Harbor is a Docker Registry with rich feature integrations such as Docker image scanners, external authentication sources, etc.

In this article, we will learn how to set up Harbor on a Kubernetes Cluster.

Prerequisites

  • Kubernetes Cluster
  • kubectl installed on your laptop
  • helm installed on your laptop

Now, let’s prepare a YAML file. Let’s call it val.yml. That will be used to override the default Harbor configuration.

Here is an example of a YAML file for this demo

File: val.yml

# For further reference, 
# please check: https://github.com/goharbor/harbor-helm/blob/master/README.md 
# and https://github.com/goharbor/harbor-helm/blob/master/values.yaml

expose:
  type: ingress
  tls:
    certSource: secret
    secret:
      secretName: harbor-prod
      notarySecretName: notary-harbor-prod
  ingress:
    hosts:
      core: registry.devopsan.com
      notary: notary.devopsan.com
    controller: default
    className: nginx
    annotations:
      cert-manager.io/cluster-issuer: "letsencrypt-prod"
      nginx.org/client-max-body-size: "0"
      nginx.org/proxy-body-size: "0"
persistence:
  enabled: true
  resourcePolicy: keep
  persistentVolumeClaim:
    registry:
      storageClass: vultr-block-storage-hdd
      # storageClass: gp2
      size: 40Gi
      subPath: registry
    chartmuseum:
      storageClass: vultr-block-storage-hdd
      # storageClass: gp2
      subPath: chartmuseum
      size: 40Gi
    jobservice:
      jobLog:
        storageClass: vultr-block-storage-hdd
        # storageClass: gp2
        subPath: joblog
        size: 40Gi
      scanDataExports:
        storageClass: vultr-block-storage-hdd
        # storageClass: gp2
        size: 40Gi
        subPath: scandata
    database:
      storageClass: vultr-block-storage
      # storageClass: gp2
      subPath: database
      size: 10Gi
    redis:
      storageClass: vultr-block-storage
      # storageClass: gp2
      subPath: redis
      size: 10Gi
    trivy:
      size: 40Gi
      storageClass: vultr-block-storage-hdd
      # storageClass: gp2
      subPath: trivy
externalURL: https://registry.devopsan.com
secretKey: "changeme"
harborAdminPassword: "changeme"

In this demo, we use the Nginx ingress controller by Nginx Inc and Cert Manager to provision SSL/TLS certificates

For the storage class in the persistence block, try to run kubectl get storageclass or kubectl get sc to get a list of supported storage classes by your Cloud Provider. On this article we are using Vultr, use this link to get free $100 credits.

➜ kubectl get sc
NAME                             PROVISIONER                        RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
demo-storage-class               nfs.rook.io/rook-nfs-provisioner   Retain          Immediate           false                  3d13h
prod-storage-class               nfs.rook.io/rook-nfs-provisioner   Retain          Immediate           false                  3d13h
staging-storage-class            nfs.rook.io/rook-nfs-provisioner   Retain          Immediate           false                  3d13h
vultr-block-storage (default)    block.csi.vultr.com                Delete          Immediate           false                  8d
vultr-block-storage-hdd          block.csi.vultr.com                Delete          Immediate           false                  8d
vultr-block-storage-hdd-retain   block.csi.vultr.com                Retain          Immediate           false                  8d
vultr-block-storage-retain       block.csi.vultr.com                Retain          Immediate           false                  8d

Setup the Harbor Registry on Kubernetes

Once the val.yml is prepared. Let’s add Harbor’s Helm Chart to our laptop.

➜ helm repo add harbor https://helm.goharbor.io

Once the Harbor Chart is added, let’s install the Harbor on our Kubernetes Cluster.

➜ helm upgrade --install --namespace harbor harbor harbor/harbor --version 1.11.0 -f /path/to/val.yml 

Once helm upgrade --install completed, we will get output something like this:

Release "harbor" has been upgraded. Happy Helming!
NAME: harbor
LAST DEPLOYED: Thu Dec 29 13:22:56 2022
NAMESPACE: harbor
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at https://registry.devopsan.com
For more details, please visit https://github.com/goharbor/harbor

To confirm the installation, run helm list and we will get output like this

➜ helm list --namespace harbor
NAME    NAMESPACE       REVISION        UPDATED                                 STATUS          CHART           APP VERSION
harbor  harbor          7               2022-12-29 13:22:56.688109908 +0700 WIB deployed        harbor-1.11.0   2.7.0      

Leave a Reply

Your email address will not be published. Required fields are marked *