Docker Connector Settings Reference
This topic provides settings and permissions for the Docker connector. You can use this connector to connect to DockerHub, Harbor, Quay, and other Docker V2 compliant container registries, such as GitHub Container Registry.
- Docker registry rate limits: Harness is restricted by the limits of the Docker repo, such as Docker Hub limits for pulling Docker images from Docker repos.
- Docker Registries in Cloud Platforms: The Docker connector is platform-agnostic and can be used to connect to any Docker container registry. Harness also provides first class support for registries in AWS and GAR through AWS connectors and Google Cloud Platform (GCP) connectors.
- Docker base image connection rate limits: Customers utilizing Docker as a Base Image Connector will need to consider enabling the Feature Flag
CI_ENABLE_BASE_IMAGE_DOCKER_CONNECTOR
, to utilize the defined Docker Connector for the Base Image Pull.
Create a Docker connector
- Visual editor
- YAML editor
- In Harness, go to Account Settings, Organization Settings, or Project Settings, depending on the scope at which you want to create the connector.
- Select Connectors, select New Connector, and then select the Docker Registry connector.
- Configure the Docker connector settings using the guidance provided in the sections below.
- Select Save and Continue, wait for the connectivity test to run, and then select Finish.
- In the list of connectors, make a note of your Docker connector's ID. When you need to reference this connector, use this ID in your pipeline YAML, such as
connectorRef: docker_connector_ID
.
You can create Docker connectors in the YAML editor. For example:
connector:
name: My Docker Connector
identifier: mydockerconnector
description: ""
orgIdentifier: default
projectIdentifier: default
type: DockerRegistry
spec:
dockerRegistryUrl: https://docker.dev.harness.io/v2/
providerType: DockerHub
auth:
type: Anonymous
executeOnDelegate: true
Connector metadata settings
- Name: Enter a name for this connector. Harness creates an ID based on the name.
- Description: Optional text string.
- Tags: Optional tags.
Provider type
Select the Docker registry platform: DockerHub, Harbor, Quay or Other.
If you select Other, the registry must be Docker V2 compliant.
Docker Registry URL
The URL of the Docker registry. This is usually the URL used for your docker login credentials.
- To connect to a public Docker Hub registry, use
https://index.docker.io/v2/
. - To connect to a private Docker Hub registry, use
https://index.docker.io/v1/
. Learn why. - For other Docker registries, provide the relevant URL for your container registry provider. For example:
- For GitHub Container Registry, provide the GHCR hostname and namespace, such as
https://ghcr.io/NAMESPACE
. The namespace is the name of a GitHub personal account or organization. - For JFrog Artifactory Docker registries, provide your JFrog instance URL, such as
https://mycompany.jfrog.io
. You can get this URL from thedocker-login
command on your repo's Set Me Up page. - For Sonatype Nexus Docker registries, provide the Nexus instance URL, such as
<nexus-hostname>:<repository-port>
or<subdomain>.<nexus-hostname>
. For more information, see the Sonatype Nexus Docker Authentication documentation.
- For GitHub Container Registry, provide the GHCR hostname and namespace, such as
Authentication
You can authenticate anonymously or by username and password.
- Username and password
- Anonymous
- Username: Enter the username for your Docker registry account.
- Password: Provide a Harness encrypted text secret containing the password or token corresponding with the Username.
- For Docker Hub and GHCR, use a personal access token with Read, Write, Delete permissions.
- For JFrog Docker registries, provide a password.
Make sure the connected user account has read permission for all repositories as well as access and permissions to pull images and list images and tags.
For more information, go to the Docker documentation on Docker Permissions.
Select Anonymous to pull images from public Docker registries with anonymous access. This option can encounter issues with limits, such as Docker Hub rate limiting.
If you use anonymous access with a Kubernetes deployment, make sure imagePullSecrets
is removed from the container specification. This is standard Kubernetes behavior and not related to Harness specifically.
Select connectivity mode
You can connect through a Harness Delegate or the Harness Platform. If you plan to use this connector with Harness Cloud build infrastructure, you must select Connect through Harness Platform.
The Secure Connect option is for Secure Connect with Harness Cloud.
The Docker connector currently does not support OpenID Connect (OIDC) for authentication, limiting integration with OIDC-compliant identity providers