Date   

Re: How to handle certificates for remote registry correctly #security

daojunz
 

See Harbor faq:

https://github.com/goharbor/harbor/wiki/Harbor-FAQs

 

you could add a ca cert:

 

  1. How to add a CA cert for the LDAP server or other Harbor server?

[A] After installed the Harbor, there is a directory under common/config/shared/trust-certificates Copy the LDAP certificate, for example, ldap_ca.crt to this directory and restart the Harbor, The certificate is added to the trust store of the core container, and then you could enable “Verify Cert” in the LDAP configuration.

 

 

Best regards,

Stone (张道军)

Software Engineer, CNA, VMware R&D

 

-- 

 

 

From: <harbor-users@...> on behalf of "Dany via lists.cncf.io" <daniel.peigne=nokia.com@...>
Reply-To: "harbor-users@..." <harbor-users@...>
Date: Friday, November 19, 2021 at 12:00 AM
To: "harbor-users@..." <harbor-users@...>
Subject: Re: [harbor-users] How to handle certificates for remote registry correctly #security

 

Hi,
I have posted a similar post but  not exactly the same question.

My understanding is that whe you create a registry end point , the harbor tries to check the remote certifacte so in your case the docker registry
The help online states that the verify remote cert flag should be unchecked  when remote registry is using a self signed cert, so it might be normal that the connection test is failing.

In my case, i wanted to know if need to configure the harbor with the CA cert of remote registry and how ;
cna you elaborate on what you did  on your habor host


Re: How to handle certificates for remote registry correctly #security

Dany
 

Hi,
I have posted a similar post but  not exactly the same question.

My understanding is that whe you create a registry end point , the harbor tries to check the remote certifacte so in your case the docker registry
The help online states that the verify remote cert flag should be unchecked  when remote registry is using a self signed cert, so it might be normal that the connection test is failing.

In my case, i wanted to know if need to configure the harbor with the CA cert of remote registry and how ;
cna you elaborate on what you did  on your habor host


What configuration needs to be done to verify remote registry certificate #security

Dany
 

Hi ,

on an Harbor, i will call "Local Harbor" in below text ,  I am creating a remote registry EndPoint i will call remote Harbor and i check in the flag "Verify remote Cert",  (see below picture), as a result, test connection failed, The same connection test is working without verifying remote cert,
I know that this might be due to remote registry configured with a self signed cert

But my question is : 
Do i need to configure something in my local harbor , for instance do i need the CA cert used to isue the remote Harbor server certificate  in order the local harbor  be able to verify remote server certificate.
if yes, can you point me to the procedure






Brs
Dany


Welcome Vadim Bauer as new member of the Maintainer team

Orlin Vasilev
 

Hello Community,

Wanna share something great today: Vadim Bauer from https://container-registry.com/ is now part of the maintainers team. Vadim's passion and dedication to Harbor were the main drivers in his nomination!
 
Vadim is Software Engineer, SaaS Builder, Cloud Native, and DevOps advocate & practitioner. Founder of container-registry and partner at 56k.cloud. Thriving OSS Contributor, located in Switzerland! 

Vadim has contributed in:
General:
 - Answer questions and helping users adopt Harbor in the Slack Community and on GitHub issues and discussion.
 - Translation of the german language

Helm Chart:
 - Improving Harbor Helm Chart PR (1073, 767)
Core
 - Contributing to Harbor Core by providing PRs (14329, 14901,14905, 14906, 15210, 15211)
 - Verifying and reproducing issues reported by users
 - Improved the replications functionality with GitLab
 - Use of robot accounts for replication
 - Improved replication by providing different replication options.

Welcome once again Vadim!



Orlix
Harbor Community Manager


Re: is deduplication of artifacts applied across projects?

Yan Wang
 

The shared blob will not increse the total storage usage, the increase is just because there is an new manifest that generated after copy.

 

-Yan

 

From: harbor-users@... <harbor-users@...> on behalf of Dany via lists.cncf.io <daniel.peigne=nokia.com@...>
Date: Monday, November 8, 2021 at 16:46
To: harbor-users@... <harbor-users@...>
Subject: [harbor-users] is deduplication of artifacts applied across projects?

Hi,
I would like  to know when an image is stored in 2 differents projects whether the layers of image are duplicated on disk.

When i copy image, harbor UI increases the metric "Storage used"
BRs
Daniel


is deduplication of artifacts applied across projects?

Dany
 

Hi,
I would like  to know when an image is stored in 2 differents projects whether the layers of image are duplicated on disk.

When i copy image, harbor UI increases the metric "Storage used"
BRs
Daniel


Re: Replication rule using tag filtering

Dany
 

Thanks for suggestion
I did it see  https://github.com/goharbor/harbor/issues/15957
I posted a new proposal because i assume this is not a bug with regards to the implementation .

Have a nice WE


Re: Replication rule using tag filtering

Orlin Vasilev
 

Hi Daniel, 

you can also ask in slack as well https://cloud-native.slack.com/archives/CC1E09J6S in the Cloud Native space under the channel #harbor.

Orlix



On Thu, Nov 4, 2021 at 6:14 PM <daniel.peigne@...> wrote:
Hi,
I am new comer in CNCF and harbor users group. Let me know if this is not  the right channel to address this topic.

When i set up a Replication rule  and provison the Tag field of Source resource filter, the replication rule is workling properly but  ONLY the tag matching the filter criteria is replicated.

I was expecting that the Source resource filter is used to scope the list of artifact to be replicated  but when an artifact is matching the filter criteria, ALL its tags are replicated.

How can i get this behavior ?  how to submit a new feature request ?

BRs
Daniel


Re: Replication rule using tag filtering

Dany
 

Hi Normal,
Thanks for your proposal, No , i am not,
Daniel


Re: Replication rule using tag filtering

Norman Henderson
 

Daniel, are you at the Linux Foundation member summit today?
if so happy to meet in person and help.





-------- Original message --------
From: daniel.peigne@...
Date: 11/4/21 12:14 PM (GMT-05:00)
To: harbor-users@...
Subject: [harbor-users] Replication rule using tag filtering

Hi,
I am new comer in CNCF and harbor users group. Let me know if this is not  the right channel to address this topic.

When i set up a Replication rule  and provison the Tag field of Source resource filter, the replication rule is workling properly but  ONLY the tag matching the filter criteria is replicated.

I was expecting that the Source resource filter is used to scope the list of artifact to be replicated  but when an artifact is matching the filter criteria, ALL its tags are replicated.

How can i get this behavior ?  how to submit a new feature request ?

BRs
Daniel


Replication rule using tag filtering

Dany
 

Hi,
I am new comer in CNCF and harbor users group. Let me know if this is not  the right channel to address this topic.

When i set up a Replication rule  and provison the Tag field of Source resource filter, the replication rule is workling properly but  ONLY the tag matching the filter criteria is replicated.

I was expecting that the Source resource filter is used to scope the list of artifact to be replicated  but when an artifact is matching the filter criteria, ALL its tags are replicated.

How can i get this behavior ?  how to submit a new feature request ?

BRs
Daniel


Harbor 2.4 Release is out!

Orlin Vasilev
 

Hello Harbor Community!

We are pleased to inform you that we just released Harbor 2.4.
Please read the full blog here: 


You can find the release info here https://github.com/goharbor/harbor/releases/tag/v2.4.0
Downloadables and full information!

Collaborate with the Harbor Community

Get updates on Twitter: @project_harbor
Chat with us on Slack: #harbor and #harbor-dev on the CNCF Slack
Collaborate with us on GitHub
Attend the community meetings

Orlin Vasilev
Harbor Community Manager
Github: @OrlinVasilev

Twitter: OrlinVasilev


New member of the maintainers team - Tianon Gravi

Orlin Vasilev
 

Hi folks,

So happy to inform you that Tianon Gravi has joined the maintainers team!

Tianon Gravi joined the InfoSiftr/Devgistics team in 2010 as a founding member.  He became a maintainer on the Docker Open Source project in 2013, helped create the Docker Official Images program in 2014, joined in the creation of the Open Container Initiative in 2015 as a member of the Technical Developer Community, and officially joined the Debian Project in 2015 as a Debian Developer.  Much of his time both personally and professionally is spent contributing to and maintaining free and open source projects.

Please join me to welcome him into the family!

Orlix


cancelling 10.6.2021 community meeting #cal-cancelled

Alex Xu
 

Hey everyone,

We're cancelling the Harbor community meeting on 10.6 since the team is away on holiday break.  If you have anything urgent to discuss, please reach out here or in slack.  Thanks!


harbor operator v1.1.1 released!

