The Harbor team has released the first major version of the Harbor Operator. The container registry implementation Harbor, which corresponds to the specifications of the Open Container Initiative (OCI), bundles service components with which developers can more easily manage artifacts such as container images, helmet charts or Open Policy Agents. With user-defined controllers and user-defined resource definitions (CRDs), Harbor Operator 1.0 extends the Kubernetes control plane into a declarative API that not only enables extensive automation, but also enables the operation of multiple instances of the registry.
Individual configuration via user-defined resource definitions
While Harbor is typically based on YAML files and provision via Helm Charts, the Harbor Operator goes one step further and enables the individual configuration of the CRD
HarborCluster, with which the complete registry stack including core components and associated database, cache and backend storage services can be defined. This gives developers the ability to base their Harbor stack on the CR. to build up
Harbor Tailored to the operating environment and as far as possible automation of the administration.
If, for example, the harbor operator is to provide the dependent services together with harbor components such as Notary, Trivy, ChartMuseum and Metrics Exporter in the Kubernetes cluster, the necessary requirements can be set in the respective settings of the database (
inClusterDatabase), Cache (
inClusterCache) as well as backend storage services (
inClusterStorage). Although various backend storage configurations such as Amazon S3 and OpenStack Swift are also supported and the Harbor team would like to validate and add further third-party operators in other areas in the future, only zalando postgreSQL, spotahome redis and Minio are available as in -cluster services.
The port operator provides the front-end service via Ingress (CRD version:
v1beta1) open. In addition to the standard ingress controller Nginx, the NSX-T container plug-in ncp and gce (Google Cloud Engine) have already been validated. Other ingress controllers such as Contour are to follow in the next releases. The operator relies on the CNCF project to create and manage the certificates required by the harbor cluster components cert-manager.
More details about Harbor Operator 1.0 can be found in the CNCF blog post about the release of the major release as well as in the project’s GitHub repository.
The safe haven
The container registry implementation, which is primarily geared towards security and scalability, was originally developed by VMware, but has been administered by the Cloud Native Computing Foundation (CNCF) for around three years. There she achieved the status of a Graduated Project in 2020 and thus the highest level of maturity at the CNCF.
Disclaimer: This article is generated from the feed and is not edited by our team.