Install Harbor Image Registry on Kubernetes / OpenShift using Helm Chart

You can download this article in PDF format to support us through the following link.

Download the guide as a PDF

turn off


Harbor is an open source cloud-native registry for storing, signing, and scanning vulnerabilities in container images. This guide will guide you through the process of installing Harbor Image Registry on Kubernetes / OpenShift with Helm Chart. Some cool features of the Harbor image registry are:

Characteristics of the port registry

  • Multi-tenant support
  • Security and vulnerability analysis support
  • Extensible API and Web UI
  • Content signing and verification
  • Image replication across multiple Harbor instances
  • Identity integration and role-based access control

Helm is a command-line interface (CLI) tool that was created to simplify the process of deploying applications and services to Kubernetes / OpenShift Container Platform clusters. Helm uses a packaging format called charts. Helm charts are a collection of files describing Kubernetes resources.

Step 1: Install Helm 3 on Linux / macOS

Helm distributes a binary application, which means it can be installed on your Linux / macOS computer without dependencies:

--- Linux ---
sudo curl -L -o /usr/local/bin/helm
sudo chmod +x /usr/local/bin/helm

--- macOS ---
sudo curl -L -o /usr/local/bin/helm
sudo chmod +x /usr/local/bin/helm

Check the installed version:

$ helm version
version.BuildInfo{Version:"v3.1+unreleased", GitCommit:"7ebdbb86fca32c77f2fce166f7f9e58ebf7e9946", GitTreeState:"clean", GoVersion:"go1.13.4"}

Step 2: Install Harbor Helm Chart on Kubernetes / OpenShift cluster

The chart is a helmet bag. It contains all the resource definitions needed to run an application, tool or service in a Kubernetes cluster.

Add Harbor Helm repository:

$ helm repo add harbor
"harbor" has been added to your repositories

Update the repository:

$ helm repo update

Configuration chart

The configuration items can be set in the following ways -group Logo during installation or by editing values.yaml straight.

see Harbor Helm configuration page

You can download the default values.yaml file.

vim values.yaml

After the modification is complete, use a custom configuration to install the Harbor rudder diagram.

$ helm install harbor harbor/harbor -f values.yaml -n harbor
NAME: harbor
LAST DEPLOYED: Wed Apr  1 19:20:07 2020
STATUS: deployed
Please wait for several minutes for Harbor deployment to complete.
Then you should be able to visit the Harbor portal at
For more details, please visit

Check the status to confirm that it has been deployed:

$ helm status harbor

Fix Init on OpenShift’s Harbor-harbor-database-0: CrashLoopBackOff

Some container images, for example Postgres with Redis Root access is required, and there are certain expectations about how the volume is owned. We need to relax the security in the cluster so that the image is not forced to run as a pre-assigned UID without giving everyone access. privilege SCC:

Grant access to all authenticated users anyone SCC:

$ oc adm policy add-scc-to-group anyuid system:authenticated

Check the status of your deployment:

$ kubectl get deployments
NAME                          READY   UP-TO-DATE   AVAILABLE   AGE
harbor-harbor-chartmuseum     1/1     1            1           24m
harbor-harbor-clair           1/1     1            1           24m
harbor-harbor-core            1/1     1            1           24m
harbor-harbor-jobservice      1/1     1            1           24m
harbor-harbor-notary-server   1/1     1            1           24m
harbor-harbor-notary-signer   1/1     1            1           24m
harbor-harbor-portal          1/1     1            1           24m
harbor-harbor-registry        1/1     1            1           24m

Check ad status:

$ kubectl get pods
NAME                                           READY   STATUS    RESTARTS   AGE
harbor-harbor-chartmuseum-58f8647f95-mtmmf     1/1     Running   0          5m16s
harbor-harbor-clair-654dcfd8bf-77qs6           2/2     Running   0          5m16s
harbor-harbor-core-5cb85989d6-r7s84            1/1     Running   0          5m16s
harbor-harbor-database-0                       1/1     Running   0          5m33s
harbor-harbor-jobservice-fc54cf784-lv864       1/1     Running   0          5m16s
harbor-harbor-notary-server-65d8fb7c77-xgxvg   1/1     Running   0          5m16s
harbor-harbor-notary-signer-66c9db4cf4-5bwvh   1/1     Running   0          5m16s
harbor-harbor-portal-5cbc6d5897-r5wzh          1/1     Running   0          25m
harbor-harbor-redis-0                          1/1     Running   0          5m16s
harbor-harbor-registry-7ff65976f4-sgnnd        2/2     Running   0          5m16s

Finally, confirm that the service and portal have been created.

