MindSphere

Container Registry

System Manual

05/2020V1801.May/2020.1

Document history 1

Introduction 2User rights in MindSphere Container Registry 3Accessing MindSphere Container Registry 4

Container Registry project 5

Pushing images into Harbor 6

Managing images 7

Pulling images from Harbor 8

Logs 9

Legal informationWarning notice system

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.

DANGERindicates that death or severe personal injury will result if proper precautions are not taken.

WARNINGindicates that death or severe personal injury may result if proper precautions are not taken.

CAUTIONindicates that minor personal injury can result if proper precautions are not taken.

NOTICEindicates that property damage can result if proper precautions are not taken.If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.

Qualified PersonnelThe product/system described in this documentation may be operated only by personnel qualified for the specific task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.

Proper use of Siemens productsNote the following:

WARNINGSiemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible ambient conditions must be complied with. The information in the relevant documentation must be observed.

TrademarksAll names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

Disclaimer of LiabilityWe have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.

Siemens AGDivision Digital FactoryPostfach 48 4890026 NÜRNBERGGERMANY

V1801.May/2020.1Ⓟ 05/2020 Subject to change

Copyright © Siemens AG 2020.All rights reserved

Table of contents

1 Document history..........................................................................................................................................5

2 Introduction...................................................................................................................................................7

3 User rights in MindSphere Container Registry .............................................................................................9

4 Accessing MindSphere Container Registry ................................................................................................11

5 Container Registry project ..........................................................................................................................15

6 Pushing images into Harbor ......................................................................................................................21

7 Managing images .......................................................................................................................................23

8 Pulling images from Harbor ........................................................................................................................25

9 Logs............................................................................................................................................................27

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 3

Table of contents

Container Registry4 System Manual, 05/2020, V1801.May/2020.1

Document history 1Version Date Changes LinkV1801.May/2020.2 2020-05-26 Updated Container Registry Icon Accessing MindSphere Container

Registry (Page 11)V1801.Oct/2019.2 2019-10-30 Updated MindSphere Container

Registry UI.Accessing MindSphere Container Registry (Page 11)

V1801.Jul/2019.1 2019-07-11 Added contents for the first release of MindSphere Container Registry application.

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 5

Document history

Container Registry6 System Manual, 05/2020, V1801.May/2020.1

Introduction 2MindSphere Container Registry enables customers to accelerate development, simplify storing and managing images, and reduce operations efforts. It offers an effective way to deploy, manage, and scale containerized solutions. Applications running on any Kubernetes environment are compatible and can be easily migrated to MindSphere to participate in the MindSphere ecosystem.

MindSphere Container Registry application is a part of the Mindsphere platform and you can access it from the MindSphere launchpad. A third-party software called Harbor is integrated in MindSphere Container Registry. It allows the customers to deploy their applications quickly and scale them as required.

FunctionsWith Container Registry application, you can:

● View the project and its details

● Create Robot Accounts

● Tag and push your images into Container Registry

● View log information of operations performed in Container Registry

Functions not available in Container Registry LiteThe following functions are not available in Container Registry Lite:

● Creating projects

● Creating internal users (except Robot Accounts)

● Enabling content trust

● Common Vulnerabilities and Exposures (CVE) checking

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 7

Introduction

Container Registry8 System Manual, 05/2020, V1801.May/2020.1

User rights in MindSphere Container Registry 3To access MindSphere Container Registry, you need at least one of the following roles:

● mdsp:core:TenantAdmin

● mdsp:core:DeveloperAdmin

● mdsp:core:Developer

● mdsp:core:ots.opadmin

Users are assigned specific roles that define their permissions. For more information on roles, see Settings documentation (https://documentation.mindsphere.io/resources/html/settings/en-US/index.html).

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 9

User rights in MindSphere Container Registry

Container Registry10 System Manual, 05/2020, V1801.May/2020.1

Accessing MindSphere Container Registry 4You can access the Container Registry application from the MindSphere launchpad. To launch the application, click on the following icon on the launchpad:

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 11

DisclaimerWhen you launch the Container Registry application for the first time, you will be prompted to read and accept a disclaimer. Accept disclaimer to access the Container Registry application.

If you do not accept disclaimer, you will not be directed to the application and instead you will be redirected to the MindSphere launchpad.

Accessing MindSphere Container Registry

Container Registry12 System Manual, 05/2020, V1801.May/2020.1

User interfaceWhen you launch the MindSphere Container Registry application, the following Harbor user interface is displayed:

① MindSphere Launchpad.② Navigation pane. It provides the following two options to select:

● Projects● Logs

③ Detailed view pane. It shows details about the option selected in the navigation pane.④ Logout.⑤ Provides a list of all the local events, running events, and failed events.

HarborHarbor is a third-party software integrated in MindSphere. It is an open source trusted cloud native registry and it allows you to store and manage images.

