Using the vSphere 8 with Tanzu Image Registry service (Harbor) in a TKG cluster

In my previous post, Installing Harbor Image Registry to a vSphere 8 with Tanzu Supervisor Cluster, I detailed the steps needed to deploy and use the Image Registry service (Harbor) in a vSphere 8 with Tanzu supervisor cluster. This same Harbor instance can be used in a TKG cluster deployed under the same supervisor cluster. Since a new Harbor project is created automatically for each supervisor namespace, a lot of the work is already done.

You can refer to my other earlier post, Creating a Tanzu Kubernetes cluster in vSphere 8 with Tanzu, for specifics on my TKG cluster.

Switch to the namespace where the TKG cluster is created.

kubectl config use-context tkg2-cluster-namespace

Save the image pull secret created when the namespace was created to a file. The name of this will always start with the name of of the namespace followed by default-image-pull-secret 

kubectl get secret -n tkg2-cluster-namespace tkg2-cluster-namespace-default-image-pull-secret -o yaml > tkg2-cluster-namespace-default-image-pull-secret.yaml
apiVersion: v1
data:
  .dockerconfigjson: ewoJCQkJImF1dGhzIjogewoJCQkJCSIxMC40MC4xNC42NyI6IHsKCQkJCQkJImF1dGgiOiAiY205aWIzUWtkR3RuTWkxamJIVnpkR1Z5TFc1aGJXVnpjR0ZqWlMxa1pXWmhkV3gwTFhCMWJHd3RjbTlpYjNRNlpYbEthR0pIWTJsUGFVcFRWWHBKTVU1cFNYTkpibEkxWTBOSk5rbHJjRmhXUTBvNUxtVjVTbXhsU0VGcFQycEZNMDVxVVRGTmVrbDZUV3BOYzBsdGJHaGtRMGsyVFZSWk0wOUVSWHBOYWsxNVRYbDNhV0ZZVG5wSmFtOXBZVWRHZVZsdE9YbE1XRkoyWVRKV2RVeFhVbXhhYlVZeFlraFNTbU16VGpGYVdFbHBURU5LY0ZwRFNUWk9VM2RwWTBkc2EwbHFiekJNUTBwb1dUSk9iR016VFdsUGJIUTNTV3hLYkdNeU9URmpiVTVzU1dwdmFVd3pRbmxpTW5Cc1dUTlJkazVET1hsYVdFSjJZekpzTUdJelNqVkphWGRwVVZkT01HRlhPWFZKYW05cFkwaFdjMkpEU1hOSmExWnRXbTFXYW1SRFNUWkphVW81V0Znd0xtNXRTbFpUYkdSSVRrTmtZelpJUVUxZmFFRlVURzVXUlhCTlkxVkNVMEpYUlU1ellrVnZjak13Wm5GRGNXUlVaVzVXYmtaMVYwa3ROSEJuTVVoMVNuTlVUemx4U0U5V05FVXpaalJQWnpSS1oyd3hkRlk1YVdWQlZFaGxhbVUwVkRCa1dsZzVlSFIzUXpKVlVFTXdkRGRqTW1kWmJuWTVhMXBHVEZnME1qbFdha3BTV0hCaVpITmZUakptVGtWU1NGTkJUWFpxZVZKQ1ZqSkhYMk5oVkdWU1pGRjRTME5CVVZaTlVFVnpaVGhGVDIxSlgxVjVTelZuYkVGaFVWRlBOMUJyUWpaNGEydGZPSEZvWm5sWGJWaFlWVWRLU1c4NU4yTjZXVWxRVmw5TWNDMWZiR1Z5U21wT0xXOXlUWGhpUzNGWVVtbFBTblEyV1c1bVlrUkZSazh4YlROUlYzVTNXWGMyTlc5S1FXWkhkR2Q1YVdrM1NsVndPRFZaYUU5V2NsUjFjamczUVhwSk5sUjRXVTFhWVhGM2RFdG5TWEk0WTFaUGVsRjNhSFp3ZFcxdFFURklNRkphYldONGIwbFNWMDVvY2tWcldEaDJNelkzZVVkMFlqWktUbEoyTW5JMFRuRTRVelZvWjJRemJFZERVRWRyUnkxVGQwRXdSVGQxVkZWMlQwaG1aREoxWDBadFYxUkVTRU5rWldwQlpHaElVVXBFWVZGM09HZHBkMVpqTkRjemR6SnRXbnBKWjFCalJtOVpjMHd0V214RlNUTk9iMmRhWkZKbFZVWldlSGxXVjFCaloybHZiVlpvZVdkblgwazBPVTFDV1dSNVdUWkpRamN5VHkxS1JEbEhZMG95UXkxUWVraExNMmxvWmtrMloyOTVhVjlFZGpoU2QyZEJkSEZ0Um04eU1IWkRaV3R2Y0VGVmJ6aGpTVlJ2WTNCM1JtVlJPRkoyZVVoSFZtazVRaloyYjNWeWMzcG5NbXAzVjBSR2EwSXdPVzB6Umt4VFdXazRjVk13TnpCMkxVZFRiRlJaTWxWdmFHNUJSVEpNZFdKWldsOUdXbVF4YWtWd1FVcFhWbk40VTFGeFpUbEZTMHhoWW1GWlYxVkhOekZwVERsaGRuTmtjRkV6WkU5NlJEVm9jaTExYVVsalpITXdWVVZEVjNGTExXNVdhbWhDYVdsTE5HNUxXbkV3ZEhWeiIKCQkJCQl9CgkJCQl9CgkJCX0=
kind: Secret
metadata:
  creationTimestamp: "2023-03-06T19:52:03Z"
  name: tkg2-cluster-namespace-default-image-pull-secret
  namespace: tkg2-cluster-namespace
  ownerReferences:
  - apiVersion: registryagent.vmware.com/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: Project
    name: tkg2-cluster-namespace
    uid: 054d69fe-5582-4cbe-a194-c4982d41028a
  resourceVersion: "256088"
  uid: 3ceeba55-f8a1-4265-81f8-24097055e59d
type: kubernetes.io/dockerconfigjson

Edit the tkg2-cluster-namespace-default-image-pull-secret.yaml file and change namespace: tkg2-cluster-namespace to namespace: default.

With the file modified, switch to the TKG cluster context and apply the image pull secret definition there.

kubectl config use-context tkg2-cluster-1
kubectl apply -f tkg2-cluster-namespace-default-image-pull-secret.yaml

Note: If you will deploy to a namespace in the TKG cluster other than default, you will need to create the same secret in that namespace (and change the namespace: value appropriately).

Now, whenever you are creating a deployment that will use an image in your Harbor registry, simply add the following to any pod spec:


  imagePullSecrets:
  - name: tkg2-cluster-namespace-default-image-pull-secret

Leave a Comment

Your email address will not be published. Required fields are marked *