$ kubectl get svc
NAME                          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
harbor-harbor-chartmuseum     ClusterIP           80/TCP              26m
harbor-harbor-clair           ClusterIP           8080/TCP            26m
harbor-harbor-core            ClusterIP            80/TCP              26m
harbor-harbor-database        ClusterIP           5432/TCP            26m
harbor-harbor-jobservice      ClusterIP             80/TCP              26m
harbor-harbor-notary-server   ClusterIP           4443/TCP            26m
harbor-harbor-notary-signer   ClusterIP             7899/TCP            26m
harbor-harbor-portal          ClusterIP            80/TCP              26m
harbor-harbor-redis           ClusterIP           6379/TCP            26m
harbor-harbor-registry        ClusterIP           5000/TCP,8080/TCP   26m

$ kubectl get ing
NAME                    HOSTS                                     ADDRESS   PORTS     AGE
harbor-harbor-ingress   core.harbor.domain,notary.harbor.domain             80, 443   26m

Since I am actually doing this deployment on OpenShift, a route will be created.

$ kubectl get route
NAME                          HOST/PORT              PATH          SERVICES                      PORT   TERMINATION     WILDCARD
harbor-harbor-ingress-7f9vg   notary.harbor.domain   /             harbor-harbor-notary-server   4443   edge/Redirect   None
harbor-harbor-ingress-9pvvz   core.harbor.domain     /             harbor-harbor-portal          8080   edge/Redirect   None
harbor-harbor-ingress-d7mcn   core.harbor.domain     /c/           harbor-harbor-core            8080   edge/Redirect   None
harbor-harbor-ingress-gn5w6   core.harbor.domain     /chartrepo/   harbor-harbor-core            8080   edge/Redirect   None
harbor-harbor-ingress-jf48l   core.harbor.domain     /service/     harbor-harbor-core            8080   edge/Redirect   None
harbor-harbor-ingress-lhbx4   core.harbor.domain     /api/         harbor-harbor-core            8080   edge/Redirect   None
harbor-harbor-ingress-vtt8v   core.harbor.domain     /v2/          harbor-harbor-core            8080   edge/Redirect   None

Many persistent volume declarations have also been created. Match the size value you specified.

$ kubectl  get pvc
NAME                                     STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS                AGE
data-harbor-harbor-redis-0               Bound    pvc-1de4a5b2-d55a-48cc-b8b6-1b258214260c   1Gi        RWO            ocs-storagecluster-cephfs   29m
database-data-harbor-harbor-database-0   Bound    pvc-9754adde-e2bd-40ee-b18b-d72eacfdfc12   1Gi        RWO            ocs-storagecluster-cephfs   29m
harbor-harbor-chartmuseum                Bound    pvc-3944fce8-ecee-4bec-b0f6-cc5da3b30572   5Gi        RWO            ocs-storagecluster-cephfs   29m
harbor-harbor-jobservice                 Bound    pvc-5ecf0be4-002c-4628-8dcc-283e996175bc   1Gi        RWO            ocs-storagecluster-cephfs   29m
harbor-harbor-registry                   Bound    pvc-072358e9-06f2-4384-b7d6-88e97eb29499   5Gi        RWO            ocs-storagecluster-cephfs   29m

Step 3: Access the port management dashboard

Use the external domain configured during installation to access the Harbor container registry dashboard.

If you do not change the password, the default login name is:

Username: admin
Password: Harbor12345

After logging in for the first time, please do not forget to change your password.

Similar guidelines:

Use operator to install Project Quay Registry on OpenShift

You can download this article in PDF format to support us through the following link.

Download the guide as a PDF

turn off


Related Posts