expose: type: ingress tls: # Enable TLS with external secret (Cloudflare Origin Certificate for now) enabled: true # Use "secret" to reference pre-created TLS secret certSource: secret secret: # Secret created manually with Cloudflare Origin Certificate # Will be managed by cert-manager after March 23 secretName: "harbor-ingress" ingress: className: traefik annotations: # NO cert-manager annotation during Phase 1 (manual certificate) # Add back on March 23 for automatic Let's Encrypt management # Traefik specific annotations for HTTPS routing traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" hosts: core: harbor.dvirlabs.com notary: notary.dvirlabs.com externalURL: https://harbor.dvirlabs.com harborAdminPassword: "SuperSecurePassword123" persistence: enabled: true resourcePolicy: "keep" persistentVolumeClaim: registry: storageClass: nfs-client accessMode: ReadWriteOnce size: 400Gi chartmuseum: storageClass: nfs-client accessMode: ReadWriteOnce size: 5Gi jobservice: storageClass: nfs-client accessMode: ReadWriteOnce size: 1Gi database: storageClass: nfs-client accessMode: ReadWriteOnce size: 5Gi redis: storageClass: nfs-client accessMode: ReadWriteOnce size: 5Gi trivy: storageClass: nfs-client accessMode: ReadWriteOnce size: 10Gi database: type: internal trivy: enabled: true metrics: enabled: true core: enabled: true path: /metrics port: 8001 exporter: enabled: true path: /metrics port: 8001 jobservice: enabled: true path: /metrics port: 8001 registry: enabled: true path: /metrics port: 8001 exporter: enabled: true cache: enabled: true nodeSelector: workload: general affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: workload operator: In values: - general - key: node-role.kubernetes.io/control-plane operator: DoesNotExist