表格摘自harbor官网,谷歌翻译机译
|
Parameter | 描述翻译 | Description | Default |
| Expose | |||
| expose.type | 公开服务的方式:入口,群集IP,nodePort或loadBalancer,其他值将被忽略,服务的创建将被跳过。 | The way how to expose the service: ingress, clusterIP, nodePort or loadBalancer, other values will be ignored and the creation of service will be skipped. | ingress |
| expose.tls.enabled | 是否启用tls。禁用TLS并且使用expose.type时,请删除expose.ingress.annotations中的ssl-redirect注释。注意:如果使用了expose.type并且禁用了tls,则在拉/推图像时必须在命令中包含端口。有关详细信息,请参阅https://github.com/goharbor/harbor/issues/5291 | Enable the tls or not. Delete the ssl-redirect annotations in expose.ingress.annotations when TLS is disabled and expose.type is ingress. Note: if the expose.type is ingress and the tls is disabled, the port must be included in the command when pull/push images. Refer to https://github.com/goharbor/harbor/issues/5291 for the detail. | TRUE |
| expose.tls.certSource | tls证书的来源。将其设置为``自动'',``秘密''或``无''并在相应的部分中填写信息:1)自动:自动生成tls证书2)机密:从指定的机密中读取tls证书。可以手动生成tls证书,也可以通过证书管理器生成tls证书。3)none:不为入口配置tls证书。如果在入口控制器中配置了默认的tls证书,请选择此选项 | The source of the tls certificate. Set it as auto, secret or none and fill the information in the corresponding section: 1) auto: generate the tls certificate automatically 2) secret: read the tls certificate from the specified secret. The tls certificate can be generated manually or by cert manager 3) none: configure no tls certificate for the ingress. If the default tls certificate is configured in the ingress controller, choose this option | auto |
| expose.tls.auto.commonName | 用于生成证书的通用名称,当类型不是输入时是必需的 | The common name used to generate the certificate, it's necessary when the type isn't ingress | |
| expose.tls.secret.secretName | 密钥名称,其中包含名为tls.crt的密钥-证书; tls.key-私钥 | The name of secret which contains keys named: tls.crt - the certificate; tls.key - the private key | |
| expose.tls.secret.notarySecretName | 密钥名称,其中包含名为tls.crt的密钥-证书; tls.key-私钥。仅当暴露类型为ress时才需要 | The name of secret which contains keys named: tls.crt - the certificate; tls.key - the private key. Only needed when the expose.type is ingress | |
| expose.ingress.hosts.core | 进入规则中Harbor核心服务的主机 | The host of Harbor core service in ingress rule | core.harbor.domain |
| expose.ingress.hosts.notary | 进入规则中的港口公证服务的主持人 | The host of Harbor Notary service in ingress rule | notary.harbor.domain |
| expose.ingress.controller | 入口控制器类型。当前支持default,gce和ncp | The ingress controller type. Currently supports default, gce and ncp | default |
| expose.ingress.annotations | 入口中使用的注释 | The annotations used in ingress | |
| expose.clusterIP.name | ClusterIP服务的名称 | The name of ClusterIP service | harbor |
| expose.clusterIP.ports.httpPort | 通过HTTP服务时,Harbor侦听的服务端口 | The service port Harbor listens on when serving with HTTP | 80 |
| expose.clusterIP.ports.httpsPort | 使用HTTPS进行服务时,Harbor侦听的服务端口 | The service port Harbor listens on when serving with HTTPS | 443 |
| expose.clusterIP.ports.notaryPort | 服务端口Notary侦听。仅当notary.enabled设置为true时才需要 | The service port Notary listens on. Only needed when notary.enabled is set to true | 4443 |
| expose.nodePort.name | NodePort服务的名称 | The name of NodePort service | harbor |
| expose.nodePort.ports.http.port | 通过HTTP服务时,Harbor侦听的服务端口 | The service port Harbor listens on when serving with HTTP | 80 |
| expose.nodePort.ports.http.nodePort | 通过HTTP服务时,Harbor侦听的节点端口 | The node port Harbor listens on when serving with HTTP | 30002 |
| expose.nodePort.ports.https.port | 使用HTTPS进行服务时,Harbor侦听的服务端口 | The service port Harbor listens on when serving with HTTPS | 443 |
| expose.nodePort.ports.https.nodePort | 使用HTTPS服务时,Harbor侦听的节点端口 | The node port Harbor listens on when serving with HTTPS | 30003 |
| expose.nodePort.ports.notary.port | 服务端口Notary侦听。仅当notary.enabled设置为true时才需要 | The service port Notary listens on. Only needed when notary.enabled is set to true | 4443 |
| expose.nodePort.ports.notary.nodePort | 服务端口Notary侦听。仅当notary.enabled设置为true时才需要 | The node port Notary listens on. Only needed when notary.enabled is set to true | 30004 |
| expose.loadBalancer.name | 服务名称 | The name of service | harbor |
| expose.loadBalancer.IP | loadBalancer的IP。仅当loadBalancer支持分配IP时才有效 | The IP of the loadBalancer. It works only when loadBalancer support assigning IP | "" |
| expose.loadBalancer.ports.httpPort | 通过HTTP服务时,Harbor侦听的服务端口 | The service port Harbor listens on when serving with HTTP | 80 |
| expose.loadBalancer.ports.httpsPort | 使用HTTPS进行服务时,Harbor侦听的服务端口 | The service port Harbor listens on when serving with HTTPS | 30002 |
| expose.loadBalancer.ports.notaryPort | 服务端口Notary侦听。仅当notary.enabled设置为true时才需要 | The service port Notary listens on. Only needed when notary.enabled is set to true | |
| expose.loadBalancer.annotations | 附加到loadBalancer服务的注释 | The annotations attached to the loadBalancer service | {} |
| expose.loadBalancer.sourceRanges | 分配给loadBalancerSourceRanges的IP地址范围列表 | List of IP address ranges to assign to loadBalancerSourceRanges | [] |
| Internal TLS | |||
| internalTLS.enabled | 为组件(chartmuseum,core,jobservice,portal,registry,trivy)启用tls | Enable the tls for the components (chartmuseum, core, jobservice, portal, registry, trivy) | FALSE |
| internalTLS.certSource | 为组件提供tls的方法,选项是自动,手动,秘密。 | Method to provide tls for the components, options is auto, manual, secret. | auto |
| internalTLS.trustCa | 信任的内容ca,仅在手动使用certSrouce时可用。注意:组件的所有内部证书必须由该证书颁发 | The content of trust ca, only available when certSrouce is manual. Note: all the internal certificates of the components must be issued by this ca | |
| internalTLS.core.secretName | 核心组件的秘密名称,仅在certSource为秘密时可用。该机密必须包含名为:ca.crt的密钥-用于颁发组件内部密钥和crt对的CA证书,所有Harbor组件必须由同一CA颁发tls.crt-TLS证书文件的内容, tls.key-TLS密钥文件的内容 | The secret name for core component, only available when certSource is secret. The secret must contain keys named: ca.crt - the certificate of CA which is used to issue internal key and crt pair for components and all Harbor components must issued by the same CA , tls.crt - the content of the TLS cert file, tls.key - the content of the TLS key file. | |
| internalTLS.core.crt | 核心TLS证书文件的内容,仅在手动使用certSource时可用 | Content of core's TLS cert file, only available when certSource is manual | |
| internalTLS.core.key | 内核的TLS密钥文件的内容,仅在certSource为手动时可用 | Content of core's TLS key file, only available when certSource is manual | |
| internalTLS.jobservice.secretName | jobservice组件的秘密名称,仅在certSource为秘密时可用。该机密必须包含名为:ca.crt的密钥-用于颁发组件内部密钥和crt对的CA证书,所有Harbor组件必须由同一CA颁发tls.crt-TLS证书文件的内容, tls.key-TLS密钥文件的内容。 | The secret name for jobservice component, only available when certSource is secret. The secret must contain keys named: ca.crt - the certificate of CA which is used to issue internal key and crt pair for components and all Harbor components must issued by the same CA , tls.crt - the content of the TLS cert file, tls.key - the content of the TLS key file. | |
| internalTLS.jobservice.crt | Jobservice的TLS证书文件的内容,仅在certSource为手动时可用 | Content of jobservice's TLS cert file, only available when certSource is manual | |
| internalTLS.jobservice.key | Jobservice的TLS密钥文件的内容,仅在certSource为手动时可用 | Content of jobservice's TLS key file, only available when certSource is manual | |
| internalTLS.registry.secretName | 注册表组件的秘密名称,仅在certSource为秘密时可用。该机密必须包含名为:ca.crt的密钥-用于颁发组件内部密钥和crt对的CA证书,所有Harbor组件必须由同一CA颁发tls.crt-TLS证书文件的内容, tls.key-TLS密钥文件的内容。 | The secret name for registry component, only available when certSource is secret. The secret must contain keys named: ca.crt - the certificate of CA which is used to issue internal key and crt pair for components and all Harbor components must issued by the same CA , tls.crt - the content of the TLS cert file, tls.key - the content of the TLS key file. | |
| internalTLS.registry.crt | 注册表的TLS证书文件的内容,仅在certSource为手动时可用 | Content of registry's TLS cert file, only available when certSource is manual | |
| internalTLS.registry.key | 注册表的TLS密钥文件的内容,仅在手动使用certSource时可用 | Content of registry's TLS key file, only available when certSource is manual | |
| internalTLS.portal.secretName | 门户组件的秘密名称,仅在certSource为秘密时可用。该机密必须包含名为:ca.crt的密钥-用于颁发组件内部密钥和crt对的CA证书,所有Harbor组件必须由同一CA颁发tls.crt-TLS证书文件的内容, tls.key-TLS密钥文件的内容。 | The secret name for portal component, only available when certSource is secret. The secret must contain keys named: ca.crt - the certificate of CA which is used to issue internal key and crt pair for components and all Harbor components must issued by the same CA , tls.crt - the content of the TLS cert file, tls.key - the content of the TLS key file. | |
| internalTLS.portal.crt | 门户网站的TLS证书文件的内容,仅在certSource为手动时可用 | Content of portal's TLS cert file, only available when certSource is manual | |
