- Default installation without Notary, Trivy, Clair, or Chart Repository Service
- Installation with Notary
- Installation with Trivy
- Installation with Clair
- Installation with Chart Repository Service
- Installation with Notary, Trivy, Clair, and Chart Repository Service
- Connecting to Harbor via HTTP
- What to Do Next
Once you have configured harbor.yml
copied from harbor.yml.tmpl
and optionally set up a storage backend, you install and start Harbor by using the install.sh
script. Note that it might take some time for the online installer to download all of the Harbor images from Docker hub.
You can install Harbor in different configurations:
- Just Harbor, without Notary, Trivy, Clair, or Chart Repository Service
- Harbor with Notary
- Harbor with Trivy
- Harbor with Clair
- Harbor with Chart Repository Service
- Harbor with two or all three of Notary, Trivy, Clair, and Chart Repository Service
Default installation without Notary, Trivy, Clair, or Chart Repository Service
The default Harbor installation does not include Notary or Trivy, Clair service. Run the following command
sudo ./install.sh
If the installation succeeds, you can open a browser to visit the Harbor interface at http://reg.yourdomain.com
, changing reg.yourdomain.com
to the hostname that you configured in harbor.yml
. If you did not change them in harbor.yml
, the default administrator username and password are admin
and Harbor12345
.
Log in to the admin portal and create a new project, for example, myproject
. You can then use Docker commands to log in to Harbor, tag images, and push them to Harbor.
docker login reg.yourdomain.com
docker push reg.yourdomain.com/myproject/myrepo:mytag
- If your installation of Harbor uses HTTPS, you must provide the Harbor certificates to the Docker client. For information, see Configure HTTPS Access to Harbor.
- If your installation of Harbor uses HTTP, you must add the option
--insecure-registry
to your client’s Docker daemon and restart the Docker service. For more information, see Connecting to Harbor via HTTP below.
Installation with Notary
To install Harbor with the Notary service, add the --with-notary
parameter when you run install.sh
:
sudo ./install.sh --with-notary
For installation with Notary, you must configure Harbor to use HTTPS.
For more information about Notary and Docker Content Trust, see Content Trust in the Docker documentation.
Installation with Trivy
To install Harbor with Trivy service, add the --with-trivy
parameter when you run install.sh
:
sudo ./install.sh --with-trivy
For more information about Trivy, see the Trivy documentation.
Installation with Clair
Clair is being removed as a default vulnerability scanner in Harbor v2.2. Its highly recommended that you install using Trivy as your default scanner instead. If you still want to use Clair, you can configure it as an external scanner after you install.
To install Harbor with Clair service, add the --with-clair
parameter when you run install.sh
:
sudo ./install.sh --with-clair
For more information about Clair, see the Clair documentation.
By default, Harbor limits the CPU usage of the Clair container to 150000 to avoid it using up all CPU resources. This is defined in the docker-compose.clair.yml
file. You can modify this file based on your hardware configuration.
Installation with Chart Repository Service
To install Harbor with chart repository service, add the --with-chartmuseum
parameter when you run install.sh
:
sudo ./install.sh --with-chartmuseum
Installation with Notary, Trivy, Clair, and Chart Repository Service
If you want to install all three of Notary, Clair and chart repository service, specify all of the parameters in the same command:
sudo ./install.sh --with-notary --with-trivy --with-clair --with-chartmuseum
Connecting to Harbor via HTTP
IMPORTANT: If your installation of Harbor uses HTTP rather than HTTPS, you must add the option --insecure-registry
to your client’s Docker daemon. By default, the daemon file is located at /etc/docker/daemon.json
.
For example, add the following to your daemon.json
file:
{
"insecure-registries" : ["myregistrydomain.com:5000", "0.0.0.0"]
}
After you update daemon.json
, you must restart both Docker Engine and Harbor.
Restart Docker Engine.
systemctl restart docker
Stop Harbor.
docker-compose down -v
Restart Harbor.
docker-compose up -d
What to Do Next
- If the installation succeeds, see Harbor Administration for information about using Harbor.
- If you deployed Harbor with HTTP and you want to secure the connections to Harbor, see Configure HTTPS Access to Harbor.
- If installation fails, see Troubleshooting Harbor Installation.