Harbor with Public Wildcard Certificate via Helm Chart on Kubernetes Cluster (TKG Cluster)


  • Tanzu services mainly Tanzu Kubernetes Grid or vCloud Director with Container Service Extension backed by TKG Images
  • TKG Cluster is provisioned and kubeconfig file is available
  • a dedicated Jump Host or workstation installed with necessary Tanzu Libraries and Helm

Harbor Installation / Deployment and Upgrade

We will deploy Harbor as normal install and then will upgrade it with Public Certificate.

Let’s first set KubeConfig file in session.

# export KUBECONFIG=/root/kubeconfig-cluster.txt

Make sure helm package is available then add repo and fetch harbor

# helm repo add harbor https://helm.goharbor.io

# helm fetch harbor/harbor --untar

Navigate in harbor folder

# cd harbor

make a copy of values.yaml file which you will use for installation

# cp values.yaml cluster-values.yaml

Modify the cluster-values.yaml as per the required configuration without Public Certificate

# vim cluster-values.yaml

following parameters update for basic install:

certSource: auto

commonName: "harbor.publicURL.com"

core: harbor.publicURL.com

externalURL: https://harbor.publicURL.com

harborAdminPassword: "<Password>"

Create a namespace for harbor

# kubectl create ns harbor-system

Install harbor

# helm install harbor . -n harbor-system -f cluster-values.yaml

Wait and verify the installation

# kubectl get deployments -n harbor-system

Verify the installation from service ip over browser

# kubectl get svc -n harbor-sytem

Once the normal install is complete, perform the upgrade to install a Public Certificate to the setup

Make sure the Public Certificate and Key is available in the path:

- publiccertificate.crt

- publiccertificate_pkcs8.key

Create a secret

# kubectl create secret tls harbor-secret --cert=publiccertificate.crt --key=publiccertificate_pkcs8.key --namespace=harbor-system

Validate secret created

# kubectl get secret -n harbor-system

Again make a copy of cluster-values.yaml file which you will use for installation

# cp cluster-values.yaml cert-cluster-values.yaml

Modify the cert-cluster-values.yaml as per the required configuration with Public Certificate

# vim cert-cluster-values.yaml

following parameters update for cert install:

certSource: secret

secretName: harbor-secret

Upgrade the harbor helm deployments

# helm upgrade harbor . -n harbor-system -f cert-cluster-values.yaml

Wait and verify the upgrade

# kubectl get deployments -n harbor-system

Verify the upgrade from service ip over browser

# kubectl get svc -n harbor-sytem

Create DNS records as per the service IP of Harbor or in case of Load Balancer/DNAT IP of TKG Cluster for day to day use or create local /etc/host file entry as per the requirement

Kubernetes Architecture 101 – Mind Map

I have been spending some time on K8s, digging deep down to understand the components involved and how they play role in running a successful application on K8s Architecture.

Learning for me is always into basics, once you are comfortable with it then any top application running will be easy to understand, will be easy to troubleshoot, will be easy to enhance.

Previous post was a very high level K8s mind map and here I am posting another 101 Mind map for it’s Architecture.

K8s Architecture Mind Map

Kubernetes 101 – Mind Map

I have played with Kubernetes in past, but it has been years and was just to get started. That knowledge still stays inside me to understand discussions related to Kubernetes

Finally decided to get hands deep dirty and created this couple of days back, thought to blog it for reference and might be useful for someone getting started.

K8s Mind Map