stefsuse Fix Bitbucket values (#45)
fix bitbucket value refs, update version and maintainers
Latest commit 4b7209c Apr 26, 2018


Portus Portus is an open source authorization service and user interface for the next generation Docker Registry.


$ helm install incubator/portus


This chart bootstraps a Portus deployment on a Kubernetes cluster using the Helm package manager.

It also packages the Bitnami MariaDB chart which is required for bootstrapping a MariaDB deployment for the database requirements of the Portus application.


  • Kubernetes 1.4+ with Beta APIs enabled
  • PV provisioner support in the underlying infrastructure

Installing the Chart

To install the chart with the release name my-release:

$ helm install --name my-release incubator/portus

Uninstalling the Chart

To uninstall/delete the my-release deployment:

$ helm delete my-release

The command removes nearly all the Kubernetes components associated with the chart and deletes the release.

Portus TLS

To run Portus securely you'll need an SSL key and certificate that cover the domain names that the Portus, Docker registry and Nginx services use. This chart does not use TLS by default, but it does support a TLS installation.

To use TLS you must set portus.tls.enabled to true.

You will need to generate an appropriate key and certificate if you would like to install the chart securely.

If you would like to enable TLS for the Portus installation you will need to store your key in the value portus.tls.key and the certificate in the value portus.tls.cert


The following tables lists the configurable parameters of the portus chart and their default values.

Parameter Description Default
portus.replicas Portus deployment replica count ``
portus.image.repository Portus image repository name opensuse/portus
portus.image.tag Portus image tag name 2.3
portus.image.pullPolicy Portus image pull policy IfNotPresent
portus.service.port Portus service port 3000
portus.resources.requests.memory Portus memory resources 512Mi
portus.resources.requests.cpu Portus cpu resources 300m
portus.dbAdapter Database adapter Portus should use mysql2
portus.dbHost Name of host providing database ``
portus.dbDatabase Name of database Portus will use ``
portus.dbUsername Name of database user Portus will use ``
portus.dbPassword Password to connect to database ``
portus.password Password used for background job user random 10 character long alphanumeric string
portus.secretKeyBase Ruby on Rails secret app key random 128 character long alphanumeric string Email from address Email from name Portus Email reply-to Enable SMTP email false SMTP address SMTP config 587 SMTP port
portus.config.gravatar Use Gravatar true
portus.config.delete Allow repository deletion true
portus.config.first_user_admin Make initial user admin true
portus.config.signup Allow guests accounts true
portus.config.display_name Allow users to have display names false
portus.config.user_permission.change_visibility Users can edit namespace visibility true
portus.config.user_permission.create_team Users can creat teams true
portus.config.user_permission.manage_team Users can edit teams true
portus.config.user_permission.create_namespace Users can create namespaces true
portus.config.user_permission.manage_namespace Users can edit namespaces true Name of Clair server `` Health port Clair is using 6061 Name of ZypperDocker server ``
portus.config.anonymous_browsing Allow anonymous repository browsing true
'portus.config.ldap.enabled Enable ldap authentication false
'portus.config.ldap.url ldap url ``
'portus.config.ldap.port ldap port ``
'portus.config.ldap.method connection method plain
'portus.config.ldap.base base where users are located ``
'portus.config.ldap.uid user filter ``
'portus.config.ldap.authentication.enabled enable authentication for query false
'portus.config.ldap.authentication.bind_dn bind user ``
'portus.config.ldap.authentication.password bind password ``
'portus.config.ldap.guess_email.enabled enable email guessing false
'portus.config.ldap.guess_email.attr attribute inside LDIF record ``
portus.env.log_level log level info
portus.tls.enabled Determines if internal services use tls false
portus.tls.key SSL key for internal services ``
portus.tls.cert SSL certificate for internal services ``
portus.background.enabled Run background Portus jobs true
portus.background.resources.requests.memory Portus background process memory resources 512Mi
portus.background.resources.requests.cpu Portus background process cpu resources 300m
registry.replicas Docker registry deployment replica count 1
registry.mountPath Path uploaded images are stored at /storage
registry.persistence.enabled Docker registry use persistent storage true
registry.persistence.accessMode Docker registry persistence access mode ReadWriteOnce
registry.persistence.capacity Docker registry persistence capacity 10Gi
registry.image.repository Docker registry image repository name library/registry
registry.image.tag Docker registry image tag name latest
registry.image.pullPolicy Docker registry image pull policy IfNotPresent
registry.service.port Docker registry API port 5000
registry.service.debugPort Docker registry debug port 5001
registry.resources.requests.memory Registry deployment memory resources 512Mi
registry.resources.requests.cpu Registry deployment cpu resources 300m
nginx.replicas Nginx deployment replica count 1
nginx.image.repository Nginx image repository name library/nginx
nginx.image.tag Nginx image tag name alpine
nginx.image.pullPolicy Nginx registry image pull policy IfNotPresent Domain name nginx proxy should use ``
nginx.service.type Nginx service type ClusterIP
nginx.service.port Nginx internal port 80
nginx.service.nodePort Nginx external port ``
nginx.ingress.enabled Determines if nginx proxy uses ingress false
nginx.ingress.annotations Nginx ingress annotations {}
nginx.ingress.tls.enabled Determines if ingress uses TLS []
nginx.resources.requests.memory Nginx deployment memory resources 512Mi
nginx.resources.requests.cpu Nginx deployment cpu resources 300m
mariadb.enabled Mariadb chart should be installed true
mariadb.persistence.enabled Mariadb use persistent storage false
mariadb.persistence.accessMode Mariadb persistence access mode ReadWriteOnce
mariadb.persistence.size Mariadb persistence capacity 8Gi
mariadb.mariadbUser Mariadb user account name portus
mariadb.mariadbDatabase Mariadb database name portus

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

$ helm install --name my-release --set portus.replicas=2 incubator/portus

The above command will install Portus with a deployment set up to use two replicas.

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,

$ helm install --name my-release -f values.yaml incubator/portus

Tip: You can use the default values.yaml


The Docker Registry image stores the image data at the .Values.registry.persistence.storagePath path of the container.

Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. See the Configuration section to configure the PVC or to disable persistence.


This chart provides support for ingress resources. If you have an ingress controller installed on your cluster, such as nginx-ingress or traefik you can utilize the ingress controller to service your Portus application.

To enable ingress set nginx.ingress.enabled to true.


The host set in will be set as the host associated with the nginx proxy, which is the entrypoint into both the Portus application, and the Docker registry.


For annotations, please see this document. Not all annotations are supported by all ingress controllers, but this document does a good job of indicating which annotation is supported by many popular ingress controllers.

TLS Secrets

If your cluster allows automatic creation/retrieval of TLS certificates (e.g. kube-lego), please refer to the documentation for that mechanism.

To manually configure TLS for ingress, first create/retrieve a key & certificate pair for the address you wish to protect. Then create a TLS secret in the namespace:

kubectl create secret tls portus-tls --cert=path/to/tls.cert --key=path/to/tls.key

Include the secret's name, along with the desired hostnames, in the nginx.ingress.tls section of your custom values.yaml file.


By default, this chart will use a MariaDB database deployed as a chart dependency. You can also bring your own MariaDB. To do so set mariadb.enabled to false, and set portus.productionHost to the address of the host providing the MariaDB that you would like to use, and portus.productionPassword to the password of the database you would like to use.