Add global registry support

charts/harbor/v1.7.5-rancher1/templates/NOTES.txt

 Please wait for several minutes for Harbor deployment to complete.
-Then you should be able to visit the Harbor portal at {{ .Values.externalURL }}. 
+{{- if .Values.globalRegistryMode -}}
+Then you should be able to visit the Harbor portal at {{ .Values.externalURL }}.
+{{- else -}}
+Then you should be able to visit the Harbor portal at {{ .Values.externalURL }}/registry.
+{{- end -}}
 For more details, please visit https://github.com/goharbor/harbor.
\ No newline at end of file

charts/harbor/v1.7.5-rancher1/templates/_helpers.tpl

@@ -31,7 +31,9 @@ app: "{{ template "harbor.name" . }}"
 {{- end -}}
 
 {{- define "harbor.autoGenCert" -}}
-  {{- if and .Values.expose.tls.enabled (not .Values.expose.tls.secretName) -}}
+  {{- if .Values.globalRegistryMode -}}
+    {{- printf "false" -}}
+  {{- else if and .Values.expose.tls.enabled (not .Values.expose.tls.secretName) -}}
     {{- printf "true" -}}
   {{- else -}}
     {{- printf "false" -}}
@@ -266,6 +268,10 @@ host:port,pool_size,password
   {{- printf "%s-notary-signer" (include "harbor.fullname" .) -}}
 {{- end -}}
 
+{{- define "harbor.proxy" -}}
+  {{- printf "%s-proxy" (include "harbor.fullname" .) -}}
+{{- end -}}
+
 {{- define "harbor.nginx" -}}
   {{- printf "%s-nginx" (include "harbor.fullname" .) -}}
 {{- end -}}
@@ -296,3 +302,11 @@ when the type is "clusterIP" or "nodePort" and "secretName" is null
   {{- $trimURL := (include "harbor.externalURL" .)  | trimPrefix "https://"  | trimPrefix "http://" -}}
   {{ regexReplaceAll ":.*$" $trimURL "${1}" }}
 {{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

charts/harbor/v1.7.5-rancher1/templates/adminserver/adminserver-dpl.yaml

@@ -27,7 +27,7 @@ spec:
     spec:
       containers:
       - name: adminserver
-        image: {{ .Values.adminserver.image.repository }}:{{ .Values.adminserver.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.adminserver.image.repository }}:{{ .Values.adminserver.image.tag }}
         imagePullPolicy: "{{ .Values.imagePullPolicy }}"
         livenessProbe:
           httpGet:
@@ -80,6 +80,7 @@ spec:
             path: key
     {{- with .Values.adminserver.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.adminserver.affinity }}

charts/harbor/v1.7.5-rancher1/templates/chartmuseum/chartmuseum-dpl.yaml

@@ -27,7 +27,7 @@ spec:
     spec:
       containers:
       - name: chartmuseum
-        image: {{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.chartmuseum.image.repository }}:{{ .Values.chartmuseum.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         livenessProbe:
           httpGet:
@@ -85,6 +85,7 @@ spec:
       {{- end }}
       {{- with .Values.chartmuseum.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
       {{- end }}
       {{- with .Values.chartmuseum.affinity }}

charts/harbor/v1.7.5-rancher1/templates/clair/clair-dpl.yaml

@@ -25,7 +25,7 @@ spec:
     spec:
       containers:
       - name: clair
-        image: {{ .Values.clair.image.repository }}:{{ .Values.clair.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.clair.image.repository }}:{{ .Values.clair.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         livenessProbe:
           httpGet:
@@ -70,6 +70,7 @@ spec:
               path: config.yaml
     {{- with .Values.clair.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.clair.affinity }}

