harbor job from harbor-container-registry/1.5.0
Github source:
8bdc83d or
master branch
Properties¶
admin_password¶
The initial password of Harbor admin, only works for the first time when Harbor starts
admiral_url¶
Admiral’s url, comment this attribute, or set its value to NA when Harbor is standalone
- Default
NA
auth_mode¶
By default the auth mode is db_auth, i.e. the credentials are stored in a local database. Set it to ldap_auth if you want to verify a user’s credentials against an LDAP server.
- Default
db_auth
clair_db_password¶
The password of the Clair’s postgres database, only effective when Harbor is deployed with Clair
customize_crt¶
Determine whether or not to generate certificate for the registry’s token. If the value is on, the prepare script creates new root cert and private key for generating token to access the registry. If the value is off the default key/cert will be used. This flag also controls the creation of the notary signer’s cert.
- Default
"on"
db¶
host¶The address of the mysql database
- Default
port¶The port of mysql database host
- Default
user¶The user name of mysql database
- Default
db_password¶
The password for the root user of mysql db
email¶
from¶Email address of the sender
identity¶Identity left blank to act as username
insecure¶Whether to verify the certificate of email server
- Default
password¶Password of email server
port¶Email server port
- Default
server¶Email server address
ssl¶If SSL is enabled
- Default
username¶Username of email server
enable_upgrade¶
Enable upgrading Harbor
- Default
true
hostname¶
The IP address or hostname to access admin UI and registry service
http_proxy¶
The http_proxy url for Clair
- Default
""
https_proxy¶
The https_proxy url for Clair
- Default
""
ldap¶
basedn¶The base DN from which to look up a user in LDAP/AD
- Default
filter¶Search filter for users in LDAP/AD, make sure the syntax of the filter is correct.
group_basedn¶The base DN from which to look up a group in LDAP/AD
- Default
group_filter¶Search filter for groups in LDAP/AD, make sure the syntax of the filter is correct.
- Default
group_gid¶The attribute used in a search to match a group, it could be cn, name or other attributes.
- Default
group_scope¶The scope to search for users: 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE
- Default
scope¶The scope to search for users: 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE
- Default
searchdn¶A user’s DN who has the permission to search the LDAP/AD server. If your LDAP/AD server does not support anonymous search, you should configure this DN and ldap.searchpwd.
searchpwd¶The password of the ldap.searchdn
timeout¶Timeout (in seconds) when connecting to an LDAP Server
- Default
uid¶The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes.
- Default
url¶The url for an ldap endpoint
- Default
verify_cert¶Verify SSL certificate of LDAP server
- Default
log_rotate_count¶
The max count of log files before rotated
- Default
10
log_rotate_size¶
The max size of single log file
- Default
100M
max_job_workers¶
Maximum number of job workers in job service
- Default
50
no_proxy¶
The no_proxy config for Clair
- Default
127.0.0.1,localhost,ui
populate_etc_hosts¶
Whether to add IP to hostname mapping for Harbor instance in /etc/hosts.
- Default
false
project_creation_restriction¶
The flag to control what users have permission to create projects. The default value [everyone] allows everyone to creates a project. Set to [adminonly] so that only admin user can create project.
- Default
everyone
registry_storage_provider¶
config¶The comma separated ‘key: value’ pairs for configuring Docker Registry storage provider.
- Default
gcs¶
keyfile_content¶The text content of the GCS key file.
- Default
name¶The name of Docker Registry storage provider.
- Default
nfs¶
mount_point¶The local mount point for remote NFS Server.
- Default
server_uri¶The URI of NFS Server, e.g. nfs_server_ip:/path/to/exported_directory .
reload_config¶
Whether to reload all configurations in harbor.cfg
- Default
true
self_registration¶
Turn on or off the self-registration feature
- Default
"on"
ssl¶
ca¶The CA of the server
cert¶The certificate for server
key¶The certificate key for server
token_expiration¶
The expiration time (in minute) of token created by token service, default is 30 minutes
- Default
30
uaa¶
admin¶
client_id¶ID of UAA admin client
- Default
client_secret¶Secret of UAA admin client
- Default
ca_cert¶The root CA of UAA Server certificate.
- Default
client_id¶The client id for connecting to UAA Server.
- Default
client_secret¶The client secret for connecting to UAA Server.
- Default
url¶UAA Server URL
- Default
verify_cert¶Whether to verify UAA Server certificate.
- Default
ui_url_protocol¶
The protocol for accessing the UI and token/notification service, by default it is https
- Default
https
with_clair¶
An option to determine whether install the optional component Clair or not.
- Default
true
with_notary¶
An option to determine whether install the optional component Notary or not.
- Default
true
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/harbor/ directory
(learn more).
bin/ctl(frombin/ctl.erb)bin/pre-start(frombin/pre-start.erb)bin/properties.sh(frombin/properties.sh.erb)bin/status_check(frombin/status_check.erb)bin/uaa.sh(frombin/uaa.sh.erb)config/ca.crt(fromconfig/ca.crt)config/gcs_keyfile(fromconfig/gcs_keyfile)config/harbor.cfg(fromconfig/harbor.cfg)config/server.crt(fromconfig/server.crt)config/server.key(fromconfig/server.key)config/uaa.json(fromconfig/uaa.json.erb)config/uaa_ca.crt(fromconfig/uaa_ca.crt)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/ directory.