The latest version
, 1.8, of Harbor
was recently release. Harbor is a Cloud Native Computing Foundation
project that provides a cloud-native registry for storing, signing, and scanning container images. This release includes an OpenID Connect
integration, the addition of robot accounts, and improvements to the replication features, among other improvements.
Harbor is a self-hosted, cloud-native registry that stores, signs, and scan container images for vulnerabilities. It provides an alternative registry for cases where a public or cloud-based registry isn’t an option. As it is self-hosted, it is also an option for providing a consistent experience for a multi-cloud strategy. Harbor was accepted as a Cloud Native Computing Foundation incubating project back in 2018.
Harbor architecture (credit: CNCF
With version 1.8, Harbor now supports OpenID Connect
. Administrators can now use an OIDC provider as the authentication model for users. Users can then leverage their single sign-on credentials to access the Harbor portal. Since some tools, such asDocker client, are incapable of logging in via SSO when a redirection to an external IDP is required, Harbor now includes CLI secrets. CLI secrets provide end users with a token to access Harbor via Docker or Helm clients. This functionality is only available when Harbor’s authentication mode is configured to OIDC based.
After logging in via OIDC SSO, you can obtain the CLI secret from the user profile.
Harbor CLI Secret UI (credit: Harbor
With that secret, you can login via the Docker/Helm CLI using the Harbor user name and the CLI secret as the password:
docker login -u testuser -p xxxxxx jt-test.local.goharbor.io
As Harbor is often integrated with CI/CD tooling that cannot handle SSO, this release includes robot accounts. Robot accounts allow Harbor to be integrated and used by automated systems. These accounts can be configured to provide administrators with a token that grants permission for pulling and pushing images from the repository.
This release extends the Harbor-to-Harbor replication feature to add support to replicate resources between Harbor and Docker Hub
, Docker Registry
, and the Huawei Cloud
using both push and pull replication. As claimed on the Harbor blog
, "The built-in registries [of the public clouds] don’t offer the many capabilities and features of Harbor, specifically the static analysis of images." With this feature, Harbor can act as a central repository for all images. Replication can be done to other registries as required, having them act as pure content repositories. This allows for Harbor to be used for vulnerability scanning and compliance enforcement.
Additional features shipping with this release includes:
- A health check API that provides a detailed status and health for all components
- The Docker Registry version that Harbor extends has been updated to 2.7.1
- Administrators can now use cron strings to define job schedules for scan, garbage collection, and replication jobs
- End users can now trigger Harbor API via the Swagger UI included within Harbor’s UI
More details on the features that were released are available on the Harbor blog
or in the user guide
on GitHub. Harbor is actively looking for expanding their community and is looking for people to get involved with coding, testing, and general feedback. Interested individuals can join the #harbor
Slack channel on the CNCF Slack
. Harbor is open source and releases
are available on their GitHub page.