Loading Posts...

Deploying Harbor Registry And See What’s New With v 1.9

Harbor Registry is an open source cloud native registry, which stores and scans container images for security vulnerability, I was deploying Harbor registry as my container repository, so I thought to share this with my followers. Also, Harbor has released it’s latest release, v1.9 and let’s see what are those added features. VMware use Harbor Registry to store, and distribute container images for VMware enterprise PKS.

As I mentioned earlier Harbor has released it’s v 1.9, and it comes with some added features. You can follow the latest releases, and updates in their GitHub Page. Download files are available in release page as online and offline download versions.

Read More: See What’s Inside In Your Kubernetes Cluster With VMware Octant

I deployed Harbor registry in Ubuntu 18.04 Bionic Beaver LTS version. I created a folder called “Harbor” to store all my files, and downloaded the offline installer.

Deploying Harbor Registry : downloaded

I have extracted the downloaded file, and there were few files in the downloaded folder.

Deploying Harbor Registry extracted

Basically, there are two main parameters should be configured before proceed with the Harbor configuration, “System level parameters” and “User level parameters“. Also, supported version of Docker and Docker Compose should be installed.

I installed Docker CE, in this deployment. If you need to see how to install Docker CE on ubuntu, follow my previous article. To install Docker Compose follow the below procedure.

Execute the below command to download the current stable version of Docker Compose.

Change the permissions as below

Deploying Harbor Registry docker compose

Update the “harbor.yml” file to edit the parameters.

Deploying Harbor Registry harbor.yml

Below parameters are required to run Harbor:

  • hostname
  • data_volume
  • harbor_admin_password
  • database
    • password
    • max_idle_conns
    • max_open_conns
  • jobservice
    • max_job_workers
  • log
    • level
    • local
      • rotate_count
      • rotate_size
      • location
    • external_endpoint
      • protocol
      • host
      • port

If you don’t edit this according to your requirement, the default values would be applied.

In my deployment, I have updated only the hostname with my local IP address.

Deploying Harbor Registry edit parameters

After that I started the installation executing the “install.sh” file.

Wait until it completes the installation.

Now access the URL listed at the end, and login to the Harbor registry with the default username and password.

Default Usernmame: admin

Default Password: Harbor12345

You can change this in the “harbor.yml” file before the installation

Projects will be listed, and “library” is created by default

Basic system configuration options are available under “Configuration

Harbor API Explorer can be easily accessible by clicking the button displayed at the bottom.

You’ll be redirecting to a new web interface, where you can access the Harbor API functions

API models can be viewed with the information as below

Events can be viewed at the panel on the right side

Working With Harbor Registry Projects 

A new project can be added by clicking the “NEW PROJECT” button, details such as Project Name, Access Level, Count quota and Storage Quota can be define in this step

Project details such as Summary, Repositories, Members, Labels, Logs, Robot Accounts, Tag Retention, Webhooks and Configuration can be defined after selecting the created project

Docker container image tagging and pushing is explained with a sample commands, just make it easy to understand 

Project logs also can be viewed here, and filter out the date range to easy access

Projects Tags can be added in colors

New Features With Harbor Registry v 1.9 

Tag Retention

There are few added features with v 1.9 release, “Tag Retention” is one of those. You can add 15 tag retention rules per project

Tag retention rules can be configured “For The Repositories”, and “By Image Count or number of days”

Image retention policies have many selections as below

Webhooks Notifications

Webhooks notifications also newly added with this release to integrate with the CI/CD tools 

Project Quotas

Project Quotas can be configured as “Artifact Count” and the “Storage Consumption“, this can be configured under “Configuration

Consumption can be visible for each and every project after setting up the Quota

Registry Services Replications With Major Cloud Providers

Harbor Registry endpoints can be configured with major Cloud providers to replicate the registry

These Cloud Providers are available to configure as the Endpoints

Replication Rules can be configured as “Push-based” and “Pull-based” modes, and also “Automatic” or “Manual” modes

CVE Exception Policies And Syslog Integration 

I need to mention that, I have downloaded the v1.9 these features were not available in my Harbor registry. However, System wide CVE whitelist can be added in this release

Image Courtesy : https://github.com/goharbor/harbor/blob/master/docs/user_guide.md

CVE IDs can be added to ignore during the vulnerability scanning

Image Courtesy : https://github.com/goharbor/harbor/blob/master/docs/user_guide.md

Harbor Registry Self Signing Capability

Anyone can sign up with Harbor Registry, and that feature can be controlled in the configuration. 

Aruna Lakmal

Associate Technical Specialist at Pearson, Sri Lanka. Technology junky, enthusiast, a VMware vExpert and a blogger with more than 7 years of Experience in Information Technology more focusing on VMware Virtualization, Microsoft and Datacenter Technologies.

Get Updates Directly To Your Inbox!

   

Leave a Reply

Loading Posts...