Assumptions:
- Tanzu services mainly Tanzu Kubernetes Grid or vCloud Director with Container Service Extension backed by TKG Images
- TKG Cluster is provisioned and kubeconfig file is available
- a dedicated Jump Host or workstation installed with necessary Tanzu Libraries and Helm
Harbor Installation / Deployment and Upgrade
We will deploy Harbor as normal install and then will upgrade it with Public Certificate.
Let’s first set KubeConfig file in session.
# export KUBECONFIG=/root/kubeconfig-cluster.txt
Make sure helm package is available then add repo and fetch harbor
# helm repo add harbor https://helm.goharbor.io
# helm fetch harbor/harbor --untar
Navigate in harbor folder
# cd harbor
make a copy of values.yaml file which you will use for installation
# cp values.yaml cluster-values.yaml
Modify the cluster-values.yaml as per the required configuration without Public Certificate
# vim cluster-values.yaml
following parameters update for basic install:
certSource: auto
commonName: "harbor.publicURL.com"
core: harbor.publicURL.com
externalURL: https://harbor.publicURL.com
harborAdminPassword: "<Password>"
Create a namespace for harbor
# kubectl create ns harbor-system
Install harbor
# helm install harbor . -n harbor-system -f cluster-values.yaml
Wait and verify the installation
# kubectl get deployments -n harbor-system
Verify the installation from service ip over browser
# kubectl get svc -n harbor-sytem
Once the normal install is complete, perform the upgrade to install a Public Certificate to the setup
Make sure the Public Certificate and Key is available in the path:
- publiccertificate.crt
- publiccertificate_pkcs8.key
Create a secret
# kubectl create secret tls harbor-secret --cert=publiccertificate.crt --key=publiccertificate_pkcs8.key --namespace=harbor-system
Validate secret created
# kubectl get secret -n harbor-system
Again make a copy of cluster-values.yaml file which you will use for installation
# cp cluster-values.yaml cert-cluster-values.yaml
Modify the cert-cluster-values.yaml as per the required configuration with Public Certificate
# vim cert-cluster-values.yaml
following parameters update for cert install:
certSource: secret
secretName: harbor-secret
Upgrade the harbor helm deployments
# helm upgrade harbor . -n harbor-system -f cert-cluster-values.yaml
Wait and verify the upgrade
# kubectl get deployments -n harbor-system
Verify the upgrade from service ip over browser
# kubectl get svc -n harbor-sytem
Create DNS records as per the service IP of Harbor or in case of Load Balancer/DNAT IP of TKG Cluster for day to day use or create local /etc/host file entry as per the requirement