hub-feedback VS Harbor

Go to Docker Hub, sign up, and log in to your account's overview page.

Login to Docker [Create an account with https://hub.docker.com/]

Docker Hub

Dockerhub account

There are a lot of docker-compatible registries almost every cloud provider has its registry but for this article, we will use the docker registry called docker hub. Go to the website create a new account and sign in then you can push or pull images.

You can find ready-made images for many popular tools on Docker Hub or create your own custom images.

Docker itself intended to build the answer here, it was the deployment platform of the future and was going to be the heart of their business model. It was called “docker swarm” and unfortunately by the time it arrived there was a fragmented market of already-adopted solutions. Docker as a package format was a runaway winner, and Docker Hub (which became the foundation for the current Docker, Inc. business) was widely used. But the fragmented runtime market left room for a new entrant: (drumroll please…) enter Kubernetes. It was a “community-driven open source project” that was in fact funded and well-staffed by Google engineers, and rose quickly on the claim of being an open-source implementation of Google’s storied internal cluster management system called “borg.”

Dockerhub Account

Check your artifacts on Docker Hub, and you should see your newly created Helm chart. If you click on the chart, you’ll see more info about the chart and its versions.

Now that you know a little more about Cosign, Notary, and DCT, we will take it one step further by using one of these tools: Cosign. For this example, we will use the simple Docker registry:2 reference image to run a simple registry. In a real-world scenario, a managed registry such as Harbor, Amazon ECR, Docker Hub, etc.

Does anybody know whether there could be something like an open/libre container registry?

Maybe the cloud native foundation or the linux foundation could provide something like this to prevent vendor lock-ins?

I was coincidentially trying out harbor again over the last days, and it seems nice as a managed or self-hosted alternative. [1] after some discussions we probably gonna go with that, because we want to prevent another potential lock-in with sonarpoint's nexus.

Does anybody have similar migration plans?

[1] https://goharbor.io

2) Harbor instance registry

Does it HAVE to be those types of packages, have you thought of using containers instead and thus open the options for more types of storage like https://goharbor.io/ ?

For my Container Registry and Helm Chart Registry I use Harbor. When paired with Keel, I can automatically update apps after I push them. I have not checked out ArgoCD yet.

Harbor Source Code Repository

Harbor

harbor works well for these use cases but good luck trying to host it with docker. Harbor is easy to set up using Helm/kubernetes, but not docker.

# This script will install Harbor server # # User Inputs > #================================================== > export my_hostname= export my_fqdn= export my_ip= #================================================== echo "Make sure your VM is configured with proper hostname, static IP address and its entry is mentioned in your DNS server" read -n 1 -r -s -p $'Press enter to continue... else Control + c to stop \n' die() { local message=$1 echo "$message" >&2 exit 1 } # precheck echo "Doing precheck " ping $my_hostname -c 2 || die 'command failed' ping $my_ip -c 2 || die 'command failed' nslookup $my_fqdn || die 'command failed' nslookup $my_fqdn | grep $my_ip || die 'command failed' echo "==== Doing precheck ====" || die 'command failed' ping $my_hostname -c 2 || die 'command failed' nslookup $my_fqdn || die 'command failed' nslookup $my_fqdn | grep $my_ip || die 'command failed' echo "1. Enable ssh on the vm" || die 'command failed' apt-get update || die 'command failed' apt install openssh-server || die 'command failed' echo "2. Verify ssh service is up and running" || die 'command failed' systemctl status ssh || die 'command failed' echo "3. Update the apt package index" || die 'command failed' apt-get update || die 'command failed' echo "4. Install packages to allow apt to use a repository over HTTPS" || die 'command failed' apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y || die 'command failed' echo "5. Add Docker's official GPG key" || die 'command failed' curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - || die 'command failed' sudo apt-key fingerprint 0EBFCD88 || die 'command failed' echo "6. Setup a stable repository" || die 'command failed' echo -ne '\n' | add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" || die 'command failed' echo "7. Install docker-ce" || die 'command failed' apt-get update || die 'command failed' apt-get install docker-ce docker-ce-cli containerd.io -y || die 'command failed' echo "8. Install current stable release of Docker Compose" || die 'command failed' curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose || die 'command failed' echo "9. Apply executable permissions to the binary" || die 'command failed' chmod +x /usr/local/bin/docker-compose || die 'command failed' echo "10. Verify installation" || die 'command failed' docker-compose --version || die 'command failed' echo "11. Download the Harbor installer" || die 'command failed' curl -L https://github.com/goharbor/harbor/releases/download/v2.4.3/harbor-offline-installer-v2.4.3.tgz -o /root/harbor-offline-installer-v2.4.3.tgz || die 'command failed' echo "12. Extract the Harbor installer" || die 'command failed' tar -xvzf /root/harbor-offline-installer-v2.4.3.tgz || die 'command failed' echo "13. Generate a CA certificate private key" || die 'command failed' openssl genrsa -out ca.key 4096 || die 'command failed' echo "14. Generate the CA certificate" || die 'command failed' openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=US/ST=CA/L=Palo Alto/O=HomeLab/OU=Solution Engineering/CN=$my_fqdn" -key ca.key -out ca.crt || die 'command failed' echo "15. Generate a private key" || die 'command failed' openssl genrsa -out $my_fqdn.key 4096 || die 'command failed' echo "16. Generate a certificate signing request" || die 'command failed' openssl req -sha512 -new -subj "/C=US/ST=CA/L=Palo Alto/O=HomeLab/OU=Solution Engineering/CN=$my_fqdn" -key $my_fqdn.key -out $my_fqdn.csr || die 'command failed' echo "17. Generate an x509 v3 extension file" || die 'command failed' cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=$my_fqdn DNS.2=$my_hostname IP.1=$my_ip EOF echo "18. Use the v3.ext file to generate a certificate for the Harbor host" || die 'command failed' openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in $my_fqdn.csr -out $my_fqdn.crt || die 'command failed' echo "19. Provide the certificates to harbor and docker" || die 'command failed' sudo mkdir -p /data/cert || die 'command failed' sudo mkdir -p /etc/docker/certs.d/$my_fqdn/ || die 'command failed' sudo cp ~/$my_fqdn.crt /data/cert/$my_fqdn.crt || die 'command failed' sudo cp ~/$my_fqdn.crt /etc/docker/certs.d/$my_fqdn/$my_fqdn.crt || die 'command failed' sudo cp ~/ca.crt /etc/docker/certs.d/$my_fqdn/ca.crt || die 'command failed' sudo openssl x509 -inform PEM -in ~/$my_fqdn.crt -out /etc/docker/certs.d/$my_fqdn/$my_fqdn.cert || die 'command failed' sudo cp ~/$my_fqdn.key /data/cert/$my_fqdn.key || die 'command failed' sudo cp ~/$my_fqdn.key /etc/docker/certs.d/$my_fqdn/$my_fqdn.key || die 'command failed' sudo systemctl restart docker || die 'command failed' echo "20. Copy and update certificate on Harbor VM" || die 'command failed' cp $my_fqdn.crt /usr/local/share/ca-certificates/update-ca-certificates || die 'command failed' echo "21. Configure the Harbor YML file manually" || die 'command failed' cp /root/harbor/harbor.yml.tmpl /root/harbor/harbor.yml || die 'command failed' ##### update the yml file manually #echo "Update the yml file manually /root/harbor/harbor.yml and execute below command" || die 'command failed' #echo "/root/harbor/install.sh --with-notary --with-chartmuseum || die 'command failed'" cp /root/harbor/harbor.yml.tmpl /root/harbor/harbor.yml || die 'command failed' cat /root/harbor/harbor.yml | sed -e "s/hostname: reg.mydomain.com/hostname: $my_fqdn/" > /tmp/1 || die 'command failed' cat /tmp/1 | sed -e "s/certificate: \/your\/certificate\/path/certificate: \/root\/$my_fqdn.crt/" > /tmp/2 || die 'command failed' cat /tmp/2 | sed -e "s/private_key: \/your\/private\/key\/path/private_key : \/root\/$my_fqdn.key/" > /tmp/3 || die 'command failed' cp /tmp/3 /root/harbor/harbor.yml || die 'command failed' echo "22. Install with Notary, Clair and Chart Repository Service" || die 'command failed' /root/harbor/install.sh --with-notary --with-chartmuseum || die 'command failed'