Harbor - An enterprise-class container registry server based on Docker Distribution

  •        151

Project Harbor is an enterprise-class registry server that stores and distributes Docker images. It extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. As an enterprise private registry, Harbor offers better performance and security.

Harbor supports the setup of multiple registries and has images replicated between them. With Harbor, the images are stored within the private registry, keeping the bits and intellectual properties behind the company firewall. In addition, Harbor offers advanced security features, such as user management, access control and activity auditing.

  • Role Based Access Control - Users and docker repositories are organized via "projects", a user can have different permission for images under a namespace.
  • Image replication - Images can be replicated (synchronized) between multiple registry instances. Great for load balancing, high availability, hybrid and multi-cloud scenarios.
  • Graphical user portal - User can easily browse, search docker repositories, manage projects/namespaces.
  • AD/LDAP support - Harbor integrates with existing enterprise AD/LDAP for user authentication and management.
  • Auditing - All the operations to the repositories are tracked and can be used for auditing purpose.
  • Internationalization - Already localized for English, Chinese, German, Japanese and Russian. More languages can be added.
  • RESTful API - RESTful APIs are provided for most administrative operations of Harbor. The integration with other management softwares becomes easy.
  • Easy deployment - Provide both an online and offline installer. Besides, a virtual appliance for vSphere platform (OVA) is available.

http://vmware.github.io/harbor/
https://github.com/vmware/harbor

Tags
Implementation
License
Platform

   




Related Projects

Portus - Authorization service and frontend for Docker registry (v2)

  •    Ruby

Portus is an authorization server and a user interface for the next generation of the Docker registry. Portus targets version 2 of the Docker Registry API. The minimum required version of Registry is 2.1, which is the first version supporting soft deletes of blobs. Portus supports the concept of users and teams. Users have their own personal Docker namespace where they have both read (aka docker pull) and write (aka docker push) access. A team is a group of users that have read and write access to a certain namespace. You can read more about this in our documentation page about it.

docker-registry-ui - A web frontend/UI for easy private/local Docker Registry integration

  •    Groovy

A web UI for easy private/local Docker Registry integration.Docker Registry UI is a mature, easy-to-use and fast web application for administering your Docker Registry through a sleek user interface. You can register one-to-many registries and then browse, search and delete images.

docker-registry-web - Web UI for private docker registry v2

  •    Groovy

Web UI, authentication service and event recorder for private docker registry v2.Do not use registry as registry container name, it will break REGISTRY_NAME environment variable.

docker-registry-ui - A web frontend/UI for easy private/local Docker Registry integration

  •    Groovy

A web UI for easy private/local Docker V1 or V2 Registry integration. Docker Registry UI is a mature, easy-to-use and fast web application for administering your Docker Registry through a sleek user interface. You can register one-to-many registries and then browse, search and delete images.

reg - Docker registry v2 command line client and repo listing generator with security checks.

  •    Go

Docker registry v2 command line client and repo listing generator with security checks. For installation instructions from binaries please visit the Releases Page.


Distribution - The Docker toolset to pack, ship, store, and deliver content

  •    Go

The Docker toolset to pack, ship, store, and deliver content. This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-registry project with a new API design, focused around security and performance.

crane - Yet another control plane based on docker built-in swarmkit

  •    Go

Crane, maintained by dataman-cloud, is a docker control panel based on latest docker release. Besides swarm features, Crane implements some badly needed functionalities by enterprise user, such as private registries authentication, ACL and application DAB(distributed application bundle) sharing. The smart fuzzy search function give user quickly access to the desired page. Crane can help storing registry auth pair, from where you can choose a predefined registry auth pair when deploying a DAB, without the need to docker login when access private image. Crane can also help sharing your private images with your coworkers easily.CRANE_IP should be assigned the real host ip address of the running Crane host which is the swarm manager also.

docker_auth - Authentication server for Docker Registry 2

  •    Go

The original Docker Registry server (v1) did not provide any support for authentication or authorization. Access control had to be performed externally, typically by deploying Nginx in the reverse proxy mode with Basic or other type of authentication. While performing simple user authentication is pretty straightforward, performing more fine-grained access control was cumbersome. Docker Registry 2.0 introduced a new, token-based authentication and authorization protocol, but the server to generate them was not released. Thus, most guides found on the internet still describe a set up with a reverse proxy performing access control.

