Prerequisites for Harbor integration

You must ensure that the required Kubernetes platform components, storage configuration, object storage, DNS, TLS, and dependency secrets are available before you install DevOps Loop with Harbor integration.

Kubernetes platform components

The Kubernetes cluster must be accessible and configured with the required tooling for deployment. You must ensure that your Kubernetes environment includes the required platform components.

  • Helm and kubectl access is configured.
  • Emissary ingress controller is installed and available.
  • Image pull secrets are configured for required container images.
  • A dedicated namespace for DevOps Loop deployment is available.
  • If you are deploying DevOps Loop on OpenShift, ensure that a cluster administrator is available to configure the required Harbor Security Context Constraints (SCC) before Harbor is enabled.

These components support application deployment, ingress routing, and container image access during installation.

DNS configuration for Harbor

Create a DNS entry for the Harbor endpoint in your DNS provider.

Example values:

  • Name: harbor.<DOMAIN>
  • Type: A or CNAME
  • Value: <IP_ADDRESS or LOAD_BALANCER_ENDPOINT>

Ensure that the DNS record is resolvable from the cluster environment and external clients. This configuration is required for Harbor access and OIDC authentication flows.

TLS configuration for Harbor

Ensure that a valid TLS certificate is available for secure access to Harbor.

The certificate must include the Harbor hostname, for example harbor.<DOMAIN>.

You can use a wildcard certificate such as *.example.com or a SAN certificate that covers both DevOps Loop and Harbor endpoints.

TLS configuration must be compatible with the existing DevOps Loop ingress setup.

Storage configuration for Harbor

You must ensure that the following storage classes are available in the Kubernetes cluster:

  • A ReadWriteOnce (RWO) storage class for standard persistence.
  • A ReadWriteMany (RWX) storage class for Trivy vulnerability scanning.

Verify available storage classes by running the following command:

kubectl get storageclass

The RWX storage class must support shared access across multiple pods and be compatible with Trivy scanning requirements.

Object storage configuration for Harbor

You must ensure that an S3-compatible object storage system is available. Supported storage providers include:

  • AWS S3
  • IBM Cloud Object Storage
  • Google Cloud Storage (HMAC-enabled)
  • MinIO
  • Other S3-compatible storage systems

Ensure that the following configuration values are available:

  • Bucket name
  • Region
  • Endpoint URL
  • Access key
  • Secret key
These values are required for configuring Harbor registry storage.
Note: If you use Google Cloud Storage as the object storage backend, you must configure HMAC keys because Harbor requires S3-compatible authentication. and the gcloud storage buckets update ... --no-uniform-bucket-level-access command.

Harbor dependency secrets

The following secrets are required during Harbor installation:

  • devops-loop-valkey
  • devops-loop-postgresql

These secrets are automatically created during DevOps Loop installation.

The Harbor installation validates the availability of these secrets before it proceeds.

You have prepared all required prerequisites for installing DevOps Loop with Harbor integration.

Next step

You can now proceed with installing DevOps Loop with Harbor integrated. See Installing DevOps Loop with Harbor integration.