diff --git a/README.md b/README.md index ec394b84a..bd54bb44e 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ The following items can be set via `--set` flag during installation or configure - **NodePort**: Exposes the service on each Node’s IP at a static port (the NodePort). You’ll be able to contact the NodePort service, from outside the cluster, by requesting `NodeIP:NodePort`. - **LoadBalancer**: Exposes the service externally using a cloud provider’s load balancer. +If your desired option to expose Harbor (e.g. Istio Gateway, AWS ALB) is not present you can set `expose.enabled` to false and expose Harbor manually with Kubernetes Manifests. + #### Configure the external URL The external URL for Harbor core service is used to: @@ -78,6 +80,7 @@ The following table lists the configurable parameters of the Harbor chart and th | Parameter | Description | Default | |-----------------------------------------------------------------------| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | | **Expose** | | | +| `expose.enabled` | Set to false if no `ingress`, `clusterIP`, `nodePort` or `loadBalancer` should be created or you plan to expose Harbor in a way not offered by this chart. | `true` | | `expose.type` | How to expose the service: `ingress`, `clusterIP`, `nodePort` or `loadBalancer`, other values will be ignored and the creation of service will be skipped. | `ingress` | | `expose.tls.enabled` | Enable TLS or not. Delete the `ssl-redirect` annotations in `expose.ingress.annotations` when TLS is disabled and `expose.type` is `ingress`. Note: if the `expose.type` is `ingress` and TLS is disabled, the port must be included in the command when pulling/pushing images. Refer to https://github.com/goharbor/harbor/issues/5291 for details. | `true` | | `expose.tls.certSource` | The source of the TLS certificate. Set as `auto`, `secret` or `none` and fill the information in the corresponding section: 1) auto: generate the TLS certificate automatically 2) secret: read the TLS certificate from the specified secret. The TLS certificate can be generated manually or by cert manager 3) none: configure no TLS certificate for the ingress. If the default TLS certificate is configured in the ingress controller, choose this option | `auto` | @@ -189,6 +192,7 @@ The following table lists the configurable parameters of the Harbor chart and th | `proxy.components` | The component list that the proxy settings apply to | core, jobservice, trivy | | `enableMigrateHelmHook` | Run the migration job via helm hook, if it is true, the database migration will be separated from harbor-core, run with a preupgrade job migration-job | `false` | | **Nginx** (if service exposed via `ingress`, Nginx will not be used) | | | +| `nginx.enabled` | Set to false if you plan to expose Harbor without nginx | `true` | | `nginx.image.repository` | Image repository | `goharbor/nginx-photon` | | `nginx.image.tag` | Image tag | `dev` | | `nginx.replicas` | The replica count | `1` | diff --git a/templates/ingress/ingress.yaml b/templates/ingress/ingress.yaml index f2314716e..0bb64a996 100644 --- a/templates/ingress/ingress.yaml +++ b/templates/ingress/ingress.yaml @@ -1,3 +1,4 @@ +{{- if .Values.expose.enabled }} {{- if eq .Values.expose.type "ingress" }} {{- $ingress := .Values.expose.ingress -}} {{- $tls := .Values.expose.tls -}} @@ -144,3 +145,5 @@ spec: {{- end }} {{- end }} + +{{- end }} \ No newline at end of file diff --git a/templates/nginx/deployment.yaml b/templates/nginx/deployment.yaml index 04faa3735..83c4e2993 100644 --- a/templates/nginx/deployment.yaml +++ b/templates/nginx/deployment.yaml @@ -1,4 +1,4 @@ -{{- if ne .Values.expose.type "ingress" }} +{{- if and (ne .Values.expose.type "ingress") .Values.nginx.enabled }} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/values.yaml b/values.yaml index c862337d0..356b1cf0f 100644 --- a/values.yaml +++ b/values.yaml @@ -1,4 +1,5 @@ expose: + enabled: true # Set how to expose the service. Set the type as "ingress", "clusterIP", "nodePort" or "loadBalancer" # and fill the information in the corresponding section type: ingress @@ -479,8 +480,9 @@ containerSecurityContext: drop: - ALL -# If service exposed via "ingress", the Nginx will not be used +# If service exposed via "ingress", or not enabled the Nginx will not be used nginx: + enabled: true image: repository: goharbor/nginx-photon tag: dev