· 4 years ago · Apr 06, 2021, 08:58 AM
1expose:
2 # Set the way how to expose the service. Set the type as "ingress",
3 # "clusterIP", "nodePort" or "loadBalancer" and fill the information
4 # in the corresponding section
5 type: loadBalancer
6 tls:
7 # Enable the tls or not.
8 # Delete the "ssl-redirect" annotations in "expose.ingress.annotations" when TLS is disabled and "expose.type" is "ingress"
9 # Note: if the "expose.type" is "ingress" and the tls
10 # is disabled, the port must be included in the command when pull/push
11 # images. Refer to https://github.com/goharbor/harbor/issues/5291
12 # for the detail.
13 enabled: true
14 # The source of the tls certificate. Set it as "auto", "secret"
15 # or "none" and fill the information in the corresponding section
16 # 1) auto: generate the tls certificate automatically
17 # 2) secret: read the tls certificate from the specified secret.
18 # The tls certificate can be generated manually or by cert manager
19 # 3) none: configure no tls certificate for the ingress. If the default
20 # tls certificate is configured in the ingress controller, choose this option
21 certSource: secret
22 auto:
23 # The common name used to generate the certificate, it's necessary
24 # when the type isn't "ingress"
25 commonName: "harbor.sva.rocks"
26 secret:
27 # The name of secret which contains keys named:
28 # "tls.crt" - the certificate
29 # "tls.key" - the private key
30 secretName: "harbor.sva.rocks-ssl"
31 # The name of secret which contains keys named:
32 # "tls.crt" - the certificate
33 # "tls.key" - the private key
34 # Only needed when the "expose.type" is "ingress".
35 notarySecretName: "harbor.sva.rocks-ssl"
36 ingress:
37 hosts:
38 core: harbor.sva.rocks
39 notary: notary-harbor.sva.rocks
40 # set to the type of ingress controller if it has specific requirements.
41 # leave as `default` for most ingress controllers.
42 # set to `gce` if using the GCE ingress controller
43 # set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller
44 controller: default
45 annotations:
46 # note different ingress controllers may require a different ssl-redirect annotation
47 # for Envoy, use ingress.kubernetes.io/force-ssl-redirect: "true" and remove the nginx lines below
48 ingress.kubernetes.io/ssl-redirect: "true"
49 ingress.kubernetes.io/proxy-body-size: "0"
50 nginx.ingress.kubernetes.io/ssl-redirect: "true"
51 nginx.ingress.kubernetes.io/proxy-body-size: "0"
52 clusterIP:
53 # The name of ClusterIP service
54 name: harbor
55 ports:
56 # The service port Harbor listens on when serving with HTTP
57 httpPort: 80
58 # The service port Harbor listens on when serving with HTTPS
59 httpsPort: 443
60 # The service port Notary listens on. Only needed when notary.enabled
61 # is set to true
62 notaryPort: 4443
63 nodePort:
64 # The name of NodePort service
65 name: harbor
66 ports:
67 http:
68 # The service port Harbor listens on when serving with HTTP
69 port: 80
70 # The node port Harbor listens on when serving with HTTP
71 nodePort: 30002
72 https:
73 # The service port Harbor listens on when serving with HTTPS
74 port: 443
75 # The node port Harbor listens on when serving with HTTPS
76 nodePort: 30003
77 # Only needed when notary.enabled is set to true
78 notary:
79 # The service port Notary listens on
80 port: 4443
81 # The node port Notary listens on
82 nodePort: 30004
83 loadBalancer:
84 # The name of LoadBalancer service
85 name: harbor
86 # Set the IP if the LoadBalancer supports assigning IP
87 IP: ""
88 ports:
89 # The service port Harbor listens on when serving with HTTP
90 httpPort: 80
91 # The service port Harbor listens on when serving with HTTPS
92 httpsPort: 443
93 # The service port Notary listens on. Only needed when notary.enabled
94 # is set to true
95 notaryPort: 4443
96 annotations: {}
97 sourceRanges: []
98
99# The external URL for Harbor core service. It is used to
100# 1) populate the docker/helm commands showed on portal
101# 2) populate the token service URL returned to docker/notary client
102#
103# Format: protocol://domain[:port]. Usually:
104# 1) if "expose.type" is "ingress", the "domain" should be
105# the value of "expose.ingress.hosts.core"
106# 2) if "expose.type" is "clusterIP", the "domain" should be
107# the value of "expose.clusterIP.name"
108# 3) if "expose.type" is "nodePort", the "domain" should be
109# the IP address of k8s node
110#
111# If Harbor is deployed behind the proxy, set it as the URL of proxy
112externalURL: https://harbor.sva.rocks
113
114# The internal TLS used for harbor components secure communicating. In order to enable https
115# in each components tls cert files need to provided in advance.
