-
Notifications
You must be signed in to change notification settings - Fork 17
harbor_feature
The appliance comes with a preinstalled Harbor service and it includes the following features:
- Zero-touch deployment and configuration of:
- service IP address
- internal database password
- Harbor admin user password
- service SSL certificate
- Use of a persistent disk image for storing the registry images (optional)
In this guide you'll learn how to use the contextualization attributes to automate the setup and configuration of your Harbor registries.
The contextualization parameters (CONTEXT section) in the VM template controls the configuration of the service, see the table below
| Parameter | Default | Description |
|---|---|---|
ONEAPP_HARBOR_ADMIN_PASSWORD |
Harbor12345 |
Harbor password for the admin user |
ONEAPP_HARBOR_DB_PASSWORD |
random | Harbor PostgreSQL database password |
ONEAPP_HARBOR_HOSTNAME |
local IP | Harbor hostname/IP exposing the service |
ONEAPP_HARBOR_SSL_CERT |
self-signed | SSL certificate (.crt content) |
ONEAPP_HARBOR_SSL_KEY |
self-signed | SSL private key (.key content) |
ONEAPP_HARBOR_REGISTRY_DEV |
Harbor registry device (sda, vda, etc.) |
The service listens on the address (or, IP resolved name) defined in ONEAPP_HARBOR_HOSTNAME. If no parameter is provided, it tries to use the first routable address of the VM. The ONEAPP_HARBOR_HOSTNAME will be the IP used to contact the Harbor service.
If ONEAPP_HARBOR_SSL_CERT and ONEAPP_HARBOR_SSL_KEY are set, the service will use this certificate for the HTTPS (port 443) service. If not, a self-signed certificate will be generated. In this case, you will have to add the repository (value of ONEAPP_HARBOR_HOSTNAME) to the list of insecure-registries in /etc/docker/daemon.json configuration file.
Note
The service will also listen on port 80 (HTTP), redirecting the traffic to the HTTPS port.
Important
The self-signed certificates are impractical for a production environment! For the serious use, you should get SSL certificates from a trusted certificate authority such as Let’s Encrypt.
Registry data can be configured to use an external disk. You can make this disk persistent to preserve the registry once the harbor instance is terminated.
Simply create an OpenNebula data Image (optionally make it persistent) and add a DISK to the Harbor VM template based on this new image. Now you need to configure the appliance to use this disk by setting the ONEAPP_HARBOR_REGISTRY_DEV to the disk device. The actual device used by the Guest OS will the depend on the bus used:
- The name of the device will be vdX or sdX depending on the bus used, VirtIO or SCSI respectively
- The order of the device (e.g. vda or vdb) will depend if the root disk is using the same bus
You can take a look to the VM information to check which device is used and update the ONEAPP_HARBOR_REGISTRY_DEV attribute as needed.
- OpenNebula Apps Overview
- OS Appliances Update Policy
- OneApps Quick Intro
- Build Instructions
- Linux Contextualization Packages
- Windows Contextualization Packages
- OneKE (OpenNebula Kubernetes Edition)
- Virtual Router
- Overview & Release Notes
- Quick Start
- OpenRC Services
- Virtual Router Modules
- Glossary
- WordPress
- Harbor Container Registry
- MinIO
- Ray AI
- Development