# Harbor Configuration for k3s/containerd
# Optimized for production use with Woodpecker and ArgoCD

expose:
  type: ingress
  ingress:
    className: traefik
    hosts:
      core: registry.bk.glpx.pro
      notary: notary.bk.glpx.pro
    annotations:
      cert-manager.io/cluster-issuer: letsencrypt-prod
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"
    tls:
      enabled: true
      certSource: secret
      secret:
        secretName: harbor-tls
        notarySecretName: notary-tls

# External URL
externalURL: https://registry.bk.glpx.pro

# Persistence - using Longhorn Fast
persistence:
  persistentVolumeClaim:
    registry:
      existingClaim: ""
      storageClass: "longhorn-fast"
      accessMode: ReadWriteOnce
      size: 50Gi
    chartmuseum:
      existingClaim: ""
      storageClass: "longhorn-fast"
      accessMode: ReadWriteOnce
      size: 5Gi
    jobservice:
      existingClaim: ""
      storageClass: "longhorn-fast"
      accessMode: ReadWriteOnce
      size: 1Gi
    # Database storage not needed - using external PostgreSQL
    redis:
      existingClaim: ""
      storageClass: "longhorn-fast"
      accessMode: ReadWriteOnce
      size: 2Gi
    trivy:
      existingClaim: ""
      storageClass: "longhorn-fast"
      accessMode: ReadWriteOnce
      size: 5Gi

# Harbor Core Configuration
harborAdminPassword: "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0="
secretKey: "TseX7sE/+7Luy2DHvE024/nqG1JaDt6usDNiW71ZV/8="

# Database - using external PostgreSQL from infra namespace
database:
  type: external
  external:
    host: infra-postgres-rw.data.svc.cluster.local
    port: "5432"
    username: "app"
    password: "RXMPNHkY/Pnh54xz825MjCukUgo1XTKDk4ehbrMEOx8="
    coreDatabase: "harbor"
    sslmode: "disable"
  # Connection pool settings
  maxIdleConns: 100
  maxOpenConns: 900

# Redis - using internal Redis
redis:
  type: internal
  internal:
    image:
      repository: goharbor/redis-photon
      tag: v2.11.0

# Registry Configuration
registry:
  registry:
    image:
      repository: goharbor/registry-photon
      tag: v2.10.0
  controller:
    image:
      repository: goharbor/harbor-registryctl
      tag: v2.10.0

# Trivy Scanner (vulnerability scanning)
trivy:
  enabled: true
  storage:
    size: 5Gi

# Notary (content trust)
notary:
  enabled: true

# Chartmuseum (Helm charts)
chartmuseum:
  enabled: false  # Disable if not using Helm charts

# Job Service
jobservice:
  replicas: 1
  maxJobWorkers: 10

# Core Service
core:
  replicas: 2
  image:
    repository: goharbor/harbor-core
    tag: v2.11.0

# Proxy Configuration
proxy:
  noProxy: "127.0.0.1,localhost,.local,.internal,kubernetes.default.svc,.svc,.svc.cluster.local"

# Metrics
metrics:
  enabled: true
  core:
    path: /metrics
    port: 8001
  registry:
    path: /metrics
    port: 8001
  jobservice:
    path: /metrics
    port: 8001
  exporter:
    path: /metrics
    port: 8001

# Logging
logLevel: info

# Update Strategy
updateStrategy:
  type: RollingUpdate