Post-migration configuration#
When upgrading MSR, customers must manually update some of their settings. Below are key aspects to consider after a successful migration:
| Configuration area | Required actions |
|---|---|
| Project Visibility | Project visibility (public/private) must be configured manually. In MSR 3.x, private and public image repositories could coexist under a single organization. In MSR 4, visibility is set only at the project level. Mixed public/private repositories under one organization in MSR 3.x must be manually adjusted. |
| Project Permissions | Harbor organizes repositories within projects. Ensure that project-level permissions are properly recreated. See: Managing Project Permissions. |
| Registry Replication | Re-establish any replication or mirroring rules and schedules in Harbor. See: Configuring Replication. |
| Image Tag Retention | Manually configure existing retention policies for images in Harbor to ensure appropriate lifecycle management. See: Managing Tag Retention. |
| Scanning Settings | Configure or re-enable Trivy image scanning policies. See: Vulnerability Scanning. |
| Audit Logs | Set up logging mechanisms in Harbor for compliance. See: Log Rotation in Mirantis Secure Registry. |
| Webhooks | Recreate and configure webhooks to point to Harbor. See: Configuring Webhooks. |
| CI/CD Pipelines | Update custom CI/CD pipelines to reference Harbor. |
| Signed Images | Reconfigure image signing using cosign. See: Signing Artifacts with Cosign. |
| Garbage Collection Settings | Manually reconfigure garbage collection policies in Harbor. See:Managing Garbage Collection. |
| Certificate Management | Re-establish custom certificate configurations in Harbor. |
| API Updates | Update API endpoints and account for changes in Harbor’s API. |
Configure environment#
In addition, you must also manually update your infrastructure settings.
| Infrastructure component | Required actions |
|---|---|
| CICD Pipelines | Update custom CICD pipelines to leverage the new environments. |
| DNS | Update DNS CNAMEs to point to the new hosts after migration. |