Image Management#
The Harbor web interface can be accessed at the following URL : https://hub.k8s.ucar.edu/. A link is also present under the Resources tab at the top of this documentation. Credentials will be your CIT sso username and password. There is no need to specify a domain.
Note
Image pulling and pushing uses Docker via the command line. If Docker is not installed on your machine you can find information on how to install it here.
Harbor Login with Docker#
If the project that the image belongs to is private, you need to login to Harbor before you can pull the image. If an image is in a public project, you do not need to be logged in to pull that image.
Note
If your CIT login does not work you most likely do not have permission to access. Please submit a request for Harbor access here.
The command line syntax to use Docker for logging in to Harbor is as follows:
docker login https://hub.k8s.ucar.edu/
You will be prompted for a Username and Password. Use your CIT username and password, no domain needs to be specified. You should get a message that your login was successful. Now you are able to pull images from private projects and push images directly to Harbor.
Pull an image from Harbor#
An image is pulled from Harbor using the docker pull
command and specifying to pull it from the Harbor url. An example of what this command looks like is as follows:
docker image pull hub.k8s.ucar.edu/cislcloudpilot/cisl-cloud-base:v1-stable
Push an image to Harbor#
Note
Before you can push an image to Harbor, a corresponding project must be created in the Harbor interface. The default page on login is Projects and there is a button above the list of existing projects to create a new project. In order to push to an existing project you must be a member of that project with a Role of Developer, Maintainer, or Project Admin. If you need assistance creating projects or with permissions please open a ticket via the link here.
Note
This assumes you have an image built locally that you want to push to Harbor. Information on how to create container images locally can be found in this documentation here
In order to push the built image to Harbor we first have to tag the image we want to push with our Harbor project information. Once the image is tagged it can be pushed to Harbor. An example of how to do this can be seen below:
docker tag cislcloudpilot/cisl-cloud-base:v1-stable hub.k8s.ucar.edu/cislcloudpilot/cisl-cloud-base:v1-stable
docker push hub.k8s.ucar.edu/cislcloudpilot/cisl-cloud-base:v1-stable
The exact syntax used in each of these commands as it relates to Harbor Projects and Repositories can be see in the code block below:
docker tag SOURCE_IMAGE[:TAG] hub.k8s.ucar.edu/PROJECT/REPOSITORY[:TAG]
docker push hub.k8s.ucar.edu/PROJECT/REPOSITORY[:TAG]
Your image should now be in the Harbor project, ncote in the example. Harbor contains a vulnerability scanner that will scan your images for any known vulnerabilities and provide a lot of relevant information on what it finds. More information on how to use the scanner can be found at this link
If your project is public it can be pulled by anyone on the network. This is a great way to share your work with others in a reproducible fashion.