Skip to main content

Harbor Repository Onboard

Role-Based Access Control (RBAC) is applied to projects, so that only users with the appropriate roles can perform certain operations.

Harbor is a maersk manged repository to pust all the Docker Images for Deploymnets.

This Document explains how to onbaord and maintain a project in Harbor

Below points will give basic understanding of the Harbor

  1. Its a repository to store Images. In simple terme, a conection is required between Harbor repo and the Application repo to push the Images.
  2. All config files will be stored as JSON in Harbor.
  3. An Azure Group and with few inputs, Application can be onboarded to the Harbor.
  4. To Push the Images to Harbor, An user ID and a Token is required. In the Config , A bot will be created and it will create the Token in all the mentioned repositories.
  5. Below are the few inputs required to create a project in Harbor.

group name : An Azure AD Accounts created from Admiral

robots name : User Defined name ( responsible to have write access to the App repos)

github_repo_names : Mention the repos need the Docker Image Push

Take the reference of below JSON to craete a Project in Harbor

{
 "admiral\_product\_code": "customer-master-data-manage",
 "settings": {
 "public": false,
 "metadata": {
 "enable\_content\_trust\_cosign": "false",
 "prevent\_vul": "false",
 "auto\_scan": "true",
 "severity": "critical"
 },
 "cve\_allowlist": {
 "items": \[\]
 }
 },
 "permissions": {
 "users": \[
 {
 "name": "[rahul.singh2@maersk.com](mailto:rahul.singh2@maersk.com)",
 "role": "projectadmin"
 },
 {
 "name": "[karthikeyan.shankar@maersk.com](mailto:karthikeyan.shankar@maersk.com)",
 "role": "projectadmin"
 }
 \],
 "**groups**": \[
 {
 "**name**": "a1ebd605-83cf-49c1-b45b-821f22e18a65",
 "role": "maintainer"
 }
 \]
 },
 "labels": \[
 {
 "name": "cdt",
 "colourcode": "#781DA0",
 "description": "CDT Environment"
 },
 {
 "name": "preprod",
 "colourcode": "#FFDC0B",
 "description": "PreProd Environment"
 },
 {
 "name": "prod",
 "colourcode": "#00AB9A",
 "description": "Production Environment"
 }
 \],
 "webhooks": \[
 \],
 "robots": \[
 {
 "**name**": "smdsbot-ci-read",
 "description": "SMDSbot for CI integration - Read",
 "public\_project\_access": true,
 "expires\_at": -1,
 "permissions": \[
 {
 "access": \[
 {
 "action": "list",
 "resource": "repository"
 },
 {
 "action": "pull",
 "resource": "repository"
 },
 {
 "action": "list",
 "resource": "tag"
 },
 {
 "action": "read",
 "resource": "artifact"
 },
 {
 "action": "list",
 "resource": "artifact"
 },
 {
 "action": "create",
 "resource": "scan"
 }
 \]
 }
 \]
 },
 {
 "name": "smdsbot-ci-write",
 "description": "SMDSbot for CI integration - Write",
 "**github\_repo\_names**": \["cmd-portal-ui","smds-cmd-access-control-service","smds-cmd-be-code-service","smds-cmd-bulk-upload-service","smds-cmd-cbu-service","smds-cmd-communication-api","smds-cmd-concern-search-service","smds-cmd-consume-concern-service","smds-cmd-consume-contact-service","smds-cmd-consume-customer-service","smds-cmd-consume-facility-service","smds-cmd-external-service","smds-cmd-history-api","smds-cmd-ingest-concern-service","smds-cmd-ingest-contact-service","smds-cmd-ingest-customer-service","smds-cmd-ingest-facility-service","smds-cmd-legacy-support-service","smds-cmd-persist-contact-hybrid-service","smds-cmd-persist-customer-hybrid-service","smds-cmd-produce-concern-service","smds-cmd-produce-contact-service","smds-cmd-produce-customer-service","smds-cmd-produce-facility-service","smds-cmd-referencedata-service","smds-cmd-scheduler-service","smds-cmd-search-contact-service","smds-cmd-search-customer-service","smds-cmd-search-facility-service","smds-cmd-tamr-consumer","smds-cmd-validation-service","smds-cmd-workflow-service","gda-smds-docs"\],
 "expires\_at": -1,
 "permissions": \[
 {
 "access": \[
 {
 "action": "list",
 "resource": "repository"
 },
 {
 "action": "push",
 "resource": "repository"
 },
 {
 "action": "pull",
 "resource": "repository"
 },
 {
 "action": "delete",
 "resource": "repository"
 },
 {
 "action": "read",
 "resource": "artifact"
 },
 {
 "action": "list",
 "resource": "artifact"
 },
 {
 "action": "delete",
 "resource": "artifact"
 },
 {
 "action": "create",
 "resource": "artifact-label"
 },
 {
 "action": "delete",
 "resource": "artifact-label"
 },
 {
 "action": "create",
 "resource": "tag"
 },
 {
 "action": "delete",
 "resource": "tag"
 },
 {
 "action": "list",
 "resource": "tag"
 },
 {
 "action": "create",
 "resource": "scan"
 },
 {
 "action": "stop",
 "resource": "scan"
 }
 \]
 }
 \]
 }
 \],
 "policies": {}
}

Reference JSON’s:

https://github.com/Maersk-Global/Maersk-Harbor/blob/main/environments/prod/projects/smds-cmd-proxy.json

https://github.com/Maersk-Global/Maersk-Harbor/blob/main/environments/prod/projects/smds-opsmdm.json

https://github.com/Maersk-Global/Maersk-Harbor/blob/main/environments/prod/projects/smds-vendor.json

Harbor Image Folders

https://harbor.maersk.io/harbor/projects/17682/repositories

https://harbor.maersk.io/harbor/projects/16305/repositories

https://harbor.maersk.io/harbor/projects/12226/repositories

Was this page helpful?