Install Harbor using TMC Catalog

Eknath -
Reading Time: 3 mins

In this post, let me take you through the steps to install contour package into TKG cluster from TMC Console. If you are looking for detailed steps to deploy TKG cluster on Azure, refer to post. I have already attached the workload cluster (capv-workload) into TMC using TMC CLI. Refer to post to know the steps for attaching workload cluster.

Pre reqs:

  • Install cert-manager : Follow the steps here to install cert-manager
  • Install Contour: Follow the steps here to install Contour

Install Harbor

In TMC Console: Catalog > select cluster capv-workload from drop down and click on Harbor

  • Click on Install Package which can be found on top right side of the page

  • Name the Installed package name as : capv-workload-harbor and click NEXT

  • Package install resources: Leave to Default and click NEXT
  • Configure values: Provide below values
Note:
  1. Below config is prepared for domain partnerse.workshop.captainvirtualization.in, if you are using a different domain: generate a wildcard certificate and replace the values in below config file.
  2. imageChartStorage used in this config is Azure blob, you can change the same by replacing the values.
  3. cert and keys mentioned below are not completely correct due to security issue, please refrain from using the same.
core:
  replicas: 1
  secret: VMware1!VMware1!
  xsrfKey: VMware1!VMware1!VMware1!VMware1!
database:
  password: VMware1!VMware1!
harborAdminPassword: Newstart@1
hostname: partnerse.workshop.captainvirtualization.in #### To be changed
jobservice:
  replicas: 1
  secret: VMware1!VMware1!
notary:
  enabled: true
registry:
  replicas: 1
  secret: VMware1!
secretKey: VMware1!VMware1!
tlsCertificate:
  tls.crt: |                     #### To be changed
    -----BEGIN CERTIFICATE-----
    MIIFSzCCBDOgAwIBAgISBATmPcts4X9IsNIqjj0ZwxwdMA0GCSqGSIb3DQEBCwUA
    MDIxCzYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
    EwJSMzAeFw0yMjAzMDkxMDQ3MjNaFw0yMjA2MDcDAqBgNVBAMM
    Iyoud29ya3Nob3AuY2FwdGFpbnZpcnR1YWxpemF0aW9uLmluMIIBIjANBgkqhkiG
    9w0BAQEFAKCAQEA3hf+Dux03kKGoqfia9jCmxNuFR4IBGw6w8zI
    6e5DCfILnQgFrKAW0GPCW//3NH/dcrkpc+v3DAxamwBVAdiYgGGmcjzIEs23p9CB
    l9SXJ0zYzmJ1tJ3d2Nt+/e5KwhXnzPATRne0y4bXNlhPt7a3Z2lMMD0leBkKZUNC
    KbOiuNRlBf1K1RurrHDLFyyhlfRsFKTIHxWPyw7RmfRPx+h+0PWJuZjqE0DgJ4/I
    p1FqINN1QkuX2hGg0NFOOqq8SYJl4/ZpgCLLtMjHQPcHKpjbcfhq3WhjQHBXN5h7
    sz81v5ECZa343lmQgGFiaS3IgCyygeeIHaKkaJ85kkQtyTk0rwIDAQABo4ICXTCC
    AlkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
    AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT792ux8B/R1bOw1NK5fTquO1iYdDAf
    BgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcw
    IQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYW
    aHR0cDovL3IzLmkubGVuY3Iub3JnLzAuBgNVHREEJzAlgiMqLndvcmtzaG9wLmNh
    cHRhaW52aXJ0dWFsaXphdGlvbi5pbjBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr
    BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
    Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AEalVet1+pEgMLWiiWn0830R
    LEF0vv1JuIWr8vxw/m1HAAABf26BUgAAAAQDAEcwRQIgK5+hc1TFWAUmL4lcg+e1
    w1qcwCmRsH1LebTvYwAJZjoCIQD40EFMkStDjpTZk3Svr4Orj1O0RiAksNFQOf6j
    1o2L+AB1AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABf26BUrIA
