode.command Command to override all containers in the the deployment(s)/statefulset(s) ## command: - sleep ## @param diagnosticMode.args Args to override all containers in the the deployment(s)/statefulset(s) ## args: - infinity ## @section Harbor common parameters ## ## @param adminPassword The initial password of Harbor admin. Change it from portal after launching Harbor ## adminPassword: "Harbor01@" ## @param externalURL The external URL for Harbor Core service ## It is used to ## 1) populate the docker/helm commands showed on portal ## 2) populate the token service URL returned to docker/notary client ## ## Format: protocol://domain[:port]. Usually: ## 1) if "exposureType" is "ingress", the "domain" should be ## the value of "ingress.hostname" ## 2) if "exposureType" is "proxy" and "service.type" is "ClusterIP", ## the "domain" should be the value of "service.clusterIP" ## 3) if "exposureType" is "proxy" and "service.type" is "NodePort", ## the "domain" should be the IP address of k8s node ## 4) if "exposureType" is "proxy" and "service.type" is "LoadBalancer", ## the "domain" should be the LoadBalancer IP ## externalURL: https://harbor-dev.allarddcs.nl ## Note: If Harbor is exposed via Ingress, the NGINX server will not be used ## @param proxy.httpProxy The URL of the HTTP proxy server ## @param proxy.httpsProxy The URL of the HTTPS proxy server ## @param proxy.noProxy The URLs that the proxy settings not apply to ## @param proxy.components The component list that the proxy settings apply to ## proxy: httpProxy: "" httpsProxy: "" noProxy: 127.0.0.1,localhost,.local,.internal components: - core - jobservice - trivy ## @param logLevel The log level used for Harbor services. Allowed values are [ fatal \| error \| warn \| info \| debug \| trace ] ## logLevel: debug ## TLS settings ## Note: TLS cert files need to provided in each components in advance. ## internalTLS: ## @param internalTLS.enabled Use TLS in all the supported containers: chartmuseum, core, jobservice, portal, registry and trivy ## enabled: false ## @param internalTLS.caBundleSecret Name of an existing secret with a custom CA that will be injected into the trust store for chartmuseum, core, jobservice, registry, trivy components ## The secret must contain the key "ca.crt" ## caBundleSecret: "" ## IP family parameters ## ipFamily: ## @param ipFamily.ipv6.enabled Enable listening on IPv6 ([::]) for NGINX-based components (NGINX,portal) ## Note: enabling IPv6 will cause NGINX to crash on start on systems with IPv6 disabled (`ipv6.disable` kernel flag) ## ipv6: enabled: false ## @param ipFamily.ipv4.enabled Enable listening on IPv4 for NGINX-based components (NGINX,portal) ## ipv4: enabled: true ## @section Traffic Exposure Parameters ## ## @param exposureType The way to expose Harbor. Allowed values are [ ingress \| proxy ] ## Use "proxy" to use a deploy NGINX proxy in front of Harbor services ## Use "ingress" to use an Ingress Controller as proxy ## exposureType: ingress #exposureType: proxy ## Service parameters ## service: ## @param service.type NGINX proxy service type ## type: ClusterIP ## @param service.ports.http NGINX proxy service HTTP port ## @param service.ports.https NGINX proxy service HTTPS port ## @param service.ports.notary Notary service port ## ports: http: 80 https: 443 ## Node ports to expose ## @param service.nodePorts.http Node port for HTTP ## @param service.nodePorts.https Node port for HTTPS ## @param service.nodePorts.notary Node port for Notary ## NOTE: choose port between <30000-32767> ## nodePorts: http: "" https: "" notary: "" ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/user-guide/services/ ## sessionAffinity: None ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity ## sessionAffinityConfig: ## clientIP: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} ## @param service.clusterIP NGINX proxy service Cluster IP ## e.g.: ## clusterIP: None ## clusterIP: "" ## @param service.loadBalancerIP NGINX proxy service Load Balancer IP ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer ## loadBalancerIP: "" ## @param service.loadBalancerSourceRanges NGINX proxy service Load Balancer sources ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service ## e.g: ## loadBalancerSourceRanges: ## - 10.10.10.0/24 ## loadBalancerSourceRanges: [] ## @param service.externalTrafficPolicy NGINX proxy service external traffic policy ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip ## externalTrafficPolicy: Cluster ## @param service.annotations Additional custom annotations for NGINX proxy service ## annotations: {} ## @param service.extraPorts Extra port to expose on NGINX proxy service ## extraPorts: [] ingress: ## Configure the ingress resource that allows you to access Harbor Core ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## core: ## @param ingress.core.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "traefik" ## @param ingress.core.pathType Ingress path type ## pathType: ImplementationSpecific ## @param ingress.core.apiVersion Force Ingress API version (automatically detected if not set) ## apiVersion: "" ## @param ingress.core.controller The ingress controller type. Currently supports `default`, `gce` and `ncp` ## leave as `default` for most ingress controllers. ## set to `gce` if using the GCE ingress controller ## set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller ## controller: default ## @param ingress.core.hostname Default host for the ingress record ## hostname: harbor-dev.allarddcs.nl ## @param ingress.core.annotations [object] Additional annotations for the Ingress resource. ## To enable certificate autogeneration, place here your cert-manager annotations. ## Use this parameter to set the required annotations for cert-manager, see ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations ## e.g: ## annotations: ## kubernetes.io/ingress.class: nginx ## cert-manager.io/cluster-issuer: letsencrypt ## annotations: ingress.kubernetes.io/ssl-redirect: 'true' ingress.kubernetes.io/proxy-body-size: '0' nginx.ingress.kubernetes.io/ssl-redirect: 'true' nginx.ingress.kubernetes.io/proxy-body-size: '0' cert-manager.io/cluster-issuer: 'letsencrypt' ## @param ingress.core.tls Enable TLS configuration for the host defined at `ingress.core.hostname` parameter ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.core.hostname }}` ## You can: ## - Use the `ingress.core.secrets` parameter to create this TLS secret ## - Rely on cert-manager to create it by setting the corresponding annotations ## - Rely on Helm to create self-signed certificates by setting `ingress.core.selfSigned=true` ## tls: true ## @param ingress.core.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false ## @param ingress.core.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: ## - name: core.harbor.domain ## path: / ## extraHosts: [] ## @param ingress.core.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host ## e.g: ## extraPaths: ## - path: /* ## backend: ## serviceName: ssl-redirect ## servicePort: use-annotation ## extraPaths: [] ## @param ingress.core.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls ## e.g: ## extraTls: ## - hosts: ## - core.harbor.domain ## secretName: core.harbor.domain-tls ## extraTls: [] ## @param ingress.core.secrets Custom TLS certificates as secrets ## NOTE: 'key' and 'certificate' are expected in PEM format ## NOTE: 'name' should line up with a 'secretName' set further up ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days ## It is also possible to create and manage the certificates outside of this helm chart ## Please see README.md for more information ## e.g: ## secrets: ## - name: core.harbor.domain-tls ## key: |- ## -----BEGIN RSA PRIVATE KEY----- ## ... ## -----END RSA PRIVATE KEY----- ## certificate: |- ## -----BEGIN CERTIFICATE----- ## ... ## -----END CERTIFICATE----- ## secrets: [] ## @param ingress.core.extraRules Additional rules to be covered with this ingress record ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules ## e.g: ## extraRules: ## - host: example.local ## http: ## path: / ## backend: ## service: ## name: example-svc ## port: ## name: http ## extraRules: [] ## Configure the ingress resource that allows you to access Notary ## ref: https://kubernetes.io/docs/user-guide/ingress/ ## ## @section Persistence Parameters ## ## The persistence is enabled by default and a default StorageClass ## is needed in the k8s cluster to provision volumes dynamically. ## Specify another StorageClass in the "storageClass" or set "existingClaim" ## if you have already existing persistent volumes to use ## ## For storing images and charts, you can also use "azure", "gcs", "s3", ## "swift" or "oss". Set it in the "imageChartStorage" section ## persistence: ## @param persistence.enabled Enable the data persistence or not ## enabled: true ## Resource Policy ## @param persistence.resourcePolicy Setting it to `keep` to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted ## resourcePolicy: '' persistentVolumeClaim: ## @param persistence.persistentVolumeClaim.registry.existingClaim Name of an existing PVC to use ## @param persistence.persistentVolumeClaim.registry.storageClass PVC Storage Class for Harbor Registry data volume ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning ## @param persistence.persistentVolumeClaim.registry.subPath The sub path used in the volume ## @param persistence.persistentVolumeClaim.registry.accessModes The access mode of the volume ## @param persistence.persistentVolumeClaim.registry.size The size of the volume ## @param persistence.persistentVolumeClaim.registry.annotations Annotations for the PVC ## @param persistence.persistentVolumeClaim.registry.selector Selector to match an existing Persistent Volume ## registry: existingClaim: "harbor-registry-pvc" storageClass: "" subPath: "" accessModes: - ReadWriteOnce size: 5Gi annotations: {} selector: {} ## @param persistence.persistentVolumeClaim.jobservice.existingClaim Name of an existing PVC to use ## @param persistence.persistentVolumeClaim.jobservice.storageClass PVC Storage Class for Harbor Jobservice data volume ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning ## @param persistence.persistentVolumeClaim.jobservice.subPath The sub path used in the volume ## @param persistence.persistentVolumeClaim.jobservice.accessModes The access mode of the volume ## @param persistence.persistentVolumeClaim.jobservice.size The size of the volume ## @param persistence.persistentVolumeClaim.jobservice.annotations Annotations for the PVC ## @param persistence.persistentVolumeClaim.jobservice.selector Selector to match an existing Persistent Volume ## jobservice: existingClaim: "harbor-jobsvc-pvc" storageClass: "" subPath: "" accessModes: - ReadWriteOnce size: 1Gi annotations: {} selector: {} ## @param persistence.persistentVolumeClaim.jobservice.scanData.existingClaim Name of an existing PVC to use ## @param persistence.persistentVolumeClaim.jobservice.scanData.storageClass PVC Storage Class for Harbor Jobservice scan data volume ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning ## @param persistence.persistentVolumeClaim.jobservice.scanData.subPath The sub path used in the volume ## @param persistence.persistentVolumeClaim.jobservice.scanData.accessModes The access mode of the volume ## @param persistence.persistentVolumeClaim.jobservice.scanData.size The size of the volume ## @param persistence.persistentVolumeClaim.jobservice.scanData.annotations Annotations for the PVC ## @param persistence.persistentVolumeClaim.jobservice.scanData.selector Selector to match an existing Persistent Volume ## scanData: existingClaim: "harbor-jobsvc-scandata-pvc" storageClass: "" subPath: "" accessModes: - ReadWriteOnce size: 1Gi annotations: {} selector: {} ## @param persistence.persistentVolumeClaim.chartmuseum.existingClaim Name of an existing PVC to use ## @param persistence.persistentVolumeClaim.chartmuseum.storageClass PVC Storage Class for Chartmuseum data volume ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning ## @param persistence.persistentVolumeClaim.chartmuseum.subPath The sub path used in the volume ## @param persistence.persistentVolumeClaim.chartmuseum.accessModes The access mode of the volume ## @param persistence.persistentVolumeClaim.chartmuseum.size The size of the volume ## @param persistence.persistentVolumeClaim.chartmuseum.annotations Annotations for the PVC ## @param persistence.persistentVolumeClaim.chartmuseum.selector Selector to match an existing Persistent Volume ## chartmuseum: existingClaim: "" storageClass: "" subPath: "chartmuseum" accessModes: - ReadWriteOnce size: 5Gi annotations: {} selector: {} ## @param persistence.persistentVolumeClaim.trivy.storageClass PVC Storage Class for Trivy data volume ## Note: The default StorageClass will be used if not defined. Set it to `-` to disable dynamic provisioning ## @param persistence.persistentVolumeClaim.trivy.accessModes The access mode of the volume ## @param persistence.persistentVolumeClaim.trivy.size The size of the volume ## @param persistence.persistentVolumeClaim.trivy.annotations Annotations for the PVC ## @param persistence.persistentVolumeClaim.trivy.selector Selector to match an existing Persistent Volume ## trivy: storageClass: "" accessModes: - ReadWriteOnce size: 1Gi annotations: {} selector: {} ## Define which storage backend is used for registry and chartmuseum to store ## images and charts. ## ref: https://github.com/docker/distribution/blob/master/docs/configuration.md#storage ## imageChartStorage: ## @param persistence.imageChartStorage.caBundleSecret Specify the `caBundleSecret` if the storage service uses a self-signed certificate. The secret must contain keys named `ca.crt` which will be injected into the trust store of registry's and chartmuseum's containers. ## caBundleSecret: "" ## @param persistence.imageChartStorage.disableredirect The configuration for managing redirects from content backends. For backends which do not supported it (such as using MinIO® for `s3` storage type), please set it to `true` to disable redirects. Refer to the [guide](https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect) for more information about the detail ## disableredirect: false ## @param persistence.imageChartStorage.type The type of storage for images and charts: `filesystem`, `azure`, `gcs`, `s3`, `swift` or `oss`. The type must be `filesystem` if you want to use persistent volumes for registry and chartmuseum. Refer to the [guide](https://github.com/docker/distribution/blob/master/docs/configuration.md#storage) for more information about the detail ## type: filesystem ## Images/charts storage parameters when type is "filesystem" ## @param persistence.imageChartStorage.filesystem.rootdirectory Filesystem storage type setting: Storage root directory ## @param persistence.imageChartStorage.filesystem.maxthreads Filesystem storage type setting: Maximum threads directory ## filesystem: rootdirectory: /storage maxthreads: "" ## @section Tracing parameters ## ## Tracing parameters: ## tracing: Configure tracing for Harbor, only one of tracing.jeager.enabled and tracing.otel.enabled should be set ## tracing: ## @param tracing.enabled Enable tracing ## enabled: false ## @param tracing.sampleRate Tracing sample rate from 0 to 1 ## sampleRate: 1 ## @param tracing.namespace Used to differentiate traces between different harbor services ## namespace: "" ## @param tracing.attributes A key value dict containing user defined attributes used to initialize the trace provider ## e.g: ## attributes: ## application: harbor ## attributes: {} ## @section Volume Permissions parameters ## ## Init containers parameters: ## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node ## volumePermissions: ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume ## enabled: false ## @param volumePermissions.image.registry Init container volume-permissions image registry ## @param volumePermissions.image.repository Init container volume-permissions image repository ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets ## image: registry: docker.io repository: bitnamilegacy/os-shell tag: 12-debian-12-r39 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## Example: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Init container resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param volumePermissions.resources.limits Init container volume-permissions resource limits ## @param volumePermissions.resources.requests Init container volume-permissions resource requests ## resources: limits: {} requests: {} ## Init container' Security Context ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser ## and not the below volumePermissions.containerSecurityContext.runAsUser ## @param volumePermissions.containerSecurityContext.enabled Enable init container Security Context ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container ## containerSecurityContext: enabled: true runAsUser: 0 ## @section NGINX Parameters ## nginx: ## Bitnami NGINX image ## ref: https://hub.docker.com/r/bitnami/nginx/tags/ ## @param nginx.image.registry NGINX image registry ## @param nginx.image.repository NGINX image repository ## @param nginx.image.tag NGINX image tag (immutable tags are recommended) ## @param nginx.image.digest NGINX image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param nginx.image.pullPolicy NGINX image pull policy ## @param nginx.image.pullSecrets NGINX image pull secrets ## @param nginx.image.debug Enable NGINX image debug mode ## image: registry: docker.io repository: bitnamilegacy/nginx tag: 1.27.4-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## TLS parameters ## tls: ## @param nginx.tls.enabled Enable TLS termination ## enabled: false ## @param nginx.tls.existingSecret Existing secret name containing your own TLS certificates. ## The secret must contain the keys: ## `tls.crt` - the certificate (required), ## `tls.key` - the private key (required), ## `ca.crt` - CA certificate (optional) ## Self-signed TLS certificates will be used otherwise. ## existingSecret: "" ## @param nginx.tls.commonName The common name used to generate the self-signed TLS certificates ## commonName: harbor-dev.allarddcs.nl ## @param nginx.behindReverseProxy If NGINX is behind another reverse proxy, set to true ## if the reverse proxy already provides the 'X-Forwarded-Proto' header field. ## This is, for example, the case for the OpenShift HAProxy router. ## behindReverseProxy: true ## @param nginx.command Override default container command (useful when using custom images) ## command: [] ## @param nginx.args Override default container args (useful when using custom images) ## args: [] ## @param nginx.extraEnvVars Array with extra environment variables to add NGINX pods ## extraEnvVars: [] ## @param nginx.extraEnvVarsCM ConfigMap containing extra environment variables for NGINX pods ## extraEnvVarsCM: "" ## @param nginx.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for NGINX pods ## extraEnvVarsSecret: "" ## @param nginx.containerPorts.http NGINX HTTP container port ## @param nginx.containerPorts.https NGINX HTTPS container port ## @param nginx.containerPorts.notary NGINX container port where Notary svc is exposed ## containerPorts: http: 8080 https: 8443 notary: 4443 ## @param nginx.replicaCount Number of NGINX replicas ## replicaCount: 1 ## Configure extra options for NGINX containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param nginx.livenessProbe.enabled Enable livenessProbe on NGINX containers ## @param nginx.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param nginx.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param nginx.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param nginx.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param nginx.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param nginx.readinessProbe.enabled Enable readinessProbe on NGINX containers ## @param nginx.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param nginx.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param nginx.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param nginx.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param nginx.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param nginx.startupProbe.enabled Enable startupProbe on NGINX containers ## @param nginx.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param nginx.startupProbe.periodSeconds Period seconds for startupProbe ## @param nginx.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param nginx.startupProbe.failureThreshold Failure threshold for startupProbe ## @param nginx.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param nginx.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param nginx.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param nginx.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## NGINX resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param nginx.resources.limits The resources limits for the NGINX containers ## @param nginx.resources.requests The requested resources for the NGINX containers ## resources: limits: {} requests: {} ## Configure NGINX pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param nginx.podSecurityContext.enabled Enabled NGINX pods' Security Context ## @param nginx.podSecurityContext.fsGroup Set NGINX pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure NGINX containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param nginx.containerSecurityContext.enabled Enabled NGINX containers' Security Context ## @param nginx.containerSecurityContext.runAsUser Set NGINX containers' Security Context runAsUser ## @param nginx.containerSecurityContext.runAsNonRoot Set NGINX containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param nginx.updateStrategy.type NGINX deployment strategy type - only really applicable for deployments with RWO PVs attached ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will ## terminate the single previous pod, so that the new, incoming pod can attach to the PV ## updateStrategy: type: RollingUpdate ## @param nginx.lifecycleHooks LifecycleHook for the NGINX container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param nginx.hostAliases NGINX pods host aliases ## hostAliases: [] ## @param nginx.podLabels Add additional labels to the NGINX pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param nginx.podAnnotations Annotations to add to the NGINX pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param nginx.podAffinityPreset NGINX Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param nginx.podAntiAffinityPreset NGINX Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## Allowed values: soft, hard ## nodeAffinityPreset: ## @param nginx.nodeAffinityPreset.type NGINX Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param nginx.nodeAffinityPreset.key NGINX Node label key to match Ignored if `affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param nginx.nodeAffinityPreset.values NGINX Node label values to match. Ignored if `affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param nginx.affinity NGINX Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param nginx.nodeSelector NGINX Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param nginx.tolerations NGINX Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param nginx.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param nginx.priorityClassName Priority Class Name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param nginx.schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param nginx.sidecars Add additional sidecar containers to the NGINX pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param nginx.initContainers Add additional init containers to the NGINX pods ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param nginx.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the NGINX pods ## extraVolumeMounts: [] ## @param nginx.extraVolumes Optionally specify extra list of additional volumes for the NGINX pods ## extraVolumes: [] ## @section Harbor Portal Parameters ## portal: ## Bitnami Harbor Portal image ## ref: https://hub.docker.com/r/bitnami/harbor-portal/tags/ ## @param portal.image.registry Harbor Portal image registry ## @param portal.image.repository Harbor Portal image repository ## @param portal.image.tag Harbor Portal image tag (immutable tags are recommended) ## @param portal.image.digest Harbor Portal image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param portal.image.pullPolicy Harbor Portal image pull policy ## @param portal.image.pullSecrets Harbor Portal image pull secrets ## @param portal.image.debug Enable Harbor Portal image debug mode ## image: registry: docker.io repository: bitnamilegacy/harbor-portal tag: 2.12.2-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## Use TLS in the container ## tls: ## @param portal.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ## Requires `internalTLS.enabled` to be set to `true`` ## Self-signed TLS certificates will be used otherwise ## existingSecret: "" ## @param portal.command Override default container command (useful when using custom images) ## command: [] ## @param portal.args Override default container args (useful when using custom images) ## args: [] ## @param portal.extraEnvVars Array with extra environment variables to add Harbor Portal pods ## extraEnvVars: [] ## @param portal.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Portal pods ## extraEnvVarsCM: "" ## @param portal.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Portal pods ## extraEnvVarsSecret: "" ## @param portal.containerPorts.http Harbor Portal HTTP container port ## @param portal.containerPorts.https Harbor Portal HTTPS container port ## containerPorts: http: 8080 https: 8443 ## @param portal.replicaCount Number of Harbor Portal replicas ## replicaCount: 1 ## Configure extra options for Harbor Portal containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param portal.livenessProbe.enabled Enable livenessProbe on Harbor Portal containers ## @param portal.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param portal.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param portal.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param portal.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param portal.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param portal.readinessProbe.enabled Enable readinessProbe on Harbor Portal containers ## @param portal.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param portal.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param portal.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param portal.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param portal.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param portal.startupProbe.enabled Enable startupProbe on Harbor Portal containers ## @param portal.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param portal.startupProbe.periodSeconds Period seconds for startupProbe ## @param portal.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param portal.startupProbe.failureThreshold Failure threshold for startupProbe ## @param portal.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param portal.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param portal.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param portal.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Harbor Portal resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param portal.resources.limits The resources limits for the Harbor Portal containers ## @param portal.resources.requests The requested resources for the Harbor Portal containers ## resources: limits: {} requests: {} ## Configure Harbor Portal pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param portal.podSecurityContext.enabled Enabled Harbor Portal pods' Security Context ## @param portal.podSecurityContext.fsGroup Set Harbor Portal pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Harbor Portal containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param portal.containerSecurityContext.enabled Enabled Harbor Portal containers' Security Context ## @param portal.containerSecurityContext.runAsUser Set Harbor Portal containers' Security Context runAsUser ## @param portal.containerSecurityContext.runAsNonRoot Set Harbor Portal containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param portal.updateStrategy.type Harbor Portal deployment strategy type - only really applicable for deployments with RWO PVs attached ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will ## terminate the single previous pod, so that the new, incoming pod can attach to the PV ## updateStrategy: type: RollingUpdate ## @param portal.lifecycleHooks LifecycleHook for the Harbor Portal container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param portal.hostAliases Harbor Portal pods host aliases ## hostAliases: [] ## @param portal.podLabels Add additional labels to the Harbor Portal pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param portal.podAnnotations Annotations to add to the Harbor Portal pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param portal.podAffinityPreset Harbor Portal Pod affinity preset. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param portal.podAntiAffinityPreset Harbor Portal Pod anti-affinity preset. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param portal.nodeAffinityPreset.type Harbor Portal Node affinity preset type. Ignored if `portal.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param portal.nodeAffinityPreset.key Harbor Portal Node label key to match Ignored if `portal.affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param portal.nodeAffinityPreset.values Harbor Portal Node label values to match. Ignored if `portal.affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param portal.affinity Harbor Portal Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: portal.podAffinityPreset, portal.podAntiAffinityPreset, and portal.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param portal.nodeSelector Harbor Portal Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param portal.tolerations Harbor Portal Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param portal.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param portal.priorityClassName Priority Class Name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param portal.schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param portal.sidecars Add additional sidecar containers to the Harbor Portal pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param portal.initContainers Add additional init containers to the Harbor Portal pods ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param portal.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Portal pods ## extraVolumeMounts: [] ## @param portal.extraVolumes Optionally specify extra list of additional volumes for the Harbor Portal pods ## extraVolumes: [] ## @param portal.automountServiceAccountToken Automount service account token ## automountServiceAccountToken: false ## Harbor Portal service configuration ## service: ## @param portal.service.ports.http Harbor Portal HTTP service port ## @param portal.service.ports.https Harbor Portal HTTPS service port ## ports: http: 80 https: 443 ## @section Harbor Core Parameters ## core: ## Bitnami Harbor Core image ## ref: https://hub.docker.com/r/bitnami/harbor-core/tags/ ## @param core.image.registry Harbor Core image registry ## @param core.image.repository Harbor Core image repository ## @param core.image.tag Harbor Core image tag (immutable tags are recommended) ## @param core.image.digest Harbor Core image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param core.image.pullPolicy Harbor Core image pull policy ## @param core.image.pullSecrets Harbor Core image pull secrets ## @param core.image.debug Enable Harbor Core image debug mode ## image: registry: docker.io repository: bitnamilegacy/harbor-core tag: 2.12.2-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param core.sessionLifetime Explicitly set a session timeout (in seconds) overriding the backend default. ## sessionLifetime: "" ## @param core.uaaSecret If using external UAA auth which has a self signed cert, you can provide a pre-created secret containing it under the key `ca.crt`. ## uaaSecret: "" ## @param core.secretKey The key used for encryption. Must be a string of 16 chars ## e.g: ## secretKey: "not-a-secure-string" ## secretKey: "" ## @param core.secret Secret used when the core server communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. ## secret: "" ## @param core.tokenKey Key of the certificate used for token encryption/decryption. ## tokenKey: "" ## @param core.tokenCert Certificate used for token encryption/decryption. ## tokenCert: "" ## @param core.secretName Fill the name of a kubernetes secret if you want to use your own TLS certificate and private key for token encryption/decryption. The secret must contain two keys named: `tls.crt` - the certificate and `tls.key` - the private key. The default key pair will be used if it isn't set ## secretName: "" ## @param core.existingSecret Existing secret for core ## The secret must contain the keys: ## `secret` (required), ## `secretKey` (required), ## existingSecret: "" ## @param core.existingEnvVarsSecret Existing secret for core envvars ## The secret must contain the keys: ## `CSRF_KEY` (required), ## `HARBOR_ADMIN_PASSWORD` (required), ## `POSTGRESQL_PASSWORD` (required), ## `REGISTRY_CREDENTIAL_USERNAME` (required), ## `REGISTRY_CREDENTIAL_PASSWORD` (required), ## `_REDIS_URL_CORE` (optional), ## `_REDIS_URL_REG` (optional), ## ## If you do not know how to start, let the chart generate a full secret for you before defining an existingEnvVarsSecret ## Notes: ## As a EnvVars secret, this secret also store redis config urls ## The HARBOR_ADMIN_PASSWORD is only required at initial deployment, once the password is set in database, it is not used anymore ## existingEnvVarsSecret: "" ## @param core.csrfKey The CSRF key. Will be generated automatically if it isn't specified ## csrfKey: "" ## Use TLS in the container ## tls: ## @param core.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ## Requires `internalTLS.enabled` to be set to `true`` ## Self-signed TLS certificates will be used otherwise ## existingSecret: "" ## @param core.command Override default container command (useful when using custom images) ## command: [] ## @param core.args Override default container args (useful when using custom images) ## args: [] ## @param core.extraEnvVars Array with extra environment variables to add Harbor Core pods ## extraEnvVars: [] ## @param core.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Core pods ## extraEnvVarsCM: "" ## @param core.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Core pods ## extraEnvVarsSecret: "" ## @param core.configOverwriteJson String containing a JSON with configuration overrides ## Source: https://goharbor.io/docs/latest/install-config/configure-user-settings-cli/#harbor-user-settings ## configOverwriteJson: "" ## @param core.configOverwriteJsonSecret Secret containing the JSON configuration overrides ## Source: https://goharbor.io/docs/latest/install-config/configure-user-settings-cli/#harbor-user-settings ## configOverwriteJsonSecret: "" ## @param core.containerPorts.http Harbor Core HTTP container port ## @param core.containerPorts.https Harbor Core HTTPS container port ## @param core.containerPorts.metrics Harbor Core metrics container port ## containerPorts: http: 8080 https: 8443 metrics: 8001 ## @param core.replicaCount Number of Harbor Core replicas ## replicaCount: 1 ## Configure extra options for Harbor Core containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param core.livenessProbe.enabled Enable livenessProbe on Harbor Core containers ## @param core.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param core.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param core.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param core.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param core.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param core.readinessProbe.enabled Enable readinessProbe on Harbor Core containers ## @param core.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param core.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param core.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param core.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param core.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param core.startupProbe.enabled Enable startupProbe on Harbor Core containers ## @param core.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param core.startupProbe.periodSeconds Period seconds for startupProbe ## @param core.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param core.startupProbe.failureThreshold Failure threshold for startupProbe ## @param core.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param core.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param core.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param core.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Harbor Core resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param core.resources.limits The resources limits for the Harbor Core containers ## @param core.resources.requests The requested resources for the Harbor Core containers ## resources: limits: {} requests: {} ## Configure Harbor Core pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param core.podSecurityContext.enabled Enabled Harbor Core pods' Security Context ## @param core.podSecurityContext.fsGroup Set Harbor Core pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Harbor Core containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param core.containerSecurityContext.enabled Enabled Harbor Core containers' Security Context ## @param core.containerSecurityContext.runAsUser Set Harbor Core containers' Security Context runAsUser ## @param core.containerSecurityContext.runAsNonRoot Set Harbor Core containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param core.updateStrategy.type Harbor Core deployment strategy type - only really applicable for deployments with RWO PVs attached ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will ## terminate the single previous pod, so that the new, incoming pod can attach to the PV ## updateStrategy: type: RollingUpdate ## @param core.lifecycleHooks LifecycleHook for the Harbor Core container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param core.hostAliases Harbor Core pods host aliases ## hostAliases: [] ## @param core.podLabels Add additional labels to the Harbor Core pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param core.podAnnotations Annotations to add to the Harbor Core pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param core.podAffinityPreset Harbor Core Pod affinity preset. Ignored if `core.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param core.podAntiAffinityPreset Harbor Core Pod anti-affinity preset. Ignored if `core.affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param core.nodeAffinityPreset.type Harbor Core Node affinity preset type. Ignored if `core.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param core.nodeAffinityPreset.key Harbor Core Node label key to match Ignored if `core.affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param core.nodeAffinityPreset.values Harbor Core Node label values to match. Ignored if `core.affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param core.affinity Harbor Core Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: core.podAffinityPreset, core.podAntiAffinityPreset, and core.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param core.nodeSelector Harbor Core Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param core.tolerations Harbor Core Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param core.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param core.priorityClassName Priority Class Name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param core.schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param core.sidecars Add additional sidecar containers to the Harbor Core pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param core.initContainers Add additional init containers to the Harbor Core pods ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param core.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Core pods ## extraVolumeMounts: [] ## @param core.extraVolumes Optionally specify extra list of additional volumes for the Harbor Core pods ## extraVolumes: [] ## @param core.automountServiceAccountToken Automount service account token ## automountServiceAccountToken: false ## Harbor Core service configuration ## service: ## @param core.service.ports.http Harbor Core HTTP service port ## @param core.service.ports.https Harbor Core HTTPS service port ## @param core.service.ports.metrics Harbor Core metrics service port ## ports: http: 80 https: 443 metrics: 8001 ## @section Harbor Jobservice Parameters ## jobservice: ## Bitnami Harbor Jobservice image ## ref: https://hub.docker.com/r/bitnami/harbor-jobservice/tags/ ## @param jobservice.image.registry Harbor Jobservice image registry ## @param jobservice.image.repository Harbor Jobservice image repository ## @param jobservice.image.tag Harbor Jobservice image tag (immutable tags are recommended) ## @param jobservice.image.digest Harbor Jobservice image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param jobservice.image.pullPolicy Harbor Jobservice image pull policy ## @param jobservice.image.pullSecrets Harbor Jobservice image pull secrets ## @param jobservice.image.debug Enable Harbor Jobservice image debug mode ## image: registry: docker.io repository: bitnamilegacy/harbor-jobservice tag: 2.12.2-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param jobservice.maxJobWorkers The max job workers ## maxJobWorkers: 10 ## @param jobservice.redisNamespace Redis namespace for jobservice ## redisNamespace: harbor_job_service_namespace ## @param jobservice.jobLogger The logger for jobs: `file`, `database` or `stdout` ## jobLogger: file ## @param jobservice.secret Secret used when the job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. ## If a secret key is not specified, Helm will generate one. ## Must be a string of 16 chars. ## secret: "" ## @param jobservice.existingSecret Existing secret for jobservice ## The secret must contain the keys: ## `secret` (required), ## existingSecret: "" ## Use TLS in the container ## tls: ## @param jobservice.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ## Requires `internalTLS.enabled` to be set to `true`` ## Self-signed TLS certificates will be used otherwise ## existingSecret: "" ## @param jobservice.command Override default container command (useful when using custom images) ## command: [] ## @param jobservice.args Override default container args (useful when using custom images) ## args: [] ## @param jobservice.extraEnvVars Array with extra environment variables to add Harbor Jobservice pods ## extraEnvVars: [] ## @param jobservice.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Jobservice pods ## extraEnvVarsCM: "" ## @param jobservice.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Jobservice pods ## extraEnvVarsSecret: "" ## @param jobservice.containerPorts.http Harbor Jobservice HTTP container port ## @param jobservice.containerPorts.https Harbor Jobservice HTTPS container port ## @param jobservice.containerPorts.metrics Harbor Jobservice metrics container port ## containerPorts: http: 8080 https: 8443 metrics: 8001 ## @param jobservice.replicaCount Number of Harbor Jobservice replicas ## replicaCount: 1 ## Configure extra options for Harbor Jobservice containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param jobservice.livenessProbe.enabled Enable livenessProbe on Harbor Jobservice containers ## @param jobservice.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param jobservice.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param jobservice.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param jobservice.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param jobservice.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param jobservice.readinessProbe.enabled Enable readinessProbe on Harbor Jobservice containers ## @param jobservice.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param jobservice.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param jobservice.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param jobservice.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param jobservice.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param jobservice.startupProbe.enabled Enable startupProbe on Harbor Jobservice containers ## @param jobservice.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param jobservice.startupProbe.periodSeconds Period seconds for startupProbe ## @param jobservice.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param jobservice.startupProbe.failureThreshold Failure threshold for startupProbe ## @param jobservice.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param jobservice.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param jobservice.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param jobservice.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Harbor Jobservice resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param jobservice.resources.limits The resources limits for the Harbor Jobservice containers ## @param jobservice.resources.requests The requested resources for the Harbor Jobservice containers ## resources: limits: {} requests: {} ## Configure Harbor Jobservice pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param jobservice.podSecurityContext.enabled Enabled Harbor Jobservice pods' Security Context ## @param jobservice.podSecurityContext.fsGroup Set Harbor Jobservice pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Harbor Jobservice containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param jobservice.containerSecurityContext.enabled Enabled Harbor Jobservice containers' Security Context ## @param jobservice.containerSecurityContext.runAsUser Set Harbor Jobservice containers' Security Context runAsUser ## @param jobservice.containerSecurityContext.runAsNonRoot Set Harbor Jobservice containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param jobservice.updateStrategy.type Harbor Jobservice deployment strategy type - only really applicable for deployments with RWO PVs attached ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will ## terminate the single previous pod, so that the new, incoming pod can attach to the PV ## updateStrategy: type: RollingUpdate ## @param jobservice.lifecycleHooks LifecycleHook for the Harbor Jobservice container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param jobservice.hostAliases Harbor Jobservice pods host aliases ## hostAliases: [] ## @param jobservice.podLabels Add additional labels to the Harbor Jobservice pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param jobservice.podAnnotations Annotations to add to the Harbor Jobservice pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param jobservice.podAffinityPreset Harbor Jobservice Pod affinity preset. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param jobservice.podAntiAffinityPreset Harbor Jobservice Pod anti-affinity preset. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param jobservice.nodeAffinityPreset.type Harbor Jobservice Node affinity preset type. Ignored if `jobservice.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param jobservice.nodeAffinityPreset.key Harbor Jobservice Node label key to match Ignored if `jobservice.affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param jobservice.nodeAffinityPreset.values Harbor Jobservice Node label values to match. Ignored if `jobservice.affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param jobservice.affinity Harbor Jobservice Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: jobservice.podAffinityPreset, jobservice.podAntiAffinityPreset, and jobservice.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param jobservice.nodeSelector Harbor Jobservice Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param jobservice.tolerations Harbor Jobservice Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param jobservice.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param jobservice.priorityClassName Priority Class Name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param jobservice.schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param jobservice.sidecars Add additional sidecar containers to the Harbor Jobservice pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param jobservice.initContainers Add additional init containers to the Harbor Jobservice pods ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param jobservice.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Jobservice pods ## extraVolumeMounts: [] ## @param jobservice.extraVolumes Optionally specify extra list of additional volumes for the Harbor Jobservice pods ## extraVolumes: [] ## @param jobservice.automountServiceAccountToken Automount service account token ## automountServiceAccountToken: false ## Harbor Jobservice service configuration ## service: ## @param jobservice.service.ports.http Harbor Jobservice HTTP service port ## @param jobservice.service.ports.https Harbor Jobservice HTTPS service port ## @param jobservice.service.ports.metrics Harbor Jobservice HTTPS service port ## ports: http: 80 https: 443 metrics: 8001 ## @section Harbor Registry Parameters ## ## Registry Parameters ## registry: ## @param registry.secret Secret is used to secure the upload state from client and registry storage backend. See: ## and registry storage backend. ## See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http ## If a secret key is not specified, Helm will generate one. ## Must be a string of 16 chars. ## secret: "" ## @param registry.existingSecret Existing secret for registry ## The secret must contain the keys: ## `REGISTRY_HTPASSWD` (required), ## `REGISTRY_HTTP_SECRET` (required), ## `REGISTRY_REDIS_PASSWORD` (optional), ## existingSecret: "" ## @param registry.relativeurls Make the registry return relative URLs in Location headers. The client is responsible for resolving the correct URL. ## relativeurls: false ## @param registry.credentials.username The username for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd) ## @param registry.credentials.password The password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see [official docs](https://github.com/docker/distribution/blob/master/docs/configuration.md#htpasswd). It is suggested you update this value before installation. ## @param registry.credentials.htpasswd The content of htpasswd file based on the value of `registry.credentials.username` `registry.credentials.password`. Currently `helm` does not support bcrypt in the template script, if the credential is updated you need to manually generated by calling ## credentials: username: 'harbor_registry_user' password: 'harbor_registry_password' ## If you update the username or password of registry, make sure use cli tool htpasswd to generate the bcrypt hash ## e.g. "htpasswd -nbBC10 $username $password" ## htpasswd: 'harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m' middleware: ## @param registry.middleware.enabled Middleware is used to add support for a CDN between backend storage and `docker pull` recipient. See ## enabled: false ## @param registry.middleware.type CDN type for the middleware ## type: cloudFront ## @param registry.middleware.cloudFront.baseurl CloudFront CDN settings: Base URL ## @param registry.middleware.cloudFront.keypairid CloudFront CDN settings: Keypair ID ## @param registry.middleware.cloudFront.duration CloudFront CDN settings: Duration ## @param registry.middleware.cloudFront.ipfilteredby CloudFront CDN settings: IP filters ## @param registry.middleware.cloudFront.privateKeySecret CloudFront CDN settings: Secret name with the private key ## cloudFront: baseurl: example.cloudfront.net keypairid: KEYPAIRID duration: 3000s ipfilteredby: none ## The secret key that should be present is CLOUDFRONT_KEY_DATA, which should be the encoded private key ## that allows access to CloudFront ## privateKeySecret: 'my-secret' ## Use TLS in the container ## tls: ## @param registry.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ## Requires `internalTLS.enabled` to be set to `true`` ## Self-signed TLS certificates will be used otherwise ## existingSecret: "" ## @param registry.replicaCount Number of Harbor Registry replicas ## replicaCount: 1 ## Configure Harbor Registry pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param registry.podSecurityContext.enabled Enabled Harbor Registry pods' Security Context ## @param registry.podSecurityContext.fsGroup Set Harbor Registry pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## @param registry.updateStrategy.type Harbor Registry deployment strategy type - only really applicable for deployments with RWO PVs attached ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will ## terminate the single previous pod, so that the new, incoming pod can attach to the PV ## updateStrategy: type: RollingUpdate ## @param registry.hostAliases Harbor Registry pods host aliases ## hostAliases: [] ## @param registry.podLabels Add additional labels to the Harbor Registry pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param registry.podAnnotations Annotations to add to the Harbor Registry pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param registry.podAffinityPreset Harbor Registry Pod affinity preset. Ignored if `registry.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param registry.podAntiAffinityPreset Harbor Registry Pod anti-affinity preset. Ignored if `registry.affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param registry.nodeAffinityPreset.type Harbor Registry Node affinity preset type. Ignored if `registry.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param registry.nodeAffinityPreset.key Harbor Registry Node label key to match Ignored if `registry.affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param registry.nodeAffinityPreset.values Harbor Registry Node label values to match. Ignored if `registry.affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param registry.affinity Harbor Registry Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: registry.podAffinityPreset, registry.podAntiAffinityPreset, and registry.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param registry.nodeSelector Harbor Registry Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param registry.tolerations Harbor Registry Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param registry.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param registry.priorityClassName Priority Class Name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param registry.schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param registry.sidecars Add additional sidecar containers to the Harbor Registry pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param registry.initContainers Add additional init containers to the Harbor Registry pods ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param registry.extraVolumes Optionally specify extra list of additional volumes for the Harbor Registry pods ## extraVolumes: [] ## @param registry.automountServiceAccountToken Automount service account token ## automountServiceAccountToken: false ## Harbor Registry main container parameters ## server: readTimeout: 900 # Set higher if needed writeTimeout: 900 # Set higher if needed maxLayerUploadTimeout: 600 ## Bitnami Harbor Registry image ## ref: https://hub.docker.com/r/bitnami/harbor-registry/tags/ ## @param registry.server.image.registry Harbor Registry image registry ## @param registry.server.image.repository Harbor Registry image repository ## @param registry.server.image.tag Harbor Registry image tag (immutable tags are recommended) ## @param registry.server.image.digest Harbor Registry image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param registry.server.image.pullPolicy Harbor Registry image pull policy ## @param registry.server.image.pullSecrets Harbor Registry image pull secrets ## @param registry.server.image.debug Enable Harbor Registry image debug mode ## image: registry: docker.io repository: bitnamilegacy/harbor-registry tag: 2.12.2-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param registry.server.command Override default container command (useful when using custom images) ## command: [] ## @param registry.server.args Override default container args (useful when using custom images) ## args: [] ## @param registry.server.extraEnvVars Array with extra environment variables to add Harbor Registry main containers ## extraEnvVars: [] ## @param registry.server.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Registry main containers ## extraEnvVarsCM: "" ## @param registry.server.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Registry main containers ## extraEnvVarsSecret: "" ## @param registry.server.containerPorts.http Harbor Registry HTTP container port ## @param registry.server.containerPorts.https Harbor Registry HTTPS container port ## @param registry.server.containerPorts.debug Harbor Registry debug container port ## @param registry.server.containerPorts.metrics Harbor Registry metrics container port ## containerPorts: http: 5000 https: 5443 debug: 5001 metrics: 8001 ## Configure extra options for Harbor Registry main containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param registry.server.livenessProbe.enabled Enable livenessProbe on Harbor Registry main containers ## @param registry.server.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param registry.server.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param registry.server.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param registry.server.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param registry.server.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param registry.server.readinessProbe.enabled Enable readinessProbe on Harbor Registry main containers ## @param registry.server.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param registry.server.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param registry.server.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param registry.server.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param registry.server.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param registry.server.startupProbe.enabled Enable startupProbe on Harbor Registry main containers ## @param registry.server.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param registry.server.startupProbe.periodSeconds Period seconds for startupProbe ## @param registry.server.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param registry.server.startupProbe.failureThreshold Failure threshold for startupProbe ## @param registry.server.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param registry.server.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param registry.server.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param registry.server.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Harbor Registry main resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param registry.server.resources.limits The resources limits for the Harbor Registry main containers ## @param registry.server.resources.requests The requested resources for the Harbor Registry main containers ## resources: limits: {} requests: {} ## Configure Harbor Registry main containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param registry.server.containerSecurityContext.enabled Enabled Harbor Registry main containers' Security Context ## @param registry.server.containerSecurityContext.runAsUser Set Harbor Registry main containers' Security Context runAsUser ## @param registry.server.containerSecurityContext.runAsNonRoot Set Harbor Registry main containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param registry.server.lifecycleHooks LifecycleHook for the Harbor Registry main container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param registry.server.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Registry main pods ## extraVolumeMounts: [] ## Harbor Registry service configuration ## service: ## @param registry.server.service.ports.http Harbor Registry HTTP service port ## @param registry.server.service.ports.https Harbor Registry HTTPS service port ## @param registry.server.service.ports.metrics Harbor Registry metrics service port ## ports: http: 5000 https: 5443 metrics: 8001 ## Harbor Registryctl parameters ## controller: ## Bitnami Harbor Registryctl image ## ref: https://hub.docker.com/r/bitnami/harbor-registryctl/tags/ ## @param registry.controller.image.registry Harbor Registryctl image registry ## @param registry.controller.image.repository Harbor Registryctl image repository ## @param registry.controller.image.tag Harbor Registryctl image tag (immutable tags are recommended) ## @param registry.controller.image.digest Harbor Registryctl image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param registry.controller.image.pullPolicy Harbor Registryctl image pull policy ## @param registry.controller.image.pullSecrets Harbor Registryctl image pull secrets ## @param registry.controller.image.debug Enable Harbor Registryctl image debug mode ## image: registry: docker.io repository: bitnamilegacy/harbor-registryctl tag: 2.12.2-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param registry.controller.command Override default container command (useful when using custom images) ## command: [] ## @param registry.controller.args Override default container args (useful when using custom images) ## args: [] ## @param registry.controller.extraEnvVars Array with extra environment variables to add Harbor Registryctl containers ## extraEnvVars: [] ## @param registry.controller.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Registryctl containers ## extraEnvVarsCM: "" ## @param registry.controller.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Registryctl containers ## extraEnvVarsSecret: "" ## @param registry.controller.containerPorts.http Harbor Registryctl HTTP container port ## @param registry.controller.containerPorts.https Harbor Registryctl HTTPS container port ## containerPorts: http: 8080 https: 8443 ## Configure extra options for Harbor Registryctl containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param registry.controller.livenessProbe.enabled Enable livenessProbe on Harbor Registryctl containers ## @param registry.controller.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param registry.controller.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param registry.controller.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param registry.controller.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param registry.controller.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param registry.controller.readinessProbe.enabled Enable readinessProbe on Harbor Registryctl containers ## @param registry.controller.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param registry.controller.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param registry.controller.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param registry.controller.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param registry.controller.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param registry.controller.startupProbe.enabled Enable startupProbe on Harbor Registryctl containers ## @param registry.controller.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param registry.controller.startupProbe.periodSeconds Period seconds for startupProbe ## @param registry.controller.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param registry.controller.startupProbe.failureThreshold Failure threshold for startupProbe ## @param registry.controller.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param registry.controller.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param registry.controller.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param registry.controller.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Harbor Registryctl resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param registry.controller.resources.limits The resources limits for the Harbor Registryctl containers ## @param registry.controller.resources.requests The requested resources for the Harbor Registryctl containers ## resources: limits: {} requests: {} ## Configure Harbor Registryctl containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param registry.controller.containerSecurityContext.enabled Enabled Harbor Registryctl containers' Security Context ## @param registry.controller.containerSecurityContext.runAsUser Set Harbor Registryctl containers' Security Context runAsUser ## @param registry.controller.containerSecurityContext.runAsNonRoot Set Harbor Registryctl containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param registry.controller.lifecycleHooks LifecycleHook for the Harbor Registryctl container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param registry.controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Registryctl pods ## extraVolumeMounts: [] ## Harbor Registryctl service configuration ## service: ## @param registry.controller.service.ports.http Harbor Registryctl HTTP service port ## @param registry.controller.service.ports.https Harbor Registryctl HTTPS service port ## ports: http: 8080 https: 8443 ## @section ChartMuseum Parameters ## chartmuseum: ## Bitnami ChartMuseum image ## ref: https://hub.docker.com/r/bitnami/chartmuseum/tags/ ## @param chartmuseum.image.registry ChartMuseum image registry ## @param chartmuseum.image.repository ChartMuseum image repository ## @param chartmuseum.image.tag ChartMuseum image tag (immutable tags are recommended) ## @param chartmuseum.image.digest ChartMuseum image image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param chartmuseum.image.pullPolicy ChartMuseum image pull policy ## @param chartmuseum.image.pullSecrets ChartMuseum image pull secrets ## @param chartmuseum.image.debug Enable ChartMuseum image debug mode ## image: registry: docker.io repository: bitnamilegacy/chartmuseum # tag: 0.15.0-debian-11-r99 tag: latest digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param chartmuseum.enabled Enable ChartMuseum ## enabled: false ## @param chartmuseum.useRedisCache Specify if ChartMuseum will use redis cache ## useRedisCache: false ## Set the absolute URL to access the chartmuseum repository and the endpoint where it will be available. ## @param chartmuseum.absoluteUrl Specify an absolute URL for ChartMuseum registry ## @param chartmuseum.chartRepoName Specify the endpoint for the chartmuseum registry. Only applicable if `chartmuseum.absoluteUrl` is `true` ## absoluteUrl: false chartRepoName: 'chartsRepo' ## @param chartmuseum.depth Support for multitenancy. More info [here](https://chartmuseum.com/docs/#multitenancy) ## depth: 1 ## @param chartmuseum.logJson Print logs on JSON format ## logJson: false ## @param chartmuseum.disableMetrics Disable prometheus metrics exposure ## disableMetrics: false ## @param chartmuseum.disableApi Disable all the routes prefixed with `/api` ## disableApi: false ## @param chartmuseum.disableStatefiles Disable use of index-cache.yaml ## disableStatefiles: false ## @param chartmuseum.allowOverwrite Allow chart versions to be re-uploaded without force querystring ## allowOverwrite: true ## @param chartmuseum.anonymousGet Allow anonymous GET operations ## anonymousGet: false ## Optional parameters for ChartMuseum not used by default. ## ref: https://chartmuseum.com/docs/#other-cli-options ## @param chartmuseum.contextPath Set the base context path for ChartMuseum ## @param chartmuseum.indexLimit Limit the number of parallels indexes for ChartMuseum ## @param chartmuseum.chartPostFormFieldName Form field which will be queried for the chart file content ## @param chartmuseum.provPostFormFieldName Form field which will be queried for the provenance file content ## @param chartmuseum.maxStorageObjects Maximum storage objects ## @param chartmuseum.maxUploadSize Maximum upload size ## @param chartmuseum.storageTimestampTolerance Timestamp tolerance size ## contextPath: "" indexLimit: "" chartPostFormFieldName: "" provPostFormFieldName: "" maxStorageObjects: "" maxUploadSize: "" storageTimestampTolerance: "1s" ## Use TLS in the container ## tls: ## @param chartmuseum.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ## Requires `internalTLS.enabled` to be set to `true`` ## Self-signed TLS certificates will be used otherwise ## existingSecret: "" ## @param chartmuseum.command Override default container command (useful when using custom images) ## command: [] ## @param chartmuseum.args Override default container args (useful when using custom images) ## args: [] ## @param chartmuseum.extraEnvVars Array with extra environment variables to add Chartmuseum pods ## extraEnvVars: [] ## @param chartmuseum.extraEnvVarsCM ConfigMap containing extra environment variables for Chartmuseum pods ## extraEnvVarsCM: "" ## @param chartmuseum.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Chartmuseum pods ## extraEnvVarsSecret: "" ## @param chartmuseum.containerPorts.http Chartmuseum HTTP container port ## @param chartmuseum.containerPorts.https Chartmuseum HTTPS container port ## containerPorts: http: 9999 https: 9443 ## @param chartmuseum.replicaCount Number of Chartmuseum replicas ## replicaCount: 1 ## Configure extra options for Chartmuseum containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param chartmuseum.livenessProbe.enabled Enable livenessProbe on Chartmuseum containers ## @param chartmuseum.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param chartmuseum.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param chartmuseum.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param chartmuseum.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param chartmuseum.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param chartmuseum.readinessProbe.enabled Enable readinessProbe on Chartmuseum containers ## @param chartmuseum.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param chartmuseum.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param chartmuseum.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param chartmuseum.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param chartmuseum.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param chartmuseum.startupProbe.enabled Enable startupProbe on Chartmuseum containers ## @param chartmuseum.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param chartmuseum.startupProbe.periodSeconds Period seconds for startupProbe ## @param chartmuseum.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param chartmuseum.startupProbe.failureThreshold Failure threshold for startupProbe ## @param chartmuseum.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param chartmuseum.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param chartmuseum.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param chartmuseum.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Chartmuseum resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param chartmuseum.resources.limits The resources limits for the Chartmuseum containers ## @param chartmuseum.resources.requests The requested resources for the Chartmuseum containers ## resources: limits: {} requests: {} ## Configure Chartmuseum pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param chartmuseum.podSecurityContext.enabled Enabled Chartmuseum pods' Security Context ## @param chartmuseum.podSecurityContext.fsGroup Set Chartmuseum pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Chartmuseum containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param chartmuseum.containerSecurityContext.enabled Enabled Chartmuseum containers' Security Context ## @param chartmuseum.containerSecurityContext.runAsUser Set Chartmuseum containers' Security Context runAsUser ## @param chartmuseum.containerSecurityContext.runAsNonRoot Set Chartmuseum containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param chartmuseum.updateStrategy.type Chartmuseum deployment strategy type - only really applicable for deployments with RWO PVs attached ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will ## terminate the single previous pod, so that the new, incoming pod can attach to the PV ## updateStrategy: type: RollingUpdate ## @param chartmuseum.lifecycleHooks LifecycleHook for the Chartmuseum container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param chartmuseum.hostAliases Chartmuseum pods host aliases ## hostAliases: [] ## @param chartmuseum.podLabels Add additional labels to the Chartmuseum pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param chartmuseum.podAnnotations Annotations to add to the Chartmuseum pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param chartmuseum.podAffinityPreset Chartmuseum Pod affinity preset. Ignored if `chartmuseum.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param chartmuseum.podAntiAffinityPreset Chartmuseum Pod anti-affinity preset. Ignored if `chartmuseum.affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param chartmuseum.nodeAffinityPreset.type Chartmuseum Node affinity preset type. Ignored if `chartmuseum.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param chartmuseum.nodeAffinityPreset.key Chartmuseum Node label key to match Ignored if `chartmuseum.affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param chartmuseum.nodeAffinityPreset.values Chartmuseum Node label values to match. Ignored if `chartmuseum.affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param chartmuseum.affinity Chartmuseum Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: chartmuseum.podAffinityPreset, chartmuseum.podAntiAffinityPreset, and chartmuseum.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param chartmuseum.nodeSelector Chartmuseum Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param chartmuseum.tolerations Chartmuseum Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param chartmuseum.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param chartmuseum.priorityClassName Priority Class Name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param chartmuseum.schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param chartmuseum.sidecars Add additional sidecar containers to the Chartmuseum pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param chartmuseum.initContainers Add additional init containers to the Chartmuseum pods ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param chartmuseum.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Chartmuseum pods ## extraVolumeMounts: [] ## @param chartmuseum.extraVolumes Optionally specify extra list of additional volumes for the Chartmuseum pods ## extraVolumes: [] ## @param chartmuseum.automountServiceAccountToken Automount service account token ## automountServiceAccountToken: false ## Chartmuseum service configuration ## service: ## @param chartmuseum.service.ports.http Chartmuseum HTTP service port ## @param chartmuseum.service.ports.https Chartmuseum HTTPS service port ## ports: http: 80 https: 443 ## @section Notary Parameters ## ## Notary Parameters ## notary: ## @param notary.enabled Enable Notary ## enabled: false ## @param notary.secretName Fill the name of a kubernetes secret if you want to use your own TLS certificate authority, certificate and private key for notary communications. The secret must contain keys named `notary-signer-ca.crt`, `notary-signer.key` and `notary-signer.crt` that contain the CA, certificate and private key. They will be generated if not set. ## TLS certificate authority, certificate and private key for notary ## communications. ## The secret must contain keys named ca.crt, tls.crt and tls.key that ## contain the CA, certificate and private key. ## They will be generated if not set. ## secretName: "" server: ## Bitnami Harbor Notary Server image ## ref: https://hub.docker.com/r/bitnami/harbor-notary-server/tags/ ## @param notary.server.image.registry Harbor Notary Server image registry ## @param notary.server.image.repository Harbor Notary Server image repository ## @param notary.server.image.tag Harbor Notary Server image tag (immutable tags are recommended) ## @param notary.server.image.digest Notary Server image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param notary.server.image.pullPolicy Harbor Notary Server image pull policy ## @param notary.server.image.pullSecrets Harbor Notary Server image pull secrets ## @param notary.server.image.debug Enable Harbor Notary Server image debug mode ## image: registry: docker.io repository: bitnamilegacy/harbor-notary-server # tag: 2.8.1-debian-11-r0 tag: latest digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param notary.server.command Override default container command (useful when using custom images) ## command: [] ## @param notary.server.args Override default container args (useful when using custom images) ## args: [] ## @param notary.server.extraEnvVars Array with extra environment variables to add Harbor Notary Server pods ## extraEnvVars: [] ## @param notary.server.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Notary Server pods ## extraEnvVarsCM: "" ## @param notary.server.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Notary Server pods ## extraEnvVarsSecret: "" ## @param notary.server.containerPorts.server Harbor Notary Server container port ## containerPorts: server: 4443 ## @param notary.server.replicaCount Number of Harbor Notary Server replicas ## replicaCount: 1 ## Configure extra options for Harbor Notary Server containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param notary.server.livenessProbe.enabled Enable livenessProbe on Harbor Notary Server containers ## @param notary.server.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param notary.server.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param notary.server.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param notary.server.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param notary.server.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param notary.server.readinessProbe.enabled Enable readinessProbe on Harbor Notary Server containers ## @param notary.server.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param notary.server.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param notary.server.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param notary.server.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param notary.server.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param notary.server.startupProbe.enabled Enable startupProbe on Harbor Notary Server containers ## @param notary.server.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param notary.server.startupProbe.periodSeconds Period seconds for startupProbe ## @param notary.server.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param notary.server.startupProbe.failureThreshold Failure threshold for startupProbe ## @param notary.server.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param notary.server.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param notary.server.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param notary.server.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Harbor Notary Server resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param notary.server.resources.limits The resources limits for the Harbor Notary Server containers ## @param notary.server.resources.requests The requested resources for the Harbor Notary Server containers ## resources: limits: {} requests: {} ## Configure Harbor Notary Server pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param notary.server.podSecurityContext.enabled Enabled Harbor Notary Server pods' Security Context ## @param notary.server.podSecurityContext.fsGroup Set Harbor Notary Server pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Harbor Notary Server containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param notary.server.containerSecurityContext.enabled Enabled Harbor Notary Server containers' Security Context ## @param notary.server.containerSecurityContext.runAsUser Set Harbor Notary Server containers' Security Context runAsUser ## @param notary.server.containerSecurityContext.runAsNonRoot Set Harbor Notary Server containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param notary.server.updateStrategy.type Harbor Notary Server deployment strategy type - only really applicable for deployments with RWO PVs attached ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will ## terminate the single previous pod, so that the new, incoming pod can attach to the PV ## updateStrategy: type: RollingUpdate ## @param notary.server.lifecycleHooks LifecycleHook for the Harbor Notary Server container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param notary.server.hostAliases Harbor Notary Server pods host aliases ## hostAliases: [] ## @param notary.server.podLabels Add additional labels to the Harbor Notary Server pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param notary.server.podAnnotations Annotations to add to the Harbor Notary Server pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param notary.server.podAffinityPreset Harbor Notary Server Pod affinity preset. Ignored if `notary.server.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param notary.server.podAntiAffinityPreset Harbor Notary Server Pod anti-affinity preset. Ignored if `notary.server.affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param notary.server.nodeAffinityPreset.type Harbor Notary Server Node affinity preset type. Ignored if `notary.server.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param notary.server.nodeAffinityPreset.key Harbor Notary Server Node label key to match Ignored if `notary.server.affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param notary.server.nodeAffinityPreset.values Harbor Notary Server Node label values to match. Ignored if `notary.server.affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param notary.server.affinity Harbor Notary Server Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: notary.server.podAffinityPreset, notary.server.podAntiAffinityPreset, and notary.server.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param notary.server.nodeSelector Harbor Notary Server Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param notary.server.tolerations Harbor Notary Server Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param notary.server.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param notary.server.priorityClassName Priority Class Name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param notary.server.schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param notary.server.sidecars Add additional sidecar containers to the Harbor Notary Server pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param notary.server.initContainers Add additional init containers to the Harbor Notary Server pods ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param notary.server.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Notary Server pods ## extraVolumeMounts: [] ## @param notary.server.extraVolumes Optionally specify extra list of additional volumes for the Harbor Notary Server pods ## extraVolumes: [] ## @param notary.server.automountServiceAccountToken Automount service account token ## automountServiceAccountToken: false signer: ## Bitnami Harbor Notary Signer image ## ref: https://hub.docker.com/r/bitnami/harbor-notary-signer/tags/ ## @param notary.signer.image.registry Harbor Notary Signer image registry ## @param notary.signer.image.repository Harbor Notary Signer image repository ## @param notary.signer.image.tag Harbor Notary Signer image tag (immutable tags are recommended) ## @param notary.signer.image.digest Harbor Notary Signer image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param notary.signer.image.pullPolicy Harbor Notary Signer image pull policy ## @param notary.signer.image.pullSecrets Harbor Notary Signer image pull secrets ## @param notary.signer.image.debug Enable Harbor Notary Signer image debug mode ## image: registry: docker.io repository: bitnamilegacy/harbor-notary-signer # tag: 2.8.1-debian-11-r0 tag: latest digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param notary.signer.command Override default container command (useful when using custom images) ## command: [] ## @param notary.signer.args Override default container args (useful when using custom images) ## args: [] ## @param notary.signer.extraEnvVars Array with extra environment variables to add Harbor Notary Signer pods ## extraEnvVars: [] ## @param notary.signer.extraEnvVarsCM ConfigMap containing extra environment variables for Harbor Notary Signer pods ## extraEnvVarsCM: "" ## @param notary.signer.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Harbor Notary Signer pods ## extraEnvVarsSecret: "" ## @param notary.signer.containerPorts.signer Harbor Notary Signer container port ## containerPorts: signer: 7899 ## @param notary.signer.replicaCount Number of Harbor Notary Signer replicas ## replicaCount: 1 ## Configure extra options for Harbor Notary Signer containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param notary.signer.livenessProbe.enabled Enable livenessProbe on Harbor Notary Signer containers ## @param notary.signer.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param notary.signer.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param notary.signer.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param notary.signer.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param notary.signer.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param notary.signer.readinessProbe.enabled Enable readinessProbe on Harbor Notary Signer containers ## @param notary.signer.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param notary.signer.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param notary.signer.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param notary.signer.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param notary.signer.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param notary.signer.startupProbe.enabled Enable startupProbe on Harbor Notary Signer containers ## @param notary.signer.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param notary.signer.startupProbe.periodSeconds Period seconds for startupProbe ## @param notary.signer.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param notary.signer.startupProbe.failureThreshold Failure threshold for startupProbe ## @param notary.signer.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param notary.signer.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param notary.signer.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param notary.signer.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Harbor Notary Signer resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param notary.signer.resources.limits The resources limits for the Harbor Notary Signer containers ## @param notary.signer.resources.requests The requested resources for the Harbor Notary Signer containers ## resources: limits: {} requests: {} ## Configure Harbor Notary Signer pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param notary.signer.podSecurityContext.enabled Enabled Harbor Notary Signer pods' Security Context ## @param notary.signer.podSecurityContext.fsGroup Set Harbor Notary Signer pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Harbor Notary Signer containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param notary.signer.containerSecurityContext.enabled Enabled Harbor Notary Signer containers' Security Context ## @param notary.signer.containerSecurityContext.runAsUser Set Harbor Notary Signer containers' Security Context runAsUser ## @param notary.signer.containerSecurityContext.runAsNonRoot Set Harbor Notary Signer containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param notary.signer.updateStrategy.type Harbor Notary Signer deployment strategy type - only really applicable for deployments with RWO PVs attached ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will ## terminate the single previous pod, so that the new, incoming pod can attach to the PV ## updateStrategy: type: RollingUpdate ## @param notary.signer.lifecycleHooks LifecycleHook for the Harbor Notary Signer container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param notary.signer.hostAliases Harbor Notary Signer pods host aliases ## hostAliases: [] ## @param notary.signer.podLabels Add additional labels to the Harbor Notary Signer pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param notary.signer.podAnnotations Annotations to add to the Harbor Notary Signer pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param notary.signer.podAffinityPreset Harbor Notary Signer Pod affinity preset. Ignored if `notary.signer.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param notary.signer.podAntiAffinityPreset Harbor Notary Signer Pod anti-affinity preset. Ignored if `notary.signer.affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param notary.signer.nodeAffinityPreset.type Harbor Notary Signer Node affinity preset type. Ignored if `notary.signer.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param notary.signer.nodeAffinityPreset.key Harbor Notary Signer Node label key to match Ignored if `notary.signer.affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param notary.signer.nodeAffinityPreset.values Harbor Notary Signer Node label values to match. Ignored if `notary.signer.affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param notary.signer.affinity Harbor Notary Signer Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: notary.signer.podAffinityPreset, notary.signer.podAntiAffinityPreset, and notary.signer.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param notary.signer.nodeSelector Harbor Notary Signer Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param notary.signer.tolerations Harbor Notary Signer Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param notary.signer.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param notary.signer.priorityClassName Priority Class Name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param notary.signer.schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param notary.signer.sidecars Add additional sidecar containers to the Harbor Notary Signer pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param notary.signer.initContainers Add additional init containers to the Harbor Notary Signer pods ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param notary.signer.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Harbor Notary Signer pods ## extraVolumeMounts: [] ## @param notary.signer.extraVolumes Optionally specify extra list of additional volumes for the Harbor Notary Signer pods ## extraVolumes: [] ## @param notary.signer.automountServiceAccountToken Automount service account token ## automountServiceAccountToken: false ## Harbor Notary service configuration ## service: ## @param notary.service.ports.server Harbor Notary server service port ## @param notary.service.ports.signer Harbor Notary signer service port ## ports: server: 4443 signer: 7899 ## @section Harbor Adapter Trivy Parameters ## trivy: ## Bitnami Harbor Adapter Trivy image ## ref: https://hub.docker.com/r/bitnami/harbor-adapter-trivy/tags/ ## @param trivy.image.registry Harbor Adapter Trivy image registry ## @param trivy.image.repository Harbor Adapter Trivy image repository ## @param trivy.image.tag Harbor Adapter Trivy image tag (immutable tags are recommended) ## @param trivy.image.digest Harbor Adapter Trivy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param trivy.image.pullPolicy Harbor Adapter Trivy image pull policy ## @param trivy.image.pullSecrets Harbor Adapter Trivy image pull secrets ## @param trivy.image.debug Enable Harbor Adapter Trivy image debug mode ## image: registry: docker.io repository: bitnamilegacy/harbor-adapter-trivy tag: 2.12.2-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param trivy.enabled Enable Trivy ## enabled: true ## @param trivy.debugMode The flag to enable Trivy debug mode ## debugMode: false ## @param trivy.vulnType Comma-separated list of vulnerability types. Possible values `os` and `library`. ## vulnType: 'os,library' ## @param trivy.severity Comma-separated list of severities to be checked ## severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' ## @param trivy.ignoreUnfixed The flag to display only fixed vulnerabilities ## ignoreUnfixed: false ## @param trivy.insecure The flag to skip verifying registry certificate ## insecure: true ## @param trivy.gitHubToken The GitHub access token to download Trivy DB ## ## Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases. ## It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached ## in the local file system (`/home/scanner/.cache/trivy/db/trivy.db`). In addition, the database contains the update ## timestamp so Trivy can detect whether it should download a newer version from the Internet or use the cached one. ## Currently, the database is updated every 12 hours and published as a new release to GitHub. ## ## Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough ## for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000 ## requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult ## https://developer.github.com/v3/#rate-limiting ## ## You can create a GitHub token by following the instructions in ## https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line ## gitHubToken: "" ## @param trivy.skipUpdate The flag to disable Trivy DB downloads from GitHub ## You might want to set the value of this flag to `true` in test or CI/CD environments to avoid GitHub rate limiting issues. ## If the value is set to `true` you have to manually download the `trivy.db` file and mount it in the ## `/home/scanner/.cache/trivy/db/trivy.db` path. ## skipUpdate: false ## @param trivy.cacheDir Directory to store the cache ## cacheDir: '/bitnami/harbor-adapter-trivy/.cache' ## Use TLS in the container ## tls: ## @param trivy.tls.existingSecret Name of an existing secret with the certificates for internal TLS access ## Requires `internalTLS.enabled` to be set to `true`` ## Self-signed TLS certificates will be used otherwise ## existingSecret: "" ## @param trivy.command Override default container command (useful when using custom images) ## command: [] ## @param trivy.args Override default container args (useful when using custom images) ## args: [] ## @param trivy.extraEnvVars Array with extra environment variables to add Trivy pods ## extraEnvVars: [] ## @param trivy.extraEnvVarsCM ConfigMap containing extra environment variables for Trivy pods ## extraEnvVarsCM: "" ## @param trivy.extraEnvVarsSecret Secret containing extra environment variables (in case of sensitive data) for Trivy pods ## extraEnvVarsSecret: "" ## @param trivy.containerPorts.http Trivy HTTP container port ## @param trivy.containerPorts.https Trivy HTTPS container port ## containerPorts: http: 8080 https: 8443 ## @param trivy.replicaCount Number of Trivy replicas ## replicaCount: 1 ## Configure extra options for Trivy containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param trivy.livenessProbe.enabled Enable livenessProbe on Trivy containers ## @param trivy.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param trivy.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param trivy.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param trivy.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param trivy.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param trivy.readinessProbe.enabled Enable readinessProbe on Trivy containers ## @param trivy.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param trivy.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param trivy.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param trivy.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param trivy.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param trivy.startupProbe.enabled Enable startupProbe on Trivy containers ## @param trivy.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param trivy.startupProbe.periodSeconds Period seconds for startupProbe ## @param trivy.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param trivy.startupProbe.failureThreshold Failure threshold for startupProbe ## @param trivy.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param trivy.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param trivy.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param trivy.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Trivy resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param trivy.resources.limits [object] The resources limits for the Trivy containers ## @param trivy.resources.requests [object] The requested resources for the Trivy containers ## resources: requests: cpu: 200m memory: 512Mi limits: cpu: 1 memory: 1Gi ## Configure Trivy pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param trivy.podSecurityContext.enabled Enabled Trivy pods' Security Context ## @param trivy.podSecurityContext.fsGroup Set Trivy pod's Security Context fsGroup ## podSecurityContext: enabled: false fsGroup: 1001 ## Configure Trivy containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param trivy.containerSecurityContext.enabled Enabled Trivy containers' Security Context ## @param trivy.containerSecurityContext.runAsUser Set Trivy containers' Security Context runAsUser ## @param trivy.containerSecurityContext.runAsNonRoot Set Trivy containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: false runAsUser: 1001 runAsNonRoot: true ## @param trivy.updateStrategy.type Trivy deployment strategy type - only really applicable for deployments with RWO PVs attached ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will ## terminate the single previous pod, so that the new, incoming pod can attach to the PV ## updateStrategy: type: RollingUpdate ## @param trivy.lifecycleHooks LifecycleHook for the Trivy container(s) to automate configuration before or after startup ## lifecycleHooks: {} ## @param trivy.hostAliases Trivy pods host aliases ## hostAliases: [] ## @param trivy.podLabels Add additional labels to the Trivy pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param trivy.podAnnotations Annotations to add to the Trivy pods (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param trivy.podAffinityPreset Trivy Pod affinity preset. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param trivy.podAntiAffinityPreset Trivy Pod anti-affinity preset. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param trivy.nodeAffinityPreset.type Trivy Node affinity preset type. Ignored if `trivy.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param trivy.nodeAffinityPreset.key Trivy Node label key to match Ignored if `trivy.affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param trivy.nodeAffinityPreset.values Trivy Node label values to match. Ignored if `trivy.affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param trivy.affinity Trivy Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: trivy.podAffinityPreset, trivy.podAntiAffinityPreset, and trivy.nodeAffinityPreset will be ignored when it's set ## affinity: {} ## @param trivy.nodeSelector Trivy Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param trivy.tolerations Trivy Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param trivy.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param trivy.priorityClassName Priority Class Name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param trivy.schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param trivy.sidecars Add additional sidecar containers to the Trivy pods ## Example: ## sidecars: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## sidecars: [] ## @param trivy.initContainers Add additional init containers to the Trivy pods ## Example: ## initContainers: ## - name: your-image-name ## image: your-image ## imagePullPolicy: Always ## ports: ## - name: portname ## containerPort: 1234 ## initContainers: [] ## @param trivy.