To support the development (ref. Processor Development Environment) and deployment/execution (ref. ADES) of user-defined applications, we deploy a container registry to host container images. This is provied by a deployment of the Harbor artefact repository.
Harbor is deployed via the
harbor helm chart from the Harbor Helm Chart Repository.
helm install --values harbor-values.yaml harbor harbor --repo https://helm.goharbor.io
The chart is configured via values that are fully documented on the Harbor website.
expose: ingress: annotations: kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-production nginx.ingress.kubernetes.io/proxy-read-timeout: '600' # from chart: ingress.kubernetes.io/ssl-redirect: letsencrypt-production ingress.kubernetes.io/proxy-body-size: "0" nginx.ingress.kubernetes.io/ssl-redirect: letsencrypt-production nginx.ingress.kubernetes.io/proxy-body-size: "0" hosts: core: harbor.192.168.49.2.nip.io notary: harbor-notary.192.168.49.2.nip.io persistence: persistentVolumeClaim: registry: storageClass: standard chartmuseum: storageClass: standard jobservice: storageClass: standard database: storageClass: standard redis: storageClass: standard trivy: storageClass: standard externalURL: https://harbor.192.168.49.2.nip.io # initial password for logging in with user "admin" harborAdminPassword: "changeme" chartmuseum: enabled: false trivy: enabled: false notary: enabled: false
- We specify use of ‘valid’ certificates from Letsencrypt ‘production’. The Workspace API, which calls the Harbor API, expects valid certificates and will thus fail if presented with TLS certificates that fail validation.
letsencrypt-productionCluster Issuer relies upon the deployment being accessible from the public internet via the
expose.ingress.hosts.coreDNS name. If this is not the case, e.g. for a local minikube deployment in which this is unlikely to be so. In this case the TLS will fall-back to the self-signed certificate built-in to the nginx ingress controller. The Workspace API will not like this.
Container Registry Usage⚓︎
After deployemnt Harbor is accessible via its web interface at
Login as the admin user with the password specified in the helm values.
Additional information regarding the Container Registry can be found at: