You are viewing documentation for KubeSphere version:v3.0.0

KubeSphere v3.0.0 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Integrate Harbor into Pipelines

This tutorial demonstrates how to integrate Harbor into KubeSphere pipelines.


Install Harbor

It is highly recommended that you install Harbor through the App Store of KubeSphere. Alternatively, install Harbor manually through Helm3.

helm repo add harbor
# For a quick start, you can expose Harbor by nodeport and disable tls.
# Set externalURL to one of your node ip and make sure it can be accessed by jenkins.
helm install harbor-release harbor/harbor --set expose.type=nodePort,externalURL=http://$ip:30002,expose.tls.enabled=false

Get Harbor Credentials

  1. After Harbor is installed, visit NodeIP:30002 and log in to the console with the default account and password (admin/Harbor12345). Go to Projects and click NEW PROJECT.


  2. Set a name (ks-devops-harbor) and click OK.


  3. Click the project you just created, and select NEW ROBOT ACCOUNT in Robot Accounts.


  4. Set a name (robot-test) for the robot account and save it.


  5. Click EXPORT TO FILE to save the token.


Enable Insecure Registry

You have to configure Docker to disregard security for your Harbor registry.

  1. Run the vim /etc/docker/daemon.json command on your host to edit the daemon.json file, enter the following contents, and save the changes.

      "insecure-registries" : [""]


    Make sure you replace with your Harbor registry address. The default location of the daemon.json file is /etc/docker/daemon.json on Linux or C:\ProgramData\docker\config\daemon.json on Windows.
  2. Run the following commands to restart Docker for the changes to take effect.

    sudo systemctl daemon-reload
    sudo systemctl restart docker


    It is suggested that you use this solution for isolated testing or in a tightly controlled, air-gapped environment. For more information, refer to Deploy a plain HTTP registry. After you finish the above operations, you can also use the images in your Harbor registry when deploying workloads in your project. You need to create an image Secret for your Harbor registry, and then select your Harbor registry and enter the absolute path of your images in Container Settings under the Container Image tab to search for your images.

Create Credentials

  1. Log in to KubeSphere as project-regular, go to your DevOps project and create credentials for Harbor in Credentials under Project Management.


  2. On the Create Credentials page, set a credential ID (robot-test) and select Account Credentials for Type. The Username field must be the same as the value of name in the JSON file you just downloaded and input the value of token in the file for Token/Password.


  3. Click OK to save it.

Create a Pipeline

  1. Go to the Pipelines page and click Create. Provide the basic information in the dialog that appears and click Next.


  2. Use default values in Advanced Settings and click Create.


Edit the Jenkinsfile

  1. Click the pipeline to go to its detail page and click Edit Jenkinsfile.


  2. Copy and paste the following contents into the Jenkinsfile. Note that you must replace the values of REGISTRY, HARBOR_NAMESPACE, APP_NAME, and HARBOR_CREDENTIAL with your own values.

    pipeline {  
      agent {
        node {
          label 'maven'
      environment {
        // the address of your harbor registry
        REGISTRY = ''
        // the project name
        // make sure your robot account have enough access to the project
        HARBOR_NAMESPACE = 'ks-devops-harbor'
        // docker image name
        APP_NAME = 'docker-example'
        // ‘robot-test’ is the credential ID you created on the KubeSphere console
        HARBOR_CREDENTIAL = credentials('robot-test')
      stages {
        stage('docker login') {
            container ('maven') {
              // replace the Docker Hub username behind -u and do not forget ''. You can also use a Docker Hub token. 
              sh '''echo $HARBOR_CREDENTIAL_PSW | docker login $REGISTRY -u 'robot$robot-test' --password-stdin'''
        stage('build & push') {
          steps {
            container ('maven') {
              sh 'git clone'
              sh 'cd dockerfile-examples/rethinkdb && docker build -t $REGISTRY/$HARBOR_NAMESPACE/$APP_NAME:devops-test .'
              sh 'docker push  $REGISTRY/$HARBOR_NAMESPACE/$APP_NAME:devops-test'


    You can pass the parameter to docker login -u via Jenkins credentials with environment variables. However, every Harbor robot account’s username contains a “$” character, which will be converted into “$$” by Jenkins when used by environment variables. Learn more.

Run the Pipeline

Save the Jenkinsfile and KubeSphere automatically creates all stages and steps on the graphical editing panels. Click Run to run the pipeline. If everything goes well, the image will be pushed to your Harbor registry by Jenkins.