Steps and Configuration for Deploying Harbor on Kubernetes


This article will cover the deployment of Harbor in a Kubernetes environment. Here, we will explain the steps to deploy Harbor and its corresponding configuration.

Preparation Steps

This example will deploy Harbor using Helm, with PostgreSql and Redis as the database and cache respectively. The dashboard will be proxied using Traefik for reverse proxying, therefore Helm, PostgreSql, Redis, and Traefik need to be installed beforehand.
If not installed yet, please refer to the following links for installation:
Installing HELM on Debian OS
Configuring PostgreSql Database in Kubernetes
Configuring Redis Database in Kubernetes
Steps and Configuration for Deploying Traefik on Kubernetes

Copy Successful
# Add Harbor Helm Chart repository.
helm repo add harbor https://helm.goharbor.io
Copy Successful
# Download Harbor Helm Chart.
helm fetch harbor/harbor --untar
Copy Successful
# Create the harbor namespace.
kubectl create namespace harbor

After creating tables harbor_core and registry in PostgreSql, navigate to the harbor directory and create relevant configuration files.

Copy Successful
# storage.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: harbor
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Retain
Copy Successful
# volume.yaml
# <path> is the path where the data is stored.
# Example: path: "/mnt/disks/data/harbor"
apiVersion: v1
kind: PersistentVolume
metadata:
name: harbor
labels:
app: k8s-cluster-harbor
spec:
storageClassName: harbor
capacity:
storage: 100Gi
accessModes:
- ReadWriteMany
hostPath:
path: <path>
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: harbor
namespace: harbor
labels:
app: harbor
spec:
storageClassName: harbor
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Gi
Copy Successful
kubectl apply -f storage.yaml
Copy Successful
kubectl apply -f volume.yaml
Copy Successful
# Creating folders.
# <path> is the path where the data is stored.
# 例如:/mnt/disks/data/harbor
mkdir -p <path>/trivy/trivy <path>/trivy/reports
Copy Successful
# Modify folder permissions.
# <path> is the path where the data is stored.
# 例如:/mnt/disks/data/harbor
sudo chmod 777 <path> <path>/trivy/trivy <path>/trivy/reports

Deploy Harbor

Copy Successful
# Modify values.yaml.
vim values.yaml

Below will list the modifications for this example, for other modifications, please refer to the Harbor official documentation.

Copy Successful
# <domain> is the domain name.
# <password> Default login password for the dashboard.
# <postgres_host> PostgreSql host address, if using GCP node, it will be the node's internal IP.
# <postgres_password> PostgreSql password.
# <redis_host> Redis host address, if using GCP node, it will be the node's internal IP.
expose:
type: ingress
tls:
enabled: true
certSource: none
...
ingress:
hosts:
core: <domain>
controller: default
kubeVersionOverride: ""
className: ""
annotations:
# ingress.kubernetes.io/ssl-redirect: "true"
# ingress.kubernetes.io/proxy-body-size: "0"
# nginx.ingress.kubernetes.io/ssl-redirect: "true"
# nginx.ingress.kubernetes.io/proxy-body-size: "0"
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: myresolver
...
externalURL: https://<domain>
...
persistence:
enabled: true
resourcePolicy: "keep"
persistentVolumeClaim:
registry:
existingClaim: "harbor"
storageClass: "harbor"
subPath: "registry"
accessMode: ReadWriteMany
size: 50Gi
annotations: {}
jobservice:
jobLog:
existingClaim: "harbor"
storageClass: "harbor"
subPath: "jobLog"
accessMode: ReadWriteMany
size: 1Gi
annotations: {}
...
trivy:
existingClaim: "harbor"
storageClass: "harbor"
subPath: "trivy"
accessMode: ReadWriteMany
size: 5Gi
annotations: {}
...
harborAdminPassword: <password>
...
portal:
...
nodeSelector: {
worker: cluster
}
...
core:
...
nodeSelector: {
worker: cluster
}
...
jobservice:
...
nodeSelector: {
worker: cluster
}
...
registry:
...
nodeSelector: {
worker: cluster
}
...
trivy:
...
nodeSelector: {
worker: cluster
}
...
database:
type: external
...
external:
host: "<postgres_host>"
port: "5432"
username: "postgres"
password: "<postgres_password>"
...
redis:
type: external
...
external:
addr: "<redis_host>:6379"
...
exporter:
...
nodeSelector: {
worker: cluster
}
...
Copy Successful
# Deploy Harbor.
helm install harbor harbor/harbor -f values.yaml -n harbor