diff --git a/argocd-apps/harbor.yaml b/argocd-apps/harbor.yaml
index 4135d85..6b18d43 100644
--- a/argocd-apps/harbor.yaml
+++ b/argocd-apps/harbor.yaml
@@ -17,7 +17,7 @@ spec:
   destination:
     server: https://kubernetes.default.svc
     namespace: dev-tools
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
+  # syncPolicy:
+  #   automated:
+  #     prune: true
+  #     selfHeal: true
diff --git a/manifests/harbor/values.yaml b/manifests/harbor/values.yaml
index 9b46b5a..afd309c 100644
--- a/manifests/harbor/values.yaml
+++ b/manifests/harbor/values.yaml
@@ -1,42 +1,34 @@
 expose:
   type: ingress
   tls:
-    # Enable TLS with external secret (Cloudflare Origin Certificate for now)
     enabled: true
-    # Use "secret" to reference pre-created TLS secret
     certSource: secret
     secret:
-      # Secret created manually with Cloudflare Origin Certificate
-      # Will be managed by cert-manager after March 23
-      secretName: "harbor-ingress"
+      secretName: harbor-ingress
   ingress:
     className: traefik
     annotations:
-      # NO cert-manager annotation during Phase 1 (manual certificate)
-      # Add back on March 23 for automatic Let's Encrypt management
-      # Traefik specific annotations for HTTPS routing
+      cert-manager.io/cluster-issuer: letsencrypt
       traefik.ingress.kubernetes.io/router.entrypoints: websecure
       traefik.ingress.kubernetes.io/router.tls: "true"
     hosts:
       core: harbor.dvirlabs.com
-      notary: notary.dvirlabs.com
 
 externalURL: https://harbor.dvirlabs.com
 
 harborAdminPassword: "SuperSecurePassword123"
 
+notary:
+  enabled: false
+
 persistence:
   enabled: true
-  resourcePolicy: "keep"
+  resourcePolicy: keep
   persistentVolumeClaim:
     registry:
       storageClass: nfs-client
       accessMode: ReadWriteOnce
       size: 400Gi
-    chartmuseum:
-      storageClass: nfs-client
-      accessMode: ReadWriteOnce
-      size: 5Gi
     jobservice:
       storageClass: nfs-client
       accessMode: ReadWriteOnce
@@ -57,33 +49,18 @@ persistence:
 database:
   type: internal
 
+redis:
+  type: internal
+
 trivy:
   enabled: true
 
 metrics:
   enabled: true
-  core:
-    enabled: true
-    path: /metrics
-    port: 8001
-  exporter:
-    enabled: true
-    path: /metrics
-    port: 8001
-  jobservice:
-    enabled: true
-    path: /metrics
-    port: 8001
-  registry:
-    enabled: true
-    path: /metrics
-    port: 8001
 
 exporter:
   enabled: true
 
-
-
 cache:
   enabled: true