Celes Renata
be526ae614
- Added pipelineEnabled flag to Helm values (default: true) - Worker services (scheduler, ingestion, parser, extractor, aggregation, recommendation, broker-adapter, lake-publisher) scale to 0 when disabled - API services always run regardless of toggle - Redis-based runtime toggle: POST /api/ops/pipeline/toggle - Scheduler checks the flag before each cycle - Frontend: green/red Pipeline ON/OFF button on the pipeline page - Beta defaults to pipelineEnabled: false - Base values.yaml: blanked external URLs (Ollama, Polygon, Alpaca) so stages only connect to what they explicitly configure
109 lines
2.2 KiB
YAML
109 lines
2.2 KiB
YAML
# Harbor Helm values — Stonks Oracle registry
|
|
# Domain: registry.celestium.life
|
|
# Ingress: Traefik with cert-manager (letsencrypt-prod)
|
|
# Storage: NFS PVs on 192.168.42.8
|
|
|
|
expose:
|
|
type: ingress
|
|
tls:
|
|
enabled: true
|
|
certSource: secret
|
|
secret:
|
|
secretName: harbor-tls
|
|
ingress:
|
|
hosts:
|
|
core: registry.celestium.life
|
|
controller: default
|
|
className: traefik
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: celestium-le-production
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
ingress.kubernetes.io/ssl-redirect: "true"
|
|
ingress.kubernetes.io/proxy-body-size: "0"
|
|
|
|
externalURL: https://registry.celestium.life
|
|
|
|
# Proxy CA cert for Squid SSL bump — required for proxy cache to reach Docker Hub/GHCR
|
|
caBundleSecretName: harbor-ca-bundle
|
|
|
|
# Initial admin password — change after first login
|
|
harborAdminPassword: "St0nks0racl3!"
|
|
|
|
# Use internal database and redis (bundled with Harbor)
|
|
database:
|
|
type: internal
|
|
|
|
redis:
|
|
type: internal
|
|
|
|
persistence:
|
|
enabled: true
|
|
resourcePolicy: "keep"
|
|
persistentVolumeClaim:
|
|
registry:
|
|
existingClaim: harbor-registry-pvc
|
|
size: 100Gi
|
|
jobservice:
|
|
jobLog:
|
|
existingClaim: harbor-jobservice-pvc
|
|
size: 2Gi
|
|
database:
|
|
existingClaim: harbor-database-pvc
|
|
size: 5Gi
|
|
redis:
|
|
existingClaim: harbor-redis-pvc
|
|
size: 2Gi
|
|
trivy:
|
|
storageClass: longhorn
|
|
size: 5Gi
|
|
|
|
# Trivy vulnerability scanner
|
|
trivy:
|
|
enabled: true
|
|
|
|
# Metrics for Prometheus (optional, enable if you have monitoring)
|
|
metrics:
|
|
enabled: false
|
|
|
|
# Enable Redis cache layer for faster manifest lookups (avoids upstream checks)
|
|
cache:
|
|
enabled: true
|
|
expireHours: 24
|
|
|
|
# Resource limits — conservative for a 4-node cluster
|
|
core:
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 512Mi
|
|
|
|
jobservice:
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 512Mi
|
|
|
|
registry:
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
|
|
portal:
|
|
resources:
|
|
requests:
|
|
cpu: 50m
|
|
memory: 128Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 256Mi
|