Description The CleanStart Harbor-Registry image provides enterprise-grade container registry and management capabilities with security hardening. Built for production environments, this image delivers reliable container lifecycle management with advanced security features.
Key Features Core capabilities and strengths of this runtime container
Container image storage and management Vulnerability scanning and security analysis Role-based access control and authentication High availability and replication support Common Use Cases Typical scenarios where this runtime container excels
Private container image registry Enterprise container lifecycle management Security scanning and compliance validation Multi-tenant container platform Pull Commands Download the runtime container images
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/harbor-registry:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/harbor-registry:latest-devInteractive Development Start interactive session for development
bash docker run -d --name harbor-registry-prod \\
-p 8080:8080 \\
--security-opt=no-new-privileges \\
clnstrt-images.cleanstart.com/$ORGANIZATION/harbor-registry:latestRun Hello World Execute a simple Hello World program
bash docker run -it --name harbor-registry-test \\
-p 8080:8080 \\
clnstrt-images.cleanstart.com/$ORGANIZATION/harbor-registry:latest-devMount Workspace Run container with local workspace mounted
bash docker run --rm -v $(pwd):/app -w /app clnstrt-images.cleanstart.com/$ORGANIZATION/harbor-registry:latest-dev python --versionApplication Server Run application with port forwarding
bash docker run -d --name harbor-registry-app \
-p 8000:8000 \
-v $(pwd):/app \
-w /app \
clnstrt-images.cleanstart.com/$ORGANIZATION/harbor-registry:latestEnvironment Variables Configuration options available through environment variables
PATH System PATH configuration /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binSecurity Best Practices Recommended security configurations and practices
Use specific image tags for production (avoid latest) Configure resource limits: memory and CPU constraints Enable read-only root filesystem when possible Run containers with non-root user (--user 1000:1000) Use --security-opt=no-new-privileges flag Regularly update container images for security patches Implement proper network segmentation Monitor container metrics for anomalies Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']Documentation Resources Essential links and resources for further information