I recently had a need to setup a container registry for a project that I was working on and Harbor was of course my default choice. Although Harbor is pretty easy to setup, I did not want to manually go through the installation each time I needed Harbor and I figured it was time to build my own Harbor Virtual Appliance (OVA), just like I have shown in the past with these reference implementations here and here.
UPDATE (02/03/23) - VMware has productized and is now shipping an official VMware Harbor Virtual Appliance (OVA) as part of the latest Tanzu Kubernetes Grid (2.1) release.
Nice to finally see @project_harbor team release official OVA Appliance w/latest @VMwareTanzu Kubernetes Grid 2.1 release https://t.co/gZIW8SckH9
I still remember team reaching out about productizing what I had built back in 2021 🥳https://t.co/IyquqwZgEK
H/T @vmw_rguske pic.twitter.com/vwWsCtOSBe
— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) February 3, 2023
For those interested, you can find the reference implementation for building a Harbor Virtual Appliance at https://github.com/lamw/harbor-appliance
When deploying the Harbor Appliance, you will find the basic OVF properties that I have encoded including networking, credentials, debugging and advanced settings. Hopefully should be pretty straight forward for anyone who has deployed an OVA before to vSphere.
The Harbor installation and configuration is performed as part of the first boot script and this will take several minutes to complete
To access Harbor UI, open a browser to the FQDN of the Harbor appliance and login with the username admin and the password that you had configured during the OVA deployment.
By default, the Harbor installation generates a self-signed TLS certificate and configures HTTPS access. To be able to connect and push images to the Harbor appliance, you will need to SCP the trusted root certificate which is located on the Harbor appliance at /etc/docker/certs.d/[HARBOR-FQDN]/ca.crt and copy that to a local system and trust the certificate which has a Docker client installed.
For MacOS - Simply open up the Keychain Access and trust the imported root certificate
For PhotonOS - Append the root certificate to its certificate trust store by running the following command:
cat ca.crt >> /etc/pki/tls/certs/ca-bundle.crt
For instructions with other operating systems, you can refer to this blog post.
Once the root certificate is trusted, you will be able to perform docker login [HARBOR-FQDN] using either the admin credential or another account which you have created.
Russell E Hamker III says
What OS did you build the scripting/automation on? Any other requirements for setting this up?
William Lam says
I use MacOS, so thats what this has been tested on but it should also work on Linux system. You of course will need Arm system to build the appliance