upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor synced 2025-04-19 17:33:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4519 from lucaim/master

Browse Source 
Adding LDAP authentication to helm chart
This commit is contained in:
Jesse Hu 2018-03-29 11:53:15 +08:00 committed by GitHub
commit 7c866511f0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
contrib/helm/harbor/README.md
View File

@ -109,7 +109,17 @@ The following tables lists the configurable parameters of the Harbor chart and t
| `adminserver.emailIdentity` | | "" | | `adminserver.emailIdentity` | | "" |
| `adminserver.key` | adminsever key | `not-a-secure-key` | | `adminserver.key` | adminsever key | `not-a-secure-key` |
| `adminserver.emailPwd` | password for email | `not-a-secure-password` | | `adminserver.emailPwd` | password for email | `not-a-secure-password` |
| `adminserver.harborAdminPassword` | password for admin user | `Harbor12345` | | `adminserver.adminPassword` | password for admin user | `Harbor12345` |
| `adminserver.authenticationMode` | authentication mode for Harbor ( `db_auth` for local database, `ldap_auth` for LDAP, etc...) [Docs](https://github.com/vmware/harbor/blob/master/docs/user_guide.md#user-account) | `db_auth` |
| `adminserver.selfRegistration` | Allows users to register by themselves, otherwise only administrators can add users | `on` |
| `adminserver.ldap.url` | LDAP server URL for `ldap_auth` authentication | `ldaps://ldapserver` |
| `adminserver.ldap.searchDN` | LDAP Search DN | `` |
| `adminserver.ldap.baseDN` | LDAP Base DN | `` |
| `adminserver.ldap.filter` | LDAP Filter | `(objectClass=person)` |
| `adminserver.ldap.uid` | LDAP UID | `uid` |
| `adminserver.ldap.scope` | LDAP Scope | `2` |
| `adminserver.ldap.timeout` | LDAP Timeout | `5` |
| `adminserver.ldap.verifyCert` | LDAP Verify HTTPS Certificate | `True` |
| `adminserver.resources` | [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) to allocate for container | undefined | | `adminserver.resources` | [resources](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/) to allocate for container | undefined |
| `adminserver.volumes` | used to create PVCs if persistence is enabled (see instructions in values.yaml) | see values.yaml | | `adminserver.volumes` | used to create PVCs if persistence is enabled (see instructions in values.yaml) | see values.yaml |
| **Jobservice** | | **Jobservice** |

21
contrib/helm/harbor/templates/adminserver/adminserver-cm.yaml
View File

@ -29,17 +29,16 @@ data:
WITH_NOTARY: "{{ .Values.notary.enabled }}" WITH_NOTARY: "{{ .Values.notary.enabled }}"
LOG_LEVEL: "info" LOG_LEVEL: "info"
IMAGE_STORE_PATH: "/" # This is a temporary hack. IMAGE_STORE_PATH: "/" # This is a temporary hack.
AUTH_MODE: "db_auth" AUTH_MODE: "{{ .Values.adminserver.authenticationMode }}"
SELF_REGISTRATION: "on" SELF_REGISTRATION: "{{ .Values.adminserver.selfRegistration }}"
LDAP_URL: "ldaps://ldapserver" LDAP_URL: "{{ .Values.adminserver.ldap.url }}"
LDAP_SEARCH_DN: "" LDAP_SEARCH_DN: "{{ .Values.adminserver.ldap.searchDN }}"
LDAP_BASE_DN: "" LDAP_BASE_DN: "{{ .Values.adminserver.ldap.baseDN }}"
LDAP_FILTER: "(objectClass=person)" LDAP_FILTER: "{{ .Values.adminserver.ldap.filter }}"
LDAP_UID: "uid" LDAP_UID: "{{ .Values.adminserver.ldap.uid }}"
LDAP_SCOPE: "2" LDAP_SCOPE: "{{ .Values.adminserver.ldap.scope }}"
LDAP_TIMEOUT: "5" LDAP_TIMEOUT: "{{ .Values.adminserver.ldap.timeout }}"
LDAP_TIMEOUT: "5" LDAP_VERIFY_CERT: "{{ .Values.adminserver.ldap.verifyCert }}"
LDAP_VERIFY_CERT: "True"
DATABASE_TYPE: "mysql" DATABASE_TYPE: "mysql"
PROJECT_CREATION_RESTRICTION: "everyone" PROJECT_CREATION_RESTRICTION: "everyone"
VERIFY_REMOTE_CERT: "off" VERIFY_REMOTE_CERT: "off"

2
contrib/helm/harbor/templates/adminserver/adminserver-secrets.yaml
View File

@ -9,7 +9,7 @@ type: Opaque
data: data:
secretKey: {{ .Values.secretKey | b64enc | quote }} secretKey: {{ .Values.secretKey | b64enc | quote }}
EMAIL_PWD: {{ .Values.adminserver.emailPwd | b64enc | quote }} EMAIL_PWD: {{ .Values.adminserver.emailPwd | b64enc | quote }}
HARBOR_ADMIN_PASSWORD: {{ .Values.adminserver.harborAdminPassword | b64enc | quote }} HARBOR_ADMIN_PASSWORD: {{ .Values.adminserver.adminPassword | b64enc | quote }}
MYSQL_PWD: {{ .Values.mysql.pass | b64enc | quote }} MYSQL_PWD: {{ .Values.mysql.pass | b64enc | quote }}
JOBSERVICE_SECRET: {{ .Values.jobservice.secret | b64enc | quote }} JOBSERVICE_SECRET: {{ .Values.jobservice.secret | b64enc | quote }}
UI_SECRET: {{ .Values.ui.secret | b64enc | quote }} UI_SECRET: {{ .Values.ui.secret | b64enc | quote }}

13
contrib/helm/harbor/values.yaml
View File

@ -65,7 +65,18 @@ adminserver:
emailIdentity: "" emailIdentity: ""
emailInsecure: "False" emailInsecure: "False"
emailPwd: not-a-secure-password emailPwd: not-a-secure-password
harborAdminPassword: Harbor12345 adminPassword: Harbor12345
authenticationMode: "db_auth"
selfRegistration: "on"
ldap:
url: "ldaps://ldapserver"
searchDN: ""
baseDN: ""
filter: "(objectClass=person)"
uid: "uid"
scope: "2"
timeout: "5"
verifyCert: "True"
## Persist data to a persistent volume ## Persist data to a persistent volume
volumes: volumes:
config: config: