Harbor is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor can be installed on any Kubernetes environment or on a system with Docker support. One of the well known use cases of Harbor is in the deploy of the NSX Application Platform.
We can deploy Harbor in VMware Tanzu. I did not have enough resources in my home lab at the time of writing this blog, to setup Tanzu. So, I decided to utilize the docker daemon that is built into VMware's PhotonOS. Let's take a look at the steps to deploy harbor on PhotonOS.
1. First we deploy the photonOS OVA, to our host. There aren't too many steps in deploying the OVA, so we will not be discussing this in details here.
2. Once the OVA is deployed, power up the VM and open the console. We will finish the initial configurations of the VM such as root password, hostname and IP address. Post this, we reboot the VM.
3. Now we start a SSH session with the host, using the IP address information set in the previous step.
4. Enable docker: systemctl enable docker
5. tdnf install tar -y:
6. Now let us download docker compose by using the below commands:
curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
7. Now we download the Harbor online installer:
curl -L https://github.com/goharbor/harbor/releases/download/v2.0.2/harbor-online-installer-v2.0.2.tgz -o ~/harbor.tgz
8 . Extract the harbor tar file: tar -zxvf ~/harbor.tgz
9. We now need to setup certificates before we can install harbor. I have a windows AD-CS in my environment, so I will be using that for generating the certificates. First we generate the certificate request from the Harbor VM:
openssl genrsa -out VMHarbor.virmyst.homelab.key 4096
10. Now we use the csr file to obtain certificate from my ADCS, you can copy the CSR file from the VM root, using winscp:
11. Copy the cert file generated to the root of the harbor VM. Also make sure you copy the CA root cert.
12. Now open the /root/harbor folder in WinSCP interface
13. Copy the file "harbor.yml.tmpl" and paste it as "harbor.yml"
14. Create a folder in Docker's certificate store: mkdir -p /etc/docker/certs.d/virmystharbor.virmyst.homelab
15. Create a folder in Docker's certificate store: mkdir -p /data/cert
16. Copy the .cert .key and root CA cert files to both these new directory
17. Edit the harbor.yml file, to replace the hostname, certificate & key locations and harbor passwords:
18. With our certificates all setup, we can now finally install Harbor:
harbor/install.sh --with-trivy --with-chartmuseum --with-clair --with-notary
19. The harbor installation start, during the install, several images will be pulled. DO NOT interrupt the process.
20. Let us now login:
And we are all set: