Why Harbor?
- container proxy cache (fewer errors from DockerHub)
- store container images
- scan container images
- sign container images
- store helm charts
- distribute containers and charts
- RBAC, quotas, push rules, intuitive UI, full API
- potentially not allow connections to Internet for containers and charts
Use these instructions if you want to demo Harbor from a Helm chart on OSX using minikube.
The minikube this was tested on uses hyperkit as the VM minikube start --driver=hyperkit
minkube addons:
- ingress
- add the helm chart
helm repo add harbor https://helm.goharbor.io - a values.yaml file was pulled from the Harbor Git repo which can be used as a good base. There were a few edits to the values.yaml mainly disabling notary.
- install the chart
helm install harbor harbor/harbor -f values.yaml - watch the action...
helm status harbororkubectl get pods -w - create /etc/hosts entry for harbor.
192.168.64.2 core.harbor.domain - once the harbor pods are running, you are able to log in using
adminandHarbor12345using you favorite browser. - explore the UI, you're admin so you have complete control.
- Now that you're logged in, download the
ca.crtfrom harbor by selecting projects-->library-->Registry Certificate. This will download a ca.crt file which you will add to your system certs keychain. - configure Automatically scan images on push by choosing the Configuration tab and toggle the checkbox.
- restart docker
- find some Dockerfile and built it fresh (you can also use an existing built docker image from your local repo).
docker build -t footest . - tag the image
docker tag footest:latest core.harbor.domain/library/footest:latest - log in to harbor
docker login core.harbor.domain/libraryuse admin as the user and Harbor12345 as the password - push the image `docker push core.harbor.domain/library/footest:latest
- view the image in harbor. Select the Respositories tab and you should see an entry for image you just uploaded library/footest. Click on that link.
- This will take you into the Artifacts for that tag where you will see a SHA256 link of the image you just uploaded. Click on that.
- there is Vulnerabilities and a Build History tab. Explore them. Depending on what you pushed, you could see a bunch of issues or, perhaps it's clean.
- log in to Harbor repository
docker login core.harbor.domain/foo - pull the image as usual
docker pull core.harbor.domain/dockerhub_cache_proxy/library/alpine:2.6Subsequent image pulls will come from cache