Habor Installation

Harbor Installation Page

What is Harbor?

From the website:

Harbor is an open source registry that secures artifacts with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud native compute platforms like Kubernetes and Docker.

Cyber@UC is mainly interested in the open source registry abilities of harbor, but as our knowledge base continues to grow we can move into more of the advanced features.

Why Are We Using Habor?

The original need for Harbor arouse due to the fact that as we were running pipelines in gitlab the beginning stage of each job would stall for anywhere between 30s - 1min due to downloading the docker image. We switched the gitlab runners' allowed_pull_policies to allow for the if-not-present config. While this sped up the gitlab pipelines slightly it did not show significant improvement. It was determined that the major slow down was constantly talking over the internet to remote registries. Harbor allows us to self-host a registry within our local network, significantly speeding up data speeds for downloading and uploading docker images/containers.

How Our Setup Differs

Harbor is currently not configured to use HTTPS as the infrastructure does not currently exist internally. This causes docker to not natively trust the registry and it will refuse connections. There is currently only one project called gitlab where all of the images generated from our gitlab our pushed. The bot information to allow for the pushing of images from gitlab are declared as top-level variables in the CyberAtUC gitlab group.