Docker Connected On-Prem Setup
This document describes the process for setting up Harness Docker Connected On-Prem. There is also a Kubernetes Connected On-Prem (recommended) option.
In the Docker Connected On-Prem architecture, the Harness Manager runs in your enterprise environment ("on-premises") and Harness manages the installation through a connection to Harness' Cloud.
In this topic:
- Installation Overview
- System Specifications
- Prepare Your Infrastructure
- Set Up Harness Connected On-Prem
- Post-Installation Steps
- Upgrading Your Installation
- Managing Your Installation
The Harness platform consists of several microservices. These microservices are containerized and spread across the three physical host machines.
Once you are signed up with Harness, you will download and install an Ambassador that acts as a proxy between your data center and the Harness cloud. The Ambassador makes one-way outbound HTTPS calls to the Harness cloud, and installs, upgrades, and manages the Harness Connected On-Prem installation process for you.
Harness Connected On-Prem installation is managed by Harness Support. The high-level steps for installing Harness Connected On-Prem are:
- Prepare your on-premises infrastructure for Harness.
- Provide Harness with your infrastructure information via email.
- Download and run the Ambassador (the tool Harness uses to initiate your Harness Connected On-Prem deployment), and notify Harness that the Ambassador is running.
- Harness triggers the installation and notifies you.
- Point your browser at the URL for your Connected Harness On-Prem.
- Download the Harness Delegate and begin setup.
Harness On-Prem has the following requirements:
Hosts for Harness Microservices
3 Linux Machines:
Host for Ambassador and Monitoring
1 Linux Machine:
SSL Certificates installed
Keyless SSH interconnectivity is required among all four hosts. The SSH Key must be present on all machines, so that they may connect to each other.
Internal Source: Application Subnet
Internal Source: Load Balancer (
Internal Source: Harness Machine/Subnet
Ambassador Outbound Connectivity
Ambassador Virtual Machine Setup
The Harness Ambassador is the only required component that needs outbound-only connectivity to app.harness.io:443. The Harness Cloud uses Ambassador to manage the installation of Harness On-Prem. The Ambassador has the following connectivity and access requirements:
- Connectivity to the Harness Cloud: Connectivity to the Harness Cloud via hostname app.harness.io and port 443. The following command will check connectivity to the Harness Cloud:
nc -vz app.harness.io 443
- Proxy file-size limit: If you have a proxy set up in front of the Ambassador to reach app.harness.io, ensure that your proxy's configuration allows downloads of files as large as 2 GB. This is required to pull the artifacts that the Ambassador will download to install and upgrade Harness microservices. On Apache, set this limit using the
LimitRequestBodydirective. On nginx, use the
Prepare Your Infrastructure
Before installation, do the following setup steps:
- Configure four machines according to the System Specifications.
- Make sure network rules and internal connectivity are configured according to the same section's Firewall Rules.
- Make sure the machine dedicated to the Ambassador has outbound connectivity, as outlined in Ambassador Virtual Machine Setup.
- Make sure the Docker daemon is running on all four machines, and that the Service Account User can run Docker as a non-root user. For details, see Docker's Post-Installation Steps for Linux.
- Make sure the load balancer is configured to redirect URL requests to port 7143 on the three host machines.
- Proceed to Set Up Harness Connected On-Prem.
Set Up Harness Connected On-Prem
Once you have prepared and verified your system, using the checks in Prepare Your Infrastructure above:
- Send the following information to Harness Support at email@example.com with the subject Harness On‑Prem Information:
- Three Hosts on the Same Subnet:
- Host 1 IP Address (Private IP):
- Host 2 IP Address (Private IP):
- Host 3 IP Address (Private IP):
- Load Balancer URL:
- SSH User (Service Account User):
- SSH Key File Path:
- Linux OS Distribution:
- Harness Application and Data Installation Directory (Absolute Path):
Harness Support will configure your system based on the information you sent, and then email you an Ambassador URL.
- After receiving the Ambassador download URL from Harness Support, perform the following steps on its dedicated machine:
- Download the Ambassador.
- Expand the archive.
- Start the Ambassador:
- Once the Ambassador is up and running, contact Harness Support (at firstname.lastname@example.org), or your Harness sales representative, to notify them of your on-prem setup.
- Using Ambassador, Harness Support will validate all the infrastructure and pre-install checks.
- After validation, Harness Support triggers the installation and deployment of Harness On-Prem onto your infrastructure.
- Proceed to Post-Installation Steps.
After installing Harness On-Prem, create a Harness account and set up your Harness Delegate, as follows;
- Go to the
- Create a new Harness account. Use the form fields to set your Admin Account email address and password.You can use this form only once. Subsequent users must be added using an email invite (see Managing Users and Groups (RBAC)).
- Log into your Harness account at your
- Start using Harness by downloading and installing a Harness Delegate, as described in Delegate Installation.
Upgrading Your Installation
Harness releases weekly upgrades for on-premise systems. You can check our weekly Release Notes here.
Harness Support will email you each time an upgrade is available. You can then schedule an upgrade window with Harness Support. Based on this window, Harness Support will use the Ambassador to upgrade your setup.
Managing Your Installation
- To monitor the ongoing health of your Docker Connected On-Prem setup, see Docker Connected On‑Prem Monitoring.
- To stop Harness microservices, or to restart them after a box or its Docker daemon crashes, see Docker Connected Start/Stop Scripts.