Setting Up Harbor Docker Registry in ubuntu
Download as DOCX, PDF0 likes7 views
Setting Up Harbor Docker Registry in ubuntu
![#https:
# https port for harbor, default is 443
# port: 443
# The path of cert and key files for nginx
#certificate: /your/certificate/path
#private_key: /your/private/key/path
harbor_admin_password: Harbor12345
Since I am running as http, hence comented out https related configurations
Add below line in daemon.json file
{
"log-level": "error",
"insecure-registries": ["your server:8086"]
}
Restart docker
sudo snap restart docker
Install Harbor:
Once the configuration is set, run the installation script:
sudo ./install.sh
This command will set up Harbor with Docker Compose, creating containers for Harbor’s
components.
1. Access Harbor Dashboard:
2. After installation, you can access the Harbor UI by navigating to your configured hostname or
IP in a browser. For example:
http://<your-ip-or-domain>:8086](https://image.slidesharecdn.com/settingupharbordockerregistry-250308003917-692511dc/85/Setting-Up-Harbor-Docker-Registry-in-ubuntu-4-320.jpg)
![vi Dockerfile
FROM streamsets/datacollector:5.12.0
Build an image:
docker build -t customstreamsetsimgage:5.12.0 .
[+] Building 0.4s (5/5) FINISHED
docker:default
=> [internal] load .dockerignore
0.0s
=> => transferring context: 2B
0.0s
=> [internal] load build definition from Dockerfile
0.0s
=> => transferring dockerfile: 75B
0.0s
=> [internal] load metadata for docker.io/streamsets/datacollector:5.12.0
0.0s
=> [1/1] FROM docker.io/streamsets/datacollector:5.12.0
0.2s
=> exporting to image
0.0s
=> => exporting layers
0.0s
=> => writing image
sha256:4393717f4731668e1e2b0246a1ecf486f558dab5365fd3ae53783d3538c29d6b
0.0s
=> => naming to docker.io/library/customstreamsetsimgage:5.12.0
docker images | grep customs
customstreamsetsimgage 5.12.0 4393717f4731 7 weeks ago 1.09GB
Create a tag:
docker tag customstreamsetsimgage:5.12.0
10.10.63.128:8086/privatelibrary/customstreamsetsimgage
Push the image:
sudo docker push 10.10.63.128:8086/privatelibrary/customstreamsetsimgage
Using default tag: latest
The push refers to repository [10.10.63.128:8086/privatelibrary/customstreamsetsimgage]
cca06c5e758a: Mounted from privatelibrary/streamsets
5f70bf18a086: Mounted from privatelibrary/streamsets
7e0e3e415aed: Mounted from privatelibrary/streamsets](https://image.slidesharecdn.com/settingupharbordockerregistry-250308003917-692511dc/85/Setting-Up-Harbor-Docker-Registry-in-ubuntu-8-320.jpg)
Setting Up Harbor Docker Registry in ubuntu
- 1. Setting Up Harbor Docker Registry: Installation and Pushing Docker Images Managing Docker images efficiently is crucial in a containerized environment, and Docker registries play a vital role in this process. A Docker registry is a storage and distribution system for Docker images. It enables teams to share, version, and store container images securely. Docker registries can be public or private, depending on your needs, with several options available for different use cases. In this guide, we’ll explore Docker registries, including their types, and how to set up Harbor, a popular private Docker registry, to securely manage your Docker images. What Is a Docker Registry? A Docker registry is a server that stores Docker images. These images are collections of layers representing your application and its environment. Docker clients, like Docker CLI or Docker Compose, interact with the registry to pull and push images. A Docker registry is essential for: Version control: Keep different versions of the same image. Collaboration: Share images among development teams.
