从企业镜像仓库到 Chart 仓库

在自有数据中心的企业环境下,已经将内容打包到 Docker 镜像中,并使用 Docker 仓库托管了一段时间,目前 Helm Chart 已成为 Kubernetes 的应用程序包格式的选择,是时候去探索托管 Helm Chart 的正确方式了。
展开查看详情

1.From image registry to chart repository jiangd@vmware.com KubeCon Shanghai 2018

2.Project Harbor A brief history … https://github.com/goharbor/harbor Accepted by CNCF! Started as an image registry Management UI Role Based Access Control 2016. 3 LDAP integration Image replication across instances. ~1000 stars 2016. 9 Content trust. ~2000 stars 2017. 4 Image scanning. Project level control policy. 2017. 9 Label support Stateless Job service 2018. 4

3.Embrace kubernetes and cloud native Helm is the standard for package deployment and management. Effective approach for running Enterprise application on top of Kubernetes. Single pane for Kubernetes users Provide consistent user experience for both Helm chart and image management. + Harbor as the “Kubernetes Registry”

4.Integrated of Chartmuseum (diagram) Portal Helm CLI Authn / Authz Chart museum File system Object Storage S3 …… Harbor API proxy Registry Container Runtime Introd uce Chartmuseum for storage and index of helm charts. Adaptable to multiple storage backends. Leverage “project” as the container of helm charts. Same RBAC rules apply to both images and helm charts. Enhanced the “push” plugin to improve integration workflow.

5.How it looks like

6.How it looks like

7.How it looks like

8.How it looks like

9.The challenge … Helm chart is not self-contained. So what images will be deployed? Flexible reference: Overwritable during installation: ?? Replication TRUST Vulnerability SCAN

10.Thank You