| internalTLS.portal.key | 门户网站的TLS密钥文件的内容,仅在手动使用certSource时可用 | Content of portal's TLS key file, only available when certSource is manual | |
| internalTLS.chartmuseum.secretName | Chartmuseum组件的秘密名称,仅在certSource为秘密时可用。该机密必须包含名为:ca.crt的密钥-用于颁发组件内部密钥和crt对的CA证书,所有Harbor组件必须由同一CA颁发tls.crt-TLS证书文件的内容, tls.key-TLS密钥文件的内容。 | The secret name for chartmuseum component, only available when certSource is secret. The secret must contain keys named: ca.crt - the certificate of CA which is used to issue internal key and crt pair for components and all Harbor components must issued by the same CA , tls.crt - the content of the TLS cert file, tls.key - the content of the TLS key file. | |
| internalTLS.chartmuseum.crt | Chartmuseum的TLS证书文件的内容,仅在certSource为手动时可用 | Content of chartmuseum's TLS cert file, only available when certSource is manual | |
| internalTLS.chartmuseum.key | Chartmuseum的TLS密钥文件的内容,仅在certSource为手动时可用 | Content of chartmuseum's TLS key file, only available when certSource is manual | |
| internalTLS.trivy.secretName | trivy组件的秘密名称,仅在certSource为秘密时可用。该机密必须包含名为:ca.crt的密钥-用于颁发组件内部密钥和crt对的CA证书,所有Harbor组件必须由同一CA颁发tls.crt-TLS证书文件的内容, tls.key-TLS密钥文件的内容。 | The secret name for trivy component, only available when certSource is secret. The secret must contain keys named: ca.crt - the certificate of CA which is used to issue internal key and crt pair for components and all Harbor components must issued by the same CA , tls.crt - the content of the TLS cert file, tls.key - the content of the TLS key file. | |
| internalTLS.trivy.crt | Trivy的TLS证书文件的内容,仅在手动使用certSource时可用 | Content of trivy's TLS cert file, only available when certSource is manual | |
| internalTLS.trivy.key | trivy的TLS密钥文件的内容,仅在certSource为手动时可用 | Content of trivy's TLS key file, only available when certSource is manual | |
| Persistence | |||
| persistence.enabled | 是否启用数据持久性 | Enable the data persistence or not | TRUE |
| persistence.resourcePolicy | 将其设置为保持以避免在头盔删除操作期间移除PVC。删除图表后,将其保留为空将删除PVC。不影响为内部数据库和Redis组件创建的PVC。 | Setting it to keep to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted. Does not affect PVCs created for internal database and redis components. | keep |
| persistence.persistentVolumeClaim.registry.existingClaim | 使用必须在绑定之前手动创建的现有PVC,如果PVC与其他组件共享,请指定子路径 | Use the existing PVC which must be created manually before bound, and specify the subPath if the PVC is shared with other components | |
| persistence.persistentVolumeClaim.registry.storageClass | 使用必须在绑定之前手动创建的现有PVC,如果PVC与其他组件共享,请指定子路径 | Specify the storageClass used to provision the volume. Or the default StorageClass will be used(the default). Set it to - to disable dynamic provisioning | |
| persistence.persistentVolumeClaim.registry.subPath | 卷中使用的子路径 | The sub path used in the volume | |
| persistence.persistentVolumeClaim.registry.accessMode | 卷的访问方式 | The access mode of the volume | ReadWriteOnce |
| persistence.persistentVolumeClaim.registry.size | 卷的大小 | The size of the volume | 5Gi |
| persistence.persistentVolumeClaim.chartmuseum.existingClaim | 使用必须在绑定之前手动创建的现有PVC,如果PVC与其他组件共享,请指定子路径 | Use the existing PVC which must be created manually before bound, and specify the subPath if the PVC is shared with other components | |
| persistence.persistentVolumeClaim.chartmuseum.storageClass | 指定用于配置卷的存储类。否则将使用默认的StorageClass(默认)。将其设置为-以禁用动态配置 | Specify the storageClass used to provision the volume. Or the default StorageClass will be used(the default). Set it to - to disable dynamic provisioning | |
| persistence.persistentVolumeClaim.chartmuseum.subPath | 卷中使用的子路径 | The sub path used in the volume | |
| persistence.persistentVolumeClaim.chartmuseum.accessMode | 卷的访问方式 | The access mode of the volume | ReadWriteOnce |
| persistence.persistentVolumeClaim.chartmuseum.size | 卷的大小 | The size of the volume | 5Gi |
| persistence.persistentVolumeClaim.jobservice.existingClaim | 使用必须在绑定之前手动创建的现有PVC,如果PVC与其他组件共享,请指定子路径 | Use the existing PVC which must be created manually before bound, and specify the subPath if the PVC is shared with other components | |
| persistence.persistentVolumeClaim.jobservice.storageClass | 使用必须在绑定之前手动创建的现有PVC,如果PVC与其他组件共享,请指定子路径 | Specify the storageClass used to provision the volume. Or the default StorageClass will be used(the default). Set it to - to disable dynamic provisioning | |
