Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / SUSE Private Registry Documentation / Introduction

1 Introduction

 

1.1 What is SUSE Private Registry?

 

SUSE Private Registry (Private Registry) is an on-premises container registry. Private Registry is designed for SUSE customers who need a container registry that works well with other SUSE services and products.

1.2 What are SUSE Private Registry benefits?

 

Private Registry is based on the Harbor project and includes all its core features as well as added benefits. For example:

  • On-premises container registry. Private Registry is a locally hosted container registry with access to online SUSE registry services.

  • Security. Private Registry offers security considerations for containerized environments. It includes authentication, authorization and vulnerability scanning.

  • Deployment flexibility. You can install Private Registry on a Kubernetes environment such as SUSE Rancher Prime: RKE2. You can also deploy Private Registry with High Availability setup.

  • User management. Private Registry provides authentication and authorization mechanism with role-based access control (RBAC).

  • User interface. Besides a command-line interface, you can administer Private Registry via Web user interface.

1.3 How does SUSE Private Registry work?

 

Private Registry is delivered as Open Container Initiative (OCI) containers and is expected to be deployed on a Kubernetes cluster. Private Registry consists of the following containers:

  • harbor-core: the main component of the Harbor registry, responsible for handling core functionalities such as managing projects, repositories and user interactions.

  • harbor-db: the database container that stores all metadata related to images, users and configurations for the Harbor registry.

  • harbor-jobservice: a service that manages background jobs, such as image replication and scheduled tasks, ensuring efficient processing of operations within the registry.

  • harbor-nginx: the reverse proxy and load balancer that routes incoming requests to the appropriate Harbor services, providing a single entry point for users.

  • harbor-portal: the Web-based user interface that allows users to interact with the Harbor registry, manage images, and configure settings through a graphical interface.

  • harbor-registry: the container that serves as the actual image storage back-end, handling the storage and retrieval of container images.

  • harbor-registryctl: a command-line tool for managing the Harbor registry, allowing users to perform administrative tasks and configurations directly from the terminal.

  • harbor-trivy-adapter: a container that integrates the Trivy vulnerability scanner with Harbor, enabling automated security scanning of container images for vulnerabilities.

  • harbor-exporter: the container that exports Harbor metrics in a format that can be collected by Prometheus for monitoring and observability.

  • harbor-valkey: an in-memory key-value store.

After deployment, you can log in via Web user interface. After successful authentication and authorization, you can configure multiple aspects of the product, for example:

  • Configure global settings, such as setting the registry to read-only mode or restricting who can create projects.

  • Select an authentication method.

  • Add users when in database authentication mode and assign the system administrator role to other users.

  • Apply resource quotas to projects.

  • Set up the replication of images between Private Registry instances.

1.4 For more information

 

Refer to the following sources to obtain more details: