Skip to content
Klutch.sh Docs

Deploying Harbor

Introduction

Harbor is an open-source, enterprise-grade container registry that stores, signs, and scans container images for vulnerabilities. As a CNCF graduated project, Harbor provides the security, identity management, and content management features that enterprises need for managing container images in production environments.

Harbor extends the Docker Distribution project with features like security scanning, content signing and validation, role-based access control, image replication, and a comprehensive API. It integrates with external identity providers and supports multi-tenant configurations for organizations managing multiple teams or projects.

Key highlights of Harbor:

  • Security Scanning: Integrated vulnerability scanning with Trivy or Clair
  • Content Trust: Sign and verify images with Notary integration
  • Role-Based Access Control: Fine-grained permissions for users and teams
  • Image Replication: Replicate images between Harbor instances or external registries
  • Garbage Collection: Automatic cleanup of unused image layers
  • Audit Logging: Track all operations for compliance and debugging
  • LDAP/AD Integration: Connect to enterprise identity providers
  • Webhook Support: Trigger actions on image push, scan completion, and more

This guide walks through deploying Harbor on Klutch.sh using Docker, configuring the registry, and setting up secure image management.

Prerequisites

Before deploying Harbor on Klutch.sh, ensure you have:

  • A Klutch.sh account
  • A GitHub account with a repository for your Harbor configuration
  • Basic familiarity with Docker and container registries
  • A PostgreSQL database (can be deployed separately on Klutch.sh)
  • A Redis instance for caching (can be deployed separately)
  • (Optional) A custom domain for your registry

Preparing Your Repository

Create a GitHub repository with the following structure:

harbor-deploy/
├── Dockerfile
├── harbor.yml
├── .dockerignore
└── README.md

Creating the Dockerfile

Harbor is typically deployed using its installer, but for Klutch.sh, use the Bitnami Harbor image:

FROM bitnami/harbor-core:2


# Environment variables
ENV HARBOR_ADMIN_PASSWORD=${HARBOR_ADMIN_PASSWORD}
ENV POSTGRESQL_HOST=${POSTGRESQL_HOST}
ENV POSTGRESQL_PORT=${POSTGRESQL_PORT:-5432}
ENV POSTGRESQL_USERNAME=${POSTGRESQL_USERNAME}
ENV POSTGRESQL_PASSWORD=${POSTGRESQL_PASSWORD}
ENV POSTGRESQL_DATABASE=${POSTGRESQL_DATABASE:-harbor}
ENV REDIS_URL=${REDIS_URL}
ENV CORE_SECRET=${CORE_SECRET}
ENV JOBSERVICE_SECRET=${JOBSERVICE_SECRET}


# Expose HTTP port
EXPOSE 8080


# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=5 \
  CMD curl -f http://localhost:8080/api/v2.0/health || exit 1

Multi-Component Deployment

Harbor consists of multiple components. For a complete deployment, you may need to deploy these separately or use a combined approach:

# Harbor Portal (Web UI)
FROM bitnami/harbor-portal:2


ENV CORE_URL=${CORE_URL:-http://harbor-core:8080}


EXPOSE 8080

Environment Variables Reference

VariableRequiredDescription
HARBOR_ADMIN_PASSWORDYesAdmin user password
POSTGRESQL_HOSTYesPostgreSQL server hostname
POSTGRESQL_PORTNoPostgreSQL port (default: 5432)
POSTGRESQL_USERNAMEYesDatabase username
POSTGRESQL_PASSWORDYesDatabase password
POSTGRESQL_DATABASENoDatabase name (default: harbor)
REDIS_URLYesRedis connection URL
CORE_SECRETYesSecret for internal component communication
JOBSERVICE_SECRETYesSecret for job service
EXTERNAL_URLYesPublic URL of Harbor instance

Deploying Harbor on Klutch.sh

    Deploy Prerequisites

    First, deploy PostgreSQL and Redis on Klutch.sh:

    • Create a PostgreSQL app with a persistent volume
    • Create a Redis app for caching
    • Note the connection details for both

    Generate Security Secrets

    Generate secure random strings for internal secrets:

    Terminal window
    openssl rand -hex 16  # For CORE_SECRET
    openssl rand -hex 16  # For JOBSERVICE_SECRET

    Push Your Repository to GitHub

    Terminal window
    git init
    git add Dockerfile harbor.yml .dockerignore README.md
    git commit -m "Initial Harbor deployment configuration"
    git remote add origin https://github.com/yourusername/harbor-deploy.git
    git push -u origin main

    Create a New Project on Klutch.sh

    Navigate to the Klutch.sh dashboard and create a new project named “harbor-registry” or similar.

    Create the Harbor Core App

    Within your project, create the Harbor core app:

    • Connect your GitHub account and select your repository
    • Select HTTP as the traffic type
    • Set the internal port to 8080

    Set Environment Variables

    Configure the following environment variables:

    VariableValue
    HARBOR_ADMIN_PASSWORDA secure admin password
    POSTGRESQL_HOSTYour PostgreSQL app hostname
    POSTGRESQL_USERNAMEDatabase username
    POSTGRESQL_PASSWORDDatabase password
    REDIS_URLredis://your-redis-app:6379
    CORE_SECRETGenerated secret
    JOBSERVICE_SECRETGenerated secret
    EXTERNAL_URLhttps://your-app-name.klutch.sh

    Attach Persistent Volumes

    Mount PathRecommended SizePurpose
    /data100+ GBImage storage
    /var/log/harbor10 GBHarbor logs

    Deploy Your Application

    Click Deploy to start the build process. Klutch.sh will build the container, attach volumes, and start Harbor with HTTPS enabled.

    Access Harbor

    Once deployment completes, access Harbor at https://your-app-name.klutch.sh. Log in with:

    • Username: admin
    • Password: Your configured HARBOR_ADMIN_PASSWORD

Using Harbor

Creating Projects

  1. Log in to the Harbor web interface
  2. Click New Project
  3. Enter a project name and configure access level
  4. Set vulnerability scanning and content trust policies

Pushing Images

Configure Docker to use your Harbor registry:

Terminal window
# Log in to Harbor
docker login your-app-name.klutch.sh


# Tag and push an image
docker tag myimage:latest your-app-name.klutch.sh/myproject/myimage:latest
docker push your-app-name.klutch.sh/myproject/myimage:latest

Configuring Vulnerability Scanning

  1. Navigate to Administration > Interrogation Services
  2. Configure Trivy scanner settings
  3. Enable automatic scanning for new images

Setting Up Replication

  1. Go to Administration > Registries
  2. Add external registry endpoints
  3. Create replication rules under Replications

Troubleshooting

Login Failures

  • Verify Docker daemon trusts your registry certificate
  • Check admin password configuration
  • Ensure EXTERNAL_URL matches your access URL

Image Push Errors

  • Verify project exists and you have push permissions
  • Check storage quota is not exceeded
  • Review Harbor logs for detailed errors

Database Connection Issues

  • Verify PostgreSQL is running and accessible
  • Check database credentials
  • Ensure database exists and is initialized

Additional Resources

Conclusion

Deploying Harbor on Klutch.sh provides an enterprise-grade container registry with comprehensive security features, vulnerability scanning, and access control. The CNCF-graduated project offers the reliability and features needed for production container image management. With persistent storage for images and configuration, your registry maintains data integrity across deployments while benefiting from Klutch.sh’s managed infrastructure.