apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: harbor namespace: argocd spec: project: default destination: server: https://kubernetes.default.svc namespace: harbor source: repoURL: https://helm.goharbor.io chart: harbor targetRevision: 1.18.0 # pin a tested chart release helm: # Option A — keep a small inline overlay here: values: | expose: type: ingress ingress: hosts: core: harbor.noxxos.nl externalURL: https://harbor.noxxos.nl # Single-writer PVCs: roll pods with Recreate to avoid multi-writer needs updateStrategy: type: Recreate # --- all persistence via PVCs (no S3/GCS/etc.) --- persistence: enabled: true imageChartStorage: type: filesystem # <- store images/charts on PVC persistentVolumeClaim: registry: storageClass: rbd-slow accessMode: ReadWriteOnce size: 100Gi database: storageClass: rbd-slow accessMode: ReadWriteOnce size: 10Gi redis: storageClass: rbd-slow accessMode: ReadWriteOnce size: 2Gi jobservice: jobLog: storageClass: rbd-slow accessMode: ReadWriteOnce size: 2Gi trivy: storageClass: rbd-slow accessMode: ReadWriteOnce size: 10Gi # Keep replicas at 1 for components that write to RWO PVCs core: replicas: 1 registry: replicas: 1 portal: replicas: 1 jobservice: replicas: 1 trivy: replicas: 1 # Make Harbor idempotent under GitOps (don’t rely on randoms): harborAdminPassword: harboradmin syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true