harbor: expose: type: route tls: enabled: false route: # Attach to your Traefik Gateway + HTTPS listener parentRefs: - name: traefik-gateway # your Gateway name namespace: traefik # Gateway namespace sectionName: websecure # listener name on the Gateway hosts: - harbor.noxxos.nl # external hostname for Harbor # What Harbor advertises to clients (docker login/push) externalURL: https://harbor.noxxos.nl # Single-writer PVCs: roll pods with Recreate to avoid multi-writer needs updateStrategy: type: Recreate # Persistence via PVCs persistence: enabled: true imageChartStorage: type: filesystem persistentVolumeClaim: registry: storageClass: ceph-block accessMode: ReadWriteOnce size: 100Gi database: storageClass: ceph-block accessMode: ReadWriteOnce size: 10Gi redis: storageClass: ceph-block accessMode: ReadWriteOnce size: 2Gi jobservice: jobLog: storageClass: ceph-block accessMode: ReadWriteOnce size: 2Gi trivy: storageClass: ceph-block accessMode: ReadWriteOnce size: 10Gi # Keep replicas at 1 for components that write to RWO PVCs core: replicas: 1 resources: requests: cpu: 100m memory: 256Mi limits: memory: 512Mi registry: replicas: 1 resources: requests: cpu: 100m memory: 256Mi limits: memory: 512Mi portal: replicas: 1 resources: requests: cpu: 100m memory: 128Mi limits: memory: 256Mi jobservice: replicas: 1 resources: requests: cpu: 100m memory: 256Mi limits: memory: 512Mi trivy: replicas: 1 resources: requests: cpu: 200m memory: 512Mi limits: memory: 1Gi harborAdminPassword: "harboradmin"