- 快召唤伙伴们来围观吧
- 微博 QQ QQ空间 贴吧
- 文档嵌入链接
- 复制
- 微信扫一扫分享
- 已成功复制到剪贴板
从企业镜像仓库到 Chart 仓库
展开查看详情
1 .From image registry to chart repository jiangd@vmware.com KubeCon Shanghai 2018
2 .Project Harbor A brief history … https://github.com/goharbor/harbor Accepted by CNCF! Started as an image registry Management UI Role Based Access Control 2016. 3 LDAP integration Image replication across instances. ~1000 stars 2016. 9 Content trust. ~2000 stars 2017. 4 Image scanning. Project level control policy. 2017. 9 Label support Stateless Job service 2018. 4
3 .Embrace kubernetes and cloud native Helm is the standard for package deployment and management. Effective approach for running Enterprise application on top of Kubernetes. Single pane for Kubernetes users Provide consistent user experience for both Helm chart and image management. + Harbor as the “Kubernetes Registry”
4 .Integrated of Chartmuseum (diagram) Portal Helm CLI Authn / Authz Chart museum File system Object Storage S3 …… Harbor API proxy Registry Container Runtime Introd uce Chartmuseum for storage and index of helm charts. Adaptable to multiple storage backends. Leverage “project” as the container of helm charts. Same RBAC rules apply to both images and helm charts. Enhanced the “push” plugin to improve integration workflow.
5 .How it looks like
6 .How it looks like
7 .How it looks like
8 .How it looks like
9 .The challenge … Helm chart is not self-contained. So what images will be deployed? Flexible reference: Overwritable during installation: ?? Replication TRUST Vulnerability SCAN
10 .Thank You