Back to Blog
team@tinypod.app

Self-Hosting Harbor: Container Image Registry

Harbor is an enterprise-grade container registry. Store, scan, and sign Docker images with role-based access and vulnerability scanning.

harborcontainersregistrydevops

What Is Harbor?


Harbor is a CNCF-graduated container image registry. It extends Docker Distribution with security, identity, and management features.


Features


Registry

  • Docker and OCI image storage
  • Helm chart repository
  • Multi-architecture support
  • Image tagging and labeling
  • Garbage collection

    • Security

  • Vulnerability scanning (Trivy)
  • Image signing (Cosign/Notary)
  • Policy enforcement (block vulnerable images)
  • CVE exception lists

    • Access Control

  • RBAC (role-based access control)
  • LDAP/OIDC authentication
  • Project-level isolation
  • Robot accounts for CI/CD

    • Replication

  • Replicate images between registries
  • Pull-based and push-based
  • Scheduled replication
  • Filter by tag, label

    • Other

  • Audit logging
  • Quotas per project
  • Webhook notifications
  • API (full functionality)

    • Harbor vs Docker Registry vs GHCR


  • Harbor: Most features, enterprise-grade, self-hosted
  • Docker Registry: Simplest, no UI, basic
  • GHCR: GitHub-integrated, SaaS

    • Deployment


    1. Deploy Harbor on TinyPod

    2. Create projects

    3. Push images

    4. Configure scanning policies


    Resources: 2 CPU, 2 GB RAM.


    Harbor is the best self-hosted container registry for teams that need vulnerability scanning and access control.