diff --git a/applications/templates/harbor.yaml b/applications/templates/harbor.yaml new file mode 100644 index 0000000..5e06123 --- /dev/null +++ b/applications/templates/harbor.yaml @@ -0,0 +1,76 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: harbor + namespace: argocd +spec: + project: harbor + destination: + server: https://kubernetes.default.svc + namespace: harbor + source: + repoURL: https://helm.goharbor.io + chart: harbor + targetRevision: 1.18.0 # pin a tested chart release + helm: + # Option A — keep a small inline overlay here: + values: | + expose: + type: ingress + ingress: + hosts: + core: harbor.noxxos.nl + externalURL: https://harbor.noxxos.nl + + # Single-writer PVCs: roll pods with Recreate to avoid multi-writer needs + updateStrategy: + type: Recreate + + # --- all persistence via PVCs (no S3/GCS/etc.) --- + persistence: + enabled: true + imageChartStorage: + type: filesystem # <- store images/charts on PVC + persistentVolumeClaim: + registry: + storageClass: rbd-slow + accessMode: ReadWriteOnce + size: 100Gi + database: + storageClass: rbd-slow + accessMode: ReadWriteOnce + size: 10Gi + redis: + storageClass: rbd-slow + accessMode: ReadWriteOnce + size: 2Gi + jobservice: + jobLog: + storageClass: rbd-slow + accessMode: ReadWriteOnce + size: 2Gi + trivy: + storageClass: rbd-slow + accessMode: ReadWriteOnce + size: 10Gi + + # Keep replicas at 1 for components that write to RWO PVCs + core: + replicas: 1 + registry: + replicas: 1 + portal: + replicas: 1 + jobservice: + replicas: 1 + trivy: + replicas: 1 + + # Make Harbor idempotent under GitOps (don’t rely on randoms): + harborAdminPassword: harboradmin + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true \ No newline at end of file