...
Help for registering with IRIS IAM can be found here. <: https://iris-iam.stfc.ac.uk/help/ >
Signing In
If you have already signed up (as described in Signing https://stfc.atlassian.net/wiki/spaces/CLOUDKB/pages/211779789/Harbor+Private+Docker+Registry#Signing-Up) you can login by simply clicking Login Via OIDC Provider.
Entering your facility/IRIS credentials into the Harbor login page will not work, as IRIS IAM handles authentication on our behalf.
Creating a Project
Please contact us Contact Details to request a new project, please include the following details in your email:
The project name (all lowercase, can use - and _)
Brief description of planned usage
Is the project public or private (see https://stfc.atlassian.net/wiki/spaces/CLOUDKB/pages/211779789/Harbor+Private+Docker+Registry#Private-Projects)
Estimated storage requirements (GB)
Planned User / Group Permissions (see Project https://stfc.atlassian.net/wiki/spaces/CLOUDKB/pages/211779789/Harbor+Private+Docker+Registry#Project-Permissions)
(Optional) Retention Rules (see Advanced: Project Retention https://stfc.atlassian.net/wiki/spaces/CLOUDKB/pages/211779789/Harbor+Private+Docker+Registry#Advanced%3A-Project-Retention-Rules)
Using Harbor
Project Permissions
...
Machines will not be able to pull from a private repository without first logging in: https://stfc.atlassian.net/wiki/spaces/CLOUDKB/pages/211779789/Harbor+Private+Docker+Registry#Authenticating-Docker.
Vulnerability scanner
By default we configure all projects to automatically scan images pushed to harbor for vulnerabilities and we also conduct weekly scans against all images.
You can view the results by clicking into the project. Then into the repository and then you will see a summary of the vulnerabilities against each artifactsartefacts
You can hover over the Vulnerabilities field to view a summary or click into the artifact artefact to view further details
We recommend that you resolve all Critical and High rated vulnerabilities as soon as possible.
...
Logging in grants you the ability to pull and push to projects where you have appropriate permissions:
Sign into Harborhttps://stfc.atlassian.net/wiki/spaces/CLOUDKB/pages/211779789/Harbor+Private+Docker+Registry#Signing-In
Take note of your profile name in the top-right
Click on the profile name and click User Profile
Copy the CLI secret can be copied using the copy action
On the target machine run
...
Rotating the access token will generate a new token whilst invalidating the old token and is simple:
Sign into Harborhttps://stfc.atlassian.net/wiki/spaces/CLOUDKB/pages/211779789/Harbor+Private+Docker+Registry#Signing-In
Click on the profile name and click User Profile
Click the 3 dots next to CLI secret
Select Generate Secret
Confirm you are happy to discard your old token
On each machine you require access re-login: https://stfc.atlassian.net/wiki/spaces/CLOUDKB/pages/211779789/Harbor+Private+Docker+Registry#Authenticating-Docker
Tagging and Pushing Images
...