Install Harbor using TMC Catalog

Reading Time: 3 mins

In this post, let me take you through the steps to install contour package into TKG cluster from TMC Console. If you are looking for detailed steps to deploy TKG cluster on Azure, refer to post. I have already attached the workload cluster (capv-workload) into TMC using TMC CLI. Refer to post to know the steps for attaching workload cluster.

Pre reqs:

  • Install cert-manager : Follow the steps here to install cert-manager
  • Install Contour: Follow the steps here to install Contour

Install Harbor

In TMC Console: Catalog > select cluster capv-workload from drop down and click on Harbor

  • Click on Install Package which can be found on top right side of the page

  • Name the Installed package name as : capv-workload-harbor and click NEXT

  • Package install resources: Leave to Default and click NEXT
  • Configure values: Provide below values
Note:
  1. Below config is prepared for domain partnerse.workshop.captainvirtualization.in, if you are using a different domain: generate a wildcard certificate and replace the values in below config file.
  2. imageChartStorage used in this config is Azure blob, you can change the same by replacing the values.
  3. cert and keys mentioned below are not completely correct due to security issue, please refrain from using the same.
core:
replicas: 1
secret: VMware1!VMware1!
xsrfKey: VMware1!VMware1!VMware1!VMware1!
database:
password: VMware1!VMware1!
harborAdminPassword: Newstart@1
hostname: partnerse.workshop.captainvirtualization.in #### To be changed
jobservice:
replicas: 1
secret: VMware1!VMware1!
notary:
enabled: true
registry:
replicas: 1
secret: VMware1!
secretKey: VMware1!VMware1!
tlsCertificate:
tls.crt: | #### To be changed
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISBATmPcts4X9IsNIqjj0ZwxwdMA0GCSqGSIb3DQEBCwUA
MDIxCzYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjAzMDkxMDQ3MjNaFw0yMjA2MDcDAqBgNVBAMM
Iyoud29ya3Nob3AuY2FwdGFpbnZpcnR1YWxpemF0aW9uLmluMIIBIjANBgkqhkiG
9w0BAQEFAKCAQEA3hf+Dux03kKGoqfia9jCmxNuFR4IBGw6w8zI
6e5DCfILnQgFrKAW0GPCW//3NH/dcrkpc+v3DAxamwBVAdiYgGGmcjzIEs23p9CB
l9SXJ0zYzmJ1tJ3d2Nt+/e5KwhXnzPATRne0y4bXNlhPt7a3Z2lMMD0leBkKZUNC
KbOiuNRlBf1K1RurrHDLFyyhlfRsFKTIHxWPyw7RmfRPx+h+0PWJuZjqE0DgJ4/I
p1FqINN1QkuX2hGg0NFOOqq8SYJl4/ZpgCLLtMjHQPcHKpjbcfhq3WhjQHBXN5h7
sz81v5ECZa343lmQgGFiaS3IgCyygeeIHaKkaJ85kkQtyTk0rwIDAQABo4ICXTCC
AlkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT792ux8B/R1bOw1NK5fTquO1iYdDAf
BgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcw
IQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYW
aHR0cDovL3IzLmkubGVuY3Iub3JnLzAuBgNVHREEJzAlgiMqLndvcmtzaG9wLmNh
cHRhaW52aXJ0dWFsaXphdGlvbi5pbjBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr
BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AEalVet1+pEgMLWiiWn0830R
LEF0vv1JuIWr8vxw/m1HAAABf26BUgAAAAQDAEcwRQIgK5+hc1TFWAUmL4lcg+e1
w1qcwCmRsH1LebTvYwAJZjoCIQD40EFMkStDjpTZk3Svr4Orj1O0RiAksNFQOf6j
1o2L+AB1AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABf26BUrIA
AAQDAEYwRAIgGwQ/LpYOUSeqo/n3xBKuA70/trg3ShodwUeTGRm2sRkCIDngaYT2
2u91IW43M9IYe2v9Po6t8bDJu9jhrYhDvU6sMA0GCSqGSIb3DQEBCwUAA4IBAQAQ
hFIbSHmkFNLgLRrBbQ7ub9oChprK/J16+7+x+zk1STBc364F7YGusS7M8r0IWjp7
JBVOIifQ3MZ/tPykqndehSdhmPlOWodL4CNdvHpdmNsfaf3wwDK3Da4SeVZvDIoa
24QXri2pDNJarmkVTvjp7Uik8LlcFA+IFBwhg5H3xVpViGNo05KeKVNEBYgLwyTb
/Esmz/GjmLme7CtfSCra4DEXfKE9iL8xK0J3gxARDMeXYtzdAIWfLursHIuN/DB0
636Jq3ecFSOnwBDt2T/UYBYBnYHkx0aTqT7OJv31176pnV1Dfrq9IOpBJzZ9ffcH
ya19r8TGgUn1Xmu5Vb3Q
-----END CERTIFICATE-----
tls.key: | #### To be changed
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAADeF/4O7HTeQoai
p+Jr2MKbE24VHggEbDrDzMjp7kMJ8gudCAWsoBbQYSlz6/cMDFqb
AFUB2JiAYaZyPMgSzben0IGX1JcnTNjOYnW0nd3Y23797krCFefM8BNGd7TLhtc2
WE+3trdnaUwwPSV4GQplQ0Ips6K41GUF/UrVG6uscMUpMgfFY/LDtGZ
9E/H6H7Q9Ym5mOoTQOAnj8inUWog03VCS5faEaDQ0U46qrxJgmXj9mmAIsu0yMdA
9wcqmNtx+GrdaGNAcFc3mHuzPzW/kQJlrfjeWZCAYWJ54gdoqRonzmS
RC3JOTSvAgMBAAECggEAJQ6NxoGvslIZUtR+VA5T0jo4uO9M2SgR2g+2SkoGB4fK
ZkYrZDVF+Tlb+avI3IqlMXoxr3TkwK7jA0/X3zn7oBgrBI6dBNxsQ4C
ctU83IkmtgNRuh7jfGTZS3mXTb+1e+wgxqGPk5C6I1gPbVEWimZrNKA3Tuv5L6t5
Ic6ziGon5jXYD74DzbOkr/UEsjDgjRPIJtjZLhxHXTLRjlQEwfjsCtRLZX0c/36g
NxJoW7ojJ01kmCgQsCmdL7OHvcxfErNuh9pkGYolD7IK8Oj+5s3zXZL1e8oCvERK
NgEHSdBjjbWq5ixQlgLq/X9uVeFEW4lDrZr+1TQvYQKBgQD1EN3h+aLO8SJWOg1s
rY1drO3ZMAVnTSeUD3xApmzFrIX+5OmBK1Mb1uQVRwtD9rIrJ/iG2//RGazI7Kzt
gLTXe+fFWa3+8ZX3pou6g3IeVOrrxvXbf5KfzOUZw2ymVypMIAib2U2Bzdc+a3Qh
K8yogw32IFVz89VJdjZIYVSHMQKBgQDoAL0NP0HivV9mVc3dJXi49s9V9ga0xaCC
nLrHrmI9qUQM4DahTa5GlIISDjTQQVDYGRevk2uqdUZIKl4l3kOKNWD9sJowud56
l0is8bu2cfBVsrG+nDUzG8w+Z5r4VGhW73DYclBou+waBZAayQtKe7by/2T4KD5V
LZ7G5YRB3wKBgB8syx0hFZ3/vN99ORH3LgGZqxQy8K0Iep1yLttGkJXA8bbQRggh
i8wB1TgDtqIpstacmhgFypA+FOXmfcUk11yGLaDEXMcO0oYTkLjkWdMT+GKQB9yp
aOydMxPI8XxjoETY2l+BEEQP/G67WqWRndJeAZuq11QN07cpq5QflZIxAoGAOi8V
OqFGsMq1hkC2pGOlZx3e2bwd6nA11Qvhe/qsALLWsjP4/3Mv5duQ015kuGXpFIkW
e54JPnKy8Z5Ohki7v4mrjXQg919mAHC4dUcawKLKl3N9SER8wxiRnIT3RJhGoqbi
MiZZLCsVB2GlxlHtVvy34TFT7TiKiWori8474RkCgYBE3RnCIQZnetA7mF9dpYap
V2P4cfPVuKS88HbvbGe19nNwrW0Dd5BruW2howR8cBQtiSEy3ctuOvjVXU8mWyeF
XXu/zh/Hbr577omG6R6XL/phzgBYkHijaLH/sjlcCYi0OtY1vuQXPkph7ij3hUox
AnghoicIZ4J59NBd751O7w==
-----END PRIVATE KEY-----
trivy:
enabled: true
replicas: 1
persistence:
persistentVolumeClaim:
registry:
storageClass: ""
accessMode: ReadWriteOnce
size: 10Gi
jobservice:
storageClass: ""
accessMode: ReadWriteOnce
size: 1Gi
database:
storageClass: ""
accessMode: ReadWriteOnce
size: 1Gi
redis:
storageClass: ""
accessMode: ReadWriteOnce
size: 1Gi
trivy:
storageClass: ""
accessMode: ReadWriteOnce
size: 5Gi
imageChartStorage:
azure: #### To be changed (Optional)
accountkey: dEIxNFZ6kN2Tnp3T1JtRzdDTEFVb1VXVEwrZDNKMXpSUDhJMlUrM2ZVOUxHWTNtVDNxUWVzRkNlTkxLajh0emZoNEFLYzFYWWc9PQo=
accountname: harborregistry #### To be changed (Optional)
container: harborcontainer #### To be changed (Optional)
realm: core.windows.net #### To be changed (Optional)

 

  • Install Package
  • Verify the pods, this might take ~5 mins to complete
$ kubectl get pods -n tanzu-system-registry --kubeconfig ~/.kube/config-tkg
NAME READY STATUS RESTARTS AGE
harbor-core-6f6ddcb868-vnxjz 1/1 Running 1 2m40s
harbor-database-0 1/1 Running 0 2m40s
harbor-jobservice-86b5f86c54-8cx9w 1/1 Running 1 2m42s
harbor-notary-server-7d7ff56c64-h7n5t 1/1 Running 1 2m39s
harbor-notary-signer-7494f78d78-7q5z5 1/1 Running 1 2m39s
harbor-portal-7dbcd8d765-lbxkl 1/1 Running 0 2m39s
harbor-redis-0 1/1 Running 0 2m38s
harbor-registry-68498657fb-m4b8g 2/2 Running 0 2m38s
harbor-trivy-0 0/1 Pending 0 2m38s

