Connect to Harness Container Image Registry Using Docker Connector
By default, at CIE Pipeline runtime, Harness pulls certain images from public Docker Hub repos. These images are only used for backend processes. At runtime, the Harness Delegate makes an outbound connection to the public repo and pulls the images.
The Harness Container Image Registry is dedicated exclusively to Harness-supported images. You might want to override the default behavior and download your build images from this repo instead. To view the list of images in this registry, enter the following command.
curl -X GET https://app.harness.io/registry/_catalog
You can override the default behavior at the Account level and the Stage level:
- Account-level override: If you do not want the Harness Delegate to pull images from a public repo for security reasons, you can add a special Harness Connector to your Harness account, and the Delegate will pull these images from the Harness Container Image Registry only.
- Stage-level override: You can configure a Build Stage to override the default Delegate and use a dedicated Connector that downloads build images from the Harness Container Image Registry. This is useful when the Delegate cannot access the public repo (for example, if the build infrastructure is running in a private cloud).
Since you and the Harness Delegate are already connected to Harness securely, there are no additional connections to worry about.
This topic explains how to set up the Docker Connector to connect to the Harness Container Image Registry.
Before You Begin
Review: Allowlist app.harness.io
Since you and the Harness Delegate are already connected to Harness securely, app.harness.io should already be allowlisted and there are no additional connections to worry about.
In the case that app.harness.io is not allowlisted, please allowlist it before proceeding.
Step 1: Create a Docker Connector in Harness
- In Account Settings, Account Resources, click Connectors.
- Click New Connector, and under Artifact Repositories click Docker Registry. The Docker Registry Connector settings appear.
- In Name, enter a name for this connector.
Harness automatically generates the corresponding ID (entity identifier).
If you want to override the Account-level Connector, modify the ID and set it to
harnessImage. You must use the Id
Harness gives precedence to the Connector with the
harnessImageidentifier, and uses it to pull from the Harness Container Image Registry, as opposed to pulling from DockerHub directly.
- Click Continue.
Step 2: Enter Credentials
Select or enter the following options:
Docker Registry URL
Select Other (Docker V2 compliant)
Select Anonymous (no credentials required)
Step 3: Set Up Delegates
Harness uses Docker Registry Connectors at Pipeline runtime to pull images and perform operations. You can select Any Available Harness Delegate and Harness will select the best Delegate at runtime. For a description of how Harness picks Delegates, see Delegates Overview.
You can use Delegate Tags to select one or more Delegates. For details on Delegate Tags, see Select Delegates with Tags.
If you need to install a Delegate, see Delegate Installation Overview.
Click Save and Continue.
Step 4: Verify Test Connection
Harness tests the credentials you provided using the Delegates you selected.
If the credentials fail, you'll see an error. Click Edit Credentials to modify your credentials.
Step 5: Override the Connector in the Build Stage (Optional)
This step is only applicable when you want to override the default Delegate and download build images using the Connector you just created.
In the Build Stage, go to the Infrastructure tab and specify your build-image Connector in the Override Image Connector field. The Delegate will use this Connector to download images from the Harness repository.
Step 6: Run the Pipeline
You can now run your Pipeline. Harness will now pull images from the Harness Registry at Pipeline runtime using the configured Connector.
harnessImageidentifier already exists on your Account, you need to update the connector instead of creating a new connector.