This topic provides reference information for the Harbor Registry package.

About Harbor Registry

Harbor (https://goharbor.io/) is open source container registry system that provides an image repository, image vlunerability scanning, and project administration.

To install the Harbor package on a TKG cluster on Supervisor, refer to the following topics:

Harbor Components

The Harbor package installs on the cluster the containers listed in the table. The package pulls the containers from the public registry specified in package repository.
Container Resource Type Replicas Description
harbor-core Deployment 1 Management and configuration server for Envoy
harbor-database Pod 1 Postgres database
harbor-jobservice Deployment 1 Harbor job service
harbor-notary-server Deployment 1 Harbor notary service
harbor-notary-signer Deployment 1 Harbor notary
harbor-portal Deployment 1 Harbor web interface
harbor-redis Pod 1 Harbor redis instance
harbor-registry Deployment 2 Harbor container registry instance
harbor-trivy Pod 1 Harbor image vulnerability scanner

Harbor Data Values

Below are example harbor-data-values for installing Harbor.

Data Value Description
hostname: myharbordomain.com The FQDN for accessing Harbor admin UI and Registry service.
harborAdminPassword: change-it The initial password for the Harbor admin account. This is applied only during installation. You can update it using the Harbor UI or API after installation.
secretKey: 0123456789ABCDEF The secret key used for encryption. Must be a string of 16 chars.
database.password: change-it The initial password of the postgres database.
core.secret: change-it Secret is used when core server communicates with other components.
xsrfKey: 0123456789ABCDEF0123456789ABCDEF The XSRF key. Must be a string of 32 chars.
jobservice.secret: change-it Secret is used when job service communicates with other components.
registry.secret: change-it Secret is used to secure the upload state from client and registry storage backend.
persistence.persistentVolumeClaim.registry.storageClass: mystorageclass Specify the vSphere storage policy used to provision the volume.
persistence.persistentVolumeClaim.jobservice.storageClass: mystorageclass Specify the vSphere storage policy used to provision the volume.
persistence.persistentVolumeClaim.database.storageClass: mystorageclass Specify the vSphere storage policy used to provision the volume.
persistence.persistentVolumeClaim.redis.storageClass: mystorageclass Specify the vSphere storage policy used to provision the volume.
persistence.persistentVolumeClaim.trivy.storageClass: mystorageclass Specify the vSphere storage policy used to provision the volume.

Harbor Configuration

The Harbor configuration is set in the harbor-data-values.yaml file. The table lists and describes the minimum required fields for deployment.

Property Value Description

hostname

FQDN

The FQDN that you have designated to access the Harbor UI and for referencing the registry in client applications. The domain should be configured in an external DNS server such that it resolves to the Envoy Service IP created by Contour.

tlsCertificate.tlsSecretLabels

{"managed-by": "vmware-vRegistry"}

The certificate that Tanzu Kubernetes Grid uses to install the Harbor CA as a trusted root on Tanzu Kubernetes Grid clusters.

persistence.persistentVolumeClaim.registry.storageClass

A storage policy name.

A storage class that is used for the Harbor registry PVCs.

persistence.persistentVolumeClaim.jobservice.storageClass

A storage policy name.

A storage class that is used for the Harbor jobservice PVCs.

persistence.persistentVolumeClaim.database.storageClass

A storage policy name.

A storage class that is used for the Harbor database PVCs.

persistence.persistentVolumeClaim.redis.storageClass

A storage policy name.

A storage class that is used for the Harbor redis PVCs.

persistence.persistentVolumeClaim.trivy.storageClass

A storage policy name.

A storage class that is used for Harbor trivy PVCs.