Prerequisites for Harbor integration
You must ensure that the required Kubernetes platform components, storage configuration, object storage, DNS, TLS, and dependency secrets are available before you install DevOps Loop with Harbor integration.
Kubernetes platform components
The Kubernetes cluster must be accessible and configured with the required tooling for deployment. You must ensure that your Kubernetes environment includes the required platform components.
- Helm and kubectl access is configured.
- Emissary ingress controller is installed and available.
- Image pull secrets are configured for required container images.
- A dedicated namespace for DevOps Loop deployment is available.
- If you are deploying DevOps Loop on OpenShift, ensure that a cluster administrator is available to configure the required Harbor Security Context Constraints (SCC) before Harbor is enabled.
These components support application deployment, ingress routing, and container image access during installation.
DNS configuration for Harbor
Create a DNS entry for the Harbor endpoint in your DNS provider.
Example values:
- Name:
harbor.<DOMAIN> - Type: A or CNAME
- Value: <IP_ADDRESS or LOAD_BALANCER_ENDPOINT>
Ensure that the DNS record is resolvable from the cluster environment and external clients. This configuration is required for Harbor access and OIDC authentication flows.
TLS configuration for Harbor
Ensure that a valid TLS certificate is available for secure access to Harbor.
The certificate must include the Harbor hostname, for example
harbor.<DOMAIN>.
You can use a wildcard certificate such as *.example.com or a SAN
certificate that covers both DevOps Loop and Harbor endpoints.
TLS configuration must be compatible with the existing DevOps Loop ingress setup.
Storage configuration for Harbor
You must ensure that the following storage classes are available in the Kubernetes cluster:
- A
ReadWriteOnce(RWO) storage class for standard persistence. - A
ReadWriteMany(RWX) storage class for Trivy vulnerability scanning.
Verify available storage classes by running the following command:
kubectl get storageclass
The RWX storage class must support shared access across multiple pods and be compatible with Trivy scanning requirements.
Object storage configuration for Harbor
You must ensure that an S3-compatible object storage system is available. Supported storage providers include:
- AWS S3
- IBM Cloud Object Storage
- Google Cloud Storage (HMAC-enabled)
- MinIO
- Other S3-compatible storage systems
Ensure that the following configuration values are available:
- Bucket name
- Region
- Endpoint URL
- Access key
- Secret key
gcloud storage buckets update ...
--no-uniform-bucket-level-access command.Harbor dependency secrets
The following secrets are required during Harbor installation:
devops-loop-valkeydevops-loop-postgresql
These secrets are automatically created during DevOps Loop installation.
The Harbor installation validates the availability of these secrets before it proceeds.