Harbor is a self-hosted, enterprise-grade container registry platform designed to store, sign, and scan container images and cloud-native artifacts. It provides a centralized repository that integrates directly with Kubernetes environments to manage the full lifecycle of software artifacts, from initial storage to production deployment.
The platform distinguishes itself through a focus on security, governance, and multi-site availability. It features a pluggable vulnerability scanning framework that allows for the integration of various security engines, alongside content trust mechanisms that enforce digital signatures to ensure image authenticity. To support distributed infrastructure, it includes a cross-instance replication controller that synchronizes artifacts across geographic locations, ensuring high availability and disaster recovery.
Harbor manages access and organization through project-based workspaces, where granular role-based access control is enforced for users and groups. It integrates with external identity providers using standardized protocols like OIDC to streamline authentication. The system also provides comprehensive administrative capabilities, including audit logging, storage quota enforcement, and automated garbage collection to maintain registry health and performance.
The platform is built on a modular, microservices-based architecture that supports pluggable storage backends, allowing for flexibility across different cloud and local storage environments. It is designed for deployment within Kubernetes clusters, utilizing administrative APIs to facilitate programmatic management and integration with external CI/CD pipelines.