charts/harbor/v1.7.5-rancher1/templates/core/core-dpl.yaml

@@ -26,7 +26,7 @@ spec:
     spec:
       containers:
       - name: core
-        image: {{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.core.image.repository }}:{{ .Values.core.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         livenessProbe:
           httpGet:
@@ -98,7 +98,12 @@ spec:
           {{- end }}
       - name: ca-download
         secret:
-        {{- if eq (include "harbor.autoGenCert" .) "true" }}
+        {{- if .Values.globalRegistryMode }}
+          secretName: "tls-rancher"
+          items:
+            - key: tls.crt
+              path: ca.crt
+        {{- else if eq (include "harbor.autoGenCert" .) "true" }}
           secretName: {{ template "harbor.ingress.core" . }}
           items:
             - key: ca.crt
@@ -113,6 +118,7 @@ spec:
         emptyDir: {}
     {{- with .Values.core.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.core.affinity }}

charts/harbor/v1.7.5-rancher1/templates/database/database-ss.yaml

@@ -27,7 +27,7 @@ spec:
     spec:
       initContainers:
       - name: "remove-lost-found"
-        image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         command: ["rm", "-Rf", "/var/lib/postgresql/data/lost+found"]
         volumeMounts:
@@ -35,7 +35,7 @@ spec:
           mountPath: /var/lib/postgresql/data
       containers:
       - name: database
-        image: {{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.database.internal.image.repository }}:{{ .Values.database.internal.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         livenessProbe:
           exec:
@@ -72,6 +72,7 @@ spec:
       {{- end -}}
     {{- with .Values.database.internal.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.database.internal.affinity }}

charts/harbor/v1.7.5-rancher1/templates/ingress/ingress.yaml

@@ -13,12 +13,33 @@ spec:
   tls:
   - hosts:
     - {{ $ingress.host }}
-  {{- if $tls.secretName }}
+  {{- if .Values.globalRegistryMode }}
+    secretName: "tls-rancher-ingress"
+  {{- else if $tls.secretName }}
     secretName: {{ $tls.secretName }}
   {{- else }}
     secretName: "{{ template "harbor.ingress.core" . }}"
   {{- end }}
-{{- if eq .Values.expose.ingress.controller "gce" }}
+{{- if .Values.globalRegistryMode }}
+  rules:
+  - http:
+      paths:
+      - path: /v2/
+        backend:
+          serviceName: {{ template "harbor.core" . }}
+          servicePort: 80
+      - path: /api/projects
+        backend:
+          serviceName: {{ template "harbor.core" . }}
+          servicePort: 80
+      - path: /registry/
+        backend:
+          serviceName: {{ template "harbor.proxy" . }}
+          servicePort: 80
+    {{- if $ingress.host }}
+    host: {{ $ingress.host }}
+    {{- end }}
+{{- else if eq .Values.expose.ingress.controller "gce" }}
   rules:
   - http:
       paths:

charts/harbor/v1.7.5-rancher1/templates/ingress/notary-ingress.yaml

+{{- if not .Values.globalRegistryMode }}
 {{- if .Values.notary.enabled }}
 {{- if eq .Values.expose.type "ingress" }}
 {{- $ingress := .Values.expose.ingress -}}
@@ -30,4 +31,5 @@ spec:
     host: {{ $ingress.host }}
     {{- end }}
 {{- end }}
-{{- end }}
+{{- end }}
\ No newline at end of file
+{{- end }} 
\ No newline at end of file

charts/harbor/v1.7.5-rancher1/templates/jobservice/jobservice-dpl.yaml

@@ -26,7 +26,7 @@ spec:
     spec:
       containers:
       - name: jobservice
-        image: {{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.jobservice.image.repository }}:{{ .Values.jobservice.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         livenessProbe:
           httpGet:
@@ -83,6 +83,7 @@ spec:
         {{- end }}
     {{- with .Values.jobservice.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.jobservice.affinity }}

charts/harbor/v1.7.5-rancher1/templates/nginx/deployment.yaml

@@ -28,7 +28,7 @@ spec:
     spec:
       containers:
       - name: nginx
-        image: {{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}
         imagePullPolicy: "{{ .Values.imagePullPolicy }}"
         livenessProbe:
           httpGet:
@@ -68,6 +68,7 @@ spec:
           {{- end }}
     {{- with .Values.nginx.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.nginx.affinity }}