116internalTLS:
117 # If internal TLS enabled
118 enabled: false
119 # There are three ways to provide tls
120 # 1) "auto" will generate cert automatically
121 # 2) "manual" need provide cert file manually in following value
122 # 3) "secret" internal certificates from secret
123 certSource: "auto"
124 # The content of trust ca, only available when `certSource` is "manual"
125 trustCa: ""
126 # core related cert configuration
127 core:
128 # secret name for core's tls certs
129 secretName: ""
130 # Content of core's TLS cert file, only available when `certSource` is "manual"
131 crt: ""
132 # Content of core's TLS key file, only available when `certSource` is "manual"
133 key: ""
134 # jobservice related cert configuration
135 jobservice:
136 # secret name for jobservice's tls certs
137 secretName: ""
138 # Content of jobservice's TLS key file, only available when `certSource` is "manual"
139 crt: ""
140 # Content of jobservice's TLS key file, only available when `certSource` is "manual"
141 key: ""
142 # registry related cert configuration
143 registry:
144 # secret name for registry's tls certs
145 secretName: ""
146 # Content of registry's TLS key file, only available when `certSource` is "manual"
147 crt: ""
148 # Content of registry's TLS key file, only available when `certSource` is "manual"
149 key: ""
150 # portal related cert configuration
151 portal:
152 # secret name for portal's tls certs
153 secretName: ""
154 # Content of portal's TLS key file, only available when `certSource` is "manual"
155 crt: ""
156 # Content of portal's TLS key file, only available when `certSource` is "manual"
157 key: ""
158 # chartmuseum related cert configuration
159 chartmuseum:
160 # secret name for chartmuseum's tls certs
161 secretName: ""
162 # Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
163 crt: ""
164 # Content of chartmuseum's TLS key file, only available when `certSource` is "manual"
165 key: ""
166 # trivy related cert configuration
167 trivy:
168 # secret name for trivy's tls certs
169 secretName: ""
170 # Content of trivy's TLS key file, only available when `certSource` is "manual"
171 crt: ""
172 # Content of trivy's TLS key file, only available when `certSource` is "manual"
173 key: ""
174
175# The persistence is enabled by default and a default StorageClass
176# is needed in the k8s cluster to provision volumes dynamicly.
177# Specify another StorageClass in the "storageClass" or set "existingClaim"
178# if you have already existing persistent volumes to use
179#
180# For storing images and charts, you can also use "azure", "gcs", "s3",
181# "swift" or "oss". Set it in the "imageChartStorage" section
182persistence:
183 enabled: true
184 # Setting it to "keep" to avoid removing PVCs during a helm delete
185 # operation. Leaving it empty will delete PVCs after the chart deleted
186 # (this does not apply for PVCs that are created for internal database
187 # and redis components, i.e. they are never deleted automatically)
188 resourcePolicy: "keep"
189 persistentVolumeClaim:
190 registry:
191 # Use the existing PVC which must be created manually before bound,
192 # and specify the "subPath" if the PVC is shared with other components
193 existingClaim: ""
194 # Specify the "storageClass" used to provision the volume. Or the default
195 # StorageClass will be used(the default).
196 # Set it to "-" to disable dynamic provisioning
197 storageClass: "vsan-default-storage-policy"
198 subPath: ""
199 accessMode: ReadWriteOnce
200 size: 100Gi
201 chartmuseum:
202 existingClaim: ""
203 storageClass: "vsan-default-storage-policy"
204 subPath: ""
205 accessMode: ReadWriteOnce
206 size: 5Gi
207 jobservice:
208 existingClaim: ""
209 storageClass: "vsan-default-storage-policy"
210 subPath: ""
211 accessMode: ReadWriteOnce
212 size: 5Gi
213 # If external database is used, the following settings for database will
214 # be ignored
215 database:
216 existingClaim: ""
217 storageClass: "vsan-default-storage-policy"
218 subPath: ""
219 accessMode: ReadWriteOnce
220 size: 10Gi
221 # If external Redis is used, the following settings for Redis will
222 # be ignored
223 redis:
224 existingClaim: ""
225 storageClass: "vsan-default-storage-policy"
226 subPath: ""
227 accessMode: ReadWriteOnce
228 size: 5Gi
229 trivy:
230 existingClaim: ""
231 storageClass: "vsan-default-storage-policy"
232 subPath: ""
233 accessMode: ReadWriteOnce
234 size: 5Gi
235 # Define which storage backend is used for registry and chartmuseum to store
236 # images and charts. Refer to
237 # https://github.com/docker/distribution/blob/master/docs/configuration.md#storage
238 # for the detail.
