►
From YouTube: Introduction to Harbor project
Description
Harbor (https://goharbor.io/) is cloud-native registry. Micheal Michael introducing the project and discuss possible usage in IoT Edge deployments.
A
Let
me
about
me
so
just
what
I'm
doing
that
so
one
of
the
committee
and
also
a
director
of
product
management
at
VMware
I'm
also
heavily
involved
in
the
company,
this
community
I'm
the
one
of
the
chairs
for
seat
windows
and
up
being
that
for
for
a
very
long
time
now
so
I'm
fairly
intimately
knowledgeable
around
the
cognitive
space.
The
investments
were
making
across
the
board
and
also
fairly
involved
in
a
lot
of
the
different
cloud
native
products
that
VMware
is,
is
delivering
to
our
end.
A
Users
and
customers
feel
free
to
keep
these
as
as
interactive
as
possible.
I
want,
you
know,
I'll,
give
you
guys
as
much
knowledge
of
harbor
as
we
need
to
deep
dive
into
scenarios
from
there.
So
we
get
started
here.
A
In
a
nutshell,
a
harbor
is
an
open
source
cloud
native
registry.
We
think
of
this
as
the
enterprise
register,
something
that
you
deploy
and
deliver
internally
in
your
organization,
and
some
of
these
big
advantages
is
that
it
not
only
stores
images
of
science
images
scans
them
and
allows
you
to
establish
your
security
footprint
and
your
compliance
footing
in
your
organization
as
it
relates
to
container
images.
A
Our
mission
is
to
provide
the
repository
for
all
your
cloud
native
assets
today
is
contained
area,
medicine
and
home
church
tomorrow
it
might
be
other
things.
Maybe
Sina
bundles,
take
off
and
become
a
thing.
Operators
are
starting
to
pick
up
a
lot
of
steam,
so
we
want
to
be
the
repository
that
allows
you
to
serve
manage
all
of
different
cognitive
assets,
starting
with
container
images
and
hound
charts.
Today,.
A
When
you
look
at
hardware,
will
kind
of
segment
up
features
into
two
specific
areas.
The
first
one
is
security.
This
is
really
where
we
shine.
We
do
a
lot
of
things
around
project,
isolation
and
second
policy,
so
they
allow
you
to
segment
your
entire
registry
into
individualized
projects.
Then
you
can
deliver
to
different
areas
of
your
organization
where
their
development
teams
or
different
business
units
or
even
different
different
companies
outside
of
your
org
and
you
can
define
policy
around
those
projects,
allows
everything
to
be
controlled
from
well.
A
Should
this
project
be
replicated
what
kind
of
scanning
and
vulnerability
analysis
policy
I
want
to
I
want
to
enforce
cotton,
signing
of
validation?
All
of
those
decisions
can
be
made
at
the
project
layer.
So
if
you're,
a
company
that
wants
to
operate
internally,
almost
as
a
service
provider
and
say
I'm
gonna,
deploy
in
the
central
IT
organization,
hardboard
and
I
can
define
that
policy
and
deliver
harbors
a
self-service
to
different
areas
of
my
business
unit.
A
Seven
part
of
hardboard
is
management.
That,
basically,
is,
were
we
do
everything
from
my
tank
integration
role
based
access
control
and
we
support
you
AAA.
We
support
l-dub,
we
support
DC
with
our
latest
release,
so
you
can
do
bring
your
own
and
to
press
identity
and
get
single
sign-on
within
harbor.
We
also
do
a
lot
of
things
on
our
replicating
instances
of
hardboard
or
areas
of
hardboard
with
other
registries
and
that's
actually
a
big
area
and
I.
Think
that's
what
stephan1
really
came
in
to
you
saying
hey.
A
You
know
this
really
really
worked
for
the
branch
office
because
you
could
actually
set
up
a
project
internally
within
your
own
private
data
center
and
scan
all
the
images
you
have
enforce.
Contents
I
mean
do
other
analysis
need
to
do
to
make
sure
that
those
images
are
good,
meet
compliance,
meet
security
demands
and
then
replicate
those
images
to
the
branch
office
where
they
don't
have
to
do
any
of
that
work
because
it
already.
A
We
validated
by
your
main
Harbor
instance
in
your
data
center
and
all
you're
doing
at
the
branch
office,
is
serving
the
images
for
for
usage.
So
all
you
need
is
a
small
pipe
to
be
able
to
transfer
the
Delta
of
the
images
and
then
from
there
on
be
able
to
serve
them
to
your
runtime
of
choice
where
that's
docker,
kubernetes
or
something
else
also
have
a
fairly
extensive
on
UI
and
api.
A
I'm
gonna
show
you
guys
a
lot
of
these
things
in
the
demo
as
well.
We'll
look
at
the
architectural.
Don't
really
need
to
spend
a
lot
of
time.
All
of
these
different
areas
of
harbor
are
componentized
from
the
signing
the
vulnerability
scanning,
the
vault
database
that
contains
a
lot
of
metadata
and
configuration
of
harbor
architectural
registry,
the
identity
providers
and
most
of
these
components
run
as
docker
containers.
A
So
whether
we
deploy
harboring,
docker
you're
gonna
get
a
whole
bunch
of
images
that
are
running
the
different
components
of
harbor
or
you
could
deploy
using
how
in
kubernetes-
and
you
get
the
scalable
architecture
or
most
of
these
components
runs
run
as
pods
and
at
the
core
dimension
on
the
underlying
layer.
We
have
the
local
or
remote
storage.
So
we
support
an
affairs,
we
support,
s3,
compatible
storage
or
you
can
use
local
storage,
whatever
hard
words
posted
to
kind
of
host
your
repository.
A
However,
one
today
it
was
our
latest
release
and
we
should
that
at
the
same
time
is
to
be
gone
Barcelona
a
few
weeks
ago,
and
we
actually
had
some
really
specific
capabilities
that
we
enabled
that
advanced
our
vision
in
some
of
the
areas
I
mentioned
earlier,
the
first
one
that
we
enabled
was
for
the
Korriban
accounts
today,
when
you
enable
identity
federation
of
hard
work.
Well,
that's
out
the
directory
out
there
or
open
a
physical
lab.
One
of
the
difficulties
that
you
have
is
when
you
start
executing
sea
ice
in
the
pipeline's.
A
You
don't
want
to
provide
your
enterprise
credentials
into
the
CLC
pipeline.
In
fact,
during
the
community
meeting
for
harbor
earlier
today,
one
of
our
users
basically
really
applauded
us
on
creating
robot
accounts.
She
doesn't
want
to
put
into
his
home
course
and
pipelines
his
enterprise
Kratz.
It
just
doesn't
work
and,
more
importantly,
if
even
if
he
was
able
to
put
his
enterprise
credit,
if
you're
using
tools
like
docker,
client
or
home
client,
they
don't
know
how
to
do
the
authentication,
dance
and
federated
your
identity
to
the
unpacking
system.
A
So
for
all,
those
scenarios
is
great
to
create
a
robot
account.
That
has
a
limited
time
to
mean
what
you
have
to
refresh
its
password
and
you're
gonna
username
and
a
password
that
you
can
set
up
for
CIC,
be
so
simplified
consumption,
make
it
easy
for
users
to
integrate
hard
work
within
the
bigger
umbrella
of
services
and
post
natal
native
world
good.
B
A
Not
today,
but
that's
something
that's
something
to
think
about.
Essentially
what
that
will
mean
is
that
you
have
to
run
the
container
that
manages
the
robot
accounts
is
a
service
account
and
internal
fader.
It
will
involve
a
little
bit
more
planning
to
get
that
to
work,
but
not
entirely
impossible.
A
On
the
open,
ID
connect
fraud,
that's
something
that
we
added
very
recently,
so
you
can
have
support
for
Google
accounts,
tags
and
ping
ping
identity.
So
now
you
can
use
your
IDC
for
federating
into
additional
providers,
and
then
we
added
a
couple
of
things
around
health
check,
API
and
stability
and
reliability
fixes
so
we're
kind
of
improving
how
hardball
can
be
monitored
or
production
workloads
and
and,
as
some
more
folks
are
scaling
Harbor
within
their
organization.
A
The
need
for
some
of
these
additional
capabilities
is
important
to
be
able
to
run
in
production
and
when
the
replication
work,
who
before
one
day,
you
could
only
set
up
replication.
So
you
could
replicate
from
one
harbor
instance
to
another.
So
Harvard
to
harbor
worked
very
well,
but
we
didn't
have
any
other
capabilities
with
one.
To
date,
we
added
the
ability
to
replicate
from
harbor
to
docker
hub
to
any
other
docker
registry,
as
well
as
well
as
to
the
huawei
tragedies.
A
So
now
we
added
three
additional
replication
targets
and
we'll
have
a
working
group
that
already
is
adding
things
like
adamus
target
GCP,
I
sure
and
a
few
others.
So
we
are
expanding
the
work
so
that
you
can
replicate
harbor
to
multitude
of
different
providers
and
our
replication
is
both
push
and
pull
so
it's
amanda
harbour
is
going
to
initiate
some
of
the
replication.
We
can
also
pull
up
push
content
from
those
providers
like.
B
A
quick
question
says:
that's
the
what
was
called
my
content
replication
next
generation.
As
a
proposal
I
saw
in
harbor
wiki
was
it
was
basically
allowing
non
non
harbor
replication
right,
that's
correct!
How
do
you
do
with
the
canonical
image
name
of
the
image?
The
canonical
image
name
had
a
host
name
of
a
different
registry.
When
you
do
replication
you
strip
the
the
hostname
and
use
the
harbour
instances,
hostname
image
the
image,
tags
and
name
and
tag
door,
yeah.
A
B
A
Yeah
you,
you
update
what
your
repository
will
be,
but
your
image,
the
the
repository
name,
which
is
basically
and
then
you
have
your
tag.
Those
would
stay
intact.
So
your
repository
and
your
tag
don't
have
to
change.
So
if
you
have,
for
example,
red
is
red,
this
is
the
repository
and
then
version.
1.5
is
your
tag.
Those
don't
have
to
change.
What
will
change
is
the
namespace
as
what
docker
usually
cause
it,
so
the
namespace
in
docker
hub
and
you
could
change
to
the
project,
naming
hard
work.
A
Haven't
done
that
the
the
problem
is,
some
of
these
replications
are
tied
to
a
project
and
the
project
name
kind
of
becomes
an
names
basing
their
docker
registry,
an
environment.
We
can
look
and
look
at
that.
That's
that's
good
idea.
To
think
about
can
ask
some
of
our
guys
received
it.
You
can
mask
that.
The
problem
is
that
your
original
namespace
might
have
a
conflict
with
something
that
someone
else
already
created,
so
that
always
would
bring
up
some
some
issues
then
wouldn't
know
what
to
Roger
I.
C
A
D
A
C
A
Kind
of
looking
up
we're
all
going
with
harbor.
We
just
basically
finished
our
planning
for
1.9
and
as
part
of
that,
we
are
basically
making
investments
on
1.9
1.1
1.7,
which
a
fin
of
them
is
three-month
bounded
releases
into
a
couple
of
areas
that
okay
McConnell,
that
we
again
have
kind
of
split
off
into
two
different
stream
links
and
I
won't
spend
too
much
time
on
this.
But
I'll
kind
of
give
you
guys
a
high-level
overview.
A
So,
on
the
management
front,
we
do
want
to
have
a
kubernetes
operator
harbor
to
simplify
management,
consumption
and
operations
of
a
harbor
installation
within
kubernetes,
as
a
native
kubernetes
application
con
down
the
theme
of
making
it
easier
for
companies
to
run
harbor
almost
as
service
providers.
We
want
to
do
things
like
coders
and
time
to
leave
for
images
and
have
and
have
an
operator
of
hardboard
define
both
resource
constraints,
as
well
as
compliance
needs
on
a
project
basis.
A
Doing
a
lot
more
things
on
metadata
management,
making
it
easier
to
search,
tagged
images,
group
them
together
and
kind
of
expose
that
traditional
functionality
like
replication
cities,
metadata
base
station
elvenar
the
login
in
point
four.
So
we
can
have
a
sink
resource
cover
so
who
can
have
integration
to
through
Indy
and
Splunk
and
other
tools
that
use
the
basically
taking
the
sink
research,
we're
also
expanding
our
preferred
scale.
We
actually
have
our
biggest
customers
has
millions
of
container
images
in
production
of
hardware
in
many
many
nodes
across.
A
Obviously,
multiple
installations
of
harbor
I
do
continuously
invest
in
now.
How
can
you
have
more
images
under
management?
How
can
you
have
more
more
projects
in
to
harbour
Okinawa
users
simultaneously
pull
and
push
images?
All
of
those
are
things
that
were
looking
into
improving
on
extensibility
front,
something
that
we
wanted
to
deliver
with
1.8,
but
we
were
not
able
to
is
webhook
support,
so
we're
gonna
start
with
a
minimal
viable
project
product
on
that
in
the
1.9
release
and
we're
gonna
have
the
baby
to
subscribe
to
events
around
image
and
hung
hung
shot.
A
Upload,
download
deletion
as
well
as
all
of
the
CVE
and
vulnerability
scanning
related
work,
so
hey
at
least
can
in
a
fantasy,
be
already.
The
scanning
was
successful.
Already
the
scan
any
fail,
so
you'll
be
able
to
get
events
around
these
and
either
drive
notifications
in
your
enterprise,
or
even
create
some
automated
remediated
actions
around
this
today
harbor
has
static
analysis
and
we
use
Claire
underneath
the
covers
to
do
on
our
static
analysis
ability
scanning,
but
we
want
to
expand
another
create
a
bigger
umbrella
over
the
cold
interrogation
service.
A
We're
scanning
you
declare
is
a
first-class
citizen
of
that,
but
also
and
expose
that
traditional
companies
and
vendors
that
want
to
come
and
add
value.
On
top
of
our
board,
you
can
think
of
an
enterprise
saying:
hey
I
want
to
build.
My
own
plugin
for
the
interrogation
service,
but
does
a
license
check.
It's
just
a
simple
license
check.
My
developers
are
uploading
images
and
we
will
enforce
certain
licenses
or
maybe
something
more
advanced
were
aqua.
Security
comes
in
Clemente's
interrogation
service
to
do
their
own
scanning
and
vulnerability
analysis
on
top
of
what
fair
provides.
A
I
think
it's
both
our
thing
at
the
base
layer
having
something
that
would
Claire
provides
using
static
analysis
is
a
fundamental
part
of
air.
The
container
registry
for
the
enterprise
that
without
a
base
is
a
secure,
compliant
base
registry.
But
then
you
can
add
all
these
other
complimentary
things
or
you
can
extend
harbor
being
the
source
of
truth
for
your
container
images
and
allow
other
vendors
and
other
companies
to
come
in
and
not
find
you
out
on
top
of
it
in
a
complementary.
B
Right
I'm
just
trying
to
because
you
know
everything
is
connected
everything.
So
in
terms
of
founders
or
like
you
could
you
could
sort
of
say
that,
because
it's
this
is
about
container
source
of
truth
and
there
should
be
CI
CD
inside
of
harbor,
or
you
know,
like
all
the
all
the
container
building
could
be
inside
our
bure,
like
everything
you
could
put
in
the
bucket
right.
But
there
are
all
the
lines
and
say
this
is
the
focus.
This
is
the
specific
focus
for
harbor
versus
where
we
integrate,
where
we,
where
we
build
integration,
surfaces,
yeah.
E
I,
don't
think
you'd
want
to
build
a
monolith.
One
of
the
ideas
we
kicked
around
in
Barcelona
after
our
IOT
and
edge
meeting
with
kilt
and
who
isn't
here
today.
But
we
have
this
concept
of
harbor
being
in
a
position
to
know
when
a
new
image
has
been
pushed
and
we
could
take
one
out
to
this
sidebar
service.
E
That
would
stand
it
up
in
a
honeypot
and
do
you
know
not
static
analysis,
but
go
instantiate
the
container
and
watch
it
like
a
hawk
to
see
if
anything
funny
is
going
on
and
then,
if
something's
detected
reported
back
and
you
might
want
Harbor
to
be
the
place
that
consolidates
all
of
these
security
related
reports,
even
if
it
isn't
doing
all
of
the
scanning
operation
itself.
Yeah.
A
That's
exactly
the
what
what
Stephen
mentioned
is
exactly
the
approach
of
taking
the
Aqua
there.
You
know
you
push
your
images
to
harbor
I
was
that
killed.
It
comes
on
who's,
the
image
it's
a
fingerprint
out
of
it.
They
scan
it.
They
basically
do
everything
that
they
do
is
in
their
proprietary
engine.
Let
me
just
throw
the
port
back
to
harbor,
telling
them
hey.
This
image
is
safe
or
it's
not
safe
or
not
yet,
and
that's
the
model
that
they
wanna
go
to.
A
A
E
Of
the
things
Michael
let's
come
up
in
this
group
before
is
the
idea
of
potentially
hosting
device
firmware
and
things
that
are
not
containers
but
still
binaries
and
really
I.
Think
if
you
look
at
something
like
harbor,
potentially
as
a
catalog,
the
blobstore,
maybe
that
isn't
an
outlandish
thing
to
entertain.
A
Okay,
I,
don't
know
them
that
I
didn't
think
about
that.
So
I
know
you
know
things
that
I
had
in
my
list.
You
know
starting
from
operators,
obviously
and
cinah
bundles
what
rpms
war
files
other
things
are
scripts
that
are
very
important
and
the
community
as
you're
as
you
meet
them
specifically
when
Cinnabun
does
require
them
to
kind
of
formulate.
