tiero - Fotolia


Store and manage containers in VMware VIC with Harbor and Admiral

VMware builds Harbor and Admiral components into vSphere 6.5 Integrated Containers in a bid to stand toe-to-toe with Docker's container strategy.

If you're reading this, you probably already know that VMware vSphere Integrated Containers runs containers as...

VMs on a vSphere deployment alongside VMs -- but that's just the start of it. There's a great deal more to learn about VIC -- specifically, how to use containers in production. In this article, we'll take a closer look at how to deploy two VIC components: Harbor and Admiral.

Harbor is an enterprise-class container registry. Simply put, it's where developers store container images so that the operations team can deploy them to test and production environments. Admiral is a graphical management portal for containers. Both Harbor and Admiral are built into the vSphere 6.5 appliance. In order to use Harbor and Admiral, users must deploy a new VMware VIC appliance, as both components depend upon Secure Sockets Layer (SSL) certifications.

Create a Harbor appliance

Certificates and system names are tightly coupled; a certificate proves that a server is what it claims to be. For the sake of this tutorial, I'm using the server name harbor on my network called d.local. I set up a static IP address and a domain name system (DNS) A record for this name. The DNS name of this appliance will be harbor.d.local.

To create this appliance, we must first generate an SSL certificate for our Harbor instance to use with that name. In the past, I tried to avoid generating a certificate, but this tends to be more trouble than making a trusted certificate. To generate an SSL certificate, install OpenSSL. I'm including the server's DNS in the file name because it makes it easier to identify which server uses which file. Use the following command to generate a private key and Certificate Signing Request (CSR):

openssl req -newkey rsa:4096 -nodes -sha256 -keyout harbor.d.local.key -out harbor.d.local.csr

The command will prompt you to give the private key and CSR a common name. This name should be whatever you enter in the web browser to access the Harbor webpage. In my lab, I use the DNS name harbor.d.local. The command will then produce the private key and CSR, highlighted in Figure A.

Generate a private key and CSR.
Figure A. Generate a private key and CSR.

Use the CSR to request a certification from your certificate authority and download the resulting certificate file. Make sure to request a web server certificate and download a Base64-encoded certificate. I'm renaming the certificate file to harbor.d.local.crt to be consistent with my naming scheme.

Next, deploy the VMware VIC appliance. Set the hostname to match your certificate common name. I also set a static IP address to match the DNS entry.

Both the certificate file (harbour.d.local.crt) and the private key file (harbour.d.local.key) are text files; we need to paste their contents, highlighted in Figure B, into the VMware VIC virtual appliance deployment wizard. We need the Harbor registry, so you should use the same certificate and key files for the Management Portal and File Server sections, too.

SSL cert and cert key files.
Figure B. SSL certificate and certificate key files.

Once the appliance is deployed, power it on. Once the system boot is complete, point a web browser at the appliance to locate Harbor and choose HTTPS. In my lab, the URL is https://harbor.d.local. If something went wrong with the certificates, you'll receive an error message; otherwise, the webpage will load normally. Harbor should appear as a container registry for your organization under VIC's Registry tab.

You're now able to add users and project folders to the developers that will push their Docker images.

Manage containers with Admiral

Like virtual container host (VCH) deployment tools and Harbor, Admiral is built into the VMware VIC appliance. Admiral is a web portal that manages containers. You can use the same certificate information from Harbor for the management portal when you configure Admiral. Locate the management link at the top of the Harbor page to access Admiral. In my lab, Admiral is available as https://harbor.d.local:8282.

To add a VCH, click Add a Host and enter the details of the VCH. Change the connection port to 2376, rather than the default 443. Also, choose the default placement zone and the default certificate for authentication.

Add a VCH.
Figure C. Add a virtual container host.

Enter all of the values, click Verify and then Yes to accept the certificate. If your container hosts use certificates issued by your certificate authority, you won't need to accept the certificates, as they are already trusted.

Once VMware VIC verifies the values, click the Add button to see a list of container hosts. These hosts do not have to be VIC hosts; they can be any machine that runs the Docker engine. The Resources view shows all my running and stopped containers. You can start, stop or delete containers directly from this via a panel that pops up when the mouse hovers over the container.

Containers can be stopped, started or deleted directly from this list using a panel that pops up when the mouse hovers over the container. Click a container to see more information about the container, such as resource usage and configured logs. Since I didn't configure any logs on the Admiral container, it doesn't use a lot of resources.

A sample container.
Figure D. An example of container usages, properties and logs.

The Templates view allows you to find container images to deploy. If we weren't already running Admiral, we could provision it from this window. Click the Provision button under your container image of choice to download that container image and launch a container to one of your VCHs.

There are now a couple VCHs listed in Admiral and Harbor on which your developers can place their Docker images, and you're one step closer to deploying containers as VMs alongside existing VMs.

Next Steps

VMware VIC components give Docker a run for its money

Questions remain over vSphere Integrated Containers

What sets VIC apart from other containers?

Dig Deeper on VMware new releases and updates