expose:
  type: ingress
  ingress:
    hosts:
      core: harbor.dvirlabs.com
      notary: notary.dvirlabs.com
    className: traefik
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"
    tls:
      enabled: false  # Let Cloudflare handle TLS

externalURL: https://harbor.dvirlabs.com

harborAdminPassword: "SuperSecurePassword123"

persistence:
  enabled: true
  resourcePolicy: "keep"
  persistentVolumeClaim:
    registry:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 400Gi
    chartmuseum:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 1Gi
    database:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 5Gi
    redis:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 5Gi
    trivy:
      storageClass: nfs-client
      accessMode: ReadWriteOnce
      size: 10Gi

database:
  type: internal

trivy:
  enabled: true

metrics:
  enabled: true
  core:
    enabled: true
    path: /metrics
    port: 8001
  exporter:
    enabled: true
    path: /metrics
    port: 8001
  jobservice:
    enabled: true
    path: /metrics
    port: 8001
  registry:
    enabled: true
    path: /metrics
    port: 8001

exporter:
  enabled: true



cache:
  enabled: true

nodeSelector:
  workload: general

affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: workload
              operator: In
              values:
                - general
            - key: node-role.kubernetes.io/control-plane
              operator: DoesNotExist