The Cloud Native Computing Foundation (CNCF) has announced that they have accepted Harbor, a cloud-native registry that stores, signs, and scans container images, into their sandbox. Harbor extends Docker Distribution, the Docker toolset used to work with Docker content, by adding functionalities such as security, identity, and management.
- Role-based access control: ‘Projects’ organize users and repositories, and a user can have different permission for images under a project.
- Policybased image replication: Images replicate (synchronize) between registry instances, with autoretry on errors, allowing for load balancing, high availability, multiple data centers, and hybrid and multicloud scenarios.
- Vulnerability Scanning: Harbor scans images regularly and warns users of vulnerabilities.
- LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management.
- Image deletion & garbage collection: Allow to delete images and recycle their space.
- Notary: Insurance of image authenticity.
- Graphical user portal: User can browse, search repositories, and manage projects.
- Auditing: Tracking of all the operations to the repositories.
- RESTful API: RESTful APIs for most administrative operations, which integrate with external systems.
- Deployment: Provide both an online and offline installer.
Harbor is a privately hosted registry, which allows running either on-premises or in any of the major cloud vendors, making it a possibility for organizations that cannot use a public container registry or want to implement a multi-cloud strategy. Harbor started as an internal VMware project and became open source in 2016. Multiple partners, including companies like Pivotal and Rancher, either use Harbor for their container-based environment or work together with Harbor to give the possibility of running the project on their infrastructure. For instance, the Pivotal Container Service includes Harbor as its built-in container registry. For Rancher, Harbor is one of the packages you can deploy to provide a container registry. Moreover, Harbor gives the option to set up multiple instances of these registries on several of these platforms simultaneously and allows replication between them. Through the signing and vulnerability scanning capabilities provided by the project, it turns these into trusted resources.
Given that Harbor now is in the CNCF sandbox, their repository for early-stage projects, Harbor will now experience benefits like gaining public visibility, more alignment with existing programs, and increasing community involvement. Furthermore, once the project complies with the graduation criteria, it graduates to the CNCF incubation stage, and finally even to the graduation stage. Maturing into a subsequent stage gives prioritized access to the various resources provided for the different projects which the CNCF hosts. Although Harbor is the first container registry in the CNCF catalog, other container registries are available as well, including Docker Hub, Docker Trusted Registry, and Google Container Registry.
There are several sources out there to get started with Harbor. For example, videos are available that explain various facets of working with the project, as well as a demo server to experience all the features. Installation of Harbor requires downloading the installer, configuring the configuration file, and finally running the setup. The documentation describes all necessary steps to set up Harbor, either using the online or offline installer or directly on Kubernetes. Furthermore, GitHub provides multiple guides around Harbor, including user guides and architectural overviews. The community is open to submissions through GitHub, while communication goes through user and developer groups as well as via Twitter and Slack.