Backup/Restore of the Harbor Tanzu package (installed by CLI) to a new namespace using TMC Data Protection
search cancel

Backup/Restore of the Harbor Tanzu package (installed by CLI) to a new namespace using TMC Data Protection

book

Article ID: 370712

calendar_today

Updated On:

Products

VMware Tanzu Mission Control VMware vSphere Kubernetes Service vSphere with Tanzu

Issue/Introduction

This guide assumes Harbor Tanzu Package was installed by CLI & details how to:

•    Uninstall the Harbor Tanzu package from the existing namespace where PVs exist

•    Reinstall the Harbor Tanzu package using existing PVs in the new namespace

Environment

TKGs
TMC

Cause

Requirement to change the namespace name of the Harbor Tanzu package

Resolution

Note: Backup the require Harbor data before performing the following actions to avoid data loss.

 

  1. Set Harbor into ReadOnly to avoid data broken.

  2. Make sure the PV reclaim policy is "Retain"

    List all Harbor PVs:

    kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1Gi RWO Delete Bound harbor/data-harbor-redis-0 default 141m
pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 5Gi RWO Delete Bound harbor/data-harbor-trivy-0 default 141m
pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 10Gi RWO Delete Bound harbor/harbor-registry default 141m
pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1Gi RWO Delete Bound harbor/harbor-jobservice default 141m
pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1Gi RWO Delete Bound harbor/database-data-harbor-database-0 default 141m
  3. Check the value of the PV's reclaim policy:

    kubectl get pv <pv-name> -o yaml


# The output:
apiVersion: v1
kind: PersistentVolume
metadata:
...
spec:
...
persistentVolumeReclaimPolicy: Delete
...

    If the "spec.persistentVolumeReclaimPolicy" is "Delete", update it as "Retain":

    # If there are Harbor PVs only, run the following command to update the reclaim policy of all PVs at once
kubectl patch $(kubectl get pv -o name) -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'

# Otherwise, patch the PVs one by one
kubectl patch pv <pv-name> -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}'
  4. Backup all Harbor PVCs

    kubectl -n <orignal-namespace> get pvc -l app=harbor -o yaml > pvcs.yaml

     

  5. Uninstall the Harbor package

    tanzu package installed delete <harbor-package-name> -n <original-namespace> -y
  6. Patch the PVs to remove the "claimRef" section and make sure all PVs are in "Available" status

    # If there are Harbor PVs only, run the following command to update the reclaim policy of all PVs at once
kubectl patch $(kubectl get pv -o name) -p '[{"op":"remove","path":"/spec/claimRef"}]' --type json

# Otherwise, patch the PVs one by one
kubectl patch pv <pv-name> -p '[{"op":"remove","path":"/spec/claimRef"}]' --type json

# Make sure PVs are in "Available" status
kubectl get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1Gi RWO Retain Available default 2d22h
pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 5Gi RWO Retain Available default 2d22h
pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 10Gi RWO Retain Available default 2d22h
pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1Gi RWO Retain Available default 2d22h
pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1Gi RWO Retain Available default 2d22
  7. Create PVCs in the new namespace and make sure they are bound

    # Create the new namespace if it doesn't exist
kubectl create ns <new-namespace>

# Edit the pvcs.yaml and update all "metadata.namespace" fields from <original-namespace> to <new-namespace>
vi pvcs.yaml

# Create the PVCs in the new namespace
kubectl apply -n <new-namespace> -f pvcs.yaml

# Make sure all PVCs are bound
kubectl -n harbor-dev get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
data-harbor-redis-0 Bound pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1Gi RWO default 14s
data-harbor-trivy-0 Bound pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 5Gi RWO default 14s
database-data-harbor-database-0 Bound pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1Gi RWO default 14s
harbor-jobservice Bound pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1Gi RWO default 14s
harbor-registry Bound pvc-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 10Gi RWO default 14s
  8. Reinstall the Harbor package with "existingVolumeClaim" set

    Update the "harbor-values.yaml" and make sure

    (1) The "namespace" is updated as the new namespace

    (2) Set the "existingClaim" the names of PVCs created above

    ...
other configurations
...

namespace: <new-namespace>
persistence:
persistentVolumeClaim:
trivy:
existingClaim: data-harbor-trivy-0
registry:
existingClaim: harbor-registry
redis:
existingClaim: data-harbor-redis-0
jobservice:
jobLog:
existingClaim: harbor-jobservice
database:
existingClaim: database-data-harbor-database-0
  9. Reinstall Harbor package in the new namespace

    tanzu package install harbor -p harbor.tanzu.vmware.com --version <version> -n <new-namespace> --values-file harbor-values.yaml
  10. Verify Harbor works as expected and unset ReadOnly.

Additional Information

Backup of data as advised above must be carried out before performing this procedure.

Harbor Read Only can be enabled/disabled as per link here.

Powered by Wolken Software