Setting up Harbor locally — and scanning an image

I decided to have a complete system, preferably migrateable, in my pc at home. But everything has to run in a cramped 16G total system so lets see what happens.

Lets run a Harbor to stuff our custom images in. Why, because we are going to run a complete CI/CD system on our cluster (without buying ram,/ maybe).

So the harbor setup details are in this link: https://goharbor.io/docs/1.10/install-config/

We need docker and docker-compose.

Its asking to open up some ports in the firewall, we probably did so before but lets do it again anyway.

NGINX?

Move to /opt/harbor_files (or wherever you want to install), pull and unpack the harbor file.

So now we need the SSL keys. Harbor loves its SSL so we are going to give it SSL, just self signed. Normally you pay for these keys.

Lets modify /etc/pki/tls/openssl.cnf file and add below part with our server ip like below.

Then typing below to generate our self signed cer we get asked a series of questions.

Answers I used

Next we generate the signing request as below and it asks same questions again with 2 extra ones. I left the pw blank

Same answers again

Now we have to generate the cert with a conf file.

In the end, we should have ca.crt, ca.key and a file with our server ip.

Lets put the certificates where docker can see them,

Finally, create a copy of the harbor.yml.tmpl as harbor.yml and modify the following parts. I removed the other fields I didn’t change

We start installation with the below. We will install clair as well for vulnerability scanning.

Access from a link like the one below

https://192.168.56.109/harbor

Lets try to push something to harbor

  • Create a project named local
  • Pull any image locally like with docker pull nginx
  • Tag and push to our repo

We might get something like this:

In this case we open the docker config file in /etc/docker/daemon.json (create if it doesn’t exist) and just stuff the following in it.

{ “insecure-registries” : [“192.168.56.109:443”] }

After this systemctl restart docker to see the config work. We can retry our push op then.

Here it is

Since we also installed clair, we can start a scan with the pushed image

Click SCAN to start
Allright then

Lets test from another vm. We need to add the daemon config again but after we do it works.

Noice

And thats that. Thanks for reading.

Notes: I tried running the yml as a stack in my swarm but some properties like clair and jobservice became a problem.

Just a software everything fighting battles against mostly myself, and gaining small victories lately.