in Kubernetes, Tanzu, VMware

Harbor with Public Wildcard Certificate via Helm Chart on Kubernetes Cluster (TKG Cluster)


Assumptions:

  • Tanzu services mainly Tanzu Kubernetes Grid or vCloud Director with Container Service Extension backed by TKG Images
  • TKG Cluster is provisioned and kubeconfig file is available
  • a dedicated Jump Host or workstation installed with necessary Tanzu Libraries and Helm

Harbor Installation / Deployment and Upgrade

We will deploy Harbor as normal install and then will upgrade it with Public Certificate.

Let’s first set KubeConfig file in session.

# export KUBECONFIG=/root/kubeconfig-cluster.txt

Make sure helm package is available then add repo and fetch harbor

# helm repo add harbor https://helm.goharbor.io

# helm fetch harbor/harbor --untar

Navigate in harbor folder

# cd harbor

make a copy of values.yaml file which you will use for installation

# cp values.yaml cluster-values.yaml

Modify the cluster-values.yaml as per the required configuration without Public Certificate

# vim cluster-values.yaml

following parameters update for basic install:

certSource: auto

commonName: "harbor.publicURL.com"

core: harbor.publicURL.com

externalURL: https://harbor.publicURL.com

harborAdminPassword: "<Password>"

Create a namespace for harbor

# kubectl create ns harbor-system

Install harbor

# helm install harbor . -n harbor-system -f cluster-values.yaml

Wait and verify the installation

# kubectl get deployments -n harbor-system

Verify the installation from service ip over browser

# kubectl get svc -n harbor-sytem

Once the normal install is complete, perform the upgrade to install a Public Certificate to the setup

Make sure the Public Certificate and Key is available in the path:

- publiccertificate.crt

- publiccertificate_pkcs8.key

Create a secret

# kubectl create secret tls harbor-secret --cert=publiccertificate.crt --key=publiccertificate_pkcs8.key --namespace=harbor-system

Validate secret created

# kubectl get secret -n harbor-system

Again make a copy of cluster-values.yaml file which you will use for installation

# cp cluster-values.yaml cert-cluster-values.yaml

Modify the cert-cluster-values.yaml as per the required configuration with Public Certificate

# vim cert-cluster-values.yaml

following parameters update for cert install:

certSource: secret

secretName: harbor-secret

Upgrade the harbor helm deployments

# helm upgrade harbor . -n harbor-system -f cert-cluster-values.yaml

Wait and verify the upgrade

# kubectl get deployments -n harbor-system

Verify the upgrade from service ip over browser

# kubectl get svc -n harbor-sytem

Create DNS records as per the service IP of Harbor or in case of Load Balancer/DNAT IP of TKG Cluster for day to day use or create local /etc/host file entry as per the requirement

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.