Install Harbor Docker Registry

Install Harbor Docker Registry

Harbor is an open source container image registry that secures images with role-based access control, scans images for vulnerabilities, and signs images as trusted. As a CNCF Incubating project, Harbor delivers compliance, performance, and interoperability to help you consistently and securely manage images across cloud native compute platforms like Kubernetes and Docker.

The key features of Harbor include:

  • Security and vulnerability analysis
  • Content signing and validation
  • Extensible API and web UI
  • Image replication
  • Role-based access control
  • Multi-tenant

    What You’ll Need

Here’s what you’ll need for a successful Harbor installation:

  • A running instance of CentOS Server 7.
  • A user account with sudo privileges.

    Docker and Docker Compose

Before we actually install Harbor, there are a number of dependencies to take care of. Let’s get everything ready.

The first tool to install is Docker itself. Open a terminal window and issue the command:

Installing Docker on CentOS base on Docker.com

Uninstall old versions of Docker

Install Docker Engine — Community using the repository

You can install Docker Engine Community in different ways, depending on your needs:

Use the following command to set up the stable repository.
Install the latest version of Docker Engine — Community and containerd

Add your user to the docker group with the command

Start and Enable Docker

Once Docker is installed, you need to add your user to the docker group with the command:

Next, we need to install the docker-compose command. As this cannot be installed via the standard repositories, it is taken care of with the following commands:
On Linux, you can download the Docker Compose binary from the Compose repository release page on GitHub.

Run this command to download the current stable release of Docker Compose:

Apply executable permissions to the binary:

If the command docker-compose fails after installation, check your path. You can also create a symbolic link to /usr/bin or any other directory in your path.

NGINX

The next dependency to install is NGINX.

Start and enable NGINX with the commands:

Download and Install Harbor
NOTE: Make sure to visit the Harbor release page to check for the latest version.

Unpack the downloaded Harbor file with the command:

The above command will create a new directory, named harbor. Change into that directory with the command:

Creating SSL Keys with Let’s Encrypt
Harbor cannot function properly without SSL. Because of this, you need to add SSL keys.
Run this command to install certbot

Export a variable for domain:

Generate the certificates with the command:

Rename SSL certificates with following command:

With the key generation complete, we need to copy the newly-generated certificates into the proper directory. First, create the directory with the command:

Now copy the keys with the command:

Configuring the Harbor Installer
Before running the installation command, a few edits must be made to the harbor.yml file. Open that file for editing with the command:

The following options must be edited:

Because we are using SSL, it is also necessary to uncomment (remove the leading # characters) the following lines:

Make sure to edit the paths of the keys to reflect:

Save and close that file.

Installing Harbor
It’s time to install Harbor. We’ll be installing the service with Clair support (for the scanning of vulnerabilities). To do this, issue the command:

The installation takes a bit of time, so be patient until the harbor services are started and you are returned your bash prompt.

The installation should complete without errors. When it does, open a browser and point it to https://domain.com/harbor (Where domain of your Harbor server). You will be prompted for the admin user credentials (username is admin and password is the password you set in the harbor.yml file).

DevOps Engineer