I recently had a need to setup a container registry for a project that I was working on and Harbor was of course my default choice. Although Harbor is pretty easy to setup, I did not want to manually go through the installation each time I needed Harbor and I figured it was time to build my own Harbor Virtual Appliance (OVA), just like I have shown in the past with these reference implementations here and here.
For those interested, you can find the reference implementation for building a Harbor Virtual Appliance at https://github.com/lamw/harbor-appliance
Note: For internal VMware Employees, if you prefer not to build the appliance yourself, drop me an email or DM and I can provide you with the link to the Harbor Appliance OVA.
When deploying the Harbor Appliance, you will find the basic OVF properties that I have encoded including networking, credentials, debugging and advanced settings. Hopefully should be pretty straight forward for anyone who has deployed an OVA before to vSphere.
The Harbor installation and configuration is performed as part of the first boot script and this will take several minutes to complete
To access Harbor UI, open a browser to the FQDN of the Harbor appliance and login with the username admin and the password that you had configured during the OVA deployment.
By default, the Harbor installation generates a self-signed TLS certificate and configures HTTPS access. To be able to connect and push images to the Harbor appliance, you will need to SCP the trusted root certificate which is located on the Harbor appliance at /etc/docker/certs.d/[HARBOR-FQDN]/ca.crt and copy that to a local system and trust the certificate which has a Docker client installed.
For MacOS - Simply open up the Keychain Access and trust the imported root certificate
For PhotonOS - Append the root certificate to its certificate trust store by running the following command:
cat ca.crt >> /etc/pki/tls/certs/ca-bundle.crt
For instructions with other operating systems, you can refer to this blog post.
Once the root certificate is trusted, you will be able to perform docker login [HARBOR-FQDN] using either the admin credential or another account which you have created.
What OS did you build the scripting/automation on? Any other requirements for setting this up?
I use MacOS, so thats what this has been tested on but it should also work on Linux system. You of course will need Arm system to build the appliance