79 lines
2.0 KiB
YAML
79 lines
2.0 KiB
YAML
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: harbor
|
|
namespace: harbor
|
|
spec:
|
|
interval: 10m
|
|
timeout: 15m
|
|
chart:
|
|
spec:
|
|
chart: harbor
|
|
version: "1.16.x"
|
|
sourceRef:
|
|
kind: HelmRepository
|
|
name: harbor
|
|
namespace: flux-system
|
|
install:
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
remediation:
|
|
retries: 3
|
|
remediateLastFailure: true
|
|
values:
|
|
externalURL: https://harbor.n0ball.tw
|
|
expose:
|
|
type: ingress
|
|
tls:
|
|
enabled: true
|
|
certSource: secret
|
|
secret:
|
|
secretName: harbor-tls
|
|
ingress:
|
|
hosts:
|
|
core: harbor.n0ball.tw
|
|
className: traefik
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: "n0ball-tw-issuer"
|
|
persistence:
|
|
enabled: true
|
|
persistentVolumeClaim:
|
|
registry:
|
|
storageClass: longhorn
|
|
size: 20Gi
|
|
jobservice:
|
|
jobLog:
|
|
storageClass: longhorn
|
|
size: 1Gi
|
|
existingSecretAdminPassword: harbor-admin-secret
|
|
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
|
|
database:
|
|
type: external
|
|
external:
|
|
host: pgbouncer.default.svc.cluster.local
|
|
port: "6432"
|
|
username: harbor
|
|
coreDatabase: harbor
|
|
existingSecret: harbor-db-secret
|
|
sslmode: disable
|
|
redis:
|
|
type: internal
|
|
existingSecretSecretKey: harbor-secret-key
|
|
core:
|
|
configureUserSettings: |
|
|
{
|
|
"auth_mode": "oidc_auth",
|
|
"oidc_name": "Keycloak",
|
|
"oidc_endpoint": "https://keycloak.n0ball.tw/realms/homelab",
|
|
"oidc_client_id": "harbor",
|
|
"oidc_client_secret": "3YuRQxgMI3j0CG/Gb95c2AvksYD8dOCV",
|
|
"oidc_groups_claim": "groups",
|
|
"oidc_scope": "openid,profile,email",
|
|
"oidc_auto_onboard": true,
|
|
"oidc_admin_group": "harbor-admins",
|
|
"self_registration": false
|
|
}
|
|
trivy:
|
|
enabled: true
|