►
From YouTube: TGI Kubernetes 138: Harbor
Description
Come hang out with Tiffany Jernigan and Paul Czarkowski as they explore Harbor! As usually we'll talk about what's going on in the cloud native space, then transition to Harbor..
00:00:00 - Welcome to TGIK!
00:03:40 - Week in Review
00:21:00 - Installing Harbor
00:38:51 - Harbor Achitecture
00:44:29 - Vulnerability Scanning
00:48:30 - Creating a new Project / Repository
00:50:23 - Create robot account & kubernetes pull secret
01:07:20 - Uploading and Sharing Helm Charts
01:23:43 - Proxying through to dockerhub
01:35:55 - Replicating from another Harbor
01:50:00 - Wrapup
tanzu/tgik/tree/master/episodes/138
A
You've
been
a
you've
been
a
long
time,
troll
first
time,
caller
yeah,
basically
exactly
that,
basically
all
right
well,
this
is
only
my
second
time
hosting,
so
I'm
not
exactly
a
veteran
myself
but
welcome
everybody.
We
are
so
we're
both
pretty
new
to
this
and
we
are
trying
to
do
a
dual
stream.
So
if
we
have
weird
technical
difficulties,
please
bear
with
us,
but
I'm
already
seeing
people
saying
they
can
hear
us.
That
is
a
that
is
a
good
start.
A
B
A
I
kind
of
miss
referring
to
places
by
their
airport
codes.
Now
I'm
not
really
traveling.
I
don't
really
do
that
anymore.
Riv
from
boston,
hey
how's,
it
going
michael,
michael,
the
very
famous
michael
michael.
He
says
that
he
can
hear
us.
So
that's
always
good
walid,
hey
how's!
It
going
you're
a
regular
as
well
juka
from
helsinki,
wow
and
there's
a
tasha
eisenberg.
Do
we
know
it
tasha
eisenberg
tiffany.
B
A
A
A
So
we've
got
a
as
usual
a
pretty
international
audience,
thanks
to
all
the
folks
in
far
off
time,
zones
that
are
either
up
late
at
night
or
very
early
in
the
morning.
We're
very
grateful
took
the
time
to
join
us
tiffany
and
I
are
going
to
be
doing
an
episode
on
harbor.
It
has
been
a
long
long
time
requested
sitting
in
the
backlog,
and
I
guess
maybe
because
it's
kind
of
a
project
that's
been
out
of
vmware.
A
We
sort
of
have
taken
a
little
bit
for
granted
in
tgik.
So
I'm
glad
we're
actually
getting
up
in
front
of
folks
and
we're
gonna
go
through
it.
Tiffany
you're
sharing
your
screen,
so
you
are
in
control
of
where
we're
at,
but
we're
at
the
notes
page.
So
maybe,
let's
have
a
look
at
our
our
news
and
review
our
week
in
review.
I
should
say.
B
Yep
so
first,
let's
take
a
look
at
the
things
for
core
kubernetes.
So,
as
some
of
you
may
know
or
may
not,
kubernetes
is
now
moving
to
three
releases
per
year
and
you
can
actually
add
some
your
input
on
that.
If
my
internet
would
go
there,
we
go
so
basically
as
just
a
open
issue
and
describes
everything,
that's
kind
of
happening
there,
lots
of
votes,
and
if
you
want
to
comment,
you
can
be
one
of
the
people
here
at
your
comments
or
ad,
whether
thumbs,
ups
etc.
A
By
the
way,
folks,
if
you
like
to
play
the
tgik
drinking
game,
we
no
longer
get
to
drink
every
time,
duffy
jangles
his
keys
or
coins,
or
whatever
it
was,
but
you
can
definitely
take
a
drink
every
time.
Tiffany
complains
about
the
slow
speed
of
her
internet
or
her
computer
and
you'll
probably
get
quite
drunk
by
the
end
of
the
year.
B
B
A
A
I
actually
had
to
look
it
up
on
the
the
wikipedia
earlier
when
I
saw
this
because
it
looked
familiar,
but
I
couldn't
remember
it
and
at
first
I
thought
we
were
getting
sftp
support
and
I
was
very
concerned
about
what
we
were
doing.
