Harbor cheatsheet
Docker login, tag, push, pull
docker login harbor.example.com
docker tag myapp:1.0 harbor.example.com/myproject/myapp:1.0
docker push harbor.example.com/myproject/myapp:1.0
docker pull harbor.example.com/myproject/myapp:1.0
Robot account (CI)
# UI: Project → Robot Accounts → create (push/pull scope)
docker login harbor.example.com -u 'robot$myproject+ci' -p TOKEN
docker push harbor.example.com/myproject/myapp:${GIT_SHA}
Helm OCI push
helm registry login harbor.example.com
helm package ./mychart
helm push mychart-0.1.0.tgz oci://harbor.example.com/myproject
Harbor API (curl)
# Health
curl -sk https://harbor.example.com/api/v2.0/health
# List projects (basic auth)
curl -sk -u admin:PASSWORD https://harbor.example.com/api/v2.0/projects
# Repository artifacts
curl -sk -u admin:PASSWORD \
https://harbor.example.com/api/v2.0/projects/myproject/repositories
Compose / service checks
| Command | Description |
|---|---|
cd harbor && docker compose ps | Harbor stack status |
./install.sh --with-trivy | Install with scanner (installer) |
docker compose logs core | Core API logs |
docker compose logs registry | Registry (distribution) logs |
Kubernetes imagePullSecrets
kubectl create secret docker-registry harbor-reg \
--docker-server=harbor.example.com \
--docker-username=robot$proj+pull \
--docker-password=TOKEN
# In pod spec: imagePullSecrets: [{ name: harbor-reg }]
Admin tasks (UI or API)
| Task | Where |
|---|---|
| Garbage collection | Administration → Clean up → GC |
| Replication | Administration → Replications |
| Scan all | Interrogation Services → scan on push |
| Retention policy | Project → Policy → Tag retention |
Pro tips
- Full image path includes project —
registry/project/repo:tag - 401 on push → login expired, wrong robot scope, or not a project member
- Disk not shrinking after deletes → run garbage collection
- Pin tags in K8s — avoid silent
latestdrift - TLS issues → trust Harbor CA or use
/etc/docker/certs.d/HOSTNAME/
Practice scenarios
Hands-on Harbor scenarios on live Linux VMs: harbor