►
Description
As organizations put containerized applications into production, they quickly discover a fundamental truth: they need a secure way to store, scan, and sign their container images.
Harbor is an open source cloud native registry that provides trust, compliance, performance, and interoperability. As a private on-premises registry, Harbor fills a gap for organizations that cannot use a public or cloud-based registry or want a consistent experience across clouds.
In this webinar, Harbor product lead James Zabala from VMware will walk through how Harbor works, why it’s depended on by organizations such as Caicloud, and how you can get started with it.”
A
Hello,
everyone
and
welcome
to
today's
webinar,
we're
very
excited
to
have
you
all
here.
This
is
a
webinar
series
where
we
are
introducing
and
explaining
some
of
the
interesting
open-source
projects
at
the
stem
from
VMware,
and
the
topic
of
today
is
project
Harbor.
So
our
speaker
today
is
Harbor
product
lead,
James,
abala,
and
he
knows
the
projects
to
thoroughly
inside
and
out.
So
if
you
have
any
questions
regarding
the
project
throughout
the
webinar,
please
make
sure
to
add
them
to
the
Q&A
box.
We.
B
Good
morning,
everyone
happy
to
be
here
happy
to
share
some
thoughts
on
harbor
and
go
through
this
presentation.
As
Jenna
said,
please
feel
free
to
send
questions
and
we'll
do
our
best
to
answer
them
as
quickly
as
possible.
So
before
we
get
too
deep
into
this,
I
was
hoping
that
I
could
kind
of
get
an
understanding
for
the
level
of
familiarity
with
the
cloud
native
ecosystem,
and/or
containers
from
the
audience.
B
B
Great
thanks
looks
like
there's
a
few
folks
who
are
kind
of
getting
their
feet
wet
in
the
cloud
native
ecosystem.
So
I'll
spend
a
little
bit
of
time
here
as
I
begin
talking
about
project
Harbor
about
containers.
This
is
kind
of
getting
a
super
high-level
overview.
If
you
are
an
expert
in
and
containers,
please
go
brew
yourself.
A
nice
latte
and
I'll
be
done
in
just
a
few
minutes
here,
but
I
do
want
to
make
sure
everybody
is
comfortable
with
the
topic.
B
So
again,
my
name
is
James
product
lead
here
for
hardware
I
work
on
all
the
open
source
projects
that
the
cloud
native
team
inside
of
VMware
is
is
contributing
to
and
working
on,
a
pretty
exciting
area
containers.
Obviously,
there's
a
lot
of
hype
around
it
harbors
it's
this
project,
that's
been
around
for
a
few
years,
and
it's
gained
quite
a
bit
of
momentum
and
and
and
mind
share.
So
I
wanted
to
sort
of
spread
the
word
here
a
little
bit
and
talk
about
why
we
built
it
and
what
it
is
so
at
its
core.
B
B
You
know,
build
the
container
using
docker
on
your
laptop
and
throw
it
up
to
to
their
service
the
same
thing
you
can
do
with
harbor
you
can
you
can
store
container
images
and
sort
of
the
security
pillars,
come
around
signing
and
standing
content
and
we'll
double
click
on
both
of
those
topics
and
throughout
the
presentation.
But
we
really
focus
on
on
having
a
trusted
flash
secure
cloud
native
registry,
and
that's
that's
what
harbor
is
all
about.
It
is
core,
so
quick
talk
about
the
agenda.
B
Well,
will
do
container
101
for
for
the
folks
that
are
kind
of
getting
their
feet.
Wet
I'll,
talk
about
harbor
and
go
into
detail
and
and
three
four
and
five
and
a
little
bit
of
six.
Six
is
a
very
high-level
topic
that
on
time
too
much
into,
but
these
are
all
sort
of
subtopics
about
what
harbor
harbor
is
all
about.
B
I'm,
also
going
to
give
a
case,
study
discussion,
so
I'll
talk
about
kodkod,
which
is
a
Chinese
company
that
leverages
harbor
as
it's
really
a
core
pillar
of
its
offering
I'll
discuss
a
roadmap
which
perhaps
will
take
some
of
you
back
simply
because
roadmaps
are
generally
not
publicly
discussed
at
VMware,
but
this
is
a
completely
100%,
transparent,
open
source
project.
Some
freitas
sort
of
share
this
with
the
old
and
finally
I'll
give
a
live
demo,
which
I'm
sure
is
what
most
of
you
are
trying
to
see.
B
I'm
a
big
fan
of
live
demos,
hoping
that
the
wind
is
blowing
in
my
direction
today
and
everything
goes
smoothly.
So
let's
do
a
quick
containers
101
here
everybody
sort
of
describes
containers
in
the
toy.
If
you
have
12
people,
what
a
container
is
you'll,
probably
get
six
or
eight
different
answers.
If
you
put
on
a
developer,
how
do
you
can
kind
of
break
this
down
and
really
understand
what
a
container
is
all
about?
Why
we
use
containers?
Why
they're
so
popular
right?
B
So,
let's
say
you're
writing
a
Python
application,
as
you
do
so
you
need
does
in
different
libraries.
You
bang
this
out
on
your
computer
on
your
laptop
everything's
working
great
and
now
you
want
to
go
and
run
a
month.
I,
don't
know
what
dozen
different
servers
the
issue
here
is
that
you
need
to
go
and
touch
every
single
server
and
make
sure
that
a
lot
of
areas
that
are
being
leveraged
by
your
application
exist
on
those
servers
are
installed,
is
running
the
right
version
and
so
on
and
so
forth,
right
and
so
a
container.
B
The
way
that
I
define
it,
at
least
coming
from
a
developer
background,
is
that
it's
sort
of
a
hermetically
sealed
tar
ball.
That
has
everything
that
you
need
to
be
able
to
run
your
application
identically
on
your
laptop
and
on
the
server
halfway
across
the
world.
Okay,
so
that's
really
what
it
is!
It's
just
the
tar
ball
literally,
it's
a
tar
ball
to
have
everything
that
you
need
to
run
a
container
identically
wherever
you
run
it
all
right.
B
So
in
this
particular
picture
you
know
we're
looking
at
sort
of
a
docker
model
here,
they're
a
couple
of
other
container
runtimes,
the
docker
being
the
most
popular
one.
Images
at
the
top
is
what
you
have
when
you
sort
of
save
a
container.
That's
been
running
and
you've
been
working
all
right
and
the
image
she
can
take
and
you
can
throw
it
on
registry
like
harbor
or
talk
to
hub.
You
can
export
it
into
a
tarball
again
save
it
loaded.
B
You
can
tag
these
images
as
I'll
show
you
in
the
live
demo,
and
then
you
can
run
them
so
that
they're
actually
containers
very
similar
to
the
VM
model.
If
you're,
maybe
with
VMware
I'm
sure
you
are
so
as
we
go
to
the
next
slide
here,
you
know
we
kind
of
look
at
where
a
harbor
sits
in
all
of
this
right.
Let's
say
you
have
a
kubernetes
cluster,
maybe
it's
no
matter
you're,
just
kind
of
doing
this
by
hand
without
any
orchestration
systems,
because
you
have
a
relatively
small
environment.
A
B
Would
send
it
to
the
registry
and
on
the
other
side
on
the
server
or
the
servers,
you
would
go
into
a
docker
pull
and
grab
that
container
from
the
registry.
So
that's
container
101,
that's
sort
of
a
high-level,
that's
sort
of
all.
You
need
to
know
to
kind
of
dive
into
harbor.
It's
a
super
deep
feel
once
once
you
start
diving
in
it's
a
bit
of
a
rabbit
hole,
but
but
it's
a
lot
of
fun-
and
this
is
this-
is
really
where
a
concepts
like
kubernetes
and
so
on
start
to
start
to
unfold.
B
So
I
encourage
you
for
those
of
you
who
voted
as
being
sort
of
new
in
this
area.
Take
a
look.
It's
an
interesting
topic,
so
introduction
to
harbor
again
open
source,
something
we're
very
proud
of
I'll.
Go
through
a
timeline
here
in
the
next
slide,
but
everything
we
do
is
open
right.
Our
roadmap
is
open.
The
epoch
that
we
use
to
track
features
that
are
coming
down.
The
pipe
are
open.
Our
developers
are
on
github.
We
answer
issues
on
there.
B
It's
it's
a
it's
a
pretty
pretty
nice
process
and
sort
of
refreshing
after
working
with
you
know
some
sort
of
closed
source
products
where
you
really
don't
have
any
ideas
of
what
may
be
coming
down
the
pipe
with
with
harbor
it's
it's
very
open
and
we
take
community
feedback
pretty
seriously.
It's
also
integrated
into
a
several
of
our
core
products.
These
four
integrated
containers
also
known
as
Vic
and
PKS,
which
is
our
on-prem
kubernetes
offering.
B
So
it's
a
project
that,
even
though
it's
open
source
and
out
there,
we
as
a
company
use
and
leverage
quite
a
bit.
So
we
put
and
put
a
lot
of
love
and
care
into
the
project
and
I
think
it
shows
in
terms
of
timeline,
Harper
started
back
in
2014
as
sort
of
an
internal
side
project.
The
use
case
was
very
simple
right.
We've
containers
were
kind
of
gaining
some
serious
momentum.
At
this
point
we
have
some
developers
that
needed
to
store
images,
and
there
was
really
no
good
way
to
do.
That.
B
B
So
in
2014,
a
gentleman
by
the
name
of
Henry,
Zhang
who's,
the
chief
architect
and
the
founder
of
harbor,
started
banging
on
this
project
on
the
side
and
two
years
later,
we
open
sourced
it
right
after
after
using
it
for
a
while
and
really
solving
that.
The
use
case
that
we
had
internally
and
once
we
open
source
that
you
know
Henry's
are
a
really
great
evangelist.
He
went
around
and
start
talking
about
harbours
with
with
lots
and
lots
of
organizations
and
companies
out
in
the
asia-pacific
region,
and
it's
gained
quite
a
bit
of
momentum.
B
We
have
a
lot
of
external
contributors,
a
lot
of
stars
in
the
project
and
a
lot
of
open
issues
too,
which
happens
to
all
popular
open
source
projects.
But
this
kind
of
shows
how,
over
the
last
four
years
or
so
the
project
has
evolved
in
terms
of
future
integrations
I
mean
Harbor,
is
a
project
that
lives
in
this
cloud
native
ecosystem.
B
So
there's
you
know,
obviously
we're
looking
at
how
to
integrate
this
tightly
with
kubernetes
using
the
open
service
broker
API,
so
that
developers
can
view
a
sort
of
a
self
administration
or
creating
projects
on
their
own
without
having
anything
in
an
administrator.
Prometheus
is
something
we're
looking
to
integrate
with
and
so
on.
B
I'll
kind
of
talk
about
this
high
level.
I,
don't
want
to
read
the
slide
out
to
all
of
you.
It's
multi-tenant
'add,
alright.
So
that
means
that
there
are
project
users
live
inside
of
projects.
Users
can
belong
to
multiple
projects.
You
can
obviously
have
multiple
projects,
and
this
all
makes
sense
when
I
show
you
the
UI
here
and
the
demo
section.
So
it's
a
pretty
simple
concept.
It's
very
powerful,
though
we
sign
content.
We
validate
content
using
notary
I'll
talk
about
that
in
a
few
slides.
B
We
do
vulnerability,
analysis,
I
would
say
this
is
either
our
first
or
second
most
popular
feature.
This
allows
a
developer
creation
image
today
and
feels
comfortable
that
there
are
no
vulnerabilities
in
the
and
the
image
today
to
feel
confident
that
in
a
week
from
now
with
the
new
vulnerabilities
found,
he
or
she
will
be
made
aware
of
it.
B
Harbour
is
a
couple
of
different
projects
that
we've
sort
of
packaged
together.
We
we've
tested
them
they're
tightly
integrated
and
it
really
appears
as
sort
of
a
1:1
product
at
one
platform,
even
though
under
the
hood
there's
a
couple
of
different
things
going
on
here.
So
the
first
thing
to
look
at
here
is
the
API
routing
layer.
That's
engine
exploits
is
doing
a
reverse
proxy,
pretty
straightforward
on
the
right-hand
side,
you'll
see
the
trusted
content.
B
This
is
Notary
another
cloud
native
computing
foundation,
project
on
the
left-hand
side,
you'll
see
the
image
registry
right
with
a
little
clam
logo,
and
that
is
the
sort
of
the
heart
of
harbor.
This
is
how
we
store
our
images.
There
have
been
efforts
in
the
in
the
cncs
to
standardize
what
a
container
registry
will
do
from
a
protocol
level
perspective
and
so
docker
distribution
version
2,
which
is
that
the
the
registry,
where
the
images
are
actually
stored?
B
Ok
and
then
is
clear:
the
vulnerability
scanning
and
I'll
dive
in
all
of
you
in
a
moment.
So
very
briefly,
from
open
source
perspective.
We
have
lots
of
stars,
it's
obviously
not
the
best
metric
to
measure
an
open
source
projects
popularity,
but
it
you
know
it
could
see
some
general
idea
of
how
many
folks
are
at
least
paying
attention.
We
have
a
number
of
contributors,
a
lot
of
downloads.
We
have
lots
of
forks
users
and
so
on
and
so
forth
and
in
terms
of
publicly
referenceable
users.
B
We
have
quite
a
number
on
the
slide
and
some
more
as
well
that
we
are
working
to
working
with
to
see
if
they
would
be
willing
to
be
referenceable
as
well,
but
a
lot
of
companies
that
are
relying
on
this
and
we'll
be
talking
specifically
about
chi
cloud
in
the
upper
right
hand
corner
shortly,
alright.
So
moving
on
to
consistency
here,
this
is
sort
of
the
important
piece
when
it
comes
to
replication
and
sort
of
what
kind
of
a
butt
is
the
use
case
for
what
we're
trying
to
do
here,
particularly
around
replication.
B
So
here's
the
problem,
you
create
a
container
today,
you're
a
developer,
you
create
a
container
right
and
you
have
the
stock
or
file
that
deterministically
will
go
and
build
a
container
following
a
certain
list
of
steps.
So
the
steps
are
listed
in
the
green
box
right
so
I'm
going
to
use
the
Ubuntu
image
I'm
going
to
run
a
specific
command
to
install
Python
and
then
I'm
going
to
throw
my
apt
jar
right,
a
Java
file,
a
Java
app
in
a
specific
directory
and
that's
all
great
fun
and
dance
right.
