- 快召唤伙伴们来围观吧
- 微博 QQ QQ空间 贴吧
- 文档嵌入链接
- 复制
- 微信扫一扫分享
- 已成功复制到剪贴板
harbor
展开查看详情
1 .Project Harbor Introduction Open source trusted cloud native registry Henry Zhang, Chief Architect, VMware R&D China Steven Zou, Staff Engineer, VMware R&D China Nov. 2018
2 . Image Management through Pipeline Registry Registry Registry Registry STAG DEV TEST PROD ING Multiple Multiple Security Availability Multiple roles Distributions teams Platforms Commit UT Build FVT SVT Verify Environment image image image image Confidential ©2018 VMware, Inc. 2
3 . goharbor.io VMware Apache 2.0 GitHub Repo: , :VIC PKS https://github.com/goharbor /harbor/
4 . Harbor Project history
5 .Harbor 5
6 .Harbor x x 6
7 .Agenda OVERVIEW SECURITY DISTRIBUTION RELIABILITY DEPLOYMENT • Isolation • Replication • HA Supporting • Helm Chart • Access Control Repo • Control Policy • Vulnerability • Deployments • Content Trust Confidential ©2018 VMware, Inc. 7
8 . Main Features OVERVIEW Architecture Confidential ©2018 VMware, Inc. 8
9 . GUI Restful API Clarity API Swagger API , AD/LDAP RBAC 9
10 . HA Helm Chart Helm Chart 10
11 .Harbor Consumers 3rd party components Container Users (GUI/API) Schedulers/Runtimes Harbor components Persistence components Supporting services API Routing Docker LDAP/Active Harbor Packaging Directory Core Service (API/Auth/GUI) Trusted Kubernetes Content Admin Vulnerability Job Service Service Scanning Image Cloud Foundry Registry Key/Value SQL Database Storage Local or Remote Storage (block, file, object)
12 . Isolation Access control SECURITY Content Trust Vulnerability Scanning Confidential ©2018 VMware, Inc. 12
13 . • NS • • NS •
14 . • Members Images • Guest : docker pull ... • Developer : docker pull/push ... • LDAP/AD operation & management Admin : Settings
15 .• • • • LDAP/AD
16 . 3. V e of statu rify sign ure Notary s, fe a tch d ture ig nat ifest n iges 2. S ’s ma t. • tag Verify signature status. • Policy Controller Digest 1. d ock igest d er p ush pull $ tag ocker 4. d Registry
17 .• • Digest
18 . Harbor Retrieve vulnerability metadata • Dispatch Jobs Scan CVE Job Service Clair 2 4 0 Repos • Rest API § Console API 3 Get Info 6 Save Data 1 § Pull Layers § Registry V2 DB 5 • • § Debian Security Bug Tracker § Ubuntu CVE Tracker § Red Hat Security Data § Oracle Linux Security Data § Alpine SecDB
19 .• • § § § • • § Debian Security Bug Tracker § Ubuntu CVE Tracker § Red Hat Security Data § Oracle Linux Security Data § Alpine SecDB
20 . Replication DISTRIBUTION Policy Confidential ©2018 VMware, Inc. 20
21 .• • • •
22 .Image Replication Source Repo Target Repo Trigger • Target Pro Source pro • Initial Replication • Incremental • • Policies
23 . - push Docker Client • registry • Registry • registry • pull pull • Master – Slave
24 .• • •
25 .• Repo • Tag • • • •
26 . • / • < • • >=
27 .• / • • •
28 .RELIABILITY HA Confidential ©2018 VMware, Inc. 28
29 .Deploy Harbor HA via Harbor Helm chart API Routing Core Service (API/Auth/GUI) Trusted Content Admin Vulnerability Job Service Service Scanning Image Registry Key/Value SQL Database Storage Chart.yml