239 imageChartStorage:
240 # Specify whether to disable `redirect` for images and chart storage, for
241 # backends which not supported it (such as using minio for `s3` storage type), please disable
242 # it. To disable redirects, simply set `disableredirect` to `true` instead.
243 # Refer to
244 # https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect
245 # for the detail.
246 disableredirect: false
247 # Specify the "caBundleSecretName" if the storage service uses a self-signed certificate.
248 # The secret must contain keys named "ca.crt" which will be injected into the trust store
249 # of registry's and chartmuseum's containers.
250 # caBundleSecretName:
251
252 # Specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift",
253 # "oss" and fill the information needed in the corresponding section. The type
254 # must be "filesystem" if you want to use persistent volumes for registry
255 # and chartmuseum
256 type: filesystem
257 filesystem:
258 rootdirectory: /storage
259 #maxthreads: 100
260 azure:
261 accountname: accountname
262 accountkey: base64encodedaccountkey
263 container: containername
264 #realm: core.windows.net
265 gcs:
266 bucket: bucketname
267 # The base64 encoded json file which contains the key
268 encodedkey: base64-encoded-json-key-file
269 #rootdirectory: /gcs/object/name/prefix
270 #chunksize: "5242880"
271 s3:
272 region: us-west-1
273 bucket: bucketname
274 #accesskey: awsaccesskey
275 #secretkey: awssecretkey
276 #regionendpoint: http://myobjects.local
277 #encrypt: false
278 #keyid: mykeyid
279 #secure: true
280 #skipverify: false
281 #v4auth: true
282 #chunksize: "5242880"
283 #rootdirectory: /s3/object/name/prefix
284 #storageclass: STANDARD
285 #multipartcopychunksize: "33554432"
286 #multipartcopymaxconcurrency: 100
287 #multipartcopythresholdsize: "33554432"
288 swift:
289 authurl: https://storage.myprovider.com/v3/auth
290 username: username
291 password: password
292 container: containername
293 #region: fr
294 #tenant: tenantname
295 #tenantid: tenantid
296 #domain: domainname
297 #domainid: domainid
298 #trustid: trustid
299 #insecureskipverify: false
300 #chunksize: 5M
301 #prefix:
302 #secretkey: secretkey
303 #accesskey: accesskey
304 #authversion: 3
305 #endpointtype: public
306 #tempurlcontainerkey: false
307 #tempurlmethods:
308 oss:
309 accesskeyid: accesskeyid
310 accesskeysecret: accesskeysecret
311 region: regionname
312 bucket: bucketname
313 #endpoint: endpoint
314 #internal: false
315 #encrypt: false
316 #secure: true
317 #chunksize: 10M
318 #rootdirectory: rootdirectory
319
320imagePullPolicy: IfNotPresent
321
322# Use this set to assign a list of default pullSecrets
323imagePullSecrets:
324# - name: docker-registry-secret
325# - name: internal-registry-secret
326
327# The update strategy for deployments with persistent volumes(jobservice, registry
328# and chartmuseum): "RollingUpdate" or "Recreate"
329# Set it as "Recreate" when "RWM" for volumes isn't supported
330updateStrategy:
331 type: RollingUpdate
332
333# debug, info, warning, error or fatal
334logLevel: info
335
336# The initial password of Harbor admin. Change it from portal after launching Harbor
337harborAdminPassword: "Harbor12345"
338
339# The name of the secret which contains key named "ca.crt". Setting this enables the
340# download link on portal to download the certificate of CA when the certificate isn't
341# generated automatically
342caSecretName: ""
343
344# The secret key used for encryption. Must be a string of 16 chars.
345secretKey: "not-a-secure-key"
346
347# The proxy settings for updating trivy vulnerabilities from the Internet and replicating
348# artifacts from/to the registries that cannot be reached directly
349proxy:
350 httpProxy: http://10.255.27.129:3128
351 httpsProxy: http://10.255.27.129:3128
352 noProxy: 127.0.0.1,localhost,.local,.internal
353 components:
354 - core
355 - jobservice
356 - trivy
357
358# The custom ca bundle secret, the secret must contain key named "ca.crt"
359# which will be injected into the trust store for chartmuseum, core, jobservice, registry, trivy components
360# caBundleSecretName: ""
361
362## UAA Authentication Options
363# If you're using UAA for authentication behind a self-signed
364# certificate you will need to provide the CA Cert.
365# Set uaaSecretName below to provide a pre-created secret that
366# contains a base64 encoded CA Certificate named `ca.crt`.
367# uaaSecretName:
368
369# If expose the service via "ingress", the Nginx will not be used
370nginx:
371 image:
372 repository: goharbor/nginx-photon
373 tag: dev
374 # set the service account to be used, default if left empty
375 serviceAccountName: ""
376 replicas: 1
377 # resources:
378 # requests:
379 # memory: 256Mi
380 # cpu: 100m
381 nodeSelector: {}
382 tolerations: []
383 affinity: {}
384 ## Additional deployment annotations
385 podAnnotations: {}
386
387portal:
388 image:
389 repository: goharbor/harbor-portal
390 tag: dev
391 # set the service account to be used, default if left empty
392 serviceAccountName: ""
393 replicas: 1
394 # resources:
395 # requests:
396 # memory: 256Mi
397 # cpu: 100m
398 nodeSelector: {}
399 tolerations: []
400 affinity: {}
401 ## Additional deployment annotations
402 podAnnotations: {}
403
404core:
405 image:
406 repository: goharbor/harbor-core
407 tag: dev
408 # set the service account to be used, default if left empty
409 serviceAccountName: ""
410 replicas: 1
411 ## Startup probe values
412 startupProbe:
413 enabled: true
414 initialDelaySeconds: 10
415 # resources:
416 # requests:
417 # memory: 256Mi
418 # cpu: 100m
419 nodeSelector: {}
420 tolerations: []
421 affinity: {}
422 ## Additional deployment annotations
423 podAnnotations: {}
424 # Secret is used when core server communicates with other components.
425 # If a secret key is not specified, Helm will generate one.
426 # Must be a string of 16 chars.
427 secret: ""
428 # Fill the name of a kubernetes secret if you want to use your own
429 # TLS certificate and private key for token encryption/decryption.
430 # The secret must contain keys named:
431 # "tls.crt" - the certificate
432 # "tls.key" - the private key
433 # The default key pair will be used if it isn't set
434 secretName: ""
435 # The XSRF key. Will be generated automatically if it isn't specified
436 xsrfKey: ""
437
438jobservice:
439 image:
440 repository: goharbor/harbor-jobservice
441 tag: dev
442 replicas: 1
443 # set the service account to be used, default if left empty
444 serviceAccountName: ""
445 maxJobWorkers: 10
446 # The logger for jobs: "file", "database" or "stdout"
447 jobLoggers:
448 - file
449 # - database
450 # - stdout
451
452 # resources:
453 # requests:
454 # memory: 256Mi
455 # cpu: 100m
456 nodeSelector: {}
457 tolerations: []
458 affinity: {}
459 ## Additional deployment annotations
460 podAnnotations: {}
461 # Secret is used when job service communicates with other components.
462 # If a secret key is not specified, Helm will generate one.
463 # Must be a string of 16 chars.
464 secret: ""
465
466registry:
467 # set the service account to be used, default if left empty
468 serviceAccountName: ""
469 registry:
470 image:
471 repository: goharbor/registry-photon
472 tag: dev
473 # resources:
474 # requests:
475 # memory: 256Mi
476 # cpu: 100m
477 controller:
478 image:
479 repository: goharbor/harbor-registryctl
480 tag: dev
481
482 # resources:
483 # requests:
484 # memory: 256Mi
485 # cpu: 100m
486 replicas: 1
487 nodeSelector: {}
488 tolerations: []
489 affinity: {}
490 ## Additional deployment annotations
491 podAnnotations: {}
492 # Secret is used to secure the upload state from client
493 # and registry storage backend.
