sharenet/registry/harbor.yml

# Configuration file of Harbor

# The IP address or hostname to access admin UI and registry service.
# DO NOT use localhost or 127.0.0.1, because Harbor needs to be accessed by external clients.
hostname: YOUR_CI_CD_IP

# http related config
http:
  # port for http, default is 80. If https enabled, this port will redirect to https port
  port: 8080

# https related config
https:
  # https port for harbor, default is 443
  port: 8080
  # The path of cert and key files for nginx
  certificate: /etc/ssl/certs/registry.crt
  private_key: /etc/ssl/certs/registry.key

# Uncomment external_url if you want to enable external proxy
# And when it enabled the hostname will no longer used
# external_url: https://reg.mydomain.com:8433

# The initial password of Harbor admin
# Change it from default after updating for the first time
harbor_admin_password: Harbor12345

# Harbor DB configuration
database:
  # The password for the root user of Harbor DB. Change this before any production use.
  password: your-db-password
  # The maximum number of connections in the idle connection pool. If it <=0, no idle connections are retained.
  max_idle_conns: 50
  # The maximum number of open connections to the database. If it <= 0, then there is no limit on the number of open connections.
  # Note: the default number of connections is 100 for postgres.
  max_open_conns: 100

# The default data volume
data_volume: /data

# Harbor Storage settings by default is using /data as default volume.
# Uncomment storage_service setting If you want to using external storage.
# storage_service:
#   # ca_bundle is the path to the custom root ca certificate, which will be injected into the truststore
#   # of registry's and chart repository's containers.  This is usually needed when the user hosts a internal storage with self signed certificate.
#   ca_bundle:

#   # storage backend, default is filesystem, options include filesystem, azure, gcs, s3, swift and oss
#   # for more info about this configuration please refer https://docs.docker.com/registry/configuration/
#   filesystem:
#     maxthreads: 100
#   # set disable_cache to true want to disable cache of redis in registry
#   # set disable_cache to false want to enable cache of redis in registry
#   disable_cache: true

# Trivy configuration
trivy:
  # enabled the flag to enable Trivy scanner
  enabled: true
  # ignore update if the CVEs are already in the whitelist.  It only works when scanner is V1
  ignore_unfixed: false
  # skip update if the CVEs are already in the whitelist, It only works when scanner is V2
  skip_update: false
  # generate a scan report in the JSON format
  json_output: false
  # in online mode, Trivy will download the latest database from GitHub and scan it offline
  # in offline mode, if the database does not exist locally, Trivy will exit with an error
  offline_scan: false
  # insecure Skip tls certificate verification
  insecure: false
  # github_token the github access token to download Trivy DB (see https://github.com/settings/tokens)
  # This is required only when the GitHub rate limiting is exceeded
  github_token: ""

# Jobservice configuration
jobservice:
  # Maximum number of job workers in job service
  max_job_workers: 10

# Notification configuration
notification:
  # Maximum retry count for webhook job
  webhook_job_max_retry: 10

# Log configurations
log:
  # options are debug, info, warning, error, fatal
  level: info
  # configs for logs in local storage
  local:
    # Log files are rotated log_rotate_count times before being removed. If count is 0, old versions are removed rather than rotated.
    rotate_count: 50
    # Log files are rotated only if they grow bigger than log_rotate_size bytes. If size is followed by k, the size is assumed to be in kilobytes.
    # If the M is followed by M, the size is assumed to be in megabytes. If the G is followed by G, the size is assumed to be in gigabytes. So size 100, size 100k, size 100M and size 100G are all valid.
    rotate_size: 200M
    # The directory on your host that store log
    location: /var/log/harbor

  # Uncomment following lines to enable external syslog endpoint.
  # external_endpoint:
  #   # protocol used to transmit log to external endpoint, options is tcp or udp
  #   protocol: tcp
  #   # The host of external endpoint
  #   host: localhost
  #   # Port of external endpoint
  #   port: 5140

#This attribute is for migrator to detect the version of the .cfg file, DO NOT MODIFY!
_version: 2.10.0

# Uncomment external_database if using external database.
# external_database:
#   harbor:
#     host: harbor_db_host
#     port: harbor_db_port
#     db_name: harbor
#     username: user
#     password: password
#     ssl_mode: disable
#     max_idle_conns: 2
#     max_open_conns: 0
#   notary_signer:
#     host: notary_signer_db_host
#     port: notary_signer_db_port
#     db_name: notary_signer
#     username: user
#     password: password
#     ssl_mode: disable
#   notary_server:
#     host: notary_server_db_host
#     port: notary_server_db_port
#     db_name: notary_server
#     username: user
#     password: password
#     ssl_mode: disable

# Uncomment redis if using external Redis server
# redis:
#   host: redis_host
#   port: redis_port
#   password: redis_password
#   # db_index 0 is for core, it's unchangeable
#   registry_db_index: 1
#   jobservice_db_index: 2
#   chartmuseum_db_index: 3
#   trivy_db_index: 5
#   idle_timeout_seconds: 30

# Uncomment uaa for trusting the certificate of uaa instance that is hosted via self-signed cert.
# uaa:
#   ca_file: /path/to/ca

# Global proxy settings
# http_proxy:
# https_proxy:
# no_proxy:
#   - 127.0.0.1
#   - localhost
#   - core
#   - redis
#   - postgresql
#   - notary-db
#   - notary-signer
#   - clair
#   - trivy-adapter
#   - trivy
#   - chartmuseum
#   - jobservice
#   - registry
#   - portal
#   - log
#   - nginx

# metric:
#   enabled: false
#   port: 9090
#   path: /metrics