[{"data":1,"prerenderedAt":1644},["ShallowReactive",2],{"blog-en-container-registry-harbor-setup":3,"blog-en-container-registry-harbor-setup-alt":331},{"id":4,"title":5,"author":6,"body":7,"date":1631,"description":1632,"extension":1633,"image":280,"locale":1634,"meta":1635,"navigation":331,"path":1636,"seo":1637,"stem":1638,"tags":1639,"__hash__":1643},"blog\u002Fblog\u002Fen\u002Fcontainer-registry-harbor-setup.md","Building a Private Container Registry with Harbor","Kubo Team",{"type":8,"value":9,"toc":1610},"minimark",[10,19,35,40,43,71,79,82,158,167,171,182,187,192,274,351,358,522,572,580,584,593,822,829,833,836,840,944,948,1084,1101,1105,1108,1112,1140,1144,1194,1197,1201,1210,1214,1217,1221,1224,1260,1264,1539,1542,1551,1555,1558,1587,1598,1606],[11,12,13,14,18],"p",{},"Relying solely on public Docker Hub for container operations presents limitations in rate limiting, security, and compliance. Enterprise environments require a ",[15,16,17],"strong",{},"private container registry"," with full image control, automated vulnerability scanning, and access control.",[11,20,21,28,29,34],{},[22,23,27],"a",{"href":24,"rel":25},"https:\u002F\u002Fgoharbor.io\u002F",[26],"nofollow","Harbor"," is a CNCF graduated open-source container registry that meets precisely these requirements. At ",[22,30,33],{"href":31,"rel":32},"https:\u002F\u002Fkubo.hexabase.io\u002F",[26],"Kubo",", we use Harbor as our private registry for container infrastructure. This article covers practical guidance from initial setup through production operations.",[36,37,39],"h2",{"id":38},"why-you-need-a-private-registry-harbors-value-proposition","Why You Need a Private Registry: Harbor's Value Proposition",[11,41,42],{},"Docker Hub is convenient, but production environments expose several challenges:",[44,45,46,53,59,65],"ul",{},[47,48,49,52],"li",{},[15,50,51],{},"Rate limiting",": Free accounts are restricted to 100 pulls per 6 hours",[47,54,55,58],{},[15,56,57],{},"Security",": Verifying the trustworthiness of public images is difficult",[47,60,61,64],{},[15,62,63],{},"Compliance",": Requirements for image storage location and access audit logs",[47,66,67,70],{},[15,68,69],{},"Network",": Latency and costs from internet-based pulls",[11,72,73,78],{},[22,74,77],{"href":75,"rel":76},"https:\u002F\u002Fblogs.vmware.com\u002Fcloud-foundation\u002F2025\u002F11\u002F18\u002Fharbor-your-enterprise-ready-container-registry-for-a-modern-private-cloud\u002F",[26],"VMware's blog"," positions Harbor as \"your enterprise-ready container registry for a modern private cloud.\"",[11,80,81],{},"Harbor's key features:",[83,84,85,98],"table",{},[86,87,88],"thead",{},[89,90,91,95],"tr",{},[92,93,94],"th",{},"Feature",[92,96,97],{},"Description",[99,100,101,110,118,126,134,142,150],"tbody",{},[89,102,103,107],{},[104,105,106],"td",{},"Container Image Management",[104,108,109],{},"Store and distribute Docker images and OCI artifacts",[89,111,112,115],{},[104,113,114],{},"Helm Chart Management",[104,116,117],{},"Host Helm charts via integrated ChartMuseum",[89,119,120,123],{},[104,121,122],{},"Vulnerability Scanning",[104,124,125],{},"Built-in Trivy for automated vulnerability scanning",[89,127,128,131],{},[104,129,130],{},"RBAC",[104,132,133],{},"Project and role-based access control",[89,135,136,139],{},[104,137,138],{},"Replication",[104,140,141],{},"Image synchronization across multiple registries",[89,143,144,147],{},[104,145,146],{},"Image Signing",[104,148,149],{},"Image signature verification with Cosign \u002F Notary",[89,151,152,155],{},[104,153,154],{},"Garbage Collection",[104,156,157],{},"Automatic cleanup of unused images",[11,159,160,161,166],{},"By integrating ",[22,162,165],{"href":163,"rel":164},"https:\u002F\u002Fwww.hexabase.com\u002Fproduct\u002Fcaptain-ai\u002F",[26],"Captain.AI"," with Harbor, you can automate container image management for AI workers.",[36,168,170],{"id":169},"harbor-installation-methods","Harbor Installation Methods",[11,172,173,174,177,178,181],{},"Harbor can be deployed via ",[15,175,176],{},"VM-based installation"," or ",[15,179,180],{},"Kubernetes Helm deployment",".",[183,184,186],"h3",{"id":185},"method-1-vm-based-installation","Method 1: VM-Based Installation",[188,189,191],"h4",{"id":190},"system-requirements","System Requirements",[83,193,194,207],{},[86,195,196],{},[89,197,198,201,204],{},[92,199,200],{},"Component",[92,202,203],{},"Minimum",[92,205,206],{},"Recommended",[99,208,209,220,231,242,253,264],{},[89,210,211,214,217],{},[104,212,213],{},"CPU",[104,215,216],{},"2 vCPU",[104,218,219],{},"4 vCPU",[89,221,222,225,228],{},[104,223,224],{},"Memory",[104,226,227],{},"4 GB",[104,229,230],{},"8 GB",[89,232,233,236,239],{},[104,234,235],{},"Storage",[104,237,238],{},"40 GB",[104,240,241],{},"160 GB",[89,243,244,247,250],{},[104,245,246],{},"OS",[104,248,249],{},"Ubuntu 22.04 \u002F RHEL 9",[104,251,252],{},"Ubuntu 24.04",[89,254,255,258,261],{},[104,256,257],{},"Docker",[104,259,260],{},"Docker Engine 20.10+",[104,262,263],{},"Latest",[89,265,266,269,272],{},[104,267,268],{},"Docker Compose",[104,270,271],{},"v2.0+",[104,273,263],{},[275,276,281],"pre",{"className":277,"code":278,"language":279,"meta":280,"style":280},"language-bash shiki shiki-themes tokyo-night","# 1. Download Harbor installer\nwget https:\u002F\u002Fgithub.com\u002Fgoharbor\u002Fharbor\u002Freleases\u002Fdownload\u002Fv2.12.0\u002Fharbor-online-installer-v2.12.0.tgz\ntar xzvf harbor-online-installer-v2.12.0.tgz\ncd harbor\n\n# 2. Edit configuration file\ncp harbor.yml.tmpl harbor.yml\n","bash","",[282,283,284,293,304,316,326,333,339],"code",{"__ignoreMap":280},[285,286,289],"span",{"class":287,"line":288},"line",1,[285,290,292],{"class":291},"sbD-w","# 1. Download Harbor installer\n",[285,294,296,300],{"class":287,"line":295},2,[285,297,299],{"class":298},"sE3pS","wget",[285,301,303],{"class":302},"sPY7s"," https:\u002F\u002Fgithub.com\u002Fgoharbor\u002Fharbor\u002Freleases\u002Fdownload\u002Fv2.12.0\u002Fharbor-online-installer-v2.12.0.tgz\n",[285,305,307,310,313],{"class":287,"line":306},3,[285,308,309],{"class":298},"tar",[285,311,312],{"class":302}," xzvf",[285,314,315],{"class":302}," harbor-online-installer-v2.12.0.tgz\n",[285,317,319,323],{"class":287,"line":318},4,[285,320,322],{"class":321},"sySf4","cd",[285,324,325],{"class":302}," harbor\n",[285,327,329],{"class":287,"line":328},5,[285,330,332],{"emptyLinePlaceholder":331},true,"\n",[285,334,336],{"class":287,"line":335},6,[285,337,338],{"class":291},"# 2. Edit configuration file\n",[285,340,342,345,348],{"class":287,"line":341},7,[285,343,344],{"class":298},"cp",[285,346,347],{"class":302}," harbor.yml.tmpl",[285,349,350],{"class":302}," harbor.yml\n",[11,352,353,354,357],{},"Key ",[282,355,356],{},"harbor.yml"," settings:",[275,359,363],{"className":360,"code":361,"language":362,"meta":280,"style":280},"language-yaml shiki shiki-themes tokyo-night","hostname: harbor.example.com\n\n# HTTPS configuration (required for production)\nhttps:\n  port: 443\n  certificate: \u002Fetc\u002Fssl\u002Fcerts\u002Fharbor.crt\n  private_key: \u002Fetc\u002Fssl\u002Fprivate\u002Fharbor.key\n\n# Admin password\nharbor_admin_password: StrongPassword123!\n\n# Database configuration\ndatabase:\n  password: db-password\n  max_idle_conns: 100\n  max_open_conns: 900\n\n# Storage configuration\ndata_volume: \u002Fdata\u002Fharbor\n","yaml",[282,364,365,378,382,387,395,406,416,426,431,437,448,453,459,467,478,489,500,505,511],{"__ignoreMap":280},[285,366,367,371,375],{"class":287,"line":288},[285,368,370],{"class":369},"s0U2E","hostname",[285,372,374],{"class":373},"sAklC",":",[285,376,377],{"class":302}," harbor.example.com\n",[285,379,380],{"class":287,"line":295},[285,381,332],{"emptyLinePlaceholder":331},[285,383,384],{"class":287,"line":306},[285,385,386],{"class":291},"# HTTPS configuration (required for production)\n",[285,388,389,392],{"class":287,"line":318},[285,390,391],{"class":369},"https",[285,393,394],{"class":373},":\n",[285,396,397,400,402],{"class":287,"line":328},[285,398,399],{"class":369},"  port",[285,401,374],{"class":373},[285,403,405],{"class":404},"sOJ5S"," 443\n",[285,407,408,411,413],{"class":287,"line":335},[285,409,410],{"class":369},"  certificate",[285,412,374],{"class":373},[285,414,415],{"class":302}," \u002Fetc\u002Fssl\u002Fcerts\u002Fharbor.crt\n",[285,417,418,421,423],{"class":287,"line":341},[285,419,420],{"class":369},"  private_key",[285,422,374],{"class":373},[285,424,425],{"class":302}," \u002Fetc\u002Fssl\u002Fprivate\u002Fharbor.key\n",[285,427,429],{"class":287,"line":428},8,[285,430,332],{"emptyLinePlaceholder":331},[285,432,434],{"class":287,"line":433},9,[285,435,436],{"class":291},"# Admin password\n",[285,438,440,443,445],{"class":287,"line":439},10,[285,441,442],{"class":369},"harbor_admin_password",[285,444,374],{"class":373},[285,446,447],{"class":302}," StrongPassword123!\n",[285,449,451],{"class":287,"line":450},11,[285,452,332],{"emptyLinePlaceholder":331},[285,454,456],{"class":287,"line":455},12,[285,457,458],{"class":291},"# Database configuration\n",[285,460,462,465],{"class":287,"line":461},13,[285,463,464],{"class":369},"database",[285,466,394],{"class":373},[285,468,470,473,475],{"class":287,"line":469},14,[285,471,472],{"class":369},"  password",[285,474,374],{"class":373},[285,476,477],{"class":302}," db-password\n",[285,479,481,484,486],{"class":287,"line":480},15,[285,482,483],{"class":369},"  max_idle_conns",[285,485,374],{"class":373},[285,487,488],{"class":404}," 100\n",[285,490,492,495,497],{"class":287,"line":491},16,[285,493,494],{"class":369},"  max_open_conns",[285,496,374],{"class":373},[285,498,499],{"class":404}," 900\n",[285,501,503],{"class":287,"line":502},17,[285,504,332],{"emptyLinePlaceholder":331},[285,506,508],{"class":287,"line":507},18,[285,509,510],{"class":291},"# Storage configuration\n",[285,512,514,517,519],{"class":287,"line":513},19,[285,515,516],{"class":369},"data_volume",[285,518,374],{"class":373},[285,520,521],{"class":302}," \u002Fdata\u002Fharbor\n",[275,523,525],{"className":277,"code":524,"language":279,"meta":280,"style":280},"# 3. Install with Trivy\n.\u002Finstall.sh --with-trivy\n\n# 4. Verify installation\ndocker compose ps\ncurl -k https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fhealth\n",[282,526,527,532,541,545,550,561],{"__ignoreMap":280},[285,528,529],{"class":287,"line":288},[285,530,531],{"class":291},"# 3. Install with Trivy\n",[285,533,534,537],{"class":287,"line":295},[285,535,536],{"class":298},".\u002Finstall.sh",[285,538,540],{"class":539},"sT800"," --with-trivy\n",[285,542,543],{"class":287,"line":306},[285,544,332],{"emptyLinePlaceholder":331},[285,546,547],{"class":287,"line":318},[285,548,549],{"class":291},"# 4. Verify installation\n",[285,551,552,555,558],{"class":287,"line":328},[285,553,554],{"class":298},"docker",[285,556,557],{"class":302}," compose",[285,559,560],{"class":302}," ps\n",[285,562,563,566,569],{"class":287,"line":335},[285,564,565],{"class":298},"curl",[285,567,568],{"class":539}," -k",[285,570,571],{"class":302}," https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fhealth\n",[11,573,574,575,181],{},"Detailed steps are available in the ",[22,576,579],{"href":577,"rel":578},"https:\u002F\u002Fgoharbor.io\u002Fdocs\u002F2.12.0\u002Finstall-config\u002F",[26],"Harbor official installation documentation",[183,581,583],{"id":582},"method-2-kubernetes-helm-deployment","Method 2: Kubernetes Helm Deployment",[11,585,586,587,592],{},"This is the method recommended by the ",[22,588,591],{"href":589,"rel":590},"https:\u002F\u002Fwww.cncf.io\u002Fblog\u002F2026\u002F01\u002F05\u002Fdeploying-harbor-on-kubernetes-using-helm\u002F",[26],"CNCF deployment guide",", suitable for production environments requiring high availability.",[275,594,596],{"className":277,"code":595,"language":279,"meta":280,"style":280},"# Add Helm repository\nhelm repo add harbor https:\u002F\u002Fhelm.goharbor.io\nhelm repo update\n\n# Create values.yaml\ncat \u003C\u003CEOF > harbor-values.yaml\nexpose:\n  type: ingress\n  ingress:\n    hosts:\n      core: harbor.example.com\n    className: nginx\n  tls:\n    enabled: true\n    certSource: secret\n    secret:\n      secretName: harbor-tls\nexternalURL: https:\u002F\u002Fharbor.example.com\npersistence:\n  enabled: true\n  persistentVolumeClaim:\n    registry:\n      size: 100Gi\n    database:\n      size: 10Gi\ntrivy:\n  enabled: true\nEOF\n\n# Deploy Harbor\nhelm install harbor harbor\u002Fharbor \\\n  -f harbor-values.yaml \\\n  -n harbor --create-namespace\n",[282,597,598,603,620,629,633,638,655,660,665,670,675,680,685,690,695,700,705,710,715,720,726,732,738,744,750,756,762,767,773,778,784,800,811],{"__ignoreMap":280},[285,599,600],{"class":287,"line":288},[285,601,602],{"class":291},"# Add Helm repository\n",[285,604,605,608,611,614,617],{"class":287,"line":295},[285,606,607],{"class":298},"helm",[285,609,610],{"class":302}," repo",[285,612,613],{"class":302}," add",[285,615,616],{"class":302}," harbor",[285,618,619],{"class":302}," https:\u002F\u002Fhelm.goharbor.io\n",[285,621,622,624,626],{"class":287,"line":306},[285,623,607],{"class":298},[285,625,610],{"class":302},[285,627,628],{"class":302}," update\n",[285,630,631],{"class":287,"line":318},[285,632,332],{"emptyLinePlaceholder":331},[285,634,635],{"class":287,"line":328},[285,636,637],{"class":291},"# Create values.yaml\n",[285,639,640,643,646,649,652],{"class":287,"line":335},[285,641,642],{"class":298},"cat",[285,644,645],{"class":373}," \u003C\u003C",[285,647,648],{"class":373},"EOF",[285,650,651],{"class":373}," >",[285,653,654],{"class":302}," harbor-values.yaml\n",[285,656,657],{"class":287,"line":341},[285,658,659],{"class":302},"expose:\n",[285,661,662],{"class":287,"line":428},[285,663,664],{"class":302},"  type: ingress\n",[285,666,667],{"class":287,"line":433},[285,668,669],{"class":302},"  ingress:\n",[285,671,672],{"class":287,"line":439},[285,673,674],{"class":302},"    hosts:\n",[285,676,677],{"class":287,"line":450},[285,678,679],{"class":302},"      core: harbor.example.com\n",[285,681,682],{"class":287,"line":455},[285,683,684],{"class":302},"    className: nginx\n",[285,686,687],{"class":287,"line":461},[285,688,689],{"class":302},"  tls:\n",[285,691,692],{"class":287,"line":469},[285,693,694],{"class":302},"    enabled: true\n",[285,696,697],{"class":287,"line":480},[285,698,699],{"class":302},"    certSource: secret\n",[285,701,702],{"class":287,"line":491},[285,703,704],{"class":302},"    secret:\n",[285,706,707],{"class":287,"line":502},[285,708,709],{"class":302},"      secretName: harbor-tls\n",[285,711,712],{"class":287,"line":507},[285,713,714],{"class":302},"externalURL: https:\u002F\u002Fharbor.example.com\n",[285,716,717],{"class":287,"line":513},[285,718,719],{"class":302},"persistence:\n",[285,721,723],{"class":287,"line":722},20,[285,724,725],{"class":302},"  enabled: true\n",[285,727,729],{"class":287,"line":728},21,[285,730,731],{"class":302},"  persistentVolumeClaim:\n",[285,733,735],{"class":287,"line":734},22,[285,736,737],{"class":302},"    registry:\n",[285,739,741],{"class":287,"line":740},23,[285,742,743],{"class":302},"      size: 100Gi\n",[285,745,747],{"class":287,"line":746},24,[285,748,749],{"class":302},"    database:\n",[285,751,753],{"class":287,"line":752},25,[285,754,755],{"class":302},"      size: 10Gi\n",[285,757,759],{"class":287,"line":758},26,[285,760,761],{"class":302},"trivy:\n",[285,763,765],{"class":287,"line":764},27,[285,766,725],{"class":302},[285,768,770],{"class":287,"line":769},28,[285,771,772],{"class":373},"EOF\n",[285,774,776],{"class":287,"line":775},29,[285,777,332],{"emptyLinePlaceholder":331},[285,779,781],{"class":287,"line":780},30,[285,782,783],{"class":291},"# Deploy Harbor\n",[285,785,787,789,792,794,797],{"class":287,"line":786},31,[285,788,607],{"class":298},[285,790,791],{"class":302}," install",[285,793,616],{"class":302},[285,795,796],{"class":302}," harbor\u002Fharbor",[285,798,799],{"class":373}," \\\n",[285,801,803,806,809],{"class":287,"line":802},32,[285,804,805],{"class":539},"  -f",[285,807,808],{"class":302}," harbor-values.yaml",[285,810,799],{"class":373},[285,812,814,817,819],{"class":287,"line":813},33,[285,815,816],{"class":539},"  -n",[285,818,616],{"class":302},[285,820,821],{"class":539}," --create-namespace\n",[11,823,824,825,828],{},"Helm deployment is recommended on ",[22,826,33],{"href":31,"rel":827},[26],"'s Kubernetes clusters.",[36,830,832],{"id":831},"rbac-and-project-management","RBAC and Project Management",[11,834,835],{},"Harbor's RBAC manages access permissions at the project level.",[183,837,839],{"id":838},"role-hierarchy","Role Hierarchy",[83,841,842,864],{},[86,843,844],{},[89,845,846,849,852,855,858,861],{},[92,847,848],{},"Role",[92,850,851],{},"Push",[92,853,854],{},"Pull",[92,856,857],{},"Scan",[92,859,860],{},"Member Mgmt",[92,862,863],{},"Config",[99,865,866,882,898,913,928],{},[89,867,868,871,874,876,878,880],{},[104,869,870],{},"Project Admin",[104,872,873],{},"Yes",[104,875,873],{},[104,877,873],{},[104,879,873],{},[104,881,873],{},[89,883,884,887,889,891,893,896],{},[104,885,886],{},"Maintainer",[104,888,873],{},[104,890,873],{},[104,892,873],{},[104,894,895],{},"No",[104,897,895],{},[89,899,900,903,905,907,909,911],{},[104,901,902],{},"Developer",[104,904,873],{},[104,906,873],{},[104,908,895],{},[104,910,895],{},[104,912,895],{},[89,914,915,918,920,922,924,926],{},[104,916,917],{},"Guest",[104,919,895],{},[104,921,873],{},[104,923,895],{},[104,925,895],{},[104,927,895],{},[89,929,930,933,935,938,940,942],{},[104,931,932],{},"Limited Guest",[104,934,895],{},[104,936,937],{},"Partial",[104,939,895],{},[104,941,895],{},[104,943,895],{},[183,945,947],{"id":946},"project-configuration-example","Project Configuration Example",[275,949,951],{"className":277,"code":950,"language":279,"meta":280,"style":280},"# Create project via Harbor API\ncurl -X POST \"https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fprojects\" \\\n  -H \"Authorization: Basic $(echo -n 'admin:password' | base64)\" \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\n    \"project_name\": \"production\",\n    \"metadata\": {\n      \"public\": \"false\",\n      \"auto_scan\": \"true\",\n      \"prevent_vul\": \"true\",\n      \"severity\": \"high\"\n    }\n  }'\n",[282,952,953,958,979,1018,1031,1041,1046,1051,1056,1061,1066,1071,1076],{"__ignoreMap":280},[285,954,955],{"class":287,"line":288},[285,956,957],{"class":291},"# Create project via Harbor API\n",[285,959,960,962,965,968,971,974,977],{"class":287,"line":295},[285,961,565],{"class":298},[285,963,964],{"class":539}," -X",[285,966,967],{"class":302}," POST",[285,969,970],{"class":373}," \"",[285,972,973],{"class":302},"https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fprojects",[285,975,976],{"class":373},"\"",[285,978,799],{"class":373},[285,980,981,984,986,989,992,995,998,1001,1004,1007,1010,1013,1016],{"class":287,"line":306},[285,982,983],{"class":539},"  -H",[285,985,970],{"class":373},[285,987,988],{"class":302},"Authorization: Basic ",[285,990,991],{"class":373},"$(",[285,993,994],{"class":321},"echo",[285,996,997],{"class":539}," -n",[285,999,1000],{"class":373}," '",[285,1002,1003],{"class":302},"admin:password",[285,1005,1006],{"class":373},"'",[285,1008,1009],{"class":373}," |",[285,1011,1012],{"class":298}," base64",[285,1014,1015],{"class":373},")\"",[285,1017,799],{"class":373},[285,1019,1020,1022,1024,1027,1029],{"class":287,"line":318},[285,1021,983],{"class":539},[285,1023,970],{"class":373},[285,1025,1026],{"class":302},"Content-Type: application\u002Fjson",[285,1028,976],{"class":373},[285,1030,799],{"class":373},[285,1032,1033,1036,1038],{"class":287,"line":328},[285,1034,1035],{"class":539},"  -d",[285,1037,1000],{"class":373},[285,1039,1040],{"class":302},"{\n",[285,1042,1043],{"class":287,"line":335},[285,1044,1045],{"class":302},"    \"project_name\": \"production\",\n",[285,1047,1048],{"class":287,"line":341},[285,1049,1050],{"class":302},"    \"metadata\": {\n",[285,1052,1053],{"class":287,"line":428},[285,1054,1055],{"class":302},"      \"public\": \"false\",\n",[285,1057,1058],{"class":287,"line":433},[285,1059,1060],{"class":302},"      \"auto_scan\": \"true\",\n",[285,1062,1063],{"class":287,"line":439},[285,1064,1065],{"class":302},"      \"prevent_vul\": \"true\",\n",[285,1067,1068],{"class":287,"line":450},[285,1069,1070],{"class":302},"      \"severity\": \"high\"\n",[285,1072,1073],{"class":287,"line":455},[285,1074,1075],{"class":302},"    }\n",[285,1077,1078,1081],{"class":287,"line":461},[285,1079,1080],{"class":302},"  }",[285,1082,1083],{"class":373},"'\n",[11,1085,1086,1087,1090,1091,1094,1095,1100],{},"Setting ",[282,1088,1089],{},"prevent_vul: true"," with ",[282,1092,1093],{},"severity: high"," blocks pulls of images containing HIGH or above vulnerabilities. The ",[22,1096,1099],{"href":1097,"rel":1098},"https:\u002F\u002Fwww.hostmycode.com\u002Fblog\u002Fcontainer-registry-security-hardening-harbor-trivy-scanner-rbac-dedicated-servers",[26],"HostMyCode security hardening guide"," provides detailed coverage.",[36,1102,1104],{"id":1103},"vulnerability-management-with-trivy-integration","Vulnerability Management with Trivy Integration",[11,1106,1107],{},"Harbor's built-in Trivy automatically runs vulnerability scans on image push.",[183,1109,1111],{"id":1110},"configuring-auto-scan","Configuring Auto-Scan",[1113,1114,1115,1126,1133],"ol",{},[47,1116,1117,1118,1121,1122,1125],{},"In ",[15,1119,1120],{},"Project Settings"," > ",[15,1123,1124],{},"Configuration",", enable \"Automatically scan images on push\"",[47,1127,1128,1129,1132],{},"Set the ",[15,1130,1131],{},"vulnerability severity threshold"," (e.g., block at HIGH and above)",[47,1134,1135,1136,1139],{},"Configure a ",[15,1137,1138],{},"scan schedule"," (e.g., rescan all images nightly)",[183,1141,1143],{"id":1142},"checking-scan-results","Checking Scan Results",[275,1145,1147],{"className":277,"code":1146,"language":279,"meta":280,"style":280},"# Retrieve scan results via API\ncurl \"https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fprojects\u002Fproduction\u002Frepositories\u002Fmyapp\u002Fartifacts\u002Flatest\u002Fadditions\u002Fvulnerabilities\" \\\n  -H \"Authorization: Basic $(echo -n 'admin:password' | base64)\"\n",[282,1148,1149,1154,1167],{"__ignoreMap":280},[285,1150,1151],{"class":287,"line":288},[285,1152,1153],{"class":291},"# Retrieve scan results via API\n",[285,1155,1156,1158,1160,1163,1165],{"class":287,"line":295},[285,1157,565],{"class":298},[285,1159,970],{"class":373},[285,1161,1162],{"class":302},"https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fprojects\u002Fproduction\u002Frepositories\u002Fmyapp\u002Fartifacts\u002Flatest\u002Fadditions\u002Fvulnerabilities",[285,1164,976],{"class":373},[285,1166,799],{"class":373},[285,1168,1169,1171,1173,1175,1177,1179,1181,1183,1185,1187,1189,1191],{"class":287,"line":306},[285,1170,983],{"class":539},[285,1172,970],{"class":373},[285,1174,988],{"class":302},[285,1176,991],{"class":373},[285,1178,994],{"class":321},[285,1180,997],{"class":539},[285,1182,1000],{"class":373},[285,1184,1003],{"class":302},[285,1186,1006],{"class":373},[285,1188,1009],{"class":373},[285,1190,1012],{"class":298},[285,1192,1193],{"class":373},")\"\n",[11,1195,1196],{},"Scan results are viewable in the Harbor UI, displaying CVE IDs, severity levels, and fixable versions.",[183,1198,1200],{"id":1199},"cve-allowlists","CVE Allowlists",[11,1202,1203,1204,1209],{},"False positives or accepted vulnerabilities can be allowlisted per project. The ",[22,1205,1208],{"href":1206,"rel":1207},"https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Fharbor-scanner-trivy",[26],"Aqua Security Harbor Scanner Trivy"," repository contains detailed configuration instructions.",[36,1211,1213],{"id":1212},"replication-and-disaster-recovery","Replication and Disaster Recovery",[11,1215,1216],{},"Harbor's replication feature automatically synchronizes images across multiple registry instances.",[183,1218,1220],{"id":1219},"replication-targets","Replication Targets",[11,1222,1223],{},"Harbor supports bidirectional replication with:",[44,1225,1226,1229,1236,1243,1250,1257],{},[47,1227,1228],{},"Harbor (other instances)",[47,1230,1231],{},[22,1232,1235],{"href":1233,"rel":1234},"https:\u002F\u002Fhub.docker.com\u002F",[26],"Docker Hub",[47,1237,1238],{},[22,1239,1242],{"href":1240,"rel":1241},"https:\u002F\u002Faws.amazon.com\u002Fecr\u002F",[26],"AWS ECR",[47,1244,1245],{},[22,1246,1249],{"href":1247,"rel":1248},"https:\u002F\u002Fcloud.google.com\u002Fartifact-registry",[26],"Google Artifact Registry",[47,1251,1252],{},[22,1253,1256],{"href":1254,"rel":1255},"https:\u002F\u002Fazure.microsoft.com\u002Fservices\u002Fcontainer-registry\u002F",[26],"Azure ACR",[47,1258,1259],{},"Any OCI-compliant registry",[183,1261,1263],{"id":1262},"replication-policy","Replication Policy",[275,1265,1269],{"className":1266,"code":1267,"language":1268,"meta":280,"style":280},"language-json shiki shiki-themes tokyo-night","{\n  \"name\": \"sync-to-dr\",\n  \"src_registry\": { \"id\": 0 },\n  \"dest_registry\": { \"id\": 1 },\n  \"dest_namespace\": \"production\",\n  \"trigger\": {\n    \"type\": \"event_based\"\n  },\n  \"filters\": [\n    { \"type\": \"name\", \"value\": \"production\u002F**\" },\n    { \"type\": \"tag\", \"value\": \"v*\" }\n  ],\n  \"enabled\": true\n}\n","json",[282,1270,1271,1276,1299,1330,1358,1378,1392,1412,1418,1432,1474,1513,1520,1534],{"__ignoreMap":280},[285,1272,1273],{"class":287,"line":288},[285,1274,1040],{"class":1275},"sgJMe",[285,1277,1278,1281,1285,1287,1289,1291,1294,1296],{"class":287,"line":295},[285,1279,1280],{"class":373},"  \"",[285,1282,1284],{"class":1283},"s3R4Z","name",[285,1286,976],{"class":373},[285,1288,374],{"class":373},[285,1290,970],{"class":373},[285,1292,1293],{"class":302},"sync-to-dr",[285,1295,976],{"class":373},[285,1297,1298],{"class":373},",\n",[285,1300,1301,1303,1306,1308,1310,1313,1315,1318,1320,1322,1325,1328],{"class":287,"line":306},[285,1302,1280],{"class":373},[285,1304,1305],{"class":1283},"src_registry",[285,1307,976],{"class":373},[285,1309,374],{"class":373},[285,1311,1312],{"class":1275}," {",[285,1314,970],{"class":373},[285,1316,1317],{"class":321},"id",[285,1319,976],{"class":373},[285,1321,374],{"class":373},[285,1323,1324],{"class":404}," 0",[285,1326,1327],{"class":1275}," }",[285,1329,1298],{"class":373},[285,1331,1332,1334,1337,1339,1341,1343,1345,1347,1349,1351,1354,1356],{"class":287,"line":318},[285,1333,1280],{"class":373},[285,1335,1336],{"class":1283},"dest_registry",[285,1338,976],{"class":373},[285,1340,374],{"class":373},[285,1342,1312],{"class":1275},[285,1344,970],{"class":373},[285,1346,1317],{"class":321},[285,1348,976],{"class":373},[285,1350,374],{"class":373},[285,1352,1353],{"class":404}," 1",[285,1355,1327],{"class":1275},[285,1357,1298],{"class":373},[285,1359,1360,1362,1365,1367,1369,1371,1374,1376],{"class":287,"line":328},[285,1361,1280],{"class":373},[285,1363,1364],{"class":1283},"dest_namespace",[285,1366,976],{"class":373},[285,1368,374],{"class":373},[285,1370,970],{"class":373},[285,1372,1373],{"class":302},"production",[285,1375,976],{"class":373},[285,1377,1298],{"class":373},[285,1379,1380,1382,1385,1387,1389],{"class":287,"line":335},[285,1381,1280],{"class":373},[285,1383,1384],{"class":1283},"trigger",[285,1386,976],{"class":373},[285,1388,374],{"class":373},[285,1390,1391],{"class":1275}," {\n",[285,1393,1394,1397,1400,1402,1404,1406,1409],{"class":287,"line":341},[285,1395,1396],{"class":373},"    \"",[285,1398,1399],{"class":321},"type",[285,1401,976],{"class":373},[285,1403,374],{"class":373},[285,1405,970],{"class":373},[285,1407,1408],{"class":302},"event_based",[285,1410,1411],{"class":373},"\"\n",[285,1413,1414,1416],{"class":287,"line":428},[285,1415,1080],{"class":1275},[285,1417,1298],{"class":373},[285,1419,1420,1422,1425,1427,1429],{"class":287,"line":433},[285,1421,1280],{"class":373},[285,1423,1424],{"class":1283},"filters",[285,1426,976],{"class":373},[285,1428,374],{"class":373},[285,1430,1431],{"class":1275}," [\n",[285,1433,1434,1437,1439,1441,1443,1445,1447,1449,1451,1454,1456,1459,1461,1463,1465,1468,1470,1472],{"class":287,"line":439},[285,1435,1436],{"class":1275},"    {",[285,1438,970],{"class":373},[285,1440,1399],{"class":321},[285,1442,976],{"class":373},[285,1444,374],{"class":373},[285,1446,970],{"class":373},[285,1448,1284],{"class":302},[285,1450,976],{"class":373},[285,1452,1453],{"class":373},",",[285,1455,970],{"class":373},[285,1457,1458],{"class":321},"value",[285,1460,976],{"class":373},[285,1462,374],{"class":373},[285,1464,970],{"class":373},[285,1466,1467],{"class":302},"production\u002F**",[285,1469,976],{"class":373},[285,1471,1327],{"class":1275},[285,1473,1298],{"class":373},[285,1475,1476,1478,1480,1482,1484,1486,1488,1491,1493,1495,1497,1499,1501,1503,1505,1508,1510],{"class":287,"line":450},[285,1477,1436],{"class":1275},[285,1479,970],{"class":373},[285,1481,1399],{"class":321},[285,1483,976],{"class":373},[285,1485,374],{"class":373},[285,1487,970],{"class":373},[285,1489,1490],{"class":302},"tag",[285,1492,976],{"class":373},[285,1494,1453],{"class":373},[285,1496,970],{"class":373},[285,1498,1458],{"class":321},[285,1500,976],{"class":373},[285,1502,374],{"class":373},[285,1504,970],{"class":373},[285,1506,1507],{"class":302},"v*",[285,1509,976],{"class":373},[285,1511,1512],{"class":1275}," }\n",[285,1514,1515,1518],{"class":287,"line":455},[285,1516,1517],{"class":1275},"  ]",[285,1519,1298],{"class":373},[285,1521,1522,1524,1527,1529,1531],{"class":287,"line":461},[285,1523,1280],{"class":373},[285,1525,1526],{"class":1283},"enabled",[285,1528,976],{"class":373},[285,1530,374],{"class":373},[285,1532,1533],{"class":404}," true\n",[285,1535,1536],{"class":287,"line":469},[285,1537,1538],{"class":1275},"}\n",[11,1540,1541],{},"Choose between event-based triggers (replicate immediately on push) and schedule-based triggers (periodic synchronization).",[11,1543,1544,1545,1550],{},"The ",[22,1546,1549],{"href":1547,"rel":1548},"https:\u002F\u002Fshipyard.build\u002Fblog\u002Fcontainer-registries\u002F",[26],"Shipyard registry comparison"," evaluates Harbor's replication capabilities as a major differentiator for enterprise environments.",[36,1552,1554],{"id":1553},"summary-enterprise-grade-container-registry","Summary: Enterprise-Grade Container Registry",[11,1556,1557],{},"Harbor delivers an enterprise-grade private container registry integrating:",[44,1559,1560,1566,1571,1576,1581],{},[47,1561,1562,1565],{},[15,1563,1564],{},"Built-in Trivy",": Detect vulnerabilities instantly with auto-scan on push",[47,1567,1568,1570],{},[15,1569,130],{},": Fine-grained access control at project and role levels",[47,1572,1573,1575],{},[15,1574,138],{},": Multi-registry image synchronization and DR capabilities",[47,1577,1578,1580],{},[15,1579,146],{},": Tamper prevention with Cosign \u002F Notary",[47,1582,1583,1586],{},[15,1584,1585],{},"Helm Chart Hosting",": Unified management for Kubernetes deployments",[11,1588,1589,1590,1593,1594,1597],{},"At ",[22,1591,33],{"href":31,"rel":1592},[26],", Harbor forms the core of our image management pipeline for production container workloads. Integration with ",[22,1595,165],{"href":163,"rel":1596},[26]," enables one-stop operations from vulnerability response to automated deployments.",[11,1599,1600,1601,181],{},"To discuss Harbor adoption or container registry operations, please ",[22,1602,1605],{"href":1603,"rel":1604},"https:\u002F\u002Fwww.hexabase.com\u002Fcontact-us\u002F",[26],"contact us",[1607,1608,1609],"style",{},"html pre.shiki code .sbD-w, html code.shiki .sbD-w{--shiki-default:#51597D;--shiki-default-font-style:italic}html pre.shiki code .sE3pS, html code.shiki .sE3pS{--shiki-default:#C0CAF5}html pre.shiki code .sPY7s, html code.shiki .sPY7s{--shiki-default:#9ECE6A}html pre.shiki code .sySf4, html code.shiki .sySf4{--shiki-default:#0DB9D7}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .s0U2E, html code.shiki .s0U2E{--shiki-default:#F7768E}html pre.shiki code .sAklC, html code.shiki .sAklC{--shiki-default:#89DDFF}html pre.shiki code .sOJ5S, html code.shiki .sOJ5S{--shiki-default:#FF9E64}html pre.shiki code .sT800, html code.shiki .sT800{--shiki-default:#E0AF68}html pre.shiki code .sgJMe, html code.shiki .sgJMe{--shiki-default:#9ABDF5}html pre.shiki code .s3R4Z, html code.shiki .s3R4Z{--shiki-default:#7AA2F7}",{"title":280,"searchDepth":295,"depth":295,"links":1611},[1612,1613,1617,1621,1626,1630],{"id":38,"depth":295,"text":39},{"id":169,"depth":295,"text":170,"children":1614},[1615,1616],{"id":185,"depth":306,"text":186},{"id":582,"depth":306,"text":583},{"id":831,"depth":295,"text":832,"children":1618},[1619,1620],{"id":838,"depth":306,"text":839},{"id":946,"depth":306,"text":947},{"id":1103,"depth":295,"text":1104,"children":1622},[1623,1624,1625],{"id":1110,"depth":306,"text":1111},{"id":1142,"depth":306,"text":1143},{"id":1199,"depth":306,"text":1200},{"id":1212,"depth":295,"text":1213,"children":1627},[1628,1629],{"id":1219,"depth":306,"text":1220},{"id":1262,"depth":306,"text":1263},{"id":1553,"depth":295,"text":1554},"2026-05-27","Complete guide to deploying and operating Harbor as your private container registry. Covers Trivy integration, RBAC, image replication, Helm deployment, and enterprise security features.","md","en",{},"\u002Fblog\u002Fen\u002Fcontainer-registry-harbor-setup",{"title":5,"description":1632},"blog\u002Fen\u002Fcontainer-registry-harbor-setup",[27,1640,257,1641,57,1642,130],"Container Registry","Kubernetes","Trivy","i462c0aw9npe7MIcYDUA3siltO2AMHlma48ijzz-FrI",1779964618759]