- 2. Security: Store images in a protected environment. CI/CD integration: Automate the process of pulling and pushing images in pipelines. Docker registries work by using repositories, where each repository contains all image versions for a particular application or service. Types of Docker Registries There are two primary types of Docker registries: public and private. 1. Public Docker Registry A public registry is open to anyone. Developers worldwide can pull images from and push images to the registry. The most commonly used public registry is: Docker Hub: Docker Hub is the default public registry where millions of pre-built images are available. Developers use Docker Hub to share open-source images and public projects. It’s great for testing and experimentation, but it might not be ideal for proprietary or confidential images due to its public nature. Pros: Free for public images, easy to access, widely used. Cons: Limited privacy unless you subscribe to paid plans. 2. Private Docker Registry A private registry is used within an organization to store images securely. Private registries are essential for teams that need to control who can access and push images. You can deploy a private registry locally or on the cloud. Some popular private Docker registries include: Harbor: An open-source container registry that enhances Docker distribution with security features, like image vulnerability scanning and role-based access control. Harbor is ideal for enterprises that require advanced security features. AWS Elastic Container Registry (ECR): A fully managed Docker registry service by AWS. ECR is integrated with other AWS services, making it a good choice for teams using Amazon Web Services. Google Container Registry (GCR): GCR is a private Docker image storage on Google Cloud Platform (GCP). It provides seamless integration with Google’s infrastructure, making it ideal for GCP users. Azure Container Registry (ACR): Microsoft’s offering for storing and managing container images. ACR integrates with Azure Kubernetes Service (AKS) and other Azure tools. Pros: Full control over access, better security, integration with enterprise workflows. Cons: More complex setup and maintenance compared to public registries. Why Choose Harbor? Harbor is an excellent option for organizations that require a private Docker registry with built-in security, compliance, and management features. Its key benefits include:
- 3. Role-Based Access Control (RBAC): Define who can push, pull, and manage images within the registry. Image Vulnerability Scanning: Automatically scan images for known vulnerabilities. Image Signing: Ensure the integrity of images by signing them. Replication: Harbor can replicate images across multiple registries. Step 1: Installing Harbor Harbor can be installed using its official installation package. Follow these steps to install Harbor… Prerequisites Before we start, ensure you have the following installed: Docker Docker Compose A machine with at least 2GB of RAM Step 1: Installing Harbor Harbor can be installed using its official installation package. Follow these steps to install Harbor: 1. Download the Harbor Installation Package: Go to the Harbor releases page, click on Assets and download offline or online installer. wget https://github.com/goharbor/harbor/releases/download/v2.8.1/harbor-online-installer- v2.8.1.tgz 1. Extract the Package: tar xvf harbor-online-installer-v2.8.1.tgz 1. Navigate to the Harbor Directory: cd harbor 1. Configure Harbor: Edit the harbor.yml configuration file to set the hostname and other parameters. vi harbor.yml 1. Make sure to modify the hostname, port etcparameter to your machine's IP address or domain name: hostname: <your host name> # http related config http: # port for http, default is 80. If https enabled, this port will redirect to https port port: 8086 # https related config
- 4. #https: # https port for harbor, default is 443 # port: 443 # The path of cert and key files for nginx #certificate: /your/certificate/path #private_key: /your/private/key/path harbor_admin_password: Harbor12345 Since I am running as http, hence comented out https related configurations Add below line in daemon.json file { "log-level": "error", "insecure-registries": ["your server:8086"] } Restart docker sudo snap restart docker Install Harbor: Once the configuration is set, run the installation script: sudo ./install.sh This command will set up Harbor with Docker Compose, creating containers for Harbor’s components. 1. Access Harbor Dashboard: 2. After installation, you can access the Harbor UI by navigating to your configured hostname or IP in a browser. For example: http://<your-ip-or-domain>:8086
- 5. 1. Log in using the default credentials: Username: admin Password: Harbor12345 Step 2: Pushing Docker Images to Harbor Once Harbor is up and running, the next step is to push your Docker images to the Harbor registry. 1. Log In to Harbor Registry: Use Docker to log in to your Harbor registry. Replace <your-ip-or-domain> with your Harbor host: docker login <your-ip-or-domain>:port Authenticating with existing credentials... WARNING! Your password will be stored unencrypted in /root/snap/docker/2932/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded 2. Tag the Image: After logging in, you need to tag your Docker image with the Harbor registry information. Assuming you have a Docker image myapp:latest, run the following command: docker tag myapp:latest <your-ip-or-domain>/library/myapp:latest 3. Push the Image: Now, push the image to the Harbor registry: docker push <your-ip-or-domain>/library/myapp:latest Verify the Image:
- 6. Once the image is pushed, you can verify its presence by navigating to the Harbor UI and checking the “Projects” section for the library project. Your image should appear there. Step 3: Pulling Images from Harbor To pull the image back from the Harbor registry on another machine or environment, use the following command: docker pull <your-ip-or-domain>/library/myapp:latest This command will fetch the image from your Harbor registry. Example: Pull Images from dockerhub (public) and push to harbor respositry: Go to Dockerhub and find for your application. In my case I am looking for streamsets datacollector. Run the command to pull the image: docker pull streamsets/datacollector:5.12.0 5.12.0: Pulling from streamsets/datacollector 560c024910be: Already exists b3ef1f9e9d22: Pull complete 86c361d92197: Pull complete 409c91c0433d: Pull complete 57bd20a24d30: Pull complete 66604181bad0: Pull complete ad4be3a7f2f4: Pull complete 84c2e79f22af: Pull complete cb6da4f5bcac: Pull complete 071aeae2b1fb: Pull complete 4f4fb700ef54: Pull complete 21d0fb115414: Pull complete 77655f86606b: Pull complete 4978532643ad: Pull complete
- 7. 2675ad810cfd: Pull complete 7d1fdfa98da9: Pull complete Digest: sha256:e9c3d27d1b42fbb4c71778d33fdd8a92019bcd4682448327ea0a5154ba9550fb Status: Downloaded newer image for streamsets/datacollector:5.12.0 docker.io/streamsets/datacollector:5.12.0 You can look for your download image: Now create a tag: docker tag streamsets/datacollector:5.12.0 10.10.63.128:8086/library/streamsets Now push the image on the harbor repository: sudo docker push 10.10.63.128:8086/library/streamsets You can view the image : Additionally I created a private library to store my image: docker tag streamsets/datacollector:5.12.0 10.10.63.128:8086/privatelibrary/streamsets sudo docker push 10.10.63.128:8086/privatelibrary/streamsets Example 2: using Dockerfile, build image and push to repository Create a Dockerfile with below content
- 8. vi Dockerfile FROM streamsets/datacollector:5.12.0 Build an image: docker build -t customstreamsetsimgage:5.12.0 . [+] Building 0.4s (5/5) FINISHED docker:default => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 75B 0.0s => [internal] load metadata for docker.io/streamsets/datacollector:5.12.0 0.0s => [1/1] FROM docker.io/streamsets/datacollector:5.12.0 0.2s => exporting to image 0.0s => => exporting layers 0.0s => => writing image sha256:4393717f4731668e1e2b0246a1ecf486f558dab5365fd3ae53783d3538c29d6b 0.0s => => naming to docker.io/library/customstreamsetsimgage:5.12.0 docker images | grep customs customstreamsetsimgage 5.12.0 4393717f4731 7 weeks ago 1.09GB Create a tag: docker tag customstreamsetsimgage:5.12.0 10.10.63.128:8086/privatelibrary/customstreamsetsimgage Push the image: sudo docker push 10.10.63.128:8086/privatelibrary/customstreamsetsimgage Using default tag: latest The push refers to repository [10.10.63.128:8086/privatelibrary/customstreamsetsimgage] cca06c5e758a: Mounted from privatelibrary/streamsets 5f70bf18a086: Mounted from privatelibrary/streamsets 7e0e3e415aed: Mounted from privatelibrary/streamsets
- 9. 6389bcf40607: Mounted from privatelibrary/streamsets 6c1f716e6ea8: Mounted from privatelibrary/streamsets edbf321af967: Mounted from privatelibrary/streamsets b4dfbcdea1df: Mounted from privatelibrary/streamsets f65288cc38e5: Mounted from privatelibrary/streamsets 48600b1e93d5: Mounted from privatelibrary/streamsets fe32248398e7: Mounted from privatelibrary/streamsets cddf5b255204: Mounted from privatelibrary/streamsets bc28a2a4e910: Mounted from privatelibrary/streamsets 81af0e6ab8ee: Mounted from privatelibrary/streamsets 76d9296073ab: Mounted from privatelibrary/streamsets 8cdab93a842f: Mounted from privatelibrary/streamsets 3ec3ded77c0c: Mounted from privatelibrary/streamsets latest: digest: sha256:1393946fab1786b75c01bb98e84af187cb7c0e5abf5caeb4d7ae14ae53e28de8 size: 3867 Conclusion: Setting up a private Docker registry using Harbor ensures better security and control over your Docker images. With Harbor, you get a rich feature set like image vulnerability scanning, content signing, and role-based access control, making it an excellent choice for enterprises. By following the steps in this guide, you’ve installed Harbor, pushed images, and managed them via the Harbor UI. Now, you’re ready to integrate Harbor into your CI/CD pipeline for seamless container management!