    AAQDAEYwRAIgGwQ/LpYOUSeqo/n3xBKuA70/trg3ShodwUeTGRm2sRkCIDngaYT2
    2u91IW43M9IYe2v9Po6t8bDJu9jhrYhDvU6sMA0GCSqGSIb3DQEBCwUAA4IBAQAQ
    hFIbSHmkFNLgLRrBbQ7ub9oChprK/J16+7+x+zk1STBc364F7YGusS7M8r0IWjp7
    JBVOIifQ3MZ/tPykqndehSdhmPlOWodL4CNdvHpdmNsfaf3wwDK3Da4SeVZvDIoa
    24QXri2pDNJarmkVTvjp7Uik8LlcFA+IFBwhg5H3xVpViGNo05KeKVNEBYgLwyTb
    /Esmz/GjmLme7CtfSCra4DEXfKE9iL8xK0J3gxARDMeXYtzdAIWfLursHIuN/DB0
    636Jq3ecFSOnwBDt2T/UYBYBnYHkx0aTqT7OJv31176pnV1Dfrq9IOpBJzZ9ffcH
    ya19r8TGgUn1Xmu5Vb3Q
    -----END CERTIFICATE-----
  tls.key: |                              #### To be changed
    -----BEGIN PRIVATE KEY-----
    MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAADeF/4O7HTeQoai
    p+Jr2MKbE24VHggEbDrDzMjp7kMJ8gudCAWsoBbQYSlz6/cMDFqb
    AFUB2JiAYaZyPMgSzben0IGX1JcnTNjOYnW0nd3Y23797krCFefM8BNGd7TLhtc2
    WE+3trdnaUwwPSV4GQplQ0Ips6K41GUF/UrVG6uscMUpMgfFY/LDtGZ
    9E/H6H7Q9Ym5mOoTQOAnj8inUWog03VCS5faEaDQ0U46qrxJgmXj9mmAIsu0yMdA
    9wcqmNtx+GrdaGNAcFc3mHuzPzW/kQJlrfjeWZCAYWJ54gdoqRonzmS
    RC3JOTSvAgMBAAECggEAJQ6NxoGvslIZUtR+VA5T0jo4uO9M2SgR2g+2SkoGB4fK
    ZkYrZDVF+Tlb+avI3IqlMXoxr3TkwK7jA0/X3zn7oBgrBI6dBNxsQ4C
    ctU83IkmtgNRuh7jfGTZS3mXTb+1e+wgxqGPk5C6I1gPbVEWimZrNKA3Tuv5L6t5
    Ic6ziGon5jXYD74DzbOkr/UEsjDgjRPIJtjZLhxHXTLRjlQEwfjsCtRLZX0c/36g
    NxJoW7ojJ01kmCgQsCmdL7OHvcxfErNuh9pkGYolD7IK8Oj+5s3zXZL1e8oCvERK
    NgEHSdBjjbWq5ixQlgLq/X9uVeFEW4lDrZr+1TQvYQKBgQD1EN3h+aLO8SJWOg1s
    rY1drO3ZMAVnTSeUD3xApmzFrIX+5OmBK1Mb1uQVRwtD9rIrJ/iG2//RGazI7Kzt
    gLTXe+fFWa3+8ZX3pou6g3IeVOrrxvXbf5KfzOUZw2ymVypMIAib2U2Bzdc+a3Qh
    K8yogw32IFVz89VJdjZIYVSHMQKBgQDoAL0NP0HivV9mVc3dJXi49s9V9ga0xaCC
    nLrHrmI9qUQM4DahTa5GlIISDjTQQVDYGRevk2uqdUZIKl4l3kOKNWD9sJowud56
    l0is8bu2cfBVsrG+nDUzG8w+Z5r4VGhW73DYclBou+waBZAayQtKe7by/2T4KD5V
    LZ7G5YRB3wKBgB8syx0hFZ3/vN99ORH3LgGZqxQy8K0Iep1yLttGkJXA8bbQRggh
    i8wB1TgDtqIpstacmhgFypA+FOXmfcUk11yGLaDEXMcO0oYTkLjkWdMT+GKQB9yp
    aOydMxPI8XxjoETY2l+BEEQP/G67WqWRndJeAZuq11QN07cpq5QflZIxAoGAOi8V
    OqFGsMq1hkC2pGOlZx3e2bwd6nA11Qvhe/qsALLWsjP4/3Mv5duQ015kuGXpFIkW
    e54JPnKy8Z5Ohki7v4mrjXQg919mAHC4dUcawKLKl3N9SER8wxiRnIT3RJhGoqbi
    MiZZLCsVB2GlxlHtVvy34TFT7TiKiWori8474RkCgYBE3RnCIQZnetA7mF9dpYap
    V2P4cfPVuKS88HbvbGe19nNwrW0Dd5BruW2howR8cBQtiSEy3ctuOvjVXU8mWyeF
    XXu/zh/Hbr577omG6R6XL/phzgBYkHijaLH/sjlcCYi0OtY1vuQXPkph7ij3hUox
    AnghoicIZ4J59NBd751O7w==
    -----END PRIVATE KEY-----
trivy:
  enabled: true
  replicas: 1
persistence:
    persistentVolumeClaim:
      registry:
        storageClass: ""
        accessMode: ReadWriteOnce
        size: 10Gi
      jobservice:
        storageClass: ""
        accessMode: ReadWriteOnce
        size: 1Gi
      database:
        storageClass: ""
        accessMode: ReadWriteOnce
        size: 1Gi
      redis:
        storageClass: ""
        accessMode: ReadWriteOnce
        size: 1Gi
      trivy:
        storageClass: ""
        accessMode: ReadWriteOnce
        size: 5Gi
    imageChartStorage:
      azure:                  #### To be changed (Optional)
        accountkey: dEIxNFZ6kN2Tnp3T1JtRzdDTEFVb1VXVEwrZDNKMXpSUDhJMlUrM2ZVOUxHWTNtVDNxUWVzRkNlTkxLajh0emZoNEFLYzFYWWc9PQo=
        accountname: harborregistry   #### To be changed (Optional)
        container: harborcontainer       #### To be changed (Optional)
        realm: core.windows.net              #### To be changed (Optional)