For more information, refer to Harbor user guide (https://goharbor.io/docs/) or github help files v1.8.1 (https://github.com/goharbor/harbor/tree/v1.8.1).

Accessing MindSphere Container Registry

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 13

Accessing MindSphere Container Registry

Container Registry14 System Manual, 05/2020, V1801.May/2020.1

Container Registry project 5A project is a collection of repositories. Each repository contains all the images pushed into it. When you launch MindSphere Container Registry, the "Projects" screen is displayed. On this screen, the project with the name same as your tenant name is displayed. The following screenshot shows the "Projects" screen:

① Navigation pane.② Table displays the details of the project.③ Information area showing number of private and public projects and repositories.

Currently, public projects or repositories are not supported.④ Provides tabs to view a list of all the local events, running events, and failed events.

To see the repositories in a project, click on the selected project name. A screen with a table of repositories is displayed as follows:

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 15

The following sections describe important navigation tabs on this screen.

RepositoriesIn this tab, a table of repositories within a selected project is displayed.

● To download the registry certification, click "REGISTRY CERTIFICATE".

● To copy the syntax to tag or push an image, use the "PUSH IMAGE" list.

● To display the details of repositories as cards, click on the icon.

Container Registry project

Container Registry16 System Manual, 05/2020, V1801.May/2020.1

MembersThis tab shows all the members of a project and their roles.

● To add a member, click "USER", enter the member name, select the required role, and then click "OK". You can only add the existing members to the project. The users are created in Harbor.

● To update role(s), select the member(s), click "ACTIONS", and then select the required role.Similarly, you can remove the selected member(s).

Container Registry project

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 17

LogsThis tab shows all the recorded logs. It shows user name, repository name, version number, type of operation, and the time when the operation was performed.

You can filter the logs based on operations and dates using the "ADVANCED" search option.

Container Registry project

Container Registry18 System Manual, 05/2020, V1801.May/2020.1

Robot AccountsDeveloper administrators can create Robot Accounts and these accounts are intended to perform docker push / docker pull operations using a token.

● To create a robot account, click "NEW ROBOT ACCOUNT", enter a name and a description, select permission(s), and then click "SAVE".

● You can disable or delete a robot account using the "ACTION" list.

Container Registry project

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 19

Container Registry project

Container Registry20 System Manual, 05/2020, V1801.May/2020.1

Pushing images into Harbor 6This section explains how to tag and push the docker images into Harbor.

Prerequisite● Docker client is installed on your machine.

● The user must have appropriate role.

● Required robot account is already created.

● Make sure the project to which you are pushing the image is available on Harbor.

ProcedureTo push an image into Harbor, follow these steps:

1. Log in to Docker client. docker login mcrbasic.registry.eu1.mindsphere.io -u ‘<RobotAccountID/Username/email>’ -p ‘<password>’

2. Tag your new application build.docker tag <ApplicationName> <TenantURL>/<Application>:<BuildInfo>

3. Push your tagged image to repository.docker push <ApplicationName> <TenantURL>/<Application>:<BuildInfo>

NoteTag and push command syntax

You can copy the command syntax to tag an image or push an image from the "PUSH IMAGE" list in the "Repositories" tab.

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 21

ResultThe newly added image is displayed under the appropriate repository with details as shown in the following screenshot.

Pushing images into Harbor

Container Registry22 System Manual, 05/2020, V1801.May/2020.1

Managing images 7Each repository contains all the images pushed into it. To view the image(s), click on the selected repository.

User interfaceThe following screenshot shows an image already pushed into Harbor:

① Table showing details of a pushed image.

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 23

Managing images

Container Registry24 System Manual, 05/2020, V1801.May/2020.1

Pulling images from Harbor 8This section explains how to pull an image from Harbor.

Prerequisites● Docker client is installed on your machine.

● The user must have appropriate role.

● Required robot account is already created.

● Make sure the application and version that you want to pull is available in Harbor.

ProcedureTo pull an image into Harbor, follow these steps:

1. Log in to Docker client. docker login mcrbasic.registry.eu1.mindsphere.io -u ‘<RobotAccountID/Username/email>’ -p ‘<password>’

2. Tag your new application build.docker tag <ApplicationName> <TenantURL>/<Application>:<BuildInfo>

3. Pull your tagged image to repository.docker pull <ApplicationName> <TenantURL>/<Application>:<BuildInfo>

NotePull command syntax

You can copy the syntax to pull an image from the "Pull Command" column in the "Images" tab.

ResultThe pulled image is downloaded to your local machine.

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 25

Pulling images from Harbor

Container Registry26 System Manual, 05/2020, V1801.May/2020.1

Logs 9To view all the recorded logs, select "Logs" on the navigation pane. The "Logs" screen shows user name, repository name, version number, type of operation, and the time when the operation was performed.

Container RegistrySystem Manual, 05/2020, V1801.May/2020.1 27

Logs

Container Registry28 System Manual, 05/2020, V1801.May/2020.1