ci: clear proxy env in minio-bucket-init, capture seed pod logs on failure

infra/inttest/minio.yaml

@@ -145,6 +145,10 @@ spec:
               memory: 128Mi
           command: ["/bin/sh", "-c"]
           env:
+            - name: HTTP_PROXY
+              value: ""
+            - name: HTTPS_PROXY
+              value: ""
             - name: NO_PROXY
               value: "minio,.local,10.0.0.0/8,192.168.0.0/16"
             - name: no_proxy

infra/inttest/run_pipeline.sh

@@ -333,7 +333,6 @@ log "Seeding sandbox database ..."
 if ! kubectl run seed-sandbox \
     --image="$SEED_IMAGE" \
     --restart=Never \
-    --rm \
     --attach \
     --pod-running-timeout=5m \
     --namespace="$NAMESPACE" \
@@ -355,7 +354,9 @@ if ! kubectl run seed-sandbox \
     --env="MINIO_SECRET_KEY=minioadmin" \
     --command -- python -m tests.integration.seed_sandbox; then
   log "FATAL: Database seed failed"
-  debug_pod_failure "seed-sandbox" "run=seed-sandbox"
+  log "Seed pod logs:"
+  kubectl logs seed-sandbox -n "$NAMESPACE" --tail=50 2>&1 || true
+  kubectl delete pod seed-sandbox -n "$NAMESPACE" --ignore-not-found > /dev/null 2>&1 || true
   stage_fail "seed_data"
   PIPELINE_EXIT_CODE=2
   exit 2

pipelines/harbor/pvcs.yaml

@@ -48,8 +48,7 @@ spec:
   resources:
     requests:
       storage: 5Gi
-  storageClassName: ""
+  storageClassName: longhorn
-  volumeName: harbor-database-pv
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim

pipelines/harbor/values.yaml

@@ -16,13 +16,16 @@ expose:
     controller: default
     className: traefik
     annotations:
-      cert-manager.io/cluster-issuer: letsencrypt-prod
+      cert-manager.io/cluster-issuer: celestium-le-production
       traefik.ingress.kubernetes.io/router.entrypoints: websecure
       ingress.kubernetes.io/ssl-redirect: "true"
       ingress.kubernetes.io/proxy-body-size: "0"
 
 externalURL: https://registry.celestium.life
 
+# Proxy CA cert for Squid SSL bump — required for proxy cache to reach Docker Hub/GHCR
+caBundleSecretName: harbor-ca-bundle
+
 # Initial admin password — change after first login
 harborAdminPassword: "St0nks0racl3!"
 
@@ -51,7 +54,7 @@ persistence:
       existingClaim: harbor-redis-pvc
       size: 2Gi
     trivy:
-      existingClaim: harbor-trivy-pvc
+      storageClass: longhorn
       size: 5Gi
 
 # Trivy vulnerability scanner

pipelines/pvs/harbor-pv.yaml

@@ -20,23 +20,6 @@ spec:
 ---
 apiVersion: v1
 kind: PersistentVolume
-metadata:
-  name: harbor-database-pv
-  labels:
-    app: harbor
-    component: database
-spec:
-  capacity:
-    storage: 5Gi
-  accessModes:
-    - ReadWriteOnce
-  persistentVolumeReclaimPolicy: Retain
-  nfs:
-    server: 192.168.42.8
-    path: /volume1/Kubernetes/harbor/data/database
----
-apiVersion: v1
-kind: PersistentVolume
 metadata:
   name: harbor-redis-pv
   labels: