Registry
Integration & Delivery Plane
Open-source registry that brings consistency to cloud-native compute platforms.
What is Harbor?
Harbor is an open-source, self-hosted registry that brings consistency to cloud-native compute platforms. Harbor works by managing container images using a comprehensive approach – It handles storage, notarized signing, and vulnerability scanning.
Profile
Harbor builds on a RESTful API that can take on most tasks programmatically and includes a Swagger UI that lowers the barriers to entry. You can deploy using Docker compose, or if you're working with Kubernetes, the official Helm chart. Kubernetes users who want to squeeze even more functionality out of the API may prefer the official operator for deploying, managing secrets, and handling different Day 2 operations.
Behind the scenes, Harbor supports multiple ways to authenticate and verify users, including OpenID Connect and LDAP/AD, so migrating might be as simple as copying your current settings. When it comes to signing images, this tool uses Docker Notary (and by extension Docker Content Trust) to ensure authenticity.
Harbor might help you avoid edge-case development pitfalls. For instance, you can implement policies that forbid unsigned image deployment while you're still building projects. You can also filter registry behaviors, such as replication or push-triggered image scanning, according to repositories or tags. Harbor also works to ensure availability without requiring intervention, automatically retrying synchronizations on errors and scanning images on a schedule.
Focus
People that migrate to Harbor often do so because public registries fall short of their needs. This dev tool lets you manage multiple repositories according to a uniform scheme, making it a bit simpler to wrangle distinct CI pipelines side-by-side and achieve uniform oversight.
Harbor users can manage complex workflows without having to do everything manually. In addition to its API, this tool comes with predefined policies for vulnerability scanning, garbage collection jobs, and user permissions; these make good starting points. The GUI is also uncomplicated, so cooking up new rules and auditing logs are both relatively painless.
Background
VMware set the stage for the modern Harbor project by incubating it as an in-house tool. Like so many other useful cloud computing helpers, it's now open source. Since version 2.0, the project has also been Open Container Initiative-compliant.
Harbor is a Cloud Native Computing Foundation graduated project available under an Apache 2.0 license. That said, it still relies on VMware's Photon OS 1.0, which uses GNU GPL.
The majority of this tool's code is written in Go. Thanks to biweekly community calls and an extensive YouTube library of past dev meetings, it's pretty easy to keep tabs on Harbor’s future and avoid surprises.
Harbor main features
Comprehensive logging
Tired of struggling to audit your repos? Harbor might make the process less stressful because it logs all operations by default. This is likely the bare minimum if you're setting up a repository that needs to comply with certain HIPAA or GDPR rules.
Potential efficiency gains
Harbor's proximity to your build and run environments could make image transfers less of a hassle. Remember, however, that you'll have to provision your servers properly to reap the maximum benefit – There are numerous ways to set up a deployment, not all of which may be optimal.
Configurable security
Support for HTTPS user access, inter-component TLS communication, custom token authentication, and access metrics let you choose how to keep your users and data secure. The documentation is also fairly extensive, so you can get moving in a few minutes without cutting security corners.