mirror of
https://github.com/SamyRai/turash.git
synced 2025-12-26 23:01:33 +00:00
145 lines
3.0 KiB
YAML
145 lines
3.0 KiB
YAML
# Harbor Configuration for k3s/containerd
|
|
# Optimized for production use with Woodpecker and ArgoCD
|
|
|
|
expose:
|
|
type: ingress
|
|
ingress:
|
|
className: traefik
|
|
hosts:
|
|
core: registry.bk.glpx.pro
|
|
notary: notary.bk.glpx.pro
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
tls:
|
|
enabled: true
|
|
certSource: secret
|
|
secret:
|
|
secretName: harbor-tls
|
|
notarySecretName: notary-tls
|
|
|
|
# External URL
|
|
externalURL: https://registry.bk.glpx.pro
|
|
|
|
# Persistence - using Longhorn Fast
|
|
persistence:
|
|
persistentVolumeClaim:
|
|
registry:
|
|
existingClaim: ""
|
|
storageClass: "longhorn-fast"
|
|
accessMode: ReadWriteOnce
|
|
size: 50Gi
|
|
chartmuseum:
|
|
existingClaim: ""
|
|
storageClass: "longhorn-fast"
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
jobservice:
|
|
existingClaim: ""
|
|
storageClass: "longhorn-fast"
|
|
accessMode: ReadWriteOnce
|
|
size: 1Gi
|
|
# Database storage not needed - using external PostgreSQL
|
|
redis:
|
|
existingClaim: ""
|
|
storageClass: "longhorn-fast"
|
|
accessMode: ReadWriteOnce
|
|
size: 2Gi
|
|
trivy:
|
|
existingClaim: ""
|
|
storageClass: "longhorn-fast"
|
|
accessMode: ReadWriteOnce
|
|
size: 5Gi
|
|
|
|
# Harbor Core Configuration
|
|
harborAdminPassword: "nVbR0IZv02zdZaM1zqjOz8FVbdzmXlEUaOb59D5Bkz0="
|
|
secretKey: "TseX7sE/+7Luy2DHvE024/nqG1JaDt6usDNiW71ZV/8="
|
|
|
|
# Database - using external PostgreSQL from infra namespace
|
|
database:
|
|
type: external
|
|
external:
|
|
host: infra-postgres-rw.data.svc.cluster.local
|
|
port: "5432"
|
|
username: "app"
|
|
password: "RXMPNHkY/Pnh54xz825MjCukUgo1XTKDk4ehbrMEOx8="
|
|
coreDatabase: "harbor"
|
|
sslmode: "disable"
|
|
# Connection pool settings
|
|
maxIdleConns: 100
|
|
maxOpenConns: 900
|
|
|
|
# Redis - using internal Redis
|
|
redis:
|
|
type: internal
|
|
internal:
|
|
image:
|
|
repository: goharbor/redis-photon
|
|
tag: v2.11.0
|
|
|
|
# Registry Configuration
|
|
registry:
|
|
registry:
|
|
image:
|
|
repository: goharbor/registry-photon
|
|
tag: v2.10.0
|
|
controller:
|
|
image:
|
|
repository: goharbor/harbor-registryctl
|
|
tag: v2.10.0
|
|
|
|
# Trivy Scanner (vulnerability scanning)
|
|
trivy:
|
|
enabled: true
|
|
storage:
|
|
size: 5Gi
|
|
|
|
# Notary (content trust)
|
|
notary:
|
|
enabled: true
|
|
|
|
# Chartmuseum (Helm charts)
|
|
chartmuseum:
|
|
enabled: false # Disable if not using Helm charts
|
|
|
|
# Job Service
|
|
jobservice:
|
|
replicas: 1
|
|
maxJobWorkers: 10
|
|
|
|
# Core Service
|
|
core:
|
|
replicas: 2
|
|
image:
|
|
repository: goharbor/harbor-core
|
|
tag: v2.11.0
|
|
|
|
# Proxy Configuration
|
|
proxy:
|
|
noProxy: "127.0.0.1,localhost,.local,.internal,kubernetes.default.svc,.svc,.svc.cluster.local"
|
|
|
|
# Metrics
|
|
metrics:
|
|
enabled: true
|
|
core:
|
|
path: /metrics
|
|
port: 8001
|
|
registry:
|
|
path: /metrics
|
|
port: 8001
|
|
jobservice:
|
|
path: /metrics
|
|
port: 8001
|
|
exporter:
|
|
path: /metrics
|
|
port: 8001
|
|
|
|
# Logging
|
|
logLevel: info
|
|
|
|
# Update Strategy
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
|