vSphere Integrated Containers Part 3 – Deploy VCH with Harbor (Registry)

In the previous post we deployed VCH without Harbor as the registry. Harbor is a enterprise-class registry container server in which you can push and pull images. Think of Harbor as a Docker distribution but with additional functionality that may be required for certain environments including:

  • Role Based Access Control (RBAC)
  • AD/LDAP authentication
  • Policy based image replication
  • GUI, Auditing
  • RESTful API

To learn more about these features, and Harbor in general, click here. There are a couple of ways to deploy registry, manually or via an OVA. I will be deploying via OVA. You can download Harbor at the bottom of Part 1 – Getting Started. The process is similar to the previous post on deploying VCH so I will skip the prerequisites and dive right into the deployment. The only thing to note is that you will need to configure the VCH with a static IP address; as well as available compute and storage resources. The appliance uses 2 vCPUs, 4GB of memory, and 60-80GB of disk space.

Harbor Deployment

Step 1. Log into the vSphere web Client and deploy the Harbor OVA. I took defaults for most of the deployment except I allowed root login. They hide the networking settings at the bottom, leave them blank for DHCP, or configure a static IP. The deployment of the VM is quick, but it has to run an initialization script during startup which takes about 5-7 minutes.

Step 2. Open a browser and navigate to the IP or FQDN of the Harbor appliance. Login with the Admin Account and click on Admin -> About. Download the root Certificate.

Step 3. Deploy VCH and add the –registry-ca parameter.

./vic-machine-darwin create -t vcsa1.corp.local -u "administrator@vsphere.local" -p PASSWORD -n harbor -r mgmt-edge-compute -i drobo1 -b vic-bridge --bnr -cln vic-all --dns-server -pn vic-all -mn vic-all -cn vic-all --public-network-ip --public-network-gateway --registry-ca ./HarborCert/ca.crt --no-tlsverify -f 


Creating Projects, Users, and storing images

Harbor is now configured! Let’s create a user, add them to a project, and push an image to the project.
Log back into the harbor page and click on admin -> Add User. Provide a username, email, and password.


Click on Projects, New Project, and provide a name. If you want to allow read permissions to all repositories without login, click the Public checkbox.

To add the user to the new project, click the project, then select users -> add member. Click Save.

Unfortunately user docker via a VCH host won’t allow you to push anything to the registry at this time; instead I deployed a PhotonOS VM and used Docker on that localOS to run the next few commands. Login to the registry

root@photon-machine [ ~ ]# docker login harbor.corp.local
Username (admin): sean
Login Succeeded

Tag the image, and then push it to the registry. I chose to just hello-world which was pulled from the docker distro.

root@photon-machine [ ~ ]# docker tag hello-world harbor.corp.local/harborproject1/hello-world
root@photon-machine [ ~ ]# docker push harbor.corp.local/harborproject1/hello-world
The push refers to a repository [harbor.corp.local/harborproject1/hello-world]
98c944e98de8: Pushed
latest: digest: sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7 size: 524

Finally, check the registry GUI to ensure the image has been pushed to the project.


Posted by:

Sean Whitney

Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top