harbor job from harbor-container-registry/1.8.2
Github source:
6894bf5 or
master branch
Properties¶
admin_password¶
The initial password of Harbor admin, only works for the first time when Harbor starts
auth_mode¶
By default the auth mode is db_auth, i.e. the credentials are stored in a local database. Set it to ldap_auth if you want to verify a user’s credentials against an LDAP server.
- Default
db_auth
clair_updater_interval¶
The interval to run clair updater
- Default
12
customize_container_network¶
Specify the container network type
- Default
default
customize_crt¶
Determine whether or not to generate certificate for the registry’s token. If the value is on, the prepare script creates new root cert and private key for generating token to access the registry. If the value is off the default key/cert will be used. This flag also controls the creation of the notary signer’s cert.
- Default
"on"
db¶
host¶The address of the mysql database
- Default
port¶The port of mysql database host
- Default
user¶The user name of mysql database
- Default
db_password¶
The password for the root user of postgres db
default_address_pool_base1¶
The container address pool 1 base
default_address_pool_base2¶
The container address pool 2 base
default_address_pool_base3¶
The container address pool 3 base
default_address_pool_size1¶
The container address pool 1 size
default_address_pool_size2¶
The container address pool 2 size
default_address_pool_size3¶
The container address pool 3 size
enable_upgrade¶
Enable upgrading Harbor
- Default
true
hostname¶
The IP address or hostname to access admin UI and registry service
http_proxy¶
The http_proxy url for Clair
- Default
""
https_proxy¶
The https_proxy url for Clair
- Default
""
log_rotate_count¶
The max count of log files before rotated
- Default
10
log_rotate_size¶
The max size of single log file
- Default
100M
max_job_workers¶
Maximum number of job workers in job service
- Default
50
no_proxy¶
The no_proxy config for Clair
- Default
127.0.0.1,localhost,ui,registry
populate_etc_hosts¶
Whether to add IP to hostname mapping for Harbor instance in /etc/hosts.
- Default
false
project_creation_restriction¶
The flag to control what users have permission to create projects. The default value [everyone] allows everyone to creates a project. Set to [adminonly] so that only admin user can create project.
- Default
everyone
registry_storage_provider¶
azure¶
accountkey¶Azure storage account key.
- Default
accountname¶Azure storage account name.
- Default
container¶Azure storage container.
- Default
realm¶Azure storage realm.
- Default
config¶The comma separated ‘key: value’ pairs for configuring Docker Registry storage provider.
- Default
gcs¶
bucket¶The GCS bucket.
- Default
chunksize¶The GCS chunck size
- Default
keyfile¶The GCS key file path.
- Default
keyfile_content¶The text content of the GCS key file.
- Default
rootdirectory¶The GCS root directory.
- Default
name¶The name of Docker Registry storage provider.
- Default
nfs¶
mount_point¶The local mount point for remote NFS Server.
- Default
server_uri¶The URI of NFS Server, e.g. nfs_server_ip:/path/to/exported_directory .
redirect¶This allows to redirect to the docker storage location
- Default
s3¶
accesskey¶s3 storage access key.
- Default
bucket¶s3 storage bucket.
- Default
chunksize¶s3 storage chunk size.
- Default
region¶s3 storage region.
- Default
regionendpoint¶s3 storage region endpoint.
- Default
rootdirectory¶s3 storage root directory.
- Default
secretkey¶s3 storage secret key.
- Default
secure¶s3 storage secure.
- Default
trusted_certificates¶s3 storage trusted certificate.
- Default
v4auth¶s3 storage v4auth.
- Default
reload_config¶
Whether to reload all configurations in harbor.cfg
- Default
true
self_registration¶
Turn on or off the self-registration feature
- Default
"on"
ssl¶
ca¶The CA of the server
cert¶The certificate for server
key¶The certificate key for server
token_expiration¶
The expiration time (in minute) of token created by token service, default is 30 minutes
- Default
30
trusted_certificates¶
The opsmanager trusted certificates.
uaa¶
admin¶
client_id¶ID of UAA admin client
- Default
client_secret¶Secret of UAA admin client
- Default
ca_cert¶The root CA of UAA Server certificate.
- Default
client_id¶The client id for connecting to UAA Server.
- Default
client_secret¶The client secret for connecting to UAA Server.
- Default
url¶UAA Server URL
- Default
verify_cert¶Whether to verify UAA Server certificate.
- Default
ui_url_protocol¶
The protocol for accessing the UI and token/notification service, by default it is https
- Default
https
with_clair¶
An option to determine whether install the optional component Clair or not.
- Default
true
with_notary¶
An option to determine whether install the optional component Notary or not.
- Default
true
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/harbor/ directory
(learn more).
bin/ctl(frombin/ctl.erb.sh)bin/post-start(frombin/post-start.erb.sh)bin/pre-start(frombin/pre-start.erb.sh)bin/properties.sh(frombin/properties.erb.sh)bin/status_check(frombin/status_check.erb.sh)bin/uaa.sh(frombin/uaa.erb.sh)config/ca.crt(fromconfig/ca.crt)config/daemon.json(fromconfig/daemon.json)config/gcs_keyfile(fromconfig/gcs_keyfile)config/harbor.yml(fromconfig/harbor.yml)config/server.crt(fromconfig/server.crt)config/server.key(fromconfig/server.key)config/trusted_certificates.crt(fromconfig/trusted_certificates.crt)config/uaa.json(fromconfig/uaa.json.erb)config/uaa_ca.crt(fromconfig/uaa_ca.crt)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/ directory.