Harbor 2.2.0 was just released and comes with some very interesting features.
This post walks you through the newly added features and changes explaining the capabilities. Since the last release of v2.1.0 in September 2020, eleven contributors made 41 changes and resolved 189 issues.
Robot accounts got a complete revamp, now supporting robot accounts on system level.
- System-level robot accounts can access to multiple projects.
- Robot accounts gained 6 more permissions, permitting now robot accounts to delete resources and manage tags and trigger vulnerability scans.
- Selective API access for robot accounts. Additions permissions can be assigned to robot accounts via the API.
- The robot account name prefix is now optional. No $ sign is now confusing the shell.
Metrics & Observability
Harbor will now expose performance and system information indicators to provide better observability.
- OIDC Admin Group, allows specifying a special privileged admin group for OIDC auth, achieving parity with LDAP auth.
- Added support for Aqua CSP Enterprise Vurnability Scanner
- Migrate GC/Scan all/Tag Retention and Replication to task manager/scheduler.
- Enhance the proxy cache to support Google Container Registry(GCR), Elastic Container Registry(ECR), Azure Container Registry(Azure), Quay.io.
- Refine project manage & robot API to support both project ID & Name as indicator.
- Deprecate built-in Clair. Users still have the option to install Clair in out-of-tree fashion by pairing with Harbor through its interrogation services framework.
- The ChartMuseum is scheduled to be deprecated in a future v2.4.0 release.
- API: The
/systeminfo API now displays less information when the request is triggered by an unauthenticated user. For details, please refer to the following issue comment:
- Scan Report: After upgrading to v2.2, all scan reports in the previous version will be been deleted because of changes in the vulnerability database scheme. You need to re-scan the artifacts to get the reports.
Full list of issues fixed in v2.2.0
In 2021, the Harbor team will focus on:
- Hardening the Harbor Operator
- Harbor Lite for Edge
A lightweight registry serving workloads at the edge
- Increase involvement in Notary v2 upstream for better image provenance capabilities
- Increase involvement in Docker Distribution upstream
- Strengthening ecosystem partnerships
- Integrations with image scanner vendors like Twistlock and Qualys
- Improving performance and scalability
- Deploy onto IPv6-based k8s clusters
- Releasing an ARM64-based Harbor
2020 was a big year for Harbor, chock full of highlights, including the CNCF graduation.
- 1st OSS registry to fully support OCI specs
- 18 OSS releases in 2020
- 1st registry to support ML on k8s artifacts such as Kubeflow data models
- Proxy Cache capability producing significant savings by attenuating Dockerhub’s rate limiting
- Harbor Operator delivering HA and superior Day 2 management capabilities
- Commercial products based on Harbor - VMware Tanzu Network Registry, OVH Cloud Registry, SUSE CaaS Registry, Tencent Enterprise Registry, Rancher Registry, Container-Registry.com & more
- Adopters running Harbor in production - JD.com, Tencent, Bytedance, Huawei, China Unicom, China Mobile, Intel, Dish Network, Salesforce, Agoda, TrendMicro & many more
We are planning to upgrade our registry stack in the next days to version 2.2.0.