Prerequisites
  • For Self-signed certificates for Harbor, follow the below procedure:
    • Copy the Harbor Certs file in /etc/ssl/certs directory.
    • If you do not have permission to the directory /etc/ssl/certs, then put the Harbor Cert in any other location where you have access, and run the below command:
      trust anchor <path-to-cert>
      • If trust command is not available, then install p11-kit-trust package which contains trust command.
  • Set the following variable based on the Harbor version that you are using
    • Harbor 2.4 and above only supports OCI complaint artifacts. For this use the following command,
      export PUSH_CHART_AS_OCI_ARTIFACT=true
    • Harbor <= 2.3 and >= 2.x supports both chartrepo and OCI. For this use the following command,
      export PUSH_CHART_AS_OCI_ARTIFACT=true
    • For Harbor 1.x use the following command,
      PUSH_TO_CHART_REPO=true
    For more information, see Using tcxctl Commands.
  • To push the artifacts to the registry, run the following command.
    root [ ~/upgrade/tcx-deployer/clis]# ./tcxctl push --artifacts-path $TCSA_WORK_SPACE/tcx-deployer/ --registry <harbor-registry-fqdn>/<project-name> --registry-password <your-registry-password> --registry-username <your-registry-username> --registry-cert <path-to-your-registry-ca-certificate-file>
    Note:
    • If you do not want to specify the registry user name and password in the installation script, perform Docker login.
      To log in to Docker, run the following command if podman-docker is installed in the deployment host.
      docker login <harbor-fqdn> --compat-auth-file=/root/.docker/config.json
    • If podman-docker is installed on the Deployer Host, ignore the following message and warnings while running docker commands.
      Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
    • To log in to Docker, run the following command if docker is installed in the deployment host.
      docker login <harbor-fqdn>
  • To deploy the core component, run the following command.
    root [ ~/upgrade/tcx-deployer/clis]# ./tcxctl deploy core --kubeconfig /root/.kube/<kubeconfig filename> --tag-file $TCSA_WORK_SPACE/tcx-deployer/scripts/imgpkg_tags.yaml --registry <harbor-registry-fqdn>/<project-name> --registry-password <your-registry-password> --registry-username <your-registry-username> --registry-cert <path-to-the-registry-ca-certificate-file>
    Note:
    • Ensure that the --registry-password is passed inside single quotation if you are passing this to the installation script.
    • The --registry-cert is an optional parameter. If you are using a private certification-based Harbor, you must pass a certificate path value to it.