I
thought
maybe
we're
gonna
get
like
a
storage
storage
class
or
something
based
on
ftp,
and
I
don't
think
I
would
have
liked
that
nearly
as
much
but
yeah
so
sctp.
I
think
we've
got
a
link
to
say
what
scp
sctp
is.
A
I
can't
even
I
can't
even
say
the
initials,
so
good
luck
actually
knowing
what
it
is
but
we're
bringing
this
in,
and
so
I
think
this
will
allow
like
load
balance
load
balances
in
kubernetes
to
support
doing
the
load
balancing
for
the
networking
yeah.
So
there
is
that
what
else
have
we
got
on
there?
Tiffany.
B
B
A
C
A
Csi
drivers
will
support
volume
expansion
because
that's
something
we've
been
doing
with
our
our
sands
and
our
nasa's
for
a
long
time.
So
I
would
assume
that
all
the
major
clouds
will
provide
it
and
most
of
the
like
in
data
center
providers
will
support
it.
So
that's
that's
a
good
thing.
I
wonder.
Is
it
a
oh?
It's
an
auto
resizer.
So
I
wonder
if
you
set
like
a
maximum
and
minimum,
does
it
have
anything
about
the
spec
in
the.
C
C
A
A
A
A
A
C
A
A
C
A
C
A
B
A
A
Oh
yeah,
so
there's
been
a
lot
of
activity
in
the
helm
community
recently
trying
to
figure
out
like
these
we
announced
we
were
going
to
decorate
use.
My
use
my
words
we're
going
to
deprecate
the
community
repos
in
about
a
year
ago.
So
it's
been
about
12
months
and
the
main
reason
was
that
the
drain
and
burnout
on
the
chart
maintainers
trying
to
keep
up
with
the
the
charts
and
updates
of
the
charts.
A
You
know
there
was
three
or
400
charts,
some
of
which
were
very
active
and
some
of
which
were
very
large,
and
it
just
meant
that,
like
the
chart,
maintainers
were
just
constantly
triaging
the
the
charts
and
didn't
really
have
a
great
time,
and
so
we
sort
of
made
the
decision.
We
were
going
to
decentralize
it
and
we
also
got
the
artifact
hub
recently,
which
made
it
a
lot
easier
for
us
to
decentralize.
A
But,
of
course,
if
you
are
using
the
helm
chart
repositories,
your
best
bet
is
to
go
to
the
artifact
hub
and
look
for
who
now
owns
the
non-deprecated
version
of
that
chart.
So
a
lot
of
charts
have
gone
to
whoever
owns
it
and
then,
of
course,
we
have
bitnami
and
other
folks
that
are
hosting
some
really
great
sets
of
curated
charts
and
so
before
you
just
switch
to
using
the
read-only
replicas.
I
highly
recommend
seeing
if
you
can
switch
to
like
nginx,
is
now
hosting
their
own
charts,
etc.
A
So
yeah,
I
think,
that's
probably
all
of
the
helm
stuff
pretty
important,
because
it
is
widely
used
at
a
lot
of
companies
and
it's
been
hard
to
really
get
the
word
out
about
the
upcoming
deprecation
and
we're
trying
the
helm
community
is
trying
their
best
to
have
it
not
be
a
huge
surprise,
so
yeah
that
is,
that
is
our
helm
stuff.
What
else
have
we
got
on
that
list?.
A
A
A
B
A
A
B
A
B
A
But
there's
not
a
ton
of
differences,
so
we
should
be.
We
should
be
good
and
I
just
thought
we
could
have
this
here
in
case
we
needed
to
look
at
the
actual
like
how
all
the
components
work
together,
but
tiffany
do
you
want
to
just.
I
guess
maybe
take
us
through
like
a
basic
introduction.
What
harbor
is
what
problem
it's
trying
to
solve.
B
C
B
B
You
can
also
have
like
your
private
and
public
registries,
there's
the
idea
of
how
you
can
have
different
projects
within
it
and
kind
of
separate
things
out.
