Install Harbor⚓︎
EPAM Delivery Platform uses Harbor as a storage for application images that are created when building applications.
Inspect the prerequisites and the main steps to perform for enabling Harbor in EDP.
Prerequisites⚓︎
Installation⚓︎
To install Harbor with Helm, follow the steps below:
-
Create a namespace for Harbor:
-
Create a secret for administrator user and registry:
apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: harbor namespace: harbor spec: refreshInterval: 1h secretStoreRef: kind: SecretStore name: aws-parameterstore data: - secretKey: HARBOR_ADMIN_PASSWORD remoteRef: conversionStrategy: Default decodingStrategy: None key: /control-plane/deploy-secrets property: harbor.HARBOR_ADMIN_PASSWORD - secretKey: secretKey remoteRef: conversionStrategy: Default decodingStrategy: None key: /control-plane/deploy-secrets property: harbor.secretKey - secretKey: REGISTRY_HTPASSWD remoteRef: conversionStrategy: Default decodingStrategy: None key: /control-plane/deploy-secrets property: harbor.REGISTRY_HTPASSWD - secretKey: REGISTRY_PASSWD remoteRef: conversionStrategy: Default decodingStrategy: None key: /control-plane/deploy-secrets property: harbor.REGISTRY_PASSWDNote
The
The username must beHARBOR_ADMIN_PASSWORDis the initial password of Harbor admin.
ThesecretKeyis the secret key that is used for encryption. Must be 16 characters long.
TheREGISTRY_PASSWDis Harbor registry password.
TheREGISTRY_HTPASSWDis login and password in htpasswd string format. This value is the string in the password file generated by thehtpasswdcommand where the username isharbor_registry_userand the encryption type isbcrypt.
See the example below:harbor_registry_user. The password must be the value fromREGISTRY_PASSWD. -
Add the Helm Harbor Charts for the local client.
-
Check the parameters in the Harbor installation chart. For details, please refer to the values.yaml file.
-
Install Harbor in the ‹harbor› namespace with the Helm tool.
See the details on the parameters below:
Example values.yaml file
# we use Harbor secret to consolidate all the Harbor secrets existingSecretAdminPassword: harbor existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD existingSecretSecretKey: harbor core: # The XSRF key. Will be generated automatically if it isn't specified xsrfKey: "" jobservice: # Secret is used when job service communicates with other components. # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. secret: "" registry: # Secret is used to secure the upload state from client # and registry storage backend. # If a secret key is not specified, Helm will generate one. # Must be a string of 16 chars. secret: "" credentials: username: harbor_registry_user existingSecret: harbor fullnameOverride: harbor # If Harbor is deployed behind the proxy, set it as the URL of proxy externalURL: https://core.harbor.domain ipFamily: ipv6: enabled: false expose: tls: enabled: false ingress: hosts: core: core.harbor.domain notary: notary.harbor.domain updateStrategy: type: Recreate persistence: persistentVolumeClaim: registry: size: 30Gi jobservice: jobLog: size: 1Gi database: size: 2Gi redis: size: 1Gi trivy: size: 5Gi database: internal: # The initial superuser password for internal database password: "changeit" -
To check if the installation is successful, run the command below:
You can also check ingress endpoints to get Harbor endpoint to enter Harbor UI: