To work with container images in the embedded Harbor Registry using Docker, you must add the registry certificate to your Docker client. The certificate is used to authenticate to Docker during login.
Configure your Docker client to interact with the embedded Harbor Registry. This task is required in preparation for using the Docker Credential Helper that vSphere provides to connect and interact with the embedded Harbor Registry.
This task assumes that the embedded Harbor Registry is enabled and that you can log in:
- Enable the Embedded Harbor Registry on the Supervisor Cluster
- Log In to the Embedded Harbor Registry Console
docker run hello-world
Hello from Docker! This message shows that your installation appears to be working correctly.
- Download the embedded Harbor Registry certificate
root-certificate.txt. See Download and Install the Embedded Harbor Registry Certificate.
- Change the name of the certificate to
- Securely copy the
ca.crtfile to your Docker host.
- On the Docker host, create a directory path for the private registry using the Harbor IP address.
- Move the
ca.crtto this directory.For example:
mv ca.crt /etc/docker/certs.d/10.179.145.77/ca.crt
- Restart the Docker daemon.
sudo systemctl restart docker.service
- Log in to the embedded Harbor Registry using your Docker client.
docker login https://10.179.145.77You should see the following message:
WARNING! Your password will be stored unencrypted in /home/ubuntu/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded
What to do next
As indicated by the message, for security purposes, download and install the vSphere Docker Credential Helper. See Install the vSphere Docker Credential Helper and Connect to the Registry.