A
bit
more
versus
like
if
with
docker,
there's
one
single
place
that
you're
pushing
everything
into,
is
there
anything
else
that
you
think
should
be
added?
To
that
I
mean.
A
I
think
that
gets
that
gets
a
bunch
of
it.
I
I
guess
I
would
probably
add
that
it
does
kind
of
target
the
enterprise
use
case
and
therefore
it
does
support
things
like
replication
and
actually,
while
it
just
mentioned
it,
things
like
replication,
proxying
and
mirroring,
I
also
is-
has
really
strong
support
for
like
external
authentication.
A
So
if
you
want
to
back
your
authentication
to
your
like
ldap
or
active
directory,
you
can
do
that
if
you
want
to
back
it
against
your
like
an
an
oidc
slash,
oauth
server
like
you
could
back
it
against
like
github
auth
or
google
auth.
If
you
wanted,
and
so
that's
that's
super
appealing
and
I've
used
that
before,
and
it
works
really
well
and
actually
marcos
brings
up
a
really
good
point,
and
actually
it's
really
timely.
A
Nice
and
ansel
says
he's
using
harbor
as
a
proxy
in
his
home
lab.
That's
a
great
idea.
You
know:
saving
saving
your
internet
data,
if
you
don't
especially,
if
you
don't
have
high
speed
internet
or
you
have
meted
internet
and
some
isp
is
charging
you,
you
know
extra
extra
gigabits
or
gigabytes
or
giga
dollars,
maybe
for
all
these
docker
pools,
you're
doing.
A
Immanuel
asks:
is
there
any
plan
to
enable
the
pull
cash
proxy
service
without
running
two
instances
of
harbor,
I'm
not
actually
sure,
but
I
do
know
we
have
some
folks
from
the
harbour
project
in
chat.
So
hopefully
one
of
them
can
speak
up
and
answer
some
of
the
more
specific,
deeper
harbour
questions
and
alex
indeed
has
said.
We
only
need
one
instance
and
michael
michael's
replying
with
the
same
thing
cool.
Does
it
support
arm?
I
I
don't
know
I
I
guess
it
would.
If
the
images
have
been
built
for
arm.
A
B
A
A
A
C
B
A
It
doesn't
make
a
lot
of
sense
for
harbor
to
try
and
run
h.a
postgres
and
h.a
redis,
because
you'd
end
up
with
like
very
complex
helm,
charts
and
then,
of
course,
using
pvcs
for
storage
for
any
of
the
harbour
bits
using
object.
Storage
for
the
actual
artifacts
is
all
going
to
help
you
get
to
and
then
once
you've
done
that,
like
the
various
components
like
you
can
run
multiple
clear
pods,
you
can
run
multiple
of
the
core,
which
is
like
the
api.
A
You
can
run
multiple
of
the
registry
server
and
to
do
that
in
your
helm,
values
file,
you're,
literally
just
changing
how
many
replicas
you
want.
So
it
is
pretty
easy
to
do
so.
So
as
long
as
you
can
get
access
to
database
and
redis,
which
I
think
most
clouds
will
have
some
kind
of
service
you
can
tie
into
and
then
alex
says
the
is
leveraging
the
natives
native.
C
A
A
So
let's
have
a
look
at
their
instructions,
so
download
chart
and
then
configure
it,
and
these
are
kind
of
the
the
bare
minimum
things
you
want
to
do
right.
So
you
need
to
set
the
hosts.
So
your
core,
which
is
kind
of
the
main
entry
point
to
helm
and
notary,
have
different
entry
points,
and
so
you
need
to
set
those
and
then
tell
it
where
your
database
is
and
where
redis
is
and
set
up
your
credentials
etc
and
that's
kind
of
it.
C
A
A
Across
to
okay,
let's
have
a
quick
look
at
the
install
skip,
pass,
helm
2
because
we're
not
doing
helm2,
so
helm3
right,
really
simple:
helm,
install
my
release
dot.
Now
what
they're
doing
in
these
instructions
is
they're
telling
you
to
pull
down
the
entire
chart
and
modify
the
values
file
directly?
