As noted in the harbor shared services deployment documentation; users must create a harbor-data-values.yaml file which contains configuration data for the harbor deployment:

https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.6/vmware-tanzu-kubernetes-grid-16/GUID-packages-harbor-registry.html#harbordefaultvalues-file-for-vsphere-7-12

1. First, create a secret that contains the Certificate Authority cert that needs to be trusted by the harbor components. The custom CA bundle secret must contain key named "ca.crt", which will be injected into the trust store for core, jobservice, registry, trivy components.

Below can be found example contents for a harbor-ca-bundle.yaml file that can be used with the base64 encoded CA cert and applied with kubectl apply -f harbor-ca-bundle.yaml after creating the tanzu-system-registry namespace:
 

---
apiVersion: v1
data:
ca.crt: <base64 encoded cert>
kind: Secret
metadata:
name: harbor-ca-bundle
namespace: tanzu-system-registry
type: kubernetes.io/tls
 

The following command can be used to encode the cert:

# cat CA.crt | base64

2. In the harbor-data-values.yaml file there is a value called caBundleSecretName before applying the package deployment, add the secret name to the harbor-data-values.yaml config from the above docs using the secret created in Step1:
 

...
proxy:
httpProxy:
httpsProxy:
noProxy: 127.0.0.1,localhost,.local,.internal
pspNames: null
caBundleSecretName: harbor-ca-bundle
metrics:
enabled: false
core:
path: /metrics
port: 8001
...
 

3. Continue the shared services harbor deployment following the documentation above using the harbor-data-vaules.yaml created in Step2 for the CABundle and any other configurations required. After deployment, the harbor pods should trust the CA bundle added.