| persistence.persistentVolumeClaim.jobservice.subPath | 卷中使用的子路径 | The sub path used in the volume | |
| persistence.persistentVolumeClaim.jobservice.accessMode | 卷的访问方式 | The access mode of the volume | ReadWriteOnce |
| persistence.persistentVolumeClaim.jobservice.size | 卷的访问方式 | The size of the volume | 1Gi |
| persistence.persistentVolumeClaim.database.existingClaim | 使用必须在绑定之前手动创建的现有PVC,并指定PVC与其他组件共享时的子路径。如果使用外部数据库,则该设置将被忽略 | Use the existing PVC which must be created manually before bound, and specify the subPath if the PVC is shared with other components. If external database is used, the setting will be ignored | |
| persistence.persistentVolumeClaim.database.storageClass | 使用必须在绑定之前手动创建的现有PVC,如果PVC与其他组件共享,请指定子路径 | Specify the storageClass used to provision the volume. Or the default StorageClass will be used(the default). Set it to - to disable dynamic provisioning. If external database is used, the setting will be ignored | |
| persistence.persistentVolumeClaim.database.subPath | 卷中使用的子路径 | The sub path used in the volume. If external database is used, the setting will be ignored | |
| persistence.persistentVolumeClaim.database.accessMode | 卷的访问方式 | The access mode of the volume. If external database is used, the setting will be ignored | ReadWriteOnce |
| persistence.persistentVolumeClaim.database.size | 卷的大小 | The size of the volume. If external database is used, the setting will be ignored | 1Gi |
| persistence.persistentVolumeClaim.redis.existingClaim | 使用必须在绑定之前手动创建的现有PVC,并指定PVC与其他组件共享时的子路径。如果使用外部数据库,则该设置将被忽略 | Use the existing PVC which must be created manually before bound, and specify the subPath if the PVC is shared with other components. If external Redis is used, the setting will be ignored | |
| persistence.persistentVolumeClaim.redis.storageClass | 指定用于配置卷的存储类。否则将使用默认的StorageClass(默认)。将其设置为-以禁用动态配置。如果使用外部数据库,则该设置将被忽略 | Specify the storageClass used to provision the volume. Or the default StorageClass will be used(the default). Set it to - to disable dynamic provisioning. If external Redis is used, the setting will be ignored | |
| persistence.persistentVolumeClaim.redis.subPath | 指定用于配置卷的存储类。否则将使用默认的StorageClass(默认)。将其设置为-以禁用动态配置。如果使用外部数据库,则该设置将被忽略 | The sub path used in the volume. If external Redis is used, the setting will be ignored | |
| persistence.persistentVolumeClaim.redis.accessMode | 卷的访问模式。如果使用外部Redis,则该设置将被忽略 | The access mode of the volume. If external Redis is used, the setting will be ignored | ReadWriteOnce |
| persistence.persistentVolumeClaim.redis.size | 卷的大小。如果使用外部Redis,则该设置将被忽略 | The size of the volume. If external Redis is used, the setting will be ignored | 1Gi |
| persistence.persistentVolumeClaim.trivy.existingClaim | 使用必须在绑定之前手动创建的现有PVC,并指定PVC与其他组件共享时的子路径。 | Use the existing PVC which must be created manually before bound, and specify the subPath if the PVC is shared with other components. | |
| persistence.persistentVolumeClaim.trivy.storageClass | 指定用于配置卷的存储类。否则将使用默认的StorageClass(默认)。将其设置为-以禁用动态配置 | Specify the storageClass used to provision the volume. Or the default StorageClass will be used(the default). Set it to - to disable dynamic provisioning | |
| persistence.persistentVolumeClaim.trivy.subPath | 卷中使用的子路径 | The sub path used in the volume | |
| persistence.persistentVolumeClaim.trivy.accessMode | 卷的访问方式 | The access mode of the volume | ReadWriteOnce |
| persistence.persistentVolumeClaim.trivy.size | 卷的大小 | The size of the volume | 5Gi |
| persistence.imageChartStorage.disableredirect | 用于管理来自内容后端的重定向的配置。对于不支持的后端(例如将minio用作s3存储类型),请将其设置为true以禁用重定向。有关详细信息,请参阅指南 | The configuration for managing redirects from content backends. For backends which not supported it (such as using minio for s3 storage type), please set it to true to disable redirects. Refer to the guide for more information about the detail | FALSE |
| persistence.imageChartStorage.caBundleSecretName | 如果存储服务使用自签名证书,请指定caBundleSecretName。该机密必须包含名为ca.crt的密钥,该密钥将注入注册表和chartmuseum容器的信任存储中。 | Specify the caBundleSecretName if the storage service uses a self-signed certificate. The secret must contain keys named ca.crt which will be injected into the trust store of registry's and chartmuseum's containers. | |
