IMPORTANT: This Harbor Helm Chart repo has been officially moved to https://github.com/goharbor/harbor-helm.
This chart installs Harbor.
- Kubernetes cluster 1.8+ with Beta APIs enabled
- Kubernetes Ingress Controller is enabled
- kubectl CLI 1.8+
- PV provisioner support in the underlying infrastructure
You can use any tools to setup a K8s cluster. In this guide, we use minikube to setup a K8s cluster as the dev/test env.
# Start minikube
minikube start --vm-driver=none
# Enable Ingress Controller
minikube addons enable ingressFirst install Helm CLI, then initialize Helm.
helm init --canary-imageDownload Harbor helm chart code.
git clone https://github.com/jessehu/helm-harbor.git helm-harbor
cd helm-harborIf setting Harbor Registry as insecure-registries for docker, you don't need to generate Root CA and SSL certificate for the Harbor ingress controller.
Install the Harbor helm chart with a release name my-release:
helm install . --debug --name my-release --set externalDomain=harbor.my.domain,insecureRegistry=trueMake sure harbor.my.domain resolves to the K8s Ingress Controller IP on the machines where you run docker or access Harbor UI.
You can add harbor.my.domain and IP mapping in the DNS server, or in /etc/hosts, or use the FQDN harbor.<IP>.xip.io.
Then add "insecure-registries": ["harbor.my.domain"] in the docker daemon config file and restart docker service.
By default this chart will generate a root CA and SSL certificate for your Harbor. You can also use your own CA signed certificate:
open values.yaml, set the value of 'externalDomain' to your Harbor FQDN, and set value of 'tlsCrt', 'tlsKey', 'caCrt'. The common name of the certificate must match your Harbor FQDN.
Install the Harbor helm chart with a release name my-release:
helm install . --debug --name my-releaseFollow the NOTES section in the command output to get Harbor admin password and add Harbor root CA into docker trusted certificates.
The command deploys Harbor on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
To uninstall/delete the my-release deployment:
helm delete my-releaseThe command removes all the Kubernetes components associated with the chart and deletes the release.
The following tables lists the configurable parameters of the Harbor chart and the default values.
| Parameter | Description | Default |
|---|---|---|
| Harbor | ||
harborImageTag |
The tag for Harbor docker images | v1.4.0 |
externalDomain |
Harbor will run on (https://externalDomain/). Make sure this FQDN resolves to the K8s Ingress Controller IP. | harbor.my.domain |
insecureRegistry |
Set to true if setting Harbor Registry as insecure-registries for docker | false |
tlsCrt |
TLS certificate to use for Harbor's https endpoint | auto-generated |
tlsKey |
TLS key to use for Harbor's https endpoint | auto-generated |
caCrt |
CA Cert for self signed TLS cert | auto-generated |
persistence.enabled |
enable persistent data storage | false |
| Adminserver | ||
adminserver.image.repository |
Repository for adminserver image | vmware/harbor-adminserver |
adminserver.image.tag |
Tag for adminserver image | v1.4.0 |
adminserver.image.pullPolicy |
Pull Policy for adminserver image | IfNotPresent |
adminserver.emailHost |
email server | smtp.mydomain.com |
adminserver.emailPort |
email port | 25 |
adminserver.emailUser |
email username | [email protected] |
adminserver.emailSsl |
email uses SSL? | false |
adminserver.emailFrom |
send email from address | admin <[email protected]> |
adminserver.emailIdentity |
"" | |
adminserver.key |
adminsever key | not-a-secure-key |
adminserver.emailPwd |
password for email | not-a-secure-password |
adminserver.harborAdminPassword |
password for admin user | Harbor12345 |
adminserver.resources |
resources to allocate for container | undefined |
adminserver.volumes |
used to create PVCs if persistence is enabled (see instructions in values.yaml) | see values.yaml |
| Jobservice | ||
jobservice.image.repository |
Repository for jobservice image | vmware/harbor-jobservice |
jobservice.image.tag |
Tag for jobservice image | v1.4.0 |
jobservice.image.pullPolicy |
Pull Policy for jobservice image | IfNotPresent |
jobservice.key |
jobservice key | not-a-secure-key |
jobservice.secret |
jobservice secret | not-a-secure-secret |
jobservice.resources |
resources to allocate for container | undefined |
| UI | ||
ui.image.repository |
Repository for ui image | vmware/harbor-ui |
ui.image.tag |
Tag for ui image | v1.4.0 |
ui.image.pullPolicy |
Pull Policy for ui image | IfNotPresent |
ui.key |
ui key | not-a-secure-key |
ui.secret |
ui secret | not-a-secure-secret |
ui.privateKeyPem |
ui private key | see values.yaml |
ui.resources |
resources to allocate for container | undefined |
| MySQL | ||
mysql.image.repository |
Repository for mysql image | vmware/harbor-mysql |
mysql.image.tag |
Tag for mysql image | v1.4.0 |
mysql.image.pullPolicy |
Pull Policy for mysql image | IfNotPresent |
mysql.host |
MySQL Server | ~ |
mysql.port |
MySQL Port | 3306 |
mysql.user |
MySQL Username | root |
mysql.pass |
MySQL Password | registry |
mysql.database |
MySQL Database | registry |
mysql.resources |
resources to allocate for container | undefined |
mysql.volumes |
used to create PVCs if persistence is enabled (see instructions in values.yaml) | see values.yaml |
| Registry | ||
registry.image.repository |
Repository for registry image | vmware/registry-photon |
registry.image.tag |
Tag for registry image | v2.6.2-v1.4.0 |
registry.image.pullPolicy |
Pull Policy for admregistryinserver image | IfNotPresent |
registry.rootCrt |
registry root cert | see values.yaml |
registry.httpSecret |
registry secret | not-a-secure-secret |
registry.resources |
resources to allocate for container | undefined |
registry.volumes |
used to create PVCs if persistence is enabled (see instructions in values.yaml) | see values.yaml |
| Clair | ||
clair.enabled |
Enable clair? | true |
clair.image.repository |
Repository for clair image | vmware/clair-photon |
clair.image.tag |
Tag for clair image | v2.0.1-v1.4.0 |
clair.postgresPassword |
password for clair postgres | see values.yaml |
clair.resources |
resources to allocate for container | undefined |
Specify each parameter using the --set key=value[,key=value] argument to helm install. For example:
helm install --name my-release --set mysql.pass=baconeggs .Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
helm install --name my-release -f /path/to/values.yaml .Tip: You can use the default values.yaml
Harbor stores the data and configurations in emptyDir volumes. You can change the values.yaml to enable persistence and use a PersistentVolumeClaim instead.
"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent