Prerequisites
- For Self-signed certificates for Harbor, follow the below procedure:
- Copy the Harbor Certs file in
/etc/ssl/certs
directory. - If you do not have permission to the directory
/etc/ssl/certs
, then put the Harbor Cert in any other location where you have access, and run the below command:trust anchor <path-to-cert>
- If
trust
command is not available, then installp11-kit-trust
package which containstrust
command.
- If
- Copy the Harbor Certs file in
- Set the following variable based on the Harbor version that you are using
- Harbor 2.4 and above only supports OCI complaint artifacts. For this use the following command,
export PUSH_CHART_AS_OCI_ARTIFACT=true
- Harbor <= 2.3 and >= 2.x supports both chartrepo and OCI. For this use the following command,
export PUSH_CHART_AS_OCI_ARTIFACT=true
- For Harbor 1.x use the following command,
PUSH_TO_CHART_REPO=true
- Harbor 2.4 and above only supports OCI complaint artifacts. For this use the following command,
- To push the artifacts to the registry, run the following command.
root [ ~/upgrade/tcx-deployer/clis]# ./tcxctl push --artifacts-path $TCSA_WORK_SPACE/tcx-deployer/ --registry <harbor-registry-fqdn>/<project-name> --registry-password <your-registry-password> --registry-username <your-registry-username> --registry-cert <path-to-your-registry-ca-certificate-file>
Note:- If you do not want to specify the registry user name and password in the installation script, perform Docker login.
To log in to Docker, run the following command if podman-docker is installed in the deployment host.
docker login <harbor-fqdn> --compat-auth-file=/root/.docker/config.json
- If podman-docker is installed on the Deployer Host, ignore the following message and warnings while running docker commands.
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
- To log in to Docker, run the following command if docker is installed in the deployment host.
docker login <harbor-fqdn>
- If you do not want to specify the registry user name and password in the installation script, perform Docker login.
- To deploy the core component, run the following command.
root [ ~/upgrade/tcx-deployer/clis]# ./tcxctl deploy core --kubeconfig /root/.kube/<kubeconfig filename> --tag-file $TCSA_WORK_SPACE/tcx-deployer/scripts/imgpkg_tags.yaml --registry <harbor-registry-fqdn>/<project-name> --registry-password <your-registry-password> --registry-username <your-registry-username> --registry-cert <path-to-the-registry-ca-certificate-file>
Note:- Ensure that the
--registry-password
is passed inside single quotation if you are passing this to the installation script. - The
--registry-cert
is an optional parameter. If you are using a private certification-based Harbor, you must pass a certificate path value to it.
- Ensure that the