Portainer VS Harbor

Portainer - Makes managing my homelab, gateway and (Pi0) DNS server extremely easy and fun. Traefik - Great companion for the above. For those who don't know for some reason - a simple, yet extremely powerful reverse proxy. Docker - Should be obvious, but I would feel bad if I didn't give it a shoutout. If you haven't heard of it - go and learn, please, it'll make your life beautiful.

Portainer - Web UI for managing Docker Containers

> Why there are needs to use docker GUIs?

Because to some people using GUIs are more approachable and in some case objectively better (e.g. telling the state of things at a glance and efficiently using screen real estate, with graphs and whatnot), whereas the ways they're worse in might not dealbreakers (e.g. lack of automation, given that there can still be APIs or access to the underlying cluster anyways).

For an example of this, see pieces of software that one can use to manage orchestrators:

- Portainer: https://www.portainer.io/

- Rancher: https://www.rancher.com/products/rancher

Some orchestrators even include dashboards on their own:

- Kubernetes dashboard: https://kubernetes.io/docs/tasks/access-application-cluster/...

- Nomad web UI: https://developer.hashicorp.com/nomad/tutorials/web-ui

And some of that applies to running regular containers and managing them locally: for many it can be useful to be able to just click around to discover more details about a container, as well as what's using storage and so on. Thankfully the CLIs of Docker and competing runtimes are pretty well structured as they are, but I guess it's just a different type of UX.

At the end of the day, what works for you, or even what you find comfortable to use, might not be the case for someone else and vice versa. It's definitely nice to have that choice in the first place, and to know the various options out there.

- Portainer

Breaking it down a bit more: - 'handle_path /docker/' means to handle on calls to http://example.tailnet-def456.ts.net/docker/ - 'reverse_proxy / portainer:9000' means to reverse proxy those calls to "portainer" (that's the container name on the docker network) on port 9000. That's where I have hosted my docker manager (https://www.portainer.io/)

From purely an administration standpoint, I'd recommend Cockpit. For Docker, I'd also recommend Portainer. Maybe for Minecraft, try out Pterodactyl - I personally haven't used it myself but I've heard good things about it.

Portainer - Web UI for managing Docker Containers

Does it HAVE to be those types of packages, have you thought of using containers instead and thus open the options for more types of storage like https://goharbor.io/ ?

For my Container Registry and Helm Chart Registry I use Harbor. When paired with Keel, I can automatically update apps after I push them. I have not checked out ArgoCD yet.

Harbor Source Code Repository

Harbor

harbor works well for these use cases but good luck trying to host it with docker. Harbor is easy to set up using Helm/kubernetes, but not docker.

