What's supported
This topic lists the supported CD features and integrations you can use in Harness for deploying and verifying your apps.
For a comprehensive list that includes all Harness modules, go to Supported platforms and technologies.
- Deployments
- Provisioners
- Controls/Utilities
- File Store
- Artifacts
- Ticketing/Approvals
- Governance
Platform features for all deployment types
Access control
Role-based access control (RBAC) lets you control who can access your resources and what actions they can perform on the resources. To do this, a Harness account administrator assigns resource-related permissions to members of user groups.
Secrets management
Harness includes a built-in Secret Management feature that enables you to store encrypted secrets, such as access keys, and use them in your Harness connectors and pipelines.
In addition to the built-in Secret Manager, Harness Platform supports the cloud platform secrets management services in the following table.
Provider Name | Key Encryption Support | Encrypted Data Stored with Harness | Support for Referencing Existing Secrets |
---|---|---|---|
AWS KMS | Yes | Yes | No |
AWS Secret Manager | Yes | No | Yes |
Hashicorp Vault | Yes | No | Yes |
Azure Key Vault | Yes | No | Yes |
Google KMS | Yes | Yes | No |
For more information, go to Harness Secrets Management overview.
Delegates
Harness packages and distributes delegates on different types of images. Delegate images are identified by the delegate name. Image types are distinguished by tag.
This is an End of Support (EOS) notice for the Delegate-Legacy image type. This image type reached End of Support (EOS) as of January 31, 2024.
End of Support means the following:
- Harness Support will no longer accept support requests for the Delegate-Legacy image type in both Harness FirstGen and Harness NextGen (including Harness Self-Managed Enterprise Edition (SMP)).
- Security fixes will still be addressed.
- Product defects will not be addressed.
Follow the below steps to upgrade Delegate-Legacy to Delegate image
- Download new yaml from Harness by keeping the same name as the previous delegate
- Check if the existing delegate has any tags/selector, if yes then add them in DELEGATE_TAGS
- Compare the permissions given to the legacy delegate in their yaml and give the same permissions to new delegates
- Check if custom image is used, if yes then build a new image with immutable delegate as base image and override the account setting to point to that image
- Ensure that auto upgrade is enabled for Kubernetes delegates
- Our delegate yaml ships with default HPA of min and max replicas to be 1, adjust the desired number of replicas in HPA
- Deploy the new yaml and see new replicas coming under the same delegate
- Scale down the old stateful set and verify that everything is correct
Image type | Image tag | Image description |
---|---|---|
DELEGATE | yy.mm.xxxxx | The release year, month, and version in dot-separated format. Supported on both NextGen and FirstGen Harness Platform. |
DELEGATE-MINIMAL | yy.mm.xxxxx.minimal | The minimal tag is appended to the release year, month, and version in dot-separated format. Supported on both NextGen and FirstGen Harness Platform. |
DELEGATE-LEGACY | latest | Delegate that auto upgrades with no flexibility to turn off auto upgrade (DEPRECATED) |
-
Install delegate minimal image without SDKs
AuthN
The following table lists the supported Authentication features and various ways to authenticate users. Users in Administrator groups can use Authentication Settings to restrict access to an organization's Harness account. The options you choose apply to all of your account's users.
For more information, go to Authentication overview.
SSO Type | SSO Providers | Authentication Supported | Authorization (Group Linking) Supported | SCIM Provisioning |
---|---|---|---|---|
SAML 2.0 | Okta | Yes | Yes | Yes |
Microsoft Entra ID | Yes | Yes | Yes | |
Others | Yes | Yes | No | |
OneLogin | Yes | Yes | Yes | |
OAuth 2.0 | Github | Yes | No | N/A |
GitLab | Yes | No | N/A | |
Bitbucket | Yes | No | N/A | |
Yes | No | N/A | ||
Azure | Yes | No | N/A | |
Yes | No | N/A | ||
LDAP (Delegate connectivity needed) | Active Directory | Coming soon | Coming soon | N/A |
Open LDAP | Coming soon | Coming soon | N/A | |
Oracle LDAP | Coming soon | Coming soon | N/A |
Notifications
Git experience
Harness Git Experience allows you to store your resource configurations, such as pipelines and input sets, in Git.
Supported Git providers for Harness Git Sync include:
- GitHub
- Bitbucket Cloud
- Bitbucket Server
- Azure Repos
- GitLab
You can save the following Harness resources (entities) in Git using Harness Git Experience:
- Pipelines
- Input sets
- Templates
- Services
- Environments
- Infrastructure Definitions
Artifact Source templates are not supported with Git Experience.
Accounts, orgs, projects
The following table lists the resources that are available at various scopes in Harness:
Resources | Account | Org | Project |
---|---|---|---|
Pipeline | No | No | Yes |
Services | Yes | Yes | Yes |
Environments | Yes | Yes | Yes |
Git Management | No | No | Yes |
Connectors | Yes | Yes | Yes |
Secrets | Yes | Yes | Yes |
SMTP Configuration | Yes | No | No |
Templates | Yes | Yes | Yes |
Audit Trail | Yes | Yes | Yes |
Delegates | Yes | Yes | Yes |
Governance | Yes | Yes | Yes |
Kubernetes
-
Overview:
- Kubernetes
- Helm charts (v2 and v3)
- Kustomize
- Local (Harness Community Edition)
-
Supported connectors for deployment:
- Kubernetes connector
- Username and password
- Client key and secret
- OIDC authentication
- Kubernetes service account
- Assume role binding on delegate configuration
- Google Cloud connector (GKE authentication)
- Service Account
- Google Cloud Role on Delegate
- Workload Identity
- Azure Cloud Connector (AKS Authentication)
- Subscription Id
- Principal and Service Account
- GovCloud Support
- AWS Cloud Connector (EKS Authentication)
- IRSA
- Access Key and Secret Key
- IAM Role
- GovCloud Support
- Kubernetes connector
-
Supported platforms for deployment:
- Self Hosted Kubernetes
- Google Kubernetes Engine
- Azure Kubernetes Engine
- AWS Elastic Kubernetes Service
- Red Hat OpenShift
-
Versions and tooling support:
- Kubectl Client Versions:
- 1.16
- 1.28.7
- We support what each of the Cloud Providers support. We recommend users to keep their binary versions up to date.
- By default, Harness ships with kubectl client - 1.24.3
- Harness has certified versions 1.25, 1.26, 1.27, and 1.28.7 of kubectl. You must install the respective client version of the delegate for Harness to leverage it.
- Tooling:
- OpenShift - oc client binary
- Kustomize - kustomize binary
- Helm - Helm 3.12 and 2.8 binary.
- Helm 3.8 can be supported via feature flag.
- Kubectl Client Versions:
-
Limitations:
- Helm:
- Helm Hooks are not supported for this swimlane. Harness manages and orchestrates the manifests and their release.
- Kustomize:
- Kustomize Patches are only supported in YAML, not JSON
- Kustomize Containerized Plugins are not supported
- Kustomize manifests and patches do not support the custom remote manifest feature.
- Harness managed resources:
- Deployment
- Secrets
- ConfigMap
- StatefulSet
- HorizontalPodAutoScalar
- PodDisruptionBudget
- Helm:
-
Deployment Performance
- Helm deployments might start failing at the delegate due to a large index.yaml files. This causes a CPU spike on the delegate. If you do not provide enough resources to the delegate, you might see failures in pipeline executions.
- Certified Limits:
- Index.yaml file size limit 15Mb
- 5000 Helm charts have been deployed
- Kubernetes delegate size: 8GB, 2 CPU
- 10 parallel deployments
-
Supported integrations:
- Traffic Shifting for Advanced Deployment Strategies:
- Istio
- Nginx Ingress Controller
- All manifest type sources for fetching Kubernetes resources:
- Github
- Gitlab
- Bitbucket
- Custom Remote Source Repository
- Harness Local File Store
- For Helm Chart Type Manifests we also support:
- Generic Git Provider
- Google Cloud Storage
- Amazon S3 Storage
- Helm OCI Repository (ACR, ECR, GAR, Artifactory)
- Helm HTTP Server Repository (Nexus, Artifactory)
- Artifact repository supported to deploy with manifest:
- DockerHub
- Amazon Elastic Container Registry
- Google Container Registry
- Azure Container Registry
- Custom Artifact Source
- Google Artifact Registry
- Github Package Registry
- Nexus 3 (Sonatype 3.50.0 and previous supported)
- Artifactory
- Traffic Shifting for Advanced Deployment Strategies:
For details on what you can deploy, go to What Can I Deploy in Kubernetes?.
Kubernetes version support
The following versions are tested and supported for Kubernetes Canary, Rolling, and Blue/Green deployments:
- 1.13.0
- 1.14.0
- 1.15.0
- 1.16.0
- 1.17.0
- 1.18.0
- 1.19.4
- 1.20.0
- 1.21.0
- 1.22.0
- 1.23.0
- 1.24.3
- 1.24.9
- 1.25.6
- 1.26.0
- 1.27.0
For details on other tools and versions included in Harness, see Delegate-required SDKs.
Guidelines:
- Harness will officially support 3 previous versions from the last stable release. For example, the current most recent stable release is 1.25.6, and so Harness supports 1.24, 1.23, and 1.22.
- Harness supports any other versions of Kubernetes you are using on a best effort basis.
- Harness commits to support new minor versions within 3 months of the first stable release. For example, if the stable release of 1.25.6 occurs on April 15th, we will support it for compatibility by July 15th.
Helm notes
Helm chart dependencies are not supported in Git source repositories. Helm chart dependencies are supported in Helm Chart Repositories.
Azure AKS clusters
To use an AKS cluster for deployment, the AKS cluster parameter disableLocalAccounts
can be set either true
or false
.
Native Helm
- Overview:
- Supported connectors for deployment:
- Kubernetes Connector
- Username + Password
- Client Key and Secret
- OIDC Authentication
- Kubernetes Service Account
- Assume Rolebinding on Delegate Configuration
- Google Cloud Connector (GKE Authentication)
- Service Account
- Google Cloud Role on Delegate
- Workload Identity
- Azure Cloud Connector (AKS Authentication)
- Subscription ID
- Principal and Service Account
- GovCloud Support
- AWS Cloud Connector (EKS Authentication)
- IRSA
- Access Key and Secret Key
- IAM Role
- GovCloud Support
- Kubernetes Connector
- Supported platforms for deployment:
- Self Hosted Kubernetes
- Google Kubernetes Engine
- Azure Kubernetes Engine
- AWS Elastic Kubernetes Service
- Red Hat OpenShift
- Versions and tooling support:
- Helm Client Versions: 2.8 - 3.8
- We support what each of the Cloud Providers support, we recommend users to keep their binary versions up to date
- By default Harness ships with helm client 3.12.
- Tooling:
- OpenShift - oc client binary
- Kustomize - kustomize binary
- Helm - Helm 3.12 & 2.8 binary. Helm 3.8 can be supported via feature flag.
- Limitations:
- Helm 2 is deprecated so there is limited support for Helm 2.
- Helm 3 is now the default for Harness Helm Chart Deployments.
- Helm Plugins are not supported
- Only Basic Deployment Strategy supported (No Canary or Blue-Green Support Out of the box)
- Supported integrations:
- Manifest Sources for fetching Helm Chart:
- Github
- Gitlab
- Bitbucket
- Generic Git Provider
- Custom Remote Source Repository
- Google Cloud Storage
- Amazon S3 Storage
- Helm OCI Repository (ACR, ECR, GAR, Artifactory)
- Helm HTTP Server Repository (Nexus, Artifactory)
- Harness Local File Store
- Artifact Repository for Container Images to deploy with Chart:
- DockerHub
- Amazon Elastic Container Registry
- Google Container Registry
- Azure Container Registry
- Custom Artifact Source
- Google Artifact Registry
- Github Package Registry
- Nexus 3 (Sonatype 3.50.0 and previous supported)
- Artifactory
- Manifest Sources for fetching Helm Chart:
Notes
Helm chart dependencies are not supported in Git source repositories. Helm chart dependencies are supported in Helm Chart Repositories.
Amazon ECS
- Overview:
- Supported connectors for deployment:
- AWS Cloud Connector
- IRSA
- Access Key and Secret Key
- IAM Role
- GovCloud Support
- Supported platforms for deployment:
- AWS Cloud, any region
- AWS - Launch Types:
- Amazon ECS - EC2 - Generally Provisioned Instances
- Amazon ECS - EC2 - Spot Backed Instances
- Amazon ECS - Fargate
- Versions and tooling support:
- AWS SDK
- Supported integrations:
- ECS Service Discovery - Supported via Service Definition
- ECS Circuit Breaker - Supported via Service Definition
- Artifact Repository:
- DockerHub
- Amazon Elastic Container Registry
- Azure Container Registry
- Custom Artifact Source
- Github Package Registry
- Nexus 3 (Sonatype 3.50.0 and previous supported)
- Artifactory
Amazon AMI/ASG
- Overview:
- Supported connectors for deployment:
- AWS cloud connector
- IRSA
- Access Key and Secret Key
- IAM Role
- GovCloud Support
- AWS cloud connector
- Supported platforms for deployment:
- AWS cloud, any region
- Versions and tooling support:
- AWS SDK
AWS Lambda
- Overview:
- Supported connectors for deployment:
- AWS Cloud Connector
- IRSA
- Access Key and Secret Key
- IAM Role
- GovCloud supported
- AWS Cloud Connector
- Supported platforms for deployment:
- AWS cloud, any region
- Versions and tooling support:
- AWS SDK
- Supported integrations:
- Artifact Repository Supported to Deploy with Function Definition:
- Amazon Elastic Container Registry
- Amazon S3
- Artifact Repository Supported to Deploy with Function Definition:
AWS SAM
- Overview:
- Supported connectors for deployment:
- AWS cloud connector
- Access key and secret key
- AWS cloud connector
- Supported platforms for deployment:
- AWS cloud, any region
- Versions and tooling support:
- AWS SDK
- Harness supports standard SAM templates.
- Supported integrations:
- All Git providers are supported for SAM templates.
- Currently, you cannot add artifacts to your Harness SAM service.
Traditional: WinRM
- Overview:
- Supported connectors for deployment:
- AWS Cloud Connector
- IRSA
- Access Key and Secret Key
- IAM Role
- GovCloud Support
- Azure Cloud Connector (AKS Authentication)
- Subscription Id
- Principal and Service Account
- GovCloud Support
- AWS Cloud Connector
- Supported platforms for deployment:
- AWS Cloud
- Azure Cloud
- Physical Datacenter
Traditional: SSH
- Overview:
- Supported connectors for deployment:
- AWS Cloud Connector
- IRSA
- Access Key and Secret Key
- IAM Role
- GovCloud Support
- Azure Cloud Connector (AKS Authentication)
- Subscription Id
- Principal and Service Account
- GovCloud Support
- AWS Cloud Connector
- Supported platforms for deployment:
- AWS Cloud
- Azure Cloud
- Physical Datacenter
- Linux SSH Setups
- Ubuntu Version 22+
- RHEL9 (Red Hat Enterprise Linux 9)
- SSH libraries supported:
- SSHJ: used in our HashiCorp Vault SSH integrations.
- JSCH: used in our SSH deployment types.
- To see the hostkey formats for these libraries, go to the SSH implementation comparison.
- Limitations:
- Google Compute Engine (Virtual Machine Targets)
- Limited Support, Harness can connect to Google VMs via an SSH Key, not via Google Cloud Authentication
- Google Compute Engine (Virtual Machine Targets)
Tanzu Application Service (formerly Pivotal Cloud Foundry)
- Overview:
- Supported connectors for deployment:
- Tanzu Connector
- Endpoint URL, Username and Password
- Tanzu Connector
- Supported platforms for deployment:
- On Premise Cloud Foundry Installations
- VMware Tanzu Platform
- Versions and tooling support:
- Binary Versions:
- CF CLI v7
- Binary Versions:
Google Functions
- Overview:
- Supported connectors for deployment:
- Google Cloud Connector
- Service Account
- Supported platforms for deployment:
- Google Cloud, any region
- Versions and tooling support:
- Google SDK. Supported versions:
- Google Functions Gen 1
- Google Functions Gen 2
- Google SDK. Supported versions:
- Deployment strategies:
- Google Functions Gen 1: Basic.
- Google Functions Gen 2: Basic, blue green, canary.
- Supported integrations:
- Artifact Repository:
- Google Cloud Storage
- Google Cloud Storage and Google Cloud Source (Gen 1 Only)
- Artifact Repository:
Spot Instances
- Overview:
- Supported connectors for deployment:
- Spot Connector
- AccountID + API Token
- Spot Connector
- Supported platforms for deployment:
- AWS cloud, any region
- Limitations:
- Deployment Behavior:
- Incremental Traffic Shifting for SpotInst Deployment is not supported
- VM-based Deployments are supported via Elastigroup configuration
- Deployment Behavior:
Serverless.com Framework
- Overview:
- Serverless.com Framework (AWS Lambda)
- Supported connectors for deployment:
- AWS Cloud Connector
- IRSA
- Access Key and Secret Key
- IAM Role
- AWS Cloud Connector
- Supported platforms for deployment:
- AWS cloud, any region
- Versions and tooling support:
- Supported Binary Versions:
- serverless.com 1.x
- serverless.com 2.x
- serverless.com 3.x
- Supported Binary Versions:
- Limitations:
- Deployment Behavior:
- Harness only supports AWS Lambda Functions to be deployed via Serverless.com Framework
- Harness builds and deploys Lambda Functions> You cannot split up the tasks to build functions and deploy functions separately as part of Harness support.
- Not supported application types:
- Google Functions
- Azure Functions
- Serverless.com 1.x (limited support). Not all capabilities supported.
- Basic deployment supported. No out-of-the-box canary and blue green deployment supported.
- Deployment Behavior:
- Supported integrations:
- Serverless.com plugins:
- Harness supports all the Serverless.com plugins. Please make sure they are compatible with the version of Serverless.com you are using.
- Artifact Repository:
- DockerHub
- Amazon Elastic Container Registry
- Artifactory
- Amazon S3
- Serverless.com plugins:
Azure WebApps
- Overview:
- Supported connectors for deployment:
- Azure Cloud Connector (AKS Authentication)
- Subscription Id
- Principal and Service Account
- GovCloud Support
- Azure Cloud Connector (AKS Authentication)
- Supported platforms for deployment:
- Azure cloud, any Region
- Versions and tooling support:
- Azure SDK
Builds in CD
Continuous Integration (CI) can be performed in Harness using the module and CI pipelines.
If you are using Harness Continuous Delivery (CD) but not Harness Continuous Integration (CI), you can still perform CI using the Jenkins step in your CD stage.
Harness integrates with Jenkins, enabling you to run Jenkins jobs and dynamically capture inputs and outputs from the jobs.
Harness has been tested with the following versions of Jenkins:
-
2.432
-
2.424
-
2.425
-
2.401.2
-
2.414.2
-
2.398
-
2.397
-
Overview:
GitOps
- Overview:
Harness GitOps lets you perform GitOps deployments in Harness. You define the desired state of the service you want to deploy in your Git manifest, and then use Harness GitOps to sync state with your live Kubernetes cluster.
GitOps supports the following:
- Argo CD version supported: 2.8.2.
- Source Repositories:
- All Git providers.
- HTTP Helm repos.
- Target clusters:
- Kubernetes clusters hosted on any platform:
- GKE.
- AKS.
- EKS.
- Other Kubernetes-compliant clusters.
- OpenShift version 3.11, 4.x.
- Minikube.
- Kubernetes Operations (kops).
- Kubernetes clusters hosted on any platform:
- Repository Certificates:
- TLS Certificate (PEM format).
- SSH Known Host Entry.
- GnuPG Keys:
- GnuPG Public Key Data (ASCII-armored).
- Limitations:
- Self-hosted environments
- Agents installed in custom namespaces are not yet supported.