The
alternative
is,
of
course,
is.
A
You
could
create
a
separate
values
file
and
do
a
helm
install
from
the
helm
repo
and
that's
the
steps
that
I
took
when
we
installed
helm
on
the
cluster
that
we're
going
to
be
using
when
we
sold
harbor
on
the
class
we're
going
to
be
using
so
tiffany.
Do
you
want
to
bring
up
your
vs
code
and
we'll
take
a
look
at
how
we
got
our
infrastructure
running.
B
A
A
I
I
have
this
running
on
a
gke
cluster,
and
so
you
can
see
I
installed
contour
as
an
ingress
controller,
and
then
I
installed
cert
manager.
So
I
grabbed
the
crds
created
some
name
spaces
and
then
created
some
secrets
with
google
credentials
that
only
have
access
to
dns
to
modify
my
dns
settings
and
then
I
add
the
jet
stack
and
bitnami
helm,
charts
and
install
cert
manager
and
install
external
dns
with
a
typo.
A
A
A
Yeah
and
I
did
a
self-signed
one
as
well
yeah
and
that
way,
as
I
was
deploying
it,
I
wasn't
deploying
with
real
cert
manager
certs,
because
I
didn't
want
to
hit
the
let's
encrypt
limits
on
their
real.
So
I
got
it
all
working
with
self-signed
and
then
I
switched
to
let's
encrypt
prod,
and
that
way
I
get
real
certificates
and
that's
pretty
important
for
your
registry,
because
the
last
thing
you
want
to
do
is
have
to
fight
your
google
class.
A
Google,
your
kubernetes
cluster,
to
get
your
cas
up
into
your,
like
your
data,
plane
nodes,
your
worker
nodes.
So
they
trust
your
registry
right
because
you
need
a
valid.
You
know
you
either
need
a
valid
cert
or
you
need
to
inject
your
ca
up
into
your
data
plane
and,
if
you're
running
your
own
cube
cluster,
that's
not
too
hard
to
do
because
you're
installing
kubernetes,
but
if
you're
on
gke,
if
you're
on
aks,
you
don't
necessarily
have
easy
access
to
to
do.
C
A
A
The
cluster
to
get
the
the
certs
up
there,
so
that
was
kind
of
my
infrastructure,
so
there's
not
too
much
needed,
but
those
things
definitely
help
and
then
so,
if
you
click
on
the
values
harbor,
we
can
have
a
look
at
how
I
set
up
my
helm.
Chart
values
for
harbor.
Now
I
left
the
admin
password
in
there,
which
I
don't
mind
you
you're,
seeing
because
nobody's
gonna
do
any
horrible,
goose
activities
and
hackers,
and
also
I'm
going
to
destroy
this
infrastructure
as
soon
as
we're
finished
here.
A
So
we're
on
the
honor
system.
Don't
hack
us,
but
you
can
see.
These
are
all
value
files
that
get
rendered
into
the
home
templates.
So
I'm
basically
saying
I
want
ingress
enabled
and
I
will
use
tls
and
I'm
going
to
provide
my
own
certs
and
then
you
can
see.
As
the
docs
mentioned,
I
supply
the
ingress
hosts,
so
harbour
dot
and
notary
dot,
and
then
I
pass
in
some
annotations,
and
so
I
always
want
to
make
sure
that
people
use
https,
and
so
I
pass
in
the
force
ssl
redirect.
A
So
this
is
using
the
the
real
one
and
then
the
rest
of
it
is
sitting
setting
some
persistence
so
taking
some
guesses
at
the
sizes.
I
need
for
the
database
and
redis
as
well
as
setting
up
google
cloud
storage,
as
my
as
my
backing
service
for
artifacts,
and
that
way,
if
I
need
to
destroy
this
infrastructure
and
spin
it
up
again,
at
least
my
artifacts
are
still
sitting
there
in
the
back
end,
so
that's
kind
of
how
we
got
the
install
going
and
then
tiffany.
A
So,
like
home,
repo
ad,
create
the
namespace
and
then
helm,
install
and
pass
in
that
values
file.
So
pretty
simple.