# This script will install Harbor server # # User Inputs > #================================================== > export my_hostname= export my_fqdn= export my_ip= #================================================== echo "Make sure your VM is configured with proper hostname, static IP address and its entry is mentioned in your DNS server" read -n 1 -r -s -p $'Press enter to continue... else Control + c to stop \n' die() { local message=$1 echo "$message" >&2 exit 1 } # precheck echo "Doing precheck " ping $my_hostname -c 2 || die 'command failed' ping $my_ip -c 2 || die 'command failed' nslookup $my_fqdn || die 'command failed' nslookup $my_fqdn | grep $my_ip || die 'command failed' echo "==== Doing precheck ====" || die 'command failed' ping $my_hostname -c 2 || die 'command failed' nslookup $my_fqdn || die 'command failed' nslookup $my_fqdn | grep $my_ip || die 'command failed' echo "1. Enable ssh on the vm" || die 'command failed' apt-get update || die 'command failed' apt install openssh-server || die 'command failed' echo "2. Verify ssh service is up and running" || die 'command failed' systemctl status ssh || die 'command failed' echo "3. Update the apt package index" || die 'command failed' apt-get update || die 'command failed' echo "4. Install packages to allow apt to use a repository over HTTPS" || die 'command failed' apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common -y || die 'command failed' echo "5. Add Docker's official GPG key" || die 'command failed' curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - || die 'command failed' sudo apt-key fingerprint 0EBFCD88 || die 'command failed' echo "6. Setup a stable repository" || die 'command failed' echo -ne '\n' | add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" || die 'command failed' echo "7. Install docker-ce" || die 'command failed' apt-get update || die 'command failed' apt-get install docker-ce docker-ce-cli containerd.io -y || die 'command failed' echo "8. Install current stable release of Docker Compose" || die 'command failed' curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose || die 'command failed' echo "9. Apply executable permissions to the binary" || die 'command failed' chmod +x /usr/local/bin/docker-compose || die 'command failed' echo "10. Verify installation" || die 'command failed' docker-compose --version || die 'command failed' echo "11. Download the Harbor installer" || die 'command failed' curl -L https://github.com/goharbor/harbor/releases/download/v2.4.3/harbor-offline-installer-v2.4.3.tgz -o /root/harbor-offline-installer-v2.4.3.tgz || die 'command failed' echo "12. Extract the Harbor installer" || die 'command failed' tar -xvzf /root/harbor-offline-installer-v2.4.3.tgz || die 'command failed' echo "13. Generate a CA certificate private key" || die 'command failed' openssl genrsa -out ca.key 4096 || die 'command failed' echo "14. Generate the CA certificate" || die 'command failed' openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=US/ST=CA/L=Palo Alto/O=HomeLab/OU=Solution Engineering/CN=$my_fqdn" -key ca.key -out ca.crt || die 'command failed' echo "15. Generate a private key" || die 'command failed' openssl genrsa -out $my_fqdn.key 4096 || die 'command failed' echo "16. Generate a certificate signing request" || die 'command failed' openssl req -sha512 -new -subj "/C=US/ST=CA/L=Palo Alto/O=HomeLab/OU=Solution Engineering/CN=$my_fqdn" -key $my_fqdn.key -out $my_fqdn.csr || die 'command failed' echo "17. Generate an x509 v3 extension file" || die 'command failed' cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=$my_fqdn DNS.2=$my_hostname IP.1=$my_ip EOF echo "18. Use the v3.ext file to generate a certificate for the Harbor host" || die 'command failed' openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in $my_fqdn.csr -out $my_fqdn.crt || die 'command failed' echo "19. Provide the certificates to harbor and docker" || die 'command failed' sudo mkdir -p /data/cert || die 'command failed' sudo mkdir -p /etc/docker/certs.d/$my_fqdn/ || die 'command failed' sudo cp ~/$my_fqdn.crt /data/cert/$my_fqdn.crt || die 'command failed' sudo cp ~/$my_fqdn.crt /etc/docker/certs.d/$my_fqdn/$my_fqdn.crt || die 'command failed' sudo cp ~/ca.crt /etc/docker/certs.d/$my_fqdn/ca.crt || die 'command failed' sudo openssl x509 -inform PEM -in ~/$my_fqdn.crt -out /etc/docker/certs.d/$my_fqdn/$my_fqdn.cert || die 'command failed' sudo cp ~/$my_fqdn.key /data/cert/$my_fqdn.key || die 'command failed' sudo cp ~/$my_fqdn.key /etc/docker/certs.d/$my_fqdn/$my_fqdn.key || die 'command failed' sudo systemctl restart docker || die 'command failed' echo "20. Copy and update certificate on Harbor VM" || die 'command failed' cp $my_fqdn.crt /usr/local/share/ca-certificates/update-ca-certificates || die 'command failed' echo "21. Configure the Harbor YML file manually" || die 'command failed' cp /root/harbor/harbor.yml.tmpl /root/harbor/harbor.yml || die 'command failed' ##### update the yml file manually #echo "Update the yml file manually /root/harbor/harbor.yml and execute below command" || die 'command failed' #echo "/root/harbor/install.sh --with-notary --with-chartmuseum || die 'command failed'" cp /root/harbor/harbor.yml.tmpl /root/harbor/harbor.yml || die 'command failed' cat /root/harbor/harbor.yml | sed -e "s/hostname: reg.mydomain.com/hostname: $my_fqdn/" > /tmp/1 || die 'command failed' cat /tmp/1 | sed -e "s/certificate: \/your\/certificate\/path/certificate: \/root\/$my_fqdn.crt/" > /tmp/2 || die 'command failed' cat /tmp/2 | sed -e "s/private_key: \/your\/private\/key\/path/private_key : \/root\/$my_fqdn.key/" > /tmp/3 || die 'command failed' cp /tmp/3 /root/harbor/harbor.yml || die 'command failed' echo "22. Install with Notary, Clair and Chart Repository Service" || die 'command failed' /root/harbor/install.sh --with-notary --with-chartmuseum || die 'command failed'

We use it a lot. We also had a lot of issues with an official registry. Now we use https://goharbor.io/

💡 Examples of ROADMAP.md files: PaperBadger, Harbor

Harbor is the solution if you want to self-host a container registry for Docker images. It was developed initially inside of VMware but has since been adopted by CNCF. Today, it lives as an open-source tool, aiming to give users as many features as possible while still being free. In this tutorial, you’ll be shown how to get it up and running inside of Kubernetes.

I have previously been using docker for most of my apps and have been pushing them to a Harbor registry. What I want to do now is set up a pipeline so that when I push a new image to the repository, the webhook Harbor sends will redeploy my application.