Deploying Harbor Container Registry in Production
Harbor is the open source Docker registry. Some of the best features of the Harbor are following.
- Cloud native registry: With support for both container images and Helm charts, Harbor serves as a registry for cloud-native environments like container runtimes and orchestration platforms.
- Role-based access control: Users and repositories are organized via ‘projects’ and a user can have different permission for images under a project.
- Policy-based image replication: Images can be replicated (synchronized) between multiple registry instances based on policies with multiple filters (repository, tag, and label). Harbor will auto-retry to replicate if it encounters any errors. Great for load balancing, high availability, multi-data center, hybrid, and multi-cloud scenarios.
- Vulnerability Scanning: Harbor scans images regularly and warns users of vulnerabilities.
- LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management and supports importing LDAP groups into Harbor and assigning proper project roles to them.
- Image deletion & garbage collection: Images can be deleted and their space can be recycled.
- Notary: Image authenticity can be ensured.
- Graphical user portal: User can easily browse, search repositories and manage projects.
- Auditing: All the operations to the repositories are tracked.
- RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems.
- Easy deployment: Provide both an online and offline installer.
Harbor HA Architecture:
In this series of articles we ll try to deploy the HA Harbor in production environment.
Reverse proxy nginx: We are running the HTTP harbor from HTTPS reverse proxy. That means the harbor will use the ultimate certificates from the HTTPS reverse proxy.
Harbor: This layer is scalable with respect to HA. Harbor is installed with the offline installer. It is required that both physical servers required to have the latest stable version of the Docker and Docker-compose to be installed.
HAProxy: HAProxy is responsible for doing the TCP load balancing for the Postgres HA cluster.
HA Postgres: With Harbor V1.6.0 it’s migrated to Postgres. All the components like Clair, Notary, and Harbor itself uses the Postgres.
Standalone Redis: Harbor claims to have support with HA Redis. But it seems with v1.6.0 it does not support the cluster-mode of the Redis. So standalone redis can also work for the Harbor HA. (Until official support is not provided)
S3: We are using the Amazon S3 as the object storage service.
Pre-requisite:
- Reverse Nginx with public certificates.
- Five servers for the Harbor, Postgres, and Redis setup.
- On Harbor servers latest stable version of the docker and docker-compose to be installed.
We ll go one by one for deploying harbor in production. Setting up the side components first will be more good option. After setting up the side components we ll deploy the harbor instances. Check following two articles for the deployment in production.
If you are facing issues you can email me at jakirpatel@outlook.com (Please ensure the title of email : Related to Harbor)