Note the Load Balancer External IP and make an entry in your local machine ( /etc/hosts ) mapping the IP to partnerse.workshop.captainvirtualization.in or whatever domain you have mentioned in harbor config file.

kubectl get svc -n tanzu-system-ingress --kubeconfig ~/.kube/config-tkg

 Access Harbor

Access the url, Enter the credentials as given in harbor config file:

admin, Newstart@1

  • In Harbor > Create a New project > demo-proj with Access Level as Public

Push an Image to Harbor

  • Run below commands in the machine from where you would like to authenticate to Harbor registry:
cd /etc/docker/ 

sudo mkdir certs.d

cd certs.d/

sudo mkdir partnerse.workshop.captainvirtualization.in

cd partnerse.workshop.captainvirtualization.in/

sudo vi ca.crt
  • Copy below content into crt file and save.

Note: Below config is prepared for domain partnerse.workshop.captainvirtualization.in and is just for reference, if you are using a different domain: provide a different cert file.

-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISBATmPcts4X9IsNIqjj0ZwxwdMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeaFw0yMjA2MDcxMDQ3MjJaMC4xLDAqBgNVBAMM
Iyoud29ya3Nob3AuY2FwdGFpbnZpcnR1YWxpemF0aW9uLmluMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hf+Dux03kBGw6w8zI
6e5DCfILnQgFrKAW0GPCW//3NH/dcrkpc+v3DAxamwBVAdiYgGGmcjzIEs23p9CB
l9SXJ0zYzmJ1tJ3d2Nt+/e5KwhXnzPATRne0y4bXNlhPt7a3Z2lMMD0leBkKZUNC
KbOiuNRlBf1K1RurrHDLFyyhlfRsFKTIHxWPyw7RmfRPx+h+0PWJuZjqE0DgJ4/I
p1FqINN1SYJl4/ZpgCLLtMjHQPcHKpjbcfhq3WhjQHBXN5h7
sz81v5ECZa343lmQgGFiaS3IgCyygeeIHaKkaJ85kkQtyTk0rwIDAQABo4ICXTCC
AlkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBT792ux8B/R1bOw1NK5fTquO1iYdDAf
BgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcw
IQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYW
aHR0cDovL3IzLmkubGVuY3Iub3JnLzAuBgNVHREEJzAlgiMqLndvcmtzaG9wLmNh
cHRhaW52aXJ0dWFsaXphdGlvbi5pbjBMBgNVHSAERTBDMAgGBmeBDAECATA3Bgsr
BgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0
Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AEalVet1+pEgMLWiiWn0830R
LEF0vv1JuIWr8vxw/m1HAAABf26BUgAAAAQDAEcwRQIgK5+hc1TFWAUmL4lcg+e1
w1qcwCmRsH1LebTvYwAJZjoCIQD40EFMkStDjpTZk3Svr4Orj1O0RiAksNFQOf6j
1o2L+AB1AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABf26BUrIA
AAQDAEYwRAIgGwQ/LpYOUSeqo/n3xBKuA70/trg3ShodwUeTGRm2sRkCIDngaYT2
2u91IW43M9IYe2v9Po6t8bDJu9jhrYhDvU6sMA0GCSqGSIb3DQEBCwUAA4IBAQAQ
hFIbSHmkFNLgLRrBbQ7ub9oChprK/J16+7+x+zk1STBc364F7YGusS7M8r0IWjp7
JBVOIifQ3MZ/tPykqndehSdhmPlOWodL4CNdvHpdmNsfaf3wwDK3Da4SeVZvDIoa
24QXri2pDNJarmkVTvjp7Uik8LlcFA+IFBwhg5H3xVpViGNo05KeKVNEBYgLwyTb
/Esmz/GjmLme7CtfSCra4DEXfKE9iL8xK0J3gxARDMeXYtzdAIWfLursHIuN/DB0
636Jq3ecFSOnwBDt2T/UYBYBnYHkx0aTqT7OJv31176pnV1Dfrq9IOpBJzZ9ffcH
ya19r8TGgUn1Xmu5Vb3Q
-----END CERTIFICATE-----
  • Execute below :
# Login to Harbor registry using docker commands in jumpbox 

docker login partnerse.workshop.captainvirtualization.in

# Enter the credentials : username – admin , password - Newstart@1

# Once successfully logged in, pull nginx image from public repo

docker pull nginx

# List the images

docker images

# Tag the image

docker tag nginx partnerse.workshop.captainvirtualization.in/demo-proj/nginx-harbor:latest

# List the images

docker images

# Push the image into Harbor repo created earlier

docker push partnerse.workshop.captainvirtualization.in/demo-proj/nginx-harbor
  • Verify the image in harbor registry > demo-proj repo: