Skip to content

Container Registry project

A project is a collection of repositories. Each repository contains all the images pushed into it. When you launch Container Registry, the "Projects" screen is displayed. On this screen, the project with the name same as your tenant name is displayed. The following screenshot shows the "Projects" screen:

Container registry

① Navigation pane.

② Option to add new projects.

③ Table displays the details of the project.

④ Information area showing the number of private and public projects and repositories.

⑤ Provides tabs to view a list of all the local events, running events, and failed events.

Click on a project to view/configure it further. The following sections describe important navigation tabs on this screen.

Creating New projects

  1. Click the “+ New Project“ button in the “Projects” menu. The following pop-up window appears.
    New project
  2. Enter an appropriate project name.
  3. If the “Access level” “Public” checkbox is enabled, any Harbor user will have read permission to the repositories under this project.
  4. Define the number of artifacts using the "Count quota" option. For unlimited quota, enter '-1'.
  5. Define the storage consumption quota and select the storage unit using the “Storage quota” option. For unlimited quota, enter '-1'.
  6. Click “Ok” to create a new project.

Administrators can delete any project available within the tenant. A developer can delete a project if the access level is "Project Admin" for that project.

Summary

The summary tab shows information such as the number of repositories, Helm Charts, members, and the Quotas allocated for a selected project.

Summary

Repositories

In this tab, a table of repositories within a selected project is displayed.

  • To download the registry certification, click "REGISTRY CERTIFICATE".
  • To copy the syntax to tag or push an image, use the "PUSH IMAGE DOCKER COMMAND" list.
  • To display the details of repositories as cards, click on the Option icon.

Repositories

pun8cr01

Helm Charts

Helm is a package manager for Kubernetes, and it uses a packaging format called charts. This tab shows information on all existing helm charts within a selected project.

Helm charts

  • To upload a new Chart, click "UPLOAD", browse the chart file and provenance file from your file system, and click "UPLOAD".

    Upload chart files

  • You can download an existing Chart using the "DOWNLOAD" button. You can also remove a selected Chart file using the "DELETE" button.

Members

This tab shows all the members of a project and their roles.

  • To add a member, click "USER", enter the member name, select the required role, and then click "OK". You can only add users on the same tenant with the role mdsp:core:mcradvanced.developer to the project. By default, the mdsp:core:mcradvanced.admin will have access to the project.

    New member

  • To update role(s), select the member(s), click "ACTIONS", and then select the required role.
    Similarly, you can remove the selected member(s).

    Project admin

Labels

Harbor provides two types of labels to isolate different types of resources:

  • Global Level Label: Managed by Harbor system administrators and used to manage the images of the whole system. They can be added to images under any project. For more information on Global level label, see Section Configuration.

  • Project Level Label: Managed by project administrators under a project and can only be added to the images of the project. You can "EDIT" or "DELETE" a selected label using the corresponding options available in the "Labels" tab.

    Heat detector

Logs

This tab shows all the recorded logs. It shows username, repository name, version number, type of operation, and the time when the operation was performed.

Logs

You can filter the logs based on operations and dates using the "ADVANCED" search option.

Logs tab

Robot Accounts

Container Registry Admins can create Robot Accounts and these accounts are intended to perform docker push/pull operations using a token.

Robot Accounts

  • To create a robot account, click "NEW ROBOT ACCOUNT", enter a name and a description, select permission(s), and then click "SAVE".

    Create Robot Account

Note

The "pull" permission for Image is enabled by default.

  • You can disable or delete a robot account using the "ACTION" list.

    Disable Account

Tag Retention

Using this feature, you can define rules that govern how many artifacts of a given repository to retain, or for how long to retain certain artifacts.

Tag Retention

For more information such as add new rule, edit schedule, test rules, refer to the Harbor documentation.

Tag Immutability

The Tag Immutability feature allows you to configure tag immutability at the project level so that artifacts with certain tags cannot be pushed into Harbor if their tags match existing tags. This feature ensures that an immutable tagged image can neither be deleted nor be altered by re-pushing, re-tagging, or replicating.

Tag immutability

For more details such as add a new rule, refer to the Harbor documentation.

Webhooks

Within this tab, you can configure webhooks so that the Harbor notifies the webhook endpoint of certain events that occur in a project, including push, pull, deletion of images and Helm charts, image scanning, and vulnerability discoveries.

Webhooks

Scanner

This tab shows the available Scanners within a selected project.

Scanner

Configuration

You can configure projects so that the images with vulnerabilities cannot be run, and automatically scan images as soon as they are pushed into the project.

Configuration

  • To make all repositories under the project accessible to everyone, select the “Public” checkbox.
  • To prevent un-signed images under the project from being pulled, select the “Enable content trust” checkbox.
  • To prevent vulnerable images under the project from being pulled, select the “Prevent vulnerable images from running” checkbox and change the severity level of vulnerabilities.
    Images cannot be pulled if their level equals to or higher than the currently selected level.
  • To activate an immediate vulnerability scan on new images that are pushed to the project, select the “Automatically scan images on push” check box.

Note

If the “Automatically scan images on push” feature is enabled, new internal robot accounts will be created and their activities are tracked under "Projects" > "Logs".

  • To ignore certain Common Vulnerabilities and Exposures (CVE), create a whitelist of CVEs at the project level or copy from the system. You can also define the expiry of the whitelist item.

Any questions left?

Ask the community

Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.

Last update: May 6, 2022