Setting up Harbor on EC2 — backed by S3
This is going to be a short one. Recently I worked on a use-case for which I needed to set up an open-source container registry on AWS. I had worked on Harbor so it seemed to be the right choice. However, I didn’t want to pay the high price of EBS volume, so decided to go for S3.
Before I begin, there is a TL;DR down below for those who want a quick setup. For the rest, let’s begin
Step 1: Launching an EC2 instance
Quite obvious from the title, start by launching an instance. t2.small worked fine for me as a starting point. I went with the Amazon Linux 2 AMI shown below.
Kept the storage configurations as default as we will mainly be dependent on S3 for that.
Step 2: Installing dependencies
Before starting with Harbor installation, we need to install a few dependencies like wget, tar, docker and docker-compose. For Amazon Linux 2, just follow the following script.
sudo yum update -y
sudo yum -y install wget tarsudo yum install -y docker
sudo service docker start
sudo usermod -a -G docker ec2-usersudo curl -L “https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)” -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
Now, let’s move onto Harbor
Step 3: Download Harbor installer
You can choose your preferred version for this, I just went with v1.5.2 and to download that, run
curl -LO https://storage.googleapis.com/harbor-releases/harbor-online-installer-v1.5.2.tgztar -xvf harbor-online-installer-v1.5.2.tgzcd harbor
Step 4: Configure
We would mainly configure 3 parameters here: hostname, storage and ssl-certs.
Hostname
This is a property set inside the harbor.cfg file which implies the public address from which Harbor will be accessed. You can put an ELB, Route53 Record Set or just the EC2 instance’s Public IP. The default value of hostname in harbor.cfg would look something like this
hostname = reg.mydomain.comAnd to update it with EC2 instance’s public IP, just run the following command
commonName=`dig +short myip.opendns.com @resolver1.opendns.com`domainReplace=”sed -i s/reg\.mydomain\.com/$commonName/g harbor.cfg”eval $domainReplace
Storage
For setting s3 as the backend storage, we will update the registry config stored at common/templates/registry/config.yml. Just add the following entry in this file
storage:
s3:
region: us-east-1
bucket: harbor-storage-bucket
accesskey: **************
secretkey: **************Fill in the values according to your account.
SSL Certs (Optional)
You can set up harbor with http as the protocol as well. But if you wish to use https, update harbor.cfg and set the value of ui_url_protocol to https. Next, give the path to SSL certificate and private key in the same file. Their default entry looks like
ssl_cert = /data/cert/server.crt
ssl_cert_key = /data/cert/server.keyTo generate the certs using openssl, you can use the following script
mkdir certs
cd certsdomain=”harbor”
commonName=___ <--- SAME VALUES AS HOSTNAME IN harbor.cfg
password=”admin123"
country=”IN”
state=”Delhi”
locality=”New Delhi”
organization=”Example Org”
organizationalunit=”Example Unit”
emailAddress=”temp@example.com”openssl req -new -passout pass:”$password” -subj “/C=$country/ST=$state/L=$locality/O=$organization/OU=$organizationalunit/CN=$commonName/emailAddress=$emailAddress” -out $domain.csr -sha512 -newkey rsa:2048mv privkey.pem $domain.pemopenssl x509 -req -days 365 -in $domain.csr -passin pass:$password -signkey $domain.pem -out $domain.crt
Step 5: Install
We are all set now. Just move to harbor directory and run
./install.shUpon running the command, the installer will check the dependencies, prepare configurations, pull the harbor image and spin up the docker-compose. Once everything is successful, you will get a message like
✔ — — Harbor has been installed and started successfully. — — Now you should be able to visit the admin portal at http://172.17.0.45.
For more details, please visit https://github.com/vmware/harbor .
Use this endpoint to access Harbor UI and login with default credentials i.e.
Usename: admin
Password: Harbor12345
Et voila! You have your opensource container registry in place.
TL;DR
Now for those in a hurry, I have created a CloudFormation script which spins up a single instance of Harbor backed by S3 bucket. For accessing the bucket, a user named Harbor is also created. You can access this CloudFormation here.
The hostname/public IP can be viewed in the output of the CloudFormation stack and http protocol will be used to access it. Just make sure you have at least one key-pair in your account which you can select as a parameter while deploying the stack.
Harbor installation might take some time even after CloudFormation has shown CREATE_COMPLETE. So wait for the instance Status Check to change from Initializing to 2/2 checks passed.
