expose:
  type: ingress
  tls:
    enabled: true
    certSource: secret
    secret:
      secretName: harbor-ingress
  ingress:
    className: traefik
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"
    hosts:
      core: harbor.dvirlabs.com

externalURL: https://harbor.dvirlabs.com

harborAdminPassword: "Harbor12345"

core:
  configureUserSettings: |
    {
      "auth_mode": "oidc_auth",
      "oidc_name": "keycloak",
      "oidc_endpoint": "https://keycloak.dvirlabs.com/realms/lab",
      "oidc_client_id": "harbor",
      "oidc_client_secret": "XWYmXRJufVHEXncdrVLPIeQWgyBnuq4v",
      "oidc_scope": "openid,profile,email",
      "oidc_verify_cert": true,
      "oidc_auto_onboard": true,
      "oidc_user_claim": "preferred_username",
      "oidc_groups_claim": "groups"
    }

notary:
  enabled: false

persistence:
  enabled: true
  resourcePolicy: keep
  persistentVolumeClaim:
    registry:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 400Gi
    jobservice:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 1Gi
    database:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 5Gi
    redis:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 5Gi
    trivy:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 10Gi

database:
  type: internal

redis:
  type: internal

trivy:
  enabled: true

metrics:
  enabled: false

exporter:
  enabled: false

cache:
  enabled: false

nodeSelector:
  workload: general

affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: workload
              operator: In
              values:
                - general
            - key: node-role.kubernetes.io/control-plane
              operator: DoesNotExist
            - key: gpu
              operator: DoesNotExist