
Trying out VMWare's Harbour registry server for first time and trying it as a deployment on new Kubernetes cluster.

Having followed the Harbor on Kubernetes guide, all Harbor resources get applied on the k8s cluster and can be seen running okay. However, I am currently unable to access the Harbor ui from a web browser (I just get "Unable to connect" back). It is my guess that security was not setup properly and something is missing or in the wrong place?

The make/harbor.cfg file is configured with:

hostname = k8s-dp-2 # This is the worker node on which Harbor is running..

ui_url_protocol = https

ssl_cert = /path/to/cert/on/host/harbor.crt

ssl_cert_key = /path/to/cert/on/host/harbor.key

secretkey_path = /data

I am assuming that the path to the certs above are the path on the host from which the python script will grab the files to then do the YAML builds?

---- UPDATE ---

After advice given in comments, I have now configured an nginx ingress controller in the k8s cluster. After adding in this ingress controller, I have updated the Harbor config to use http and no longer https since the https part should now be taken care of by the nginx ingress controller. With these config changes now in place however, I am still unable to get to the Harbor service via https but I am now able to get to the Harbor service by calling it via the kubernetes cluster's http port. See tests below

# kubectl get svc -n=nginx-ingress NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE nginx-ingress NodePort <none> 80:31819/TCP,443:30435/TCP 20h

Test Call 1:

$ curl https://k8s-dp-2/
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) Failed to connect to k8s-dp-2 port 443: Connection refused

Test Call 2:

$ curl https://k8s-dp-2:30435/
curl: (60) SSL certificate problem: self signed certificate
Test Call 3:

$ curl http://k8s-dp-2/
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) Failed to connect to k8s-dp-2 port 80: Connection refused

Test Call 4:

$ curl http://k8s-dp-2:31819/
100   810  100   810    0     0  12857      0 --:--:-- --:--:-- --:--:-- 12857<!doctype html>

    <meta charset="utf-8">
    <base href="/">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link rel="icon" type="image/x-icon" href="favicon.ico?v=2">

<body style="overflow-y: hidden;">
I don't know harbor, but having a quick look at the tutorial it looks like it's using an ingress resource to expose its services. Do you have an ingress controller deployed in your cluster? Maybe you could clarify how you deployed your cluster and how it is composed.whites11
@whites11, Yes, the ingress resource is running on k8s-dp-2. It shows it when I do: kubectl get ing.Going Bananas
There is a huge difference between an ingress resouce (which by the way does not "run" anything) and an ingress controller. An ingress controller is basically a reverse proxy that forwards external requests to your k8s services, based on rules specified in ingress resources. So once again, do you have an ingress controller in your cluster? (read here for more details kubernetes.io/docs/concepts/services-networking/ingress )whites11
Oh, in that case, no I don't. I've setup this k8s cluster on VMs solely to test Harbor in Kubernetes so nothing other than what Harbor Yamls created is on this custer. I'll have a read on the link you sent.Going Bananas
@whites11, I have now got an nginx ingress controller running in the cluster but the behaviour has not changed. However, I do see a log in the ingress controller associated with the harbor ingress Event(v1.ObjectReference{Kind:"Ingress", Namespace:"default", Name:"harbor", UID:"7c601883-22b7-11e8-85df-080027c8e7b8", APIVersion:"extensions", ResourceVersion:"16361", FieldPath:""}): type: 'Normal' reason: 'AddedOrUpdated' Configuration for default/harbor was added or updated. But I don't know where else to look from here...Going Bananas

After trying various different configurations, the YAML configurations posted below are what worked for me:

Ingress Conroller YAML:

apiVersion: extensions/v1beta1
kind: Deployment
  name: nginx-ingress-controller
  namespace: ingress-nginx
  replicas: 1
      app: ingress-nginx
        app: ingress-nginx
        prometheus.io/port: '10254'
        prometheus.io/scrape: 'true'
      serviceAccountName: nginx-ingress-serviceaccount
        - name: nginx-ingress-controller
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.11.0
            - /nginx-ingress-controller
            - --default-backend-service=$(POD_NAMESPACE)/default-http-backend
            - --default-ssl-certificate=$(POD_NAMESPACE)/default-tls-secret
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
            - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
            - --annotations-prefix=nginx.ingress.kubernetes.io
            - name: POD_NAME
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
                  fieldPath: metadata.namespace
          - name: http
            containerPort: 80
          - name: https
            containerPort: 443
            failureThreshold: 3
              path: /healthz
              port: 10254
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
            failureThreshold: 3
              path: /healthz
              port: 10254
              scheme: HTTP
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1

Ingress YAML:

apiVersion: extensions/v1beta1
kind: Ingress
  name: harbor
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-redirect: "false"
  - hosts:
    - k8s-dp-2
  - host: k8s-dp-2
      - path: /
          serviceName: ui
          servicePort: 80
      - path: /v2
          serviceName: registry
          servicePort: repo
      - path: /service
          serviceName: ui
          servicePort: 80

Service YAML:

apiVersion: v1
kind: Service
  name: ui
    - port: 80
    name: ui-apps

Getting to a working solution was not straightforward however. Had to learn a lot about ingress controllers, ingresses, etc. Also I was initially mixing configurations from two different nginx ingress controller images that work differently (The configs below work with quay.io's nginx ingress controller). Also, for a reason which I still don't properly understand, the final configuration only started working after a full reboot of the k8s nodes involved.