charts/harbor/v1.7.5-rancher1/templates/notary/notary-cm.yaml

@@ -43,7 +43,11 @@ data:
       "auth": {
           "type": "token",
           "options": {
+              {{- if .Values.globalRegistryMode }}
+              "realm": "{{ template "harbor.externalURL" . }}/registry/service/token",
+              {{- else }}
               "realm": "{{ template "harbor.externalURL" . }}/service/token",
+              {{- end }}
               "service": "harbor-notary",
               "issuer": "harbor-token-issuer",
               "rootcertbundle": "/root.crt"

charts/harbor/v1.7.5-rancher1/templates/notary/notary-server.yaml

@@ -26,7 +26,7 @@ spec:
     spec:
       containers:
       - name: notary-server
-        image: {{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.notary.server.image.repository }}:{{ .Values.notary.server.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
 {{- if .Values.notary.server.resources }}
         resources:
@@ -66,6 +66,7 @@ spec:
       {{- end }}
     {{- with .Values.notary.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.notary.affinity }}

charts/harbor/v1.7.5-rancher1/templates/notary/notary-signer.yaml

@@ -22,7 +22,7 @@ spec:
     spec:
       containers:
       - name: notary-signer
-        image: {{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.notary.signer.image.repository }}:{{ .Values.notary.signer.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
 {{- if .Values.notary.signer.resources }}
         resources:
@@ -60,6 +60,7 @@ spec:
       {{- end }}
     {{- with .Values.notary.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.notary.affinity }}

charts/harbor/v1.7.5-rancher1/templates/portal/deployment.yaml

@@ -23,7 +23,7 @@ spec:
     spec:
       containers:
       - name: portal
-        image: {{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.portal.image.repository }}:{{ .Values.portal.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
 {{- if .Values.portal.resources }}
         resources:
@@ -45,6 +45,7 @@ spec:
         - containerPort: 80
     {{- with .Values.portal.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.portal.affinity }}

charts/harbor/v1.7.5-rancher1/templates/proxy/configmap.yaml

+{{ if .Values.globalRegistryMode }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "harbor.proxy" . }}
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: proxy
+data:
+  default.conf: |
+    server {
+        listen       80;
+        server_name  localhost;
+        location / {
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+        }
+        location = /registry {
+            return 302 /registry/;
+        }
+        location  /registry/service/ {
+            proxy_pass http://{{ template "harbor.core" . }}/service/; 
+        }
+        location  /registry/api/ {
+            proxy_pass http://{{ template "harbor.core" . }}/api/; 
+        }
+        {{ if .Values.chartmuseum.enabled }}
+        location  /registry/chartrepo/ {
+            proxy_pass http://{{ template "harbor.core" . }}/chartrepo/; 
+        }
+        {{ end }}
+        location  /registry/c/ {
+            proxy_pass http://{{ template "harbor.core" . }}/c/; 
+        }
+        {{ if .Values.notary.enabled }}
+        location  /registry/notary/ {
+            proxy_pass http://{{ template "harbor.notary-server" . }}:4443/; 
+        }
+        {{ end }}
+        location /registry/ {
+            proxy_pass http://{{ template "harbor.portal" . }}/; 
+            include filters.conf;
+        }
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+    }
+  filters.conf: |
+        sub_filter_types application/javascript;
+
+        sub_filter 'src="main' 'src="/registry/main';
+        sub_filter 'src="runtime' 'src="/registry/runtime';
+        sub_filter 'src="scripts' 'src="/registry/scripts';
+
+        sub_filter '"/c/login"' '"/registry/c/login"';
+        sub_filter '"/c/log_out"' '"/registry/c/log_out"';
+        sub_filter '"/c/userExists"' '"/registry/c/userExists"';
+        sub_filter '"/c/reset"' '"/registry/c/reset"';
+        sub_filter '"/c/sendEmail' '"/registry/c/sendEmail';
+        sub_filter '"/c/oidc_login"' '"/registry/c/oidc_login"';
+
+        sub_filter '"/api/' '"/registry/api/';
+        sub_filter '"/service/' '"/registry/service/';
+        sub_filter '"/chartrepo/' '"/registry/chartrepo/';
+
+        sub_filter '<base href="/">' '<base href="/registry">';
+        sub_filter 'href="favicon.ico' 'href="/registry/favicon.ico';
+        sub_filter 'href="styles' 'href="/registry/styles';
+        sub_filter '"images/harbor-logo.svg"' '"/registry/images/harbor-logo.svg"';
+        sub_filter '"/images/helm-gray.svg"' '"/registry/images/helm-gray.svg"';
+        sub_filter '"images/harbor-black-logo.png' '"/registry/images/harbor-black-logo.png';
+        #sub_filter '"static/images' '"registry/static/images';
+        sub_filter '"../../../images' '"/registry/images';
+        sub_filter '"/swagger.json"' '"/registry/swagger.json"';
+        sub_filter '"i18n/lang/"' '"/registry/i18n/lang/"';
+        sub_filter '"/language' '"/registry/language';
+        sub_filter 'http.get("setting.json"' 'http.get("/registry/setting.json"';
+
+
+        sub_filter_once off;
+        proxy_set_header Accept-Encoding "";
+{{ end }}

