Harbor is one of the most successful open source projects from VMware. It is a cloud native registry that stores, signs, and scans content, with the mission of providing cloud native environments the ability to confidently manage and serve container images.
Harbor was created in June of 2014 and open sourced two years later on GitHub. Since first being open sourced in 2016, Harbor has seen tremendous growth and adoption and has steadily rolled out critical features to deliver trust, compliance, performance, and interoperability.
Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud native compute platforms like Kubernetes and Docker.
Overview of Harbor
VMware created Harbor in 2014. Harbor was shared with the community through an open-source license in 2016 and donated to the CNCF in 2018.
Harbor is integrated into VMware products: vSphere Integrated Containers, VMware Tanzu and vSphere 7 with Kubernetes.
The embedded Harbor for vSphere with Kubernetes includes the following features:
- Identity integration and role-based access control (RBAC)
- Graphical user interface
- Auditing of operations
- Management with labels
Originating from VMware, Harbor is an open-source project that extends the Docker registry source code to provide an enterprise-class registry server. Harbor provides additional flexibility and security to Docker registries so that enterprises can create a repository for Docker images for use within their infrastructure.
In July 2018, Harbor was accepted into the Cloud Native Computing Foundation (CNCF) sandbox as the first container registry. It was accepted into the CNCF Incubator in November 2018.
Embedded Harbor for vSphere with Kubernetes is not as fully featured as standalone Harbor.
Embedded Harbor on vSphere with Kubernetes provides the following features:
- Integrated User Account and Authentication (UAA): Harbor can share UAA authentication with vCenter Server using vCenter Single Sign-On.
- Role-based access control (RBAC): Users and repositories are organized into projects. Users can have master or guest permissions depending on the permission of the namespace.
- Graphical user portal: Users can easily browse, search repositories, and manage projects.
- Auditing: All operations to repositories are tracked.
- Management with labels: Harbor provides labels at the project level.
Harbor is a component of vSphere with Kubernetes. Harbor provides an enterprise-class registry service.
Harbor is deployed in a dedicated system namespace on the Supervisor Cluster and is composed of several vSphere Pods.
Image Registry Use Cases
Image registries provide a centralized repository for an organization to store container images.
Public image registries can be used to store container images. However, for security reasons, it is better to use an on-premises image registry.
You use an on-premises image registry for the following purposes:
- Store container images securely.
- Control access to container images.
vSphere with Kubernetes is integrated with Harbor and is also compatible with other container image registries.
The standard Harbor installation process involves the following stages:
- Make sure that your target host meets the Harbor Installation Prerequisites.
- Download the Harbor Installer
- Configure HTTPS Access to Harbor
- Configure the Harbor YML File
- Configure Enabling Internal TLS
- Run the Installer Script
Intro: Harbor – Henry Zhang & Steven Ren, VMware
Deep Dive: Harbor