apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: harbor-registry namespace: harbor-registry spec: type: oci interval: 5m0s url: oci://registry-1.docker.io/bitnamicharts --- apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: harbor-registry namespace: harbor-registry spec: interval: 5m chart: spec: chart: harbor version: "27.0.3" sourceRef: kind: HelmRepository name: harbor-registry namespace: harbor-registry interval: 1m values: clusterDomain: cluster.local externalURL: https:// adminPassword: Harbor12345 # Global ingress configuration global: ingressClassName: nginx default: storageClass: longhorn-single-delete # Use current Bitnami registry (not legacy) imageRegistry: "docker.io" # Use embedded databases (PostgreSQL and Redis sub-charts) # NOTE: Chart 27.0.3 uses Debian-based images - override PostgreSQL tag since default doesn't exist postgresql: enabled: true # Override PostgreSQL image tag - default 17.5.0-debian-12-r20 doesn't exist # Use bitnamilegacy repository where Debian images were moved image: repository: bitnamilegacy/postgresql # Enable S3 backup for Harbor PostgreSQL database (daily + weekly) persistence: labels: recurring-job.longhorn.io/source: "enabled" recurring-job-group.longhorn.io/longhorn-s3-backup: "enabled" recurring-job-group.longhorn.io/longhorn-s3-backup-weekly: "enabled" redis: enabled: true image: repository: bitnamilegacy/redis # Disable external services globally commonLabels: app.kubernetes.io/managed-by: Helm persistence: persistentVolumeClaim: registry: size: 50Gi storageClass: longhorn-single-delete jobservice: size: 10Gi storageClass: longhorn-single-delete # NOTE: Chart 27.0.3 still uses Debian-based images (legacy) # Bitnami Secure Images use Photon Linux, but chart hasn't been updated yet # Keeping Debian tags for now - these work but are in bitnamilegacy repository # TODO: Update to Photon-based images when chart is updated core: image: repository: bitnamilegacy/harbor-core updateStrategy: type: Recreate # Keep Debian-based tag for now (chart default) # Override only if needed - chart defaults to: 2.13.2-debian-12-r3 # image: # registry: docker.io # repository: bitnami/harbor-core # tag: "2.13.2-debian-12-r3" configMap: EXTERNAL_URL: https:// WITH_CLAIR: "false" WITH_TRIVY: "false" WITH_NOTARY: "false" # Optimize resources - Harbor usage is deployment-dependent, not user-dependent resources: requests: cpu: 50m # Reduced from 500m - actual usage ~3m memory: 128Mi # Reduced from 512Mi - actual usage ~76Mi limits: cpu: 200m # Conservative limit for occasional builds memory: 256Mi # Conservative limit portal: # Use bitnamilegacy repository for Debian-based images image: repository: bitnamilegacy/harbor-portal jobservice: updateStrategy: type: Recreate # Use bitnamilegacy repository for Debian-based images image: repository: bitnamilegacy/harbor-jobservice # Optimize resources - job service has minimal usage resources: requests: cpu: 25m # Reduced from 500m - actual usage ~5m memory: 64Mi # Reduced from 512Mi - actual usage ~29Mi limits: cpu: 100m # Conservative limit memory: 128Mi # Conservative limit registry: updateStrategy: type: Recreate # Use bitnamilegacy repository for Debian-based images server: image: repository: bitnamilegacy/harbor-registry controller: image: repository: bitnamilegacy/harbor-registryctl # Optimize resources - registry has minimal usage resources: requests: cpu: 25m # Reduced from 500m - actual usage ~1m memory: 64Mi # Reduced from 512Mi - actual usage ~46Mi limits: cpu: 100m # Conservative limit for image pushes/pulls memory: 128Mi # Conservative limit nginx: # Bitnami-specific service override service: type: ClusterIP # Use bitnamilegacy repository for Debian-based images image: repository: bitnamilegacy/nginx notary: server: updateStrategy: type: Recreate signer: updateStrategy: type: Recreate trivy: image: repository: bitnamilegacy/harbor-adapter-trivy ingress: enabled: false service: type: ClusterIP ports: http: 80 https: 443