cluster-management/applications/harbor/values.yaml

harborAdminPassword: "Harbor12345"
tlsSecretName: "harbor.nationtech.io-tls"

expose:
  type: ingress
  tls:
    enabled: true
    certSource: secret
    secret:
      secretName: "harbor.nationtech.io-tls"
  ingress:
    hosts:
      core: harbor.nationtech.io
    annotations:
      kubernetes.io/ingress.class: nginx
      kubernetes.io/tls-acme: "true"
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
    className: "nginx"
    ports:
      httpPort: 80

persistence:
  enabled: true
  resourcePolicy: "keep"
  persistentVolumeClaim:
    registry:
      subPath: "registry"
      accessMode: ReadWriteOnce
      size: 20Gi
    jobservice:
      jobLog:
        subPath: "jobservice"
        accessMode: ReadWriteOnce
        size: 2Gi
    database:
      subPath: "db"
      accessMode: ReadWriteOnce
      size: 10Gi
    redis:
      subPath: "redis"
      accessMode: ReadWriteOnce
      size: 2Gi
    trivy:
      subPath: "trivy"
      accessMode: ReadWriteOnce
      size: 2Gi
  imageChartStorage:
    disableredirect: false
    type: filesystem
    filesystem:
      rootdirectory: /storage

# Enable Prometheus metrics
metrics:
  enabled: true
  core:
    path: /metrics
    port: 8001
  registry:
    path: /metrics
    port: 8001
  jobservice:
    path: /metrics
    port: 8001
  exporter:
    path: /metrics
    port: 8001
  serviceMonitor:
    enabled: true
    namespace: monitoring
    additionalLabels:
      release: prometheus
    interval: 15s
    metricRelabelings: []
    relabelings: []

# Disable tracing as we're not using Jaeger
trace:
  enabled: false

# Enable internal TLS
internalTLS:
  enabled: true
  strong_ssl_ciphers: true
  certSource: "auto"

# Use internal database for simplicity
database:
  type: internal
  internal:
    password: "changeme"

# Use internal Redis for simplicity
redis:
  type: internal
  internal:
    password: "changeme"

# Enable Trivy scanner
trivy:
  enabled: true
  image:
    repository: goharbor/trivy-adapter-photon
    tag: dev
  replicas: 2
  resources:
    requests:
      cpu: 200m
      memory: 512Mi
    limits:
      cpu: 1
      memory: 1Gi
  vulnType: "os,library"
  severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
  ignoreUnfixed: false
  insecure: false
  skipUpdate: false
  skipJavaDBUpdate: false
  offlineScan: false
  securityCheck: "vuln"
  timeout: 5m0s

# High Availability settings
portal:
  replicas: 2

core:
  replicas: 2

jobservice:
  replicas: 2

registry:
  replicas: 2

chartmuseum:
  replicas: 2

# Logging configuration
log:
  level: info
  local:
    rotateCount: 50
    rotateSize: 200M
    location: /var/log/harbor
  external:
    enabled: true
    endpoint: http://fluentd.logging:24224
    index: harbor
    type: fluentd