[{"data":1,"prerenderedAt":1627},["ShallowReactive",2],{"blog-ja-container-registry-harbor-setup":3,"blog-ja-container-registry-harbor-setup-alt":329},{"id":4,"title":5,"author":6,"body":7,"date":1614,"description":1615,"extension":1616,"image":278,"locale":1617,"meta":1618,"navigation":329,"path":1619,"seo":1620,"stem":1621,"tags":1622,"__hash__":1626},"blog\u002Fblog\u002Fja\u002Fcontainer-registry-harbor-setup.md","Harbor でプライベートコンテナレジストリを構築する","Kubo Team",{"type":8,"value":9,"toc":1593},"minimark",[10,19,35,40,43,71,79,82,158,166,170,181,186,190,272,349,355,519,569,577,581,589,818,824,828,831,834,938,941,1077,1093,1097,1100,1103,1128,1131,1181,1184,1188,1197,1200,1203,1206,1209,1245,1248,1523,1526,1534,1538,1541,1570,1580,1589],[11,12,13,14,18],"p",{},"パブリックな Docker Hub だけに頼るコンテナ運用には、レート制限・セキュリティ・コンプライアンスの面で限界があります。エンタープライズ環境では、イメージの完全な制御、脆弱性の自動スキャン、アクセス制御を備えた",[15,16,17],"strong",{},"プライベートコンテナレジストリ","が不可欠です。",[11,20,21,28,29,34],{},[22,23,27],"a",{"href":24,"rel":25},"https:\u002F\u002Fgoharbor.io\u002F",[26],"nofollow","Harbor"," は CNCF 卒業プロジェクトのオープンソースコンテナレジストリで、まさにこれらの要件を満たします。",[22,30,33],{"href":31,"rel":32},"https:\u002F\u002Fkubo.hexabase.io\u002F",[26],"Kubo"," のコンテナ基盤でも Harbor をプライベートレジストリとして活用しており、本記事ではその構築から運用までを実践的に解説します。",[36,37,39],"h2",{"id":38},"harbor-とは-なぜ今プライベートレジストリが必要か","Harbor とは: なぜ今プライベートレジストリが必要か",[11,41,42],{},"Docker Hub は便利ですが、本番環境では以下の課題が顕在化します:",[44,45,46,53,59,65],"ul",{},[47,48,49,52],"li",{},[15,50,51],{},"レート制限",": 無料アカウントでは 6 時間あたり 100 Pull の制限",[47,54,55,58],{},[15,56,57],{},"セキュリティ",": 公開イメージの信頼性検証が困難",[47,60,61,64],{},[15,62,63],{},"コンプライアンス",": イメージの保管場所とアクセスログの管理要件",[47,66,67,70],{},[15,68,69],{},"ネットワーク",": インターネット経由の Pull による遅延とコスト",[11,72,73,78],{},[22,74,77],{"href":75,"rel":76},"https:\u002F\u002Fblogs.vmware.com\u002Fcloud-foundation\u002F2025\u002F11\u002F18\u002Fharbor-your-enterprise-ready-container-registry-for-a-modern-private-cloud\u002F",[26],"VMware のブログ","では、Harbor を「モダンプライベートクラウドのためのエンタープライズ対応コンテナレジストリ」と位置づけています。",[11,80,81],{},"Harbor の主要機能:",[83,84,85,98],"table",{},[86,87,88],"thead",{},[89,90,91,95],"tr",{},[92,93,94],"th",{},"機能",[92,96,97],{},"説明",[99,100,101,110,118,126,134,142,150],"tbody",{},[89,102,103,107],{},[104,105,106],"td",{},"コンテナイメージ管理",[104,108,109],{},"Docker イメージと OCI アーティファクトの保存・配信",[89,111,112,115],{},[104,113,114],{},"Helm チャート管理",[104,116,117],{},"ChartMuseum 統合による Helm チャートのホスティング",[89,119,120,123],{},[104,121,122],{},"脆弱性スキャン",[104,124,125],{},"Trivy 内蔵による自動脆弱性スキャン",[89,127,128,131],{},[104,129,130],{},"RBAC",[104,132,133],{},"プロジェクト・ロールベースのアクセス制御",[89,135,136,139],{},[104,137,138],{},"レプリケーション",[104,140,141],{},"複数レジストリ間のイメージ同期",[89,143,144,147],{},[104,145,146],{},"イメージ署名",[104,148,149],{},"Cosign \u002F Notary によるイメージ署名検証",[89,151,152,155],{},[104,153,154],{},"ガベージコレクション",[104,156,157],{},"未使用イメージの自動クリーンアップ",[11,159,160,165],{},[22,161,164],{"href":162,"rel":163},"https:\u002F\u002Fwww.hexabase.com\u002Fproduct\u002Fcaptain-ai\u002F",[26],"Captain.AI"," と Harbor を連携させることで、AI ワーカーのコンテナイメージ管理を自動化できます。",[36,167,169],{"id":168},"harbor-のインストール方法","Harbor のインストール方法",[11,171,172,173,176,177,180],{},"Harbor は ",[15,174,175],{},"VM ベースのインストール","と ",[15,178,179],{},"Kubernetes 上の Helm デプロイ","の 2 つの方法で構築できます。",[182,183,185],"h3",{"id":184},"方法1-vm-ベースインストール","方法1: VM ベースインストール",[187,188,189],"h4",{"id":189},"システム要件",[83,191,192,205],{},[86,193,194],{},[89,195,196,199,202],{},[92,197,198],{},"項目",[92,200,201],{},"最小要件",[92,203,204],{},"推奨",[99,206,207,218,229,240,251,262],{},[89,208,209,212,215],{},[104,210,211],{},"CPU",[104,213,214],{},"2 vCPU",[104,216,217],{},"4 vCPU",[89,219,220,223,226],{},[104,221,222],{},"メモリ",[104,224,225],{},"4 GB",[104,227,228],{},"8 GB",[89,230,231,234,237],{},[104,232,233],{},"ストレージ",[104,235,236],{},"40 GB",[104,238,239],{},"160 GB",[89,241,242,245,248],{},[104,243,244],{},"OS",[104,246,247],{},"Ubuntu 22.04 \u002F RHEL 9",[104,249,250],{},"Ubuntu 24.04",[89,252,253,256,259],{},[104,254,255],{},"Docker",[104,257,258],{},"Docker Engine 20.10+",[104,260,261],{},"最新版",[89,263,264,267,270],{},[104,265,266],{},"Docker Compose",[104,268,269],{},"v2.0+",[104,271,261],{},[273,274,279],"pre",{"className":275,"code":276,"language":277,"meta":278,"style":278},"language-bash shiki shiki-themes tokyo-night","# 1. Harbor インストーラーのダウンロード\nwget https:\u002F\u002Fgithub.com\u002Fgoharbor\u002Fharbor\u002Freleases\u002Fdownload\u002Fv2.12.0\u002Fharbor-online-installer-v2.12.0.tgz\ntar xzvf harbor-online-installer-v2.12.0.tgz\ncd harbor\n\n# 2. 設定ファイルの編集\ncp harbor.yml.tmpl harbor.yml\n","bash","",[280,281,282,291,302,314,324,331,337],"code",{"__ignoreMap":278},[283,284,287],"span",{"class":285,"line":286},"line",1,[283,288,290],{"class":289},"sbD-w","# 1. Harbor インストーラーのダウンロード\n",[283,292,294,298],{"class":285,"line":293},2,[283,295,297],{"class":296},"sE3pS","wget",[283,299,301],{"class":300},"sPY7s"," https:\u002F\u002Fgithub.com\u002Fgoharbor\u002Fharbor\u002Freleases\u002Fdownload\u002Fv2.12.0\u002Fharbor-online-installer-v2.12.0.tgz\n",[283,303,305,308,311],{"class":285,"line":304},3,[283,306,307],{"class":296},"tar",[283,309,310],{"class":300}," xzvf",[283,312,313],{"class":300}," harbor-online-installer-v2.12.0.tgz\n",[283,315,317,321],{"class":285,"line":316},4,[283,318,320],{"class":319},"sySf4","cd",[283,322,323],{"class":300}," harbor\n",[283,325,327],{"class":285,"line":326},5,[283,328,330],{"emptyLinePlaceholder":329},true,"\n",[283,332,334],{"class":285,"line":333},6,[283,335,336],{"class":289},"# 2. 設定ファイルの編集\n",[283,338,340,343,346],{"class":285,"line":339},7,[283,341,342],{"class":296},"cp",[283,344,345],{"class":300}," harbor.yml.tmpl",[283,347,348],{"class":300}," harbor.yml\n",[11,350,351,354],{},[280,352,353],{},"harbor.yml"," の主要設定:",[273,356,360],{"className":357,"code":358,"language":359,"meta":278,"style":278},"language-yaml shiki shiki-themes tokyo-night","hostname: harbor.example.com\n\n# HTTPS 設定（本番必須）\nhttps:\n  port: 443\n  certificate: \u002Fetc\u002Fssl\u002Fcerts\u002Fharbor.crt\n  private_key: \u002Fetc\u002Fssl\u002Fprivate\u002Fharbor.key\n\n# 管理者パスワード\nharbor_admin_password: StrongPassword123!\n\n# データベース設定\ndatabase:\n  password: db-password\n  max_idle_conns: 100\n  max_open_conns: 900\n\n# ストレージ設定\ndata_volume: \u002Fdata\u002Fharbor\n","yaml",[280,361,362,375,379,384,392,403,413,423,428,434,445,450,456,464,475,486,497,502,508],{"__ignoreMap":278},[283,363,364,368,372],{"class":285,"line":286},[283,365,367],{"class":366},"s0U2E","hostname",[283,369,371],{"class":370},"sAklC",":",[283,373,374],{"class":300}," harbor.example.com\n",[283,376,377],{"class":285,"line":293},[283,378,330],{"emptyLinePlaceholder":329},[283,380,381],{"class":285,"line":304},[283,382,383],{"class":289},"# HTTPS 設定（本番必須）\n",[283,385,386,389],{"class":285,"line":316},[283,387,388],{"class":366},"https",[283,390,391],{"class":370},":\n",[283,393,394,397,399],{"class":285,"line":326},[283,395,396],{"class":366},"  port",[283,398,371],{"class":370},[283,400,402],{"class":401},"sOJ5S"," 443\n",[283,404,405,408,410],{"class":285,"line":333},[283,406,407],{"class":366},"  certificate",[283,409,371],{"class":370},[283,411,412],{"class":300}," \u002Fetc\u002Fssl\u002Fcerts\u002Fharbor.crt\n",[283,414,415,418,420],{"class":285,"line":339},[283,416,417],{"class":366},"  private_key",[283,419,371],{"class":370},[283,421,422],{"class":300}," \u002Fetc\u002Fssl\u002Fprivate\u002Fharbor.key\n",[283,424,426],{"class":285,"line":425},8,[283,427,330],{"emptyLinePlaceholder":329},[283,429,431],{"class":285,"line":430},9,[283,432,433],{"class":289},"# 管理者パスワード\n",[283,435,437,440,442],{"class":285,"line":436},10,[283,438,439],{"class":366},"harbor_admin_password",[283,441,371],{"class":370},[283,443,444],{"class":300}," StrongPassword123!\n",[283,446,448],{"class":285,"line":447},11,[283,449,330],{"emptyLinePlaceholder":329},[283,451,453],{"class":285,"line":452},12,[283,454,455],{"class":289},"# データベース設定\n",[283,457,459,462],{"class":285,"line":458},13,[283,460,461],{"class":366},"database",[283,463,391],{"class":370},[283,465,467,470,472],{"class":285,"line":466},14,[283,468,469],{"class":366},"  password",[283,471,371],{"class":370},[283,473,474],{"class":300}," db-password\n",[283,476,478,481,483],{"class":285,"line":477},15,[283,479,480],{"class":366},"  max_idle_conns",[283,482,371],{"class":370},[283,484,485],{"class":401}," 100\n",[283,487,489,492,494],{"class":285,"line":488},16,[283,490,491],{"class":366},"  max_open_conns",[283,493,371],{"class":370},[283,495,496],{"class":401}," 900\n",[283,498,500],{"class":285,"line":499},17,[283,501,330],{"emptyLinePlaceholder":329},[283,503,505],{"class":285,"line":504},18,[283,506,507],{"class":289},"# ストレージ設定\n",[283,509,511,514,516],{"class":285,"line":510},19,[283,512,513],{"class":366},"data_volume",[283,515,371],{"class":370},[283,517,518],{"class":300}," \u002Fdata\u002Fharbor\n",[273,520,522],{"className":275,"code":521,"language":277,"meta":278,"style":278},"# 3. Trivy 付きでインストール\n.\u002Finstall.sh --with-trivy\n\n# 4. 動作確認\ndocker compose ps\ncurl -k https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fhealth\n",[280,523,524,529,538,542,547,558],{"__ignoreMap":278},[283,525,526],{"class":285,"line":286},[283,527,528],{"class":289},"# 3. Trivy 付きでインストール\n",[283,530,531,534],{"class":285,"line":293},[283,532,533],{"class":296},".\u002Finstall.sh",[283,535,537],{"class":536},"sT800"," --with-trivy\n",[283,539,540],{"class":285,"line":304},[283,541,330],{"emptyLinePlaceholder":329},[283,543,544],{"class":285,"line":316},[283,545,546],{"class":289},"# 4. 動作確認\n",[283,548,549,552,555],{"class":285,"line":326},[283,550,551],{"class":296},"docker",[283,553,554],{"class":300}," compose",[283,556,557],{"class":300}," ps\n",[283,559,560,563,566],{"class":285,"line":333},[283,561,562],{"class":296},"curl",[283,564,565],{"class":536}," -k",[283,567,568],{"class":300}," https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fhealth\n",[11,570,571,576],{},[22,572,575],{"href":573,"rel":574},"https:\u002F\u002Fgoharbor.io\u002Fdocs\u002F2.12.0\u002Finstall-config\u002F",[26],"Harbor 公式のインストールドキュメント","に詳細な手順が記載されています。",[182,578,580],{"id":579},"方法2-kubernetes-上の-helm-デプロイ","方法2: Kubernetes 上の Helm デプロイ",[11,582,583,588],{},[22,584,587],{"href":585,"rel":586},"https:\u002F\u002Fwww.cncf.io\u002Fblog\u002F2026\u002F01\u002F05\u002Fdeploying-harbor-on-kubernetes-using-helm\u002F",[26],"CNCF のデプロイガイド","で推奨されている方法です。高可用性が必要な本番環境に適しています。",[273,590,592],{"className":275,"code":591,"language":277,"meta":278,"style":278},"# Helm リポジトリの追加\nhelm repo add harbor https:\u002F\u002Fhelm.goharbor.io\nhelm repo update\n\n# values.yaml の作成\ncat \u003C\u003CEOF > harbor-values.yaml\nexpose:\n  type: ingress\n  ingress:\n    hosts:\n      core: harbor.example.com\n    className: nginx\n  tls:\n    enabled: true\n    certSource: secret\n    secret:\n      secretName: harbor-tls\nexternalURL: https:\u002F\u002Fharbor.example.com\npersistence:\n  enabled: true\n  persistentVolumeClaim:\n    registry:\n      size: 100Gi\n    database:\n      size: 10Gi\ntrivy:\n  enabled: true\nEOF\n\n# Harbor のデプロイ\nhelm install harbor harbor\u002Fharbor \\\n  -f harbor-values.yaml \\\n  -n harbor --create-namespace\n",[280,593,594,599,616,625,629,634,651,656,661,666,671,676,681,686,691,696,701,706,711,716,722,728,734,740,746,752,758,763,769,774,780,796,807],{"__ignoreMap":278},[283,595,596],{"class":285,"line":286},[283,597,598],{"class":289},"# Helm