Refer to this topic to push the standard packages from the public container registry to a private Harbor registry that is running as a Supervisor Service.
Prerequisites
Complete the following prerequisites:
- Install the Harbor Supervisor Service.
- Configure an Ubuntu host as a Docker client. See Configure a Docker Client with the Harbor Registry Certificate.
- Install jq on the Ubuntu host. See https://jqlang.github.io/jq/download/.
Install the Carvel Image Package Utility
Install the Carvel
imgpkg utility on the Ubuntu client where kubectl is installed.
- Install
imgpkg.wget -O- https://carvel.dev/install.sh > install.sh sudo bash install.sh
- Verify installation.
imgpkg version
Expected result:imgpkg version 0.41.1
List the Available Images for Each Standard Package
Cert Manager
imgpkg tag list -i projects.registry.vmware.com/tkg/packages/standard/cert-manager
Contour with Envoy
imgpkg tag list -i projects.registry.vmware.com/tkg/packages/standard/contour
ExternalDNS
imgpkg tag list -i projects.registry.vmware.com/tkg/packages/standard/external-dns
Prometheus with Alertmanager
imgpkg tag list -i projects.registry.vmware.com/tkg/packages/standard/prometheus
Grafana
imgpkg tag list -i projects.registry.vmware.com/tkg/packages/standard/grafana
Fluent Bit
imgpkg tag list -i projects.registry.vmware.com/tkg/packages/standard/fluent-bit
Harbor
imgpkg tag list -i projects.registry.vmware.com/tkg/packages/standard/harbor
Pull the Standard Package Images from the Public VMware Registry
Pull the standard Tanzu packages from the Public VMware registry at https://projects.registry.vmware.com/. Update the version to match the version want to pull.
Cert Manager
docker pull projects.registry.vmware.com/tkg/packages/standard/cert-manager:v1.7.2_vmware.3-tkg.3
Contour with Envoy
docker pull projects.registry.vmware.com/tkg/packages/standard/contour:v1.23.5_vmware.1-tkg.1
ExternalDNS
docker pull projects.registry.vmware.com/tkg/packages/standard/external-dns:v0.12.2_vmware.5-tkg.1
Prometheus with Alertmanager
docker pull projects.registry.vmware.com/tkg/packages/standard/prometheus:v2.37.0_vmware.3-tkg.1
Grafana
docker pull projects.registry.vmware.com/tkg/packages/standard/grafana:v7.5.17_vmware.2-tkg.1
Fluent Bit
docker pull projects.registry.vmware.com/tkg/packages/standard/fluent-bit:v1.9.5_vmware.1-tkg.2
Harbor
docker pull projects.registry.vmware.com/tkg/packages/standard/harbor:v2.7.1_vmware.1-tkg.1
Create a Project in the Private Harbor Registry
Create a public project in Harbor for hosting the Tanzu Packages.
- Log in to the private Harbor registry.
- In Harbor select .
- Create a new public project named tanzu-packages.
Tag the Standard Package Images
Tag the images using the following syntax.
docker tag SOURCE_IMAGE[:TAG] harbordomain.com/tanzu-packages/REPOSITORY[:TAG]
Where:
- SOURCE_IMAGE[:TAG] is the name of the image you pulled
- harbordomain.com is the DNS name of your Harbor server
- REPOSITORY[:TAG] is the name of the image tag
Cert Manager
docker tag projects.registry.vmware.com/tkg/packages/standard/cert-manager:v1.7.2_vmware.3-tkg.3 harbordomain.com/tanzu-packages/cert-manager:v1.7.2
Contour with Envoy
docker tag projects.registry.vmware.com/tkg/packages/standard/contour:v1.23.5_vmware.1-tkg.1 harbordomain.com/tanzu-packages/contour:v1.23.5
ExternalDNS
docker tag projects.registry.vmware.com/tkg/packages/standard/external-dns:v0.12.2_vmware.5-tkg.1 harbordomain.com/tanzu-packages/external-dns:v0.12.2
Prometheus with Alertmanager
docker tag projects.registry.vmware.com/tkg/packages/standard/prometheus:v2.37.0_vmware.3-tkg.1 harbordomain.com/tanzu-packages/prometheus:v2.37.0
Grafana
docker tag projects.registry.vmware.com/tkg/packages/standard/grafana:v7.5.17_vmware.2-tkg.1 harbordomain.com/tanzu-packages/grafana:v7.5.17
Fluent Bit
docker tag projects.registry.vmware.com/tkg/packages/standard/fluent-bit:v1.9.5_vmware.1-tkg.2 harbordomain.com/tanzu-packages/fluent-bit:v1.9.5
Harbor
docker tag projects.registry.vmware.com/tkg/packages/standard/harbor:v2.7.1_vmware.1-tkg.1 harbordomain.com/tanzu-packages/harbor:v2.7.1
Push the Standard Package Images to the Private Harbor Registry
Push the images using the following syntax.
docker push harbordomain.com/tanzu-packages/PACKAGE
Where:
- harbordomain.com is the DNS name of your Harbor server
- tanzu-packages is the name of the Harbor project
- PACKAGE is the name of the Tanzu package
- vX.X.X is the tag version of the package
Cert Manager
docker push harbordomain.com/tanzu-packages/cert-manager:v1.7.2
Contour with Envoy
docker push harbordomain.com/tanzu-packages/contour:v1.23.5
ExternalDNS
docker push harbordomain.com/tanzu-packages/external-dns:v0.12.2
Prometheus with Alertmanager
docker push harbordomain.com/tanzu-packages/prometheus:v2.37.0
Grafana
docker push harbordomain.com/tanzu-packages/grafana:v7.5.17
Fluent Bit
docker push harbordomain.com/tanzu-packages/fluent-bit:v1.9.5
Harbor
docker push harbordomain.com/tanzu-packages/harbor:v2.7.1
After you push the images to the private Harbor registry, verify that you see each image in the Harbor web interface.
Figure 1. Tanzu Standard Packages in Private Harbor Registry
Pull a Container Image for Deployment
To verify that the images are in the private Harbor registry, pull an image from there using the following syntax:
docker pull harbordomain.com/tanzu-packages/PACKAGE:TAG
For example:
docker pull harbordomain.com/tanzu-packages/fluent-bit:v1.9.5
You can use cURL to invoke the Harbor API and list the packages. To do this, download the Harbor certificate from the Harbor web interface and then run the following command:
curl -X 'GET' 'https://harbordomain.com/api/v2.0/projects/tanzu-packages/repositories?page=1&page_size=-1' -H 'accept: application/json' --cacert ca.crt | jq '.[].name'
The command returns the tanzu-packages that are available.
"tanzu-packages/harbor" "tanzu-packages/fluent-bit" "tanzu-packages/grafana" "tanzu-packages/prometheus" "tanzu-packages/external-dns" "tanzu-packages/contour" "tanzu-packages/cert-manager"
