Introduction to vSphere Integrated Containers Registry
vSphere Integrated Containers Registry (Harbor) is an enterprise-class registry server that you can use to store and distribute container images. The registry runs as a container in the vSphere Integrated Containers virtual appliance. vSphere Integrated Containers Registry allows DevOps administrators to organize image repositories in projects, and to set up role-based access control to those projects to define which users can access which repositories. vSphere Integrated Containers Registry also provides rule-based replication of images between registries, implements Docker Content Trust and vulnerability scanning, and provides detailed logging for project and user auditing.
For demo videos of some of the features of vSphere Integrated Containers Registry, see the VMware Harbor YouTube Channel.
Rule Based Image Replication
You can set up multiple registries and replicate images between registry instances. Replicating images between registries helps with load balancing and high availability, and allows you to create multi-datacenter, hybrid, and multi-cloud setups. For information about image replication, see Replicating Images in vSphere Integrated Containers Management Portal Administration.
Docker Content Trust
vSphere Integrated Containers Registry provides a Docker Notary server that allows you to implement Docker Content Trust by signing and verifying the images in the registry. For information about content trust, see Content trust in Docker in the Docker documentation.
The Notary server runs by default, and content trust is enabled or disabled at the project level. When content trust is enabled, users can only push and pull images that have been signed and verified to or from the project.
- For information about content trust in vSphere Integrated Containers, see Enabling Content Trust in Projects in vSphere Integrated Containers Management Portal Administration.
- For information about how container developers use content trust with vSphere Integrated Containers Registry, see Configure the Docker Client for Use with vSphere Integrated Containers in Developing Applications with vSphere Integrated Containers.
Vulnerability Scanning
vSphere Integrated Containers Registry provides the ability to scan all images for known vulnerabilities. DevOps and Management Portal administrators can set threshold values that prevent users from running vulnerable images that exceed those thresholds. Once an image is uploaded into the registry, vSphere Integrated Containers Registry checks the various layers of the image against known vulnerability databases and reports issues to the DevOps and Management Portal Administrators.
For information vulnerability scanning, see Vulnerability Scanning in vSphere Integrated Containers Management Portal Administration.
Garbage Collection
You can configure vSphere Integrated Containers Registry to perform garbage collection whenever you restart the registry service. If you implement garbage collection, the registry recycles the storage space that is consumed by images that you have deleted. For more information about garbage collection, see Manage Internal Repositories in Projects in vSphere Integrated Containers Management Portal Administration. See also Garbage Collection in the Docker documentation.
Logging
vSphere Integrated Containers Registry keeps a log of every operation that users perform in a project. The logs are fully searchable, to assist you with activity auditing. For information about project logs, see Access Project Logs.
Next topic: vSphere Integrated Containers Roles and Personas