apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: name: harbor.tanzu.vmware.com.2.8.2+vmware.2-tkg.1 spec: refName: harbor.tanzu.vmware.com version: 2.8.2+vmware.2-tkg.1 releasedAt: "2023-06-08T10:18:00Z" releaseNotes: harbor 2.8.2 https://github.com/goharbor/harbor/releases/tag/v2.8.2 licenses: - 'VMware''s End User License Agreement (Underlying OSS license: Apache License 2.0)' valuesSchema: openAPIv3: title: harbor.tanzu.vmware.com.2.8.2+vmware.2-tkg.1 values schema required: - harborAdminPassword - secretKey properties: namespace: type: string description: The namespace to install Harbor. default: tanzu-system-registry hostname: type: string description: The FQDN for accessing Harbor admin UI and Registry service. default: harbor.yourdomain.com port: type: object description: Port related configuration. properties: https: type: integer description: The network port of the Envoy service in Contour or other Ingress Controller. default: 443 logLevel: type: string description: The log level of core, exporter, jobservice, registry. default: info enum: - debug - info - warning - error - fatal tlsCertificate: type: object description: The tls certificate for the harbor FQDN. required: - tls.crt - tls.key - ca.crt properties: tls.crt: type: string description: The certificate. Note that tls.crt is a key and not nested. tls.key: type: string description: The private key. Note that tls.key is a key and not nested. ca.crt: type: string description: The certificate of CA, this enables the download, link on portal to download the certificate of CA. Note that ca.crt is a key and not nested. tlsSecretLabels: type: object description: the labels you want to add for the harbor-tls secret generated by the tlsCertificate tlsCertificateSecretName: type: string description: The name of the secret if you want to use your own TLS certificate for harbor FQDN, which contains keys named "tls.crt" and "tls.key". enableContourHttpProxy: type: boolean description: Use contour http proxy instead of the ingress when it's true. default: true contourHttpProxy: type: object description: The timeout policy configuration for httpproxy. properties: timeout: type: string description: Timeout for receiving a response from the server after processing a request from client. idleTimeout: type: string description: Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2). harborAdminPassword: type: string description: The initial password of Harbor admin. secretKey: type: string description: The secret key used for encryption. Must be a string of 16 chars. database: type: object description: Database component related configuration. required: - password properties: password: type: string description: The initial password of the postgres database. shmSizeLimit: type: integer description: The initial value of shmSizeLimit maxIdleConns: type: integer description: The initial value of maxIdleConns maxOpenConns: type: integer description: The initial value of maxOpenConns exporter: type: object description: The configuration related to exporter. properties: cacheDuration: type: integer description: The initial value of cacheDuration. core: type: object description: Core component related configuration. required: - secret - xsrfKey properties: replicas: type: integer description: The replicas for the core component. default: 1 secret: type: string description: Secret is used when core server communicates with other components. xsrfKey: type: string description: The XSRF key. Must be a string of 32 chars. jobservice: type: object description: Jobservice component related configuration. required: - secret properties: replicas: type: integer description: The replicas for the jobservice component. default: 1 secret: type: string description: Secret is used when job service communicates with other components. registry: type: object description: Registry component related configuration. required: - secret properties: replicas: type: integer description: The replicas for the registry component. default: 1 secret: type: string description: Secret is used to secure the upload state from client and registry storage backend. notary: type: object description: Notary component related configuration. properties: enabled: type: boolean description: Whether to install Notary default: true trivy: type: object description: Trivy component related configuration. properties: enabled: type: boolean description: Whether to install Trivy scanner. default: true replicas: type: integer description: The replicas for the trivy component. default: 1 gitHubToken: type: string description: the GitHub access token to download Trivy DB. default: "" skipUpdate: type: boolean description: The flag to disable Trivy DB downloads from GitHub. default: false offlineScan: type: boolean description: The offlineScan option prevents Trivy from sending API requests to identify dependencies. default: false timeout: type: string description: The timeout set for trivy scanner, it should be a number followed by a letter like "h", "m", "s", or "ms", i.e. 1h, 5m, 60s, 1000ms. default: "" persistence: type: object description: |- The persistence is always enabled and a default StorageClass is needed in the k8s cluster to provision volumes dynamically. Specify another StorageClass in the "storageClass" or set "existingClaim" if you have already existing persistent volumes to use For storing images and charts, you can also use "azure", "gcs", "s3", "swift" or "oss". Set it in the "imageChartStorage" section properties: persistentVolumeClaim: type: object description: PersistentVolumeClaim related configuration. properties: registry: type: object description: PersistentVolumeClaim related configuration for registry component. properties: existingClaim: type: string description: |- Use the existing PVC which must be created manually before bound, and specify the "subPath" if the PVC is shared with other components default: "" storageClass: type: string description: |- Specify the "storageClass" used to provision the volume. Or the default StorageClass will be used(the default). Set it to "-" to disable dynamic provisioning default: "" subPath: type: string description: The "subPath" if the PVC is shared with other components. default: "" accessMode: type: string description: Access mode of the PVC. default: ReadWriteOnce size: type: string description: Size of the PVC. default: 10Gi jobservice: type: object description: PersistentVolumeClaim related configuration for jobservice component. properties: jobLog: type: object description: PersistentVolumeClaim for jobservice log properties: existingClaim: type: string description: |- Use the existing PVC which must be created manually before bound, and specify the "subPath" if the PVC is shared with other components default: "" storageClass: type: string description: |- Specify the "storageClass" used to provision the volume. Or the default StorageClass will be used(the default). Set it to "-" to disable dynamic provisioning default: "" subPath: type: string description: The "subPath" if the PVC is shared with other components. default: "" accessMode: type: string description: Access mode of the PVC. default: ReadWriteOnce size: type: string description: Size of the PVC. default: 