dvirlabs/dev-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dev-tools/manifests/harbor/values.yaml
dvirlabs a76c330d32 fix: Switch Harbor to Let's Encrypt staging to bypass rate limit 
Rate limit error: 429 too many certificates (5) issued for harbor.dvirlabs.com
Must wait until March 23, 2026 07:00:21 UTC before using production again.

Changes:
- Created letsencrypt-staging ClusterIssuer
- Updated Harbor to use staging issuer temporarily
- Deleted failed certificate resources

After March 23, change cert-manager.io/cluster-issuer back to 'letsencrypt'
2026-03-22 00:00:59 +02:00

103 lines
2.3 KiB
YAML
Raw Blame History

expose:
type: ingress
tls:
# Enable TLS - cert-manager will manage the certificate
enabled: true
# Use "secret" to reference an existing/external secret managed by cert-manager
# DO NOT use "auto" (Harbor's self-signed CA conflicts with cert-manager)
certSource: secret
secret:
# This secret will be created and managed by cert-manager via the ingress annotation
secretName: "harbor-ingress"
ingress:
className: traefik
annotations:
# TEMPORARY: Using staging to avoid rate limits (switch back to 'letsencrypt' after March 23, 2026)
cert-manager.io/cluster-issuer: letsencrypt-staging
# Traefik specific annotations for HTTPS routing
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
core: harbor.dvirlabs.com
notary: notary.dvirlabs.com
externalURL: https://harbor.dvirlabs.com
harborAdminPassword: "SuperSecurePassword123"
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 400Gi
chartmuseum:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 5Gi
jobservice:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 1Gi
database:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 5Gi
redis:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 5Gi
trivy:
storageClass: nfs-client
accessMode: ReadWriteOnce
size: 10Gi
database:
type: internal
trivy:
enabled: true
metrics:
enabled: true
core:
enabled: true
path: /metrics
port: 8001
exporter:
enabled: true
path: /metrics
port: 8001
jobservice:
enabled: true
path: /metrics
port: 8001
registry:
enabled: true
path: /metrics
port: 8001
exporter:
enabled: true
cache:
enabled: true
nodeSelector:
workload: general
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: workload
operator: In
values:
- general
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
Reference in New Issue View Git Blame Copy Permalink