A lot of k8s projects have pull=always which quickly makes you reach your ratelimits if any issuers occur. Harbor has a nice proxy cache feature to help with this
https://goharbor.io/docs/2.14.0/administration/configure-proxy-cache
It doesn’t seem to deal with cert-manager nicely out of the box, so we need to set the annotation manually:
Assuming you already have an nginx ingress setup and a clusterissuer
kubectl create ns harborhelm -n harbor install harby harbor/harbor \
--set expose.type=ingress --set expose.ingress.className=nginx \
--set expose.ingress.hosts.core=harbor.mijnbureau.rabevcqhguoovcu.xyz \
--set expose.tls.enabled=true \
--set expose.tls.certSource=secret \
--set expose.ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-prod \
--set expose.tls.secret.secretName=harby-harbor-ingressGo to the web UI with admin:Harbor12345 and set up an endpoint for dockerhub. Then, create a project and link it to that dockerhub endpoint. Do not forget to change the password for the admin user!
Now, you can use the proxy!
docker pull harbor.mijnbureau.rabevcqhguoovcu.xyz/dockerproxy/node:24