In my previous post, Installing Harbor Image Registry to a vSphere 8 with Tanzu Supervisor Cluster, I detailed the steps needed to deploy and use the Image Registry service (Harbor) in a vSphere 8 with Tanzu supervisor cluster. This same Harbor instance can be used in a TKG cluster deployed under the same supervisor cluster. Since a new Harbor project is created automatically for each supervisor namespace, a lot of the work is already done.
You can refer to my other earlier post, Creating a Tanzu Kubernetes cluster in vSphere 8 with Tanzu, for specifics on my TKG cluster.
Switch to the namespace where the TKG cluster is created.
kubectl config use-context tkg2-cluster-namespace
Save the image pull secret created when the namespace was created to a file. The name of this will always start with the name of of the namespace followed by default-image-pull-secret
kubectl get secret -n tkg2-cluster-namespace tkg2-cluster-namespace-default-image-pull-secret -o yaml > tkg2-cluster-namespace-default-image-pull-secret.yaml
apiVersion: v1
data:
.dockerconfigjson: ewoJCQkJImF1dGhzIjogewoJCQkJCSIxMC40MC4xNC42NyI6IHsKCQkJCQkJImF1dGgiOiAiY205aWIzUWtkR3RuTWkxamJIVnpkR1Z5TFc1aGJXVnpjR0ZqWlMxa1pXWmhkV3gwTFhCMWJHd3RjbTlpYjNRNlpYbEthR0pIWTJsUGFVcFRWWHBKTVU1cFNYTkpibEkxWTBOSk5rbHJjRmhXUTBvNUxtVjVTbXhsU0VGcFQycEZNMDVxVVRGTmVrbDZUV3BOYzBsdGJHaGtRMGsyVFZSWk0wOUVSWHBOYWsxNVRYbDNhV0ZZVG5wSmFtOXBZVWRHZVZsdE9YbE1XRkoyWVRKV2RVeFhVbXhhYlVZeFlraFNTbU16VGpGYVdFbHBURU5LY0ZwRFNUWk9VM2RwWTBkc2EwbHFiekJNUTBwb1dUSk9iR016VFdsUGJIUTNTV3hLYkdNeU9URmpiVTVzU1dwdmFVd3pRbmxpTW5Cc1dUTlJkazVET1hsYVdFSjJZekpzTUdJelNqVkphWGRwVVZkT01HRlhPWFZKYW05cFkwaFdjMkpEU1hOSmExWnRXbTFXYW1SRFNUWkphVW81V0Znd0xtNXRTbFpUYkdSSVRrTmtZelpJUVUxZmFFRlVURzVXUlhCTlkxVkNVMEpYUlU1ellrVnZjak13Wm5GRGNXUlVaVzVXYmtaMVYwa3ROSEJuTVVoMVNuTlVUemx4U0U5V05FVXpaalJQWnpSS1oyd3hkRlk1YVdWQlZFaGxhbVUwVkRCa1dsZzVlSFIzUXpKVlVFTXdkRGRqTW1kWmJuWTVhMXBHVEZnME1qbFdha3BTV0hCaVpITmZUakptVGtWU1NGTkJUWFpxZVZKQ1ZqSkhYMk5oVkdWU1pGRjRTME5CVVZaTlVFVnpaVGhGVDIxSlgxVjVTelZuYkVGaFVWRlBOMUJyUWpaNGEydGZPSEZvWm5sWGJWaFlWVWRLU1c4NU4yTjZXVWxRVmw5TWNDMWZiR1Z5U21wT0xXOXlUWGhpUzNGWVVtbFBTblEyV1c1bVlrUkZSazh4YlROUlYzVTNXWGMyTlc5S1FXWkhkR2Q1YVdrM1NsVndPRFZaYUU5V2NsUjFjamczUVhwSk5sUjRXVTFhWVhGM2RFdG5TWEk0WTFaUGVsRjNhSFp3ZFcxdFFURklNRkphYldONGIwbFNWMDVvY2tWcldEaDJNelkzZVVkMFlqWktUbEoyTW5JMFRuRTRVelZvWjJRemJFZERVRWRyUnkxVGQwRXdSVGQxVkZWMlQwaG1aREoxWDBadFYxUkVTRU5rWldwQlpHaElVVXBFWVZGM09HZHBkMVpqTkRjemR6SnRXbnBKWjFCalJtOVpjMHd0V214RlNUTk9iMmRhWkZKbFZVWldlSGxXVjFCaloybHZiVlpvZVdkblgwazBPVTFDV1dSNVdUWkpRamN5VHkxS1JEbEhZMG95UXkxUWVraExNMmxvWmtrMloyOTVhVjlFZGpoU2QyZEJkSEZ0Um04eU1IWkRaV3R2Y0VGVmJ6aGpTVlJ2WTNCM1JtVlJPRkoyZVVoSFZtazVRaloyYjNWeWMzcG5NbXAzVjBSR2EwSXdPVzB6Umt4VFdXazRjVk13TnpCMkxVZFRiRlJaTWxWdmFHNUJSVEpNZFdKWldsOUdXbVF4YWtWd1FVcFhWbk40VTFGeFpUbEZTMHhoWW1GWlYxVkhOekZwVERsaGRuTmtjRkV6WkU5NlJEVm9jaTExYVVsalpITXdWVVZEVjNGTExXNVdhbWhDYVdsTE5HNUxXbkV3ZEhWeiIKCQkJCQl9CgkJCQl9CgkJCX0=
kind: Secret
metadata:
creationTimestamp: "2023-03-06T19:52:03Z"
name: tkg2-cluster-namespace-default-image-pull-secret
namespace: tkg2-cluster-namespace
ownerReferences:
- apiVersion: registryagent.vmware.com/v1alpha1
blockOwnerDeletion: true
controller: true
kind: Project
name: tkg2-cluster-namespace
uid: 054d69fe-5582-4cbe-a194-c4982d41028a
resourceVersion: "256088"
uid: 3ceeba55-f8a1-4265-81f8-24097055e59d
type: kubernetes.io/dockerconfigjson
Edit the tkg2-cluster-namespace-default-image-pull-secret.yaml
file and change namespace: tkg2-cluster-namespace
to namespace: default.
With the file modified, switch to the TKG cluster context and apply the image pull secret definition there.
kubectl config use-context tkg2-cluster-1
kubectl apply -f tkg2-cluster-namespace-default-image-pull-secret.yaml
Note: If you will deploy to a namespace in the TKG cluster other than default, you will need to create the same secret in that namespace (and change the namespace:
value appropriately).
Now, whenever you are creating a deployment that will use an image in your Harbor registry, simply add the following to any pod spec:
imagePullSecrets:
- name: tkg2-cluster-namespace-default-image-pull-secret