A
A
Then
ever
since
we've
been
donated
to
CMC
F
notice
of
2018,
you
can
see
kind
of
a
confusion
or
from
a
company
as
well
as
developers
has
been
growing
and
we're
seeing
more
and
more
people
coming
into
harbor
and
contributing,
and
in
fact
one
to
date
was
our
release
that
had
the
highest
number
of
contributions
across
the
board
from
different
users,
different
companies,
and
it
was
a
incredible
thing
to
see
all
these
people
coming
together
and
building
an
open-source
on
native
registry.
If
you
guys
wanna
reach
us.
A
Now
see
the
demo
cool,
so
so
let
me
kind
of
give
you
guys
a
high-level
overview,
Harbor
and
I
wanna
I'm
not
gonna,
go
into
a
super
long
demo.
So
I.
Can
you
guys
opportune
to
ask
questions
and
kind
of
get
into
a
discussion,
so
this
is
Harbor.
This
is
a
harbor
one.
Today
it's
installed
on
AWS
in
this
specific
instance.
A
If
you
go
under
the
projects,
you
get
some
high
level
details
around
amount
of
storage
you're,
using
how
many
repositories
you
have
private
versus
public
different
projects
that
you
have,
and
you
can
see
here-
I
have
a
sincere
project.
I
have
Michael
Harbor
project
and
the
library
project.
I'll
show
you
guys
more
details
as
deep
dive
into
that
my
blogs,
so
you
can
get
out
what's
going
on
in
your
environment,
you
have
your
administration
or
you
have
users.
A
In
this
specific
case,
our
authentication
of
harbor
is
set
to
OID
C
and
I'm
logged
in
as
a
user
that
came
in
from
Google
authentication,
so
I
can
unlock
the
other
now.
So
if
I
could
login
back
into
Harbor
using
username
and
password
of
the
system-wide
admin
or
I
can
log
in
using
the
OID
C
provider
in
this
case,
it
will
redirect
me
to
co-sign
on
and
I
can
pick
one
of
my
different
Google
accounts,
which
I
have
mapped
to
to
a
harbor
account.
So
so
this
is
my.
A
This
is
my
users
now
one
of
the
one
of
the
big
things
that
being
able
to
run
today.
It
is
not
only
robot
accounts
that
I
mentioned
earlier
for
CSE
B,
but
what
if
me
Mike,
Hawk
I
wanna
use,
docker
client.
Dr.
client
doesn't
know
how
to
do
this.
Federation
tons
with
Google
accounts,
so
one
of
the
things
we
enable
for
me
is
I.
Can
click
on
my
name
become
my
user
profile
and
I
have
a
CLI
secret
here?
I
can
use
for
docker
and
how
CLI
access
so
I
can
go
ahead
and
copy.
A
A
After
users
who
have
registries
think
of
this
as
different
end
points
that
I
have
assigned
into
this
hardware
installation
to
be
able
to
do
replication
to
other
entities
and
if
I
were
to
create
a
new
endpoint.
Here
you
see
that
we
have
different
options.
We
have
docker
registry.
You
have
one
way
cloud
ready,
still
have
hardware
as
well
as
docker
hub,
so
all
of
those
are
accessible
for
me
to
be
able
to
push
and
replicate
images
and
I
provide
some
things
like
Menken,
URL,
ID
and
secret,
and
obviously
certificate.
What.
B
A
It's
just
testing.
We
are
supporting
we're
willing
to
fully
support
and
back
the
registries
that
was
validated
so
adding
more
registries
is
not
incredibly
complex
and
we're
adding
them
as
we
are.
Adding
support,
so
I
think
it's
more
around
can
meet
to
support
someone
and
help
them
to
they
have
an
issue
against
that
I.
Just
don't
have
validated
toward.
B
A
I
mean
so
we
we
do
have
to
support
our
users
right,
so
it's
best
that
for
support
from
a
from
a
from
an
open
source
project.
But
you
know
we
don't
have
infinite
amount
of
resources.
So
if
someone
were
to
try
a
docker
client,
that's
a
different
version
of
the
dr.
client
that
we
support
and
these
some
of
the
API
didn't
match.
Then
open
have
a
problem
sell
any
of
those
things.
I
introduced
both
friction
of
the
customer
layer.
B
A
A
B
It's
just
I
was
gonna.
Ask
on
the
other
side
of
this.
Like
do
you
have
in
this
demo?
How
is
it
like
the
robot
accounts
that
are
used
in
like
a
pod
definition
for
image
pull
secrets?
How
do
you,
how
do
you
correlate,
say
a
workload
running
in
kubernetes
who
has
permission
to
pull
certain
images
like
I'm,
okay,
you
know
I'm
trying
to
follow
kind
of
the
route
of
intent,
meaning
I
have
this
workload
running
in
this
kubernetes
namespace,
and
only
only
something
that
should
be
allowed.
B
A
So
I
miss
if
I
got
this
correct,
so
you
have
a
workload
account
in
kubernetes
and
you're,
saying
that
you
want
to
authorize
that
to
be
the
only
one
that
could
pull
certain
images.
I
think
that
the
way
that
you
would
tie,
that
is
with
a
specific
robot
account
and
obviously
in
your
pots
back
and
everything
else,
you
authorize
that
those
container
images
to
be
equal
for
those
using
that
role
based
access
control
that
don't
work,
I,
think.
B
A
B
E
A
That's
right:
they're,
the
robot
accounts
have
complete
access
to
the
push-up
pool
images
on
a
per
project
basis
and
those
are
strictly
for
CI
CD
there.
You
can
think
of
the
CLI
secrets
out
the
ones
that
you
will
use
if
you
want
to
use
your
individualized
auerbach
access
and
actually
as
soon
as
you
talked
about
it,
I
can
kind
of
show
that
here
really
quickly.
So
so,
if
I'm
in
a
project
and
pick
the
CNC,
a
project
and
I
come
in
and
I
want
to
create
the
robot
account
what
I
created
up
can
call
it.
A
Basically,
this
is
the
Destin's
account
and,
and
I
can
give
you
permission
for
pull
or
push
and
pull
within
this
project.
It
will
give
me
a
one-time
access
to
the
username
and
the
token
I
can
copy
it,
and
that's
it
I
don't
have
any
access
of
it
up
after
that,
and
it's
not
a
safe
way
of
the
user.
It's
a
project-wide
account
that
gives
me
full
access
to
manipulate
images
like
within
that
project,
and
it
has
a
time
to
live
off
about
one
month.
A
A
So
you
have
harbour
to
harbor
and
celebration
from
A
to
B
M
from
B
to
a
that
allowed
them
to
have
a
complete
single
resources
and
then
some
other
things
are
on
configuration
in
this
case.
I
use
YDC
providers
I'm
using
accounts
that
google.com.
As
my
endpoint,
you
have
things
like
SMTP
server
system
settings
and
labels
and
then
on
the
vulnerability
scanning.
You
have
a
you
know.
A
The
last
time
stamp
that
will
check
for
player
updates
and
you
can
do
updates
of
Claire
both
online
as
in
Harbor,
has
access
to
go
to
the
internet
and
pull
down
the
latest
data
bases
around
scanning,
or
we
have
a
process
which
is
not
super
user-friendly,
but
it's
it's.
It
works
that
allows
you
to
have
another
instance
of
hardboard.
That's
always
up
to
date.
Can
the
latest
database
and
then
copied
into
an
air-gapped
environment.
So
if
your
branch
is
more
aircraft,
you
have
a
process
to
enable
that.
F
No
slob
right
so
I
have
a
question
about
all
this.
What
does
do
you
guys
support
configuring
this
and
say,
like
your
pods
back
with
the
environment
variables
or
like
a
config
file,
cuz
I,
remember
using
harbor
a
couple
years
back
and
a
lot
of
this
was
you
know
it
was
purely
through
the
UI
feel
like
from
an
ops
perspective.
It
was
hard
harder
to
manage.
Do
you
guys
have
you
guys
when
its
support
for
managing
some
of
these
things
you
configuration
files
or
anything
some.
A
Of
them
are
enabled
by
confession
files.
Everything
additionally
do
I
say
it
doesn't
API
endpoint,
so
you
could
always
enable
some
of
them
idea
in
points,
but
our
home
child
has
a
tremendous
amount
of
configuration
already
in
it
for
a
lot
of
these
settings
of
our
board.
So
if
you're
deploying
hub
or
using
the
home
chart,
you
not
allow
flexibility.
2000
of
these
okay.
A
So
if
we
look
at
one
of
our
projects
here,
sohow
repositories,
which
are
my
images
in
this
case-
and
these
images
have
multiple
tags.
I
have
I
can
see
the
different
tags
I
can
see
if
you're,
you
know,
if
it's
comfortable
or
really
visit
in
sign
on
the
previous
page,
I
could
see
how
many
times
they
were
pulled.
I
can
retag
some
of
them.
If
I
need
to
I
can
copy
the
digest
copy.
A
The
pool
command,
I
need
to
sort
and
see
what
it
looks
like,
and
and
and
basically
see
some
basic
information
about
this
images.
So
I
can
click
on
prod,
for
example,
and
I
can
see
the
build
history
and
see
how
this
was
built,
including
if
our
scanning
for
vulnerabilities
I
could
see
how
that
looked
like,
and
if
you
go
back,
we
have,
and
you
see
some
of
the
same
information.
Different
versions
of
the
some
charts
when
they
were
created.
A
I
can
dig
into
individual
home
charts
and
see
specific
information,
including
configuration
of
this
some
charts
and
how
you
you
will
enable
them
so,
and
you
can
see
here
on
the
config,
some
of
their
things.
I
mentioned
earlier,
that
you
have
a
lot
of
these
configuration
options
for
hard
boards
that
already
enabled
in
the
home
chart.
So
they
can
make
it
easier
for
you
to
administer
harbor
and
kind
of
automate.
The
deployment
and
configuration
of
so.
B
A
B
One
kind
of
related
question:
this
is
like
how
how
out-of-the-box
easy
is
it
to
set
up
harbor
and
an
H?
A
configuration
I
mean
I.
Think
almost
every
project
today
has
an
H
a
story,
but
there's
often
a
big.
You
know
difference
between
the
the
demo
single
node
instance
that
you
can
kind
of
quickly
get
stood
up
and
then
AJ
is
possible.
But
kind
of
left
is
a
big
exercise
to
figure
out
how
to
run
the
post
grass
and
the
Redis
and
everything
else
as
AJ
built
anything
or.
A
One
of
the
things
that
you
have
not
done
is
that
you
have
to
go
set
up
Redis
and
post
Chris
yourself
outside
of
our
installation
in
either
an
EJ
fashion
or
not
depending
how
you
want
it,
and
then
you
run
on
home
charge.
You
basically
deploy
the
rest
of
harbor.
So
when
you
get
to
the
how
much
our
deployment
of
harbor
is
super
easy,
but
there
is
some
setup
and
configuration
that
you
need
to
do
on
your
own
before
you
get
there.
We
plan
to
simplify
that.
We
just
haven't
gotten
to
that
area.
F
A
B
Things
like
customize
our
helm.
How
do
you,
how
do
you
so
that,
if
someone
was
looking
at
sort
of
establishing
the
full
set
of
kind
of
all
the
infrastructure,
they're
gonna
need
to
run
kubernetes?
Choosing
between
like
some
sort
of
git
repo
versus
harbor
for
helm,
charts?
What
would
be
kind
of
the
the
pros
and
cons
of
choosing
to
just
use
git
as
the
main
repository
versus
harbor
for
the.
A
If
you
are
also
using
images
right,
so
you
want
to
consistent
identity
in
ecosystem,
but
from
for
all
your
client
native
assets,
that's
what
it
becomes
where
you
can
enforce
policy
and
create
pollution
ones
and
apply
it
every
word
where
that's
images
or
or
how
much
other
so
I
think
that's
essentially
where
we
have
that
advantage.
Another.
B
Project
that
seems
to
have
some
some
compliment
and
then
some
overlap
is
grow
fayus,
as
far
as
storing
metadata
about
images
is
that
something
you've
seen
as
potential
like
hook,
integration
for
as
you
do
some
of
the
tasks
through
harbor
that
you
store
some
of
the
metadata
in
cafes.
I
wasn't
familiar
with
that
project.
I'll.
B
A
A
A
E
To
production,
can
you
can
you
add
a
little
color
on
what
the
minimum
viable
resource
would
be?
I
think
maybe
we
talked
about
this
before
the
meeting
before
we
started.
Recording
but
I
know
we
discussed
that.
Maybe
a
raspberry
pie
is
too
small,
but
is
a
new
core.
What
what
is
kind
of
the
smallest
viable
platform,
so
this
is
Jonah.
E
A
E
A
G
A
G
E
A
B
One
thing
I
when
I,
when
I
had
brought
up
harbor
when
we
were
talking
about
this
idea
of
kind
of
on
premise
that
I
actually
ended
up
going
a
slowly
different
direction,
which
was
more
of
a
caching
proxy
that
is
still
liked.
So
I
put
in
a
little
diagram
that
I've
done
in
the
in
the
agenda
notes.
So
basically
the
idea
is
that
okay
Google,
we
actually,
we
do
mirror
docker
hub
in
GCR
and
then
you'd
also
have
an
on-prem
like
harbor
registry,
or
maybe
it's
private.
B
A
Think
that
you
know
hit
the
nail
on
the
head
there
and
things
like
proxy
cache
is,
is
specifically
designed
to
address
the
you
know:
hey
I,
don't
have
connectivity
right
now,
but
they
still
want
to
have
access
to
all
my
images
so
that
I
can.
Basically,
my
business
can
still
go
on
and
I
understand
that
that's
huge
in
the
IOT
community,
because
you
don't
you
don't
have
the
expectation
of
always
full
on
100%
bandwidth,
yeah.
C
A
Not
really,
but
as
we're
looking
to
implement
proxy
cache
capabilities
ourselves
today,
you
can
kind
of
sidewise
do
it.
You
know
with
a
local
instance
of
hardboard
that
kind
of
basically
replicates
everything
locally
to
that,
but
they're
also
looking
to
enable
it
to
proxy
cache
capability,
maybe
not
max
release
for
the
one
after
yeah.
B
And
then
you
know,
basically
you
you
have
to
configure
each
node
in
the
cluster
with
this
kind
of
yet
to
trust
this
man
in
the
middle
proxy
and
that
the
advantage
of
that
is
that
you
don't
have
to
change
any
image
names
in
your
workload,
yamo
right.
So
whether
the
yam
was
referencing,
a
docker
hub
project
or
or
a
harbor
project
or
anything
else,
the
proxy
is
transparent.
So
it
will.
It
will
basically
not
require
any
modification
to
the
actual
application,
workloads,
yeah.
C
A
She
you
are:
we
have
Health
metrics
that
you
can
get
a
matrix
around
the
entire
health
of
purple
itself.
There's
no,
let's
I
think
what
you're
looking
for
is
a
job
kind
of
object
or
basically
I'm
pushing
a
huge
image.
I
want
to
know
the
progress
of
that
that
doesn't
exist,
but
we
will
have
web
hooks.
So
you
get
a
notification
when
your
images,
it's
basically
delivered
you
that,
with
our
1.9.
B
E
B
There
a
if,
if
you
have
a
failure,
mid
replication
does
replication
start
over
or
does
it
try
to
have
like
checkpoints
so
that,
if
you,
if
you
have
a
very
large
replication
task,
keeping
it
keeping
it
progressing
right
if
you've
got
some
sort
of
poison
pill,
type
image
name
that
triggers
above
that
you
could
kind
of
keep
getting
halfway
through
right
and
then
failing?
Is
there
I,
don't
know
if
Cindy,
that's
what
you're
asking
for,
but
like
basically
the
annual
replication
health.
Like?
A
Few
bugs
were
our
replication,
didn't
necessarily
keep
going
so
we're
working
on
on
some
of
those
to
kind
of
address
it
specifically,
the
scenario
said
was
something
fail.
You
know
keep
going
with
the
rest
of
the
images,
so
so
we're
looking
to
address
some
of
those
that
may
have
already
fixed
that,
but
the
general
there
are
there
are
advanced
on
replication
itself.
An
application
itself
has
its
own
event
base
system
for
success.
Failure
instead
of
source.
A
C
Okay,
so
the
the
other
question
earlier
you
mentioned
about
the
the
secret
for
the
doctor
point:
do
you
provide
API
for
a
doctor
client
like
similar
to
the
CSR
you,
you
basically
make
a
request
and
then
pull
down
the
secret,
or
do
you
like
always
go
to
the
UI,
get
in
and
then
store
somewhere
in
that
case,
do
you
renew
it
then
Emma
clay,
or
how
do
you
do
that?
Yes,.
A
So
you
can
generate
a
new
secret
from
the
UI,
both
robot
account
and
secret
robot
account
expire,
but
you
can
always
regenerate
them
and
see
Li
secrets.
You
can
regenerate
it
out
whatever
cadence
your
organization
has
we
don't
have
a
custom
exploration
policy
yet,
and
we
are
looking
to
add
that
as
well
yeah.
B
The
darker
clients
are
added
the
static,
so
the
yes,
so
you
could
I
think
it's
it's
very
complicated,
but
you
could
actually
add
I.
Think
darker
client
now
supports
like
a
off
helper
as
a
as
a
process.
You
could
actually
do
your
full,
oh
I,
see
de
o
off
sign-in
flow
through
Google
with
a
refresh
token
and
then
have
that
be
a
dynamic
darker
client
secret
to
harbor.
So
you
wouldn't
have
to
go
back
to
harbor
UI.
Basically,.
A
A
Was
great
I
don't
know
Paul
you
guys
welcome.
This
is
a
great
discussion.
I
took
a
couple
notes
here
that
I
want
to
go
back
and
address
and
see
who
can
make
some
headway
there
and
that's
given
me
some
valuable
things
to
think
about,
but
thank
you
for
giving
me
opportunity
to
come
in
and
chat
about
harbor.
Yes,.