494 # See: https://github.com/docker/distribution/blob/master/docs/configuration.md#http
495 # If a secret key is not specified, Helm will generate one.
496 # Must be a string of 16 chars.
497 secret: ""
498 # If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL.
499 relativeurls: false
500 credentials:
501 username: "harbor_registry_user"
502 password: "harbor_registry_password"
503 # If you update the username or password of registry, make sure use cli tool htpasswd to generate the bcrypt hash
504 # e.g. "htpasswd -nbBC10 $username $password"
505 htpasswd: "harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m"
506
507 middleware:
508 enabled: false
509 type: cloudFront
510 cloudFront:
511 baseurl: example.cloudfront.net
512 keypairid: KEYPAIRID
513 duration: 3000s
514 ipfilteredby: none
515 # The secret key that should be present is CLOUDFRONT_KEY_DATA, which should be the encoded private key
516 # that allows access to CloudFront
517 privateKeySecret: "my-secret"
518
519chartmuseum:
520 enabled: true
521 # set the service account to be used, default if left empty
522 serviceAccountName: ""
523 # Harbor defaults ChartMuseum to returning relative urls, if you want using absolute url you should enable it by change the following value to 'true'
524 absoluteUrl: false
525 image:
526 repository: goharbor/chartmuseum-photon
527 tag: dev
528 replicas: 1
529 # resources:
530 # requests:
531 # memory: 256Mi
532 # cpu: 100m
533 nodeSelector: {}
534 tolerations: []
535 affinity: {}
536 ## Additional deployment annotations
537 podAnnotations: {}
538
539trivy:
540 # enabled the flag to enable Trivy scanner
541 enabled: true
542 image:
543 # repository the repository for Trivy adapter image
544 repository: goharbor/trivy-adapter-photon
545 # tag the tag for Trivy adapter image
546 tag: dev
547 # set the service account to be used, default if left empty
548 serviceAccountName: ""
549 # replicas the number of Pod replicas
550 replicas: 1
551 # debugMode the flag to enable Trivy debug mode with more verbose scanning log
552 debugMode: false
553 # vulnType a comma-separated list of vulnerability types. Possible values are `os` and `library`.
554 vulnType: "os,library"
555 # severity a comma-separated list of severities to be checked
556 severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
557 # ignoreUnfixed the flag to display only fixed vulnerabilities
558 ignoreUnfixed: false
559 # insecure the flag to skip verifying registry certificate
560 insecure: false
561 # gitHubToken the GitHub access token to download Trivy DB
562 #
563 # Trivy DB contains vulnerability information from NVD, Red Hat, and many other upstream vulnerability databases.
564 # It is downloaded by Trivy from the GitHub release page https://github.com/aquasecurity/trivy-db/releases and cached
565 # in the local file system (`/home/scanner/.cache/trivy/db/trivy.db`). In addition, the database contains the update
566 # timestamp so Trivy can detect whether it should download a newer version from the Internet or use the cached one.
567 # Currently, the database is updated every 12 hours and published as a new release to GitHub.
568 #
569 # Anonymous downloads from GitHub are subject to the limit of 60 requests per hour. Normally such rate limit is enough
570 # for production operations. If, for any reason, it's not enough, you could increase the rate limit to 5000
571 # requests per hour by specifying the GitHub access token. For more details on GitHub rate limiting please consult
572 # https://developer.github.com/v3/#rate-limiting
573 #
574 # You can create a GitHub token by following the instructions in
575 # https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line
576 gitHubToken: ""
577 # skipUpdate the flag to disable Trivy DB downloads from GitHub
578 #
579 # You might want to set the value of this flag to `true` in test or CI/CD environments to avoid GitHub rate limiting issues.
580 # If the value is set to `true` you have to manually download the `trivy.db` file and mount it in the
581 # `/home/scanner/.cache/trivy/db/trivy.db` path.
