![Page 1: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/1.jpg)
Michael Michael @michmike77Maintainer, HarborDirector of PM, VMware
Harbor, the trusted cloud native registry for Kubernetes
![Page 2: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/2.jpg)
© 2019 Cloud Native Computing Foundation2
User Problems & Concerns
• I want consistency of policy and access for my registry
• I want a common way to describe a policy for consistency and security
• I want peace of mind my artifacts are free from vulnerabilities and secure before deployment to Kubernetes
• I want to enforce compliance policies for my artifacts
![Page 3: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/3.jpg)
A Cloud Native Computing Foundation Incubating project
goharbor.io
12kStars
![Page 4: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/4.jpg)
© 2019 Cloud Native Computing Foundation4
Harbor
Open source registry that
secures artifacts with policies
and role-based access control,
ensures images are scanned
and free from vulnerabilities,
and signs images as trusted
Mission - To be the most secure, performant, scalable, and available cloud native repository for Kubernetes
Delivers compliance, performance, and
interoperability to help you consistently and
securely manage artifacts for Kubernetes
![Page 5: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/5.jpg)
© 2019 Cloud Native Computing Foundation5
Core Tenets
• Ownership & Deployment
• Multitenancy
– RBAC, Project Isolation
• Policy
– Quotas, Retention, Immutability, Signing, Vulnerability
• Security & Compliance
– I&AM, Scanning, CVE Exceptions
• Extensibility - Compatible with existing investments in infra & services– Webhooks, Replication, Pluggable Scanners, REST API, Robot Accounts, CLI
Secrets
![Page 6: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/6.jpg)
© 2019 Cloud Native Computing Foundation6
Architecture
![Page 7: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/7.jpg)
© 2019 Cloud Native Computing Foundation7
Feature Progress up to Harbor v2.0
1. Image Retention Policies
2. Project Quotas
3. Webhook Events
4. Introducing new Replication Targets
5. CVE Exception Policies
6. Immutability
7. Pluggable Scanners
8. I&AM improvements (OIDC Groups, Limited Guest, and more)
![Page 8: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/8.jpg)
© 2019 Cloud Native Computing Foundation8
Harbor News
• Harbor v2.0 release
• New website
• New documentation (including search)
• Harbor Operator is released
• CNCF Graduation vote
![Page 9: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/9.jpg)
© 2019 Cloud Native Computing Foundation9
Harbor 2.0
OCI image compliant
Aqua’s Trivy is now the default scanner
Service-to-Service SSL
Robot Account expiration
Webhook trigger customization and Slack integration
Tag improvements
UI Dark Mode
![Page 10: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/10.jpg)
© 2019 Cloud Native Computing Foundation10
OCI Support
![Page 11: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/11.jpg)
© 2019 Cloud Native Computing Foundation11
OCI Index / Docker Manifest List
![Page 12: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/12.jpg)
© 2019 Cloud Native Computing Foundation12 12
The default scanner in Harbor
Simple, Comprehensive, and Fast Vulnerability Scanner for Containers, Suitable for CI with High accuracy
OS package support
Application dependency scanning
Deep scanning
Trivy, by Aqua Security
![Page 13: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/13.jpg)
Demo!
![Page 14: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/14.jpg)
© 2019 Cloud Native Computing Foundation14
Harbor Community
12kGitHub Stars
206 Committers
3k Contributors
13 Maintainers
1.1k Slack
members
12k+Slack
messages
1900Twitter
followers
4 major releases(since May
2019)
3.2kForks
5kDownloads (in last 2 weeks
for v2.0 binaries)
12kCommits
13 Blogs5 Webinars
5.5kPRs
83ContributingCompanies
66kGitHubViews
(in last 2 weeks)
14k GitHubUnique Visitors
(in last 2 weeks)
GitHub Activity
Number of Contributors & Companies
Com
pa
nie
s
Con
tribu
tors
Updated 5/28/2020
![Page 15: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/15.jpg)
© 2019 Cloud Native Computing Foundation15
Roadmap
I&AM Enhancements
Signing PolicyReplication
Proxy Cache
Perf & ScaleGarbage Collection
Interrogation Services
KubernetesOperator
Image Distribution
Security
P2P Distribution
Management
Observability
![Page 16: Harbor, the trusted cloud native registry for Kubernetes · 2020-05-28 · Michael Michael @michmike77 Maintainer, Harbor Director of PM, VMware Harbor, the trusted cloud native registry](https://reader034.vdocument.in/reader034/viewer/2022042405/5f1df78e1ba1873b633a81e0/html5/thumbnails/16.jpg)
lists.cncf.io/g/harbor-userslists.cncf.io/g/harbor-dev
#harbor#harbor-dev
@project_harbor
demo.goharbor.io• Sign up for an account
Collaborate with the Harbor teamGoHarbor.io
https://goharbor.io/community/• APAC+EU: 9pm UTC+8 time zone• Americas: 1pm Pacific time zone