Harbor App

From the Introduction section, you know there was uncounted application could be installed by helm. kubesphere’s App Store also added some popular application.

This tutorial walks you through an example of how to deploy Harbor with several click in kubesphere.

Prerequisites

  • Please make sure you enable the OpenPitrix system. We will deploy Harbor from the App Store.
  • You need to create a workspace, a project, and a user account for this tutorial. The account needs to be a platform regular user and to be invited as the project operator with the operator role. In this tutorial, you log in as project-operator and work in the project demo in the workspace demo-wp.

Hands-on Lab

Common steps

  1. Choose harbor template From App Store.

choose_app_from_store

  1. Choose harbor version and deployment location, then click Next.

deploy_set_of_harbor

  1. Config harbor yaml, then click Deploy. There was an example yaml in section FAQ.

config_of_harbor_deploy

type : how to expose the service. It’s related to kubernetes service.
tls : means whether to enable https. Simply set it as false for common scenario.
externalURL : the url exposed to user.

警告

Don’t forget to edit externalURL, if you have trouble in login after harbor deployed, edit this may helpful.

  1. Check the status of deployment, then try to login harbor by use the expose.type you defined.

For this example, we use http://172.23.5.6:30002 to access to harbor which defined at step 3.

active_of_harbor

overview_of_harbor_login

FAQ

  1. How to enable http login ?
  • set tls.enabled as false in step 3. externalURL ‘s protocol should be as same as the expose.type.ports.
  • if use docker login, set externalURL as one of insecure-registries in daemon.json, then reload docker.
  • the keywords showed in the yaml below, you should notice.
  1. ## NOTICE 172.23.5.6 is the test host ip, should use your ip
  2. expose:
  3.   type: nodePort
  4.   tls:
  5.     enabled: false
  6.     secretName: ""
  7.     notarySecretName: ""
  8.     # commonName should modify
  9.     commonName: "172.23.5.6"
  10.   nodePort:
  11.     # The name of NodePort service
  12.     name: harbor
  13.     ports:
  14.       http:
  15.         # The service port Harbor listens on when serving with HTTP
  16.         port: 80
  17.         # The node port Harbor listens on when serving with HTTP
  18.         nodePort: 30002
  19.       https:
  20.         # The service port Harbor listens on when serving with HTTPS
  21.         port: 443
  22.         # The node port Harbor listens on when serving with HTTPS
  23.         nodePort: 30003
  24.       # Only needed when notary.enabled is set to true
  25.       notary:
  26.         # The service port Notary listens on
  27.         port: 4443
  28.         # The node port Notary listens on
  29.         nodePort: 30004
  31. externalURL: http://172.23.5.6:30002
  33. # The initial password of Harbor admin. Change it from portal after launching Harbor
  34. harborAdminPassword: "Harbor12345"
  35. # The secret key used for encryption. Must be a string of 16 chars.
  36. secretKey: "not-a-secure-key"

  1. How to enable https login ?

    a. use self signed certificates.

    • set tls.enabled as true in step 3, and edit externalURL properly.
    • copy the ca certificates stored in pod harbor-core ‘s /etc/core/ca to your host.
    • trust the ca certificates by your host first, then restart docker.

    b. use public ssl.

    • add certificates as a secrets.
    • set tls.enabled as true in step 3, and edit externalURL properly.
    • edit tls.secretName.