# services/harbor/helmrelease.yaml apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: name: harbor namespace: harbor spec: interval: 10m timeout: 10m chart: spec: chart: harbor version: 1.18.1 sourceRef: kind: HelmRepository name: harbor namespace: flux-system values: externalURL: https://registry.bstein.dev expose: type: ingress tls: enabled: true certSource: secret secret: secretName: registry-bstein-dev-tls ingress: className: traefik annotations: cert-manager.io/cluster-issuer: letsencrypt traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" hosts: core: registry.bstein.dev persistence: enabled: true resourcePolicy: keep persistentVolumeClaim: registry: existingClaim: harbor-registry accessMode: ReadWriteOnce size: 50Gi jobservice: jobLog: existingClaim: harbor-jobservice-logs accessMode: ReadWriteOnce size: 5Gi imageChartStorage: type: filesystem filesystem: rootdirectory: /storage database: type: external external: host: postgres-service.postgres.svc.cluster.local port: "5432" username: harbor coreDatabase: harbor existingSecret: harbor-db sslmode: disable redis: type: internal affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: [ "rpi4", "rpi5" ] preferredDuringSchedulingIgnoredDuringExecution: - weight: 90 preference: matchExpressions: - key: hardware operator: In values: [ "rpi4" ] - weight: 10 preference: matchExpressions: - key: hardware operator: In values: [ "rpi5" ] trivy: enabled: false metrics: enabled: false cache: enabled: false existingSecretAdminPassword: harbor-core existingSecretAdminPasswordKey: harbor_admin_password existingSecretSecretKey: harbor-core core: existingSecret: harbor-core existingXsrfSecret: harbor-core existingXsrfSecretKey: CSRF_KEY affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: [ "rpi4", "rpi5" ] preferredDuringSchedulingIgnoredDuringExecution: - weight: 90 preference: matchExpressions: - key: hardware operator: In values: [ "rpi4" ] - weight: 10 preference: matchExpressions: - key: hardware operator: In values: [ "rpi5" ] jobservice: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: [ "rpi4", "rpi5" ] preferredDuringSchedulingIgnoredDuringExecution: - weight: 90 preference: matchExpressions: - key: hardware operator: In values: [ "rpi4" ] - weight: 10 preference: matchExpressions: - key: hardware operator: In values: [ "rpi5" ] portal: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: [ "rpi4", "rpi5" ] preferredDuringSchedulingIgnoredDuringExecution: - weight: 90 preference: matchExpressions: - key: hardware operator: In values: [ "rpi4" ] - weight: 10 preference: matchExpressions: - key: hardware operator: In values: [ "rpi5" ] registry: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: hardware operator: In values: [ "rpi4", "rpi5" ] preferredDuringSchedulingIgnoredDuringExecution: - weight: 90 preference: matchExpressions: - key: hardware operator: In values: [ "rpi4" ] - weight: 10 preference: matchExpressions: - key: hardware operator: In values: [ "rpi5" ] updateStrategy: type: Recreate