Skip to content
1.1 What is Harbor?
- Harbor is a container image registry software. You can use it to run an image registry on the premises.
- It is open source.
- Written in Go.
- Web site: https://goharbor.io/
- Git repo: https://github.com/goharbor/harbor
- It is compatible with the docker CLI. That means you can push and pull images using the docker command line.
1.2 Benefits of Harbor
- Provides role-based access control to your projects. You can finetune who can push, pull, delete images, etc.
- You can define company-wide policies, such as space quota, retention age or images, and signing of images.
- Harbor can scan images for vulnerabilities.
- In addition to container images, you can also push and pull Helm charts.
- Kubernetes can pull images from Harbor.
1. 3 Planning to Install Harbor
- There are two possible ways we can run Harbor:
- As Docker containers managed by Docker compose.
- As containers inside of Kubernetes. In this case, installation is done by Helm
- Generally speaking, the Helm and Kubernetes-based option is easier and offers better scalability and fault tolerance.
- Harbor has a long list of prerequisite software such as:
- Helm can install all the required software. Alternatively, if you already have PostgreSQL and Redis running somewhere you can point Harbor to them.
1.4 Installing Harbor in K8s
- Add the ingress add-on to the K8s cluster.
- Run these commands. All components will be created in the harbor-system namespace.
- kubectl create namespace harbor-system
- helm repo add harbor https://helm.goharbor.io
- helm fetch harbor/harbor –untar
- helm install -n harbor-system my-harbor-release harbor/
- After a few minutes, you can check the status of all the pods.
- kubectl get pods -n harbor-system
1.5 Opening the Administration Console
- Check the host name and IP address the ingress controller is using.
- kubectl get ing -n harbor-system
- Register that domain name and IP address to your DNS or /etc/hosts.
- Access the admin console using the URL. For example:
- Default super user ID is admin with the password Harbor12345.
1.6 Creating a Project
- A project groups a collection of images.
- Each project can have its own user access control, policies such as quota and other settings.
- A project can be created in the admin console by clicking Projects > NEW PROJECT.
1.7 Project Naming
- Your project name will appear in the image names. So, name your projects carefully.
- In the end, each image must be named as follows:
- <HARBOR HOST NAME/>/<PROJECT NAME>/<IMAGE NAME>/<TAG>
- For example:
- Harbor is an open-source image registry. You can use it to run an on-premises image registry.
- Harbor comes with many benefits, such as role-based access control to projects, corporate policy enforcement, and vulnerability scanning.
- It is easier to install Harbor using Helm and run in a K8s cluster. Helm will install all required software such as PostgreSQL and Redis.
- A project is a collection of images. You can apply policies and role-based security to a project.