Steven Zou
 

Greeting, everyone

 

We’re so pleased to announce the Harbor operator v1.1.1 is released! In this patch release, we fix several critical bugs and also provide better support for openshift platform. For learning more details of this release, you can check the changelog of v1.1.1.Any feedback is welcomed and we’ll continue to make harbor operator better and more stable.

 

 

By operator workgroup/goharbor

 

 

thanks&regards

-- 

邹佳

Steven Zou (he/him/his)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 


Harbor operator v1.1.0 is released!

Steven Zou
 

Hi all,

 

We’re so pleased to announce the harbor operator v1.1.0 is released! Notable features include:

 

- Support deploying Harbor v2.3
- Support Kubernetes version 1.21
- Upgrade ingress version to v1
- Refine CRD definitions to provide consistent database, storage, and cache configuration spec (introduce new CRD version v1beta1)
- Support applying day2 configuration with CRD-based declaration way
- Support exposing Harbor services with the load balancer
- Expose additional configuration options for S3 storage
- Logging in a consistent format
- Extend supporting versions of underlying operators (PostgreSQL, Redis, and Minio)

 

 

Any feedback is welcomed! Learn more details, please check the operator v1.1.0 release page.

 

 

thanks&regards

-- 

邹佳

Steven Zou (he/him/his)

 

Engineer, MAP(Modern Application Platform), VMware R&D | Harbor Maintainer

 

Mail: szou@...

GitHub: github.com/steven-zou

Cell: +8618600021252

Addr: 9F Tower C, Raycom Info Tech Park, No. 2 Kexueyuan South Road Haidian District, Beijing 100738 China

 

 


Harbor v2.3 has GA'ed !! 🎉🎉🎉

Alex Xu
 

Hi everyone, 

We’re pleased to announce the general availability of Harbor v2.3

New Features

  • Declarative Config
    Enhanced the current configuration by adding environment variables to overwrite the Harbor configuration including auth, backing store, system permissions and more. This enables full audit capabilities and prevent config drift. This addresses #8076

  • IPv6
    Support running Harbor in Kubernetes with harbor-helm on IPv6-only infrastructure. (Tested on Kubernetes version 1.21.0 and Calico version 3.18.1 )

  • Photon Upgrade
    Upgraded all Harbor base images from Photon 2.0 to 4.0.

    • Postgresql upgrade to v13.3.
    • Redis upgrade to v6.0.13.
  • Additional Features

    • Performance enhancement for concurrent requests.
    • Observability Metrics Improvement: Support Jobservice metrics.
    • Swagger API Improvement: The APIs of project scanners & webhooks support both project id and name in their path.
    • Replication enhancement to support destination namespace flattening.
    • Moved the legacy APIs to new programming model.
    • Harbor is now built using Golang v1.15.12 as of this release.
    • Bumped up Trivy to version 0.17 which adds support for Java JAR/WAR/EAR archives and Go binaries scanning.

Upgrade Considerations

  • During upgrades, Harbor will remove the old Postgresql data and migrate it to new destination to compatible new version Postgresql.
    Please back up your data before upgrading to v2.3.0.

Deprecations

  • The ChartMuseum is scheduled to be deprecated in a future v2.4.0 release. Helm charts will need to be managed in Harbor through the OCI image registry alongside your container images

Breaking Changes

  • The API to GET artifact under public project such as GET /v2/$public_project/$repo/manifests/$tag, will receive a 401 if the request does not carry "Authorization" header, more details see:
    #14711
    #14768

Resolved Issues

Contributors

  • Will Sun
  • He Weiwei
  • Wang Yan
  • Wenkai Yin(尹文开)
  • Daniel Jiang
  • stonezdj(Daojun Zhang)
  • Qian Deng
  • danfengliu
  • Ziming
  • ChenYu Zhang
  • Steven Zou
  • Alexis
  • rao yunkun
  • Moshe Immerman
  • Daniel Pacak
  • Abigail McCarthy
  • Akiros001
  • Vadim Bauer
  • 疯魔慕薇
  • Eike David Lenz


Cancelled Event: Harbor Office Hours - 2nd Wednesday #cal-cancelled

harbor-users@lists.cncf.io Calendar <noreply@...>
 

Cancelled: Harbor Office Hours - 2nd Wednesday

This event has been cancelled.

