Upgrade to Pro — share decks privately, control downloads, hide ads and more …

20220323_Harbor 技術雜談

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Phil Huang Phil Huang
March 23, 2022
Technology
840
2

20220323_Harbor 技術雜談

https://docs.google.com/presentation/d/1Qk-ExTgxL918J5QKyr6t5ivzChC4oV1slwuQvwnHCag/edit?usp=sharing

Avatar for Phil Huang

Phil Huang

March 23, 2022

More Decks by Phil Huang

See All by Phil Huang
20251119 如果是勇者欣美爾的話, 他會怎麼做? 東海資工
Avatar for Phil Huang pichuang
1
210
20250924 零信任下的容器安全供應鏈:從隔離到信任
Avatar for Phil Huang pichuang
0
83
20250705 Headlamp: 專注可擴展性的 Kubernetes 用戶界面
Avatar for Phil Huang pichuang
0
420
20250307 雲端原生:引領數位轉型與永續的雙贏之道
Avatar for Phil Huang pichuang
0
110
20250116 When Windows Meets Kubernetes…
Avatar for Phil Huang pichuang
0
620
20241217-Azure Red Hat OpenShift 於 Azure TaiwanNorth 上之雲原生異地備援架構設計
Avatar for Phil Huang pichuang
0
160
20241112 Real AVS Migration Experience Sharing
Avatar for Phil Huang pichuang
0
130
Active/Passive HA FortiGate Pair with External and Internal Azure Load Balancer
Avatar for Phil Huang pichuang
0
590
20240814-採用 Azure VMware Solution 啟動你的 Azure 雲端服務
Avatar for Phil Huang pichuang
0
170

Other Decks in Technology

See All in Technology
Agentic Web
Avatar for dynamis dynamis
1
200
手塩にかけりゃいいってもんじゃない
Avatar for ming ming_ayami
0
260
protovalidate-es を導入してみた
Avatar for 弁護士ドットコム bengo4com
0
170
Oracle AI Database@Google Cloud:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
6
1.5k
EventBridge Connection
Avatar for kensh _kensh
5
690
LLMにもCAP定理があるという話
Avatar for Haruka Sakihara harukasakihara
0
290
Chainlitで作るお手軽チャットUI
Avatar for tomo ynt0485
0
190
Socrates × Looker 〜セマンティックレイヤーで進化するデータ分析エージェント〜
Avatar for Uchide Hiroki(ucchi-) hanon52_
3
2.1k
なぜ Platform Engineering の土台に Kubernetes を選ぶのか
Avatar for Ray r4ynode
1
570
エンジニアリング戦略の作り方 / Crafting Engineering Strategy
Avatar for iwashi iwashi86
19
6.5k
小さくはじめるSLI/SLO ~育てながら組織に定着させる実践知~ / Starting Small with SLI/SLOs: Building Adoption Through Continuous Growth
Avatar for Narimichi Takamura nari_ex
4
1.7k
2026TECHFRESH畢業分享會 - 葬送的通靈師:化系統與用戶雜訊成行動訊號
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
760

Featured

See All Featured
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
247
13k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
163
24k
Tips & Tricks on How to Get Your First Job In Tech
Avatar for Honza Javorek honzajavorek
1
540
Scaling GitHub
Avatar for Zach Holman holman
464
140k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
860
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.9k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
330
40k
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
240
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
Avatar for Aleyda Solis aleyda
1
2.1k
Getting science done with accelerated Python computing platforms
Avatar for Jacob Tomlinson jacobtomlinson
2
220
Navigating the moral maze — ethical principles for Al-driven product design
Avatar for Skipper Chong Warson skipperchong
2
390
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
348
40k

Transcript

  1. Harbor 技術雜談 Phil Huang 黃秉鈞 <[email protected]> Will 保哥的技術交流中心, Webniar, Mar.

    23, 2022

  2. WARNING • 本次分享不會講基本安裝等 101 等級議題 • 建議當廣播節目收聽 • 歡迎直接開麥交流

  3. #pichuang # whois Phil Huang 黃秉鈞 • 一週七睡,一週三練;上班專業,下班躺平 • Cloud

    Native Taiwan User Group (CNTUG) 打雜工 • blog.pichuang.com.tw Ref: https://www.linkedin.com/in/phil-huang-09b09895/ 3

  4. #pichuang

  5. #pichuang Harbor • 為 Cloud Native Computing Foundation (CNCF) 畢業專案之一

    • 主要由 VMware 貢獻和維護的私有容器倉庫 (Container Registry) 開源 專案 • 主要常見於地端 Container / Kubernetes / 微服務等案子會隨行出現的 服務 • 現在最新版本為 v2.4.0 ◦ Roadmap • 近況 ◦ SIG 宣布 Harbor SIG Docs 計畫 • GitHub:goharbor/harbor

  6. #pichuang 開始之前...

