VMware Harbor Registry

VMware Harbor Registry is an enterprise-class registry server that stores and distributes container images. Harbor allows you to store and manage images for use with Tanzu Kubernetes Grid Integrated Edition.

Note: This documentation supports the Harbor v1.9.x and 1.10.x releases.


Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity, and management. As an enterprise private registry, Harbor offers enhanced performance and security. Deploying a registry alongside the Tanzu Kubernetes Grid Integrated Edition environment improves image management efficiency.

Key Features

Harbor includes the following key features:

  • Replicate projects: Harbor supports images replication to replicate repositories from one Harbor instance to another.
  • Manage role by LDAP group: Harbor administrators can import an LDAP/AD group to Harbor and assign project roles to it.
  • Manage Labels: Harbor provides labels to isolate image resources globally or at the project level.
  • Manage Helm Charts: Harbor provides management of Helm charts isolated by projects and controlled by RBAC.
  • Integrated UAA Authentication: Harbor can share UAA authentication with VMware Tanzu Application Service for VMs (TAS for VMs) and Tanzu Kubernetes Grid Integrated Edition.
  • Role-Based Access Control: Users and repositories are organized into projects. Users can have different permissions for the images in different projects.
  • Policy-Based Image Replication: Images can be synchronized between multiple registry instances with auto-retry on errors, offering support for load balancing, high availability, multi-datacenter, hybrid, and multi-cloud scenarios.
  • Vulnerability Scanning: Harbor uses Clair to scan images regularly and warn users of vulnerabilities.
  • LDAP/Active Directory (AD) Support: Harbor integrates with enterprise LDAP/AD systems for user authentication and management.
  • Image Deletion and Garbage Collection: Images can be deleted and their space can be recycled.
  • Notary: Image authenticity can be ensured by using Docker Notary.
  • Graphical User Portal: Users can easily browse, search repositories, and manage projects.
  • Auditing: All the operations to the repositories are tracked.
  • RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems.

Version and Compatibility

The following table provides version and compatibility information for the latest release of VMware Harbor Registry.

Element Details
Tile version(s) v1.10.2
Release date April 23, 2020
Software component version(s) v1.10.2
Compatible Ops Manager versions v2.5.x, v2.6.x, v2.7.x and v2.8.x (refer to the Tanzu Kubernetes Grid Integrated Edition release notes for specific matching versions)
Compatible Tanzu Kubernetes Grid Integrated Edition versions v1.5.x, v1.6.x, v1.7.x
Compatible TAS for VMs versions v2.5.x, v2.6.x, v2.7.x and v2.8.x
BOSH stemcell version Ubuntu Xenial
IaaS support vSphere, AWS, GCP, Azure
IPsec support? No


There are no special requirements for deploying VMware Harbor Registry.


  • You can configure the authentication source only once. You cannot change between UAA, LDAP, or local authentication after the initial deployment.
  • Email addresses must be unique. Two users cannot have the same email address.
  • Use the Google Chrome browser for the best results. There are known issues with some Firefox browser versions in this release.


If you have a feature request, questions, or information about a bug send an email to Harbor.


Harbor is available under the following VMware EULA.