Harbor Registry
Harbor is an?open source container registry that secures artifacts with role-based access controls and policies, ensures images are scanned and free from vulnerabilities, and signs images as trusted.
● Why Harbor Registry?
Extends the functionality of Docker registry with features like security, identity control and management which are much need for organizations working in teams and want to have their own private registry. where they can also keep on improving on the vulnerabilities of the image.
● Getting Started with Harbor
- Follow the doc:
https://goharbor.io/docs/1.10/install-config/quick-install-script/
- quick installation script on ubuntu 18.04:
https://gist.github.com/kacole2/95e83ac84fec950b1a70b0853d6594dc
Points to be noted:
a. manually put the value of docker-compose version in the installation script.
b. the password for the admin is Harbor12345 if Harbor123456 doesn't work
here basic functionalities of harbor registry are explored
● User Management:
Create users and keep them as regular view only users assign them admin privileges according to requirements
Login to Harbor > Administration > Users > NEW USER
assign admin rights as needed - which can be used to delete images also
● Projects:
you can create projects for you to push your images onto the registry
Create new project
Name, Access Level and Quotas
Quotas: "-1" stands for unlimited quota
Once you have created your project, you can also see the push command to push images onto it.
● Pushing an Image:
Here we push a basic httpd based image onto the registry
I have create an image with following Dockerfile
build the image with docker build <options>
(Optional) run the image: open your browser and point it at your ip address and port which was mapped/set while running the image.
Now for us to push the image we have to tag the image for the project we have created on the registry
you can get the tag and push commands from the registry itself.
copy the command and replace with proper values
docker tag SOURCE_IMAGE[:TAG] <IP or Hostname>/project-harbor/IMAGE[:TAG]
docker push <IP or Hostname>/project-harbor/IMAGE[:TAG]
and there we have it, the image was successfully pushed onto the repository. which can be private to you or your organization, for us to have IAM, Project management, storage quotas etc.
Points Discussed:
Thank you for reading the article.
AWS CB, GDE, Docker Captain, CK {S,A,D}, SCE, LFCE, RHCA XI, SCI, RHCI, JBCI, Google Authorised Trainer, Kubernetes, Openshift, Ansible,SUSE, PC {A, DBE, MLE, NA}
3 年keep it up