Harbor

Introduction

Harbor is an open-source, cloud-native container registry that stores, signs, and scans container content. Originally developed at VMware and now a CNCF graduated project, Harbor extends the Docker Distribution registry with role-based access control, image vulnerability scanning (Trivy), image signing (Cosign / Notation), cross-registry replication, and OIDC integration.

How to Install

Starting via Docker

# download offline or online installer and verify
# configure HTTPS Access to Harbor
https://github.com/goharbor/harbor/releases
https://goharbor.io/docs/2.8.0/install-config/download-installer/

Starting via Kubernetes

# add and update repo
helm repo add harbor https://helm.goharbor.io
helm update

# get charts package
helm pull harbor/harbor --untar
cd harbor

# configure and run
vim values.yaml
expose:
  ingress:
    hosts:
      core: harbor-core.example.com
      notary: harbor-notary.example.com
externalURL: https://harbor.example.com

helm -n provisioning install harbor . --create-namespace

# access and use
# patch harbor ingress resource
kubectl -n provisioning patch ingress harbor-ingress --patch '{"spec":{"ingressClassName": "nginx"}}'

# get password
kubectl -n provisioning get secrets harbor-core -ogo-template='{{.data.HARBOR_ADMIN_PASSWORD|base64decode}}'

# access by https
https://harbor-core.example.com
admin
Harbor12345

Reference:

1. Official Website
2. Repository