< img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3131724&fmt=gif" />
🚀 KubeSphere v4.1.1 with Pluggable architecture is available now. Read the release notes for v4.1.1 → close
  • English
    • English
    • 简体中文
    1. 1.Create a KubeSphere Cloud account and log in to the platform.
    2. 2.In the upper-right corner, click Console, and then click Lite Cluster on the left.
    3. 3.Create a K8s cluster with KubeSphere installed.
    4. 4.Access KubeSphere with the default account and password (admin/P@88w0rd).
  •  Star
  1. Docs / 
  2. Documentation / 
  3. App Store / 
  4. Built-in Applications / 
  5. Deploy Harbor on KubeSphere

Documentation

Last updated:
    Edit

    Deploy Harbor on KubeSphere

    Harbor is an open-source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted.

    This tutorial walks you through an example of deploying Harbor from the App Store of KubeSphere.

    Prerequisites

    • Please make sure you enable the OpenPitrix system.
    • You need to create a workspace, a project, and a user account for this tutorial. The account needs to be a platform regular user and to be invited as the project operator with the operator role. In this tutorial, you log in as project-regular and work in the project demo-project in the workspace demo-workspace. For more information, see Create Workspaces, Projects, Users and Roles.

    Hands-on Lab

    Step 1: Deploy Harbor from the App Store

    1. On the Overview page of the project demo-project, click App Store in the upper-left corner.

    2. Find Harbor and click Install on the App Information page.

    3. Set a name and select an app version. Make sure Harbor is deployed in demo-project and click Next.

    4. On the App Settings page, edit the configuration file of Harbor. Pay attention to the following fields.

      type: The method you use to access the Harbor Service. This example uses nodePort.

      tls: Specify whether you want to enable HTTPS. Set it to false for most cases.

      externalURL: The URL exposed to tenants.

      Note

      • Don't forget to specify externalURL. This field can be very helpful if you have trouble accessing Harbor.

      • Make sure you use the HTTP protocol and its corresponding nodePort in this tutorial. For more information, see the example configuration in FAQ.

      When you finish editing the configuration, click Install to continue.

    5. Wait until Harbor is up and running.

    Step 2: Access Harbor

    1. Based on the field expose.type you set in the configuration file, the access method may be different. As this example uses nodePort to access Harbor, visit http://<NodeIP>:30002 as set in the previous step.

      harbor-login

      Note

      You may need to open the port in your security groups and configure related port forwarding rules depending on your where your Kubernetes cluster is deployed.

    2. Log in to Harbor using the default account and password (admin/Harbor12345). The password is defined in the field harborAdminPassword in the configuration file.

      harbor-dashboard

    FAQ

    1. How to enable HTTP login?

      Set tls.enabled to false in step 1 above. The protocol of externalURL must be the same as expose.nodePort.ports.

      If you use Docker login, set externalURL to one of insecure-registries in daemon.json, then reload Docker.

      Here is an example configuration file for your reference. Pay special attention to the comments.

      ## NOTICE 192.168.0.9 is the example IP address and you must use your own.
expose:
  type: nodePort
  tls:
    enabled: false
    secretName: ""
    notarySecretName: ""
    commonName: "192.168.0.9"  # Change commonName to your own.
  nodePort:
    # The name of NodePort service
    name: harbor
    ports:
      http:
        # The service port Harbor listens on when serving with HTTP
        port: 80
        # The node port Harbor listens on when serving with HTTP
        nodePort: 30002
      https:
        # The service port Harbor listens on when serving with HTTPS
        port: 443
        # The node port Harbor listens on when serving with HTTPS
        nodePort: 30003
      # Only needed when notary.enabled is set to true
      notary:
        # The service port Notary listens on
        port: 4443
        # The node port Notary listens on
        nodePort: 30004

externalURL: http://192.168.0.9:30002 # Use your own IP address.

# The initial password of Harbor admin. Change it from portal after launching Harbor
harborAdminPassword: "Harbor12345"
# The secret key used for encryption. Must be a string of 16 chars.
secretKey: "not-a-secure-key"

    2. How to enable HTTPS login?

      a. Use self-signed certificates.

      • Set tls.enabled to true in the configuration file in step 1, and edit externalURL accordingly.
      • Copy the CA certificates stored in the Pod harbor-core 's /etc/core/ca to your host.
      • Trust the CA certificates by your host first, then restart Docker.

      b. Use public SSL.

      • Add certificates as a Secret.
      • Set tls.enabled to true in the configuration file in step 1, and edit externalURL accordingly.
      • Edit tls.secretName.

    For more information, see the documentation of Harbor.

    Receive the latest news, articles and updates from KubeSphere


    Thanks for the feedback. If you have a specific question about how to use KubeSphere, ask it on Slack. Open an issue in the GitHub repo if you want to report a problem or suggest an improvement.

    Previous : Deploy etcd on KubeSphere
    What’s on this Page