expose:
  type: loadBalancer
  tls:
    enabled: true
    certSource: secret
    secret:
      secretName: "harbor-ingress"      
  loadBalancer:
    name: harbor
    ports:
      httpPort: 80
      httpsPort: 443
    annotations:
      cert-manager.io/cluster-issuer: default 
      external-dns.alpha.kubernetes.io/hostname: harbor.k-space.ee
      metallb.universe.tf/address-pool: elisa
    labels: {}
    sourceRanges: []

externalURL: https://harbor.k-space.ee

# The persistence is enabled by default and a default StorageClass
# is needed in the k8s cluster to provision volumes dynamically.
# Specify another StorageClass in the "storageClass" or set "existingClaim"
# if you already have existing persistent volumes to use
#
# For storing images and charts, you can also use "azure", "gcs", "s3",
# "swift" or "oss". Set it in the "imageChartStorage" section
persistence:
  enabled: true
  # Define which storage backend is used for registry to store
  # images and charts. Refer to
  # https://github.com/distribution/distribution/blob/main/docs/content/about/configuration.md#storage
  # for the detail.
  persistentVolumeClaim:
    jobservice:
      jobLog:
        existingClaim: ""
        storageClass: "longhorn"
        subPath: ""
        accessMode: ReadWriteMany
        size: 5Gi
        annotations: {}
  imageChartStorage:
    # Specify whether to disable `redirect` for images and chart storage, for
    # backends which not supported it (such as using minio for `s3` storage type), please disable
    # it. To disable redirects, simply set `disableredirect` to `true` instead.
    # Refer to
    # https://github.com/distribution/distribution/blob/main/docs/configuration.md#redirect
    # for the detail.
    disableredirect: true
    type: s3
    s3:
      # Set an existing secret for S3 accesskey and secretkey
      # keys in the secret should be REGISTRY_STORAGE_S3_ACCESSKEY and REGISTRY_STORAGE_S3_SECRETKEY for registry
      existingSecret: "harbor-minio-credentials"
      region: us-east-1
      bucket: harbor-operator-e60e5943-234a-496d-ae74-933f6a67c530
      #accesskey: awsaccesskey
      #secretkey: awssecretkey
      regionendpoint: https://external.minio-clusters.k-space.ee
      #encrypt: false
      #keyid: mykeyid
      #secure: true
      #skipverify: false
      #v4auth: true
      #chunksize: "5242880"
      #rootdirectory: /s3/object/name/prefix
      #storageclass: STANDARD
      #multipartcopychunksize: "33554432"
      #multipartcopymaxconcurrency: 100
      #multipartcopythresholdsize: "33554432"
 

# The initial password of Harbor admin. Change it from portal after launching Harbor
# or give an existing secret for it
# key in secret is given via (default to HARBOR_ADMIN_PASSWORD)
# existingSecretAdminPassword:
existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD

# debug, info, warning, error or fatal
logLevel: debug

# Run the migration job via helm hook
enableMigrateHelmHook: false

metrics:
  enabled: true
  core:
    path: /metrics
    port: 8001
  registry:
    path: /metrics
    port: 8001
  jobservice:
    path: /metrics
    port: 8001
  exporter:
    path: /metrics
    port: 8001
  serviceMonitor:
    enabled: true
    additionalLabels: {}
    # Scrape interval. If not set, the Prometheus default scrape interval is used.
    interval: ""
    # Metric relabel configs to apply to samples before ingestion.
    metricRelabelings:
      []
      # - action: keep
    #   regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
    #   sourceLabels: [__name__]
    # Relabel configs to apply to samples before ingestion.
    relabelings:
      []
      # - sourceLabels: [__meta_kubernetes_pod_node_name]
      #   separator: ;
      #   regex: ^(.*)$
      #   targetLabel: nodename
    #   replacement: $1
    #   action: replace


trivy:
  enabled: false

database:
  type: "external"

  external:
    host: "172.20.43.1"
    port: "5432"
    username: "kspace_harbor"
    coreDatabase: "kspace_harbor"
    existingSecret: "harbor-postgres-password"
    sslmode: "disable"

redis:
  type: external
  external:
      # support redis, redis+sentinel
    # addr for redis: <host_redis>:<port_redis>
    # addr for redis+sentinel: <host_sentinel1>:<port_sentinel1>,<host_sentinel2>:<port_sentinel2>,<host_sentinel3>:<port_sentinel3>
    addr: "dragonfly:6379"
    username: ""
    password: "MvYcuU0RaIu1SX7fY1m1JrgLUSaZJjge"

nginx:
  nodeSelector:
    dedicated: storage
  tolerations:
    - key: dedicated
      operator: Equal
      value: storage
      effect: NoSchedule

portal:
  nodeSelector:
    dedicated: storage
  tolerations:
    - key: dedicated
      operator: Equal
      value: storage
      effect: NoSchedule

core:
  nodeSelector:
    dedicated: storage
  tolerations:
    - key: dedicated
      operator: Equal
      value: storage
      effect: NoSchedule


jobservice:
  nodeSelector:
    dedicated: storage
  tolerations:
    - key: dedicated
      operator: Equal
      value: storage
      effect: NoSchedule

registry:
  nodeSelector:
    dedicated: storage
  tolerations:
    - key: dedicated
      operator: Equal
      value: storage
      effect: NoSchedule