1Gi database: type: object description: PersistentVolumeClaim related configuration for database component. properties: existingClaim: type: string description: |- Use the existing PVC which must be created manually before bound, and specify the "subPath" if the PVC is shared with other components default: "" storageClass: type: string description: |- Specify the "storageClass" used to provision the volume. Or the default StorageClass will be used(the default). Set it to "-" to disable dynamic provisioning default: "" subPath: type: string description: The "subPath" if the PVC is shared with other components. default: "" accessMode: type: string description: Access mode of the PVC. default: ReadWriteOnce size: type: string description: Size of the PVC. default: 1Gi redis: type: object description: PersistentVolumeClaim related configuration for redis component. properties: existingClaim: type: string description: |- Use the existing PVC which must be created manually before bound, and specify the "subPath" if the PVC is shared with other components default: "" storageClass: type: string description: |- Specify the "storageClass" used to provision the volume. Or the default StorageClass will be used(the default). Set it to "-" to disable dynamic provisioning default: "" subPath: type: string description: The "subPath" if the PVC is shared with other components. default: "" accessMode: type: string description: Access mode of the PVC. default: ReadWriteOnce size: type: string description: Size of the PVC. default: 1Gi trivy: type: object description: PersistentVolumeClaim related configuration for redis component. properties: existingClaim: type: string description: |- Use the existing PVC which must be created manually before bound, and specify the "subPath" if the PVC is shared with other components default: "" storageClass: type: string description: |- Specify the "storageClass" used to provision the volume. Or the default StorageClass will be used(the default). Set it to "-" to disable dynamic provisioning default: "" subPath: type: string description: The "subPath" if the PVC is shared with other components. default: "" accessMode: type: string description: Access mode of the PVC. default: ReadWriteOnce size: type: string description: Size of the PVC. default: 5Gi imageChartStorage: type: object description: |- Define which storage backend is used for registry and chartmuseum to store images and charts. Refer to https://github.com/docker/distribution/blob/master/docs/configuration.md#storage for the detail. properties: disableredirect: type: boolean description: |- Specify whether to disable `redirect` for images and chart storage, for backends which not supported it (such as using minio for `s3` storage type), please disable it. To disable redirects, simply set `disableredirect` to `true` instead. Refer to https://github.com/docker/distribution/blob/master/docs/configuration.md#redirect for the detail. default: false type: type: string description: |- Specify the type of storage: "filesystem", "azure", "gcs", "s3", "swift", "oss" and fill the information needed in the corresponding section. The type must be "filesystem" if you want to use persistent volumes for registry and chartmuseum default: filesystem filesystem: type: object description: Filesystem storage related configuration. properties: rootdirectory: type: string description: The rootdirectory in filesystem. default: /storage azure: type: object description: Azure storage related configuration. required: - accountname - accountkey - container properties: accountname: type: string description: Account