Delegate image types
Harness packages and distributes delegates on different types of images. Delegate images are identified by the delegate name. Image types are distinguished by tag.
This is an End of Support (EOS) notice for the Delegate-Legacy image type. This image type reached End of Support (EOS) as of January 31, 2024.
End of Support means the following:
- Harness Support will no longer accept support requests for the Delegate-Legacy image type in both Harness FirstGen and Harness NextGen (including Harness Self-Managed Enterprise Edition (SMP)).
- Security fixes will still be addressed.
- Product defects will not be addressed.
Follow the below steps to upgrade Delegate-Legacy to Delegate image
- Download new yaml from Harness by keeping the same name as the previous delegate
- Check if the existing delegate has any tags/selector, if yes then add them in DELEGATE_TAGS
- Compare the permissions given to the legacy delegate in their yaml and give the same permissions to new delegates
- Check if custom image is used, if yes then build a new image with immutable delegate as base image and override the account setting to point to that image
- Ensure that auto upgrade is enabled for Kubernetes delegates
- Our delegate yaml ships with default HPA of min and max replicas to be 1, adjust the desired number of replicas in HPA
- Deploy the new yaml and see new replicas coming under the same delegate
- Scale down the old stateful set and verify that everything is correct
| Image type | Image tag | Image description |
|---|---|---|
| DELEGATE | yy.mm.xxxxx | The release year, month, and version in dot-separated format. Supported on both NextGen and FirstGen Harness Platform. |
| DELEGATE-MINIMAL | yy.mm.xxxxx.minimal | The minimal tag is appended to the release year, month, and version in dot-separated format. Supported on both NextGen and FirstGen Harness Platform. |
| DELEGATE-LEGACY | latest | Delegate that auto upgrades with no flexibility to turn off auto upgrade (DEPRECATED) |
Image type comparison
Harness gives you the option to select delegate images with or without third-party client tools. The use of a delegate packaged with third-party binaries speeds the construction of a CD pipeline; Harness CI and STO do not make use of these libraries. The inclusion of third-party binaries, however, increases attack vectors. When choosing delegate images, remember to prioritize both security and ease of use.
Harness rigorously scans delegate images for vulnerabilities. Harness cannot, however, guarantee the elimination of CVEs from delegate images that include third-party client tools. The vulnerabilities that third-party client tools introduce in delegate images cannot be eliminated until the vulnerabilities are repaired in the third-party tools.
The following table differentiates between delegate images based on key features and recommended use. For those images distributed with auto-upgrade enabled, Harness recommends accepting the auto-upgrade setting.
| Third-party client tools | Minimum CVEs | Auto-upgrade enabled | Disable auto-upgrade | Notes | |
|---|---|---|---|---|---|
| DELEGATE Base image: Red Hat Universal Base Image (Red Hat/UBI8) Recommended use: Quick deployment of a pipeline | ✓ | x | ✓ | ✓ | Installed as a Kubernetes Deployment resource. Renamed from "immutable delegate." |
| DELEGATE-MINIMAL Recommended use: To minimize attack vectors, in the enterprise, or when you want to select and install different tools at build time or runtime | x | ✓ | x | ✓ | |
| DELEGATE-LEGACY Deprecated: Not recommended for use in new Harness accounts | ✓ | x | ✓ | x |
Harness Delegate is a Red Hat Enterprise Linux (RHEL)-based image. A Windows-based image is not available.
Harness Delegate images are multi-architecture under the same tag. If you navigate to a specific delegate tag, you will find a digest for each architecture. The correct digest is pulled depending on the host architecture.
Third-party tools included in the DELEGATE image type
| Third-party tool/SDK | 78101 and earlier | 78306 and later |
|---|---|---|
| kubectl | 1.13.2, 1.19.2 | 1.28.7 |
| go-template | 0.4, 0.4.1 | 0.4.5 |
| harness-pywinrm | 0.4-dev | 0.4-dev |
| Helm | 3.1.2, 3.8.0 | 3.12.0 |
| chartmuseum | 0.8.2, 0.12.0 | 0.15.0 |
| tf-config-inspect | 1.0, 1.1 | 1.2 |
| oc | 4.2.16 | 4.13.32 |
| Git | NA | 2.43.0 |
| SCM | The Harness-generated library and version are changed with every fix. | The Harness-generated library and version are changed with every fix. |
Latest Delegate image version and their respective SCM versions are listed below:
| Delegate version | SCM versions |
|---|---|
| 24.08.83705 | a81c96813 |
| 24.08.83704 | e92737411 |
| 24.08.83701 | ffe83a057 |
| 24.07.83611 | 43baeda70 |
Docker pull commands
The table below contains the pull commands for retrieving delegate images.
| Delegate | Docker command |
|---|---|
| DELEGATE | docker pull harness/delegate: <yy.mm.xxxxx> |
| DELEGATE-MINIMAL | docker pull harness/delegate: <yy.mm.xxxxx>.minimal |