dvirlabs
07797d7618
- Remove cert-manager annotation (manual TLS secret) - Reference harbor-ingress secret (Cloudflare Origin CA) - Keep stable resource names for clean March 23 switchover - Cloudflare-trusted certificate enables proxy mode Phase 2 (March 23): Add cert-manager annotation back for Let's Encrypt
103 lines
2.2 KiB
YAML
103 lines
2.2 KiB
YAML
expose:
|
|
type: ingress
|
|
tls:
|
|
# Enable TLS with external secret (Cloudflare Origin Certificate for now)
|
|
enabled: true
|
|
# Use "secret" to reference pre-created TLS secret
|
|
certSource: secret
|
|
secret:
|
|
# Secret created manually with Cloudflare Origin Certificate
|
|
# Will be managed by cert-manager after March 23
|
|
secretName: "harbor-ingress"
|
|
ingress:
|
|
className: traefik
|
|
annotations:
|
|
# NO cert-manager annotation during Phase 1 (manual certificate)
|
|
# Add back on March 23 for automatic Let's Encrypt management
|
|
# Traefik specific annotations for HTTPS routing
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
hosts:
|
|
core: harbor.dvirlabs.com
|
|
notary: notary.dvirlabs.com
|
|
|
|
externalURL: https://harbor.dvirlabs.com
|
|
|
|
harborAdminPassword: "SuperSecurePassword123"
|
|
|
|
persistence:
|
|
enabled: true
|
|
resourcePolicy: "keep"
|
|
persistentVolumeClaim:
|
|
registry:
|
|
storageClass: nfs-client
|
|
accessMode: ReadWriteOnce
|
|
size: 400Gi
|
|
chartmuseum:
|
|
storageClass: nfs-client
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
jobservice:
|
|
storageClass: nfs-client
|
|
accessMode: ReadWriteOnce
|
|
size: 1Gi
|
|
database:
|
|
storageClass: nfs-client
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
redis:
|
|
storageClass: nfs-client
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
trivy:
|
|
storageClass: nfs-client
|
|
accessMode: ReadWriteOnce
|
|
size: 10Gi
|
|
|
|
database:
|
|
type: internal
|
|
|
|
trivy:
|
|
enabled: true
|
|
|
|
metrics:
|
|
enabled: true
|
|
core:
|
|
enabled: true
|
|
path: /metrics
|
|
port: 8001
|
|
exporter:
|
|
enabled: true
|
|
path: /metrics
|
|
port: 8001
|
|
jobservice:
|
|
enabled: true
|
|
path: /metrics
|
|
port: 8001
|
|
registry:
|
|
enabled: true
|
|
path: /metrics
|
|
port: 8001
|
|
|
|
exporter:
|
|
enabled: true
|
|
|
|
|
|
|
|
cache:
|
|
enabled: true
|
|
|
|
nodeSelector:
|
|
workload: general
|
|
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: workload
|
|
operator: In
|
|
values:
|
|
- general
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: DoesNotExist |