When Harbor is deployed as a Supervisor service in a vSphere with Tanzu environment, users may need to configure a proxy server to allow Harbor components (such as Core, Jobservice, and Trivy) to access external registries or download vulnerability databases.

Environment

• Product: VMware vSphere Kubernetes Service (VKS)
• Feature: Harbor Supervisor Service.

To implement proxy settings on the Harbor Supervisor service, you must update the service specification via the vSphere Client. Do not edit the Harbor secret directly from the CLI.

Step 1: Define Proxy Configuration

Add the following configuration block to your data-values.yaml or the service specification in the vSphere UI to define the proxy settings for Harbor components:

#! The http/https network proxy for core, exporter, jobservice, trivy
proxy:
  httpProxy: ""
  httpsProxy: ""
  noProxy: 127.0.0.1,localhost,.local,.internal

Step 2: Configure SSL Certificates (If Required)

If your proxy server requires a certificate for the connection, you must render your certificate into an in-place secret and set the secret name in the configuration.

1. Create the Secret: Ensure the secret contains a key named ca.crt which holds the certificate data.
2. Update the configuration: Use the caBundleSecretName field to inject the certificate into the trust store for the Core, Jobservice, Registry, and Trivy components.
   
   

   #! The custom ca bundle secret, the secret must contain key named "ca.crt"
   #! which will be injected into the trust store for core, jobservice, registry, trivy components
   caBundleSecretName: <your-secret-name>
   

Step 3: Apply Changes via vSphere UI

1. Log in to the vCenter Server UI.
2. Navigate to Workload Management > Services.
3. Select the Harbor supervisor service.
4. Go to Manage Service > YAML Config tab.
5. Update the YAML with the configuration blocks from Step 1 (and Step 2 if applicable).
6. Save the changes and wait for the service to reconcile.