| persistence.imageChartStorage.type | 图像和图表的存储类型:文件系统,azure,gcs,s3,swift或OSS。如果要为注册表和图表博物馆使用永久卷,则类型必须为文件系统。有关详细信息,请参阅指南 | The type of storage for images and charts: filesystem, azure, gcs, s3, swift or oss. The type must be filesystem if you want to use persistent volumes for registry and chartmuseum. Refer to the guide for more information about the detail | filesystem |
| General | |||
| externalURL | Harbor核心服务的外部URL | The external URL for Harbor core service | https://core.harbor.domain |
| caBundleSecretName | 自定义的ca bundle机密名称,该机密必须包含名为“ ca.crt”的密钥,该密钥将被注入到信任库中,以用于chartmuseum,core,jobservice,registry,trivy组件。 | The custom ca bundle secret name, the secret must contain key named "ca.crt" which will be injected into the trust store for chartmuseum, core, jobservice, registry, trivy components. | |
| uaaSecretName | 如果使用具有自签名证书的外部UAA身份验证,则可以在密钥ca.crt下提供包含该证书的预先创建的机密。 | If using external UAA auth which has a self signed cert, you can provide a pre-created secret containing it under the key ca.crt. | |
| imagePullPolicy | 图像拉动政策 | The image pull policy | |
| imagePullSecrets | 所有部署的imagePullSecrets名称 | The imagePullSecrets names for all deployments | |
| updateStrategy.type | 具有永久卷(jobservice,注册表和图表博物馆)的部署的更新策略:RollingUpdate或Recreate。在不支持卷的RWM时将其设置为Recreate | The update strategy for deployments with persistent volumes(jobservice, registry and chartmuseum): RollingUpdate or Recreate. Set it as Recreate when RWM for volumes isn't supported | RollingUpdate |
| logLevel | 日志级别:调试,信息,警告,错误或致命 | The log level: debug, info, warning, error or fatal | info |
| harborAdminPassword | Harbor admin的初始密码。启动Harbor后从门户网站更改它 | The initial password of Harbor admin. Change it from portal after launching Harbor | Harbor12345 |
| caSecretName | 机密名称,其中包含名为ca.crt的密钥。设置此选项可使门户网站上的下载链接在未自动生成证书时下载CA证书 | The name of the secret which contains key named ca.crt. Setting this enables the download link on portal to download the certificate of CA when the certificate isn't generated automatically | |
| secretKey | 用于加密的密钥。必须是16个字符的字符串 | The key used for encryption. Must be a string of 16 chars | not-a-secure-key |
| proxy.httpProxy | HTTP代理服务器的URL | The URL of the HTTP proxy server | |
| proxy.httpsProxy | HTTPS代理服务器的URL | The URL of the HTTPS proxy server | |
| proxy.noProxy | 代理设置不适用的URL | The URLs that the proxy settings not apply to | 127.0.0.1,localhost,.local,.internal |
| proxy.components | 代理设置适用的组件列表 | The component list that the proxy settings apply to | core, jobservice, trivy |
| Nginx (if expose the service via ingress, the Nginx will not be used) | |||
| nginx.image.repository | 图片库 | Image repository | goharbor/nginx-photon |
| nginx.image.tag | 图片标签 | Image tag | dev |
| nginx.replicas | 副本数 | The replica count | 1 |
| nginx.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| nginx.nodeSelector | 吊舱分配的节点标签 | Node labels for pod assignment | {} |
| nginx.tolerations | 吊舱分配公差 | Tolerations for pod assignment | [] |
| nginx.affinity | 节点/ Pod亲和力 | Node/Pod affinities | {} |
| nginx.podAnnotations | 添加到Nginx Pod的注释 | Annotations to add to the nginx pod | {} |
| Portal | |||
| portal.image.repository | 门户网站映像的存储库 | Repository for portal image | goharbor/harbor-portal |
| portal.image.tag | 门户图像的标签 | Tag for portal image | dev |
| portal.replicas | 副本数 | The replica count | 1 |
| portal.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| portal.nodeSelector | 吊舱分配的节点标签 | Node labels for pod assignment | {} |
| portal.tolerations | 吊舱分配公差 | Tolerations for pod assignment | [] |
| portal.affinity | 节点/ Pod亲和力 | Node/Pod affinities | {} |
| portal.podAnnotations | 要添加到门户窗格的注释 | Annotations to add to the portal pod | {} |
| Core | |||
| core.image.repository | Harbor核心映像的存储库 | Repository for Harbor core image | goharbor/harbor-core |
| core.image.tag | 海港核心形象的标签 | Tag for Harbor core image | dev |
| core.replicas | 副本数 | The replica count | 1 |
| core.startupProbe.initialDelaySeconds | 启动探针的初始延迟(以秒为单位) | The initial delay in seconds for the startup probe | 10 |
| core.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| core.nodeSelector | 吊舱分配的节点标签 | Node labels for pod assignment | {} |
| core.tolerations | 吊舱分配公差 | Tolerations for pod assignment | [] |
| core.affinity | 节点/ Pod亲和力 | Node/Pod affinities | {} |
| core.podAnnotations | 添加到核心吊舱的注释 | Annotations to add to the core pod | {} |
