Install Harbor

One of the storage options for application images within KubeRocketCI is Harbor, utilized during the application build process.

Inspect the prerequisites and the main steps to perform for enabling Harbor on the platform.

Prerequisites

• Kubectl version 1.32.0+ is installed. Please refer to the Kubernetes official website for details.
• Helm version 3.14.0+ is installed. Please refer to the Helm page on GitHub for details.

Installation

To install Harbor with Helm, follow the steps below:

1. Create a namespace for Harbor:

   kubectl create namespace harbor

2. Create a secret for administrator user and registry:

   1. Manually

      kubectl create secret generic harbor \
          --from-literal=HARBOR_ADMIN_PASSWORD=<secret> \
          --from-literal=REGISTRY_HTPASSWD=<secret> \
          --from-literal=REGISTRY_PASSWD=<secret> \
          --from-literal=secretKey=<secret> \
          --namespace harbor

   2. Using External Secret Operator (ESO)

   Create Secret data with ESO

   apiVersion: external-secrets.io/v1beta1
   kind: ExternalSecret
   metadata:
     name: harbor
     namespace: harbor
   spec:
     refreshInterval: 1h
     secretStoreRef:
       kind: SecretStore
       name: aws-parameterstore
   data:
   - secretKey: HARBOR_ADMIN_PASSWORD
     remoteRef:
       conversionStrategy: Default
       decodingStrategy: None
       key: /control-plane/deploy-secrets
       property: harbor.HARBOR_ADMIN_PASSWORD
   - secretKey: secretKey
     remoteRef:
       conversionStrategy: Default
       decodingStrategy: None
       key: /control-plane/deploy-secrets
       property: harbor.secretKey
   - secretKey: REGISTRY_HTPASSWD
     remoteRef:
       conversionStrategy: Default
       decodingStrategy: None
       key: /control-plane/deploy-secrets
       property: harbor.REGISTRY_HTPASSWD
   - secretKey: REGISTRY_PASSWD
     remoteRef:
       conversionStrategy: Default
       decodingStrategy: None
       key: /control-plane/deploy-secrets
       property: harbor.REGISTRY_PASSWD

   note

   The HARBOR_ADMIN_PASSWORD is the initial password of Harbor admin.
   The secretKey is the secret key that is used for encryption. Must be 16 characters long.
   The REGISTRY_PASSWD is Harbor registry password.
   The REGISTRY_HTPASSWD is login and password in htpasswd string format. This value is the string in the password file generated by the htpasswd command where the username is harbor_registry_user and the encryption type is bcrypt.
   See the example below:

   htpasswd -bBc passwordfile harbor_registry_user harbor_registry_password

   The username must be harbor_registry_user. The password must be the value from REGISTRY_PASSWD.

3. Add the Helm Harbor Charts for the local client.

   helm repo add harbor https://helm.goharbor.io

4. Check the parameters in the Harbor installation chart. For details, please refer to the values.yaml file.

5. Install Harbor in the harbor namespace with the Helm tool.

   helm install harbor harbor/harbor
       --version 1.12.2 \
       --namespace harbor \
       --values values.yaml

   See the details on the parameters below:

   Example values.yaml

   # we use Harbor secret to consolidate all the Harbor secrets
   existingSecretAdminPassword: harbor
   existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD
   existingSecretSecretKey: harbor
   
   core:
     # The XSRF key. Will be generated automatically if it isn't specified
     xsrfKey: ""
   jobservice:
     # Secret is used when job service communicates with other components.
     # If a secret key is not specified, Helm will generate one.
     # Must be a string of 16 chars.
     secret: ""
   registry:
     # Secret is used to secure the upload state from client
     # and registry storage backend.
     # If a secret key is not specified, Helm will generate one.
     # Must be a string of 16 chars.
     secret: ""
     credentials:
       username: harbor_registry_user
       existingSecret: harbor
   fullnameOverride: harbor
   # If Harbor is deployed behind the proxy, set it as the URL of proxy
   externalURL: https://core.harbor.domain
   ipFamily:
     ipv6:
       enabled: false
   expose:
     tls:
       enabled: false
     ingress:
       hosts:
         core: core.harbor.domain
         notary: notary.harbor.domain
   updateStrategy:
     type: Recreate
   persistence:
     persistentVolumeClaim:
       registry:
         size: 30Gi
       jobservice:
         jobLog:
           size: 1Gi
       database:
         size: 2Gi
       redis:
         size: 1Gi
       trivy:
         size: 5Gi
   database:
     internal:
       # The initial superuser password for internal database
       password: "changeit"

6. To check if the installation is successful, run the command below:

   helm status <harbor-release> -n harbor

   You can also check ingress endpoints to get Harbor endpoint to enter Harbor UI:

   kubectl describe ingress <harbor_ingress> -n harbor

Related Articles

• Install KubeRocketCI
• Integrate Harbor With KubeRocketCI Pipelines