When:
Wednesday, 11 November 2020
1:00pm to 2:00pm
(UTC-05:00) America/New York
Repeats: Monthly on the second Wednesday

Where:
https://zoom.us/j/98160556477?pwd=ZzhUa3VteFJQK2VXbWJxMHRQY0JmUT09

Description:

Restarting these for the new year!

Come join us for the Harbor Office Hours every 2nd and 4th Wednesday at 1pm ET / 10am PT.

The Harbor Office Hours is a place where you can ask questions like "how does Harbor work?", "how do I do this in Harbor?", and "how do I get started contributing to Harbor?"

Meeting notes and agenda: https://hackmd.io/qjTVtIOnTU6vbEH32RIE0w

CNCF Harbor is inviting you to a scheduled Zoom meeting.

Join Zoom Meeting

https://zoom.us/j/98160556477?pwd=ZzhUa3VteFJQK2VXbWJxMHRQY0JmUT09

 

Meeting ID: 981 6055 6477

Passcode: 5313661231

One tap mobile

+16465588656,,98160556477# US (New York)

+13017158592,,98160556477# US (Washington D.C)

 

Dial by your location

        +1 646 558 8656 US (New York)

        +1 301 715 8592 US (Washington D.C)

        +1 312 626 6799 US (Chicago)

        +1 669 900 6833 US (San Jose)

        +1 253 215 8782 US (Tacoma)

        +1 346 248 7799 US (Houston)

        877 369 0926 US Toll-free

        855 880 1246 US Toll-free

        +1 778 907 2071 Canada

        +1 204 272 7920 Canada

        +1 438 809 7799 Canada

        +1 587 328 1099 Canada

        +1 647 374 4685 Canada

        +1 647 558 0588 Canada

        855 703 8985 Canada Toll-free

Meeting ID: 981 6055 6477

Find your local number: https://zoom.us/u/adyobhXLwo

 




Harbor Operator v1.1.0 has GA'ed !! 🎉🎉🎉

Alex Xu
 

We’re pleased to announce that the Harbor Operator v1.0.0 is now GA !! This provides a more flexible and resilient way to deploy and manage a full Harbor service including both the Harbor service components and its relevant dependent services such as database, cache, and storage services.

Highlights:
    Provides high customization in deployment stack (identified by HarborCluster CR)
  1.         Minimal stack: provisions core components such as Harbor Core, Registry, Registry Controller, Job Service and Web Portal only
  2.         Standard stack: provisions optional components such Notary, Trivy, ChartMuseum and Metrics Exporter
  3.         Full stack: provisions related dependent services including the database (PostgreSQL), cache (Redis) and storage (MinIO)
    Supports configuring either external or in-cluster deployed dependent services
    Supports a variety of backend storage configurations
  1.         filesystem: A storage driver configured to use a directory tree in a Kubernetes volume.
  2.         s3: A driver storing objects in an Amazon S3 bucket.
  3.         swift: A driver storing objects in Openstack Swift.
    Supports updating the deployed Harbor cluster
    Allows configuring replicas of individual components
    Support in place upgrades
    Deletes all the linked resources when deleting the Harbor cluster
    Configures Harbor system settings with ConfigMap in a declarative way
    Support services exposed with ingress (validated Nginx, GCE, NSX NCP)
:harbor::harbor::harbor::harbor::harbor:


KubeCon - Harbor Office Hours 2 - Wed, 05/05/2021 2:00pm-3:00pm #cal-reminder

harbor-users@lists.cncf.io Calendar <harbor-users@...>
 

Reminder: KubeCon - Harbor Office Hours 2

When: Wednesday, 5 May 2021, 2:00pm to 3:00pm, (GMT+02:00) Europe/Amsterdam

Where:https://community.cncf.io/events/details/cncf-cncf-project-office-hours-presents-harbor-project-office-hours-1400-1500-cest-1/

View Event

Description: If you are attending KubeCon Europe 2021, come chat with the Harbor maintainers during our Office Hours!
We'd love to hear your feedback and questions.

RSVP here: https://community.cncf.io/events/details/cncf-cncf-project-office-hours-presents-harbor-project-office-hours-1400-1500-cest-1/

1 - 20 of 242