Setting Up Harbor Container Registry on AWS EC2
Containerization has brought significant advancements to the process of building, shipping, and deploying applications. With technologies like Docker and Kubernetes leading the way, containers have become essential for modern DevOps and cloud-native development. To effectively manage your container images, a dependable container registry is crucial, which is where Harbor comes in.
Harbor is a free and open-source registry for managing and storing container images securely.
Why we need Harbor Container Registry ?
- Secure and Compliant Container Images - Harbor provides essential security measures, including vulnerability scanning and image signing.
- Effortless Image Dissemination - Harbor’s image replication feature enables redundancy and reduces latency by allowing images to be copied across multiple registries, making it ideal for global teams and regions with limited connectivity.
- Role-Based Access Control (RBAC) - In professional environments, Harbor’s RBAC offers precise access control for team members with varying permissions in managing container images.
- Storage and Scalability - Harbor is support for numerous storage backends such as S3, NFS and more.
- Integration with CI/CD - Harbor into their CI/CD pipelines, DevOps teams automate image uploads and ensure they have the most up-to-date and tested container images available.
- Cost Efficiency - Harbor is open-source, reduces costs by decreasing data transfer expenses while optimizing image storage.
In this article, we will walk you through the steps to set up Harbor Container Registry on an AWS EC2 instance, so you can confidently manage and distribute your container images.
Prerequisites
- AWS account with necessary permissions.
- AWS EC2 instance
- AWS ALB
- ALB configure with Route53
- Basic knowledge of Docker and AWS services.
Step 1: Launch an AWS EC2 Instance
- Log into your AWS Management Console and navigate to the EC2 Dashboard.
- Launch an instance
- Instance Name -
harbor
- AMI -
Amazon Linux 2023 AMI
- Architecture -
64-bit (x86)
- Instance type -
t2.large
- Security Group
harbor-sg
Configure as below,
SSH port - Access the Ec2 instance
HTTP port - Access the Harbor UI interface
Step 2: Install Docker and Docker Compose
- First SSH into your EC2.
2. Now we need to install the Docker and Docker Compose;
- Docker
sudo yum update
sudo yum install -y docker
sudo usermod -a -G docker ec2-user
after that recommend for sudo reboot
sudo systemctl enable docker.service
sudo systemctl start docker.service
sudo systemctl status docker.service
- Docker Compose
wget https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)
sudo mv docker-compose-$(uname -s)-$(uname -m) /usr/local/bin/docker-compose
sudo chmod -v +x /usr/local/bin/docker-compose
docker-compose version
Step 3: Install Harbor Container Registry
wget https://github.com/goharbor/harbor/releases/download/v2.7.3/harbor-online-installer-v2.7.3.tgz
tar xzvf harbor-online-installer-v2.7.3.tgz
After installing it creates a folder called harbor
Go inside to the folder and rename the harbor.yml.tmpl
to harbor.yml
For now I only need to access the UI, So I am doing these configurations in harbor.yml
.
Comment Https for now!
Finally install the sh script using sudo ./install.sh
Access the web UI with the <ec2-public-dns>.
Username - admin
Password - Harbor12345
To interact with the repository in advance. you should follow these steps;
Step 1: Launch a AWS ALB
- First you need to Create a AWS ALB
harbor-elb
that point to theharbor
EC2 for that,
- Security Group
harbor-elb-sg
For more secure your Harbor Container Registry
you can use your vpn ip
for the source without using 0.0.0.0/0
.
- Target Group
harbor-ec2
point to80 port
. - Listener and Rules
Step 2: Create Route53
Create a domain using Route53 and point to the harbor-elb
.
Example domain - harbor-demo.example.com
Step 3: Secure our EC2
- Security Group
harbor-sg
Configure as below,
Add your harbor-elb-sg
security group to your HTTP port source.
Step 4: Update harbor.yml
update <ec2-public-dns>
with harbor-demo.example.com
.
Once again install the sh script using sudo ./install.sh
.
Now you can access your Harbor
using harbor-demo.example.com
Now you can login to the Harbor
with your local terminal
docker login harbor-demo.example.com -u admin -p Harbor12345
Rest of the codes are same as dockerHub
.
Conclusion
In summary, Harbor, despite not being the most widely known tool, offers a versatile solution for managing container images on an AWS EC2 instance. With a broad array of features, it empowers you to securely store, manage, and distribute your container images, enhancing your DevOps workflows