VMware Harbor and https access

I have used VMware VCH (vSphere Integrated Containers Host) for some time now in my home lab. However, there are some commands witch are unsupported: Build and push, that’s by design because VCH is a “enterprise container runtime”. So the right process for developing an Docker image are use standard Docker Engine to build, tag, and push a container image to a registry and then pull from registry to VCH.

I may well use DockerHub for this but I wanted to try another VMware open source product called Harbor. According to the website “Harbor is an open source cloud native registry that stores, signs, and scans container images for vulnerabilities.” Harbor are not using https access as default, you have to enable https access and use self-signed certificates or real certificates. The other option is to use insecure-registry for Docker and use http.

All the options above means I have to change the Docker setup for all the development machines and the VCH server. The best solution would be to use at real public PKI infrastructure so I done have to change anything. I am using Let’s Encrypt elsewhere and would like to use that for Harbor certificates. It turned out not to be very difficult in my setup.

So in high level this the setup I went for.

In the next post, I will walk through the install process for Harbor on Ubunut 18.04 with http support.