- Self-hosted environments
Local (Harness Community Edition)
Harness CD Community Edition is a lightweight version of Harness that you can download and run on your laptop or any VM.
Harness CD Community Edition is intended to get devs started with Harness quickly without having to sign up for a Harness SaaS account.
Custom
For non-native deployments, Harness provides a custom deployment option using Deployment Templates.
Harness supports the following infrastructure provisioning tools:
Terraform version support
Harness does not include Terraform on the Harness Delegate. You must install Terraform on the Delegate when using Terraform in Harness. For more information, go to Terraform How-tos.
Harness supports the following Terraform versions:
- v1.3.5
- v1.1.9
- v1.0.0
- v0.15.5
- v0.15.0
- v0.14.0
Here's an example install script for the Harness Delegate:
# Install TF
microdnf install unzip
curl -O -L https://releases.hashicorp.com/terraform/1.3.5/terraform_1.3.5_darwin_amd64.zip
unzip terraform_1.3.5_darwin_amd64.zip
mv ./terraform /usr/bin/
# Check TF install
terraform --version
Some Harness features might require specific Terraform versions.
Harness also supports Terraform Cloud and Enterprise.
- Containerized steps:
- Containerize step groups
- Multiple step types can be run containerized.
- Controls:
- Strategies: basic, rolling, canary, blue green, custom.
- Barriers
- Resource Constraints
- Queue steps
- Deployment freeze
- Failure strategies
- Conditional executions
- Looping strategies
- Triggers
- Input set and overlays
- Utilities:
- Build:
Manifests, specifications, config files, and other deployment files can be pulled from the following providers:
The following table lists where you can store your manifests or config files for each integration.
Github | Gitlab | Bitbucket | Harness File Store | Any Git | OCI Helm | HTTP Helm | AWS S3 | Custom | Google Cloud Storage | Inherit from manifest | |
---|---|---|---|---|---|---|---|---|---|---|---|
Kubernetes | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Values YAML | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ||||
Kustomize | ✅ | ✅ | ✅ | ✅ | ✅ | ||||||
Kustomize Patches | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||||
OpenShift Template | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||||
OpenShift Params | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||||
AWS ECS | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||||
AWS SAM | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||||
Helm Chart | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
Serverless.com Framework | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||||
SSH | ✅ | ||||||||||
WinRM | ✅ | ||||||||||
Azure Web Apps | ✅ | ||||||||||
Google Cloud Function | ✅ | ✅ | ✅ | ✅ | ✅ |
The following table lists supported manifest overrides for each integration.
Deployment Type | Supported Manifest Overrides |
---|---|
Kubernetes |
|
Helm |
|
AWS ECS |
|
AWS ASG | N/A |
AWS Lambda |
|
AWS SAM |
|
Azure Web Apps |
|
Tanzu Application Services |
|
SSH | N/A |
WinRM | N/A |
Serverless.com Framework |
|
Google Cloud Functions | N/A |
Spot Elastigroup | N/A |
All artifact sources are covered in CD artifact sources.
- Docker registry on any platform
- Google Container Registry (GCR)
- Google Cloud Storage (GCS)
- Google Artifact Registry
- Amazon Elastic Container Registry (ECR)
- AWS S3
- Azure Container Registry (ACR)
- Azure DevOps Artifacts
- Nexus 2 and Nexus 3 (Sonatype 3.50.0 and previous supported)
- Artifactory
- Jenkins
- Bamboo
- Github packages
- HTTP Helm
- OCI Helm
- Custom artifact source
Harness uses Metadata only when downloading artifact sources.
For pulling Docker images from Docker repos, Harness is restricted by the limits of the Docker repo. For example, Docker Hub limits.
The maximum number of artifact image tags fetched by Harness that is 10000.
The following table lists Harness integrations and their artifact source support:
Docker Hub | ECR | GCR | GCS | ACR | Artifactory | Nexus 3 | Custom | Google Artifact Registry | Github Artifact Registry | Jenkins | AWS S3 | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Kubernetes | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||
Helm | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||||
AWS ECS | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | |||||
AWS ASG | ||||||||||||
AWS Lambda | ✅ |