It
took
like
five
or
ten
minutes
to
to
get
installed
and
running
because
obviously
it
takes
a
while
for,
like
a
postgres
database
to
start
in
the
redis
database
to
start
and
so
there's
some
cascading
dependencies
that
sort
of
need
to
resolve
themselves
on
the
cluster
to
get
everything
working.
But
when
it
is
all
working,
we
then
end
up
with
a
do.
B
A
B
So
if
you
don't
know
what
octane
is
basically
it's
a
really
cool
ui
that
you
use
with
kubernetes
and
you
can
see
like
all
the
different
things
that
you
have
running
per
like
what,
depending
on
like
what
context
you're
using
and
then
the
different
name
spaces
it's
real
time.
So
it's
kind
of
like
when
you
do
a
watch.
You
can
actually
see
things
as
they
are
coming
up
or
if
they
fail
and
then
you
can
like
dig
into
things
like
look
into
a
pods,
you
can
see
you
can
actually
get
into
a
pod.
B
B
Okay,
it's
a
little
harder
to
like
funky
looking,
so
I
might
actually
just
make
it
harder
to
read,
because
that
way
you
can
kind
of
see
all
the
different
things.
Let's
see
there
we
go.
We
can
kind
of
scooch
that
over
a
bit,
so
basically
it
it
ends
up
creating
a
bunch
of
different
deployments
for
different
things
I
needed
like.
So
there
was
a
stuff
with
notary
that
was
mentioned.
There's
the
claire,
which
is
used
for
the
image
scanning.
B
A
C
A
Yeah,
actually
I
didn't-
I
didn't
know
about
engine
and
and
do
sex,
so
it
comes
with
claire
and
trivi,
but
I
guess
you
can
plug
in
engine
and
do
sec
as
well
for
scanning
and
there's
a
ton
of
support
for
the
replicated
registries.
So
that's
cool,
so
yeah
and
then,
of
course,
a
little
side,
loading
of
your
identity
providers,
if
you
have
active
directory
or
oauth
or
whatever.
A
B
A
Yeah,
so
why
don't?
We
actually
have
a
look
at
the
the
scanning
side
of
things
as
a
first
spot.
So
let's
bring
up
our
harbour
cluster
itself
now
we
actually
have
two
harbour
clusters
up.
So
hopefully
we
remember
to
use
the
right
one.
So
this
is
the
new
one
that
I
spun
up
and
then
we
have
one.
That's
the
slightly
older
version
in
case.
We
want
to
try
and
set
up
some
replication
or
something.
A
A
B
A
B
B
A
B
A
B
Yeah,
so
by
default,
there's
a
project
called
library.
You
can
choose,
have
everything
that
you
want
into
this
project,
but
you
can
also
create
other
projects
as
well,
which
we
can
show
after
I
poke
into
library
and
see
if
alpine
is
correctly
there.
So
here
we
can
see,
there's
alpine,
you
can
see
that
it's
broken
down
to
repositories,
there's
the
helm,
charts
and
then
a
bunch
of
other
things
that
we
can
look
into
later.
So
if
we
click
on
alpine,
you
can
see
that
initially
it
is
not
scanned.
B
B
A
B
B
A
C
B
B
A
Admin
yep,
I
feel
like
creating
users,
is
pretty
boring,
like
everyone
knows
how
to
create
a
username
and
password.
But
what
I
did
see
up
there
was
something
about
robot
accounts,
and
so
maybe
we
can
go
ahead
and
create
a
robot
account
and
then
see
if
we
can
get
kubernetes
to
pull
an
image
from
this
repository
once
it's
once.
We
have
one
there.
A
C
B
B
B
B
B
B
A
B
A
A
B
A
B
A
So
if
we
had
that
setting
set,
it
would
probably
stop
us
from
being
able
to
pull
this
image
down,
but
we
don't
have
that
set.
So
we
can
definitely
we
can
definitely
still
pull
from
it.
So
what
do
we
need
to
do
to
authenticate
kubernetes
to
our
cluster?
Because
this
is
a
private
image?
We
need
that
robot
user
and
I
think
we
create
a
secret
using
that
robot.
