EBRAINS Docker Registry Commands

Quick reference for working with the EBRAINS Docker Registry (Harbor).

Registry Information

EBRAINS Docker Registry URL: docker-registry.ebrains.eu

Web Interface: https://docker-registry.ebrains.eu

Registry Type: Harbor (enterprise-grade Docker registry)

Image URL Format

Components:

  • Registry: docker-registry.ebrains.eu (EBRAINS Harbor instance)
  • Project: Your Harbor project name (lowercase, hyphens allowed)
  • Image Name: Your Docker image name
  • Tag: Version or environment identifier

Authentication

Login to Registry

When prompted:

  • Username: Your EBRAINS username (usually your email)
  • Password: Your CLI secret (NOT your EBRAINS password)

Get CLI Secret

  1. Visit EBRAINS Docker Registry
  2. Log in with EBRAINS credentials
  3. Click your username (top-right)
  4. Select “User Profile”
  5. Find “CLI secret” section
  6. Click “Generate CLI secret” or copy existing one

Logout

Check Login Status

Pull Operations

Pull Image from Registry

Pull All Tags

Pull from Different Projects

Push Operations

Push Image to Registry

Push Multiple Tags

Harbor Project Management

Project Naming

Rules:

  • Lowercase letters only
  • Numbers allowed
  • Hyphens allowed
  • No spaces or special characters

Examples:

  • my-project
  • brain-modeling
  • analysis-tools
  • web-services

Project Access Levels

LevelDescriptionWho Can Pull
PrivateDefault, members onlyProject members
PublicAnyone authenticatedAny EBRAINS user

Create Project (Web UI)

  1. Go to EBRAINS Registry Projects
  2. Click “New Project”
  3. Enter Project Name (lowercase, hyphens)
  4. Select Access Level (Private or Public)
  5. Click “OK”

Image Management

List Images in Project (Web UI)

  1. Navigate to Projects
  2. Click on your project
  3. View list of images (repositories)
  4. Click image name to see all tags

View Image Details (Web UI)

For each image tag, you can view:

  • Pull command
  • Image size
  • Creation date
  • Vulnerability scan results
  • Image layers
  • Labels and annotations
  • Digest (SHA256)

Delete Image Tag

Common Image URL Patterns

Production Services

Development and Testing

Multi-Environment

GitLab CI/CD Integration

Using in GitLab CI

GitLab CI/CD Variables

Set in GitLab project: SettingsCI/CDVariables

VariableValueMasked
CI_REGISTRY_USERYour EBRAINS usernameNo
CI_REGISTRY_PASSWORDYour CLI secretYes

Security and Scanning

Vulnerability Scanning

Harbor automatically scans images for vulnerabilities.

View scan results (Web UI):

  1. Navigate to project → image → tag
  2. View “Vulnerabilities” column
  3. Click to see detailed CVE report

Severity levels:

  • Critical
  • High
  • Medium
  • Low
  • None

Image Signing

Retention Policies

Configure Retention (Web UI)

  1. Go to project settings
  2. Navigate to “Policy” tab
  3. Configure tag retention rules:
    • Keep last N tags
    • Keep tags matching pattern
    • Keep tags pushed in last N days

Example policy:

  • Keep last 10 production tags
  • Keep all release candidates
  • Delete untagged images after 7 days

Troubleshooting

Permission Denied

Error: denied: requested access to the resource is denied

Solutions:

  1. Ensure you’re logged in: docker login docker-registry.ebrains.eu
  2. Check you’re using CLI secret (not EBRAINS password)
  3. Verify you have access to the project
  4. Check project exists and name is correct

Image Not Found

Error: Error response from daemon: manifest for image not found

Solutions:

  1. Verify image URL is correct (lowercase)
  2. Check tag exists in Harbor Web UI
  3. Ensure project name is correct
  4. Verify you have pull access to project

Push Failed

Error: denied: push access denied

Solutions:

  1. Check you’re logged in
  2. Verify you have push permissions to project
  3. Ensure project exists
  4. Check project name spelling (must be lowercase)

Storage Quota Exceeded

Error: project quota exceeded

Solutions:

  1. Delete old/unused images
  2. Contact project admin to increase quota
  3. Use image retention policies
  4. Clean up old tags

Best Practices

Do

  • Use CLI secret for authentication (not EBRAINS password)
  • Create separate projects for different applications
  • Use semantic versioning for image tags
  • Enable vulnerability scanning
  • Set up retention policies to clean old images
  • Tag images with Git commit SHA for traceability
  • Use public projects sparingly (only for truly public images)

Don’t

  • Don’t share CLI secrets
  • Don’t use latest tag in production
  • Don’t push development images to production projects
  • Don’t ignore vulnerability scan results
  • Don’t delete images that might be in use
  • Don’t use special characters in project names

Quick Reference

Common Commands

URL Format

Related Documentation

Edit this page on GitLab ↗