The official production registry is hosted by gitlab.cern.ch.
This page documents an experimental registry fully OCI compliant, available at registry.cern.ch
The official Harbor documentation can be found here.
A proxy cache is available to hub.docker.com, which should offer a lower latency and higher bandwidth option for workloads running inside CERN. To use it, prefix the image with registry.cern.ch/docker.io, so:
docker pull myrepo/myimage:mytag becomes
A special case are the default images, where you need to prefix with library, so:
docker pull ubuntu:20.04 becomes
docker pull registry.cern.ch/docker.io/library/ubuntu:20.04
Project Access Control With e-groups (under testing)
To allow a group access to the project go to
<project> -> Members -> +Group and specify the e-group name and associated Harbor role.
As of today there is no validation of e-group names, make sure the value given is correct.
⚠ WARNING: Please be aware that only e-groups that do not have visibility set to 'admin only' can be used.
By default newly created repositories have a limited quota of 5GB. If you need more space please open a Service Desk ticket.