C
B
A
So,
as
you
evaluate
the
risk
of
a
particular
cve,
you
can
then
decide
on
whether
or
not
you're
willing
to
accept
that
risk.
So
it's
not
just
a
blanket
ban.
It
actually
probably
allows
you
to
build
up
a
good
graph
of
what
cves
you
have
deemed
to
be
worth
the
risk
and
what
you
haven't.
So
that's
that's
super
cool.
A
B
A
A
B
C
A
A
A
A
A
A
A
A
C
C
A
B
B
A
C
A
A
A
B
A
A
A
B
B
Cool,
so
there
might
be
some
other
ways
to
do
this.
I'm
gonna
you
can
paul.
You
can
tell
me
if
I
should
be
doing
it
some
other
way,
but
I'm
just
gonna
go
off
of
getting
like
bitnami
engine
x,
because
I
don't
know
what
the,
if
is
the
other
one
nginx
flash
engine
x
like
I
don't
actually
know,
but
you
already.
A
B
A
C
C
B
B
So
if
we
look
here
what
happens,
it
ends
up
pulling
down
the
like
the
tar
file
for
all
that
stuff,
which
is
like
what
paul
is
mentioning
earlier
for
the
other
one
where
you
could
like
open
up,
look
at
the
values,
etc.
That's
the
same
kind
of
thing
here
so
basically
now
what
we
would
need
to
do
is
add
paul's
chart
repo.
B
Yeah,
I
was
thinking
at
the
very
beginning,
and
then
I
just
forgot
and
didn't:
do
it?
Okay,
I'll
do
that
after
this
okay?
So
then
the
part
like
if
we
look
over
here
in
the
helm,
charts
right
now,
we
can
see
there's
nothing
there
so
like
when
you're
doing
stuff,
with
just
with
the
images
there
is
like
the
flash
library
or
whatever
it
is
for
this
one.
You
end
up
first,
having
slash
chart
repo
and
then
you
give
it
which
one
it
is
so
tgik.
B
C
B
A
C
C
B
C
B
A
A
B
A
B
A
C
B
A
B
C
A
C
A
A
A
A
B
A
B
C
B
A
Oh
yeah,
that's
right
for
the
cnabby
kind
of
yeah,
so
helm
has
some
like
alpha
support
for
cnab.
That
lets
you
do
that,
but,
as
you
said,
it
does
it
as
like
a
cnab
image,
not
the
helm,
chart
itself.
So
I
think
what
we
did
was
probably
the
mo
the
more
common
way
that
people
would
want
to
do
it.
So
that
is
a
great
plug-in
to
to
remember
the
I
may.
B
A
C
B
B
A
A
B
A
A
B
B
B
C
C
B
B
C
C
A
B
C
A
C
B
C
C
C
B
C
A
B
B
B
C
B
C
A
A
C
C
A
C
C
A
A
A
B
And
for
the,
why
it's
showing
one
for
open
jdk
only
is
because
the
first
time
we
pulled
it,
it
was
pulling
it
like
getting
it
from
docker
hub,
and
then
it
ended
up
putting
it
up
into
our
repository
here
on
harbor,
and
then
we
pulled
it
again.
So
the
only
time
I
pulled
directly
from
harbor
was
the
second
time
we
did.
It.
C
C
B
A
A
B
B
B
B
A
B
C
B
C
B
A
C
A
B
C
A
And
works
out
what
it
needs
to
do
conrad
is
asking:
do
you
need
to
explicitly
pull
official
images
from
docker
hub
and
push
into
harbor
or
say
way
to
automatically
do
it,
so
you
could
automatically
do
it?
The
way
we
just
did
with
the
proxying
or
replication,
oh
and
alex
says
the
new
robot
will
allow.
B
B
A
A
A
I've
seen
a
couple
of
tools
that
do
that,
like
it
gives
you
like
an
image
relocation
but
effectively
it's
pulling
it
down
and
then
pushing
it
up
again,
but
I
feel
like
the
replication
method,
might
be
the
good
way
to
do
it,
especially
on
the
manual
replication.
So
you
can
kind
of
decide
when
you
want
to
replicate
newer
versions
and
stuff
yeah
conrad's
talking
about
official
images
that
you
don't
own
so
yeah
I
mean
you
would
pull
them
tag
them
push
them
or.
A
B
Yeah
so
just
like
to
reiterate
like
there,
you
can
create
users
and
give
them
permissions.
There's
the
registries,
and
these
are
the
ones
that
we
just
added
for
docker
hub
and
harbor.
There's
the
replication
that
we
just
created
and
you
can
do
like
there's
the
distributions
you
can
create
labels.
You
can
set
the
their
quota
or
check
out
like
if
you
set
a
quota
in
the
beginning.
When
you
create
the
project
you
can
see
how
far
along
like.
Are
you
almost
full
of
what?
B
Whatever
quota
you
had
again
integration
services
are
using
these
scanners?
You
can
create
a
new
scanner.
You
can
delete
one
you
can.
There
is
a
you
can.
Also,
let's
see,
I
don't
remember
exactly
where
it
is,
but
there's
a
way
to
also
oh
yeah
there.
It
is
I'm
done
so.
You
can
also
set
which
one
you
want
as
default
and
then
you
can
actually
choose
like
what,
when
you
want
to
scan
everything
that
you
have
so
you
can
put
custom
and
you
can
check
it
every
hour.
C
B
A
A
So
I
don't
know
if
it'll
show
it
because
we're
we're
using
a
real
certificate,
but
if
you
have
a
self-signed
certificate
for
your
harbor
there'll
actually
be
a
button
at
your
repository
to
let
you
download
the
ca.
That
was
that
that
is
used
to
sign
your
certificate
and
that
way
it
makes
it
a
little
bit
easier
to
like
set
up
your
docker
connection,
because
in
docker
there
is,
if
I
bring
up
my
command
prompt
in
like
let's
jump
into
root,
because
we
can
so
in.
A
Like
etsy,
docker
search
dot
d,
you
could
do
like
harbor
dot,
tgik
dot,
demo,
dot,
pulsar.wtf,
slash,
ca.sir,
and
so
that
isn't
actually
there.
But
if
you
grabbed
your
ca
from
harbor,
you
could
stick
it
in
here
and
then
docker
on
this
machine
would
trust
harbor,
because
it's
it
knows
that
it.
Now
it
has
a
ca
and
a
ca
is
valid
or
that
you're
choosing
to
trust
that
ca.
A
So
that's
pretty
useful,
except
it's
still
not
super
easy
to
do.
For
your
actual
kubernetes
nodes.
It's
made
even
more
difficult
by
the
fact
that
in
kubernetes
you
might
have
docker
and
you
might
have
container
d
and
they
both
handle
ca,
certs
differently
and
container
d.
Does
it
differently
through
a
few
different
versions
of
container
d,
as
well
so
trying
to
deal
with
these
self-signed
certs
when
you're,
actually
wanting
to
pull
and
push
from
kubernetes
is,
is
not
a
lot
of
fun.
A
A
A
B
C
A
B
Yeah-
and
we
can
also
just
to
also
mention
like
if
you
click
on
logs
here,
you
can
see
all
the
random
things
that
we
were
doing
like
whether
it
was
proxy
like
this
stuff
that
I
was
trying
to
shove
into
my
like
into
my
harbor
again
or
like
what
we
did
as
an
admin
et
cetera.
So
you
can
kind
of
see
like
all
the
different
things
that
we've
that
you've
been
doing
like
there's
the
robot
et
cetera.
A
B
A
A
Oh
yeah
alex
michael
michael,
thank
you
so
much
for
helping
us
out.
It
was
really
great
to
have
you
on
here
and
to
help
steer
us
in
the
roughly
correct
direction,
as
we
kind
of
just
poke
around
and
thanks
for
other
folks
that
jumped
in
and
helped
with,
like
the
helm,
plug-in
and
stuff
like
that,
you
made
our
jobs
a
lot
easier
and
stopped
us
from
doing
even
more
fumbling
around.
So
thank
you.
Everyone
and.