Overcomplicated installation and configuration

[thechubbypanda]

I'm sorry if this sounds like a rant but I'm just genuinely bewildered at the lack of usability and I want to know if there's anything that can be done about this. I'm more than happy to contribute to improve this.

I'm trying to install harbor in a simple and common scenario:

• Traefik reverse proxy
• docker-compose for every other application

This project deviates significantly from absolutely everything I've learnt so far about dockerized applications:

1. Logging is delegated to a separate container when docker-compose achieves the exact same thing (I tore this out with no concequence)
2. Ports are opened by default. If I had not changed the http port it would have failed since I already host a reverse proxy.
3. Default logging directory is /var/log??? WHY. The entire point of dockerized applications is to abstract them from the host, not integrate them
4. Everything has to be run as root? Why can't I run as 1000:1000 if I want to. Almost every other project is fine with this, even vault warden (a password manager) recommends it in their hardening guide.
5. Even the install script. I do not need you to start the stack for me. I do not want to have to run this as root.
6. If I try to setup my dockerized ldap solution with harbor, it will just get overriden the next time I do a install.sh because I have to alter the networks

I have a few more but these are the big ones.

Please don't get me wrong here, Harbor is amazing and I appreciate what it does but damn have I spend far too long bashing my head against a wall trying to set it up.

[ChristianCiach]

I agree with everything @thechubbypanda said. For a containerized application Harbor is way too integrated with the host.

To add to that, when upgrading Harbor, the documentation says that we should mount the whole filesystem of the host into the migration container:

docker run -it --rm -v /:/hostfs/goharbor/prepare:[tag] migrate -i ${path to harbor.yml}

Surely there has to be a better way to do this? I am not comfortable mounting the root directory into a container just so that it can edit my harbor configuration. I would rather apply the changes to the yaml file manually, but unfortunately the necessary changes are not documented.

Logging is delegated to a separate container when docker-compose achieves the exact same thing (I tore this out with no concequence)

We also had issues with this. Because we have rather strict iptables rules in place, Harbor was just not able to log anything. We would not have encountered this issue if Harbor was properly containerized.

[github-actions]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

[DeltaLaboratory]

I agree with this.
It is pretty hard to use this with other reverse proxy or some applications that use some port.
Harbor is basically just an http server, but it needs a lots of effort to use it

[github-actions]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.

[github-actions]

This issue was closed because it has been stalled for 30 days with no activity. If this issue is still relevant, please re-open a new issue.

[thereisnotime]

This is still valid.

[WannaBeGeekster]

This is 100% still an issue. It would be nice if the harbor.yml.tmpl file lined up with the documentation when it comes to generating the internal certificates. Not to mention the code block for generating the internal certificates is also very confusing. It would be nice if you could just standarize and make it easy. Either tell people to create /etc/goharbor (or /etc/harbor) and put everything in there. The systemd daemon references that location. Seems like too many cooks in the kitchen and ultimately it would be nice if things could just be standardized. I would be happy to create some pull requests with some very basic updates that could have saved me half a day trying to figure out exactly what was going on here.

[josesa-xx]

I was trying to adapt the installation to use docker volumes instead of mounting direct paths from host to make it more transparent and less prone to creating clutter in hostfs, but seems the install.sh and prepare scripts are still very hardcoded into using the hostfs.

[unexpectedxx]

I tried 3 times and gave up. If there was a replacement warehouse, I think I'd embrace it at the speed of light