A
A
B
A
B
Right
and
you
can
make
it
so
that
registry
a
will
push
in
with
just
a
B
and
then
we'll
do
a
difference.
So,
every
time
there's
a
new
image
on
the
Left
it'll
push
it
to
the
right
and
you're
wondering.
Why
would
I
do
that
and
the
reality
is
that
there's
really
the
staging
pipeline-
and
this
is
not
something
that
we
made
up.
B
This
is
actually
something
that
our
customers
at
several
of
our
major
Hardware
customers
or
uses,
rather
have
have
developed
in-house
all
on
their
own
without
us,
prompting
them
and
levers,
and
they
shared
with
us
later.
So
this
is
a
pretty
common
scenario
here,
where
you
have
a
couple
of
different
registries
used
for
different
reasons.
Perhaps
they
have
different
are
back
in
them
right
one
is
it's
very
loosey-goosey
with
developers.
B
Another
may
be
really
really
stringent
ly
controlled,
because
it's
a
production
registry,
but
you
want
to
make
sure
that
the
images
that
your
CI
pipeline
or
your
developers
push
into
that
dev
registry
are
identical
to
the
ones
that
are
running
in
the
production
registry.
Because
again,
if
I'm,
a
user
and
I
push
something
to
dev,
it
works
great
and
then
I'm
confident
that
things
work
and
I
I
go
and
I
start
making
some
changes
and
docker
on
my
laptop
and
then
I
go,
do
a
push
and
something
has
changed
and
it
lands
on
prod.
A
B
B
The
other
reason
that
we
use
this
replication
to
ensure
consistency
is
that
you
can
do
sort
of
this
global
replication
setup
right
and
that
you
have
registries
and
different
data
centers
different
regions,
that
on
clouds,
let's
say-
and
you
want
to
make
sure
that
the
images
that
your
your
developer
in
C
on
the
East
Coast
is
pushing
what
will
appear
exactly
the
same
way
in
Australia,
for
example.
So
this
is
another
thing
that
we
have
a
couple
of
users:
large
users
of
harbor
leveraging.
B
Let's
dive
in
and
talk
about
security
here
for
a
second
access
control.
Is
it
sort
of
straightforward
right
for
those
of
you
who
run
in
any
sort
of
an
infrastructure?
You
know
once
you
get
past
two
or
three
users,
you
really
need
to
think
about
who
has
access
to
what
and
it's
not
because
you
don't
trust
somebody,
but
you
really
don't
want
an
accidental
push
overriding
an
image
in
a
production
environment.
B
Unless
that
user
is
his
receipt
and
then
we
all
make
mistakes,
but
it's
again
sort
of
sort
of
the
basic
premise
of
our
backhand
and
and
the
concept
of
least
privilege.
So
we
find
LDAP
ad.
We
have
different
levels
of
write
and
read
and
I'll
show
you
those
in
the
end
a
live
demo
here
in
just
a
moment.
This
shows
graphically
exactly
what
I
was
just
talking
about.
We
have
a
project
we
have
guest
developers
and
admins.
Admins
are
folks.
B
B
The
other
security
considerations
number
one
I'll
start
with
the
bottom.
One
is
the
vulnerability
scanning
is
again
one
of
our
top
two
most
popular
features.
This
allows
you
to
just
see
at
a
high
level
in
the
UI
and
I'll
show
you
in
the
demo.
You
know
what
does
this
image
look
like
from
a
vulnerability
perspective
and
I'll
dive
into
the
specifics
of
the
DiBona
Billu
scanning.
B
It's
also
integrated
tightly
with
harbor
and
I
use
in
sign
and
image
and
it'll
show
up
in
the
UI
as
signed
if
you've
done
so,
and
it
allows
you
to
ensure
that
an
image
that's
in
the
registry
has
been
signed
and
not
change
in
any
way
shape
or
form.
So
this
provides
a
pretty
high
level
of
security,
and
this
is
using
excuse
me
Dockers
notary
project,
so
just
not
something
that
we
built
in-house,
but
we've
typed
tightly
integrated
it
into
harbor
specific
to
the
notary
service.
B
The
way
that
this
works
is
a
user
will
do
a
docker
push
on
a
specific
tag
right,
so
they'll
push
an
image
up
to
the
registry
and
then
they'll
find
the
tags
in
manifest
and
scented
notary
again
the
open
source
project
owned
by
the
CNCs
on
the
other
side.
Right
so,
let's
say:
there's
a
server
that
wants
to
pull
this
and
make
sure
I'm.
Sorry,
a
user,
that's
pulling
an
image
from
a
server
and
they
want
to
make
sure
that
the
image
is
signed.
They'll,
do
the
reverse
they'll
get
the
signature
first
and
then
they'll.
