Skip to main content

Docker Connector Settings Reference

This topic provides settings and permissions for the Docker connector. You can use this connector to connect to DockerHub, Harbor, Quay, and other Docker V2 compliant container registries, such as GitHub Container Registry.

info
  • Docker registry rate limits: Harness is restricted by the limits of the Docker repo, such as Docker Hub limits for pulling Docker images from Docker repos.
  • Docker Registries in Cloud Platforms: The Docker connector is platform-agnostic and can be used to connect to any Docker container registry. Harness also provides first class support for registries in AWS and GAR through AWS connectors and Google Cloud Platform (GCP) connectors.
  • Docker base image connection rate limits: Customers utilizing Docker as a Base Image Connector will need to consider enabling the Feature Flag CI_ENABLE_BASE_IMAGE_DOCKER_CONNECTOR, to utilize the defined Docker Connector for the Base Image Pull.

Create a Docker connector

  1. In Harness, go to Account Settings, Organization Settings, or Project Settings, depending on the scope at which you want to create the connector.
  2. Select Connectors, select New Connector, and then select the Docker Registry connector.
  3. Configure the Docker connector settings using the guidance provided in the sections below.
  4. Select Save and Continue, wait for the connectivity test to run, and then select Finish.
  5. In the list of connectors, make a note of your Docker connector's ID. When you need to reference this connector, use this ID in your pipeline YAML, such as connectorRef: docker_connector_ID.

Connector metadata settings

  • Name: Enter a name for this connector. Harness creates an ID based on the name.
  • Description: Optional text string.
  • Tags: Optional tags.

Provider type

Select the Docker registry platform: DockerHub, Harbor, Quay or Other.

If you select Other, the registry must be Docker V2 compliant.

Docker Registry URL

The URL of the Docker registry. This is usually the URL used for your docker login credentials.

  • To connect to a public Docker Hub registry, use https://index.docker.io/v2/.
  • To connect to a private Docker Hub registry, use https://index.docker.io/v1/. Learn why.
  • For other Docker registries, provide the relevant URL for your container registry provider. For example:
    • For GitHub Container Registry, provide the GHCR hostname and namespace, such as https://ghcr.io/NAMESPACE. The namespace is the name of a GitHub personal account or organization.
    • For JFrog Artifactory Docker registries, provide your JFrog instance URL, such as https://mycompany.jfrog.io. You can get this URL from the docker-login command on your repo's Set Me Up page.
    • For Sonatype Nexus Docker registries, provide the Nexus instance URL, such as <nexus-hostname>:<repository-port> or <subdomain>.<nexus-hostname>. For more information, see the Sonatype Nexus Docker Authentication documentation.

Harness Artifact Registry (HAR) Configuration

When using the Docker Connector with Harness Artifact Registry (HAR), it's important to configure the registry URL and image names correctly to ensure seamless operation.

  • Correct URL Format: Set the registry URL to https://pkg.harness.io/. Avoid including the registry name in the URL to prevent validation errors.
  • Fully Qualified Image Name: Provide the fully qualified image name within the step configuration, such as pkg.qa.harness.io/<account-id>/harness/<registry-name>.
  • Deprecated Source Type: If using a deprecated source type, such as "image" in YAML configurations, ensure the configuration is updated to the current standard to avoid potential issues. For example, if you previously used sourceType: image, update it to the current standard like sourceType: container.
policy enforcement and authentication

SBOM (Software Bill of Materials) Policy Enforcement: Ensure the registry URL is correctly configured to avoid hard-coded URL issues.

SLSA (Supply-chain Levels for Software Artifacts) Verification Authentication: Double-check the authentication settings if encountering errors.


Authentication

You can authenticate anonymously or by username and password.

  • Username: Enter the username for your Docker registry account.
  • Password: Provide a Harness encrypted text secret containing the password or token corresponding with the Username.
    • For Docker Hub and GHCR, use a personal access token with Read, Write, Delete permissions.
    • For JFrog Docker registries, provide a password.
Docker registry permissions

Make sure the connected user account has read permission for all repositories as well as access and permissions to pull images and list images and tags.

For more information, go to the Docker documentation on Docker Permissions.

Select connectivity mode

You can connect through a Harness Delegate or the Harness Platform. If you plan to use this connector with Harness Cloud build infrastructure, you must select Connect through Harness Platform.

tip

The Secure Connect option is for Secure Connect with Harness Cloud.

Limitation

The Docker connector currently does not support OpenID Connect (OIDC) for authentication, limiting integration with OIDC-compliant identity providers