About Harbor

Harbor Overview

Harbor is an open-source private container registry developed by VMware. Like Docker Registry, it implements features for managing container images.
As a repository for storing images like Docker Hub, it includes the advantages of a registry and provides an intuitive web-based user interface, enabling efficient image management.

In general, when using Docker, container images such as Nginx and busybox are deployed with Docker commands. The source for these images is a registry, and by default they are downloaded from Docker Hub.
However, Docker Hub is a public registry, so secure access may not be possible, and it may not be suitable for uploading private container images such as those created for company projects.
Harbor provides various features as a private registry intended for use in closed environments to solve these problems.

Harbor was originally started by VMware in 2014 to strengthen security systems and comply with compliance requirements for image use.
It became open source in 2016, was adopted in 2018 as one of the Cloud Native Computing Foundation (CNCF) projects that host development such as Kubernetes, and graduated from the project in 2020.

Main Features of Harbor

Provides a private repository for Docker images
Cloud-native open-source registry
- Harbor supports both container images and Helm charts and serves as a registry for cloud-native environments such as container runtime and orchestration platforms.
Role-based access control management (RBAC)
- It is possible to control published container images and operations by user or project.
Policy-based replication
- Images are replicated between multiple registry instances across servers based on policies that use filters such as repositories, tags, and labels, providing load balancing and high availability.
LDAP/AD support
- If you use user management systems such as AD and LDAP, you can integrate the system with Harbor and use it for RBAC.
Vulnerability scanning
- Periodically scans container images in repositories for vulnerabilities to prevent vulnerable images from being deployed.
OIDC support
- Harbor can use OpenID Connect (OIDC) to provide single sign-on (SSO) from external authentication servers such as Keycloak to the Harbor portal.
Graphical user portal
- Provides a web UI.
- Users can browse and search repositories and manage projects through the Harbor portal (WebUI).
Audit
- All operations on repositories can be audited and tracked through the WebUI or logs.

Harbor Operating Environment

Operating System and Docker

Harbor is deployed as multiple Docker containers. Therefore, it can be deployed on any Linux distribution that supports Docker. The host needs Docker and Docker Compose installed.

Hardware

The following table shows the minimum and recommended configurations for deploying Harbor.

Resource	Minimum	Recommended
CPU	2 CPU	4 CPU
Memory	4 GB	8 GB
Disk size	40 GB	160 GB

Software

The following table lists the software and versions that must be installed on the host.

Software	Version	Description
Docker Engine	Version 17.06.0-ce+ or later	For details about installation, refer to the Docker Engine documentation.
Docker Compose	Version 1.18.0 or later	For details about installation, refer to the Docker Compose documentation.
Openssl	Latest	Used to generate Harbor certificates and keys.

Network Ports

To use Harbor, the following ports must be open on the host.

Port	Protocol	Description
443	HTTPS	The Harbor portal and core API accept HTTPS requests on this port. This port can be changed in the configuration file.
4443	HTTPS	Used to connect to Harbor’s Docker Content Trust service. Required only when Notary is enabled. This port can be changed in the configuration file.
80	HTTP	The Harbor portal and core API accept HTTP requests on this port. This port can be changed in the configuration file.

Harbor License

Harbor is released under the Apache License version 2, and anyone can freely use, modify, and redistribute it for commercial or non-commercial purposes.