Harbor in local deployment

This page describes how to use Harbor in our development setup, using skaffold. It is divided in two categories: the first one describes how to use a harbor registry inside the k3d cluster, meanwhile the second describes how to use a harbor registry outside of the cluster. The third section describes the set-up that will be needed.

Use in-cluster Harbor

First-time set-up (specific to in-cluster)

As sudo, add       registry.org-2.com to /etc/hosts

echo "       registry.org-2.com" | sudo tee -a /etc/hosts


  1. Set HARBOR_CERT_PATH to point to the absolute path to orchestrator/examples/tools/ca.crt

    export HARBOR_CERT_PATH=<absolute_path_to_orchestrator_repo>/orchestrator/examples/tools/ca.crt
  2. Re-create the cluster and launch skaffold on the orchestrator

    cd orchestrator
    skaffold run
  3. Start substra-backend with profile org-2-harbor

  4. Activate port-forward (port 30046) on harbor-nginx-xxxxxxxxxx-xxxxx (referred as <pod_name>), depending of your tool:

    • kubectl:

      kubectl port-forward -n harbor deployments/harbor-nginx 30046:https
    • k9s:

      1. Hover pod <pod_name>

      2. Press <SHIFT>+F

      3. Replace nginx::30000 by nginx::30046 (the Local port should be replaced by 30046)

  5. Follow the instructions in Harbor-set-up with the following informations:

Use external Harbor

  1. Follow the Harbor-set-up

  2. Create docker-config secret

kubectl create secret docker-registry docker-config -n org-2 --docker-server=<your-registry-server> --docker-username=<your-name>
  1. Update your value file (you can use backend-org-2-harbor.yaml as a model)

      enabled: false
      local: false
      host: # The host, without the port, as it is defined in the field port
      pullDomain: # The harbor host, with the port as it won't use the port field
      port: 443
      dockerConfigSecretName: docker-config # Equals to the name given to the secret at the previous step


  1. In the frontend, create project substra

  2. Set the variable `HARBOR_REGISTRY_DOMAIN` to your registry URL

    export HARBOR_REGISTRY_DOMAIN=<registry_url>
  3. Login to the registry

    docker login $HARBOR_REGISTRY_DOMAIN
  4. Manually add base image

    1. Pull image

      docker pull ghcr.io/substra/substra-tools:latest
    2. Tag it

      docker tag ghcr.io/substra/substra-tools:latest $HARBOR_REGISTRY_DOMAIN/substra/substra-tools:latest
    3. Push to repository

      docker push $HARBOR_REGISTRY_DOMAIN/substra/substra-tools:latest