| core.secret | 当核心服务器与其他组件通信时,将使用秘密。如果未指定密钥,Helm将生成一个。必须是16个字符的字符串。 | Secret is used when core server communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
| core.secretName | 如果要使用自己的TLS证书和私钥进行令牌加密/解密,请填写kubernetes机密的名称。密钥必须包含名为:tls.crt的密钥-证书和名为tls.key的私钥。如果未设置,则将使用默认密钥对 | Fill the name of a kubernetes secret if you want to use your own TLS certificate and private key for token encryption/decryption. The secret must contain keys named: tls.crt - the certificate and tls.key - the private key. The default key pair will be used if it isn't set | |
| core.xsrfKey | XSRF密钥。如果未指定,将自动生成 | The XSRF key. Will be generated automatically if it isn't specified | |
| Jobservice | |||
| jobservice.image.repository | Jobservice映像的存储库 | Repository for jobservice image | goharbor/harbor-jobservice |
| jobservice.image.tag | Jobservice图片的标签 | Tag for jobservice image | dev |
| jobservice.replicas | 副本数 | The replica count | 1 |
| jobservice.maxJobWorkers | 最大工作工人 | The max job workers | 10 |
| jobservice.jobLogger | 作业记录器:文件,数据库或标准输出 | The logger for jobs: file, database or stdout | file |
| jobservice.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| jobservice.nodeSelector | 吊舱分配的节点标签 | Node labels for pod assignment | {} |
| jobservice.tolerations | 吊舱分配公差 | Tolerations for pod assignment | [] |
| jobservice.affinity | 节点/ Pod亲和力 | Node/Pod affinities | {} |
| jobservice.podAnnotations | 添加到jobservice pod的注释 | Annotations to add to the jobservice pod | {} |
| jobservice.secret | 当作业服务与其他组件进行通信时,将使用秘密。如果未指定密钥,Helm将生成一个。必须是16个字符的字符串。 | Secret is used when job service communicates with other components. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
| Registry | |||
| registry.registry.image.repository | 注册表映像的存储库 | Repository for registry image | goharbor/registry-photon |
| registry.registry.image.tag | 注册表映像的标记 | Tag for registry image | |
| registry.registry.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| registry.controller.image.repository | 注册表控制器映像的存储库 | Repository for registry controller image | goharbor/harbor-registryctl |
| registry.controller.image.tag | 注册表控制器映像的标记 | Tag for registry controller image | |
| registry.controller.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| registry.replicas | 副本数 | The replica count | 1 |
| registry.nodeSelector | 吊舱分配的节点标签 | Node labels for pod assignment | {} |
| registry.tolerations | 吊舱分配公差 | Tolerations for pod assignment | [] |
| registry.affinity | 节点/ Pod亲和力 | Node/Pod affinities | {} |
| registry.middleware | 中间件用于在后端存储和docker pull收件人之间添加对CDN的支持。请参阅官方文档。 | Middleware is used to add support for a CDN between backend storage and docker pull recipient. See official docs. | |
| registry.podAnnotations | 添加到注册表窗格的注释 | Annotations to add to the registry pod | {} |
| registry.secret | 机密用于保护客户端和注册表存储后端的上传状态。请参阅官方文档。如果未指定密钥,Helm将生成一个。必须是16个字符的字符串。 | Secret is used to secure the upload state from client and registry storage backend. See official docs. If a secret key is not specified, Helm will generate one. Must be a string of 16 chars. | |
| registry.credentials.username | 用于访问注册表实例的用户名,该用户名由htpasswd身份验证模式托管。详细信息请参见官方文档。 | The username for accessing the registry instance, which is hosted by htpasswd auth mode. More details see official docs. | harbor_registry_user |
| registry.credentials.password | 用于访问注册表实例的密码,该密码由htpasswd身份验证模式托管。详细信息请参见官方文档。建议您在安装之前更新此值。 | The password for accessing the registry instance, which is hosted by htpasswd auth mode. More details see official docs. It is suggested you update this value before installation. | harbor_registry_password |
| registry.credentials.htpasswd | htpasswd文件的内容基于registry.credentials.usernameregistry.credentials.password的值。当前,helm在模板脚本中不支持bcrypt,如果凭据已更新,则需要通过调用htpasswd手动生成:htpasswd -nbBC10 $ username $ password。有关更多详细信息,请参见Official_docs。 | The content of htpasswd file based on the value of registry.credentials.username registry.credentials.password. Currently helm does not support bcrypt in the template script, if the credential is updated you need to manually generated by calling htpasswd: htpasswd -nbBC10 $username $password. More details see official_docs. | harbor_registry_user:$2y$10$9L4Tc0DJbFFMB6RdSCunrOpTHdwhid4ktBJmLD00bYgqkkGOvll3m |
