Harbor integration overview

Harbor is an integrated capability in DevOps Loop that provides an OCI-compliant container registry, vulnerability scanning, image signing, and image management capabilities.

DevOps Loop and Harbor are installed together in one installation process. You must set HARBOR_ENABLED=true parameter in the DevOps Loop installation configuration.

Harbor capabilities

Harbor provides the following capabilities when it is integrated with DevOps Loop:

  • Container image storage and distribution
  • Role-based access control
  • Vulnerability scanning through Trivy
  • OpenID Connect (OIDC) authentication through Keycloak
  • Image replication and lifecycle management
  • Image bootstrapping support

Architecture

Harbor uses the following services and infrastructure components when it is integrated with DevOps Loop:

  • Keycloak for authentication and supplies group claims
  • PostgreSQL for metadata storage
  • Valkey for caching
  • S3-compatible object storage for image artifacts
  • Kubernetes persistent storage for Harbor services

Authentication

Harbor uses the same Keycloak realm and single sign-on session as DevOps Loop. You can authenticate through the configured identity provider and can access Harbor without maintaining separate credentials.