582 skipUpdate: false
583 resources:
584 requests:
585 cpu: 200m
586 memory: 512Mi
587 limits:
588 cpu: 1
589 memory: 1Gi
590 nodeSelector: {}
591 tolerations: []
592 affinity: {}
593 ## Additional deployment annotations
594 podAnnotations: {}
595
596notary:
597 enabled: true
598 server:
599 # set the service account to be used, default if left empty
600 serviceAccountName: ""
601 image:
602 repository: goharbor/notary-server-photon
603 tag: dev
604 replicas: 1
605 # resources:
606 # requests:
607 # memory: 256Mi
608 # cpu: 100m
609 nodeSelector: {}
610 tolerations: []
611 affinity: {}
612 ## Additional deployment annotations
613 podAnnotations: {}
614 signer:
615 # set the service account to be used, default if left empty
616 serviceAccountName: ""
617 image:
618 repository: goharbor/notary-signer-photon
619 tag: dev
620 replicas: 1
621 # resources:
622 # requests:
623 # memory: 256Mi
624 # cpu: 100m
625 nodeSelector: {}
626 tolerations: []
627 affinity: {}
628 ## Additional deployment annotations
629 podAnnotations: {}
630 # Fill the name of a kubernetes secret if you want to use your own
631 # TLS certificate authority, certificate and private key for notary
632 # communications.
633 # The secret must contain keys named ca.crt, tls.crt and tls.key that
634 # contain the CA, certificate and private key.
635 # They will be generated if not set.
636 secretName: ""
637
638database:
639 # if external database is used, set "type" to "external"
640 # and fill the connection informations in "external" section
641 type: internal
642 internal:
643 # set the service account to be used, default if left empty
644 serviceAccountName: ""
645 image:
646 repository: goharbor/harbor-db
647 tag: dev
648 # The initial superuser password for internal database
649 password: "changeit"
650 # resources:
651 # requests:
652 # memory: 256Mi
653 # cpu: 100m
654 nodeSelector: {}
655 tolerations: []
656 affinity: {}
657 external:
658 host: "192.168.0.1"
659 port: "5432"
660 username: "user"
661 password: "password"
662 coreDatabase: "registry"
663 notaryServerDatabase: "notary_server"
664 notarySignerDatabase: "notary_signer"
665 # "disable" - No SSL
666 # "require" - Always SSL (skip verification)
667 # "verify-ca" - Always SSL (verify that the certificate presented by the
668 # server was signed by a trusted CA)
669 # "verify-full" - Always SSL (verify that the certification presented by the
670 # server was signed by a trusted CA and the server host name matches the one
671 # in the certificate)
672 sslmode: "disable"
673 # The maximum number of connections in the idle connection pool.
674 # If it <=0, no idle connections are retained.
675 maxIdleConns: 50
676 # The maximum number of open connections to the database.
677 # If it <= 0, then there is no limit on the number of open connections.
678 # Note: the default number of connections is 1024 for postgre of harbor.
679 maxOpenConns: 1000
680 ## Additional deployment annotations
681 podAnnotations: {}
682
683redis:
684 # if external Redis is used, set "type" to "external"
685 # and fill the connection informations in "external" section
686 type: internal
687 internal:
688 # set the service account to be used, default if left empty
689 serviceAccountName: ""
690 image:
691 repository: goharbor/redis-photon
692 tag: dev
693 # resources:
694 # requests:
695 # memory: 256Mi
696 # cpu: 100m
697 nodeSelector: {}
698 tolerations: []
699 affinity: {}
700 external:
701 # support redis, redis+sentinel
702 # addr for redis: <host_redis>:<port_redis>
703 # addr for redis+sentinel: <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
704 addr: "192.168.0.2:6379"
705 # The name of the set of Redis instances to monitor, it must be set to support redis+sentinel
706 sentinelMasterSet: ""
707 # The "coreDatabaseIndex" must be "0" as the library Harbor
708 # used doesn't support configuring it
709 coreDatabaseIndex: "0"
710 jobserviceDatabaseIndex: "1"
711 registryDatabaseIndex: "2"
712 chartmuseumDatabaseIndex: "3"
713 trivyAdapterIndex: "5"
714 password: ""
715 ## Additional deployment annotations
716 podAnnotations: {}
717
718exporter:
719 replicas: 1
720 # resources:
721 # requests:
722 # memory: 256Mi
723 # cpu: 100m
724 podAnnotations: {}
725 serviceAccountName: ""
726 image:
727 repository: goharbor/harbor-exporter
728 tag: dev
729 nodeSelector: {}
730 tolerations: []
731 affinity: {}
732 cacheDuration: 30
733 cacheCleanInterval: 14400
734
735metrics:
736 enabled: false
737 core:
738 path: /metrics
739 port: 8001
740 registry:
741 path: /metrics
742 port: 8001
743 exporter:
744 path: /metrics
745 port: 8001
746