Harbor Registry is an open source cloud native registry, which stores and scans container images for security vulnerability, I was deploying Harbor registry as my container repository, so I thought to share this with my followers. Also, Harbor has released it’s latest release, v1.9 and let’s see what are those added features. VMware use Harbor Registry to store, and distribute container images for VMware enterprise PKS.
As I mentioned earlier Harbor has released it’s v 1.9, and it comes with some added features. You can follow the latest releases, and updates in their GitHub Page. Download files are available in release page as online and offline download versions.
I deployed Harbor registry in Ubuntu 18.04 Bionic Beaver LTS version. I created a folder called “Harbor” to store all my files, and downloaded the offline installer.
I have extracted the downloaded file, and there were few files in the downloaded folder.
Basically, there are two main parameters should be configured before proceed with the Harbor configuration, “System level parameters” and “User level parameters“. Also, supported version of Docker and Docker Compose should be installed.
I installed Docker CE, in this deployment. If you need to see how to install Docker CE on ubuntu, follow my previous article. To install Docker Compose follow the below procedure.
Execute the below command to download the current stable version of Docker Compose.
sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
Change the permissions as below
sudo chmod +x /usr/local/bin/docker-compose
Update the “harbor.yml” file to edit the parameters.
Below parameters are required to run Harbor:
If you don’t edit this according to your requirement, the default values would be applied.
In my deployment, I have updated only the hostname with my local IP address.
After that I started the installation executing the “install.sh” file.
Wait until it completes the installation.
Now access the URL listed at the end, and login to the Harbor registry with the default username and password.
Default Usernmame: admin
Default Password: Harbor12345You can change this in the “harbor.yml” file before the installation
Projects will be listed, and “library” is created by default
Basic system configuration options are available under “Configuration“
Harbor API Explorer can be easily accessible by clicking the button displayed at the bottom.
You’ll be redirecting to a new web interface, where you can access the Harbor API functions
API models can be viewed with the information as below
Events can be viewed at the panel on the right side
Working With Harbor Registry Projects
A new project can be added by clicking the “NEW PROJECT” button, details such as Project Name, Access Level, Count quota and Storage Quota can be define in this step
Project details such as Summary, Repositories, Members, Labels, Logs, Robot Accounts, Tag Retention, Webhooks and Configuration can be defined after selecting the created project
Docker container image tagging and pushing is explained with a sample commands, just make it easy to understand
Project logs also can be viewed here, and filter out the date range to easy access
Projects Tags can be added in colors
New Features With Harbor Registry v 1.9
There are few added features with v 1.9 release, “Tag Retention” is one of those. You can add 15 tag retention rules per project
Tag retention rules can be configured “For The Repositories”, and “By Image Count or number of days”
Image retention policies have many selections as below
Webhooks notifications also newly added with this release to integrate with the CI/CD tools
Project Quotas can be configured as “Artifact Count” and the “Storage Consumption“, this can be configured under “Configuration“
Consumption can be visible for each and every project after setting up the Quota
Registry Services Replications With Major Cloud Providers
Harbor Registry endpoints can be configured with major Cloud providers to replicate the registry
These Cloud Providers are available to configure as the Endpoints
Replication Rules can be configured as “Push-based” and “Pull-based” modes, and also “Automatic” or “Manual” modes
CVE Exception Policies And Syslog Integration
I need to mention that, I have downloaded the v1.9 these features were not available in my Harbor registry. However, System wide CVE whitelist can be added in this release
CVE IDs can be added to ignore during the vulnerability scanning
Harbor Registry Self Signing Capability
Anyone can sign up with Harbor Registry, and that feature can be controlled in the configuration.