forked from k-space/kube
145 lines
4.4 KiB
YAML
145 lines
4.4 KiB
YAML
|
expose:
|
||
|
type: ingress
|
||
|
tls:
|
||
|
enabled: true
|
||
|
ingress:
|
||
|
hosts:
|
||
|
core: harbor.k-space.ee
|
||
|
annotations:
|
||
|
cert-manager.io/cluster-issuer: default
|
||
|
kubernetes.io/ingress.class: traefik
|
||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
||
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
||
|
labels: {}
|
||
|
|
||
|
externalURL: https://harbor.k-space.ee
|
||
|
|
||
|
# The persistence is enabled by default and a default StorageClass
|
||
|
# is needed in the k8s cluster to provision volumes dynamically.
|
||
|
# Specify another StorageClass in the "storageClass" or set "existingClaim"
|
||
|
# if you already have existing persistent volumes to use
|
||
|
#
|
||
|
# For storing images and charts, you can also use "azure", "gcs", "s3",
|
||
|
# "swift" or "oss". Set it in the "imageChartStorage" section
|
||
|
persistence:
|
||
|
enabled: true
|
||
|
# Define which storage backend is used for registry to store
|
||
|
# images and charts. Refer to
|
||
|
# https://github.com/distribution/distribution/blob/main/docs/content/about/configuration.md#storage
|
||
|
# for the detail.
|
||
|
persistentVolumeClaim:
|
||
|
jobservice:
|
||
|
jobLog:
|
||
|
existingClaim: ""
|
||
|
storageClass: "longhorn"
|
||
|
subPath: ""
|
||
|
accessMode: ReadWriteMany
|
||
|
size: 5Gi
|
||
|
annotations: {}
|
||
|
imageChartStorage:
|
||
|
# Specify whether to disable `redirect` for images and chart storage, for
|
||
|
# backends which not supported it (such as using minio for `s3` storage type), please disable
|
||
|
# it. To disable redirects, simply set `disableredirect` to `true` instead.
|
||
|
# Refer to
|
||
|
# https://github.com/distribution/distribution/blob/main/docs/configuration.md#redirect
|
||
|
# for the detail.
|
||
|
disableredirect: false
|
||
|
type: s3
|
||
|
s3:
|
||
|
# Set an existing secret for S3 accesskey and secretkey
|
||
|
# keys in the secret should be REGISTRY_STORAGE_S3_ACCESSKEY and REGISTRY_STORAGE_S3_SECRETKEY for registry
|
||
|
existingSecret: "harbor-minio-credentials"
|
||
|
region: us-east-1
|
||
|
bucket: harbor-operator-e60e5943-234a-496d-ae74-933f6a67c530
|
||
|
#accesskey: awsaccesskey
|
||
|
#secretkey: awssecretkey
|
||
|
regionendpoint: https://external.minio-clusters.k-space.ee
|
||
|
#encrypt: false
|
||
|
#keyid: mykeyid
|
||
|
#secure: true
|
||
|
#skipverify: false
|
||
|
#v4auth: true
|
||
|
#chunksize: "5242880"
|
||
|
#rootdirectory: /s3/object/name/prefix
|
||
|
#storageclass: STANDARD
|
||
|
#multipartcopychunksize: "33554432"
|
||
|
#multipartcopymaxconcurrency: 100
|
||
|
#multipartcopythresholdsize: "33554432"
|
||
|
|
||
|
|
||
|
# The initial password of Harbor admin. Change it from portal after launching Harbor
|
||
|
# or give an existing secret for it
|
||
|
# key in secret is given via (default to HARBOR_ADMIN_PASSWORD)
|
||
|
# existingSecretAdminPassword:
|
||
|
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
|
||
|
|
||
|
# debug, info, warning, error or fatal
|
||
|
logLevel: debug
|
||
|
|
||
|
# If using existingSecretSecretKey, the key must be secretKey
|
||
|
existingSecretSecretKey: "harbor-core-oidc-secret-encryption-key"
|
||
|
|
||
|
# Run the migration job via helm hook
|
||
|
enableMigrateHelmHook: false
|
||
|
|
||
|
metrics:
|
||
|
enabled: true
|
||
|
core:
|
||
|
path: /metrics
|
||
|
port: 8001
|
||
|
registry:
|
||
|
path: /metrics
|
||
|
port: 8001
|
||
|
jobservice:
|
||
|
path: /metrics
|
||
|
port: 8001
|
||
|
exporter:
|
||
|
path: /metrics
|
||
|
port: 8001
|
||
|
serviceMonitor:
|
||
|
enabled: true
|
||
|
additionalLabels: {}
|
||
|
# Scrape interval. If not set, the Prometheus default scrape interval is used.
|
||
|
interval: ""
|
||
|
# Metric relabel configs to apply to samples before ingestion.
|
||
|
metricRelabelings:
|
||
|
[]
|
||
|
# - action: keep
|
||
|
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
|
||
|
# sourceLabels: [__name__]
|
||
|
# Relabel configs to apply to samples before ingestion.
|
||
|
relabelings:
|
||
|
[]
|
||
|
# - sourceLabels: [__meta_kubernetes_pod_node_name]
|
||
|
# separator: ;
|
||
|
# regex: ^(.*)$
|
||
|
# targetLabel: nodename
|
||
|
# replacement: $1
|
||
|
# action: replace
|
||
|
|
||
|
|
||
|
trivy:
|
||
|
enabled: false
|
||
|
|
||
|
database:
|
||
|
type: "external"
|
||
|
|
||
|
external:
|
||
|
host: "172.20.43.1"
|
||
|
port: "5432"
|
||
|
username: "kspace_harbor"
|
||
|
coreDatabase: "kspace_harbor"
|
||
|
existingSecret: "harbor-postgres-password"
|
||
|
sslmode: "disable"
|
||
|
|
||
|
redis:
|
||
|
type: external
|
||
|
external:
|
||
|
# support redis, redis+sentinel
|
||
|
# addr for redis: <host_redis>:<port_redis>
|
||
|
# addr for redis+sentinel: <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
|
||
|
addr: "dragonfly:6379"
|
||
|
username: ""
|
||
|
password: "MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge"
|