| registry.relativeurls | 如果为true,则注册表在Location标头中返回相对URL。客户端负责解析正确的URL。如果港口位于反向代理之后,则需要 | If true, the registry returns relative URLs in Location headers. The client is responsible for resolving the correct URL. Needed if harbor is behind a reverse proxy | FALSE |
| Chartmuseum | |||
| chartmuseum.enabled | 启用chartmusuem来存储图表 | Enable chartmusuem to store chart | TRUE |
| chartmuseum.absoluteUrl | 如果为true,ChartMuseum将返回绝对URL。默认行为是返回相对URL | If true, ChartMuseum will return absolute URLs. The default behavior is to return relative URLs | FALSE |
| chartmuseum.image.repository | Chartmuseum图像库 | Repository for chartmuseum image | goharbor/chartmuseum-photon |
| chartmuseum.image.tag | Chartmuseum图像的标签 | Tag for chartmuseum image | dev |
| chartmuseum.replicas | 副本数 | The replica count | 1 |
| chartmuseum.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| chartmuseum.nodeSelector | 吊舱分配的节点标签 | Node labels for pod assignment | {} |
| chartmuseum.tolerations | 吊舱分配公差 | Tolerations for pod assignment | [] |
| chartmuseum.affinity | 节点/ Pod亲和力 | Node/Pod affinities | {} |
| chartmuseum.podAnnotations | 添加到海图博物馆窗格的注释 | Annotations to add to the chart museum pod | {} |
| Trivy | |||
| trivy.enabled | 启用Trivy扫描器的标志 | The flag to enable Trivy scanner | TRUE |
| trivy.image.repository | Trivy适配器映像的存储库 | Repository for Trivy adapter image | goharbor/trivy-adapter-photon |
| trivy.image.tag | Trivy适配器映像的标记 | Tag for Trivy adapter image | dev |
| trivy.resources | 为Trivy适配器容器分配的资源 | The resources to allocate for Trivy adapter container | |
| trivy.replicas | Pod副本数 | The number of Pod replicas | 1 |
| trivy.debugMode | 启用Trivy调试模式的标志 | The flag to enable Trivy debug mode | FALSE |
| trivy.vulnType | 以逗号分隔的漏洞类型列表。可能的值os和库。 | Comma-separated list of vulnerability types. Possible values os and library. | os,library |
| trivy.severity | 以逗号分隔的要检查的严重性列表 | Comma-separated list of severities to be checked | UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL |
| trivy.ignoreUnfixed | 仅显示固定漏洞的标志 | The flag to display only fixed vulnerabilities | FALSE |
| trivy.insecure | 跳过验证注册表证书的标志 | The flag to skip verifying registry certificate | FALSE |
| trivy.skipUpdate | 禁止从GitHub下载Trivy DB的标志 | The flag to disable Trivy DB downloads from GitHub | FALSE |
| trivy.gitHubToken | 用于下载Trivy DB的GitHub访问令牌(请参阅GitHub速率限制) | The GitHub access token to download Trivy DB (see GitHub rate limiting) | |
| Notary | |||
| notary.enabled | 启用公证人? | Enable Notary? | TRUE |
| notary.server.image.repository | 公证服务器映像的存储库 | Repository for notary server image | goharbor/notary-server-photon |
| notary.server.image.tag | 公证服务器映像的标签 | Tag for notary server image | dev |
| notary.server.replicas | 副本数 | The replica count | |
| notary.server.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| notary.signer.image.repository | 公证签名人图像的存储库 | Repository for notary signer image | goharbor/notary-signer-photon |
| notary.signer.image.tag | 公证签名人图像的标签 | Tag for notary signer image | dev |
| notary.signer.replicas | 副本数 | The replica count | |
| notary.signer.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| notary.nodeSelector | 吊舱分配的节点标签 | Node labels for pod assignment | {} |
| notary.tolerations | 吊舱分配公差 | Tolerations for pod assignment | [] |
| notary.affinity | 节点/ Pod亲和力 | Node/Pod affinities | {} |
| notary.podAnnotations | 要添加到公证人窗格的注释 | Annotations to add to the notary pod | {} |
| notary.secretName | 如果要使用自己的TLS证书颁发机构,证书和私钥进行公证通信,请填写kubernetes机密的名称。密钥必须包含名为tls.ca,tls.crt和tls.key的密钥,其中包含CA,证书和私钥。如果未设置,将生成它们。 | Fill the name of a kubernetes secret if you want to use your own TLS certificate authority, certificate and private key for notary communications. The secret must contain keys named tls.ca, tls.crt and tls.key that contain the CA, certificate and private key. They will be generated if not set. | |
| Database | |||
| database.type | 如果使用外部数据库,请将其设置为 | If external database is used, set it to external | internal |
| database.internal.image.repository | 数据库映像的存储库 | Repository for database image | goharbor/harbor-db |
| database.internal.image.tag | 数据库图像标签 | Tag for database image | dev |
| database.internal.password | 数据库密码 | The password for database | changeit |
| database.internal.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| database.internal.nodeSelector | 吊舱分配的节点标签 | Node labels for pod assignment | {} |
| database.internal.tolerations | 吊舱分配公差 | Tolerations for pod assignment | [] |