Docker-Secure-Deployment-Guidelines - Deployment checklist for securely deploying Docker

  •    

Within today’s growing cloud-based IT market, there is a strong demand for virtualisation technologies. Unfortunately most virtualisation solutions are not flexible enough to meet developer requirements and the overhead implied by the use of full virtualisation solutions becomes a burden on the scalability of the infrastructure. Docker reduces that overhead by allowing developers and system administrators to seamlessly deploy containers for applications and services required for business operations. However, because Docker leverages the same kernel as the host system to reduce the need for resources, containers can be exposed to significant security risks if not adequately configured. The following itemised list suggests hardening actions that can be undertaken to improve the security posture of the containers within their respective environment. It should be noted that proposed solutions only apply to deployment of Linux Docker containers on Linux-based hosts, using the most recent release of Docker at the time of this writing (1.4.0, commit 4595d4f, dating 11/12/14). Part of the content below is based on publications from Jérôme Petazzoni [1] and Daniel J Walsh [2]. This document aims at adding on to their recommendations and how they can specifically be implemented within Docker. Note: Most of suggested command line options can be stored and used in a similar manner inside a Dockerfile for automated image building. Docker 1.3 now supports cryptographic signatures [3] to ascertain the origin and integrity of official repository images. This feature is however still a work in progress as Docker will issue a warning but not prevent the image from actually running. Furthermore, it does not apply to non-official images. In general, ensure that images are only retrieved from trusted repositories and that the --insecure-registry=[] command line option is never used.

reg - Docker registry v2 command line client.

  •    Go

Docker registry v2 command line client.reg will automatically try to parse your docker config credentials, but if not present, you can pass through flags directly.

docket - Docket - Custom docker registry that allows for lightning fast deploys through bittorrent

  •    Go

Docket is a custom docker registry that allows for deployments through bittorrent. It allows for lightning fast Docker image deploys across large number of machines.This was designed and built in 48 hours as part of the Gopher Gala Golang 48 hour hackathon. Hence kindly forgive me for the hackish code, and lack of tests.

Registrator - Service registry bridge for Docker with pluggable adapters

  •    Go

Service registry bridge for Docker. Registrator automatically registers and deregisters services for any Docker container by inspecting containers as they come online. Registrator supports pluggable service registries, which currently includes Consul, etcd and SkyDNS 2.

PiCluster - Manage Docker Containers

  •    Javascript

PiCluster is a simple way to manage Docker containers on multiple hosts. Docker Swarm not that good and Kubernetes was too difficult to install currently on ARM. PiCluster will only build and run images from Dockerfile's on the host specified in the config file. This software will work on regular x86 hardware also and is not tied to ARM.

hadoop-docker - Hadoop docker image

  •    Shell

A few weeks ago we released an Apache Hadoop 2.3 Docker image - this quickly become the most popular Hadoop image in the Docker registry. Following the success of our previous Hadoop Docker images, the feedback and feature requests we received, we aligned with the Hadoop release cycle, so we have released an Apache Hadoop 2.7.1 Docker image - same as the previous version, it's available as a trusted and automated build on the official Docker registry.

DockerCheatSheet - 🐋 Docker Cheat Sheet 🐋

  •    

This repository is trending on Github since some days now. Watch it, we will add many updates in the future. Thank you for your support.Check the website.

captain - Captain - Convert your Git workflow to Docker :whale: containers

  •    Go

Define your workflow in the captain.yaml and use captain to your Continuous Delivery service to create containers for each commit, test them and push them to your registry only when tests passes. From the other side, you can now pull the feature branch you want to test, or create distribution channels (such as 'alpha', 'beta', 'stable') using git tags that are propagated to container tags.

delete-docker-registry-image - If you are running a private v2 docker registry, and you are storing your data on disk, running this script from the machine where the data lives will let you fully delete an image or tag

  •    Python

You can also just edit the script where this variable is set to make it work for your setup. This complimentary script is made to remove tags in repository based on regexp pattern.

centurion - A mass deployment tool for Docker fleets

  •    Ruby

A deployment tool for Docker. Takes containers from a Docker registry and runs them on a fleet of hosts with the correct environment variables, host volume mappings, and port mappings. Supports rolling deployments out of the box, and makes it easy to ship applications to Docker servers.We're using it to run our production infrastructure.

furan - Scale out Docker builds

  •    Go

Furan is a horizontally-scalable Docker build microservice (API) that builds and pushes Docker images from a specified GitHub repository to a specified target (registry or S3). Furan is fast! Optimized for build speed, Furan runs operations in memory instead of disk. Optionally, it can be configured to run all builds within a RAM disk. Furan streams directly from GitHub to a local Docker daemon without temporary files.

jib - :sailboat: Build container images for your Java applications.

  •    Java

Jib builds Docker and OCI images for your Java applications and is available as plugins for Maven and Gradle. Maven: See documentation for jib-maven-plugin. Gradle: See documentation for jib-gradle-plugin.