name of azure storage. default: accountname accountkey: type: string description: Account key of azure storage. default: base64encodedaccountkey container: type: string description: Container name of azure storage. default: containername realm: type: string description: Realm for azure storage. default: core.windows.net gcs: type: object required: - bucket - encodedkey properties: bucket: type: string description: Bucket name of gcs. default: bucketname encodedkey: type: string description: The base64 encoded json file which contains the key default: base64-encoded-json-key-file rootdirectory: type: string description: The rootdirectory in gcs. default: null chunksize: type: integer description: Check size for gcs. default: 5242880 s3: type: object required: - region - bucket properties: region: type: string description: Region of s3. default: us-west-1 bucket: type: string description: Bucket name of s3. default: bucketname accesskey: type: string description: Access key of s3. default: null secretkey: type: string description: Secret key of s3. default: null regionendpoint: type: string description: Region endpoint of s3, eg http://myobjects.local default: null encrypt: type: boolean description: Encrypt for s3. default: false keyid: type: string description: Keyid of s3. default: null secure: type: boolean description: Secure for s3. default: true skipverify: type: boolean description: skipverify for s3. default: false v4auth: type: boolean description: Use v4auth for s3 when it's true. default: true chunksize: type: integer description: Check size for s3. default: null rootdirectory: type: string description: The rootdirectory in s3. default: null storageclass: type: string description: Storage class of s3. default: STANDARD multipartcopychunksize: type: integer description: multi part copy chunk size of s3. default: null multipartcopymaxconcurrency: type: integer description: multi part copy max concurrency of s3. default: null multipartcopythresholdsize: type: integer description: multi part copy threshold size of s3. default: null swift: type: object description: Swift storage related configuration. required: - authurl - username - password - container properties: authurl: type: string description: Auth url of swift. default: https://storage.myprovider.com/v3/auth username: type: string description: Username of swift. default: username password: type: string description: Password of swift. default: password container: type: string description: Container of swift. default: containername region: type: string description: Region of swift. default: null tenant: type: string description: Tenant of swift. default: null tenantid: type: string description: Tenant id of swift. default: null domain: type: string description: Domain of swift. default: null domainid: type: string description: Domain id of swift. default: null trustid: type: string description: Trust id of swift. default: null insecureskipverify: type: boolean description: Ignore the cert verify when it's true. default: null chunksize: type: string description: Check size of swift, eg 5M. default: null prefix: type: string description: Prefix path of swift. default: null secretkey: type: string description: Secret key of swift. default: null accesskey: type: string description: Access key of swift. default: null authversion: type: string description: Auth version of swift. default: null endpointtype: type: string description: Endpoint type of swift, eg public. default: null tempurlcontainerkey: type: boolean description: Use temp url container key of swift when it's true. default: null tempurlmethods: type: string description: Temp url methods of swift. default: null oss: type: object description: OSS storage related configuration. required: - accesskeyid - accesskeysecret - region - bucket properties: accesskeyid: type: string description: Access key id of oss. default: accesskeyid accesskeysecret: type: string description: Access key secert of oss. default: accesskeysecret region: type: string description: Region of oss. default: regionname bucket: type: string description: Bucket name of oss. default: bucketname endpoint: type: string description: Endpoint of oss. default: null internal: type: boolean description: Use the internal endpoint when it's true. default: null encrypt: type: boolean description: Encrypt of oss. default: null secure: type: boolean description: Secure of oss. default: null chunksize: type: string description: Chunk size for the oss, eg 10M. default: null rootdirectory: type: string description: The rootdirectory in oss. default: null proxy: type: object description: The proxy related configuration. properties: httpProxy: type: string description: HTTP proxy URL. default: "" httpsProxy: type: string description: HTTPS proxy URL. default: "" noProxy: type: string description: Ignore proxy for the domains. default: 127.0.0.1,localhost,.local,.internal pspNames: type: string description: The PSP names used by Harbor pods. The names are separated by ','. 'null' means all PSP can be used. default: "null" caBundleSecretName: type: string description: The custom ca bundle secret, the secret must contain key named "ca.crt", which will be injected into the trust store for core, jobservice, registry, trivy components metrics: type: object description: The metrics used by core, registry and exporter properties: enabled: type: boolean description: Enable the metrics when it's true default: false core: type: object description: The core component related configuration. properties: path: type: string description: The path of the metrics. default: /metrics port: type: integer description: The port of the metrics. default: 8001 registry: type: object description: The registry component related configuration. properties: path: type: string description: The path of the metrics. default: /metrics port: type: integer description: The port of the metrics. default: 8001 jobservice: type: object description: The jobservice component related configuration. properties: path: type: string description: The path of the metrics. default: /metrics port: type: integer description: The port of the metrics. default: 8001 exporter: type: object description: The exporter component related configuration. properties: path: type: string description: The path of the metrics. default: /metrics port: type: integer description: The port of the metrics. default: 8001 network: type: object description: The network related configuration. properties: ipFamilies: type: array description: The array of network ipFamilies. Default [] is equivalent to have both ["IPv4","IPv6"]. Or you can choose one of ["IPv4"] or ["IPv6"] default: [] trace: type: object description: The tracing configuration for Harbor. properties: enabled: type: boolean description: Enable tracing for Harbor. default: false provider: type: string description: The provider type of tracing, jaeger or otel. default: jaeger sample_rate: type: number description: Set sample_rate to 1 if you wanna sampling 100% of trace data; set 0.5 if you wanna sampling 50% of trace data, and so forth. default: 1 namespace: type: string description: The namespace used to differentiate different harbor services. attributes: type: object description: The attributes is a key value dict contains user defined attributes used to initialize trace provider. jaeger: type: object description: Jaeger provider for Harbor tracing, it support two modes - collector mode & agent mode. properties: endpoint: type: string description: The endpoint of jaeger. default: http://hostname:14268/api/traces username: type: string description: The username of jaeger in collector mode. password: type: string description: The password of jaeger in collector mode. agent_host: type: string description: The agent_host of jaeger in agent mode. agent_port: type: integer description: The agent_port of jaeger in agent mode. otel: type: object description: Otel provider for Harbor tracing. properties: endpoint: type: string description: The endpoint of otel. default: hostname:4318 url_path: type: string description: The url path of tracing with Otel. default: /v1/traces compression: type: boolean description: Whether to set compression when enabling tracing with Otel. default: false insecure: type: boolean description: Whether to connect the collector insecurely. default: true timeout: type: integer description: The max waiting time for the backend to process each spans batch, in seconds. default: 10 cache: type: object description: The cache layer configurations for Harbor. properties: enabled: type: boolean description: Enable cache for Harbor. default: false expireHours: type: integer description: The expire hour of cache. default: 24 template: spec: fetch: - imgpkgBundle: image: projects.registry.vmware.com/tkg/packages/standard/harbor:v2.8.2_vmware.2-tkg.1 template: - ytt: paths: - config/ ignoreUnknownComments: true inline: paths: "config/networkpolicy.yaml": | #@ load("@ytt:data", "data") --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: harbor-app-network-policy namespace: #@ data.values.namespace spec: podSelector: matchLabels: app: harbor ingress: - {} - kbld: paths: - '-' - .imgpkg/images.yml deploy: - kapp: rawOptions: - --wait-timeout=5m - --kube-api-qps=20 - --kube-api-burst=30 --- apiVersion: data.packaging.carvel.dev/v1alpha1 kind: PackageMetadata metadata: name: harbor.tanzu.vmware.com spec: displayName: harbor iconSVGBase64: PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHJvbGU9ImltZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHZpZXdCb3g9IjEuMDUgLTEuOTUgMzU5LjQxIDM2MS42NiI+PGRlZnM+PGxpbmVhckdyYWRpZW50IGlkPSJsaW5lYXItZ3JhZGllbnQiIHgxPSIyNjQuNzkiIHgyPSIyNjcuMjciIHkxPSI5NTIuMzkiIHkyPSI5NTIuMzkiIGdyYWRpZW50VHJhbnNmb3JtPSJtYXRyaXgoMzAuNDMgMCAwIC0zMC40MyAtNzk1NS4yMiAyOTI4NS43NSkiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj48c3RvcCBvZmZzZXQ9IjAiIHN0b3AtY29sb3I9IiM2MGI5MzIiLz48c3RvcCBvZmZzZXQ9Ii4yOCIgc3RvcC1jb2xvcj0iIzYwYjkzMiIvPjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iIzM2N2MzNCIvPjwvbGluZWFyR3JhZGllbnQ+PGxpbmVhckdyYWRpZW50IGlkPSJsaW5lYXItZ3JhZGllbnQtMiIgeDE9IjI2My43NyIgeDI9IjI2Ni4yNiIgeTE9Ijk1NS42NSIgeTI9Ijk1NS42NSIgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgyNy4yMSAwIDAgLTI3LjIxIC03MDczLjg1IDI2MTY5LjQxKSIgeGxpbms6aHJlZj0iI2xpbmVhci1ncmFkaWVudCIvPjxsaW5lYXJHcmFkaWVudCBpZD0ibGluZWFyLWdyYWRpZW50LTMiIHgxPSIyNjMuMjgiIHgyPSIyNjUuNzYiIHkxPSI5NTMuNzQiIHkyPSI5NTMuNzQiIGdyYWRpZW50VHJhbnNmb3JtPSJtYXRyaXgoMjUuNzUgMCAwIC0yNS43NSAtNjY3MS4xMyAyNDgxMi4yMykiIHhsaW5rOmhyZWY9IiNsaW5lYXItZ3JhZGllbnQiLz48bGluZWFyR3JhZGllbnQgaWQ9ImxpbmVhci1ncmFkaWVudC00IiB4MT0iMjYzLjc3IiB4Mj0iMjY2LjI1IiB5MT0iOTUzLjIiIHkyPSI5NTMuMiIgZ3JhZGllbnRUcmFuc2Zvcm09Im1hdHJpeCgyNy4xIDAgMCAtMjcuMSAtNzA0MC45IDI2MTAyLjQ5KSIgeGxpbms6aHJlZj0iI2xpbmVhci1ncmFkaWVudCIvPjxsaW5lYXJHcmFkaWVudCBpZD0ibGluZWFyLWdyYWRpZW50LTUiIHgxPSIyNjIuNzMiIHgyPSIyNjUuMjEiIHkxPSI5NTQuMzQiIHkyPSI5NTQuMzQiIGdyYWRpZW50VHJhbnNmb3JtPSJtYXRyaXgoMjQuNCAwIDAgLTI0LjQgLTYzMDEuMzYgMjM1MjEuOTcpIiB4bGluazpocmVmPSIjbGluZWFyLWdyYWRpZW50Ii8+PGxpbmVhckdyYWRpZW50IGlkPSJsaW5lYXItZ3JhZGllbnQtNiIgeDE9IjI3Mi4xNCIgeDI9IjI3NC42MiIgeTE9Ijk1NS4xNSIgeTI9Ijk1NS4xNSIgZ3JhZGllbnRUcmFuc2Zvcm09InNjYWxlKDY2LjA5IC02Ni4wOSkgcm90YXRlKDM2LjUyIDE1ODguMTUzIDY4LjE0OCkiIGdyYWRpZW50VW5pdHM9InVzZXJTcGFjZU9uVXNlIj48c3RvcCBvZmZzZXQ9IjAiIHN0b3AtY29sb3I9IiM0NTk2ZDgiLz48c3RvcCBvZmZzZXQ9Ii4yIiBzdG9wLWNvbG9yPSIjNDU5NmQ4Ii8+PHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjZmZmIi8+PC9saW5lYXJHcmFkaWVudD48bGluZWFyR3JhZGllbnQgaWQ9ImxpbmVhci1ncmFkaWVudC03IiB4MT0iMjcwLjY1IiB4Mj0iMjczLjEzIiB5MT0iOTUyLjM4IiB5Mj0iOTUyLjM4IiBncmFkaWVudFRyYW5zZm9ybT0ic2NhbGUoNzcuOCAtNzcuOCkgcm90YXRlKC0xMS41NCAtNDU4Ny4yMDkgMTgwMy4zMjMpIiBncmFkaWVudFVuaXRzPSJ1c2VyU3BhY2VPblVzZSI+PHN0b3Agb2Zmc2V0PSIwIiBzdG9wLWNvbG9yPSIjNDE5NGQ3Ii8+PHN0b3Agb2Zmc2V0PSIuMiIgc3RvcC1jb2xvcj0iIzQxOTRkNyIvPjxzdG9wIG9mZnNldD0iMSIgc3RvcC1jb2xvcj0iI2ZmZiIvPjwvbGluZWFyR3JhZGllbnQ+PGxpbmVhckdyYWRpZW50IGlkPSJsaW5lYXItZ3JhZGllbnQtOCIgeDE9IjI3MC45NyIgeDI9IjI3My40NSIgeTE9Ijk1My43NSIgeTI9Ijk1My43NSIgZ3JhZGllbnRUcmFuc2Zvcm09InNjYWxlKDcxLjM1IC03MS4zNSkgcm90YXRlKDEwLjIzIDU0NzcuMzcgLTEwMjQuNjAyKSIgZ3JhZGllbnRVbml0cz0idXNlclNwYWNlT25Vc2UiPjxzdG9wIG9mZnNldD0iMCIgc3RvcC1jb2xvcj0iIzQxOTRkNyIvPjxzdG9wIG9mZnNldD0iLjMzIiBzdG9wLWNvbG9yPSIjNDQ5NmQ4Ii8+PHN0b3Agb2Zmc2V0PSIxIiBzdG9wLWNvbG9yPSIjZmZmIi8+PC9saW5lYXJHcmFkaWVudD48Y2xpcFBhdGggaWQ9ImNsaXAtcGF0aCI+PHBhdGggZD0iTTE3NC40IDMwMi41MmwtNjguNjUtMzAuMjYtMy44MyA0My4yMSA3NS41IDIzLjk4LTMuMDItMzYuOTN6IiBjbGFzcz0iY2xzLTEiLz48L2NsaXBQYXRoPjxjbGlwUGF0aCBpZD0iY2xpcC1wYXRoLTIiPjxwYXRoIGQ9Ik0xMTkuMTkgMTM1LjM4aDM4LjU1djMyLjg5aC05LjE1di0xNGExMC4xMyAxMC4xMyAwIDEgMC0yMC4yNiAwdjE0aC05LjE1em0tNy43IDcybDU3LjIgMjUuMjEtMy45NC00OC4yNGg3LjQ5di0xNi4wOGgtNS41NXYtMzIuODloNS41NXYtOS40NWwtMzAuODYtMzAuMTl2LTIuMTJhMi45MSAyLjkxIDAgMCAwLTUuODIgMHYyLjEybC0zMC44NiAzMC4xOXY5LjQ1aDUuNTZ2MzIuODloLTUuNTZ2MTYuMTJoOC44MnoiIGNsYXNzPSJjbHMtMSIvPjwvY2xpcFBhdGg+PGNsaXBQYXRoIGlkPSJjbGlwLXBhdGgtMyI+PHBhdGggZD0iTTEwOC4xNCAyNDUuMjhsNjMuODggMjguMTYtLjk2LTExLjczLTYxLjk2LTI3LjMtLjk2IDEwLjg3eiIgY2xhc3M9ImNscy0xIi8+PC9jbGlwUGF0aD48Y2xpcFBhdGggaWQ9ImNsaXAtcGF0aC00Ij48cGF0aCBkPSJNMTA2LjQ2IDI2NC4yMWw2Ny4yMyAyOS42My0uOTYtMTEuNzItNjUuMzEtMjguNzgtLjk2IDEwLjg3eiIgY2xhc3M9ImNscy0xIi8+PC9jbGlwUGF0aD48Y2xpcFBhdGggaWQ9ImNsaXAtcGF0aC01Ij48cGF0aCBkPSJNMTEwLjc3IDIxNS40OGwtLjk2IDEwLjg3IDYwLjU0IDI2LjY4LS45NS0xMS43Mi01OC42My0yNS44M3oiIGNsYXNzPSJjbHMtMSIvPjwvY2xpcFBhdGg+PGNsaXBQYXRoIGlkPSJjbGlwLXBhdGgtNiI+PHBhdGggZD0iTTMxMy4xMyA2Ny41OWExNzUuMzEgMTc1LjMxIDAgMCAwLTI5Ljc1LTI4LjEzYy0xLjU3LTEuMTctMy4xOC0yLjMtNC43OS0zLjQyTDI1NiA1OS41bC04Mi4zNCA4NS42MyAxMTMuNDEtNTguNjggMjkuMDctMTVjLTEuMDEtMS4zMS0xLjk4LTIuNjItMy4wMS0zLjg2eiIgY2xhc3M9ImNscy0xIi8+PC9jbGlwUGF0aD48Y2xpcFBhdGggaWQ9ImNsaXAtcGF0aC03Ij48cGF0aCBkPSJNMzUzLjU5IDE3Ny42MWMwLTItLjE0LTQtLjIyLTUuOTNsLTMyLjIxLTIuMzEtMTQ3LjQ3LTEwLjU4TDMxOC4zNiAyMDlsMzAuNDEgMTAuNTVjLjA5LS4zNi4xOS0uNzEuMjgtMS4wOGExNzMuNjUgMTczLjY1IDAgMCAwIDQuNTctMzkuNDd2LTEuMzd6IiBjbGFzcz0iY2xzLTEiLz48L2NsaXBQYXRoPjxjbGlwUGF0aCBpZD0iY2xpcC1wYXRoLTgiPjxwYXRoIGQ9Ik0zNDguODQgMTM4LjYxYTE3Mi41NSAxNzIuNTUgMCAwIDAtMTMuODQtMzcuN2wtMzAuOTQgOS45NEwxNzUuOTIgMTUybDE0Mi00LjgzIDMyLjUtMS4xMWMtLjUtMi40OC0uOTktNC45OC0xLjU4LTcuNDV6IiBjbGFzcz0iY2xzLTEiLz48L2NsaXBQYXRoPjxzdHlsZT4uY2xzLTF7ZmlsbDpub25lfS5jbHMtMTN7ZmlsbDojNjk2NTY2fTwvc3R5bGU+PC9kZWZzPjxnIGlkPSJnMTIiPjxwYXRoIGlkPSJwYXRoMTQiIGZpbGw9IiNmZmYiIGQ9Ik0zMC44OSAxNzlhMTQ4Ljg3IDE0OC44NyAwIDEgMSAxNDguODcgMTQ4Ljg1QTE0OC44NyAxNDguODcgMCAwIDEgMzAuODkgMTc5Ii8+PGcgaWQ9ImczMCIgY2xpcC1wYXRoPSJ1cmwoI2NsaXAtcGF0aCkiPjxnIGlkPSJnMzIiPjxwYXRoIGlkPSJwYXRoNDYiIGZpbGw9InVybCgjbGluZWFyLWdyYWRpZW50KSIgZD0iTTE3NC40IDMwMi41MmwtNjguNjUtMzAuMjUtMy44MiA0My4yIDc1LjUgMjQtMy0zNi45MyIvPjwvZz48L2c+PGcgaWQ9Imc0OCIgY2xpcC1wYXRoPSJ1cmwoI2NsaXAtcGF0aC0yKSI+PGcgaWQ9Imc1MCI+PHBhdGggaWQ9InBhdGg2NCIgZmlsbD0idXJsKCNsaW5lYXItZ3JhZGllbnQtMikiIGQ9Ik0xMTkuMTkgMTM1LjM4aDM4LjU1djMyLjg5aC05LjE1di0xNGExMC4xMyAxMC4xMyAwIDEgMC0yMC4yNiAwdjE0aC05LjE1em0tNy43IDcybDU3LjIgMjUuMjEtMy45NC00OC4yNGg3LjQ5di0xNi4wOGgtNS41NXYtMzIuODloNS41NXYtOS40NWwtMzAuODYtMzAuMTl2LTIuMTJhMi45MSAyLjkxIDAgMCAwLTUuODIgMHYyLjEybC0zMC44NiAzMC4xOXY5LjQ1aDUuNTZ2MzIuODloLTUuNTZ2MTYuMTJoOC44MmwtMiAyMyIvPjwvZz48L2c+PGcgaWQ9Imc2NiIgY2xpcC1wYXRoPSJ1cmwoI2NsaXAtcGF0aC0zKSI+PGcgaWQ9Imc2OCI+PHBhdGggaWQ9InBhdGg4MiIgZmlsbD0idXJsKCNsaW5lYXItZ3JhZGllbnQtMykiIGQ9Ik0xMDguMTMgMjQ1LjI4TDE3MiAyNzMuNDRsLTEtMTEuNzItNjItMjcuMzEtMSAxMC44NyIvPjwvZz48L2c+PGcgaWQ9Imc4NCIgY2xpcC1wYXRoPSJ1cmwoI2NsaXAtcGF0aC00KSI+PGcgaWQ9Imc4NiI+PHBhdGggaWQ9InBhdGgxMDAiIGZpbGw9InVybCgjbGluZWFyLWdyYWRpZW50LTQpIiBkPSJNMTA2LjQ2IDI2NC4yMWw2Ny4yMyAyOS42My0xLTExLjcyLTY1LjMxLTI4Ljc4LTEgMTAuODciLz48L2c+PC9nPjxnIGlkPSJnMTAyIiBjbGlwLXBhdGg9InVybCgjY2xpcC1wYXRoLTUpIj48ZyBpZD0iZzEwNCI+PHBhdGggaWQ9InBhdGgxMTgiIGZpbGw9InVybCgjbGluZWFyLWdyYWRpZW50LTUpIiBkPSJNMTEwLjc3IDIxNS40OGwtMSAxMC44OEwxNzAuMzUgMjUzbC0xLTExLjcyLTU4LjYyLTI1LjgzIi8+PC9nPjwvZz48cGF0aCBpZD0icGF0aDEyMCIgZD0iTTMwNC4wNyAxMTAuODVsMzAuOTMtOS45NGMtLjExLS4yMi0uMjEtLjQ1LS4zMi0uNjZhMTc0LjQxIDE3NC40MSAwIDAgMC0xOC41NS0yOC44M2wtMjkuMDcgMTVhMTQyLjcxIDE0Mi43MSAwIDAgMSAxNi43MyAyMy44N2MuMS4xNy4xOC4zNS4yNy41MyIgY2xhc3M9ImNscy0xMyIvPjxwYXRoIGlkPSJwYXRoMTIyIiBkPSJNMzIxLjE1IDE2OS4zN2wzMi4yMSAyLjMxYTE3Mi44NiAxNzIuODYgMCAwIDAtMy0yNS41OWwtMzIuNSAxLjExYTE0MSAxNDEgMCAwIDEgMy4yNSAyMi4xNyIgY2xhc3M9ImNscy0xMyIvPjxwYXRoIGlkPSJwYXRoMTI0IiBkPSJNMTgyIDMyMC44MWMtNzguMiAwLTE0MS44My02My42Mi0xNDEuODMtMTQxLjgyUzEwMy44MiAzNy4xNiAxODIgMzcuMTZhMTQwLjkzIDE0MC45MyAwIDAgMSA3Ni4zIDIyLjM0TDI4MC44NSAzNkExNzIuODYgMTcyLjg2IDAgMCAwIDE4MiA1LjExQzg2LjE1IDUuMTEgOC4xNSA4My4xMSA4LjE1IDE3OXM3OCAxNzMuODUgMTczLjg1IDE3My44NWM4MS45IDAgMTUwLjY5LTU3IDE2OS0xMzMuMzJMMzIwLjYyIDIwOWMtMTMuOCA2My44NC03MC42OSAxMTEuODMtMTM4LjYgMTExLjgzIiBjbGFzcz0iY2xzLTEzIi8+PGcgaWQ9ImcxMjYiIGNsaXAtcGF0aD0idXJsKCNjbGlwLXBhdGgtNikiPjxnIGlkPSJnMTI4Ij48cGF0aCBpZD0icGF0aDE0MiIgZmlsbD0idXJsKCNsaW5lYXItZ3JhZGllbnQtNikiIGQ9Ik0zMTMuMTMgNjcuNTlhMTc1LjMxIDE3NS4zMSAwIDAgMC0yOS43NS0yOC4xM2MtMS41Ny0xLjE3LTMuMTgtMi4zLTQuNzktMy40MkwyNTYgNTkuNWwtODIuMzQgODUuNjMgMTEzLjQxLTU4LjY4IDI5LjA3LTE1Yy0xLTEuMjctMi0yLjU4LTMtMy44MiIvPjwvZz48L2c+PGcgaWQ9ImcxNDQiIGNsaXAtcGF0aD0idXJsKCNjbGlwLXBhdGgtNykiPjxnIGlkPSJnMTQ2Ij48cGF0aCBpZD0icGF0aDE2MCIgZmlsbD0idXJsKCNsaW5lYXItZ3JhZGllbnQtNykiIGQ9Ik0zNTMuNTkgMTc3LjYxYzAtMi0uMTQtNC0uMjItNS45M2wtMzIuMjEtMi4zMS0xNDcuNDctMTAuNThMMzE4LjM2IDIwOWwzMC40MSAxMC41NWMuMDktLjM2LjE5LS43MS4yOC0xLjA4YTE3My42NSAxNzMuNjUgMCAwIDAgNC41Ny0zOS40N3YtMS4zNyIvPjwvZz48L2c+PGcgaWQ9ImcxNjIiIGNsaXAtcGF0aD0idXJsKCNjbGlwLXBhdGgtOCkiPjxnIGlkPSJnMTY0Ij48cGF0aCBpZD0icGF0aDE3OCIgZmlsbD0idXJsKCNsaW5lYXItZ3JhZGllbnQtOCkiIGQ9Ik0zNDguODQgMTM4LjYxYTE3Mi41NSAxNzIuNTUgMCAwIDAtMTMuODQtMzcuN2wtMzAuOTQgOS45NEwxNzUuOTIgMTUybDE0Mi00LjgzIDMyLjUtMS4xMWMtLjQ4LTIuNTEtMS01LTEuNTYtNy40OCIvPjwvZz48L2c+PC9nPjwvc3ZnPg== longDescription: Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. shortDescription: OCI Registry providerName: VMware maintainers: - name: Miner Yang - name: Daojun Zhang - name: Shengwen Yu categories: - OCI registry supportDescription: Support provided by VMware for deployment on Tanzu clusters. Best-effort support for deployment on any conformant Kubernetes cluster. Contact support by opening a support request via VMware Cloud Services or my.vmware.com.