Learn how to containerize your application with our guide: Getting started with Docker
Harbor is an open-source registry project trusted by the Cloud Native Computing Foundation (CNCF). Its main objectives are to store your Docker images, scan for vulnerabilities and secure your artifacts with role-based policies. Basically, you will push and pull your image from that registry. Once your image has been pushed to Harbor, a scanner (Trivy by Aqua) will automatically search for vulnerabilities in your newly pushed image.
If you want to push your Docker image to your private repository hosted by Edegap, you’ll first need to create a private project and to do so, it would be preferable to set up your robots.
First, log in to the Harbor dashboard at harbor.edgegap.com with your user and password given by Edgegap and immediately change your password. If you don’t do so, the password will eventually expire, and you’ll need to reset your password.
You can change your password through the user menu which is on the top right of your screen.
Now that your account is set up, you are now able to manage new project. To create a new project, you must go to the project page then click on the New Project Button. This is where you’ll be able to push your images to.
Then fill in the form. Make sure that the project is not Public,
otherwise, your applications will be accessible to everyone.
You'll be able to see other public project in the Harbor dashboard,
just like the
edgegap-public project which you have permission to pull images from.
You can now click on your newly created project.
- Summary: Contains basic informations about your project
- Repositories: Where you can find your pushed images
- Helm Charts: Where you can find your own pushed Helm Chart
- Members: Where you can organize which account has access this project.
- Scanner: Contains informations on scanners which are usefull to scan vulnerabilities in your container.
- Robot Accounts: Where you can setup your robots to push and pull images from Edgegap's repository
- Logs: Where you can find who pushed and pulled images
- Configuration: Advanced settings of you project
Go to your project then click on the Robots Accounts tab. You should be able to create a new robot account, otherwise, ask your Project Admin to create one for you. For more informations on permissions and roles, see: Project members permissions
Now create your first Robot with Push and Pull Artifact enabled! Uncheck anything in the Helm Chart section if you don't plan to store your Helm Charts with us.
It's really important that you save your token in a safe place.
We highly recommend that you create at least two robots and here is why
You'll always need to specify the registry url when using harbor. If you don't, Docker will always try to redirect to it's own docker.io registry.
To test your token you can use:
For more informations on the password warning click here
You are now logged in to harbor.edgegap.com with your robot account!
Make sure that you are logged in to harbor.edgegap.com then pull your
image if you don't have it locally then try to tag your image with
Heres an example with
pengbai/docker-supermario which is a simple
Now go to harbor.edgegap.com, in your newly created project and you should be able to see that your image has been pushed to your project.
If you have
Unauthorizederror while pushing, make sure that you or your robot account have push permissions to this project. You can see your permissions in the project's robot account tab.
To be able to deploy your games in our accesspoints, you need to specify the private username and private token in the application version.
See how to create an application here, otherwise, you need to fill the application version form with the credentials of your robot account and harbor.edgegap.com as the Docker repository.
If you use our API to update your application as part of your CI/CD you'll need to update:
private_usernameto your pull only robot name (should start with
private_tokento the robot token
You can configure the credentials store by following this setup. This is a normal behavior from Docker.
It's really important that you understand that your robot username
and token for your private repository are encoded in base64 in your
machine at this path
Anybody that have access to this file is able to easily decrypt your robot
account token with a base64 decoder. Make sure that the environement
that you use
docker login harbor.edgegap.com is safe and that the
access permissions to this file are restricted.
To remove your credentials from this file, you can easily use
docker logout harbor.edgegap.com each time you are done pushing
and pulling you private images.
To be secure.
A Push Robot with the push and pull permissions. This robot will able
to push to harbor.edgegap.com either from your CI/CD pipeline or by
docker push harbor.edgegap.com/your-project/your-repository.
This token is really important and should be stored properly.
An Arbitrium Robot with only the Pull permission. This token is the one that Arbitrium will use to pull your image from your private repository. This Robot is set as the private_username and should be changed often.