An open source trusted cloud native registry project that stores, signs, and scans content.
Go to file
2016-04-13 07:44:18 +08:00
api fix typo 2016-03-30 18:05:52 +08:00
auth update logger per comments 2016-03-25 03:41:10 -07:00
contrib Fix broken link to Installation Guide. 2016-04-08 10:17:53 +02:00
controllers changed logger level for some if clauses. 2016-04-05 11:29:47 +08:00
dao fix UT breakage: 2016-04-01 19:23:31 +08:00
Deploy add README about how to start harbor on kubernetes. 2016-04-13 07:43:12 +08:00
docs Update swagger.yaml 2016-04-12 13:37:08 +08:00
models remove useless definition 2016-03-29 13:39:24 +08:00
service fix error in go vet 2016-04-05 20:04:29 +08:00
static refine some structures and words. 2016-04-01 15:39:04 +08:00
ui fix path typo 2016-04-07 18:44:29 +08:00
utils tiny update to logger 2016-04-01 19:13:04 +08:00
vendor switch to /vendor, remove docker/distribution docker/libtrust go-sql-driver/mysql, and update Dockerfile to use go get to download these packages. 2016-02-19 13:01:58 +08:00
views refine some structures and words. 2016-04-01 15:39:04 +08:00
.gitignore refactor logger in main.go & add harbor.cfg to .gitignore 2016-03-23 13:15:27 +08:00
.travis.yml add travis support 2016-02-29 11:24:52 +08:00
AUTHORS update authors 2016-03-31 21:25:38 +08:00
Dockerfile.ui refactor 2016-04-07 18:34:12 +08:00
favicon.ico added favicon.ico for Harbor 2016-03-11 14:34:56 +08:00
LICENSE update README, LICENSE, and bump to registry/2.3.0 2016-03-01 18:21:56 +08:00
NOTICE add NOTICE, update README.md 2016-03-03 10:15:12 +08:00
README.md add README about how to start harbor on kubernetes. 2016-04-13 07:43:12 +08:00

Harbor

Build Status

alg tag

Project Harbor is initiated by VMware China R&D as a Cloud Application Accelerator (CAA) project. CAA provides a set of tools to improve the productivity of cloud developers in China and other countries. CAA includes tools like registry server, mirror server, decentralized image distributor, etc.

Project Harbor is an enterprise-class registry server. It extends the open source Docker Registry server by adding more functionalities usually required by an enterprise. Harbor is designed to be deployed in a private environment of an organization. A private registry is important for organizations who care much about security. In addition, a private registry improves productivity by eliminating the need to download images from the public network. This is very helpful to container users who do not have a good network to the Internet.

Features

  • Role Based Access Control: Users and docker repositories are organized via "projects", a user can have different permission for images under a namespace.
  • Graphical user portal: User can easily browse, search docker repositories, manage projects/namespaces.
  • AD/LDAP support: Harbor integrates with existing AD/LDAP of the enterprise for user authentication and management.
  • Auditing: All the operations to the repositories are tracked and can be used for auditing purpose.
  • Internationalization: Localized for English and Chinese languages. More languages can be added.
  • RESTful API: RESTful APIs are provided for most administrative operations of Harbor. The integration with other management softwares becomes easy.

Getting Started

Harbor is self-contained and can be easily deployed via docker-compose. The below are quick-start steps. Refer to the Installation and Configuration Guide for detail information.

System requirements:
Harbor only works with docker 1.10+ and docker-compose 1.6.0+ . The host must be connected to the Internet.

  1. Get the source code:

    $ git clone https://github.com/vmware/harbor
    
  2. Edit the file Deploy/harbor.cfg, make necessary configuration changes such as hostname, admin password and mail server. Refer to Installation and Configuration Guide for more info.

  3. Install Harbor by the following commands. It may take a while for the docker-compose process to finish.

    $ cd Deploy
    
    $ ./prepare
    Generated configuration file: ./config/ui/env
    Generated configuration file: ./config/ui/app.conf
    Generated configuration file: ./config/registry/config.yml
    Generated configuration file: ./config/db/env
    
    $ docker-compose up
    

If everything works fine, you can open a browser to visit the admin portal at http://reg.yourdomain.com . The default administrator username and password are admin/Harbor12345 .

Create a new project, e.g. myproject, in the admin portal. You can then use docker commands to login and push images. The default port of Harbor registry server is 80:

$ docker login reg.yourdomain.com
$ docker push reg.yourdomain.com/myproject/myrepo
  1. Deploy harbor on kubernetes. For now, it's a little tricky to start harbor on kubernetes because
    1. registry uses https, so we need cert or workaround to avoid errors like this:

      Error response from daemon: invalid registry endpoint https://{HOST}/v0/: unable to ping registry endpoint https://{HOST}/v0/
      v2 ping attempt failed with error: Get https://{HOST}/v2/: EOF
      v1 ping attempt failed with error: Get https://{HOST}/v1/_ping: EOF. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry {HOST}` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/{HOST}/ca.crt
      

      There is a workaround if you don't have a cert. The workaround is to add the host into the list of insecure registry by editting the /etc/default/docker file:

      sudo vi /etc/default/docker
      

      add the line at the end of file:

      DOCKER_OPTS="$DOCKER_OPTS --insecure-registry={HOST}"
      

      and restart docker service

      sudo service docker restart
      
    2. The registry config file need to know the IP (or DNS name) of the registry, but on kubernetes, you won't know the IP before the service is created. There are several workarounds to solve this problem for now:

      • Use DNS name and link th DNS name with the IP after the service is created.
      • Rebuild the registry image with the service IP after the service is created and use kubectl rolling-update to update to the new image.

To start harbor on kubernetes, you first need to change the host name at the registry config file and build the images by running:

cd Deploy
docker-compose build
docker build -f kubernetes/dockerfiles/proxy-dockerfile -t {your_account}/proxy .
docker build -f kubernetes/dockerfiles/registry-dockerfile -t {your_account}/registry .
docker build -f kubernetes/dockerfiles/ui-dockerfile -t {your_account}/deploy_ui .
docker tag deploy_mysql {your_account}/deploy_mysql
docker push {your_account}/proxy
docker push {your_account}/registry
docker push {your_account}/deploy_ui
docker push {your_account}/deploy_mysql

where "your_account" is your own registry. Then you need to update the "image" field in the *-rc.yaml files at:

Deploy/kubernetes/mysql-rc.yaml
Deploy/kubernetes/proxy-rc.yaml
Deploy/kubernetes/registry-rc.yaml
Deploy/kubernetes/ui-rc.yaml

Finally you can start the jobs by running:

kubectl create -f Deploy/kubernetes

NOTE:
To simplify the installation process, a pre-built installation package of Harbor is provided so that you don't need to clone the source code. By using this package, you can even install Harbor onto a host that is not connected to the Internet. For details on how to download and use this installation package, please refer to Installation and Configuration Guide .

For information on how to use Harbor, please see User Guide .

Contribution

We welcome contributions from the community. If you wish to contribute code and you have not signed our contributor license agreement (CLA), our bot will update the issue when you open a pull request. For any questions about the CLA process, please refer to our FAQ.

License

Harbor is available under the Apache 2 license.

Partners

DataMan     SlamTec

Users

MaDaiLiCai