I recently had a need to setup a container registry for a project that I was working on and Harbor was of course my default choice. Although Harbor is pretty easy to setup, I did not want to manually go through the installation each time I needed Harbor and I figured it was time to build my own Harbor Virtual Appliance (OVA), just like I have shown in the past with these reference implementations here and here.
UPDATE (02/03/23) - VMware has productized and is now shipping an official VMware Harbor Virtual Appliance (OVA) as part of the latest Tanzu Kubernetes Grid (2.1) release.
I still remember team reaching out about productizing what I had built back in 2021 🥳https://t.co/IyquqwZgEK
— William Lam (@*protected email*) (@lamw) February 3, 2023
For those interested, you can find the reference implementation for building a Harbor Virtual Appliance at https://github.com/lamw/harbor-appliance
When deploying the Harbor Appliance, you will find the basic OVF properties that I have encoded including networking, credentials, debugging and advanced settings. Hopefully should be pretty straight forward for anyone who has deployed an OVA before to vSphere.
The Harbor installation and configuration is performed as part of the first boot script and this will take several minutes to complete
By default, the Harbor installation generates a self-signed TLS certificate and configures HTTPS access. To be able to connect and push images to the Harbor appliance, you will need to SCP the trusted root certificate which is located on the Harbor appliance at /etc/docker/certs.d/[HARBOR-FQDN]/ca.crt and copy that to a local system and trust the certificate which has a Docker client installed.
For MacOS - Simply open up the Keychain Access and trust the imported root certificate
For PhotonOS - Append the root certificate to its certificate trust store by running the following command:
cat ca.crt >> /etc/pki/tls/certs/ca-bundle.crt
For instructions with other operating systems, you can refer to this blog post.
Once the root certificate is trusted, you will be able to perform docker login [HARBOR-FQDN] using either the admin credential or another account which you have created.