Concerned your API keys and other secrets are out in the open?
Free, no obligation API Leaks Assessment
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
DevSecOps

What is Harbor? Registry for Kubernetes and Docker

What is Harbor? Registry for Kubernetes and Docker

By any standard, the idea of self-hosting is not revolutionary, but it surely gives you a lot of freedom and flexibility. IT administrators and programmers have been researching ways to self-host their products for a long period. Because cloud service providers had not really begun to obtain fame, self-hosting was essentially the sole workable approach. 

Many people continue to wonder if they should self-host despite the recent surge in the prominence of web companies. In case you are willing to host your own harbor container registry for the Docker hub, leveraging Harbor as a solution would be the best strategy. The CNCF has already embraced it after it was first created within VMware. 

Everything continues to exist as an open-source application nowadays, attempting to provide clients with the most functionality whilst yet being cost-free. However, in this article, you'll get to know what Harbor is, why it's used, its features, the installation process, and more. So, let's get started.

Learning Objectives

What Is Harbor?

There is a top-notch technique for maintaining and retaining docker containers called Harbor. VMware created Harbor, a prominent virtual machine manufacturer, and later passed it to the CNCF, considered the world's largest open-source project.

The Harbor project, in exchange, developed from the harbor docker programming language. Developers and volunteers worked to improve the latter and eliminate security threats. 

Both initiatives included the labor of several programmers from all across the globe. This could have caused the program to be inconsistent in some way. At Harbor Container Registry, everyone has been striving to make their products safer than in previous iterations.

Harbor was created in a cloud. Furthermore, it may check the images’ detail for security vulnerabilities in addition to storing them. Harbor further allows programmers to verify the photos they upload to the registry by using their own keys, demonstrating the legitimacy of the container-images.

Why Use Harbor?

You might still be perplexed as to why you might choose Harbor over another solution. Nevertheless, there are a lot of factors that make it superior to other programs.

Your desire for more registry control and the opportunity to customize it exactly as you choose is the most likely explanation. Although several providers provide many settings, you are frequently forced to choose the supplier's available deployment method. When using a self-hosted platform, you have control over how objects are implemented.

Additionally, Harbor has a number of unique characteristics that you won't get elsewhere. However, having distinct registrations for development, Quality assurance, and production is usual. Harbor enables this, but it also makes it simple to handle them interdependently. You may even start promoting images through the multiple management stages with its flexibility to synchronize images across sources. 

Installation process

Hosting your Harbor Kubernetes server on AWS or GCP is normal in commercial scenarios, but it is too complex for training. Minikube, a product designed to launch Kubernetes clusters privately, will be used in this situation. Use the commands below to launch a brand-new network after installing minikube:

$ minikube start --vm-driver virtualbox

Even though it will require more time after the command is finished, you will get a functioning Technology stack. You should now execute the following command to activate the entrance add-on so that you can connect your Harbor configuration:

$ minikube addons enable ingress

You ought to have a minikube set up at this point. The Helm template for Harbor will then be installed, but not until you incorporate the source to Helm:

$ helm repo add harbor https://helm.goharbor.io

You may deploy the Helm chart when the source has been created by performing the following:

$ helm install my-release harbor/harbor

You'll have to pause until all of the pods are operating at this stage. Run the command kubectl get pods to verify this. On the other hand, you could observe that a few of them are malfunctioning, which is inevitable given their interdependence. It is expected that you will have to wait for them for approx 15 to 20 minutes. On the other hand, you need to run minikube ip once they have obtained the IP address for the minikube cluster.

You must now modify your /etc/hosts document using this IP. The default URL is https://core.harbor.domain, but you have to be certain that when you put it into your browser's address bar, it links with your cluster. However, enter the next two lines into the /etc/hosts document to do this:

<ip-of-minikube>	core.harbor.domain
<ip-of-minikube>	notary.harbor.domain

This is how you would be capable of visiting  https://core.harbor.domain, and getting into it using the default password and username.  

username: admin

password: Harbor12345

Setting up the Docker Client

You could now consider using a Harbor deployment that is currently operational. That does not imply that you are prepared to utilize it solely as a register. To prevent the registry from becoming inaccessible, you should still configure the Harbor credentials on your System.

The Docker server must first be established to utilize the minikube version. You may try this assuming you are using Linux or OS X:

The environmental parameters of your computer will then be set up to reference the minikube Docker server. The certificates are the subsequent thing you need out of Kubernetes Secret files:


kubectl -n harbor get secrets harbor-ingress -o jsonpath="{.data['ca\.crt']}" | base64 -D > harbor-ca.crt

[N.B: It uses base64 -D, on the other hand, base64 -d would be utilized on Linux.]

You now own a harbor-ca.crt data file, including the certificate. Therefore, you must initially copy the credentials into the minikube VM in order to have it deployed in the Docker server:

$ scp -o IdentitiesOnly=yes -i $(minikube ssh-key) harbor-ca.crt docker@$(minikube ip):./harbor-ca.crt

After the certificate has been transferred, you may install it via minikube VM and doing so as follows:

$ minikube ssh
$ sudo mkdir -p /etc/docker/certs.d/core.harbor.domain
$ sudo cp harbor-ca.crt /etc/docker/certs.d/core.harbor.domain

To return to your regular terminal, you have to run the exit. Now that the credentials are set up, you can log in and push an docker image to make sure everything is functioning as it should:

$ docker login core.harbor.domain --username=admin --password Harbor12345

# Fetch the image stored in the Docker Hub
$ docker pull nginx

# As the image is not ready for pushing, tag it and proceed
$ docker tag nginx core.harbor.domain/library/nginx:latest

# Complete pushing the image to registry
$ docker push core.harbor.domain/library/nginx:latest

Top 4 Features to Consider

Consolidated UAA Authorization: Harbor, VMware Tanzu Application Service for VMs (TAS for VMs), and TKGI may share UAA authentication.

Interoperability for LDAP/Active Directory (AD): For identity management and administration, Harbor connects with business LDAP/AD systems.

RESTful API: Simple to link with external networks, RESTful APIs are present for most administrative responsibilities.

Recreate projects: Project replication is supported in Harbor, allowing sources to be replicated from one Harbor account to the next.

The Final Word

If you've made it this far, Harbor is now installed and operational, and you can start utilizing it as your own exclusive personal registry. This gives you ultimate control over how your registry should be used and how it is implemented. Additionally, you gain access to all of the capabilities of this open-source program, including detecting attacks and container image duplication.

Subscribe for the latest news