This Harbor deployment is configured for the Kubefirst GitOps catalog with:

• HTTPS ingress at harbor.<DOMAIN_NAME>
• External secrets integration with Vault
• Persistent storage for all components
• Trivy vulnerability scanning enabled

Before deploying Harbor, configure the following secrets need to be in Vault:

vault kv put secret/harbor \
  HARBOR_ADMIN_PASSWORD="your-secure-admin-password" \
  POSTGRES_PASSWORD="your-secure-db-password" \
  REDIS_PASSWORD="your-secure-redis-password"

These are configured as secret inputs and will be added to vault automatically, and pulled into your Harbor instand correctly.

Harbor automatically generates the required private key for its token service during deployment. This ensures Docker authentication works properly without storing any sensitive keys in Git.

• Core: Harbor's main API server
• Portal: Web UI
• Registry: Docker registry
• Database: PostgreSQL (internal)
• Redis: Cache and session storage (internal)
• Trivy: Vulnerability scanner
• Jobservice: Background job processing

Check component logs:

kubectl logs -n harbor -l component=core
kubectl logs -n harbor -l component=registry
kubectl logs -n harbor -l component=jobservice

Verify all secrets are created:

kubectl get secrets -n harbor

The deployment should create:

• harbor-admin-secret - Admin credentials (from Vault)
• harbor-database-secret - PostgreSQL password (from Vault)
• harbor-redis-secret - Redis password (from Vault)
• harbor-core - Core component secrets including token signing keys (auto-generated by Harbor)