Harbor is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud native compute platforms like Kubernetes and Docker.
Cloud native registry
With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.
Role based access control
Users access different repositories through 'projects' and a user can have different permission for images or Helm charts under a project
Policy based replication
Images and charts can be replicated (synchronized) between multiple registry instances based on policies with using filters (repository, tag and label).
Harbor automatically retries a replication if it encounters any errors. This can be used to assist loadbalancing, achieve high availabiliy, and faciliate multi-datacenter deployments in hybrid and multi-cloud scenarios.
Harbor scans images regularly for vulnerabilities and has policy checks to prevent vulnerable images from being deployed.
Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor that can then be given permissions to specific projects.
Harbor leverages OpenID Connect (OIDC) to verify the identity of users authenticated by an external authorization server or identity provider. Single sign-on can be enabled to log into the Harbor portal.
Image deletion & garbage collection
System admin can run garbage collection jobs so that images(dangling manifests and unreferenced blobs) can be deleted and their space can be freed up periodically.
Support signing container images using Docker Content Trust (leveraging Notary) for guaranteeing authenticity and provenance. In additon, policies that prevent unsigned images from being deployed can also be activated..
Graphical user portal
User can easily browse, search repositories and manage projects..
All the operations to the repositories are tracked through logs..
RESTful APIs are provided to facilitate administrative operations, and are easy to use for integration with external systems. An embedded Swagger UI is available for exploring and testing the API..
Harbor can be deployed via Docker compose as well Helm Chart, and a Harbor Operator was added recently as well.