  7. #pichuang 關於安裝 Harbor 你是如何安裝 Harbor 的? • 2 個約束條件 ◦

    VM or Kubernetes? ◦ Self Support or Vendor Specific Support?

  8. #pichuang 關於憑證 SSL/TLS 萬惡的 x509: certificate signed by unknown authority

    • 預設狀況下,會提供自動 產生的 Certificate / Private Key • 理想狀況下,建議自簽 TLS Certificate / Private Key ◦ EasyRSA (推薦) ◦ OpenSSL https://github.com/goharbor/harbor/blob/v2.4.1/make/harbor.yml.tmpl#L13-L18

  9. #pichuang 關於 Storage Backend • 儲存技術選擇邏輯跟設計 Docker Registry 一樣 •

    預設狀況下,是會使用 Local Storage ◦ 會吃 /data 的儲存空間 ◦ 關於能不能跟要不要使用 NFS… • 理想狀況下,是採用 Object Storage 為主 ◦ 主要使用 s3-compatible Storage,例如 AWS S3 / Azure Blob / GCP Cloud Stroage / MinIO 等 https://github.com/goharbor/harbor/blob/v2.4.1/make/harbor.yml.tmpl https://docs.docker.com/registry/configuration/#storage https://docs.docker.com/registry/storage-drivers/

  10. #pichuang High Level Design for Harbor

  11. #pichuang https://github.com/goharbor/harbor/wiki/Architecture-Overview-of-Harbor

  12. #pichuang 關於 Project 與 Repositories • Project 主要控制用戶授權、資源分配;Repositories 主要提供實際 Container

    Images 儲存的位置 • Project : Repositories = 1 : N • Repository 可以使用做巢狀 Repos (Nested Repos) https://goharbor.io/docs/2.4.0/working-with-projects/working-with-images/repositories/ Project Repository Nested Repositories

  13. #pichuang 關於 Helm Chart • Helm v3.8.0 後開始支援 OCI 格式打包

    Packages ◦ 現在是 helm v3.8.1 • 推薦使用 helm v3.8 推送 OCI 格式的 helm chart 進入 Harbor v2.4.x 儲存 Ref: https://goharbor.io/docs/2.4.0/working-with-projects/working-with-images/managing-helm-charts/ https://helm.sh/docs/topics/registries/#enabling-oci-support

  14. #pichuang 關於 Scanners • 預設狀況下,是採用 Aqua Trivy 當作預設 CVEs 掃描來

    源 • 會有 CVEs 來源需要定期匯入新的 Database 議題,每個 Scanners 做法不一樣 a. 白名單開 Firewall 或走 HTTPs/ Proxy (推薦) b. 手動一個一個搬 DB • Scanner Adapters 支援清單上並沒有列全部的 Scanner 選擇,若有特定廠牌,需洽詢各自 Provdiders https://goharbor.io/docs/2.4.0/install-config/harbor-compatibility-list/#scanner-adapters

  15. #pichuang 關於離線環境處理 • 主要分 2 種 ◦ 預先建置 docker-registry or

    harbor ◦ 手動壓縮 tarball (.tar.gz) • Tarball 建立常見做法 ◦ docker save / podman save ◦ skopeo copy

  16. #pichuang 關於 Replications • 支援同步市面上絕大部分的 Container Registry • 架構上可透過 Replications

    Rules 設計出 ◦ 單向同步 ◦ 邏輯上的雙向同步 (兩邊都設定單向) • Replications Rules 蠻多參數可以調的,建議 參考官方文件 Creating a Replication Rule 一 文 => 這是精髓啊~只是受限現實因素用不太起來

  17. #pichuang 典型架構:混合雲部署,複製方向決定長相 Case 1 Case 2

  18. #pichuang 典型架構:Harbor Federated Topology Ref: https://tanzu.vmware.com/content/white-papers/vmware-tanzu-edge-solution-architecture-with-robo-topology • 主要為生成物分發,如 dockerhub •

    依據位置,分 2 種角色: ◦ 唯一 Corporate Harbor ◦ 多個 Edge Harbor

  19. #pichuang ScreenShot: Harbor Edge Site Replications Ref: https://tanzu.vmware.com/content/white-papers/vmware-tanzu-edge-solution-architecture-with-robo-topology

  20. #pichuang 關於備份策略選擇

  21. #pichuang References • 蠻常會有不錯內容的公眾號 亨利筆記 • 管理員都應該要有一本的 Harbor 權威指南

  22. #pichuang COSCUP x KCD Taiwan 2022 • CFP: 2022/4/11 ~

    2022/5/15 • 議程公告: 2022/7/1 • COSCUP 議程: 2022/7/30 ~2022/7/31