Keybard-Vagabond-Demo/manifests/infrastructure/harbor-registry/harbor-registry.yaml

apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
    name: harbor-registry
    namespace: harbor-registry
spec:
    type: oci
    interval: 5m0s
    url: oci://registry-1.docker.io/bitnamicharts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
    name: harbor-registry
    namespace: harbor-registry
spec:
    interval: 5m
    chart:
        spec:
            chart: harbor
            version: "27.0.3"
            sourceRef:
                kind: HelmRepository
                name: harbor-registry
                namespace: harbor-registry
            interval: 1m
    values:
        clusterDomain: cluster.local
        externalURL: https://<YOUR_REGISTRY_URL>
        adminPassword: Harbor12345
        # Global ingress configuration
        global:
            ingressClassName: nginx
            default:
              storageClass: longhorn-single-delete
            # Use current Bitnami registry (not legacy)
            imageRegistry: "docker.io"
        
        # Use embedded databases (PostgreSQL and Redis sub-charts)
        # NOTE: Chart 27.0.3 uses Debian-based images - override PostgreSQL tag since default doesn't exist
        postgresql:
            enabled: true
            # Override PostgreSQL image tag - default 17.5.0-debian-12-r20 doesn't exist
            # Use bitnamilegacy repository where Debian images were moved
            image:
                repository: bitnamilegacy/postgresql
            # Enable S3 backup for Harbor PostgreSQL database (daily + weekly)
            persistence:
                labels:
                    recurring-job.longhorn.io/source: "enabled"
                    recurring-job-group.longhorn.io/longhorn-s3-backup: "enabled"
                    recurring-job-group.longhorn.io/longhorn-s3-backup-weekly: "enabled"
        redis:
            enabled: true
            image:
                repository: bitnamilegacy/redis
        
        # Disable external services globally
        commonLabels:
            app.kubernetes.io/managed-by: Helm
        persistence:
            persistentVolumeClaim:
                registry:
                    size: 50Gi
                    storageClass: longhorn-single-delete
                jobservice:
                    size: 10Gi
                    storageClass: longhorn-single-delete
        # NOTE: Chart 27.0.3 still uses Debian-based images (legacy)
        # Bitnami Secure Images use Photon Linux, but chart hasn't been updated yet
        # Keeping Debian tags for now - these work but are in bitnamilegacy repository
        # TODO: Update to Photon-based images when chart is updated
        core:
            image:
                repository: bitnamilegacy/harbor-core
            updateStrategy:
                type: Recreate
            # Keep Debian-based tag for now (chart default)
            # Override only if needed - chart defaults to: 2.13.2-debian-12-r3
            # image:
            #     registry: docker.io
            #     repository: bitnami/harbor-core
            #     tag: "2.13.2-debian-12-r3"
            configMap:
                EXTERNAL_URL: https://<YOUR_REGISTRY_URL>
                WITH_CLAIR: "false"
                WITH_TRIVY: "false"
                WITH_NOTARY: "false"
            # Optimize resources - Harbor usage is deployment-dependent, not user-dependent
            resources:
                requests:
                    cpu: 50m      # Reduced from 500m - actual usage ~3m
                    memory: 128Mi # Reduced from 512Mi - actual usage ~76Mi
                limits:
                    cpu: 200m     # Conservative limit for occasional builds
                    memory: 256Mi # Conservative limit
        portal:
            # Use bitnamilegacy repository for Debian-based images
            image:
                repository: bitnamilegacy/harbor-portal
        jobservice:
            updateStrategy:
                type: Recreate
            # Use bitnamilegacy repository for Debian-based images
            image:
                repository: bitnamilegacy/harbor-jobservice
            # Optimize resources - job service has minimal usage
            resources:
                requests:
                    cpu: 25m      # Reduced from 500m - actual usage ~5m
                    memory: 64Mi  # Reduced from 512Mi - actual usage ~29Mi
                limits:
                    cpu: 100m     # Conservative limit
                    memory: 128Mi # Conservative limit
        registry:
            updateStrategy:
                type: Recreate
            # Use bitnamilegacy repository for Debian-based images
            server:
                image:
                    repository: bitnamilegacy/harbor-registry
            controller:
                image:
                    repository: bitnamilegacy/harbor-registryctl
            # Optimize resources - registry has minimal usage
            resources:
                requests:
                    cpu: 25m      # Reduced from 500m - actual usage ~1m
                    memory: 64Mi  # Reduced from 512Mi - actual usage ~46Mi
                limits:
                    cpu: 100m     # Conservative limit for image pushes/pulls
                    memory: 128Mi # Conservative limit
        nginx:
            # Bitnami-specific service override
            service:
                type: ClusterIP
            # Use bitnamilegacy repository for Debian-based images
            image:
                repository: bitnamilegacy/nginx
        notary:
            server:
                updateStrategy:
                    type: Recreate
            signer:
                updateStrategy:
                    type: Recreate
        trivy:
            image:
                repository: bitnamilegacy/harbor-adapter-trivy
        ingress:
            enabled: false
        service:
            type: ClusterIP
            ports:
                http: 80
                https: 443