 

  • Install Package
  • Verify the pods, this might take ~5 mins to complete
$ kubectl get pods -n tanzu-system-registry --kubeconfig ~/.kube/config-tkg
NAME                                    READY   STATUS    RESTARTS   AGE
harbor-core-6f6ddcb868-vnxjz            1/1     Running   1          2m40s
harbor-database-0                       1/1     Running   0          2m40s
harbor-jobservice-86b5f86c54-8cx9w      1/1     Running   1          2m42s
harbor-notary-server-7d7ff56c64-h7n5t   1/1     Running   1          2m39s
harbor-notary-signer-7494f78d78-7q5z5   1/1     Running   1          2m39s
harbor-portal-7dbcd8d765-lbxkl          1/1     Running   0          2m39s
harbor-redis-0                          1/1     Running   0          2m38s
harbor-registry-68498657fb-m4b8g        2/2     Running   0          2m38s
harbor-trivy-0                          0/1     Pending   0          2m38s

Note the Load Balancer External IP and make an entry in your local machine ( /etc/hosts ) mapping the IP to partnerse.workshop.captainvirtualization.in or whatever domain you have mentioned in harbor config file.

kubectl get svc -n tanzu-system-ingress --kubeconfig ~/.kube/config-tkg

 Access Harbor

Access the url, Enter the credentials as given in harbor config file:

admin, Newstart@1

  • In Harbor > Create a New project > demo-proj with Access Level as Public

Push an Image to Harbor

  • Run below commands in the machine from where you would like to authenticate to Harbor registry:
cd /etc/docker/ 

sudo mkdir certs.d 

cd certs.d/ 

sudo mkdir partnerse.workshop.captainvirtualization.in 

cd partnerse.workshop.captainvirtualization.in/ 

sudo vi ca.crt
  • Copy below content into crt file and save.