リポジトリの追加\n",[283,600,601,604,607,610,613],{"class":285,"line":293},[283,602,603],{"class":296},"helm",[283,605,606],{"class":300}," repo",[283,608,609],{"class":300}," add",[283,611,612],{"class":300}," harbor",[283,614,615],{"class":300}," https:\u002F\u002Fhelm.goharbor.io\n",[283,617,618,620,622],{"class":285,"line":304},[283,619,603],{"class":296},[283,621,606],{"class":300},[283,623,624],{"class":300}," update\n",[283,626,627],{"class":285,"line":316},[283,628,330],{"emptyLinePlaceholder":329},[283,630,631],{"class":285,"line":326},[283,632,633],{"class":289},"# values.yaml の作成\n",[283,635,636,639,642,645,648],{"class":285,"line":333},[283,637,638],{"class":296},"cat",[283,640,641],{"class":370}," \u003C\u003C",[283,643,644],{"class":370},"EOF",[283,646,647],{"class":370}," >",[283,649,650],{"class":300}," harbor-values.yaml\n",[283,652,653],{"class":285,"line":339},[283,654,655],{"class":300},"expose:\n",[283,657,658],{"class":285,"line":425},[283,659,660],{"class":300},"  type: ingress\n",[283,662,663],{"class":285,"line":430},[283,664,665],{"class":300},"  ingress:\n",[283,667,668],{"class":285,"line":436},[283,669,670],{"class":300},"    hosts:\n",[283,672,673],{"class":285,"line":447},[283,674,675],{"class":300},"      core: harbor.example.com\n",[283,677,678],{"class":285,"line":452},[283,679,680],{"class":300},"    className: nginx\n",[283,682,683],{"class":285,"line":458},[283,684,685],{"class":300},"  tls:\n",[283,687,688],{"class":285,"line":466},[283,689,690],{"class":300},"    enabled: true\n",[283,692,693],{"class":285,"line":477},[283,694,695],{"class":300},"    certSource: secret\n",[283,697,698],{"class":285,"line":488},[283,699,700],{"class":300},"    secret:\n",[283,702,703],{"class":285,"line":499},[283,704,705],{"class":300},"      secretName: harbor-tls\n",[283,707,708],{"class":285,"line":504},[283,709,710],{"class":300},"externalURL: https:\u002F\u002Fharbor.example.com\n",[283,712,713],{"class":285,"line":510},[283,714,715],{"class":300},"persistence:\n",[283,717,719],{"class":285,"line":718},20,[283,720,721],{"class":300},"  enabled: true\n",[283,723,725],{"class":285,"line":724},21,[283,726,727],{"class":300},"  persistentVolumeClaim:\n",[283,729,731],{"class":285,"line":730},22,[283,732,733],{"class":300},"    registry:\n",[283,735,737],{"class":285,"line":736},23,[283,738,739],{"class":300},"      size: 100Gi\n",[283,741,743],{"class":285,"line":742},24,[283,744,745],{"class":300},"    database:\n",[283,747,749],{"class":285,"line":748},25,[283,750,751],{"class":300},"      size: 10Gi\n",[283,753,755],{"class":285,"line":754},26,[283,756,757],{"class":300},"trivy:\n",[283,759,761],{"class":285,"line":760},27,[283,762,721],{"class":300},[283,764,766],{"class":285,"line":765},28,[283,767,768],{"class":370},"EOF\n",[283,770,772],{"class":285,"line":771},29,[283,773,330],{"emptyLinePlaceholder":329},[283,775,777],{"class":285,"line":776},30,[283,778,779],{"class":289},"# Harbor のデプロイ\n",[283,781,783,785,788,790,793],{"class":285,"line":782},31,[283,784,603],{"class":296},[283,786,787],{"class":300}," install",[283,789,612],{"class":300},[283,791,792],{"class":300}," harbor\u002Fharbor",[283,794,795],{"class":370}," \\\n",[283,797,799,802,805],{"class":285,"line":798},32,[283,800,801],{"class":536},"  -f",[283,803,804],{"class":300}," harbor-values.yaml",[283,806,795],{"class":370},[283,808,810,813,815],{"class":285,"line":809},33,[283,811,812],{"class":536},"  -n",[283,814,612],{"class":300},[283,816,817],{"class":536}," --create-namespace\n",[11,819,820,823],{},[22,821,33],{"href":31,"rel":822},[26]," の Kubernetes クラスタでは、Helm デプロイが推奨されます。",[36,825,827],{"id":826},"rbac-とプロジェクト管理","RBAC とプロジェクト管理",[11,829,830],{},"Harbor の RBAC はプロジェクト単位でアクセス権限を管理します。",[182,832,833],{"id":833},"ロール階層",[83,835,836,858],{},[86,837,838],{},[89,839,840,843,846,849,852,855],{},[92,841,842],{},"ロール",[92,844,845],{},"Push",[92,847,848],{},"Pull",[92,850,851],{},"スキャン",[92,853,854],{},"メンバー管理",[92,856,857],{},"設定変更",[99,859,860,876,892,907,922],{},[89,861,862,865,868,870,872,874],{},[104,863,864],{},"Project