Harbor
distribution
Our great sponsors
Harbor | distribution | |
---|---|---|
74 | 15 | |
22,485 | 8,379 | |
2.9% | 1.9% | |
9.7 | 9.4 | |
3 days ago | 7 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Harbor
-
Docker Private Registry using Harbor
cat << EOF wget \ https://github.com/goharbor/harbor/releases/download/v2.9.4/\ harbor-offline-installer-v2.9.4.tgz EOF
-
Signing container images: Comparing Sigstore, Notary, and Docker Content Trust
Now that you know a little more about Cosign, Notary, and DCT, we will take it one step further by using one of these tools: Cosign. For this example, we will use the simple Docker registry:2 reference image to run a simple registry. In a real-world scenario, a managed registry such as Harbor, Amazon ECR, Docker Hub, etc.
- Docker pull through cache to multiple upstreams, that you can also push to
-
tcp i/o timeout when installing network plugin in "high secure environment"
Have a look at harbor, you can also use it to follow the same methods for helm charts etc.
-
How to build a docker image and still use Watchtower
Or for something more advanced https://goharbor.io/
-
Scan selfhosted docker images for vulnerabilities automatically
Look at https://goharbor.io/
-
Docker has reversed its decision to sunset the “Docker Free Team” plan.
You can host your own image repo if your feeling feisty. Harbor is a graduated project from the CNCF and they are also working on a new implementation called Dragonfly. https://goharbor.io/
- We're no longer sunsetting the Free Team plan | Docker
-
Docker's deleting Open Source images and here's what you need to know
Does anybody know whether there could be something like an open/libre container registry?
Maybe the cloud native foundation or the linux foundation could provide something like this to prevent vendor lock-ins?
I was coincidentially trying out harbor again over the last days, and it seems nice as a managed or self-hosted alternative. [1] after some discussions we probably gonna go with that, because we want to prevent another potential lock-in with sonarpoint's nexus.
Does anybody have similar migration plans?
[1] https://goharbor.io
-
Iron Bank: Secure Registries, Secure Containers
2) Harbor instance registry
distribution
-
How Do I Actually Use Docker?
To transfer the image between your local machine and the server, you'll need a registry such as Docker Hub or GitHub Container Registry. (Technically you can compress images and distribute them as files but it's more of a headache than it's worth) There are plenty of registries that will allow you to host private images if that's a concern for you, but it will be harder to find a free/cheap solution. You can also host your own registry using the Distribution Project. But be warned that while hosting a basic registry is really easy, locking it down can be a pain because of the lack of well maintained and easy to use projects.
-
Go doesn’t do any magical stuff and I love that
The open source repository my colleague and I reference in this talk can be seen at https://github.com/distribution/distribution/
-
Good options for HA docker registry?
FWIW, the open source registry application itself is essentially stateless. You just run multiple copies of it and point all of them at the same storage for a High Availability setup. If you have GlusterFS, you can mount it to the local filesystem and use the filesystem storage driver, though you may need to tweak settings for it to function properly (example).
- Self-Hosting container registry
-
Ask HN: Has anyone self/on-prem hosted a container registry
It's always been one of those items deep down on the "to consider" list, and my rationale was that there really aren't any straight-forward solutions for this and with Gitlab and Github offering their own registries it was never a problem.
But yesterday I found out that Docker's Registry core (Distribution) [0] is OpenSource (and used by other registries too!), but I haven't seen many mentions of it until then. I've checked out their documentation and it seems solid.
So, what is your experience with self-hosting registries be it Distribution, Harbour or something else. Any hidden PITA? I myself will spin Distribution up on the dev env and see how it goes!
[0]: https://github.com/distribution/distribution
-
What is "registry"?
The original registry "distribution" project (which is the base of Docker Hub, Harbor, etc) was donated to the CNCF: https://github.com/distribution/distribution
-
Harbor + Kubernetes = Self-Hosted Container Registry
Evaluated this a couple of weeks back. Ended up going for registry:2 aka distribution/distribution + https://github.com/cesanta/docker_auth + https://github.com/Quiq/docker-registry-ui
-
Docker desktop no longer free for large companies
> There's a standards conversion going on where we can trace the provenance of each and every layer of the image, we can start signing those layers, and with that metadata, we can start doing automated decisioning, automated reporting, automated visibility into what's been done to that image at each step of the lifecycle.
Docker's CEO is being disingenuous. When you deploy a Docker container, you specify the image ID. The ID looks like a SHA-256 digest and even starts with the string 'sha256' but it is an arbitrary value generated by the docker daemon on the local machine. The ID is not a hash of the image contents [0]. In other words, docker images are not content-addressed.
Since docker images are not content-addressed, your image registry and image transfer tools can subvert the security of your production systems. The fix is straightforward: make an image ID be the SHA-256 digest of the image contents, which is the same everywhere: on your build system, image registry, test system, and production hosts. This fix will increase supply chain security for all Docker users. It is massive low-hanging fruit.
Now Docker will add image signatures without first making images content-addressed. Their decision makes sense only if their goal is to make money and not make a secure product. I cannot trust a company with such priorities.
[0] https://github.com/distribution/distribution/issues/1662
-
Any lightweight docker registry host suggestion?
no docker distribution please, https://github.com/distribution/distribution seems hard to run and config.
-
Suggestions for self hosted container registries?
I’ve not used it myself but it does look like the Docker registry itself is open source https://docs.docker.com/registry/deploying/ and https://github.com/distribution/distribution
What are some alternatives?
Portainer - Making Docker and Kubernetes management easy.
Portus - Authorization service and frontend for Docker registry (v2)
Dragonfly - This repository has be archived and moved to the new repository https://github.com/dragonflyoss/Dragonfly2.
phoneinfoga - Information gathering framework for phone numbers
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
chartmuseum - helm chart repository server
distribution-library-image
gitlab
machine
ingress-nginx - Ingress-NGINX Controller for Kubernetes
containerd - An open and reliable container runtime