Getting Started
What is Harbor Sync Controller?
Harbor Sync Controller synchronizes Harbor with your Kubernetes cluster. It simplifies the management of robot accounts by automating the process of renewal and distribution of access tokens.
Installation
Prerequisites
Harbor
You need a Harbor deployment and a user with elevated privileges to read all projects and robot accounts: Create a dedicated user with ProjectAdmin permissions. Refer to the official docs about how to set up user authentication and role binding.
Also, check your harbor version. It must be >= 1.8.0. That’s the version that introduced robot accounts. Prior to that version it was not possible to create robot accounts.
Execution Environment
The Controller usually runs in Kubernetes so you need a Kubernetes Cluster, too. Also, you can run this controller in a standalone mode.
Deployment
The following command creates a deployment and the necessary RBAC roles for the controller.
$ wget https://raw.githubusercontent.com/moolen/harbor-sync/master/install/kubernetes/quick-install.yaml
# change environment variables
$ vim quick-install.yaml
$ kubectl create -f quick-install.yamlAlso, take a look at the kustomize setup if you use kustomize. If you prefer to use helm for deployment feel free to contribute a helm chart.
Important Notes
Harbor Sync Controller is stateless. Right now, harbor-sync stores the credentials for the robot accounts in a crd. This is necessary because there is no way to retrieve the token from the harbor API.
You can inspect the robot account credentials using: kubectl get harborrobotaccount.
Next steps
You may want to check out the the Usage Examples or Configuration.