Harbor is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud native compute platforms like Kubernetes and Docker.
This article is about how to use Pulumi, kubernetes (K8S) provider, Helm Chart and TypeScript SDK to deploy Harbor within Kubernetes (K8S).
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications.
See Getting started | Kubernetes - https://kubernetes.io/docs/setup/ to leanr more.
Pulumi is a modern infrastructure-as-code platform that allows you to use common programming languages, tools, and frameworks, to provision, update, and manage cloud infrastructure resources.
Install the Pulumi - https://www.pulumi.com/ CLI.
Mac OS X
brew install pulumi
See Download and Install | Pulumi - https://www.pulumi.com/docs/get-started/install/ to learn more about others OS.
Install Node.js - https://nodejs.org/en/ CLI.
Mac OS X
brew install node
See Node.js - https://nodejs.org/en/ to learn more about others OS.
Create the workspace directory.
mkdir -p col-example-pulumi-typescript-harbor
Pulumi login into local file system.
pulumi login file://.
Pulumi new a project with kubernetes-typescript SDK.
pulumi new kubernetes-typescript
The above command will create some files within the current directory.
tree . -L 1
js-yaml package to load and parse yaml file.
npm i js-yaml
By default, Pulumi will look for a kubeconfig file in the following locations, just like kubectl:
The environment variable:
Or in current user’s default kubeconfig directory:
If the kubeconfig file is not in either of these locations, Pulumi will not find it, and it will fail to authenticate against the cluster. Set one of these locations to a valid kubeconfig file, if you have not done so already.
Edit values.yaml and replace content within
See and modify main.ts file.
Run pulumi up to create the namespace and pods.
See pods about harbor.
kubectl get pods -n harbor
Destroy all resources created by Pulumi.
Use SelfSigned or other Certification
First, create a Kubernetes Secret from your certificate,
kubectl create secret tls my-tls-secret \
Then, edit values.yaml and replace content within