Total Pageviews

Monday, 22 August 2016

harbor项目

An enterprise-class container registry server based on Docker Distribution 

Project Harbor is an enterprise-class registry server that stores and distributes Docker images. Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. As an enterprise private registry, Harbor offers better performance and security. Having a registry closer to the build and run environment improves the image transfer efficiency. Harbor supports the setup of multiple registries and has images replicated between them. With Harbor, the images are stored within the private registry, keeping the bits and intellectual properties behind the company firewall. In addition, Harbor offers advanced security features, such as user management, access control and activity auditing.

Features

  • Role based access control: Users and repositories are organized via 'projects' and a user can have different permission for images under a project.
  • Image replication: Images can be replicated (synchronized) between multiple registry instances. Great for load balancing, high availability, hybrid and multi-cloud scenarios.
  • Graphical user portal: User can easily browse, search repositories and manage projects.
  • AD/LDAP support: Harbor integrates with existing enterprise AD/LDAP for user authentication and management.
  • Auditing: All the operations to the repositories are tracked.
  • Internationalization: Already localized for English, Chinese, German, Japanese and Russian. More languages can be added.
  • RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems.
  • Easy deployment: docker compose and offline installer.

Install

System requirements: Harbor only works with docker 1.10.0+ and docker-compose 1.6.0+.

Install via docker compose

On an Internet connected host, Harbor can be easily installed via docker-compose: 
  1. Get the source code:
    $ git clone https://github.com/vmware/harbor
  2. Edit the file Deploy/harbor.cfg, make necessary configuration changes such as hostname, admin password and mail server. Refer to Installation and Configuration Guide for more info. 
  3. Install Harbor with the following commands. Note that the docker-compose process can take a while.
    $ cd Deploy
    
    $ ./prepare
    Generated configuration file: ./config/ui/env
    Generated configuration file: ./config/ui/app.conf
    Generated configuration file: ./config/registry/config.yml
    Generated configuration file: ./config/db/env
    
    $ docker-compose up -d

Install via offline installer

For those who do not want to clone the source, or need to install Harbor on a server not connected to the Internet, there is a pre-built installation package available. For details on how to download and use the installation package, please refer to Installation and Configuration Guide.

After installation

If everything worked properly, you should be able to open a browser to visit the admin portal at http://reg.yourdomain.com. Note that the default administrator username/password are admin/Harbor12345.
Log in to the admin portal and create a new project, e.g. myproject. You can then use docker commands to login and push images (by default, the registry server listens on port 80):
$ docker login reg.yourdomain.com
$ docker push reg.yourdomain.com/myproject/myrepo:mytag

Upgrade

If you are upgrading Harbor from an older version with existing data, you need to migrate the data to fit the new database schema. For more details, please refer to Data Migration Guide.

Run

For information on how to use Harbor, please take a look at User Guide.

Community

Get connected with Project Harbor's community and sign up with VMware {code} https://code.vmware.com/join/ to get invited to VMware {code} Slack group, Channel: #harbor.
from https://github.com/vmware/harbor
------

An open source trusted cloud native registry project that stores, signs, and scans content.

Harbor

Build Status Coverage Status Go Report Card CII Best Practices Codacy Badge Nightly Status

notificationCommunity Meeting
The Harbor Project holds bi-weekly community calls in two different timezones. To join the community calls or to watch previous meeting notes and recordings, please visit the meeting schedule.
We welcome you to join the below Harbor community events and meet with project maintainers and users:
November 18-21, 2019, KubeCon US, San Diego: Harbor Lunch & Learn led by Joe Beda, Intro and Deep-dive sessions.


Note: The master branch may be in an unstable or even broken state during development. Please use releases instead of the master branch in order to get a stable set of binaries.
Harbor
Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries, and also offers advanced security features such as user management, access control and activity auditing.
Harbor is hosted by the Cloud Native Computing Foundation (CNCF). If you are an organization that wants to help shape the evolution of cloud native technologies, consider joining the CNCF. For details about who's involved and how Harbor plays a role, read the CNCF announcement.

Features

  • Cloud native registry: With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.
  • Role based access control: Users and repositories are organized via 'projects' and a user can have different permission for images or Helm charts under a project.
  • Policy based replication: Images and charts can be replicated (synchronized) between multiple registry instances based on policies with multiple filters (repository, tag and label). Harbor automatically retries a replication if it encounters any errors. Great for load balancing, high availability, multi-datacenter, hybrid and multi-cloud scenarios.
  • Vulnerability Scanning: Harbor scans images regularly and warns users of vulnerabilities.
  • LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor and assigning proper project roles to them.
  • OIDC support: Harbor leverages OpenID Connect (OIDC) to verify the identity of users authenticated by an external authorization server or identity provider. Single sign-on can be enabled to log into the Harbor portal.
  • Image deletion & garbage collection: Images can be deleted and their space can be recycled.
  • Notary: Image authenticity can be ensured.
  • Graphical user portal: User can easily browse, search repositories and manage projects.
  • Auditing: All the operations to the repositories are tracked.
  • RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems. An embedded Swagger UI is available for exploring and testing the API.
  • Easy deployment: Provide both an online and offline installer. In addition, a Helm Chart can be used to deploy Harbor on Kubernetes.

API

  • Harbor RESTful API: The APIs for most administrative operations of Harbor and can be used to perform integrations with Harbor programmatically.
  • Scanner Open API: This API must be implemented in order to register a new artifact scanner in Harbor registry.

Install & Run

System requirements:
On a Linux host: docker 17.06.0-ce+ and docker-compose 1.18.0+ .
Download binaries of Harbor release and follow Installation & Configuration Guide to install Harbor.
If you want to deploy Harbor on Kubernetes, please use the Harbor chart.
Refer to User Guide for more details on how to use Harbor.

Community

Additional Tools

Tools layered on top of Harbor and contributed by community.
  • Harbor.Tagd
    • Automates the process of cleaning up old tags from your Harbor container registries.
    • Lead by @nlowe from HylandSoftware.

Demos

  • Live Demo - A demo environment with the latest Harbor stable build installed. For additional information please refer to this page.
  • Video Demos - Demos for Harbor features and continuously updated.

Partners and Users

For a list of users, please refer to ADOPTERS.md.

from https://github.com/goharbor/harbor