Harbor

If you have not already done so, make sure your cluster meets the package prerequisites. Be sure to refer to the troubleshooting guide in the event of a problem.

Install

1. Set the KUBECONFIG environment variable to use the config of the management cluster

   export KUBECONFIG=<path to management cluster kubeconfig>
   

2. Generate the package configuration

   eksctl anywhere generate package harbor --cluster <cluster-name> > harbor.yaml
   

3. Add the desired configuration to harbor.yaml

   Please see complete configuration options for all configuration options and their default values.

   Important

   • All configuration options are listed in dot notations (e.g., expose.tls.enabled) in the doc, but they have to be transformed to hierachical structures when specified in the config section in the YAML spec.
   • Harbor web portal is exposed through NodePort by default, and its default port number is 30003 with TLS enabled and 30002 with TLS disabled.
   • TLS is enabled by default for connections to Harbor web portal, and a secret resource named harbor-tls-secret is required for that purpose. It can be provisioned through cert-manager or manually with the following command using self-signed certificate:

     kubectl create secret tls harbor-tls-secret --cert=[path to certificate file] --key=[path to key file] -n eksa-packages
     

   • secretKey has to be set as a string of 16 characters for encryption.

   TLS example with auto certificate generation

   apiVersion: packages.eks.amazonaws.com/v1alpha1
   kind: Package
   metadata:
      name: my-harbor
      namespace: eksa-packages-<cluster-name>
   spec:
      packageName: harbor
      config: |-
         secretKey: "use-a-secret-key"
         externalURL: https://harbor.eksa.demo:30003
         expose:
            tls:
               certSource: auto
               auto:
                  commonName: "harbor.eksa.demo"      
   

   Non-TLS example

   apiVersion: packages.eks.amazonaws.com/v1alpha1
   kind: Package
   metadata:
      name: my-harbor
      namespace: eksa-packages-<cluster-name>
   spec:
      packageName: harbor
      config: |-
         secretKey: "use-a-secret-key"
         externalURL: http://harbor.eksa.demo:30002
         expose:
            tls:
               enabled: false      
   

4. Install Harbor

   eksctl anywhere create packages -f harbor.yaml
   

5. Check Harbor

   eksctl anywhere get packages --cluster <cluster-name>
   

   Example command output

   NAME        PACKAGE   AGE     STATE       CURRENTVERSION             TARGETVERSION        DETAIL
   my-harbor   harbor    5m34s   installed   v2.5.1                     v2.5.1 (latest)
   

   Harbor web portal is accessible at whatever externalURL is set to. See complete configuration options for all default values.

   

Update

To update package configuration, update harbor.yaml file, and run the following command:

eksctl anywhere apply package -f harbor.yaml

Upgrade

1. Verify a new bundle is available

   eksctl anywhere get packagebundle
   

   Example command output

   NAME         VERSION   STATE
   v1.25-120    1.25      active (upgrade available)
   v1.26-120    1.26      inactive
   

2. Upgrade Harbor

   eksctl anywhere upgrade packages --bundle-version v1.26-120
   

3. Check Harbor

   eksctl anywhere get packages --cluster <cluster-name>
   

   Example command output

   NAME        PACKAGE   AGE     STATE       CURRENTVERSION             TARGETVERSION        DETAIL
   my-harbor   Harbor    14m     installed   v2.7.1                     v2.7.1 (latest)
   

Uninstall

1. Uninstall Harbor

   Important

   • By default, PVCs created for jobservice and registry are not removed during a package delete operation, which can be changed by leaving persistence.resourcePolicy empty.

   eksctl anywhere delete package --cluster <cluster-name> my-harbor