Harbor - An enterprise-class container registry server based on Docker Distribution

  •        127

Project Harbor is an enterprise-class registry server that stores and distributes Docker images. It extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and management. As an enterprise private registry, Harbor offers better performance and security.

Harbor supports the setup of multiple registries and has images replicated between them. With Harbor, the images are stored within the private registry, keeping the bits and intellectual properties behind the company firewall. In addition, Harbor offers advanced security features, such as user management, access control and activity auditing.

  • Role Based Access Control - Users and docker repositories are organized via "projects", a user can have different permission for images under a namespace.
  • Image replication - Images can be replicated (synchronized) between multiple registry instances. Great for load balancing, high availability, hybrid and multi-cloud scenarios.
  • Graphical user portal - User can easily browse, search docker repositories, manage projects/namespaces.
  • AD/LDAP support - Harbor integrates with existing enterprise AD/LDAP for user authentication and management.
  • Auditing - All the operations to the repositories are tracked and can be used for auditing purpose.
  • Internationalization - Already localized for English, Chinese, German, Japanese and Russian. More languages can be added.
  • RESTful API - RESTful APIs are provided for most administrative operations of Harbor. The integration with other management softwares becomes easy.
  • Easy deployment - Provide both an online and offline installer. Besides, a virtual appliance for vSphere platform (OVA) is available.

http://vmware.github.io/harbor/
https://github.com/vmware/harbor

Tags
Implementation
License
Platform

   




Related Projects

Portus - Authorization service and frontend for Docker registry (v2)


Portus is an authorization server and a user interface for the next generation of the Docker registry. Portus targets version 2 of the Docker Registry API. The minimum required version of Registry is 2.1, which is the first version supporting soft deletes of blobs. Portus supports the concept of users and teams. Users have their own personal Docker namespace where they have both read (aka docker pull) and write (aka docker push) access. A team is a group of users that have read and write access to a certain namespace. You can read more about this in our documentation page about it.

docker-registry-ui - A web frontend/UI for easy private/local Docker Registry integration


A web UI for easy private/local Docker Registry integration.Docker Registry UI is a mature, easy-to-use and fast web application for administering your Docker Registry through a sleek user interface. You can register one-to-many registries and then browse, search and delete images.

docker-registry-web - Web UI for private docker registry v2


Web UI, authentication service and event recorder for private docker registry v2.Do not use registry as registry container name, it will break REGISTRY_NAME environment variable.

Distribution - The Docker toolset to pack, ship, store, and deliver content


The Docker toolset to pack, ship, store, and deliver content. This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-registry project with a new API design, focused around security and performance.

crane - Yet another control plane based on docker built-in swarmkit


Crane, maintained by dataman-cloud, is a docker control panel based on latest docker release. Besides swarm features, Crane implements some badly needed functionalities by enterprise user, such as private registries authentication, ACL and application DAB(distributed application bundle) sharing. The smart fuzzy search function give user quickly access to the desired page. Crane can help storing registry auth pair, from where you can choose a predefined registry auth pair when deploying a DAB, without the need to docker login when access private image. Crane can also help sharing your private images with your coworkers easily.CRANE_IP should be assigned the real host ip address of the running Crane host which is the swarm manager also.


Docker-Secure-Deployment-Guidelines - Deployment checklist for securely deploying Docker


Within today’s growing cloud-based IT market, there is a strong demand for virtualisation technologies. Unfortunately most virtualisation solutions are not flexible enough to meet developer requirements and the overhead implied by the use of full virtualisation solutions becomes a burden on the scalability of the infrastructure. Docker reduces that overhead by allowing developers and system administrators to seamlessly deploy containers for applications and services required for business operations. However, because Docker leverages the same kernel as the host system to reduce the need for resources, containers can be exposed to significant security risks if not adequately configured. The following itemised list suggests hardening actions that can be undertaken to improve the security posture of the containers within their respective environment. It should be noted that proposed solutions only apply to deployment of Linux Docker containers on Linux-based hosts, using the most recent release of Docker at the time of this writing (1.4.0, commit 4595d4f, dating 11/12/14). Part of the content below is based on publications from Jérôme Petazzoni [1] and Daniel J Walsh [2]. This document aims at adding on to their recommendations and how they can specifically be implemented within Docker. Note: Most of suggested command line options can be stored and used in a similar manner inside a Dockerfile for automated image building. Docker 1.3 now supports cryptographic signatures [3] to ascertain the origin and integrity of official repository images. This feature is however still a work in progress as Docker will issue a warning but not prevent the image from actually running. Furthermore, it does not apply to non-official images. In general, ensure that images are only retrieved from trusted repositories and that the --insecure-registry=[] command line option is never used.

docker_auth - Authentication server for Docker Registry 2


The original Docker Registry server (v1) did not provide any support for authentication or authorization. Access control had to be performed externally, typically by deploying Nginx in the reverse proxy mode with Basic or other type of authentication. While performing simple user authentication is pretty straightforward, performing more fine-grained access control was cumbersome. Docker Registry 2.0 introduced a new, token-based authentication and authorization protocol, but the server to generate them was not released. Thus, most guides found on the internet still describe a set up with a reverse proxy performing access control.

reg - Docker registry v2 command line client.


Docker registry v2 command line client.reg will automatically try to parse your docker config credentials, but if not present, you can pass through flags directly.

docket - Docket - Custom docker registry that allows for lightning fast deploys through bittorrent


Docket is a custom docker registry that allows for deployments through bittorrent. It allows for lightning fast Docker image deploys across large number of machines.This was designed and built in 48 hours as part of the Gopher Gala Golang 48 hour hackathon. Hence kindly forgive me for the hackish code, and lack of tests.

Registrator - Service registry bridge for Docker with pluggable adapters


Service registry bridge for Docker. Registrator automatically registers and deregisters services for any Docker container by inspecting containers as they come online. Registrator supports pluggable service registries, which currently includes Consul, etcd and SkyDNS 2.

PiCluster - Manage Docker Containers


PiCluster is a simple way to manage Docker containers on multiple hosts. Docker Swarm not that good and Kubernetes was too difficult to install currently on ARM. PiCluster will only build and run images from Dockerfile's on the host specified in the config file. This software will work on regular x86 hardware also and is not tied to ARM.

DockerCheatSheet - 🐋 Docker Cheat Sheet 🐋


This repository is trending on Github since some days now. Watch it, we will add many updates in the future. Thank you for your support.Check the website.

delete-docker-registry-image - If you are running a private v2 docker registry, and you are storing your data on disk, running this script from the machine where the data lives will let you fully delete an image or tag


You can also just edit the script where this variable is set to make it work for your setup. This complimentary script is made to remove tags in repository based on regexp pattern.

centurion - A mass deployment tool for Docker fleets


A deployment tool for Docker. Takes containers from a Docker registry and runs them on a fleet of hosts with the correct environment variables, host volume mappings, and port mappings. Supports rolling deployments out of the box, and makes it easy to ship applications to Docker servers.We're using it to run our production infrastructure.

jib - :sailboat: Build container images for your Java applications.


Jib builds Docker and OCI images for your Java applications and is available as plugins for Maven and Gradle. Maven: See documentation for jib-maven-plugin. Gradle: See documentation for jib-gradle-plugin.

Dragonfly - Dragonfly is an intelligent P2P based file distribution system.


Dragonfly is an intelligent P2P based file distribution system. It resolved issues like low-efficiency,low-success rate,waste of network bandwidth you faced in large-scale file distribution scenarios such as application deployment, large-scale cache file distribution, data file distribution, images distribution etc. In Alibaba, the system transferred 2 billion times and distributed 3.4PB data every month, it becomes one of the most important infrastructure in Alibaba. The reliability is up to 99.9999%. DevOps takes a lot of benefits from container technologies . but at the same time, it also bring a lot of challenges: the efficiency of image distribution, especially when you have a lot of applications and require image distribution at the same time. Dragonfly works extremely well with both Docker and Pouch, and actually we compatible with any other container technologies without any modifications of container engine.

container-diff - container-diff: Diff your Docker containers


container-diff supports Docker images located in both a local Docker daemon and a remote registry. To explicitly specify a local image, use the daemon:// prefix on the image name; similarly, for an explicitly remote image, use the remote:// prefix.

docker-swarm-visualizer - A visualizer for Docker Swarm Mode using the Docker Remote API, Node


Also this is a sample app meant for learning Docker. Running this app in production is insecure and should be avoided. If you want to run it in production you must take all security precautions, and in particular Protect the Docker daemon socket with SSL.This project was originally created by Francisco Miranda for the 2015 DockerCon EU keynote. It was adapted to be used for the 2016 DockerCon US keynote showcasing Docker swarm mode. Since then the community has generously contributed many updates. Thanks to all the contributors, and a special thanks to @DovAmir and @alexellis for their big contributions.

Convox Rack - Open-source PaaS, Built entirely on AWS cloud services for maximum privacy and minimum upkeep


Convox Rack is open source PaaS built on top of expert infrastructure automation and devops best practices. Rack gives you a simple developer-focused API that lets you build, deploy, scale and manage apps on private infrastructure with ease.

registrator - Service registry bridge for Docker


Service registry bridge for Docker