# ==================================
# 1. 基础暴露配置 (ClusterIP + HTTPRoute)
# ==================================
expose:
type: clusterIP
tls:
enabled: false # 由外部 Gateway/HTTPRoute 处理 TLS
externalURL: https://harbor.infraserviceonline.com
# ==================================
# 2. 外部数据库 (PostgreSQL RW 节点)
# ==================================
database:
type: external
external:
host: "pg-test-rw.postgresql.svc.cluster.local"
port: 5432
username: "harbor"
password: "Rg3lub2dtE"
coreDatabase: "registry"
sslmode: "disable"
# ==================================
# 3. 外部 Redis (Valkey Master)
# ==================================
redis:
type: external
external:
# 指向 Master Pod 的 Headless 域名,比 IP 稳定
addr: "valkey-0.valkey-headless.valkey-replica.svc.cluster.local:6379"
sentinelMasterSet: ""
coreDatabaseIndex: "0"
jobserviceDatabaseIndex: "1"
registryDatabaseIndex: "2"
trivyAdapterIndex: "5"
password: "" # Valkey 无密码
# ==================================
# 4. 持久化存储 (S3 镜像存储 + Rook-Ceph 块存储)
# ==================================
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: "-" # 镜像存S3,这里必须写"-"符号
jobservice:
jobLog: # <--- 必须加这一层
storageClass: "rook-ceph-block"
accessMode: ReadWriteOnce
size: 1Gi
trivy: # <--- Trivy 在 PVC 下也是独立节点
storageClass: "rook-ceph-block"
accessMode: ReadWriteOnce
size: 5Gi
imageChartStorage:
disableredirect: true
type: s3
s3:
region: us-east-1
bucket: ceph-bkt-aad0791f-76df-43d3-9313-cca489d46ead
accesskey: "5XQ8OBGZWG8MNO6M52Y2"
secretkey: "3negGAxSrskJ0OediH3osHLEAhs36AAoE8sD9nRt"
# 【必须修正】:指向正确的 RGW Service 地址
regionendpoint: http://rook-ceph-rgw-s3-store.rook-ceph.svc
v4auth: true
storageclass: STANDARD
# ==================================
# 5. 监控配置 (Metrics & ServiceMonitor)
# ==================================
metrics:
enabled: true
core:
path: /metrics
port: 8001
registry:
path: /metrics
port: 8001
jobservice:
path: /metrics
port: 8001
exporter:
path: /metrics
port: 8001
## Create prometheus serviceMonitor to scrape harbor metrics.
## This requires the monitoring.coreos.com/v1 CRD. Please see
## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md
##
serviceMonitor:
enabled: true
# ==================================
# 6. 组件调度与高可用配置
# ==================================
# 定义通用的亲和性和容忍度补丁
# 注意:Harbor Chart 需要在每个组件下分别定义
harborAdminPassword: "admin@123"
logLevel: info
# 代理组件 (内部 Nginx,必须保留)
proxy:
replicas: 1
nodeAffinity: &nodeAffinity
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: ceph-rbd-plug
operator: In
values: ["enabled"]
tolerations: &tolerations
- key: "ceph-taint"
operator: "Equal"
value: "osd"
effect: "NoSchedule"
# 核心业务组件
core:
replicas: 1
affinity:
nodeAffinity: *nodeAffinity
tolerations: *tolerations
# 任务调度组件
jobservice:
replicas: 1
affinity:
nodeAffinity: *nodeAffinity
tolerations: *tolerations
# 镜像仓库组件
registry:
replicas: 1
affinity:
nodeAffinity: *nodeAffinity
tolerations: *tolerations
# 前端组件
portal:
replicas: 1
affinity:
nodeAffinity: *nodeAffinity
tolerations: *tolerations
# 漏洞扫描组件
trivy:
replicas: 1
affinity:
nodeAffinity: *nodeAffinity
tolerations: *tolerations
ipFamily:
ipv6:
enabled: false # 彻底禁用所有组件(proxy, portal)的 IPv6 监听
ipv4:
enabled: true
updateStrategy:
type: Recreate