Container Registry project¶
A project is a collection of repositories. Each repository contains all the images pushed into it. When you launch Container Registry, the "Projects" screen is displayed. On this screen, the project with the name same as your tenant name is displayed. The following screenshot shows the "Projects" screen:
① Navigation pane.
② Table displays the details of the project.
③ Information area showing number of private and public projects and repositories. Currently, public projects or repositories are not supported.
④ Provides tabs to view a list of all the local events, running events, and failed events.
To configure a project, click on the respective project name. The following sections describe the possible configurations within a project.
Summary¶
The summary tab shows information such as the number of repositories, Helm Charts, members, and the Quotas allocated for a selected project.
Repositories¶
In this tab, a table of repositories within a selected project is displayed.
- To download the registry certification, click "REGISTRY CERTIFICATE".
- To copy the syntax to tag or push an image, use the "PUSH IMAGE DOCKER COMMAND" list.
- To display the details of repositories as cards, click on the
icon.
Helm Charts¶
Helm is a package manager for Kubernetes, and it uses a packaging format called charts. This tab shows information of all existing helm charts within a selected project.
- To upload a new Chart, click "UPLOAD", browse the chart file and provenance file from your file system, and click "UPLOAD".
- You can download an existing Chart using the "DOWNLOAD" button. You can also remove a selected Chart file using the "DELETE" button.
Members¶
This tab shows all the members of a project and their roles.
- To add a member, click "USER", enter the member name, select the required role, and then click "OK". You can only add the existing members to the project. The users are created in Harbor.
- To update role(s), select the member(s), click "ACTIONS", and then select the required role.
Similarly, you can remove the selected member(s).
Labels¶
Developer administrators can create Labels within a selected project. These labels are project specific, that is, they can only be added to the images of the selected project.
You can "EDIT" or "DELETE" a selected label using the corresponding options available in the "Labels" tab.
Logs¶
This tab shows all the recorded logs. It shows user name, repository name, version number, type of operation, and the time when the operation was performed.
You can filter the logs based on operations and dates using the "ADVANCED" search option.
Robot Accounts¶
Developer administrators can create Robot Accounts and these accounts are intended to perform docker push / docker pull operations using a token.
-
To create a robot account, click "NEW ROBOT ACCOUNT", enter a name and a description, select permission(s), and then click "SAVE".
Note
The "pull" permission for Image is enabled by default.
You can disable or delete a robot account using the "ACTION" list.
Tag Retention¶
Using this feature, you can define rules that govern how many artifacts of a given repository to retain, or for how long to retain certain artifacts.
For more information such as add new rule, edit schedule, test rules etc., refer to Harbor documentation.
Tag Immutability¶
The Tag Immutability feature allows you to configure tag immutability at the project level, so that artifacts with certain tags cannot be pushed into Harbor if their tags match existing tags. This feature ensures that an immutable tagged image can neither be deleted nor be altered by re-pushing, re-tagging, or replicating.
For more details such as add new rule, refer to Harbor documentation.
Webhooks¶
Within this tab, you can configure webhooks so that the Harbor notifies the webhook endpoint of certain events that occur in a project, including push, pull, deletion of images and Helm charts, image scanning, and vulnerability discoveries.
Scanner¶
This tab shows the available Scanners within a selected project.
Configuration¶
You can configure projects so that images with vulnerabilities cannot be run, and to automatically scan images as soon as they are pushed into the project.
- To make all repositories under the project accessible to everyone, enable the "Public" checkbox.
- To prevent un-signed images under the project from being pulled, enable the "Enable content trust" checkbox.
- To prevent vulnerable images under the project from being pulled, enable the "Prevent vulnerable images from running" checkbox and change the severity level of vulnerabilities. Images cannot be pulled if their level equals to or higher than the currently selected level.
- To activate an immediate vulnerability scan on new images that are pushed to the project, select the “Automatically scan images on push” check box.
!!! Note If the “Automatically scan images on push” feature is enabled, new internal robot accounts will be created and their activities are tracked under "Projects" > "Logs".
- To ignore certain Common Vulnerabilities and Exposures (CVE), create whitelist of CVEs at the project level or copy from the system. You can also define the expiry of the whitelist item.
Any questions left?
Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.