Installing DevOps Loop with Harbor integration
You can configure Harbor as an integrated capability during DevOps Loop installation to provide container image storage, vulnerability scanning, and image management capabilities.
Ensure that you have completed the prerequisites described in Prerequisites for Harbor integration.
-
Create the object storage secret.
kubectl create secret generic harbor-s3-secret \ -n devops-loop \ --from-literal=accesskey='<ACCESS_KEY>' \ --from-literal=secretkey='<SECRET_KEY>'Verify that the secret is created:
kubectl get secret harbor-s3-secret -n devops-loop - Optional:
Configure MinIO if you use MinIO as the object storage provider.
- Install MinIO.
- Create a bucket, for example
loopharbor. - Ensure that the bucket is accessible.
If you deploy DevOps Loop in an air-gapped environment, ensure that the required container images are available in your internal registry before you install Harbor. After the installation is complete, you can bootstrap commonly used images into Harbor by using the bootstrap script.
-
Set the following parameter to configure harbor with DevOps Loop:
Enable or disable Harbor:
HARBOR_ENABLED=true HARBOR_S3_BUCKET=<BUCKET_NAME> HARBOR_S3_REGION=<REGION> HARBOR_S3_ENDPOINT=<S3_ENDPOINT> HARBOR_TRIVY_STORAGE_CLASS=<RWX_STORAGE_CLASS>Optional parameter:
HARBOR_OIDC_ADMIN_GROUP=<group-name>Default admin group:
harbor-admins.Note: You can customise the harbor admin group name in the optional parameter in case, the group name is not provided during the installation, the group will be created with the default name harbor-admins. Users who require Harbor system administrator access must be members of that Keycloak group. -
Optional: Perform the following steps to configure the Harbor Security
Context Constraints (SCC) if you are installing DevOps Loop on OpenShift:
- Apply the Harbor SCC that is provided with the
installation.
scripts/harbor/openshift/harbor-scc.yaml - Run the helper script to apply the SCC and bind it to the Harbor service
account:
scripts/harbor/openshift/apply-harbor-scc.sh \ --namespace devops-loop \ --service-account harbor \ --scc-name harbor-uid-10000-devops-loop
The Harbor SCC is not installed automatically by Helm because it is stored under scripts/harbor/openshift/ rather than the Helm templates/ directory. Before Harbor is enabled, the installer verifies that the SCC exists and is correctly bound to the Harbor service account.Note: Ifhttps://harbor.<DOMAIN>is not resolvable in your OpenShift environment, setHARBOR_EXTERNAL_URLto a DNS-resolvable OpenShift router wildcard URL. - Apply the Harbor SCC that is provided with the
installation.
-
Run the installation script in the Helm README for installing DevOps Loop.
For example:
bash <Install-script>.shThe installer performs:
- DevOps Loop deployment.
- Validates prerequisites.
- Validates secrets.
- Installs Harbor when enabled.
- Configures OIDC.
- Configures ingress and HTTPS.
Note: WhenHARBOR_ENABLED=true, the installer uses a two-phase Helm installation process. The Helm release history can show an initial revision with an Install status and a later revision with an Upgrade status. This behavior is expected. -
Run the following command to verify that the Harbor pods are running
kubectl get pods -n devops-loop | grep harborExpected components:
harbor-coreharbor-jobserviceharbor-nginxharbor-portalharbor-registryharbor-trivy
To access Harbor from the DevOps Loop, see Accessing Harbor from DevOps Loop.
To import images into Harbor, see Importing and validating images in Harbor registry.