As a vSphere administrator, you can enable the Harbor Registry that is embedded with vSphere with Tanzu. You can push and pull container images from the registry as well as deploy containers using these images.

Once the Harbor Registry is enabled, every namespace on the Supervisor Cluster has a matching project with the same name as the private image registry. Every user or group that has edit or view permission to a namespace becomes a corresponding role member on the matching project with the same name in the private image registry. The lifecycle of projects and members of the private image registry is automatically managed and is linked to the lifecycle of namespaces and user or group permissions in namespaces.


To enable the embedded Harbor Registry, you must have enabled Workload Management and deployed a Supervisor Cluster. In addition, create a storage policy for placement of container images. This storage policy is used to provision persistent volumes to use as the backing store for the container images in the registry.
Note: To use the embedded Harbor Registry, you must deploy the Supervisor Cluster with NSX-T Data Center as the networking solution. See Configuring NSX for vSphere with Tanzu.


  1. In the vSphere Client, browse to the vCenter cluster where Workload Management is enabled.
  2. Select Configure.
  3. Select Supervisor Cluster.
  4. Select Image Registry.
  5. Click Enable Harbor.
  6. Select the Storage Policy for placement of container images.
  7. Click OK to complete the process.


A private image registry becomes enabled after a few minutes. A special namespace is created for that instance of the private image registry. You cannot perform any operations on that namespace, it is read only for vSphere users.

What to do next

Log In to the Embedded Harbor Registry Console.