Build. Run. Repeat.

Harbor Registry - Automating LDAP/S Configuration - Part 1

2024-11-01 4 min read Cloud Native Harbor Kubernetes Tanzu

The Harbor Registry is involved in many of my Kubernetes implementations in the field, and in almost every implementation I am asked about the options to configure LDAP/S authentication for the registry. Unfortuntely, neither the community Helm chart nor the Tanzu Harbor package provides native inputs for this setup. Fortunately, the Harbor REST API enables LDAP configuration programmatically. Automating this process ensures consistency across environments, faster deployments, and reduced chances of human error.

Continue reading
Ansible Api Authentication Automation Carvel Certmanager Cicd Configuration Containerimageregistry Deployment Docker Harbor Harborregistry Helm Installation Kubernetes Ldap Ldaps Tanzu Terraform Tkg Tls Troubleshooting Upgrade Vmware

Harbor Registry – Automating LDAP/S Configuration – Part 2

2023-01-01 7 min read Cloud Native Harbor Kubernetes Tanzu Terraform

This post continues our two-part series on automating LDAP configuration for Harbor Registry. In the previous post, we demonstrated how to achieve this using Ansible, running externally. However, external automation has its challenges, such as firewall restrictions or limited API access in some cases/environments.

Note: make sure you review the previous post as it provides a lot of additional background and clarifications on this process, LDAPS configuration, and more.

Here, we explore an alternative approach using Terraform, running the automation directly inside the Kubernetes cluster hosting Harbor. This method leverages native Kubernetes scheduling capabilities for running the configuration job in a fully declarative approach and does not require any network access to Harbor from the machine running the job.

Continue reading
Ansible Api Authentication Authorization Automation Configuration Containerimageregistry Deployment Docker Flux Gitops Harbor Harborregistry Hashicorp Helm Iac Installation Kubernetes Ldap Ldaps Logging Networking Security Terraform Tkg Tls Upgrade

Getting Harbor to trust your LDAPS certificate in TKG

2022-08-01 3 min read Cloud Native Harbor Kubernetes Tanzu TKG

In a recent TKG implementation, it was required to configure Harbor with LDAPS rather than LDAP.

I deployed the Harbor package on the TKG shared services cluster and configured LDAP. However, when testing the connection, I received an error message that was not informative at all:

Failed to verify LDAP server with error: error: ldap server network timeout.

Screenshot

Although the error message doesn’t explicitly say there’s a certificate issue and there is nothing in the harbor-core container logs, it immediately made sense to me that the harbor-core container didn’t trust my LDAPS/CA certificate, so I started investigating how the certificate could be injected somehow into Harbor. The Harbor package doesn’t have any input for the LDAPS/CA certificate in its data values file, so I knew I had to create my own YTT overlay.

Continue reading
Api Carvel Certmanager Configuration Database Deployment Docker Harbor Installation Ldap Logging Networking Tanzu Tls Troubleshooting Vmware Ytt

Harbor Registry: is your LDAP user unique?

2022-08-01 2 min read Cloud Native Harbor Kubernetes

A recent project I was working on required granting different levels of permissions for several Active Directory service accounts on Harbor registry so that some can only pull images from the registry, and others can also push, etc.

On the Harbor project, I had the following configuration for my users:

Screenshot

The harbor-group-01 group contains an Active Directory user named harbor-user-01 and harbor-group-02 contains harbor-user-02.

From the command line, I was able to log in to Harbor with harbor-user-01:

Continue reading
Authentication Configuration Database Docker Harbor Ldap Logging Tanzu Troubleshooting
© 2025 Build. Run. Repeat. by Itay Talmi - rss - Credits
Bilberry Hugo Theme