In this simple example we show what you need at a minimum to get an image on Harbor deployed onto your PKS cluster. First we need the following to be able to run this basic demo
Required Steps
1. PKS installed with Harbor Registry tile added as shown below
2. VMware Harbor Registry integrated with Enterprise PKS as per the link below. The most important step is the one as follows "Import the CA Certificate Used to Sign the Harbor Certificate and Key to BOSH". You must complete that prior to creating a PKS cluster
https://docs.pivotal.io/partners/vmware-harbor/integrating-pks.html
3. A PKS cluster created. You must have completed step #2 before you create the cluster
https://docs.pivotal.io/pks/1-4/create-cluster.html
$ pks cluster oranges
Name: oranges
Plan Name: small
UUID: 21998d0d-b9f8-437c-850c-6ee0ed33d781
Last Action: CREATE
Last Action State: succeeded
Last Action Description: Instance provisioning completed
Kubernetes Master Host: oranges.run.yyyy.bbbb.pivotal.io
Kubernetes Master Port: 8443
Worker Nodes: 4
Kubernetes Master IP(s): 1.1.1.1
Network Profile Name:
4. Docker Desktop Installed on your local machine
Steps
1. First let's log into Harbor and create a new project. Make sure you record your username and password you have assigned for the project. In this example I make the project public.
Details
- Project Name: cto_apj
- Username: pas
- Password: ****
2. Next in order to be able to connect to our registry from our local laptop we will need to install
The VMware Harbor registry isn't running on a public domain, and is using a self-signed certificate. So we need to access this registry with self-signed certificates from my mac osx clients given I am using Docker for Mac. This link shows how to add the self signed certificate to Linux and Mac clients
https://blog.container-solutions.com/adding-self-signed-registry-certs-docker-mac
You can download the self signed cert from Pivotal Ops Manager as sown below
With all that in place a command as follows is all I need to run
$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crt
3. Now lets login to the registry using a command as follows
$ docker login harbor.haas-bbb.yyyy.pivotal.io -u pas
Password:
Login Succeeded
4. Now I have an image sitting on Docker Hub itself so let's tag that and then deploy that to our VMware Harbor registry as shown below
$ docker tag pasapples/customer-api:latest harbor.haas-bbb.yyyy.io/cto_apj/customer-api:latest
$ docker push harbor.haas-bbb.yyyy.io/cto_apj/customer-api:latest
5. Now lets create a new secret for accessing the container registry
$ kubectl create secret docker-registry regcred --docker-server=harbor.haas-bbb.yyyy.io --docker-username=pas --docker-password=**** --docker-email=papicella@pivotal.io
6. Now let's deploy this image to our PKS cluster using a deployment YAML file as follows
customer-api.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: customer-api
spec:
replicas: 1
template:
metadata:
labels:
app: customer-api
spec:
containers:
- name: customer-api
image: harbor.haas-206.pez.pivotal.io/cto_apj/customer-api:latest
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: customer-api-service
labels:
name: customer-api-service
spec:
ports:
- port: 80
targetPort: 8080
protocol: TCP
selector:
app: customer-api
type: LoadBalancer
7. Deploy as follows
$ kubectl create -f customer-api.yaml
8. You should see the POD and SERVICE running as follows
$ kubectl get pods | grep customer-api
customer-api-7b8fcd5778-czh46 1/1 Running 0 58s
$ kubectl get svc | grep customer-api
customer-api-service LoadBalancer 10.100.2.2 10.195.1.1.80.5 80:31156/TCP
More Information
PKS Release Notes 1.4
https://docs.pivotal.io/pks/1-4/release-notes.html
VMware Harbor Registry
https://docs.vmware.com/en/VMware-Enterprise-PKS/1.4/vmware-harbor-registry/GUID-index.html
No comments:
Post a Comment