dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dev-tools/manifests/harbor/values.yaml
dvirlabs 798d50ebb0 fix: Configure Harbor to use cert-manager instead of auto-generated certs 
- Change Harbor certSource from 'auto' to 'secret'
- Reference stable secret name: harbor-ingress
- Keep cert-manager.io/cluster-issuer annotation for auto certificate management
- Remove harbor-ingress-v2 workaround name
- Add cleanup script and documentation

This fixes IncorrectIssuer error where Harbor's self-signed CA
conflicted with cert-manager's Let's Encrypt certificate management.

Resolves:
- 502 errors due to TLS configuration conflict
- Failed ACME order finalization (orderNotReady)
- Certificate stuck in non-Ready state
- Duplicate certificate issuance attempts
2026-03-21 23:56:21 +02:00

103 lines
2.3 KiB
YAML
Raw Blame History

expose:
type: ingress
tls:
# Enable TLS - cert-manager will manage the certificate
enabled: true
# Use "secret" to reference an existing/external secret managed by cert-manager
# DO NOT use "auto" (Harbor's self-signed CA conflicts with cert-manager)
certSource: secret
secret:
# This secret will be created and managed by cert-manager via the ingress annotation
secretName: "harbor-ingress"
ingress:
className: traefik
annotations:
# cert-manager annotation - will create the certificate automatically
cert-manager.io/cluster-issuer: letsencrypt
# Traefik specific annotations for HTTPS routing
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
core: harbor.dvirlabs.com
notary: notary.dvirlabs.com
externalURL: https://harbor.dvirlabs.com
harborAdminPassword: "SuperSecurePassword123"
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 400Gi
chartmuseum:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 5Gi
jobservice:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 1Gi
database:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 5Gi
redis:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 5Gi
trivy:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 10Gi
database:
type: internal
trivy:
enabled: true
metrics:
enabled: true
core:
enabled: true
path: /metrics
port: 8001
exporter:
enabled: true
path: /metrics
port: 8001
jobservice:
enabled: true
path: /metrics
port: 8001
registry:
enabled: true
path: /metrics
port: 8001
exporter:
enabled: true
cache:
enabled: true
nodeSelector:
workload: general
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: workload
operator: In
values:
- general
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
Reference in New Issue View Git Blame Copy Permalink