Harbor
Harbor is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud native compute platforms like Kubernetes and Docker.
Prerequisites
- Kubernetes/OpenShift cluster accessible with
kubectl
CLI - Install Helm
yq
CLI installed on your workstation
Supporting Docs
Install Harbor
- Get the Harbor Helm repository:
- Create
harbor
namespace: - OpenShift Only: If installing in OpenShift, add the
privileged
security context constraint todefault
service account in theharbor
namespace: - Install the chart, provide a valid
HARBOR_DOMAIN
:
After a successful deployment and if your ingress strategy is properly configured you should be able to access your Harbor instance at https://core.harbor.example.com
. To login you will find the admin
password by running the following command:
export HARBOR_ADMIN_PASSWORD=$(kubectl get secret -n harbor harbor-core -o yaml | yq .data.HARBOR_ADMIN_PASSWORD | base64 -d)
Optional: Start using Harbor
Login to created registry
E.g. with skopeo
, use admin
as user and ${HARBOR_ADMIN_PASSWORD}
:
To test and push a sample image, you can run:
skopeo copy --tls-verify=false docker://docker.io/busybox:latest docker://core.${HARBOR_DOMAIN}/library/busybox:latest --override-arch amd64 --override-os linux
Create pull secret in K8s/OpenShift
E.g. with docker config file accessible at ~/.config/containers/auth.json
: