apiVersion: v1
kind: Namespace
metadata:
  name: harbor
---
apiVersion: v1
kind: Secret
metadata:
  name: harbor-values
  namespace: harbor
  annotations:
    kube-1password: igey7vjjiqmj25v64eck7cyj34
    kube-1password/vault: Kubernetes
    kube-1password/secret-text-key: values.yaml
type: Opaque
---
apiVersion: helm.fluxcd.io/v1
kind: HelmRelease
metadata:
  name: harbor
  namespace: harbor
spec:
  chart:
    repository: https://helm.goharbor.io
    name: harbor
    version: 1.7.0
  maxHistory: 4
  skipCRDs: false
  valuesFrom:
  - secretKeyRef:
      name: harbor-values
      namespace: harbor
      key: values.yaml
      optional: false
  values:
    fullnameOverride: harbor-harbor-harbor
    externalURL: https://harbor.cluster.fun
    updateStrategy:
      type: Recreate
    expose:
      type: ingress
      tls:
        enabled: true
        certSource: secret
        secret:
          secretName: harbor-harbor-ingress
      ingress:
        hosts:
          core: harbor.cluster.fun
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt
          nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
          nginx.ingress.kubernetes.io/proxy-body-size: "0"
    portal:
      replicas: 2
      priorityClassName: system-cluster-critical
      resources:
        requests:
          memory: 64Mi
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: component
                operator: In
                values:
                - portal
              - key: app
                operator: In
                values:
                - harbor
            topologyKey: kubernetes.io/hostname
    core:
      replicas: 2
      priorityClassName: system-cluster-critical
      resources:
        requests:
          memory: 64Mi
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: component
                operator: In
                values:
                - core
              - key: app
                operator: In
                values:
                - harbor
            topologyKey: kubernetes.io/hostname
    jobservice:
      replicas: 1
      resources:
        requests:
          memory: 64Mi
      jobLoggers:
      - stdout
    registry:
      replicas: 2
      priorityClassName: system-cluster-critical
      registry:
        resources:
          requests:
            memory: 64Mi
      controller:
        resources:
          requests:
            memory: 64Mi
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: component
                operator: In
                values:
                - registry
              - key: app
                operator: In
                values:
                - harbor
            topologyKey: kubernetes.io/hostname
    chartmuseum:
      enabled: false
    notary:
      enabled: false
    trivy:
      enabled: false
    metrics:
      enabled: true