B
It
has
really
a
number
of
high
high
urgency
CVEs
that
we
need
to
address,
even
though
it's
been
running
in
production
for
a
few
days,
for
example,
you
can
actually
set
a
threshold
where
my
images
cannot
be
pulled
if
they
meet
a
specific
threshold,
a
specific
a
number
of
high
vulnerabilities,
very
example.
Okay,
we
use
static
analysis.
This
is
actually
clear.
This
is
the
part
that
was
started
by
core
OS.
The
way
that
Clair
works
is
said.
B
A
B
This
is
what
it
looks
like
I'm
going
to
skip
over
this
pretty
quickly,
because
I'll
show
you
in
the
UI,
but
you
have
a
bar
here
that
shows
you
the
vulnerability
output.
You
also
see
that
the
image
has
been
scanned.
When
you
roll
over.
You
can
see
the
number
of
known
vulnerabilities
that
are
identified
with
that
specific
image.
B
B
I'm
not
going
to
talk
too
much
about
high
availability,
just
because
it's
actually
a
pretty
complex
topic
and
there's
a
couple
of
different
ways
to
do
this.
So
our
wiki
talks
about
this
in
detail.
If
you
really
need
to
do
in
a
scenario,
but
it's
something
that
we're
continuing
to
refactor
on
we're
trying
to
make
it
easier
and
easier.
Every
release
gets
a
little
bit
better
when
it
comes
to
high
availability,
certainly
something
that
you
can
do
today.
B
But
if
it's
a
little
bit
manual
or
definitely
some
steps
that
you
need
to
take
on
your
own.
If
you
want
to
do
this
and
again
go
check
out
our
wiki
on
github,
it
talks
about
all
the
different
steps
that
are
needed
and
if
you
have
any
systems,
experiments
I'm,
pretty
sure
you
can
get
it
up
and
running
it
in
somewhat
short
order.
B
So
I'll
talk
very
quickly
about
the
case
study,
so
cry
cloud
is
a
cat,
a
container
as
a
service.
This
is
I
suppose
very
similar
I
leave
from
from
you
know
their
overarching
goal
to
to
VK,
which
is
our
new
kubernetes,
offering
kubernetes
cache
offering,
and
the
reason
that
we're
mentioning
this
is
that
that
they
have
tightly
integrated
harbor,
so
they
have
their
own
UI
and
harbor
is
100%,
API,
driven
it
if
you're
comfortable
with
an
API.
B
This
is
a
tiny
picture
just
because
it's
PowerPoint,
we
have
a
larger
picture
on
our
wiki
and
github,
and
everything
is
a
single
pane
of
glass.
It
looks
like
one
smooth
product
when
a
user
logs
in
while
under
the
hood
they're,
using
both
kubernetes
and
Harbor
and
they
tightly
integrated
it.
So
it's
an
interesting.
It's
an
interesting
case
study
happy
to
discuss
it
a
little
bit
more
offline
with
you.
B
If
you'd
like
ping
me
on
github,
and
it
really
shows
that
harbor
as
a
core
component
is
valuable,
it's
obviously
something
that
we've
done
with
PKS
and
vacant
or
the
organisation
sets
on
the
dead
pocket
as
well.
So,
very
briefly,
I'll
talk
about
the
road
map
and
then
we'll
get
on
to
the
demo.
I'm
not
going
to
read
this
out
to
everybody.
B
As
I
mentioned,
everything
is
public
on
github
we
are
very
open
about
what
it
is
that
we're
trying
to
do
with
a
project
moving
forward.
You
know
today
we
have
we're
going
to
be
releasing
one
six
and
in
the
future,
one
seven
afterwards
and
one
eight
we
release
roughly
every
quarter,
we're
looking
at
doing
all
sorts
of
things
from
image,
processing,
doing
monitoring
again
with
things
like
Prometheus
and
other
platforms
as
well.
B
A
pull
based
replication
so
that
images
that
are
being
commonly
pulled
can
be
can
be
snatched
from
another
harbor
node
to
sort
of
a
local
Harbor.
Node
lifecycle
management
such
as
upgrading
and
world
acts,
is
something
that
we're
always
looking
to
improve
for
1-8
we're
looking
at
scanning
improvement
and
all
sorts
of
different
things
like
potentially
adding
another
multi-tenancy
layer.
Again,
it's
an
open
source
project.
If
you
have,
you
know
coding
skills,
and
this
is
something
that's
interest
to
you,
you
kind
of
like
the
demarcation
between
development
and
infrastructure.
B
A
B
There
is
a
garbage
collection
process
that
happens
in
the
background,
and
this
is
something
that
you
today
have
to
currently
kick
off
in
the
UI
and
we
are
somewhat
close
to
making
it
easier
I'm.
Sorry,
let
me
back
up
it's
it's
something
you
manually
have
to
kick
off
today
using
the
CLI,
and
this
is
something
that
we're
improving.
The
next
release
should
actually
have
this
offline
garbage
collection
mode,
where
the
registry
will,
where
you
don't
have
to
take
down
the
registry
when
you're
doing
a
garbage
collection
and
it'll
be
available
by
the
UI
as
well.
B
A
Great
from
deepak
here
as
well,
so
it's
it
possible
to
have
read
replicas
like
region-based
mirrors.
If
I
understand
the
question
correctly,
where
we
only
want
to
replicate
the
image
the
image
but
avoid
push
operations
in
the
mirrors,
so
we
would
have
a
central
repository
push
out
to
edge
repositories
essentially
and
have
those
edge
repositories
only
be
read-only,
but.
B
A
B
A
very
strict,
our
back
policy,
so
you
could
have
I,
don't
know
a
general
user
that
will
only
pull
ability
and
if
you
wanted
to
push
it
would
have
to
go
through
sort
of
that
central
and
master
harbor
node,
but
as
things
progress.
Perhaps
this
is
something
that
would
not
require
our
back
in
that
we
are
again.
A
B
Yes,
you
can
so
we're
so
right,
I'll
show
you
in
the
UI
here
in
just
a
moment.
You
can
do
that.
The
other
thing
is
that
we
have
label
support
that
was
added
in
1
1
5
and
we
are
going
to
also
allow
replication
based
on
labels
here
shortly.
I
think
that'll
land
in
1
7.
So,
yes,
I'll,
show
you
how
you
can
pick
the
exact
images
and
in
the
UI
here
mama
great.
A
B
Yes,
a
great
question
Alissa,
so
let
me
see
where
I
put
this
on
the
list
here
so
features
in
the
future.
1
7.
It
says
image
proxying,
that's
exactly
what
we
would
do,
and
this
is
particularly
useful
for
organizations
that
have,
for
example,
very
tight,
firewall
rule
where
I
I
suppose
a
security
operations
group
would
allow
harbor
to
do
the
processing
on
their
behalf,
but
they
wouldn't
allow
individual
users
to
do
with
docker
pull
on
on
a
dock
round.
B
So
the
goal
here
for
the
future
version
and
I
encourage
you
to
submit
a
PR,
not
not
you
Alicia,
but
anybody.
The
the
idea
behind
this
feature
is
I
would
do
a
docker
poll.
If
it
doesn't
live
locally
on
my
harbor,
it
would
go
and
pull
that
image
from
a
select
list
of
external
registries
such
as
soccer
hub,
and
it
would
then
cache
it
locally,
and
you
know
more
advanced
features
would
be
the
ability
for
caches
to
be
refreshed
and
so
on
and
so
forth.
B
A
B
Yeah
I
probably
need
a
little
bit
more
information
on
sort
of
the
the
idea
behind
this
I'm
trying
to
think
about
how
to
give
a
concise,
clear
answer
here,
so
it
so
Vic
Harbour.
So
let
me
back
up.
Vic
harbour
has
a
smaller
subset
of
features
and
then
the
open
source
release
and
the
PKS
version
I
kind
of
see
why
you
would
want
to
do
that.
Maybe
to
have
to
take
a
sort
of
an
edge
container
platform.
B
Perhaps
but
there's
no
mechanism
well
I
suppose
he
could
be
replication
between
the
PKS
harbor
and
the
big
harbor,
but
I
don't
know
that
I
can
answer
that
without
perhaps
a
little
bit
more
detail.
So
maybe
Jeff
you
can
you
can
ping
on
on
github
and
I'm
very
happy
to
sort
of
understand
the
use
case
and
chat
with
you
through
the
process.
A
B
B
B
Guess
that's
the
only
thing
that
I
can
think
of
in
terms
of
kind
James.
Please
feel
free
to
clarify
while
I
answer
here,
but
if
that's
the
case
and
no
today,
but
we
can
do
well.
Actually,
that's
not
true.
We
could
do
it
today,
but
it's
sort
of
a
multi-step
process
in
that
you
would
put
different
kinds
of
containers
into
different
projects
and
then
users
will
be
granted
access
to
those
projects
based
using
our
back.
A
B
B
A
A
B
Me
just
give
a
sort
of
a
cursory
walkthrough
here
on
on
harbor,
so
search
Harbor,
obviously
that
you
and
you
can
search
for
images.
In
this
case
we
have
English
and
Chinese,
or
primarily
the
ones
that
are
maintained.
The
most
of
our
development
team
is
in
China.
This
is
our
user.
You
can
note,
you
know,
obviously
modify
the
users
profile
is
necessary.
You
can
change
passwords
and
so
on
right,
so
sort
of
the
basic
stuff
on
the
bar.
B
We
have
our
information
here
about
the
number
of
projects
and
repos
and
how
much
stores
we're
using
here
note
that
storage
and
harbor
is
is
really
one
of
two
two
things:
it's
either
local
storage
to
the
the
node.
That's
actually
running
the
bits,
or
you
can
also
backup
you
can
have
a
sort
of
a
back-end
storage
using
s3
compatible.
So
you
know
T,
css3
and
whatever
Ash's
equivalent
is
here
as
well.
Okay,
so
you
can
create
a
new
project.
B
Again,
we
can
sort
of
to
the
question
about
selecting
putting
our
back
around
specific
types
of
them.
You
just
certainly
we
can
come
here
and
say
you
know
a
new
project
call
it
CentOS
images,
for
example,
and
we
can
make
it
public
if
you
want
in
this
case
it
doesn't
really
matter,
and
then
we
can
go
and
start
putting
images
here.
B
So
for
those
of
you
who
have
obviously
use
docker,
you
would
you
would
tag
a
specific
image
and
it
tells
you
exactly
how
to
put
this
image
where,
where
you
want
it
right,
you
would
you
would
tag
it
and
then
you
would
do
a
push,
and
it
would
show
up
on
this
list
here
now
that
we're
inside
of
a
project
you
can
actually
specify
our
members
right.
So
I
can
create
a
new
member
here.
I
don't
have
any
other
users.
B
I'll
show
you
how
to
do
that
in
just
a
moment,
but
you
can
say:
hey
I
only
want
user
test
to
have
guest
access
as
an
example
and
I'll
show
you
how
to
add
users
in
a
moment.
Replication
is
again
one
of
our
more
popular
features
and
I'll
dive
into
that
in
just
a
moment
here
on
the
sidebar
labels,
but
we
can
create
labels
as
well.
Logs
everything
that
happens
in
the
system
has
an
audit
log.
B
So
if
you
push
an
image
or
you
pull
an
image,
you're
going
to
see
who's
doing
that
when
they
did
it
and
what
the
result
was
okay.
So
in
this
particular
case
we
have
create
and
then
configurations
specific
to
this
project.
You
can
make
it
public.
You
can
enable
the
content,
trust,
which
is
notary,
which
signing
images.
You
can
prevent
images,
vulnerable
images
from
running
here
and,
let's
say
anything
that
has
a
medium
vulnerability.
B
Don't
let
it
get
pulled.
If
somebody
does
a
dock
or
pull
it
a
little
sail
and
then
finally,
you
can
scan
the
images
every
time
you
push
them
right
logs.
This
is
system-wide
logs.
You
can
see
here
that
I
do
a
bunch
of
images
here
at
a
week
or
two
ago,
when
I
was
setting
up
this
demo,
environment
and
there's
you
know,
lots
and
lots
of
images
that
I
put
here
so
that
you
can
see
is
logged
in
as
an
admin
right.
I
have
a
repository
name.
I
have
a
tag
and
I
did
a
push.
B
B
B
Go
back
to
user
I'm,
not
just
leaving
with
dangling
just
just
bear
with
me
a
moment
here
registry.
So,
for
example,
let's
say
I
want
to
go
here:
I
have
a
bunch
of
projects,
I'll
pick
one
that
has
I,
don't
know.
I
just
just
gave
right
because
I
don't
want
to
this.
Is
space
images
have
I,
don't
fifty
thousand
images
in
it?
Let's
say
I
want
to
replicate
dead
from
Harbor
one
to
harbor.
Alright,.
A
B
B
Let's
test
my
connection:
okay,
alright,
now
I'm
gonna
go
to
replication
here
and
create
a
new
rule.
I
call
this
a
replication,
but
ok,
the
dead
project
do
here
the
project
that
my
source
project
is
called
dead.
You
saw
that
it
actually
have
completed
it
for
me
here
when
I
typed,
a
few
letters,
torture,
image
filter.
This
is
actually
what
me
she
was
asking
about.
B
It
is
pushing
it
so
you
can
see
the
question
it
just
let's
give
it
a
second
here
there
we
go
perfect,
so
you
see
how
replication
works,
and
this
is
sort
of
a
bare
minimum.
Obviously
you
can
get
very
creative
here
with
replicating
images.
You've
got
a
slide
with
this
or
the
global
replication,
so
this
is
definitely
a
feature
that
our
users
are
leveraging
in
pretty
creative
ways.
So
I'll
go
back
to
the
users,
haven't
forgotten
in
the
meantime,
you
can
do
several
off
mode
again.
You
can
do
LDAP
here.
B
If
you
have
an
Active,
Directory
and
open
a
lecture
or
whatever,
maybe
project
creation
is
really
a.
This
is
up
to
you
and
your
organization.
Some
organizations
make
it.
You
know
wide
open
willy-nilly,
and
anybody
can
create
a
project
so
I'm
only
a
lot
of
the
admin
of
great
projects
and
delegate
permissions
that
way.
B
Software
distraction
is
pretty
nifty.
If
you're
done
with
this,
when
you're
done
with
this,
you
can
go
to
with
this
up
whether
or
not
you
can
have
a
demo.
Dot
go
Harvard
I/o,
and
this
is
set
up
so
that
you
can
log
in
here
and
play
to
your
heart's
content.
So,
in
addition
to
the
log
demo,
you
get
a
lot
of
demo
environment
I
encourage
you
to
use
it
just
sign
in
it
allows
the
self
registration
and
you
can
start
pushing
images
email.
So
you
can
get
alerts
by
email
system.
B
Settings
is
pretty
much
for
logging.
You
out
labels.
This
is
again
something
that
we're
we
added
in
one
five
I
were
continuing
to
actually
change
around
this
concept,
so
you
can
create
labels
here
and
let's
call
it
webinar.
We
can
select
the
color
I'm.
Sorry,
the
colors
don't
work.
This
is
a
small
bug.
B
Cool
now,
I
can
add
these
labels
to
to
my
to
my
images,
so
I'll
go
here,
real,
quick
just
to
show
you,
the
member
I'm,
going
to
add
a
new
member
here.
I
just
created
be
test
user,
I
believe
in
ones
and
I'll
make
him
a
guest
and
let's
log
out
here
and
test-
and
you
can
see
that
my
view
is
limited
to
only
that
and
then
obviously
the
library
we
just
public.
This
is
created
by
default
in
a
hardware
installation.
So
dev
is
what
I
just
gave
this
particular
user
access
to.
B
Okay-
and
the
final
thing
I'll
show
here,
is
the
actually.
This
one's
got
a
lot
of
images.
Let's
go
to
old,
imageries,
okay,
so
here
we
go
we're
in
old
images
Alpine.
This
is
probably
see
an
Alpine
image.
The
this
is
the
latest
tag.
If
you
roll
over
it.
First
of
all,
the
image
is
not
signed
right,
I,
just
grabbed
these
off
of
docker
hub,
wrote
a
script
and
then
pushed
all
these
different
images
into
into
this
box
to
feed
them
or
to
feed
the
box.
Rather,
this
particular
image
is
not
our
tagged
tag
name.
B
It
does
not
have
a
loner
ability,
so
this
is
great.
You
pull
it
and
see
if
I
can
find
one
that
has
going
my
answer.
Okay,
so
one
three,
this
is
ancient.
This
is
a
really
old
image.
I'm
guessing
it's
back
from
2014-2015.
You
can
see,
there's
quite
a
number
of
vulnerabilities
here.
It
says
31
high
13,
medium
flat
low
and
we
scanned
it
down
the
16th.
So
you
can
go
in
here
and
in
loop.
Looks
like
a
my
larger
font.
B
So
that's
sort
of
a
quick
walk
through
in
the
UI
again
go
to
demo
harbor
io.
You
can
sign
up
for
an
account
here.
The
boxers
wiped
every
two
days
that
you
can.
You
can
push
as
many
images
as
you
want
and
don't
be
worried
about
filling
up.
Our
drive
will
clean
it
up
in
a
few
days
automatically,
but
I
think
that's
a
pretty
pretty
good
walk
through
theater
on.
Why
do
we
have
any
new
questions?
Jonas.
A
B
A
great
question
there's
two
ways
to
do
this.
Well,
there's
a
couple
ways:
if
you
have
bought
PKS,
it's
a
tile
just
like
everything
else,
that's
related
at
pivotal.
It
makes
it
really
easy
to
install
and
you
you
sort
of
fill
out
a
small
wizard
where
you
give
it
an
IP
and
so
on
and
it'll
do
its
thing.
We.
B
Ova
for
harbor
and
sort
of
the
the
most
manual
way,
which
gives
you
the
most
flexibility
by
the
way
it
lets
you,
you
know,
get
down
to
the
nitty
gritty
and
put
the
images
on
a
specific
file
system
or
whatever
it
may
be.
That
is
done
using
docker
compose,
which
is
really
really
simple.
It's
like
a
three
step
process.
You
download
the
tarball,
you
extract
it.
A
B
Yeah,
that's,
that's!
All
I
had
I'm
happy
to
stick
around,
for
you
know
a
couple
minutes
here.
If
there
are
any
new
questions
again,
you
can
reach
out
to
me
anytime.
Github
is
party
this
way,
I'm
in
the
harbor
project.
Quite
a
bit.
It's
not
just
driving,
that's
okay
away
and
we
will
post
the
slides
and
I
encourage
you
to
try
the
demo
dot
go
harbor
IOH.
So
it's
something
relatively
new.
We
just
we
just
put
up
a
couple
weeks
ago
and
makes
it
easy
to
try
out
the
project
before
investing
time
and
deploying
it.
A
Awesome
well,
I
think
that
that
wraps
up
the
webinar
and
I
want
to
thank
you
so
much
James
for
for
presenting
today,
it's
been
a
really
interesting
topic
and
I
want
to
thank
everyone.
Who's
been
participating
as
an
attendee
here,
the
questions
have
been
have
been
great.
Thank
you
so
much
for
attending
and
hope
to
see
you
all
soon
at
another.
Webinar
like
this
have
a
great
day.
Everyone.
Thank
you.