# 这个配置文件,其实就是上面部分是harbor配置,下面都是自定义的配置需要的镜像配置。
# 综合下来,其实秘钥用系统默认就行,会自动生成的。没有特殊的配置,基本用默认的都能启动啊。为啥我安装会报错?
expose:
# Set the way how to expose the service. Set the type as "ingress",
# "clusterIP", "nodePort" or "loadBalancer" and fill the information
# in the corresponding section
# 中文解读
# 配置harbor外部访问方式,其中包括4种:ingress、clusterIP、nodePort、loadBalancer
# 配置作用
# 这个配置的目的就是外部通过哪种方式访问搭建的harbor,对于每一种方式,都要进行相应的配置。配置在下面能看到。
# 采坑记录
type: ingress
tls:
# Enable the tls or not. Note: if the type is "ingress" and the tls
# is disabled, the port must be included in the command when pull/push
# images. Refer to https://github.com/goharbor/harbor/issues/5291
# for the detail.
# 中文解读
# 就是tls开关,强调。如果外部访问方式是"ingress",tls=disabled,那么在执行pull/push命令时,端口号一定要包含到命令中
# 配置作用
# 采坑记录
enabled: true
# Fill the name of secret if you want to use your own TLS certificate.
# The secret contains keys named:
# "tls.crt" - the certificate (required)
# "tls.key" - the private key (required)
# "ca.crt" - the certificate of CA (optional), this enables the download
# link on portal to download the certificate of CA
# These files will be generated automatically if the "secretName" is not set
# 中文解读
# 填写秘钥名称,如果要使用自己的秘钥。介绍了密码需要包括 其中tls.crt和tls.key是必须的,ca.crt可选。
# 登录门harbor的门户网站下载秘钥,如果“secretName”设置为空,这些文件将会自动生成
# 配置作用
# 其实就是harbor验证机制,相当于项目总的koken的作用
# 采坑记录
secretName: ""
# By default, the Notary service will use the same cert and key as
# described above. Fill the name of secret if you want to use a
# separated one. Only needed when the type is "ingress".
# 中文解读
# 默认值,验证服务会使用相同的cert和key
# 如果需要使用另外的,可以填写自己的,这个配置在ingres访问方式下才需要
# 配置作用
# 一般用默认值就可以,如果真的需要自己的验证服务,可以自定义。配置就是在这里。
# 采坑记录
notarySecretName: ""
# The common name used to generate the certificate, it's necessary
# when the type isn't "ingress" and "secretName" is null
# 中文解读
# 这个配置常常是用来生成验证证书的,当访问方式不是“ingress"并且“secretName”为null,这个配置是必须的。
# 配置作用
# 记住上面说的这个配置的限制条件,不然是跑不起来的。
# 采坑记录
commonName: ""
ingress:
hosts:
core: core.harbor.domain
notary: notary.harbor.domain
# set to the type of ingress controller if it has specific requirements.
# leave as `default` for most ingress controllers.
# set to `gce` if using the GCE ingress controller
# set to `ncp` if using the NCP (NSX-T Container Plugin) ingress controller
# 中文解读
# 如果有特殊的需求需要配置,没有的话就用默认的就行。这里有两种方式:GCE和NCP
# 配置作用
# 采坑记录
controller: default
annotations:
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
# clusterIP属性配置,这里我暂时是用的ingress,暂时不研究这个配置
clusterIP:
# The name of ClusterIP service
# 中文解读
# 配置作用
# 采坑记录
name: harbor
ports:
# The service port Harbor listens on when serving with HTTP
# 中文解读
# 配置作用
# 采坑记录
httpPort: 80
# The service port Harbor listens on when serving with HTTPS
# 中文解读
# 配置作用
# 采坑记录
httpsPort: 443
# The service port Notary listens on. Only needed when notary.enabled
# is set to true
# 中文解读
# 配置作用
# 采坑记录
notaryPort: 4443
nodePort:
# The name of NodePort service
# 中文解读
# 配置租用
# 采坑记录
name: harbor
ports:
http:
# The service port Harbor listens on when serving with HTTP
# 中文解读
# 配置作用
# 采坑记录
port: 80
# The node port Harbor listens on when serving with HTTP
# 中文解读
# 配置租用
# 采坑记录
nodePort: 30002
https:
# The service port Harbor listens on when serving with HTTPS
# 中文解读
# 配置作用
# 采坑记录
port: 443
# The node port Harbor listens on when serving with HTTPS
# 中文解读
# 配置作用
# 采坑记录
nodePort: 30003
# Only needed when notary.enabled is set to true
# 中文解读
# 配置作用
# 采坑记录
notary:
# The service port Notary listens on
port: 4443
# The node port Notary listens on
nodePort: 30004
loadBalancer:
# The name of LoadBalancer service
name: harbor
# Set the IP if the LoadBalancer supports assigning IP
IP: ""
ports:
# The service port Harbor listens on when serving with HTTP
httpPort: 80
# The service port Harbor listens on when serving with HTTPS
httpsPort: 443
# The service port Notary listens on. Only needed when notary.enabled
# is set to true
notaryPort: 4443
annotations: {
}
sourceRanges: []
# The external URL for Harbor core service. It is used to
# 1) populate the docker/helm commands showed on portal
# 2) populate the token service URL returned to docker/notary client
#
# Format: protocol://domain[:port]. Usually:
# 1) if "expose.type" is "ingress", the "domain" should be
# the value of "expose.ingress.hosts.core"
# 2) if "expose.type" is "clusterIP", the "domain" should be
# the value of "expose.clusterIP.name"
# 3) if "expose.type" is "nodePort", the "domain" should be
# the IP address of k8s node
#
# If Harbor is deployed behind the proxy, set it as the URL of proxy
# 中文解读
# 如果harbor是部署在代理服务上,这里配置代理服务器的URL
# 配置作用
# 采坑记录
externalURL: https://core.harbor.domain
# The internal TLS used for harbor components secure communicating. In order to enable https
# in each components tls cert files need to provided in advance.
# 中文解读
# 内部TLS用于harbor组件安全通信。为了开始每个组件的的验证文件https方式,这个配置需要提前提供
# 配置作用
# 就是如果下面认证方式为HTTPS,这里的配置就是提前配置好。不然应该会出现错
# 采坑记录
internalTLS:
# If internal TLS enabled
# 中文解读
# 内部TLS的开关配置
# 配置作用
# 采坑记录
enabled: false
# There are three ways to provide tls
# 1) "auto" will generate cert automatically
# 2) "manual" need provide cert file manually in following value
# 3) "secret" internal certificates from secret
# 中文解读
# 有三种方式提供TLS
# "auto"自动生成cert
# "manual"需要下面配置中手动提供cert file
# "secret" 从秘钥中获取
# 配置作用
# 采坑记录
certSource: "auto"
# The content of trust ca, only available when `certSource` is "manual"
# 中文解读
# 当centSource为nanual需要这里配置
# 配置作用
# 采坑记录
trustCa: ""
# core related cert configuration
# 中文解读
# 配置作用
# 采坑记录
core:
# secret name for core's tls certs
# 中文解读
# core的tls的秘钥名称
KuberSphere安装harbor的配置文件解读
最新推荐文章于 2024-05-31 21:57:11 发布
![](https://img-home.csdnimg.cn/images/20240711042549.png)