charts/harbor/v1.7.5-rancher1/templates/proxy/deployment.yaml

+{{ if .Values.globalRegistryMode }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: {{ template "harbor.proxy" . }}
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+    component: proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+{{ include "harbor.matchLabels" . | indent 6 }}
+      component: proxy
+  template:
+    metadata:
+      labels:
+{{ include "harbor.labels" . | indent 8 }}
+        component: proxy
+    spec:
+      containers:
+      - name: nginx
+        image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}
+        imagePullPolicy: {{ .Values.proxy.image.pullPolicy }}
+        resources:
+{{ toYaml .Values.proxy.resources | indent 10 }}
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - name: nginx-config
+          mountPath: /etc/nginx/conf.d
+          readOnly: true
+        - mountPath: /etc/nginx/filters.conf
+          name: filter-config
+          subPath: filters.conf
+          readOnly: true
+      volumes:
+      - name: nginx-config
+        configMap:
+          name: "{{ template "harbor.proxy" . }}"
+          items:
+            - key: default.conf
+              path: default.conf
+      - name: filter-config
+        configMap:
+          name: "{{ template "harbor.proxy" . }}"
+          items:
+          - key: filters.conf
+            path: filters.conf
+    {{- with .Values.proxy.nodeSelector }}
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.proxy.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.proxy.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+{{ end }}
\ No newline at end of file

charts/harbor/v1.7.5-rancher1/templates/proxy/service.yaml

+{{ if .Values.globalRegistryMode }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: "{{ template "harbor.proxy" . }}"
+  labels:
+{{ include "harbor.labels" . | indent 4 }}
+spec:
+  ports:
+    - port: 80
+  selector:
+{{ include "harbor.matchLabels" . | indent 4 }}
+    component: proxy
+{{ end }}
\ No newline at end of file

charts/harbor/v1.7.5-rancher1/templates/redis/statefulset.yaml

@@ -26,7 +26,7 @@ spec:
     spec:
       containers:
       - name: redis
-        image: {{ .Values.redis.internal.image.repository }}:{{ .Values.redis.internal.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.redis.internal.image.repository }}:{{ .Values.redis.internal.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         livenessProbe:
           tcpSocket:
@@ -58,6 +58,7 @@ spec:
       {{- end -}}
     {{- with .Values.redis.internal.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.redis.internal.affinity }}

charts/harbor/v1.7.5-rancher1/templates/registry/registry-cm.yaml

@@ -47,8 +47,8 @@ data:
         {{- if $storage.s3.encrypt }}
         encrypt: {{ $storage.s3.encrypt }}
         {{- end }}
-        {{- if $storage.s3.secure }}
-        secure: {{ $storage.s3.secure }}
+        {{- if $storage.s3.insecure }}
+        secure: false
         {{- end }}
         {{- if $storage.s3.v4auth }}
         v4auth: {{ $storage.s3.v4auth }}
@@ -120,8 +120,8 @@ data:
         {{- if $storage.oss.encrypt }}
         encrypt: {{ $storage.oss.encrypt }}
         {{- end }}
-        {{- if $storage.oss.secure }}
-        secure: {{ $storage.oss.secure }}
+        {{- if $storage.oss.insecure }}
+        secure: false
         {{- end }}
         {{- if $storage.oss.chunksize }}
         chunksize: {{ $storage.oss.chunksize }}
@@ -152,7 +152,11 @@ data:
     auth:
       token:
         issuer: harbor-token-issuer
+        {{- if .Values.globalRegistryMode }}
+        realm: "{{ template "harbor.externalURL" . }}/registry/service/token"
+        {{- else }}
         realm: "{{ template "harbor.externalURL" . }}/service/token"
+        {{- end }}
         rootcertbundle: /etc/registry/root.crt
         service: harbor-registry
     validation:

charts/harbor/v1.7.5-rancher1/templates/registry/registry-dpl.yaml

@@ -27,7 +27,7 @@ spec:
     spec:
       containers:
       - name: registry
-        image: {{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.registry.registry.image.repository }}:{{ .Values.registry.registry.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         livenessProbe:
           httpGet:
@@ -68,7 +68,7 @@ spec:
           subPath: gcs-key.json
         {{- end }}
       - name: registryctl
-        image: {{ .Values.registry.controller.image.repository }}:{{ .Values.registry.controller.image.tag }}
+        image: {{ template "system_default_registry" . }}{{ .Values.registry.controller.image.repository }}:{{ .Values.registry.controller.image.tag }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         livenessProbe:
           httpGet:
@@ -141,6 +141,7 @@ spec:
       {{- end }}
     {{- with .Values.registry.nodeSelector }}
       nodeSelector:
+        beta.kubernetes.io/os: linux
 {{ toYaml . | indent 8 }}
     {{- end }}
     {{- with .Values.registry.affinity }}

charts/harbor/v1.7.5-rancher1/values.yaml

@@ -67,6 +67,9 @@ expose:
 # If Harbor is deployed behind the proxy, set it as the URL of proxy
 externalURL: https://harbor.local
 
+# Use the Harbor instance as the global registry in Rancher
+globalRegistryMode: true
+
 # The persistence is enabled by default and a default StorageClass
 # is needed in the k8s cluster to provision volumes dynamicly. 
 # Specify another StorageClass in the "storageClass" or set "existingClaim"
@@ -159,7 +162,7 @@ imageChartStorage:
     #regionendpoint: http://myobjects.local
     #encrypt: false
     #keyid: mykeyid
-    #secure: true
+    #insecure: false
     #v4auth: true
     #chunksize: "5242880"
     #rootdirectory: /s3/object/name/prefix
@@ -192,7 +195,7 @@ imageChartStorage:
     #endpoint: endpoint
     #internal: false
     #encrypt: false
-    #secure: true
+    #insecure: false
     #chunksize: 10M
     #rootdirectory: rootdirectory
 
@@ -204,6 +207,23 @@ harborAdminPassword: "Harbor12345"
 # The secret key used for encryption. Must be a string of 16 chars.
 secretKey: "not-a-secure-key"
 
+# nginx proxy adapter for global registry, it is used when globalRegistryMode is true.
+proxy:
+  image:
+    repository: library/nginx
+    tag: 1.14.2
+    pullPolicy: IfNotPresent
+    resources: 
+      requests:
+        cpu: 50m
+        memory: 64Mi
+      # limits:
+      #   cpu: 50m
+      #   memory: 64Mi
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+
 # If expose the service via "ingress", the Nginx will not be used
 nginx:
   image:
@@ -488,4 +508,7 @@ redis:
     chartmuseumDatabaseIndex: "3"
     password: ""
   ## Additional deployment annotations
-  podAnnotations: {}
+  podAnnotations: {}
\ No newline at end of file
+
+global:
+  systemDefaultRegistry: ""
\ No newline at end of file