Commit Graph

10 Commits

Author SHA1 Message Date
Hermes Agent service account
ccc956f70b fix(harbor): HTTPRoute should use service port 80, not targetPort 8080 2026-06-04 21:23:29 -05:00
Hermes Agent service account
511f32e521 fix(harbor): correct HTTPRoute backend port (8080) 2026-06-04 21:21:32 -05:00
Hermes Agent service account
87a3e84f5b fix(harbor): correct HTTPRoute backend service name (the-seas) 2026-06-04 21:20:06 -05:00
Hermes Agent service account
1743145e9f fix(harbor): disable TLS in expose config (Gateway API handles TLS) 2026-06-04 21:12:00 -05:00
Hermes Agent service account
d561ac6e04 fix: Remove invalid configureUserSettings from harbor-core
The configureUserSettings field contained nginx configuration
('http2_push_preload on;') which was incorrectly being used as
CONFIG_OVERWRITE_JSON. This caused harbor-core to crash with a
JSON parse error.

CONFIG_OVERWRITE_JSON expects valid JSON for Harbor configuration
overrides, not nginx snippets. Removing this field to fix the
CrashLoopBackOff.
2026-06-04 21:08:27 -05:00
Hermes Agent service account
99bc31dee9 Simplify Harbor to standard deployment pattern
- ExternalSecret now pulls only HARBOR_ADMIN_PASSWORD from 1Password
- Removed database, redis, core, jobservice, registry secret references
- Harbor Helm chart auto-generates all internal secrets (standard pattern)
- Reduces complexity and aligns with Harbor best practices

This change removes dependency on 5 1Password fields that should be deleted:
- database-password
- redis-password
- core-secret
- jobservice-secret
- registry-password

Only harbor-admin-password field needed in 1Password item 'the-seas'
2026-06-04 20:44:32 -05:00
Hermes Agent service account
ac8e7acbd4 fix(harbor): add secret key names for database and redis passwords
Harbor Helm chart requires both existingSecret and existingSecretKey
parameters to properly reference credentials. Without the key names,
the chart creates secrets with empty passwords, causing authentication
failures between components.

Added:
- database.internal.existingSecretKey: DATABASE_PASSWORD
- redis.internal.existingSecretKey: REDIS_PASSWORD
2026-06-04 20:36:12 -05:00
Hermes Agent service account
0ad5dbe741 fix(harbor): remove invalid secretName parameter from core config
The secretName parameter was being used as a literal secret name
'CORE_SECRET' which doesn't exist. This caused harbor-core pods to
fail mounting volumes.

The correct approach is to use existingSecret for credential keys,
and let Harbor manage its own internal secrets.
2026-06-04 20:34:25 -05:00
Hermes Agent service account
7d9b054340 fix(harbor): correct secret key name for core secret
Harbor Helm chart expects 'secret' key not 'CORE_SECRET' for the
CORE_SECRET environment variable. This was causing jobservice pod
to fail with CreateContainerConfigError.

Fixes: harbor-jobservice-757bbf44cc-tvznq error
2026-06-04 20:32:40 -05:00
Hermes Agent service account
4b1e8a7cac fix(harbor): correct naming convention and use staging certs
- Rename application/namespace: the-seas -> harbor
- Move directory: cluster/platform/the-seas -> cluster/platform/harbor
- Update all resource references (ExternalSecret, HTTPRoutes, Certificates)
- Switch to letsencrypt-staging issuer (avoid ACME rate limits during testing)
- Thematic name 'the-seas' remains in DNS hostnames and comments
2026-06-04 20:25:25 -05:00