mareshq-cthulhunetes-gitops-v2/apps/hq/harbor.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: mareshq-registry
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "50"
spec:
  project: hq
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
  destination:
    server: "https://kubernetes.default.svc"
    namespace: hq-registry
  source:
    chart: harbor
    repoURL: https://helm.goharbor.io
    targetRevision: 1.16.0
    helm:
      releaseName: harbor
      valuesObject:
        externalURL: https://oci.marespkg.com
        expose:
          type: ingress
          tls:
            enabled: true
            certSource: secret
            secret:
              secretName: oci-marespkg-com-ingress-tls
          ingress:
            className: nginx
            annotations:
              cert-manager.io/cluster-issuer: letsencrypt-dns-production
              external-dns.alpha.kubernetes.io/hostname: oci.marespkg.com
              external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
            hosts:
              core: oci.marespkg.com
        database:
          type: external
          external:
            host: postgres-rw.postgres.svc
            port: 5432
            username: harbor
            password: "YFC0tae.bpz2ncf!rye"
            # existingSecret: harbor-user-credentials
            coreDatabase: harbor
        persistence:
          enabled: false
        imageChartStorage:
          type: s3
          s3:
            region: us-east-1 # see: https://developers.cloudflare.com/r2/api/s3/api/#bucket-region
            bucket: marespkg-registry-storage
            regionendpoint: https://f24333bb3c47d6db753e57e2a0c90082.r2.cloudflarestorage.com
            accesskey: "e9d400c4f63375cc94f6f125724f3aa6"
            secretkey: "5e1da29e9ab131c1c312add4bda82a4bdb75c4afe0f69c40dd384c5f0a6f8120"
        metrics:
          enabled: false
        nginx:
          nodeSelector:
            kubernetes.io/arch: amd64
        portal:
          nodeSelector:
            kubernetes.io/arch: amd64
        core:
          nodeSelector:
            kubernetes.io/arch: amd64
        jobservice:
          nodeSelector:
            kubernetes.io/arch: amd64
        registry:
          nodeSelector:
            kubernetes.io/arch: amd64
        trivy:
          nodeSelector:
            kubernetes.io/arch: amd64
          extraEnvVars:
            - name: SCANNER_TRIVY_DB_REPOSITORY
              value: "oci.marespkg.com/library/trivy-db:2"
        redis:
          internal:
            nodeSelector:
              kubernetes.io/arch: amd64