Admin",[104,866,867],{},"○",[104,869,867],{},[104,871,867],{},[104,873,867],{},[104,875,867],{},[89,877,878,881,883,885,887,890],{},[104,879,880],{},"Maintainer",[104,882,867],{},[104,884,867],{},[104,886,867],{},[104,888,889],{},"×",[104,891,889],{},[89,893,894,897,899,901,903,905],{},[104,895,896],{},"Developer",[104,898,867],{},[104,900,867],{},[104,902,889],{},[104,904,889],{},[104,906,889],{},[89,908,909,912,914,916,918,920],{},[104,910,911],{},"Guest",[104,913,889],{},[104,915,867],{},[104,917,889],{},[104,919,889],{},[104,921,889],{},[89,923,924,927,929,932,934,936],{},[104,925,926],{},"Limited Guest",[104,928,889],{},[104,930,931],{},"△（特定タグ）",[104,933,889],{},[104,935,889],{},[104,937,889],{},[182,939,940],{"id":940},"プロジェクト設定例",[273,942,944],{"className":275,"code":943,"language":277,"meta":278,"style":278},"# Harbor CLI でプロジェクト作成\ncurl -X POST \"https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fprojects\" \\\n  -H \"Authorization: Basic $(echo -n 'admin:password' | base64)\" \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\n    \"project_name\": \"production\",\n    \"metadata\": {\n      \"public\": \"false\",\n      \"auto_scan\": \"true\",\n      \"prevent_vul\": \"true\",\n      \"severity\": \"high\"\n    }\n  }'\n",[280,945,946,951,972,1011,1024,1034,1039,1044,1049,1054,1059,1064,1069],{"__ignoreMap":278},[283,947,948],{"class":285,"line":286},[283,949,950],{"class":289},"# Harbor CLI でプロジェクト作成\n",[283,952,953,955,958,961,964,967,970],{"class":285,"line":293},[283,954,562],{"class":296},[283,956,957],{"class":536}," -X",[283,959,960],{"class":300}," POST",[283,962,963],{"class":370}," \"",[283,965,966],{"class":300},"https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fprojects",[283,968,969],{"class":370},"\"",[283,971,795],{"class":370},[283,973,974,977,979,982,985,988,991,994,997,1000,1003,1006,1009],{"class":285,"line":304},[283,975,976],{"class":536},"  -H",[283,978,963],{"class":370},[283,980,981],{"class":300},"Authorization: Basic ",[283,983,984],{"class":370},"$(",[283,986,987],{"class":319},"echo",[283,989,990],{"class":536}," -n",[283,992,993],{"class":370}," '",[283,995,996],{"class":300},"admin:password",[283,998,999],{"class":370},"'",[283,1001,1002],{"class":370}," |",[283,1004,1005],{"class":296}," base64",[283,1007,1008],{"class":370},")\"",[283,1010,795],{"class":370},[283,1012,1013,1015,1017,1020,1022],{"class":285,"line":316},[283,1014,976],{"class":536},[283,1016,963],{"class":370},[283,1018,1019],{"class":300},"Content-Type: application\u002Fjson",[283,1021,969],{"class":370},[283,1023,795],{"class":370},[283,1025,1026,1029,1031],{"class":285,"line":326},[283,1027,1028],{"class":536},"  -d",[283,1030,993],{"class":370},[283,1032,1033],{"class":300},"{\n",[283,1035,1036],{"class":285,"line":333},[283,1037,1038],{"class":300},"    \"project_name\": \"production\",\n",[283,1040,1041],{"class":285,"line":339},[283,1042,1043],{"class":300},"    \"metadata\": {\n",[283,1045,1046],{"class":285,"line":425},[283,1047,1048],{"class":300},"      \"public\": \"false\",\n",[283,1050,1051],{"class":285,"line":430},[283,1052,1053],{"class":300},"      \"auto_scan\": \"true\",\n",[283,1055,1056],{"class":285,"line":436},[283,1057,1058],{"class":300},"      \"prevent_vul\": \"true\",\n",[283,1060,1061],{"class":285,"line":447},[283,1062,1063],{"class":300},"      \"severity\": \"high\"\n",[283,1065,1066],{"class":285,"line":452},[283,1067,1068],{"class":300},"    }\n",[283,1070,1071,1074],{"class":285,"line":458},[283,1072,1073],{"class":300},"  }",[283,1075,1076],{"class":370},"'\n",[11,1078,1079,1082,1083,1086,1087,1092],{},[280,1080,1081],{},"prevent_vul: true"," と ",[280,1084,1085],{},"severity: high"," を設定すると、HIGH 以上の脆弱性を含むイメージの Pull がブロックされます。",[22,1088,1091],{"href":1089,"rel":1090},"https:\u002F\u002Fwww.hostmycode.com\u002Fblog\u002Fcontainer-registry-security-hardening-harbor-trivy-scanner-rbac-dedicated-servers",[26],"HostMyCode のセキュリティハードニングガイド","で詳しく解説されています。",[36,1094,1096],{"id":1095},"trivy-統合による脆弱性管理","Trivy 統合による脆弱性管理",[11,1098,1099],{},"Harbor に内蔵された Trivy は、イメージの Push 時に自動で脆弱性スキャンを実行します。",[182,1101,1102],{"id":1102},"自動スキャンの設定",[1104,1105,1106,1116,1122],"ol",{},[47,1107,1108,1111,1112,1115],{},[15,1109,1110],{},"プロジェクト設定"," > ",[15,1113,1114],{},"Configuration"," で「Automatically scan images on push」を有効化",[47,1117,1118,1121],{},[15,1119,1120],{},"脆弱性の重大度閾値","を設定（例: HIGH 以上の脆弱性でブロック）",[47,1123,1124,1127],{},[15,1125,1126],{},"スキャンスケジュール","を設定（例: 毎日深夜に全イメージを再スキャン）",[182,1129,1130],{"id":1130},"スキャン結果の確認",[273,1132,1134],{"className":275,"code":1133,"language":277,"meta":278,"style":278},"# API でスキャン結果を取得\ncurl \"https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fprojects\u002Fproduction\u002Frepositories\u002Fmyapp\u002Fartifacts\u002Flatest\u002Fadditions\u002Fvulnerabilities\" \\\n  -H \"Authorization: Basic $(echo -n 'admin:password' | base64)\"\n",[280,1135,1136,1141,1154],{"__ignoreMap":278},[283,1137,1138],{"class":285,"line":286},[283,1139,1140],{"class":289},"# API でスキャン結果を取得\n",[283,1142,1143,1145,1147,1150,1152],{"class":285,"line":293},[283,1144,562],{"class":296},[283,1146,963],{"class":370},[283,1148,1149],{"class":300},"https:\u002F\u002Fharbor.example.com\u002Fapi\u002Fv2.0\u002Fprojects\u002Fproduction\u002Frepositories\u002Fmyapp\u002Fartifacts\u002Flatest\u002Fadditions\u002Fvulnerabilities",[283,1151,969],{"class":370},[283,1153,795],{"class":370},[283,1155,1156,1158,1160,1162,1164,1166,1168,1170,1172,1174,1176,1178],{"class":285,"line":304},[283,1157,976],{"class":536},[283,1159,963],{"class":370},[283,1161,981],{"class":300},[283,1163,984],{"class":370},[283,1165,987],{"class":319},[283,1167,990],{"class":536},[283,1169,993],{"class":370},[283,1171,996],{"class":300},[283,1173,999],{"class":370},[283,1175,1002],{"class":370},[283,1177,1005],{"class":296},[283,1179,1180],{"class":370},")\"\n",[11,1182,1183],{},"スキャン結果は Harbor UI で視覚的に確認でき、CVE ID、重大度、修正可能バージョンが表示されます。",[182,1185,1187],{"id":1186},"cve-ホワイトリスト","CVE ホワイトリスト",[11,1189,1190,1191,1196],{},"誤検出や許容済みの脆弱性は、プロジェクト単位で CVE ホワイトリストに登録できます。",[22,1192,1195],{"href":1193,"rel":1194},"https:\u002F\u002Fgithub.com\u002Faquasecurity\u002Fharbor-scanner-trivy",[26],"Aqua Security の Harbor Scanner Trivy"," リポジトリに詳細な設定方法があります。",[36,1198,1199],{"id":1199},"レプリケーションとディザスタリカバリ",[11,1201,1202],{},"Harbor のレプリケーション機能は、複数のレジストリインスタンス間でイメージを自動同期します。",[182,1204,1205],{"id":1205},"レプリケーションターゲット",[11,1207,1208],{},"Harbor は以下のレジストリとの双方向レプリケーションをサポートします:",[44,1210,1211,1214,1221,1228,1235,1242],{},[47,1212,1213],{},"Harbor（他のインスタンス）",[47,1215,1216],{},[22,1217,1220],{"href":1218,"rel":1219},"https:\u002F\u002Fhub.docker.com\u002F",[26],"Docker Hub",[47,1222,1223],{},[22,1224,1227],{"href":1225,"rel":1226},"https:\u002F\u002Faws.amazon.com\u002Fecr\u002F",[26],"AWS ECR",[47,1229,1230],{},[22,1231,1234],{"href":1232,"rel":1233},"https:\u002F\u002Fcloud.google.com\u002Fartifact-registry",[26],"Google Artifact Registry",[47,1236,1237],{},[22,1238,1241],{"href":1239,"rel":1240},"https:\u002F\u002Fazure.microsoft.com\u002Fservices\u002Fcontainer-registry\u002F",[26],"Azure ACR",[47,1243,1244],{},"OCI 準拠の任意のレジストリ",[182,1246,1247],{"id":1247},"レプリケーションポリシー",[273,1249,1253],{"className":1250,"code":1251,"language":1252,"meta":278,"style":278},"language-json shiki shiki-themes tokyo-night","{\n  \"name\": \"sync-to-dr\",\n  \"src_registry\": { \"id\": 0 },\n  \"dest_registry\": { \"id\": 1 },\n  \"dest_namespace\": \"production\",\n  \"trigger\": {\n    \"type\": \"event_based\"\n  },\n  \"filters\": [\n    { \"type\": \"name\", \"value\": \"production\u002F**\" },\n    { \"type\": \"tag\", \"value\": \"v*\" }\n  ],\n  \"enabled\": true\n}\n","json",[280,1254,1255,1260,1283,1314,1342,1362,1376,1396,1402,1416,1458,1497,1504,1518],{"__ignoreMap":278},[283,1256,1257],{"class":285,"line":286},[283,1258,1033],{"class":1259},"sgJMe",[283,1261,1262,1265,1269,1271,1273,1275,1278,1280],{"class":285,"line":293},[283,1263,1264],{"class":370},"  \"",[283,1266,1268],{"class":1267},"s3R4Z","name",[283,1270,969],{"class":370},[283,1272,371],{"class":370},[283,1274,963],{"class":370},[283,1276,1277],{"class":300},"sync-to-dr",[283,1279,969],{"class":370},[283,1281,1282],{"class":370},",\n",[283,1284,1285,1287,1290,1292,1294,1297,1299,1302,1304,1306,1309,1312],{"class":285,"line":304},[283,1286,1264],{"class":370},[283,1288,1289],{"class":1267},"src_registry",[283,1291,969],{"class":370},[283,1293,371],{"class":370},[283,1295,1296],{"class":1259}," {",[283,1298,963],{"class":370},[283,1300,1301],{"class":319},"id",[283,1303,969],{"class":370},[283,1305,371],{"class":370},[283,1307,1308],{"class":401}," 0",[283,1310,1311],{"class":1259}," }",[283,1313,1282],{"class":370},[283,1315,1316,1318,1321,1323,1325,1327,1329,1331,1333,1335,1338,1340],{"class":285,"line":316},[283,1317,1264],{"class":370},[283,1319,1320],{"class":1267},"dest_registry",[283,1322,969],{"class":370},[283,1324,371],{"class":370},[283,1326,1296],{"class":1259},[283,1328,963],{"class":370},[283,1330,1301],{"class":319},[283,1332,969],{"class":370},[283,1334,371],{"class":370},[283,1336,1337],{"class":401}," 1",[283,1339,1311],{"class":1259},[283,1341,1282],{"class":370},[283,1343,1344,1346,1349,1351,1353,1355,1358,1360],{"class":285,"line":326},[283,1345,1264],{"class":370},[283,1347,1348],{"class":1267},"dest_namespace",[283,1350,969],{"class":370},[283,1352,371],{"class":370},[283,1354,963],{"class":370},[283,1356,1357],{"class":300},"production",[283,1359,969],{"class":370},[283,1361,1282],{"class":370},[283,1363,1364,1366,1369,1371,1373],{"class":285,"line":333},[283,1365,1264],{"class":370},[283,1367,1368],{"class":1267},"trigger",[283,1370,969],{"class":370},[283,1372,371],{"class":370},[283,1374,1375],{"class":1259}," {\n",[283,1377,1378,1381,1384,1386,1388,1390,1393],{"class":285,"line":339},[283,1379,1380],{"class":370},"    \"",[283,1382,1383],{"class":319},"type",[283,1385,969],{"class":370},[283,1387,371],{"class":370},[283,1389,963],{"class":370},[283,1391,1392],{"class":300},"event_based",[283,1394,1395],{"class":370},"\"\n",[283,1397,1398,1400],{"class":285,"line":425},[283,1399,1073],{"class":1259},[283,1401,1282],{"class":370},[283,1403,1404,1406,1409,1411,1413],{"class":285,"line":430},[283,1405,1264],{"class":370},[283,1407,1408],{"class":1267},"filters",[283,1410,969],{"class":370},[283,1412,371],{"class":370},[283,1414,1415],{"class":1259}," [\n",[283,1417,1418,1421,1423,1425,1427,1429,1431,1433,1435,1438,1440,1443,1445,1447,1449,1452,1454,1456],{"class":285,"line":436},[283,1419,1420],{"class":1259},"    {",[283,1422,963],{"class":370},[283,1424,1383],{"class":319},[283,1426,969],{"class":370},[283,1428,371],{"class":370},[283,1430,963],{"class":370},[283,1432,1268],{"class":300},[283,1434,969],{"class":370},[283,1436,1437],{"class":370},",",[283,1439,963],{"class":370},[283,1441,1442],{"class":319},"value",[283,1444,969],{"class":370},[283,1446,371],{"class":370},[283,1448,963],{"class":370},[283,1450,1451],{"class":300},"production\u002F**",[283,1453,969],{"class":370},[283,1455,1311],{"class":1259},[283,1457,1282],{"class":370},[283,1459,1460,1462,1464,1466,1468,1470,1472,1475,1477,1479,1481,1483,1485,1487,1489,1492,1494],{"class":285,"line":447},[283,1461,1420],{"class":1259},[283,1463,963],{"class":370},[283,1465,1383],{"class":319},[283,1467,969],{"class":370},[283,1469,371],{"class":370},[283,1471,963],{"class":370},[283,1473,1474],{"class":300},"tag",[283,1476,969],{"class":370},[283,1478,1437],{"class":370},[283,1480,963],{"class":370},[283,1482,1442],{"class":319},[283,1484,969],{"class":370},[283,1486,371],{"class":370},[283,1488,963],{"class":370},[283,1490,1491],{"class":300},"v*",[283,1493,969],{"class":370},[283,1495,1496],{"class":1259}," }\n",[283,1498,1499,1502],{"class":285,"line":452},[283,1500,1501],{"class":1259},"  ]",[283,1503,1282],{"class":370},[283,1505,1506,1508,1511,1513,1515],{"class":285,"line":458},[283,1507,1264],{"class":370},[283,1509,1510],{"class":1267},"enabled",[283,1512,969],{"class":370},[283,1514,371],{"class":370},[283,1516,1517],{"class":401}," true\n",[283,1519,1520],{"class":285,"line":466},[283,1521,1522],{"class":1259},"}\n",[11,1524,1525],{},"イベントベーストリガー（Push 時に即座にレプリケーション）と、スケジュールベーストリガー（定期的な同期）を選択できます。",[11,1527,1528,1533],{},[22,1529,1532],{"href":1530,"rel":1531},"https:\u002F\u002Fshipyard.build\u002Fblog\u002Fcontainer-registries\u002F",[26],"Shipyard のレジストリ比較記事","では、Harbor のレプリケーション機能がエンタープライズ環境での大きな差別化要因として評価されています。",[36,1535,1537],{"id":1536},"まとめ-エンタープライズ対応のコンテナレジストリ","まとめ: エンタープライズ対応のコンテナレジストリ",[11,1539,1540],{},"Harbor は、以下の機能を統合したエンタープライズ対応のプライベートコンテナレジストリです:",[44,1542,1543,1549,1554,1559,1564],{},[47,1544,1545,1548],{},[15,1546,1547],{},"Trivy 内蔵",": Push 時自動スキャンで脆弱性を即座に検出",[47,1550,1551,1553],{},[15,1552,130],{},": プロジェクト・ロール単位のきめ細かいアクセス制御",[47,1555,1556,1558],{},[15,1557,138],{},": マルチレジストリ間のイメージ同期と DR 対策",[47,1560,1561,1563],{},[15,1562,146],{},": Cosign \u002F Notary による改ざん防止",[47,1565,1566,1569],{},[15,1567,1568],{},"Helm チャートホスティング",": Kubernetes デプロイの統合管理",[11,1571,1572,1575,1576,1579],{},[22,1573,33],{"href":31,"rel":1574},[26]," では、コンテナワークロードの本番基盤として Harbor を中核に据えたイメージ管理パイプラインを構築しています。",[22,1577,164],{"href":162,"rel":1578},[26]," との連携により、イメージの脆弱性対応から自動デプロイまでをワンストップで実現できます。",[11,1581,1582,1583,1588],{},"Harbor の導入やコンテナレジストリの運用について、ぜひ",[22,1584,1587],{"href":1585,"rel":1586},"https:\u002F\u002Fwww.hexabase.com\u002Fcontact-us\u002F",[26],"お問い合わせ","ください。",[1590,1591,1592],"style",{},"html pre.shiki code .sbD-w, html code.shiki .sbD-w{--shiki-default:#51597D;--shiki-default-font-style:italic}html pre.shiki code .sE3pS, html code.shiki .sE3pS{--shiki-default:#C0CAF5}html pre.shiki code .sPY7s, html code.shiki .sPY7s{--shiki-default:#9ECE6A}html pre.shiki code .sySf4, html code.shiki .sySf4{--shiki-default:#0DB9D7}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .s0U2E, html code.shiki .s0U2E{--shiki-default:#F7768E}html pre.shiki code .sAklC, html code.shiki .sAklC{--shiki-default:#89DDFF}html pre.shiki code .sOJ5S, html code.shiki .sOJ5S{--shiki-default:#FF9E64}html pre.shiki code .sT800, html code.shiki .sT800{--shiki-default:#E0AF68}html pre.shiki code .sgJMe, html code.shiki .sgJMe{--shiki-default:#9ABDF5}html pre.shiki code .s3R4Z, html code.shiki .s3R4Z{--shiki-default:#7AA2F7}",{"title":278,"searchDepth":293,"depth":293,"links":1594},[1595,1596,1600,1604,1609,1613],{"id":38,"depth":293,"text":39},{"id":168,"depth":293,"text":169,"children":1597},[1598,1599],{"id":184,"depth":304,"text":185},{"id":579,"depth":304,"text":580},{"id":826,"depth":293,"text":827,"children":1601},[1602,1603],{"id":833,"depth":304,"text":833},{"id":940,"depth":304,"text":940},{"id":1095,"depth":293,"text":1096,"children":1605},[1606,1607,1608],{"id":1102,"depth":304,"text":1102},{"id":1130,"depth":304,"text":1130},{"id":1186,"depth":304,"text":1187},{"id":1199,"depth":293,"text":1199,"children":1610},[1611,1612],{"id":1205,"depth":304,"text":1205},{"id":1247,"depth":304,"text":1247},{"id":1536,"depth":293,"text":1537},"2026-05-27","Harbor を使ったプライベートコンテナレジストリの構築から運用まで完全ガイド。Trivy 統合による脆弱性スキャン、RBAC、レプリケーション、Helm デプロイを実践的に解説。","md","ja",{},"\u002Fblog\u002Fja\u002Fcontainer-registry-harbor-setup",{"title":5,"description":1615},"blog\u002Fja\u002Fcontainer-registry-harbor-setup",[27,1623,255,1624,57,1625,130],"コンテナレジストリ","Kubernetes","Trivy","zdhwzMOqlMK4HXXXT0ORkqk575DxFPxjEb176I57GbQ",1779964617052]