Versions Compared

Old Version 7

changes.mady.by.user Francesco Murdaca

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Murdaca

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

EWC Container Registry has an IP allowlist ranges enabled for all operations. Currently for users it is possible only to push and pull from EWC machines.

Table of Contents

Project

A project in Harbor contains all repositories of an application. Images cannot be pushed to Harbor before a project is created. Role-Based Access Control (RBAC) is applied to projects, so that only users with the appropriate roles can perform certain operations.

Info

Every tenancy gets by default one private project! Only users who are members of the project can see the private project.

Login 

There are two ways to login to the container registry to pull/push images:

  • CLI Secret → use for short lived docker work and manual docker login
  • Robot Account → use for longer lived work or in scripts to automate pull/push

CLI secret

Warning

Dashboard is currently accessible only through EWC.

...

  1. Go to User Profile
  2. Take the CLI Secret and use it after running podman login or docker login, as shown in the section below Container Registry Login.

Robot account 

Every user with admin credentials can create a robot account to run operations that can be automated (push/pull) in their tenancy projects. Robot Accounts cannot log in to the Container Registry interface. 

  1. Go to your Project → Use tab Robot Accounts → Click on + New Robot Account 
  2. Fill in Name and expiration time (days or never)
  3. Give permissions to your robot account
  4. Once you saved remember to store your secret somewhere, because you are not going to be able to retrieve it after


How to use Harbor

Pre-requisite

Using a container registry requires installation of a container platform:

Containerize your application

Example from EWC Batch Processing service in Part 1: Containerize your project: https://gitlab.eumetsat.int/EWC/ewc-examples/-/tree/main/htcondor-container-job#part-1-containerize-your-project

Container registry login

You can login into your project on EWC container registry using your login credentials (CLI secret or robot account) and the following commands:

...

Code Block
docker login https://harbor-pilot.eumetsat.europeanweather.cloud

Push to your project

After login, using the following command you can push an image to the registry to the repository you want. The command will automatically create the repository. This step assumes that you already built your image and you have it locally (see example here: https://gitlab.eumetsat.int/EWC/ewc-examples/-/tree/main/htcondor-container-job#build-the-container)

...

Code Block
[murdaca@fm-dev htcondor-container-job]# docker image ls
REPOSITORY                     TAG                 IMAGE ID       CREATED          SIZE
test-conda-env                 latest              29fe72839e1e   49 seconds ago   1.1GB

Container registry logout

  • using podman

Code Block
podman logout https://harbor-pilot.eumetsat.europeanweather.cloud

...

Code Block
docker logout https:/harbor-pilot.eumetsat.europeanweather.cloud
 


How to use Harbor in HTCondor Batch Processing

EWC Batch processing can pull images also from private registry from https://harbor-pilot.eumetsat.europeanweather.cloud, you don’t have to push your images to a public cloud if you can’t!

...