The table below highlights the required fields for the Harbor data values file.
| Property | Value | Description |
|---|---|---|
| hostname | FQDN | The FQDN that you have designated to access the Harbor UI and for referencing the registry in client applications. The domain should be configured in an external DNS server such that it resolves to the Envoy Service IP created by Contour or the External IP of the LoadBalancer Service, depending on the "enableNginxLoadBalancer" and "enableContourHttpProxy" settings. |
| tlsCertificate.tlsSecretLabels | {"managed-by": "vmware-vRegistry"} | The certificate that vSphere Kubernetes Service uses to install the Harbor CA as a trusted root on vSphere Kubernetes Service clusters. |
| persistence.persistentVolumeClaim.registry.storageClass | A storage policy name. | A storage class that is used for the Harbor registry PVCs. |
| persistence.persistentVolumeClaim.jobservice.jobLog.storageClass | A storage policy name. | A storage class that is used for the Harbor jobservice PVCs. |
| persistence.persistentVolumeClaim.database.storageClass | A storage policy name. | A storage class that is used for the Harbor database PVCs. |
| persistence.persistentVolumeClaim.redis.storageClass | A storage policy name. | A storage class that is used for the Harbor Redis PVCs. |
| persistence.persistentVolumeClaim.trivy.storageClass | A storage policy name. | A storage class that is used for Harbor trivy PVCs. |
| enableNginxLoadBalancer | true or false | Use a K8s Service of type LoadBalancer to expose Harbor's endpoints when it's set to true. This requires a Supervisor to be configured with a load balancer. enableNginxLoadBalancer and enableContourHttpProxy can't be true at the same time. When they are both set to false, an Ingress will be created to expose Harbor's endpoints. |
| enableContourHttpProxy | true or false | Use Contour's httpproxy resources to expose Harbor's endpoint when it's set to true. Ensure enableNginxLoadBalancer and enableContourHttpProxy are not both set to true. |
| createNetworkPolicy | true or false | Create a networkpolicy to allow inbound connection to Harbor's pods when it's set to true. This must be set to true when Harbor is exposed via Contour in NSXT network. |