Note: Below config is prepared for domain partnerse.workshop.captainvirtualization.in and is just for reference, if you are using a different domain: provide a different cert file.

-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISBATmPcts4X9IsNIqjj0ZwxwdMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeaFw0yMjA2MDcxMDQ3MjJaMC4xLDAqBgNVBAMM
Iyoud29ya3Nob3AuY2FwdGFpbnZpcnR1YWxpemF0aW9uLmluMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hf+Dux03kBGw6w8zI
6e5DCfILnQgFrKAW0GPCW//3NH/dcrkpc+v3DAxamwBVAdiYgGGmcjzIEs23p9CB
l9SXJ0zYzmJ1tJ3d2Nt+/e5KwhXnzPATRne0y4bXNlhPt7a3Z2lMMD0leBkKZUNC
KbOiuNRlBf1K1RurrHDLFyyhlfRsFKTIHxWPyw7RmfRPx+h+0PWJuZjqE0DgJ4/I
p1FqINN1SYJl4/ZpgCLLtMjHQPcHKpjbcfhq3WhjQHBXN5h7
sz81v5ECZa343lmQgGFiaS3IgCyygeeIHaKkaJ85kkQtyTk0rwIDAQABo4ICXTCC
AlkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT792ux8B/R1bOw1NK5fTquO1iYdDAf
BgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcw
IQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYW
aHR0cDovL3IzLmkubGVuY3Iub3JnLzAuBgNVHREEJzAlgiMqLndvcmtzaG9wLmNh
cHRhaW52aXJ0dWFsaXphdGlvbi5pbjBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr
BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AEalVet1+pEgMLWiiWn0830R
LEF0vv1JuIWr8vxw/m1HAAABf26BUgAAAAQDAEcwRQIgK5+hc1TFWAUmL4lcg+e1
w1qcwCmRsH1LebTvYwAJZjoCIQD40EFMkStDjpTZk3Svr4Orj1O0RiAksNFQOf6j
1o2L+AB1AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABf26BUrIA
AAQDAEYwRAIgGwQ/LpYOUSeqo/n3xBKuA70/trg3ShodwUeTGRm2sRkCIDngaYT2
2u91IW43M9IYe2v9Po6t8bDJu9jhrYhDvU6sMA0GCSqGSIb3DQEBCwUAA4IBAQAQ
hFIbSHmkFNLgLRrBbQ7ub9oChprK/J16+7+x+zk1STBc364F7YGusS7M8r0IWjp7
JBVOIifQ3MZ/tPykqndehSdhmPlOWodL4CNdvHpdmNsfaf3wwDK3Da4SeVZvDIoa
24QXri2pDNJarmkVTvjp7Uik8LlcFA+IFBwhg5H3xVpViGNo05KeKVNEBYgLwyTb
/Esmz/GjmLme7CtfSCra4DEXfKE9iL8xK0J3gxARDMeXYtzdAIWfLursHIuN/DB0
636Jq3ecFSOnwBDt2T/UYBYBnYHkx0aTqT7OJv31176pnV1Dfrq9IOpBJzZ9ffcH
ya19r8TGgUn1Xmu5Vb3Q
-----END CERTIFICATE-----
  • Execute below :
# Login to Harbor registry using docker commands in jumpbox 

docker login partnerse.workshop.captainvirtualization.in
 
# Enter the credentials : username – admin , password - Newstart@1

# Once successfully logged in, pull nginx image from public repo

docker pull nginx

# List the images
 
docker images

# Tag the image
 
docker tag nginx partnerse.workshop.captainvirtualization.in/demo-proj/nginx-harbor:latest

# List the images
 
docker images

# Push the image into Harbor repo created earlier
 
docker push partnerse.workshop.captainvirtualization.in/demo-proj/nginx-harbor
  • Verify the image in harbor registry > demo-proj repo: