Skip to content

Container Registry project

A project is a collection of repositories. Each repository contains all the images pushed into it. When you launch Container Registry, the "Projects" screen is displayed. On this screen, the project with the name same as your tenant name is displayed. The following screenshot shows the "Projects" screen:

Container Registry

① Navigation pane.

② Table displays the details of the project.

③ Information area showing number of private and public projects and repositories. Currently, public projects or repositories are not supported.

④ Provides tabs to view a list of all the local events, running events, and failed events.

To configure a project, click on the respective project name. The following sections describe the possible configurations within a project.

Summary

The summary tab shows information such as the number of repositories, Helm Charts, members, and the Quotas allocated for a selected project.

Summary

Repositories

In this tab, a table of repositories within a selected project is displayed.

Repositories

  • To download the registry certification, click "REGISTRY CERTIFICATE".
  • To copy the syntax to tag or push an image, use the "PUSH IMAGE DOCKER COMMAND" list.

Push image docker command

  • To display the details of repositories as cards, click on the Option icon.

Registry certificate

Helm Charts

Helm is a package manager for Kubernetes, and it uses a packaging format called charts. This tab shows information of all existing helm charts within a selected project.

Helm Charts

  • To upload a new Chart, click "UPLOAD", browse the chart file and provenance file from your file system, and click "UPLOAD".

Upload chart files

  • You can download an existing Chart using the "DOWNLOAD" button. You can also remove a selected Chart file using the "DELETE" button.

Members

This tab shows all the members of a project and their roles.

  • To add a member, click "USER", enter the member name, select the required role, and then click "OK". You can only add the existing members to the project. The users are created in Harbor.

New member

  • To update role(s), select the member(s), click "ACTIONS", and then select the required role.
    Similarly, you can remove the selected member(s).

Project Admin

Labels

Developer administrators can create Labels within a selected project. These labels are project specific, that is, they can only be added to the images of the selected project.

Labels

You can "EDIT" or "DELETE" a selected label using the corresponding options available in the "Labels" tab.

Logs

This tab shows all the recorded logs. It shows user name, repository name, version number, type of operation, and the time when the operation was performed.

Logs

You can filter the logs based on operations and dates using the "ADVANCED" search option.

Advanced log

Robot Accounts

Developer administrators can create Robot Accounts and these accounts are intended to perform docker push / docker pull operations using a token.

Robot Accounts

  • To create a robot account, click "NEW ROBOT ACCOUNT", enter a name and a description, select permission(s), and then click "SAVE".

    Create Robot Account

Note

The "pull" permission for Image is enabled by default.

You can disable or delete a robot account using the "ACTION" list.

Disable account

Tag Retention

Using this feature, you can define rules that govern how many artifacts of a given repository to retain, or for how long to retain certain artifacts.

Tag retention

For more information such as add new rule, edit schedule, test rules etc., refer to Harbor documentation.

Tag Immutability

The Tag Immutability feature allows you to configure tag immutability at the project level, so that artifacts with certain tags cannot be pushed into Harbor if their tags match existing tags. This feature ensures that an immutable tagged image can neither be deleted nor be altered by re-pushing, re-tagging, or replicating.

Tag Immutability

For more details such as add new rule, refer to Harbor documentation.

Webhooks

Within this tab, you can configure webhooks so that the Harbor notifies the webhook endpoint of certain events that occur in a project, including push, pull, deletion of images and Helm charts, image scanning, and vulnerability discoveries.

Webhooks

Scanner

This tab shows the available Scanners within a selected project.

Scanner

Configuration

You can configure projects so that images with vulnerabilities cannot be run, and to automatically scan images as soon as they are pushed into the project.

Configuration

  • To make all repositories under the project accessible to everyone, enable the "Public" checkbox.
  • To prevent un-signed images under the project from being pulled, enable the "Enable content trust" checkbox.
  • To prevent vulnerable images under the project from being pulled, enable the "Prevent vulnerable images from running" checkbox and change the severity level of vulnerabilities. Images cannot be pulled if their level equals to or higher than the currently selected level.
  • To activate an immediate vulnerability scan on new images that are pushed to the project, select the “Automatically scan images on push” check box.

!!! Note If the “Automatically scan images on push” feature is enabled, new internal robot accounts will be created and their activities are tracked under "Projects" > "Logs".

  • To ignore certain Common Vulnerabilities and Exposures (CVE), create whitelist of CVEs at the project level or copy from the system. You can also define the expiry of the whitelist item.

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.


Last update: May 6, 2022