| database.internal.affinity | 节点/ Pod亲和力 | Node/Pod affinities | {} |
| database.external.host | 外部数据库的主机名 | The hostname of external database | 192.168.0.1 |
| database.external.port | 外部数据库的端口 | The port of external database | 5432 |
| database.external.username | 外部数据库的用户名 | The username of external database | user |
| database.external.password | 外部数据库的密码 | The password of external database | password |
| database.external.coreDatabase | 核心服务使用的数据库 | The database used by core service | registry |
| database.external.notaryServerDatabase | 公证服务器使用的数据库 | The database used by Notary server | notary_server |
| database.external.notarySignerDatabase | 公证人使用的数据库 | The database used by Notary signer | notary_signer |
| database.external.sslmode | 外部数据库的连接方法(require,verify-full,verify-ca,disable) | Connection method of external database (require, verify-full, verify-ca, disable) | disable |
| database.maxIdleConns | 空闲连接池中的最大连接数。如果<= 0,则不保留任何空闲连接。 | The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained. | 50 |
| database.maxOpenConns | 与数据库的最大打开连接数。如果<= 0,则对o的数量没有限制 | The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections. | 100 |
| database.podAnnotations | 添加到数据库容器的注释 | Annotations to add to the database pod | {} |
| Redis | |||
| redis.type | 如果使用外部Redis,请将其设置为 | If external redis is used, set it to external | internal |
| redis.internal.image.repository | Redis映像的存储库 | Repository for redis image | goharbor/redis-photon |
| redis.internal.image.tag | Redis图片标签 | Tag for redis image | dev |
| redis.internal.resources | 分配给容器的资源 | The resources to allocate for container | undefined |
| redis.internal.nodeSelector | 吊舱分配的节点标签 | Node labels for pod assignment | {} |
| redis.internal.tolerations | 吊舱分配公差 | Tolerations for pod assignment | [] |
| redis.internal.affinity | 节点/ Pod亲和力 | Node/Pod affinities | {} |
| redis.external.addr | 外部Redis的地址:<host_redis>:<port_redis>。使用哨兵时,它应该是<host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3> | The addr of external Redis: <host_redis>:<port_redis>. When using sentinel, it should be <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3> | 192.168.0.2:6379 |
| redis.external.sentinelMasterSet | 要监视的Redis实例集的名称 | The name of the set of Redis instances to monitor | |
| redis.external.coreDatabaseIndex | 核心的数据库索引 | The database index for core | 0 |
| redis.external.jobserviceDatabaseIndex | jobservice的数据库索引 | The database index for jobservice | 1 |
| redis.external.registryDatabaseIndex | 注册表的数据库索引 | The database index for registry | 2 |
| redis.external.chartmuseumDatabaseIndex | Chartmuseum的数据库索引 | The database index for chartmuseum | 3 |
| redis.external.trivyAdapterIndex | Trivy适配器的数据库索引 | The database index for trivy adapter | 5 |
| redis.external.password | 外部Redis的密码 | The password of external Redis | |
| redis.podAnnotations | 添加到redis pod的注释 | Annotations to add to the redis pod | {} |
| Exporter | |||
| exporter.replicas | The replica count | 1个 | 1 | |
| exporter.podAnnotations | 添加到导出器窗格的注释 | Annotations to add to the exporter pod | {} |
| exporter.image.repository | Redis映像的存储库 | Repository for redis image | goharbor/harbor-exporter |
| exporter.image.tag | 出口商图片标签 | Tag for exporter image | dev |
| exporter.nodeSelector | 吊舱分配的节点标签 | Node labels for pod assignment | {} |
| exporter.tolerations | 吊舱分配公差 | Tolerations for pod assignment | [] |
| exporter.affinity | 节点/ Pod亲和力 | Node/Pod affinities | {} |
| exporter.cacheDuration | 出口商从港口收集的信息的缓存持续时间 | the cache duration for infomation that exporter collected from Harbor | 30 |
| exporter.cacheCleanInterval | 缓存清理间隔,以获取出口商从港口收集的信息 | cache clean interval for infomation that exporter collected from Harbor | 14400 |
| Metrics | |||
| metrics.enabled | 如果启用港口指标 | if enable harbor metrics | FALSE |
| metrics.core.path | 核心指标的网址路径 | the url path for core metrics | /metrics |
| metrics.core.port | 核心指标的端口 | the port for core metrics | 8001 |
| metrics.registry.path | 注册表指标的URL路径 | the url path for registry metrics | /metrics |
| metrics.registry.port | 注册表指标的端口 | the port for registry metrics | 8001 |
| metrics.exporter.path | 出口商指标的网址路径 | the url path for exporter metrics | /metrics |
| metrics.exporter.port | 出口商指标的端口 | the port for exporter metrics | 8001 |
扫一扫
1748
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
