ci: remove remaining ghcr-credentials from inttest seed/minio pod overrides

pipelines/runmefirst.sh

@@ -15,7 +15,7 @@ GITEA_API="http://10.1.1.12:30300/api/v1"
 # 1. Create namespaces
 # -------------------------------------------------------
 echo "--- Step 1: Creating namespaces ---"
-for ns in woodpecker argocd kargo stonks-beta stonks-paper; do
+for ns in woodpecker argocd kargo stonks-beta stonks-paper harbor-service; do
   kubectl create namespace "$ns" --dry-run=client -o yaml | kubectl apply -f -
   echo "  ✓ namespace/$ns"
 done
@@ -27,7 +27,7 @@ echo ""
 echo "--- Step 2: Proxy CA cert and Kyverno policies ---"
 CA_CERT_PATH="${SCRIPT_DIR}/home.crt"
 curl -sf http://192.168.42.1/home.crt -o "$CA_CERT_PATH"
-for ns in woodpecker argocd kargo; do
+for ns in woodpecker argocd kargo harbor-service; do
   if ! kubectl get configmap proxy-ca-cert -n "$ns" > /dev/null 2>&1; then
     kubectl create configmap proxy-ca-cert --from-file=ca.crt="$CA_CERT_PATH" -n "$ns"
     echo "  ✓ proxy-ca-cert created in $ns"
@@ -55,9 +55,65 @@ echo "--- Step 3: Applying NFS PersistentVolumes ---"
 kubectl apply -f pvs/argocd-pv.yaml
 kubectl apply -f pvs/kargo-pv.yaml
 kubectl apply -f pvs/woodpecker-pv.yaml
+kubectl apply -f pvs/harbor-pv.yaml
 echo "  ✓ PVs applied"
 echo ""
 
+# -------------------------------------------------------
+# 3b. Install Harbor container registry
+# -------------------------------------------------------
+echo "--- Step 3b: Installing Harbor ---"
+kubectl create namespace harbor-service --dry-run=client -o yaml | kubectl apply -f -
+
+# Remove old plain Docker Registry ingress (registry.celestium.life) if it exists
+# Harbor will take over that domain
+if kubectl get ingress registry-ingress -n git-server > /dev/null 2>&1; then
+  echo "  Removing old registry ingress from git-server namespace..."
+  kubectl delete ingress registry-ingress -n git-server
+  echo "  ✓ Old registry ingress removed"
+fi
+
+# Create NFS directories on the NAS (via a temporary pod)
+echo "  Ensuring NFS directories exist..."
+ssh root@gremlin-1 "
+  mkdir -p /tmp/harbor-nfs-init
+  mount -t nfs 192.168.42.8:/volume1/Kubernetes/harbor /tmp/harbor-nfs-init 2>/dev/null || true
+  mkdir -p /tmp/harbor-nfs-init/data/registry
+  mkdir -p /tmp/harbor-nfs-init/data/database
+  mkdir -p /tmp/harbor-nfs-init/data/redis
+  mkdir -p /tmp/harbor-nfs-init/data/jobservice
+  mkdir -p /tmp/harbor-nfs-init/data/trivy
+  umount /tmp/harbor-nfs-init 2>/dev/null || true
+  rmdir /tmp/harbor-nfs-init 2>/dev/null || true
+" 2>/dev/null || echo "  ⚠ Could not create NFS dirs via SSH (non-fatal, they may already exist)"
+
+# Apply PVCs
+kubectl apply -f harbor/pvcs.yaml
+echo "  ✓ Harbor PVCs applied"
+
+# Install/upgrade Harbor via Helm
+helm repo add harbor https://helm.goharbor.io 2>/dev/null || true
+helm repo update harbor 2>/dev/null || true
+
+HARBOR_EXISTS=$(helm list -n harbor-service -q 2>/dev/null | grep -c harbor || true)
+if [ "${HARBOR_EXISTS:-0}" -gt 0 ]; then
+  echo "  Harbor already installed — upgrading..."
+else
+  echo "  Fresh Harbor install..."
+fi
+
+helm upgrade --install harbor harbor/harbor \
+  --namespace harbor-service \
+  --values harbor/values.yaml \
+  --timeout 10m \
+  --wait
+
+echo "  Waiting for Harbor core to be ready..."
+kubectl wait --for=condition=ready pod -l app=harbor,component=core -n harbor-service --timeout=180s > /dev/null 2>&1 || true
+echo "  ✓ Harbor installed at https://registry.celestium.life"
+echo "    Default login: admin / St0nks0racl3!"
+echo ""
+
 # -------------------------------------------------------
 # 4. Configure Gitea (admin user, repo, webhook config)
 # -------------------------------------------------------
@@ -246,6 +302,7 @@ echo ""
 echo "=== Pipeline Infrastructure Install Complete ==="
 echo ""
 echo "Endpoints:"
+echo "  Harbor:        https://registry.celestium.life"
 echo "  Woodpecker CI: https://stonks-ci.celestium.life"
 echo "  ArgoCD:        https://stonks-argocd.celestium.life"
 echo "  Kargo:         https://stonks-kargo.celestium.life"