Container Registry improvements
Problem to solve
Our container registry, based on Docker's Distribution, is fairly barebones.
https://goharbor.io/ has several improvements over Distribution. From https://github.com/goharbor/harbor/blob/master/README.md:
- Cloud native registry: With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.
- Role based access control: Users and repositories are organized via 'projects' and a user can have different permission for images under a project.
- Policy based image replication: Images can be replicated (synchronized) between multiple registry instances based on policies with multiple filters (repository, tag and label). Harbor will auto-retry to replicate if it encounters any errors. Great for load balancing, high availability, multi-datacenter, hybrid and multi-cloud scenarios.
- Vulnerability Scanning: Harbor scans images regularly and warns users of vulnerabilities.
- LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor and assigning proper project roles to them.
- Image deletion & garbage collection: Images can be deleted and their space can be recycled.
- Notary: Image authenticity can be ensured.
- Graphical user portal: User can easily browse, search repositories and manage projects.
- Auditing: All the operations to the repositories are tracked. RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems.
- Easy deployment: Provide both an online and offline installer.
Not all of these are necessary within GitLab, but some might be valuable.
What does success look like, and how can we measure that?
(If no way to measure success, link to an issue that will implement a way to measure this)