This topic provides reference information for the Harbor Registry package.
About Harbor Registry
Harbor (https://goharbor.io/) is open source container registry system that provides an image repository, image vlunerability scanning, and project administration.
- TKr for vSphere 8.x: Install Harbor Registry
- TKr for vSphere 7.x:
Harbor Components
| Container | Resource Type | Replicas | Description |
|---|---|---|---|
harbor-core |
Deployment | 1 | Management and configuration server for Envoy |
harbor-database |
Pod | 1 | Postgres database |
harbor-jobservice |
Deployment | 1 | Harbor job service |
harbor-notary-server |
Deployment | 1 | Harbor notary service |
harbor-notary-signer |
Deployment | 1 | Harbor notary |
harbor-portal |
Deployment | 1 | Harbor web interface |
harbor-redis |
Pod | 1 | Harbor redis instance |
harbor-registry |
Deployment | 2 | Harbor container registry instance |
harbor-trivy |
Pod | 1 | Harbor image vulnerability scanner |
Harbor Data Values
Below are example harbor-data-values for installing Harbor.
| Data Value | Description |
|---|---|
hostname: myharbordomain.com |
The FQDN for accessing Harbor admin UI and Registry service. |
harborAdminPassword: change-it |
The initial password for the Harbor admin account. This is applied only during installation. You can update it using the Harbor UI or API after installation. |
secretKey: 0123456789ABCDEF |
The secret key used for encryption. Must be a string of 16 chars. |
database.password: change-it |
The initial password of the postgres database. |
core.secret: change-it |
Secret is used when core server communicates with other components. |
xsrfKey: 0123456789ABCDEF0123456789ABCDEF |
The XSRF key. Must be a string of 32 chars. |
jobservice.secret: change-it |
Secret is used when job service communicates with other components. |
registry.secret: change-it |
Secret is used to secure the upload state from client and registry storage backend. |
persistence.persistentVolumeClaim.registry.storageClass: mystorageclass |
Specify the vSphere storage policy used to provision the volume. |
persistence.persistentVolumeClaim.jobservice.storageClass: mystorageclass |
Specify the vSphere storage policy used to provision the volume. |
persistence.persistentVolumeClaim.database.storageClass: mystorageclass |
Specify the vSphere storage policy used to provision the volume. |
persistence.persistentVolumeClaim.redis.storageClass: mystorageclass |
Specify the vSphere storage policy used to provision the volume. |
persistence.persistentVolumeClaim.trivy.storageClass: mystorageclass |
Specify the vSphere storage policy used to provision the volume. |
Harbor Configuration
The Harbor configuration is set in the harbor-data-values.yaml file. The table lists and describes the minimum required fields for deployment.
| Property | Value | Description |
|---|---|---|
| hostname |
FQDN |
The FQDN that you have designated to access the Harbor UI and for referencing the registry in client applications. The domain should be configured in an external DNS server such that it resolves to the Envoy Service IP created by Contour. |
| tlsCertificate.tlsSecretLabels |
{"managed-by": "vmware-vRegistry"} |
The certificate that Tanzu Kubernetes Grid uses to install the Harbor CA as a trusted root on Tanzu Kubernetes Grid clusters. |
| persistence.persistentVolumeClaim.registry.storageClass |
A storage policy name. |
A storage class that is used for the Harbor registry PVCs. |
| persistence.persistentVolumeClaim.jobservice.storageClass |
A storage policy name. |
A storage class that is used for the Harbor jobservice PVCs. |
| persistence.persistentVolumeClaim.database.storageClass |
A storage policy name. |
A storage class that is used for the Harbor database PVCs. |
| persistence.persistentVolumeClaim.redis.storageClass |
A storage policy name. |
A storage class that is used for the Harbor redis PVCs. |
| persistence.persistentVolumeClaim.trivy.storageClass |
A storage policy name. |
A storage class that is used for Harbor trivy PVCs. |