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Trivy pods ## extraVolumeMounts: [] ## @param trivy.extraVolumes Optionally specify extra list of additional volumes for the Trivy pods ## extraVolumes: [] ## @param trivy.automountServiceAccountToken Automount service account token ## automountServiceAccountToken: false ## Trivy service configuration ## service: ## @param trivy.service.ports.http Trivy HTTP service port ## @param trivy.service.ports.https Trivy HTTPS service port ## ports: http: 8080 https: 8443 ## @section Harbor Exporter Parameters ## exporter: ## Bitnami Harbor Exporter image ## ref: https://hub.docker.com/r/bitnami/harbor-exporter/tags/ ## @param exporter.image.registry Harbor Exporter image registry ## @param exporter.image.repository Harbor Exporter image repository ## @param exporter.image.tag Harbor Exporter image tag ## @param exporter.image.digest Harbor Exporter image image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## @param exporter.image.pullPolicy Harbor exporter image pull policy ## @param exporter.image.pullSecrets Specify docker-registry secret names as an array ## @param exporter.image.debug Specify if debug logs should be enabled ## image: registry: docker.io repository: bitnamilegacy/harbor-exporter tag: 2.12.2-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## e.g: ## pullSecrets: ## - myRegistryKeySecretName ## pullSecrets: [] ## Enable debug mode ## debug: false ## @param exporter.command Override default container command (useful when using custom images) ## command: [] ## @param exporter.args Override default container args (useful when using custom images) ## args: [] ## @param exporter.extraEnvVars Array containing extra env vars ## For example: ## - name: HARBOR_DATABASE_SSLMODE ## value: verify-ca ## extraEnvVars: [] ## @param exporter.extraEnvVarsCM ConfigMap containing extra env vars ## extraEnvVarsCM: "" ## @param exporter.extraEnvVarsSecret Secret containing extra env vars (in case of sensitive data) ## extraEnvVarsSecret: "" ## @param exporter.containerPorts.metrics Harbor Exporter HTTP container port ## containerPorts: metrics: 8001 ## @param exporter.replicaCount The replica count ## replicaCount: 1 ## Harbor Exporter containers' liveness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param exporter.livenessProbe.enabled Enable livenessProbe ## @param exporter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe ## @param exporter.livenessProbe.periodSeconds Period seconds for livenessProbe ## @param exporter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe ## @param exporter.livenessProbe.failureThreshold Failure threshold for livenessProbe ## @param exporter.livenessProbe.successThreshold Success threshold for livenessProbe ## livenessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## Harbor Exporter containers' readiness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param exporter.readinessProbe.enabled Enable readinessProbe ## @param exporter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param exporter.readinessProbe.periodSeconds Period seconds for readinessProbe ## @param exporter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe ## @param exporter.readinessProbe.failureThreshold Failure threshold for readinessProbe ## @param exporter.readinessProbe.successThreshold Success threshold for readinessProbe ## readinessProbe: enabled: true initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1 ## @param exporter.startupProbe.enabled Enable startupProbe on Harbor Exporter containers ## @param exporter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe ## @param exporter.startupProbe.periodSeconds Period seconds for startupProbe ## @param exporter.startupProbe.timeoutSeconds Timeout seconds for startupProbe ## @param exporter.startupProbe.failureThreshold Failure threshold for startupProbe ## @param exporter.startupProbe.successThreshold Success threshold for startupProbe ## startupProbe: enabled: false initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 15 successThreshold: 1 ## @param exporter.customLivenessProbe Custom livenessProbe that overrides the default one ## customLivenessProbe: {} ## @param exporter.customReadinessProbe Custom readinessProbe that overrides the default one ## customReadinessProbe: {} ## @param exporter.customStartupProbe Custom startupProbe that overrides the default one ## customStartupProbe: {} ## Harbor Exporter resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## @param exporter.resources.limits The resources limits for the Harbor Exporter containers ## @param exporter.resources.requests The requested resources for the Harbor Exporter containers ## resources: limits: {} requests: {} ## Configure Exporter pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param exporter.podSecurityContext.enabled Enabled Exporter pods' Security Context ## @param exporter.podSecurityContext.fsGroup Set Exporter pod's Security Context fsGroup ## podSecurityContext: enabled: true fsGroup: 1001 ## Configure Exporter containers (only main one) Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param exporter.containerSecurityContext.enabled Enabled Exporter containers' Security Context ## @param exporter.containerSecurityContext.runAsUser Set Exporter containers' Security Context runAsUser ## @param exporter.containerSecurityContext.runAsNonRoot Set Exporter containers' Security Context runAsNonRoot ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true ## @param exporter.updateStrategy.type The update strategy for deployments with persistent volumes: RollingUpdate or Recreate. Set it as Recreate when RWM for volumes isn't supported ## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the ## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will ## terminate the single previous pod, so that the new, incoming pod can attach to the PV ## updateStrategy: type: RollingUpdate ## @param exporter.lifecycleHooks LifecycleHook to set additional configuration at startup, e.g. LDAP settings via REST API. Evaluated as a template ## lifecycleHooks: {} ## @param exporter.hostAliases Exporter pods host aliases ## hostAliases: [] ## @param exporter.podLabels Add additional labels to the pod (evaluated as a template) ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} ## @param exporter.podAnnotations Annotations to add to the exporter pod ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ ## podAnnotations: {} ## @param exporter.podAffinityPreset Harbor Exporter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAffinityPreset: "" ## @param exporter.podAntiAffinityPreset Harbor Exporter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## podAntiAffinityPreset: soft ## Node affinity preset ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity ## nodeAffinityPreset: ## @param exporter.nodeAffinityPreset.type Harbor Exporter Node affinity preset type. Ignored if `exporter.affinity` is set. Allowed values: `soft` or `hard` ## type: "" ## @param exporter.nodeAffinityPreset.key Harbor Exporter Node label key to match Ignored if `exporter.affinity` is set. ## E.g. ## key: "kubernetes.io/e2e-az-name" ## key: "" ## @param exporter.nodeAffinityPreset.values Harbor Exporter Node label values to match. Ignored if `exporter.affinity` is set. ## E.g. ## values: ## - e2e-az1 ## - e2e-az2 ## values: [] ## @param exporter.affinity Harbor Exporter Affinity for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## Note: `exporter.podAffinityPreset`, `exporter.podAntiAffinityPreset`, and `exporter.nodeAffinityPreset` will be ignored when it's set ## affinity: {} ## @param exporter.priorityClassName Exporter pods Priority Class Name ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass ## priorityClassName: "" ## @param exporter.schedulerName Name of the k8s scheduler (other than default) ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## schedulerName: "" ## @param exporter.serviceAccountName Name of the serviceAccountName for Harbor Exporter pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## serviceAccountName: "" ## @param exporter.nodeSelector Harbor Exporter Node labels for pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## nodeSelector: {} ## @param exporter.tolerations Harbor Exporter Tolerations for pod assignment ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] ## @param exporter.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods ## topologySpreadConstraints: [] ## @param exporter.initContainers Add additional init containers to the pod (evaluated as a template) ## initContainers: [] ## @param exporter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Chartmuseum pods ## extraVolumeMounts: [] ## @param exporter.extraVolumes Optionally specify extra list of additional volumes for the Chartmuseum pods ## extraVolumes: [] ## @param exporter.sidecars Attach additional containers to the pod (evaluated as a template) ## sidecars: [] ## @param exporter.automountServiceAccountToken Automount service account token ## automountServiceAccountToken: false ## Exporter service configuration ## service: ## @param exporter.service.ports.metrics Exporter HTTP service port ## ports: metrics: 8001 ## @section PostgreSQL Parameters ## ## PostgreSQL chart configuration ## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml ## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart ## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user ## @param postgresql.auth.postgresPassword Password for the "postgres" admin user ## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials ## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`) ## @param postgresql.primary.extendedConfiguration Extended PostgreSQL Primary configuration (appended to main or default configuration) ## @param postgresql.primary.initdb.scripts [object] Initdb scripts to create Harbor databases ## postgresql: enabled: false ## Override PostgreSQL default image as 14.x is not supported https://goharbor.io/docs/2.4.0/install-config/ ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql ## @param postgresql.image.registry PostgreSQL image registry ## @param postgresql.image.repository PostgreSQL image repository ## @param postgresql.image.tag PostgreSQL image tag (immutable tags are recommended) ## @param postgresql.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag ## image: registry: docker.io repository: bitnamilegacy/postgresql # tag: 13.15.0-debian-12-r2 tag: 14.16.0-debian-12-r4 digest: "" auth: enablePostgresUser: true postgresPassword: harbor existingSecret: "" architecture: standalone primary: extendedConfiguration: | max_connections = 1024 initdb: scripts: initial-notaryserver.sql: | CREATE DATABASE notaryserver; CREATE USER server; alter user server with encrypted password 'password'; GRANT ALL PRIVILEGES ON DATABASE notaryserver TO server; initial-notarysigner.sql: | CREATE DATABASE notarysigner; CREATE USER signer; alter user signer with encrypted password 'password'; GRANT ALL PRIVILEGES ON DATABASE notarysigner TO signer; initial-registry.sql: | CREATE DATABASE registry ENCODING 'UTF8'; \c registry; CREATE TABLE schema_migrations(version bigint not null primary key, dirty boolean not null); ## External PostgreSQL configuration ## All of these values are only used when postgresql.enabled is set to false ## @param externalDatabase.host Database host ## @param externalDatabase.port Database port number ## @param externalDatabase.user Non-root username for Harbor ## @param externalDatabase.password Password for the non-root username for Harbor ## @param externalDatabase.sslmode External database ssl mode ## @param externalDatabase.coreDatabase External database name for core ## @param externalDatabase.notaryServerDatabase External database name for notary server ## @param externalDatabase.notaryServerUsername External database username for notary server ## @param externalDatabase.notaryServerPassword External database password for notary server ## @param externalDatabase.notarySignerDatabase External database name for notary signer ## @param externalDatabase.notarySignerUsername External database username for notary signer ## @param externalDatabase.notarySignerPassword External database password for notary signer ## externalDatabase: host: postgres13.postgres.svc.cluster.local # host: 192.168.2.235 port: 5432 user: harbor password: "harbor" sslmode: disable coreDatabase: "harbor" notaryServerDatabase: "harbor" notaryServerUsername: "harbor" notaryServerPassword: "harbor" notarySignerDatabase: "harbor" notarySignerUsername: "harbor" notarySignerPassword: "harbor" ## @section Redis® parameters ## ## Redis® chart configuration ## ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml ## @param redis.enabled Switch to enable or disable the Redis® helm ## @param redis.auth.enabled Enable password authentication ## @param redis.auth.password Redis® password ## @param redis.auth.existingSecret The name of an existing secret with Redis® credentials ## @param redis.architecture Redis® architecture. Allowed values: `standalone` or `replication` ## @param redis.sentinel.enabled Use Redis® Sentinel on Redis® pods. ## @param redis.sentinel.masterSet Master set name ## @param redis.sentinel.service.ports.sentinel Redis® service port for Redis® Sentinel ## redis: enabled: false storageClass: "" auth: enabled: true ## Redis® password (both master and slave). Defaults to a random 10-character alphanumeric string if not set and auth.enabled is true. ## It should always be set using the password value or in the existingSecret to avoid issues ## with Harbor. ## The password value is ignored if existingSecret is set ## password: "Redis01" existingSecret: "" architecture: standalone sentinel: enabled: false masterSet: mymaster service: ports: sentinel: 26379 ## External Redis® configuration ## All of these values are only used when redis.enabled is set to false ## @param externalRedis.host Redis® host ## @param externalRedis.port Redis® port number ## @param externalRedis.password Redis® password ## @param externalRedis.coreDatabaseIndex Index for core database ## @param externalRedis.jobserviceDatabaseIndex Index for jobservice database ## @param externalRedis.registryDatabaseIndex Index for registry database ## @param externalRedis.chartmuseumDatabaseIndex Index for chartmuseum database ## @param externalRedis.trivyAdapterDatabaseIndex Index for chartmuseum database ## externalRedis: host: 192.168.2.182 # host: 192.168.2.221 port: 6379 password: "Redis01@" coreDatabaseIndex: '0' jobserviceDatabaseIndex: '1' registryDatabaseIndex: '2' chartmuseumDatabaseIndex: '3' trivyAdapterDatabaseIndex: '5' ## Redis® sentinel configuration ## @param externalRedis.sentinel.enabled If external redis with sentinal is used, set it to `true` ## @param externalRedis.sentinel.masterSet Name of sentinel masterSet if sentinel is used ## @param externalRedis.sentinel.hosts Sentinel hosts and ports in the format ## sentinel: enabled: false masterSet: 'mymaster' hosts: "" ## @section Harbor metrics parameters ## metrics: ## @param metrics.enabled Whether or not to enable metrics for different ## enabled: false ## @param metrics.path Path where metrics are exposed ## path: /metrics ## Prometheus Operator ServiceMonitor configuration ## serviceMonitor: ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.enabled` to be `true`) ## enabled: false ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running ## namespace: "" ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## interval: "" ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint ## scrapeTimeout: "" ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus ## labels: {} ## @param metrics.serviceMonitor.selector Prometheus instance selector labels ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: {} ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping ## relabelings: [] ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion ## metricRelabelings: [] ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint ## honorLabels: false ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. ## jobLabel: ""