Skip to main content

Edgegap Private Repository

Learn how to containerize your application with our guide: Getting started with Docker

What is Harbor?#

Harbor is an open-source registry project trusted by the Cloud Native Computing Foundation (CNCF). Its main objectives are to store your Docker images, scan for vulnerabilities and secure your artifacts with role-based policies. Basically, you will push and pull your image from that registry. Once your image has been pushed to Harbor, a scanner (Trivy by Aqua) will automatically search for vulnerabilities in your newly pushed image.

Logging in#

To log into Edgegap private repository, press the LOGIN VIA OIDC PROVIDER button. If you don't have an account, contact us through Slack, Discord or simply create a new account on sso.edgegap.net. We will ensure to create a new repository with any name you give us and give you access to your new repository.

Setting up your account, your project and your robots#

First, log in to the Harbor dashboard at harbor.edgegap.net with the OIDC provider login button.

You can change the default login token generated by our SSO through the user menu which is on the top right of your screen. By changing this, you change the token used to docker login harbor.edgegap.net. Click on the "Upload Your Own Secret" button.

img img

Your project#

At this point, you should have your project ready. If you don't see your project, ping us on Slack or Discord! By default, your project have a limit of 20GB of storage for your images and you are the project admin, meaning that you have full control of your project. With the Project admin role, you are able to invite Harbor users to your repository. For more informations on permissions and roles, see: Project members permissions

Summary of the project tabs#

  1. Summary: Contains basic informations about your project
  2. Repositories: Where you can find your pushed images
  3. Helm Charts: Where you can find your own pushed Helm Chart
  4. Members: Where you can organize which account has access this project.
  5. Scanner: Contains informations on scanners which are usefull to scan vulnerabilities in your container.
  6. Robot Accounts: Where you can setup your robots to push and pull images from Edgegap's repository
  7. Logs: Where you can find who pushed and pulled images
  8. Configuration: Advanced settings of you project

Seting up your first robot#

Go to your project then click on the Robots Accounts tab. You should be able to create a new robot account, otherwise, ask your Project Admin to create one for you.

Now you can create your first Robot with Push and Pull Artifact enabled! Uncheck anything in the Helm Chart section if you don't plan to store your Helm Charts with us. You can set the expiration time of your token in number of days or unset it with -1.

Token robot permissions#

  • Push Artifact: Allow you to docker push images on harbor.edgegap.net
  • Pull Artifact: Allow you to docker pull on harbor.edgegap.net and use an Arbitrium application with the private repository.
  • Delete Artifact: Allow the robot to delete you images in your repository.
  • Read Helm Chart: Allow the robot to use your Helm Chart.
  • Create Helm Chart Version: Allow the robot to push Helm chart to your repo
  • Delete Helm Chart Version: Allow the robot to delete Helm chart to your repo
  • Create Tag: Allow the robot to create multiple tags on your image
  • Delete Tag: Allow the robot to delete tags from your image
  • Create Artifact label: Allow to create a label in your project
  • Create Scan: Allow to start a scan with Trivy on your images

img img img

It's really important that you save your token in a safe place.

We highly recommend that you create at least two robots and here is why

Login#

You'll always need to specify the registry url when using harbor. If you don't, Docker will always try to redirect to it's own docker.io registry.

To test your token you can use:

docker login harbor.edgegap.net
Username: robot$my-push-bot
Password: YOUR_ROBOT_TOKEN
Login Succeeded

For more informations on the password warning click here

You are now logged in to harbor.edgegap.net with your robot account!

Pulling, tagging and pushing your image#

Make sure that you are logged in to harbor.edgegap.net then pull your image if you don't have it locally then try to tag your image with harbor.edgegap.net/YOUR_PROJECT/YOUR_IMAGE:YOUR_TAG

Heres an example with pengbai/docker-supermario which is a simple Super Mario in HTML5 and JavaScript:

docker login harbor.edgegap.net
# You can pull any image here
docker pull pengbai/docker-supermario
# Tagging it with harbor.edgegap.net and the tag
docker tag pengbai/docker-supermario harbor.edgegap.net/demo-test/super-mario:v1.0.0
# Pushing it to the server with harbor.edgegap.net
docker push harbor.edgegap.net/demo-test/super-mario:v1.0.0

Now go to harbor.edgegap.net, in your newly created project and you should be able to see that your image has been pushed to your project.

If you have Unauthorized error while pushing, make sure that you or your robot account have push permissions to this project. You can see your permissions in the project's robot account tab.

Edgegap integration#

To be able to deploy your games in our accesspoints, you need to specify the private username and private token in the application version.

Through our dashboard#

See how to create an application here, otherwise, you need to fill the application version form with the credentials of your robot account and harbor.edgegap.net as the Docker repository.

private-user

Through our App API#

If you use our API to update your application as part of your CI/CD you'll need to update:

  • private_username to your pull only robot name (should start with robot$)
  • private_token to the robot token
  • docker_repository to harbor.edgegap.net
POST '{{API_URL}}/v1/app/{{application name}}/version'
{
"name": "v1",
"private_username": "robot$arbitrium-pull-robot",
"private_token": "YOUR_ROBOT_TOKEN",
"docker_repository": "harbor.edgegap.net",
"docker_image": "demo-test/super-mario",
"docker_tag": "v1.0.0",
"req_cpu": "1024",
"req_memory": "1024",
"req_video": "0",
"use_telemetry": false,
"inject_context_env": false,
"force_cache": false
}

FAQ#

Docker login Warning#

WARNING! Your password will be stored unencrypted in /home/user/.docker/config.json.

You can configure the credentials store by following this setup. This is a normal behavior from Docker.

It's really important that you understand that your robot username and token for your private repository are encoded in base64 in your machine at this path $HOME/.docker/config.json. Anybody that have access to this file is able to easily decrypt your robot account token with a base64 decoder. Make sure that the environement that you use docker login harbor.edgegap.net is safe and that the access permissions to this file are restricted.

To remove your credentials from this file, you can easily use docker logout harbor.edgegap.net each time you are done pushing and pulling you private images.

Why should I use two token?#

To be secure.

A Push Robot with the push and pull permissions. This robot will able to push to harbor.edgegap.net either from your CI/CD pipeline or by hand using docker push harbor.edgegap.net/your-project/your-repository. This token is really important and should be stored properly.

An Arbitrium Robot with only the Pull permission. This token is the one that Arbitrium will use to pull your image from your private repository. This Robot is set as the private_username and should be changed often.