#! The FQDN for accessing Harbor admin UI and Registry service. hostname: yourdomain.com #! The network port of the Envoy service in Contour or other Ingress Controller. port: https: 443 #! Do not change tlsSecretLabels. It is required for TKG integration to work. tlsCertificate: tlsSecretLabels: {"managed-by": "vmware-vRegistry"} #! Use nginx and LoadBalancer service to expose Harbor's endpoints when it's true. This requires a loadBlalancer provider installed on Kubernetes cluster. #! enableNginxLoadBalancer and enableContourHttpProxy can't be true at the same time. #! When they are both set to false an Ingress will be created to expose Harbor's endpoints enableNginxLoadBalancer: false #! Use contour http proxy to expose Harbor's endpoints when it's true, enableNginxLoadBalancer and enableContourHttpProxy #! can't be true at the same time. When they are both set to false an Ingress will be created to expose Harbor's endpoints enableContourHttpProxy: true #! [Required] The initial password of Harbor admin. harborAdminPassword: Harbor12345 #! [Required] The secret key used for encryption. Must be a string of 16 chars. secretKey: 0123456789ABCDEF database: #! if external database is used, set "type" to "external" #! and fill the connection information in "external" section type: internal #! [Required] The initial password of the internal postgres database. #! if external database is used, please fill the external.password password: change-it core: replicas: 1 #! [Required] Secret is used when core server communicates with other components. secret: change-it #! [Required] The XSRF key. Must be a string of 32 chars. xsrfKey: 0123456789ABCDEF0123456789ABCDEF jobservice: replicas: 1 #! [Required] Secret is used when job service communicates with other components. secret: change-it registry: replicas: 1 #! [Required] Secret is used to secure the upload state from client #! and registry storage backend. #! See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http secret: change-it #! The persistence is always enabled and a default StorageClass #! is needed in the k8s cluster to provision volumes dynamically. #! Specify another StorageClass in the "storageClass" or set "existingClaim" #! if you have already existing persistent volumes to use #! #! For storing images and charts, you can also use "azure", "gcs", "s3", #! "swift" or "oss". Set it in the "imageChartStorage" section persistence: persistentVolumeClaim: registry: #! Use the existing PVC which must be created manually before bound, #! and specify the "subPath" if the PVC is shared with other components existingClaim: "" #! Specify the "storageClass" used to provision the volume. Or the default #! StorageClass will be used(the default). #! Set it to "-" to disable dynamic provisioning storageClass: "insert-storage-class-name-here" subPath: "" accessMode: ReadWriteOnce size: 10Gi jobservice: jobLog: existingClaim: "" storageClass: "insert-storage-class-name-here" subPath: "" accessMode: ReadWriteOnce size: 1Gi database: existingClaim: "" storageClass: "insert-storage-class-name-here" subPath: "" accessMode: ReadWriteOnce size: 1Gi redis: existingClaim: "" storageClass: "insert-storage-class-name-here" subPath: "" accessMode: ReadWriteOnce size: 1Gi trivy: existingClaim: "" storageClass: "insert-storage-class-name-here" subPath: "" accessMode: ReadWriteOnce size: 5Gi #! The metrics used by core, registry and exporter metrics: enabled: true core: path: /metrics port: 8001 registry: path: /metrics port: 8001 exporter: path: /metrics port: 8001 #! Default [] is equivalent to have both ["IPv4","IPv6"]. Or you can choose one of ["IPv4"] or ["IPv6"] network: ipFamilies: ["IPv4"] #! cache layer configurations #! if this feature enabled, harbor will cache the resource #! `project/project_metadata/repository/artifact/manifest` in the redis #! which help to improve the performance of high concurrent pulling manifest. cache: #! default is not enabled. enabled: false #! default keep cache for one day. expireHours: 24