forked from easzlab/kubeasz
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
升级harbor版本到1.5.1,调整安装路径为/data/harbor,修复安装解压问题
- Loading branch information
Showing
3 changed files
with
107 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,7 @@ | ||
## Configuration file of Harbor | ||
|
||
#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY! | ||
_version = 1.5.0 | ||
#The IP address or hostname to access admin UI and registry service. | ||
#DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients. | ||
hostname = {{ NODE_IP }} | ||
|
@@ -8,11 +10,8 @@ hostname = {{ NODE_IP }} | |
#It can be set to https if ssl is enabled on nginx. | ||
ui_url_protocol = https | ||
|
||
#The password for the root user of mysql db, change this before any production use. | ||
db_password = Harbor12345 | ||
|
||
#Maximum number of job workers in job service | ||
max_job_workers = 3 | ||
max_job_workers = 50 | ||
|
||
#Determine whether or not to generate certificate for the registry's token. | ||
#If the value is on, the prepare script creates new root cert and private key | ||
|
@@ -30,9 +29,18 @@ secretkey_path = /data | |
#Admiral's url, comment this attribute, or set its value to NA when Harbor is standalone | ||
admiral_url = NA | ||
|
||
#The password of the Clair's postgres database, only effective when Harbor is deployed with Clair. | ||
#Please update it before deployment, subsequent update will cause Clair's API server and Harbor unable to access Clair's database. | ||
clair_db_password = password | ||
#Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated. | ||
log_rotate_count = 50 | ||
#Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes. | ||
#If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G | ||
#are all valid. | ||
log_rotate_size = 200M | ||
|
||
#Config http proxy for Clair, e.g. http://my.proxy.com:3128 | ||
#Clair doesn't need to connect to harbor ui container via http proxy. | ||
http_proxy = | ||
https_proxy = | ||
no_proxy = 127.0.0.1,localhost,ui | ||
|
||
#NOTES: The properties between BEGIN INITIAL PROPERTIES and END INITIAL PROPERTIES | ||
#only take effect in the first boot, the subsequent changes of these properties | ||
|
@@ -52,6 +60,7 @@ email_username = [email protected] | |
email_password = abc | ||
email_from = admin <sample[email protected]> | ||
email_ssl = false | ||
email_insecure = false | ||
|
||
##The initial password of Harbor admin, only works for the first time when Harbor starts. | ||
#It has no effect after the first launch of Harbor. | ||
|
@@ -81,12 +90,27 @@ ldap_basedn = ou=people,dc=mydomain,dc=com | |
# The attribute used in a search to match a user, it could be uid, cn, email, sAMAccountName or other attributes depending on your LDAP/AD | ||
ldap_uid = uid | ||
|
||
#the scope to search for users, 1-LDAP_SCOPE_BASE, 2-LDAP_SCOPE_ONELEVEL, 3-LDAP_SCOPE_SUBTREE | ||
ldap_scope = 3 | ||
#the scope to search for users, 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE | ||
ldap_scope = 2 | ||
|
||
#Timeout (in seconds) when connecting to an LDAP Server. The default value (and most reasonable) is 5 seconds. | ||
ldap_timeout = 5 | ||
|
||
#Verify certificate from LDAP server | ||
ldap_verify_cert = true | ||
|
||
#The base dn from which to lookup a group in LDAP/AD | ||
ldap_group_basedn = ou=group,dc=mydomain,dc=com | ||
|
||
#filter to search LDAP/AD group | ||
ldap_group_filter = objectclass=group | ||
|
||
#The attribute used to name a LDAP/AD group, it could be cn, name | ||
ldap_group_gid = cn | ||
|
||
#The scope to search for ldap groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE | ||
ldap_group_scope = 2 | ||
|
||
#Turn on or off the self-registration feature | ||
self_registration = on | ||
|
||
|
@@ -98,9 +122,60 @@ token_expiration = 30 | |
#Set to "adminonly" so that only admin user can create project. | ||
project_creation_restriction = everyone | ||
|
||
#Determine whether the job service should verify the ssl cert when it connects to a remote registry. | ||
#Set this flag to off when the remote registry uses a self-signed or untrusted certificate. | ||
verify_remote_cert = on | ||
#************************END INITIAL PROPERTIES************************ | ||
############# | ||
|
||
#######Harbor DB configuration section####### | ||
|
||
#The address of the Harbor database. Only need to change when using external db. | ||
db_host = mysql | ||
|
||
#The password for the root user of Harbor DB. Change this before any production use. | ||
db_password = root123 | ||
|
||
#The port of Harbor database host | ||
db_port = 3306 | ||
|
||
#The user name of Harbor database | ||
db_user = root | ||
|
||
##### End of Harbor DB configuration####### | ||
|
||
#The redis server address. Only needed in HA installation. | ||
#address:port[,weight,password,db_index] | ||
redis_url = redis:6379 | ||
|
||
##########Clair DB configuration############ | ||
|
||
#Clair DB host address. Only change it when using an exteral DB. | ||
clair_db_host = postgres | ||
|
||
#The password of the Clair's postgres database. Only effective when Harbor is deployed with Clair. | ||
#Please update it before deployment. Subsequent update will cause Clair's API server and Harbor unable to access Clair's database. | ||
clair_db_password = password | ||
|
||
#Clair DB connect port | ||
clair_db_port = 5432 | ||
|
||
#Clair DB username | ||
clair_db_username = postgres | ||
|
||
#Clair default database | ||
clair_db = postgres | ||
|
||
##########End of Clair DB configuration############ | ||
|
||
#The following attributes only need to be set when auth mode is uaa_auth | ||
uaa_endpoint = uaa.mydomain.org | ||
uaa_clientid = id | ||
uaa_clientsecret = secret | ||
uaa_verify_cert = true | ||
uaa_ca_cert = /path/to/ca.pem | ||
|
||
|
||
### Docker Registry setting ### | ||
#registry_storage_provider can be: filesystem, s3, gcs, azure, etc. | ||
registry_storage_provider_name = filesystem | ||
#registry_storage_provider_config is a comma separated "key: value" pairs, e.g. "key1: value, key2: value2". | ||
#Refer to https://docs.docker.com/registry/configuration/#storage for all available configuration. | ||
registry_storage_provider_config = | ||
|