# Harbor Helm values — Stonks Oracle registry # Domain: registry.celestium.life # Ingress: Traefik with cert-manager (letsencrypt-prod) # Storage: NFS PVs on 192.168.42.8 expose: type: ingress tls: enabled: true certSource: secret secret: secretName: harbor-tls ingress: hosts: core: registry.celestium.life controller: default className: traefik annotations: cert-manager.io/cluster-issuer: celestium-le-production traefik.ingress.kubernetes.io/router.entrypoints: websecure ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/proxy-body-size: "0" externalURL: https://registry.celestium.life # Proxy CA cert for Squid SSL bump — required for proxy cache to reach Docker Hub/GHCR caBundleSecretName: harbor-ca-bundle # Initial admin password — change after first login harborAdminPassword: "St0nks0racl3!" # Use internal database and redis (bundled with Harbor) database: type: internal redis: type: internal persistence: enabled: true resourcePolicy: "keep" persistentVolumeClaim: registry: existingClaim: harbor-registry-pvc size: 100Gi jobservice: jobLog: existingClaim: harbor-jobservice-pvc size: 2Gi database: existingClaim: harbor-database-pvc size: 5Gi redis: existingClaim: harbor-redis-pvc size: 2Gi trivy: storageClass: longhorn size: 5Gi # Trivy vulnerability scanner trivy: enabled: true # Metrics for Prometheus (optional, enable if you have monitoring) metrics: enabled: false # Resource limits — conservative for a 4-node cluster core: resources: requests: cpu: 100m memory: 256Mi limits: cpu: 1000m memory: 512Mi jobservice: resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi registry: resources: requests: cpu: 100m memory: 256Mi limits: cpu: 1000m memory: 1Gi portal: resources: requests: cpu: 50m memory: 128Mi limits: cpu: 500m memory: 256Mi