Harbor is like a Swiss army knife packed with features and functions that are orientated to allow users to host private docker images.
Harbor provides the following key features
- Replicate projects: Harbor supports images replication to replicate repositories from one Harbor instance to another.
- Manage role by LDAP group: Harbor administrators can import an LDAP/AD group to Harbor and assign project roles to it.
- Manage Labels: Harbor provides labels to isolate image resources globally or at the project level.
- Manage Helm Charts: Harbor provides management of Helm charts isolated by projects and controlled by RBAC.
- Integrated UAA Authentication: Harbor can share UAA authentication with Pivotal Application Service (PAS) and Enterprise PKS.
- Role-Based Access Control: Users and repositories are organized into projects. Users can have different permissions for the images in different projects.
- Policy-Based Image Replication: Images can be synchronized between multiple registry instances with auto-retry on errors, offering support for load balancing, high availability, multi-datacenter, hybrid, and multi-cloud scenarios.
- Vulnerability Scanning: Harbor uses Clair to scan images regularly and warn users of vulnerabilities.
- LDAP/Active Directory (AD) Support: Harbor integrates with enterprise LDAP/AD systems for user authentication and management.
- Image Deletion and Garbage Collection: Images can be deleted and their space can be recycled.
- Notary: Image authenticity can be ensured by using Docker Notary.
- Graphical User Portal: Users can easily browse, search repositories, and manage projects.
- Auditing: All the operations to the repositories are tracked.
- RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems.
In this article, we will be walking through a quick setup with Minikube hosting our Harbor repository. We will conclude with a simple docker tag and push operation into our private Harbor repository.
Part 1 — Installation & Configuration
We are using helm to perform the installation with the Harbor chart default values.
Add Helm Repository
helm repo add harbor https://helm.goharbor.io
Clone the Harbor Repository
git clone https://github.com/goharbor/harbor-helm.git
Path into the Harbor git directory. Perform a helm install of the Harbor chart. Note that the command is based on Helm 3.
helm install harbor harbor/harbor -n harbor
It will take a while for all the component pods to be up and running.
Default value of Harbor helm chart uses the ingress configuration.
Hence we need to manually add the ingress host & IP address into our /etc/hosts on the host that is running our Minikube.
We can try to access the Harbor website via the URL https://core.harbor.domain
Login with the following details
username = admin & password = Harbor12345
First thing we need to create a new project inside Harbor. This will be where we will be storing all the project related Docker images.
Then we move over to create a new user within Harbor.
Lastly we need to add the newly created user into our project member.
Part 2 — Docker Image Tagging and Pushing
On the host that is running Minikube, we need to have Docker CE running.
On a terminal, we will log in Harbor repository
docker login -u<harbor-user> core.harbor.domain
E xperience : We should be seeing the following error after we enter the password to login
INFO[0002] Error logging in to v2 endpoint, trying next endpoint: Get https://core.harbor.domain/v2/: x509: certificate signed by unknown authority
This is a known issue with Docker private repository. We can resolve this simply by instruct our mac OS to trust the Harbor repository self signed ca cert.
First we need to get the Harbor ca cert. This can be downloaded from our Project -> Repositories tag, click on the “Registry Certificate”. This will download the ca.crt file.
Execute the following command.
security add-trusted-cert -d -r trustRoot -k ~/Library/Keychains/login.keychain ./ca.crt
Restart Docker process after the operation.
docker login -udevops core.harbor.domain Password:Login Succeeded
Confirm that we have an existing docker image that we want to upload
We will proceed to tag the Docker image (e.g. nginx) according to Harbor convention format
core.harbor.domain/<Harbor project>/<Image name>:<version>
We will finally push the image into our Harbor repository
Conclusion
In a couple of steps, we have managed to set up Harbor and uploaded our first Docker image. However, we have just barely touch on the vast amount of useful features that Harbor provides such as vulnerability scanning and helm chart management.