-
Notifications
You must be signed in to change notification settings - Fork 3
Using Harbor with Kubernetes
Here's how to set up VMware Harbor to work with a Kubernetes cluster running on Photon Platform. Harbor is a local registry that stores, protects, and distributes Docker images.
Harbor includes such enterprise features as a web administrative interface, role-based access control, image replication, and Lightwave authentication.
On Photon Platform, Harbor can be deployed on Kubernetes. First, deploy a Harbor cluster. The admin password must contain at least an uppercase letter, a lowercase letter, and a digit.
photon service create --type HARBOR \
--master-ip <HARBOR-STATIC-IP> \
--dns <DNS-IP> --gateway <GATEWAY-IP> --netmask <NETMASK> \
--ssh-key ~/.ssh/id_rsa.pub --admin-password password
Here's an example:
photon service create --type HARBOR
--master-ip 198.51.100.22
--dns 192.0.2.1 --gateway 192.0.2.77 --netmask 255.255.0.0
--ssh-key ~/.ssh/id_rsa.pub --admin-password Secret1!
Second, find the self-signed CA certificate used by Harbor. The photon service cert-to-file
command can loate the self-signed CA certificate. Here's the output of the command's help:
photon service cert-to-file --help
NAME:
photon service cert-to-file - Save the CA Certificate to a file
with the specified path if the certificate exists
USAGE:
photon service cert-to-file cluster-id file_path
DESCRIPTION:
If a cluster has a CA certificate, this extracts it and saves
it to a file. If the specified file path doesn't exist, it will create
a new file with the specified pathThis is useful when using using Harbor,
which uses a self-signed CA certificate. You can extract the CA certificate
with this command, and use it as input when creating a Kubernetes cluster.
And here's an example:
photon service cert-to-file 9c246b84-8362-37e4-af58-35da7332e926 /home/photon/harbor.cert
Third, create a Kubernetes cluster that refers to the Harbor certificate with the registry-ca-cert
option:
photon service create --namen my-cluster --type KUBERNETES \
--master-ip <HARBOR-STATIC-IP> \
--etcd1 <ETCD-STATIC-IP> \
--worker_count 5
--vm_flavor cluster-master-vm
--dns <DNS-IP> --gateway <GATEWAY-IP> --netmask <NETMASK> \
--container-network 10.2.0.0/16 \
--ssh-key ~/.ssh/id_rsa.pub \
--registry-ca-cert /home/photon/harbor.cert
Here's an example:
photon service create --name kube-cluster1 --type KUBERNETES
--master-ip 198.51.100.22
--etcd1 198.51.100.75
--worker_count 5
--vm_flavor cluster-master-vm
--dns 192.0.2.1 --gateway 192.0.2.77 --netmask 255.255.0.0
--container-network 10.2.0.0/16
--ssh-key ~/.ssh/id_rsa.pub
--registry-ca-cert /home/photon/harbor.cert
Finally, you should set up Docker to use the Harbor registry securely. To pull and push images from your workstation or virtual machine, you must first configure Docker. Here's an example of how to do so on a Linux VM running the Docker daemon:
- Make sure the option "-insecure-registry" is not present.
- Copy the ca.crt file from Harbor (see above) to /etc/docker/certs.d/, where is the IP address of your Harbor registry.
Then log into Docker:
docker login -u admin -p <admin_passowrd> http://203.0.113.20
Tag and push your images:
docker tag frontend 203.0.113.56/library/frontend
docker push 203.0.113.56/library/frontend
For instructions on how to set up Docker on a Mac, see the Docker documentation.
- Home
- Installation Guide
- Download Photon Controller
- Release Notes
- User Guide
- Installation and Setup
- Administration and Operations
- Command-Line Cheat Sheet
- Overview of Commands
- Authenticating Multitenant Users and Groups
- Authorization Model
- Connecting to the Load Balancer and Logging In
- Tenants, Quotas, and Projects
- Creating Tenants, Projects, and Quotas
- Working with Tenants
- Creating a Project
- Uploading Images
- Creating Images
- Replicating Images in Datastores
- Creating Flavors
- Working with Virtual Machines
- Using a Photon OS VM
- Creating a Network
- Performing Host Maintenance
- Working with ESXi Hosts
- Configuring Your Own Load Balancer
- Troubleshooting
- Deploying Clusters
- Integration
- API
- Information for Developers
- References
- Legal