Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Harbor 1.8 Includes OIDC Integration and Replication Enhancements

Harbor 1.8 Includes OIDC Integration and Replication Enhancements

This item in japanese

The latest version of Harbor, 1.8, was recently released. Harbor is a Cloud Native Computing Foundation (CNCF) project that provides a self-hosted, cloud-native registry for storing, signing, and scanning container images. This release includes an OpenID Connect integration, the addition of robot accounts, and improvements to the replication features, among other improvements.

Harbor provides an alternative registry for cases where a public or cloud-based registry isn't an option. As it is self-hosted, it is also an option for providing a consistent experience for a multi-cloud strategy. Harbor was accepted as a CNCF incubating project back in 2018.

Harbor architecture (credit: CNCF


With version 1.8, Harbor now supports OpenID Connect. Administrators can now use an OIDC provider as the authentication model for users. Users can then leverage their single sign-on credentials to access the Harbor portal. Since some tools, such as Docker client, are incapable of logging in via SSO when a redirection to an external IDP is required, Harbor now includes CLI secrets. CLI secrets provide end users with a token to access Harbor via Docker or Helm clients. This functionality is only available when Harbor's authentication mode is configured to OIDC based.

After logging in via OIDC SSO, you can obtain the CLI secret from the user profile.

Harbor CLI Secret UI (credit: Harbor)


With that secret, you can login via the Docker/Helm CLI using the Harbor user name and the CLI secret as the password:

docker login -u testuser -p xxxxxx

As Harbor is often integrated with CI/CD tooling that cannot handle SSO, this release includes robot accounts. Robot accounts allow Harbor to be integrated and used by automated systems. These accounts can be configured to provide administrators with a token that grants permission for pulling and pushing images from the repository.

This release extends the Harbor-to-Harbor replication feature to add support to replicate resources between Harbor and Docker Hub, Docker Registry, and the Huawei Cloud using both push and pull replication. As claimed on the Harbor blog, "The built-in registries [of the public clouds] don't offer the many capabilities and features of Harbor, specifically the static analysis of images." With this feature, Harbor can act as a central repository for all images. Replication can be done to other registries as required, having them act as pure content repositories. This allows for Harbor to be used for vulnerability scanning and compliance enforcement.

Additional features shipping with this release include:

  • A health check API that provides a detailed status and health for all components
  • The Docker Registry version that Harbor extends has been updated to 2.7.1
  • Administrators can now use cron strings to define job schedules for scan, garbage collection, and replication jobs
  • End users can now trigger Harbor API via the Swagger UI included within Harbor's UI

More details on the features that were released are available on the Harbor blog or in the user guide on GitHub. Harbor is actively looking for expanding their community and is looking for people to get involved in coding, testing, and general feedback. Interested individuals can join the #harbor Slack channel on the CNCF Slack. Harbor is open source and releases are available on their GitHub page.

Rate this Article